spring security test code 작성시 UserDetails가 필요할때
spring security test code 작성시 UserDetails가 필요할때
스프링 시큐리티 테스트 코드 작성시 '@WithMockUser' 어너테이션을 사용해서 인증을 통과 시킨다 하지만 어떤 API는 UserDetails를 필요로 할수 있다 그럴때 커스텀 어너테이션을 만들어서 사용할수 있다.
@Configuration
public class SecurityConfigruation extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("**").authenticated().and().formLogin()
.disable().csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS).and()
.exceptionHandling()
.authenticationEntryPoint(new Http403ForbiddenEntryPoint())
.accessDeniedHandler(new AccessDeniedHandlerImpl());
}
}
위처럼 간단하게 인증을 걸고 API를 하나 만들어서 테스트 코드를 작성해서 테스트 해보았다.
@Slf4j
@RequestMapping("/api/")
@RestController
public class TestController {
@GetMapping("test")
public ResponseEntity<String> getTest(Authentication principal) {
var userName = principal.getName();
log.debug("test ok {}", principal.getDetails());
return ResponseEntity.ok(userName);
}
}
위에 컨트롤러 하나 생성후에 테스트 코드를 작성해 보면
@RunWith(SpringRunner.class)
@SpringBootTest
@AutoConfigureMockMvc
class TestControllerTest {
private static final String URL = "/api/test";
@Autowired
private MockMvc mockMvc;
@DisplayName("인증실패")
@Test
void forbiddenTest() throws Exception {
this.mockMvc.perform(get(URL)
.contentType(MediaType.APPLICATION_JSON).accept(MediaType.APPLICATION_JSON))
.andDo(print()).andExpect(status().isForbidden());
}
@DisplayName("WithMockUser 어너테이션 테스트")
@WithMockUser
@Test
void withMockTest() throws Exception {
this.mockMvc.perform(get(URL)
.contentType(MediaType.APPLICATION_JSON).accept(MediaType.APPLICATION_JSON))
.andDo(print()).andExpect(status().isOk());
}
}
인증실패 결과
MockHttpServletRequest:
HTTP Method = GET
Request URI = /api/test
Parameters = {}
Headers = [Content-Type:"application/json;charset=UTF-8", Accept:"application/json"]
Body = null
Session Attrs = {}
Handler:
Type = null
Async:
Async started = false
Async result = null
Resolved Exception:
Type = null
ModelAndView:
View name = null
View = null
Model = null
FlashMap:
Attributes = null
MockHttpServletResponse:
Status = 403
Error message = Access Denied
Headers = [X-Content-Type-Options:"nosniff", X-XSS-Protection:"1; mode=block", Cache-Control:"no-cache, no-store, max-age=0, must-revalidate", Pragma:"no-cache", Expires:"0", X-Frame-Options:"DENY"]
Content type = null
Body =
Forwarded URL = null
Redirected URL = null
Cookies = []
WithMockUser 어너테이션 테스트 결과
MockHttpServletRequest:
HTTP Method = GET
Request URI = /api/test
Parameters = {}
Headers = [Content-Type:"application/json;charset=UTF-8", Accept:"application/json"]
Body = null
Session Attrs = {SPRING_SECURITY_CONTEXT=org.springframework.security.core.context.SecurityContextImpl@ca25360: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@ca25360: Principal: org.springframework.security.core.userdetails.User@36ebcb: Username: user; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_USER; Credentials: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_USER}
Handler:
Type = io.github.sejoung.controller.TestController
Method = io.github.sejoung.controller.TestController#getTest(Authentication)
Async:
Async started = false
Async result = null
Resolved Exception:
Type = null
ModelAndView:
View name = null
View = null
Model = null
FlashMap:
Attributes = null
MockHttpServletResponse:
Status = 200
Error message = null
Headers = [Content-Type:"application/json;charset=UTF-8", Content-Length:"4", X-Content-Type-Options:"nosniff", X-XSS-Protection:"1; mode=block", Cache-Control:"no-cache, no-store, max-age=0, must-revalidate", Pragma:"no-cache", Expires:"0", X-Frame-Options:"DENY"]
Content type = application/json
Body = user
Forwarded URL = null
Redirected URL = null
Cookies = []
위에 결과를 보면 인증은 통과 했지만 Details: null; 이다.
그럼 값을 넣어 주는것을 테스트 해서 보면
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import org.springframework.security.test.context.support.WithSecurityContext;
@Retention(RetentionPolicy.RUNTIME)
@WithSecurityContext(factory = WithMockCustomUserSecurityContextFactory.class)
public @interface WithMockCustomUser {
String username() default "sejoung";
String name() default "sejoung kim";
}
위 처럼 어너테이션을 생성 하고
public class WithMockCustomUserSecurityContextFactory
implements WithSecurityContextFactory<WithMockCustomUser> {
@Override
public SecurityContext createSecurityContext(WithMockCustomUser customUser) {
SecurityContext context = SecurityContextHolder.createEmptyContext();
List<GrantedAuthority> grantedAuthorities = new ArrayList();
grantedAuthorities.add(new SimpleGrantedAuthority("USER"));
User principal = new User(customUser.username(), "1234", true, true, true, true,
grantedAuthorities);
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
principal, principal.getPassword(), principal.getAuthorities());
authentication.setDetails(new Detail(customUser.username(), "aaaa"));
context.setAuthentication(authentication);
return context;
}
}
위 처럼 팩토리를 하나 만들어서 사용하면
테스트 코드는 하나 추가해서 보면
@DisplayName("커스텀 어너테이션 테스트")
@WithMockCustomUser
@Test
void customWithMockTest() throws Exception {
this.mockMvc.perform(get(URL)
.contentType(MediaType.APPLICATION_JSON).accept(MediaType.APPLICATION_JSON))
.andDo(print()).andExpect(status().isOk());
}
커스텀 어너테이션 테스트 결과
MockHttpServletRequest:
HTTP Method = GET
Request URI = /api/test
Parameters = {}
Headers = [Content-Type:"application/json;charset=UTF-8", Accept:"application/json"]
Body = null
Session Attrs = {SPRING_SECURITY_CONTEXT=org.springframework.security.core.context.SecurityContextImpl@b3ebb9fe: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@b3ebb9fe: Principal: org.springframework.security.core.userdetails.User@75d00a77: Username: sejoung; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: USER; Credentials: [PROTECTED]; Authenticated: true; Details: Detail(name=sejoung, data=aaaa); Granted Authorities: USER}
Handler:
Type = io.github.sejoung.controller.TestController
Method = io.github.sejoung.controller.TestController#getTest(Authentication)
Async:
Async started = false
Async result = null
Resolved Exception:
Type = null
ModelAndView:
View name = null
View = null
Model = null
FlashMap:
Attributes = null
MockHttpServletResponse:
Status = 200
Error message = null
Headers = [Content-Type:"application/json;charset=UTF-8", Content-Length:"7", X-Content-Type-Options:"nosniff", X-XSS-Protection:"1; mode=block", Cache-Control:"no-cache, no-store, max-age=0, must-revalidate", Pragma:"no-cache", Expires:"0", X-Frame-Options:"DENY"]
Content type = application/json
Body = sejoung
Forwarded URL = null
Redirected URL = null
Cookies = []
Details: Detail(name=sejoung, data=aaaa) 이렇게 값이 들어간것을 볼수 있다.