如何解决Spring Security WebTestClient 在模拟 JWT 时不会调用 OncePerRequestFilter
Spring Boot 版本:2.4.2
我的应用程序实现了以下工作流程:
- 外部客户端发送 HTTP 请求,并在
Authorization
标头中包含 JWT 令牌。 -
JwtRequestfilter
扩展了OncePerRequestFilter
并从令牌中提取信息。 - 这会传递给
CustomUserDetailsService
,后者会检查数据库中是否存在拥有此信息的用户。 - 仅当此检查通过时,才会使用
@AuthenticationPrincipal
作为参数调用控制器方法。
现在我想用 Spring 的 @WebTestClient
测试这个控制器方法并用 mockJwt()
改变它。我成功地使测试请求调用了 CustomUserDetailsService
,但似乎有两个问题:
- 根本不调用
JwtRequestFilter
,即不调用loadUserById()
方法。 -
CustomUserDetailsService
未找到该用户。由于我想依赖实际的数据库,我的想法是用 Mockito 模拟存储库,但它总是抛出UsernameNotFoundException
。
这是测试实现:
@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
public class UserControllerIT {
@Autowired
private WebApplicationContext context;
private WebTestClient webTestClient;
@MockBean
private UserRepo userRepo;
@BeforeEach
public void setup() {
webTestClient = MockMvcWebTestClient
.bindToApplicationContext(this.context)
.apply(springSecurity())
.build();
}
@Test
@WithUserDetails
public void testIt() {
final User user = createUser("foo@bar.com","my-password");
when(userRepo.findByEmail(anyString())).thenReturn(Optional.of(user));
when(userRepo.findById(anyLong())).thenReturn(Optional.of(user));
webTestClient
.mutateWith(mockJwt())
.get()
.uri("/services/user")
.accept(MediaType.APPLICATION_JSON)
.exchange()
.expectStatus().is2xxSuccessful();
}
}
以下是相关类:
JwtRequestFilter
@Component
@Slf4j
public class JwtRequestFilter extends OncePerRequestFilter {
private static final String BEARER_PREFIX = "Bearer ";
private final HandlerExceptionResolver resolver;
private final JwtService jwtService;
private final CustomUserDetailsService userDetailsService;
public JwtRequestFilter(@Qualifier("handlerExceptionResolver") HandlerExceptionResolver resolver,JwtService jwtService,CustomUserDetailsService userDetailsService) {
this.resolver = resolver;
this.jwtService = jwtService;
this.userDetailsService = userDetailsService;
}
@Override
protected void doFilterInternal(HttpServletRequest request,HttpServletResponse response,FilterChain filterChain) throws ServletException,IOException {
try {
String token = parseTokenFromRequest(request);
if (isNotBlank(token)) {
String subject = jwtService.getSubject(token);
if (isNotBlank(subject) && isNull(SecurityContextHolder.getContext().getAuthentication())) {
final MyaUserDetails userDetails = userDetailsService.loadUserById(Long.valueOf(subject));
if (jwtService.validateToken(token,userDetails)) {
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(userDetails,null,userDetails.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authenticationToken);
}
}
}
filterChain.doFilter(request,response);
} catch (JwtException e) {
resolver.resolveException(request,response,e);
}
}
private String parseTokenFromRequest(HttpServletRequest request) {
String token = request.getHeader(HttpHeaders.AUTHORIZATION);
if (isNotBlank(token) && token.startsWith(BEARER_PREFIX)) {
return token.substring(BEARER_PREFIX.length());
} else {
return null;
}
}
}
CustomUserDetailsService
@Service
@RequiredArgsConstructor
public class CustomUserDetailsService implements UserDetailsService {
private static final String USER_NOT_FOUND = "User not found";
private final UserRepo userRepo;
@Override
public CustomUserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
final User user = userRepo.findByEmail(username)
.orElseThrow(() -> new UsernameNotFoundException(USER_NOT_FOUND));
return buildUserDetails(user);
}
public CustomUserDetails loadUserById(Long id) throws UsernameNotFoundException {
final User user = userRepo.findById(id)
.orElseThrow(() -> new UsernameNotFoundException(USER_NOT_FOUND));
return buildUserDetails(user);
}
}
用户控制器
@GetMapping
public ResponseEntity<UserData> getUserData(@AuthenticationPrincipal CustomUserDetails userDetails) {
try {
final UserData userData = userService.getUser(userDetails.getId());
return ResponseEntity.ok(userData);
} catch (UserNotFoundException e) {
log.error("User with id {} not found",userDetails.getId());
return ResponseEntity.notFound().build();
}
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。