Running a Test as a User in Spring MVC Test

通常需要以特定用户身份运行测试。有两种简单的方法填充用户:

It is often desirable to run tests as a specific user. There are two simple ways to populate the user:

Running as a User in Spring MVC Test with RequestPostProcessor

您有许多选项可用于将用户与当前 HttpServletRequest 关联起来。以下示例以一个用户(无需存在)的身份运行,该用户的用户名为 user、密码为 password、角色为 ROLE_USER

You have a number of options to associate a user to the current HttpServletRequest. The following example runs as a user (which does not need to exist) whose username is user, whose password is password, and whose role is ROLE_USER:

  • Java

  • Kotlin

mvc
	.perform(get("/").with(user("user")))
mvc.get("/") {
    with(user("user"))
}

该支持通过将用户与 HttpServletRequest 关联起来而起作用。要将请求与 SecurityContextHolder 关联起来,您需要确保 SecurityContextPersistenceFilterMockMvc 实例关联起来。您可以通过许多方式这样做:

The support works by associating the user to the HttpServletRequest. To associate the request to the SecurityContextHolder, you need to ensure that the SecurityContextPersistenceFilter is associated with the MockMvc instance. You can do so in a number of ways:

  • Invoking apply(springSecurity())

  • Adding Spring Security’s FilterChainProxy to MockMvc

  • Manually adding SecurityContextPersistenceFilter to the MockMvc instance may make sense when using MockMvcBuilders.standaloneSetup

您可以轻松进行定制。例如,以下项将以一个用户(无需存在)的身份运行,该用户的用户名为“admin”、密码为“pass”,角色为“ROLE_USER”和“ROLE_ADMIN”。

You can easily make customizations. For example, the following will run as a user (which does not need to exist) with the username "admin", the password "pass", and the roles "ROLE_USER" and "ROLE_ADMIN".

  • Java

  • Kotlin

mvc
	.perform(get("/admin").with(user("admin").password("pass").roles("USER","ADMIN")))
mvc.get("/admin") {
    with(user("admin").password("pass").roles("USER","ADMIN"))
}

如果您有自定义的 UserDetails 想要使用,则也可以轻松指定。例如,以下项将使用指定的 UserDetails(无需存在)来使用具有指定 UserDetails 主体的 UsernamePasswordAuthenticationToken 运行:

If you have a custom UserDetails that you would like to use, you can easily specify that as well. For example, the following will use the specified UserDetails (which does not need to exist) to run with a UsernamePasswordAuthenticationToken that has a principal of the specified UserDetails:

  • Java

  • Kotlin

mvc
	.perform(get("/").with(user(userDetails)))
mvc.get("/") {
    with(user(userDetails))
}

您可以使用以下项以匿名用户身份运行:

You can run as anonymous user using the following:

  • Java

  • Kotlin

mvc
	.perform(get("/").with(anonymous()))
mvc.get("/") {
    with(anonymous())
}

如果您使用默认用户运行并且希望作为匿名用户处理一些请求,这将特别有用。

This is especially useful if you are running with a default user and wish to process a few requests as an anonymous user.

如果您想要一个自定义的 Authentication(无需存在),则可以使用以下内容:

If you want a custom Authentication (which does not need to exist) you can do so using the following:

  • Java

  • Kotlin

mvc
	.perform(get("/").with(authentication(authentication)))
mvc.get("/") {
    with(authentication(authentication))
}

您甚至可以使用以下项自定义 SecurityContext

You can even customize the SecurityContext using the following:

  • Java

  • Kotlin

mvc
	.perform(get("/").with(securityContext(securityContext)))
mvc.get("/") {
    with(securityContext(securityContext))
}

我们还可以确保使用 MockMvcBuilders 的默认请求针对每个请求运行为特定用户。例如,以下将作为用户名为“admin”、密码为“password”和角色为“ROLE_ADMIN”的用户(无需存在)运行:

We can also ensure to run as a specific user for every request by using `MockMvcBuilders’s default request. For example, the following will run as a user (which does not need to exist) with the username "admin", the password "password", and the role "ROLE_ADMIN":

  • Java

  • Kotlin

mvc = MockMvcBuilders
		.webAppContextSetup(context)
		.defaultRequest(get("/").with(user("user").roles("ADMIN")))
		.apply(springSecurity())
		.build();
mvc = MockMvcBuilders
    .webAppContextSetup(context)
    .defaultRequest<DefaultMockMvcBuilder>(get("/").with(user("user").roles("ADMIN")))
    .apply<DefaultMockMvcBuilder>(springSecurity())
    .build()

如果您发现正在许多测试中使用同一个用户,建议将用户移至方法。例如,您可以在名为 CustomSecurityMockMvcRequestPostProcessors 的自定义类中指定以下内容:

If you find you are using the same user in many of your tests, it is recommended to move the user to a method. For example, you can specify the following in your own class named CustomSecurityMockMvcRequestPostProcessors:

  • Java

  • Kotlin

public static RequestPostProcessor rob() {
	return user("rob").roles("ADMIN");
}
fun rob(): RequestPostProcessor {
    return user("rob").roles("ADMIN")
}

现在,您可以在 CustomSecurityMockMvcRequestPostProcessors 上执行静态导入,并在测试中使用它:

Now you can perform a static import on CustomSecurityMockMvcRequestPostProcessors and use that within your tests:

  • Java

  • Kotlin

import static sample.CustomSecurityMockMvcRequestPostProcessors.*;

...

mvc
	.perform(get("/").with(rob()))
import sample.CustomSecurityMockMvcRequestPostProcessors.*

//...

mvc.get("/") {
    with(rob())
}

Running as a User in Spring MVC Test with Annotations

作为使用 RequestPostProcessor 创建用户的替代方法,可以使用 Testing Method Security 中描述的注释。例如,使用用户名“user”、密码“password”和角色“ROLE_USER”的用户运行该测试的代码:

As an alternative to using a RequestPostProcessor to create your user, you can use annotations described in Testing Method Security. For example, the following will run the test with the user with username "user", password "password", and role "ROLE_USER":

  • Java

  • Kotlin

@Test
@WithMockUser
public void requestProtectedUrlWithUser() throws Exception {
mvc
		.perform(get("/"))
		...
}
@Test
@WithMockUser
fun requestProtectedUrlWithUser() {
    mvc
        .get("/")
        // ...
}

或者,以下将使用用户名“user”、密码“password”和角色“ROLE_ADMIN”的用户运行测试:

Alternatively, the following will run the test with the user with username "user", password "password", and role "ROLE_ADMIN":

  • Java

  • Kotlin

@Test
@WithMockUser(roles="ADMIN")
public void requestProtectedUrlWithUser() throws Exception {
mvc
		.perform(get("/"))
		...
}
@Test
@WithMockUser(roles = ["ADMIN"])
fun requestProtectedUrlWithUser() {
    mvc
        .get("/")
        // ...
}