Spring 安全、测试 MVC 和模拟服务

【问题标题】:Spring security, test MVC and mock servicesSpring 安全、测试 MVC 和模拟服务
【发布时间】:2026-01-26 20:10:01
【问题描述】:

我想测试我的控制器,它有@PreAuthorize,它还有我想模拟的服务

PlayerController.java

@RestController
@RequestMapping(value = "/player")
public class PlayerController {
  @Autowired
  private PlayerService playerService;

  @PreAuthorize("hasAuthority('ADMIN')")
  @RequestMapping(value = "/all", method = RequestMethod.GET, produces = "application/json")
  public
  @ResponseBody
  ResponseEntity<List<String>> loadByAdmin()
  throws Exception {
    return new ResponseEntity<>(playerService.getPlayers(), HttpStatus.OK);
  }
}

PlayerServiceImpl.java

@Service
public class PlayerServiceImpl implements PlayerService{
  @Autowired
  private PlayerRepo playerRepo;

  @Transactional(readOnly = true)
  public List<String> getPlayers()() {
    return playerRepo.findAll();
  }
}

第一次尝试:在这种情况下 - 测试有效,但你可以看到 authoritySOMEONE 所以它应该失败,因为只有权限 ADMIN 被访问。

@RunWith(SpringJUnit4ClassRunner.class)
@WebAppConfiguration
@ContextConfiguration(classes = {WebAppConfig.class, SecurityConfiguration.class})
public class PlayerControllerTest {
  private MockMvc mockMvc;

  @Autowired
  private FilterChainProxy springSecurityFilterChain;

  @Mock
  private PlayerService playerService;

  @InjectMocks
  private PlayerController playerController;

  @Test
  public void loadByAdmin()
  throws Exception {
    Player player = new player();
    when(playerService.getPlayers()).thenReturn(Collections.singletonList(player));

    mockMvc.perform(get("/circuit/all").with(user("adm").password("123")
        .authorities(new SimpleGrantedAuthority("SOMEONE"))) //not failed
        .contentType(MediaType.APPLICATION_JSON))
        .andExpect(status().isOk());

    verify(playerService, times(1)).getPlayers();
    verifyNoMoreInteractions(playerService);
  }


  @Before
  public void setUp() {
    MockitoAnnotations.initMocks(this);

    mockMvc = MockMvcBuilders
        .standaloneSetup(playerController)
        .apply(SecurityMockMvcConfigurers.springSecurity(springSecurityFilterChain))
        .build();
}

第二次尝试:所以我尝试了另一种方法,它适用于不同的权限,但在这种情况下我无法模拟 PlayerService

@RunWith(SpringJUnit4ClassRunner.class)
@WebAppConfiguration
@ContextConfiguration(classes = {WebAppConfig.class, SecurityConfiguration.class})
public class PlayerControllerTest {
  private MockMvc mockMvc;

  @Autowired
  private WebApplicationContext wac;

  @Mock
  private PlayerService playerService;

  @InjectMocks
  private PlayerController playerController;

  @Test
  public void loadByAdmin()
  throws Exception {
    Player player = new player();
    when(playerService.getPlayers()).thenReturn(Collections.singletonList(player)); //not mocked

    mockMvc.perform(get("/circuit/all").with(user("adm").password("123")
        .authorities(new SimpleGrantedAuthority("ADMIN")))
        .contentType(MediaType.APPLICATION_JSON))
        .andExpect(status().isOk());

    verify(playerService, times(1)).getPlayers(); //no interaction
    verifyNoMoreInteractions(playerService);  //no interaction
  }


  @Before
  public void setUp() {
    MockitoAnnotations.initMocks(this);

    this.mockMvc.webAppContextSetup(wac)
            .apply(springSecurity())
            .build();
}

那么,我可以为模拟PlayerService 和测试授权做什么?

【问题讨论】:

  • 尝试调用 MockitoAnnotations.initMocks(this);在 this.mockMvc .....build() 之后

标签: java spring testing spring-security mockmvc


【解决方案1】:

你能告诉我们 PlayerService impl 吗?

您也可以尝试@Autowire on playerService 并在setUp 方法上添加一个玩家,检查具有管理员权限的玩家,在@After 中删除该玩家。由于这是一个集成测试,@Autowire 应该可以工作。

【讨论】:

  • 添加 PlayerServiceImpl,但 @Autowired 无法使用,因为 PlayerServiceImpl 与数据库一起使用,当它调用 getPlayers 时,它会从 db 获取真实数据
  • 您可以尝试使用@RunWith(MockitoJUnitRunner.class) 运行它,或者将 playerService 类实例化为 playerService = Mockito.mock(PlayerService.class);
  • @Mock private PlayerService playerServiceMockitoAnnotations.initMocks(this); 等于 playerService = Mockito.mock(PlayerService.class);
【解决方案2】:

已经用反射解决了

@RunWith(SpringJUnit4ClassRunner.class)
@WebAppConfiguration
@ContextConfiguration(classes = {WebAppConfig.class})
public class PlayerControllerTest {
  private MockMvc mockMvc;

  @Mock
  private PlayerService playerService;

  @Autowired
  private PlayerController playerController;

  @Autowired
  private FilterChainProxy springSecurityFilterChain;

  @Test
  public void loadByAdmin()
  throws Exception {
    Player player = new player();
    when(playerService.getPlayers()).thenReturn(Collections.singletonList(player)); //success

    mockMvc.perform(get("/circuit/all").with(user("adm").password("123")
        .authorities(new SimpleGrantedAuthority("ADMIN")))
        .contentType(MediaType.APPLICATION_JSON))
        .andExpect(status().isOk());

    verify(playerService, times(1)).getPlayers(); //was called
    verifyNoMoreInteractions(playerService);  
  }


  @Before
  public void setUp() {
    MockitoAnnotations.initMocks(this);

    this.mockMvc = MockMvcBuilders.standaloneSetup(playerController)
        .apply(springSecurity(springSecurityFilterChain)).build();

    ReflectionTestUtils.setField(playerController, "playerService", playerService);
}

【讨论】:

    猜你喜欢
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript C# Mysql Docker 算法 前端 SpringBoot Redis Vue spring .net 设计模式 .net core c++ kubernetes 数据库 机器学习 大数据 数据结构 微服务 js 人工智能 Go Android 面试 程序员 JVM 云原生 后端 ASP.net core 深度学习 CSS k8s git golang PHP devops Nginx Django React mybatis 架构 多线程 Spring Boot 云计算 LeetCode 分布式