我有一个受oauth保护的服务。这是我的restcontroller的结构:
@CrossOrigin(origins = "*", allowedHeaders = "*")
@RestController
public class MainController {
@PostMapping("/v1/api")
@CustomAuthorizer(RequestURI = "api", ResourceType = ResourceType.API, GrantAccess = GrantAccess.EXECUTE)
public ResponseEntity<List<Details>> api(
@ApiParam(value = "Provide here request body", required = true) @Valid @RequestBody Input input,
@Valid @RequestParam("tId") String tenantId, @RequestHeader("Authorization") String auth) {
}
这是我的测试
@RunWith(SpringRunner.class)
@SpringBootTest
public class MainControllerMockTest {
@WithMockUser( username = "test")
@Test
public void testApi() throws Exception {
Input input = new Input();
//Set input here
MvcResult result = mockMvc.perform(post("/v1/api?tId=test")
.content(inputJson).contentType(MediaType.APPLICATION_JSON).header(HttpHeaders.AUTHORIZATION, "Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJsd2lsbGlhbXMxNiIsInJvbGVzIjoidXNlciIsImlhdCI6MTUxNDQ0OTgzM30.WKMQ_oPPiDcc6sGtMJ1Y9hlrAAc6U3xQLuEHyAnM1FU")
.with(SecurityMockMvcRequestPostProcessors.csrf()))
.andExpect(status().isOk()).andReturn();
System.out.println(result.getResponse().getContentAsString());
assertEquals(200, result.getResponse().getStatus());
}
}
身份验证是由我们定制的oauth库完成的,所以当调用/api时,它会检查权限,有没有办法绕过它?我也试着模仿那段代码,但没有成功。任何建议都很好。
暂无答案!
目前还没有任何答案,快来回答吧!