probleme pour tester spring-security-oauth
Bonjour a tous, je suis en train de faire des tests intégrés pour une application, je dois tester les contrôleurs qui sont sécurité par spring-security-oauth2.
Mon app n'est pas sur Spring boot (ca s'est un gros problème car tout les exemples que je vois utilise String boot)
J'ai comme exemple Baeldung\spring-security-oauth(https://github.com/Baeldung/spring-security-oauth.git) qui utilise spring boot
Donc si vous avez un exemple qui n'utilise pas spring boot. Ca serait pas de refus.
voici mon code
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = { "classpath:applicationContextIT.xml" })
@WebAppConfiguration
@TestExecutionListeners({ DependencyInjectionTestExecutionListener.class, DirtiesContextTestExecutionListener.class,
TransactionalTestExecutionListener.class, DbUnitTestExecutionListener.class })
@DatabaseSetup("import.sql")
public abstract class OAuthMvcTest {
@Resource
private WebApplicationContext webApplicationContext;
public MockMvc mockMvc;
@Autowired
@Qualifier("mysqlDataSource")
private DataSource dataSource;
@Autowired
ClientDetailsServiceConfigurer clients;
private static final String CLIENT_ID = "CLIENT_ID";
private static final String CLIENT_SECRET = "CLIENT_SECRET";
private static final String GRANT_TYPE = "secret";
private static final String CONTENT_TYPE = "application/json;charset=UTF-8";
private static final String EMAIL = "myName@gmail.com";
private static final String NAME = "myName";
@Autowired
private FilterChainProxy springSecurityFilterChain;
public String absoluteFilePath = "D:/src/test/resources/json/";
@Before
public void setUp() throws Exception {
try {
MockitoAnnotations.initMocks(this);
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.webApplicationContext)
.addFilter(springSecurityFilterChain).build();
} catch (Exception e) {
e.printStackTrace(); // TODO: handle exception
}
}
protected String obtainAccessToken(String username, String password) throws Exception {
JacksonJsonParser jsonParser = null;
String resultString = null;
try {
final MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
params.add("grant_type", "password");
params.add("client_id", CLIENT_ID);
params.add("username", username);
params.add("password", password);
// @formatter:off
ResultActions result = mockMvc
.perform(post("/oauth/token").params(params).with(httpBasic(CLIENT_ID, CLIENT_SECRET))
.accept(CONTENT_TYPE))
.andExpect(status().isOk()).andExpect(content().contentType(CONTENT_TYPE));
// @formatter:on
resultString = result.andReturn().getResponse().getContentAsString();
jsonParser = new JacksonJsonParser();
} catch (Exception e) {
e.printStackTrace();
}
return jsonParser.parseMap(resultString).get("access_token").toString();
}
} |
j'ai un 401 mon probleme est que je dois passer par une cette configuration . SI je me fie a l'example de Baeldung
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
package com.baeldung.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private BCryptPasswordEncoder passwordEncoder;
@Autowired
public void globalUserDetails(final AuthenticationManagerBuilder auth) throws Exception {
// @formatter:off
auth.inMemoryAuthentication()
.withUser("john").password(passwordEncoder.encode("123")).roles("USER").and()
.withUser("tom").password(passwordEncoder.encode("111")).roles("ADMIN").and()
.withUser("user1").password(passwordEncoder.encode("pass")).roles("USER").and()
.withUser("admin").password(passwordEncoder.encode("nimda")).roles("ADMIN");
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Override
protected void configure(final HttpSecurity http) throws Exception {
// @formatter:off
http.authorizeRequests().antMatchers("/login").permitAll()
.antMatchers("/oauth/token/revokeById/**").permitAll()
.antMatchers("/tokens/**").permitAll()
.anyRequest().authenticated()
.and().formLogin().permitAll()
.and().csrf().disable();
// @formatter:on
}
} |
l'example Baeldung mais avec Spring boot
moi j'ai deja un SecurityConfiguration dans mon src que je peux pas touché. Comment ajoute ma configure auth.inMemoryAuthentication() pour faire passe
Code:
1
2
| mockMvc
.perform(post("/oauth/token") |
voici SecurityConfiguration
Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private final AuthenticationManagerBuilder authenticationManagerBuilder;
private final UserDetailsService userDetailsService;
public SecurityConfiguration(AuthenticationManagerBuilder authenticationManagerBuilder, UserDetailsService userDetailsService) {
this.authenticationManagerBuilder = authenticationManagerBuilder;
this.userDetailsService = userDetailsService;
}
@PostConstruct
public void init() {
try {
authenticationManagerBuilder
.userDetailsService(userDetailsService)
.passwordEncoder(passwordEncoder());
} catch (Exception e) {
throw new BeanInitializationException("Security configuration failed", e);
}
}
@Bean
public Http401UnauthorizedEntryPoint http401UnauthorizedEntryPoint() {
return new Http401UnauthorizedEntryPoint();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
//TODO Remove "/push/**
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers(HttpMethod.OPTIONS, "/**")
.antMatchers("/app/**/*.{js,html}")
.antMatchers("/api/**/files/**/bytes")
.antMatchers("/api/**/users/forgotPassword")
.antMatchers("/api/**/users/reset/password/**")
.antMatchers("/push/**");
}
@Override
public void configure(HttpSecurity http) throws Exception {
http
.httpBasic().realmName("Oauth2Application")
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.requestMatchers().antMatchers("/oauth/authorize")
.and()
.authorizeRequests()
.antMatchers("/oauth/authorize").authenticated();
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Bean
public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
return new SecurityEvaluationContextExtension();
}
} |
merci d avance.
