I'm using spring-security-oauth2 version 2.0.5.RELEASE to implement oauth2 in my project. Since I need to return different HTTP response codes based on user's status in the system I need to use my own WebResponseExceptionTranslator in TokenEndpoint. Version 2.0.5 does not allow to configure spring security to use own exception translators but it is possible in the newest version - 2.0.9 RELEASE.
But since version 2.0.6 and newer my unit tests aren't working. I'm using spring-security-test 4.0.3 RELEASE version to mock calls to controller as follow:
@SpringApplicationConfiguration(classes = {AuthorizationServer.class, WebSecurityConfig.class, AuthorizationServerConfig.class, SpringSecurityConfiguration.class})
@WebAppConfiguration
@TestExecutionListeners({DependencyInjectionTestExecutionListener.class})
@RunWith(SpringJUnit4ClassRunner.class)
public class SecurityTest {
@Autowired
private WebApplicationContext wac;
@Autowired
private FilterChainProxy filterChainProxy;
private MockMvc mockMvc;
@Before
public void setUp() {
mockMvc = webAppContextSetup(wac)
.addFilters(filterChainProxy)
.build();
}
@Test
public void allowPatientsToAccessSecureData() throws Exception {
mockMvc.perform(get(AUTHORIZATION_SERVER + "/user").with(user("user").roles(PATIENT.toString())).secure(true))
.andExpect(status().isOk());
}
}
But I get response Access is denied - logs are saying that user is anonymous. Is there any solution to get my test working again? It looks as if something has changed with the filter-chain processing.
2016-04-04 09:34:39.460 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2016-04-04 09:34:39.463 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2016-04-04 09:34:39.463 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/oauth/users/user'; against '/logout'
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 5 of 11 in additional filter chain; firing Filter: 'OAuth2AuthenticationProcessingFilter'
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] o.s.s.o.p.a.BearerTokenExtractor : Token not found in headers. Trying request parameters.
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] o.s.s.o.p.a.BearerTokenExtractor : Token not found in request parameters. Not an OAuth2 request.
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] p.a.OAuth2AuthenticationProcessingFilter : Clearing security context.
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] p.a.OAuth2AuthenticationProcessingFilter : No token in request, will continue chain.
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2016-04-04 09:34:39.464 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2016-04-04 09:34:39.466 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2016-04-04 09:34:39.466 DEBUG 8512 --- [ main] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2016-04-04 09:34:39.466 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
2016-04-04 09:34:39.467 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2016-04-04 09:34:39.467 DEBUG 8512 --- [ main] o.s.security.web.FilterChainProxy : /oauth/users/user at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2016-04-04 09:34:39.467 DEBUG 8512 --- [ main] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /oauth/users/user; Attributes: [#oauth2.throwOnError(authenticated)]
2016-04-04 09:34:39.467 DEBUG 8512 --- [ main] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2016-04-04 09:34:39.474 DEBUG 8512 --- [ main] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@130a6eb9, returned: -1
2016-04-04 09:34:39.479 DEBUG 8512 --- [ main] o.s.s.w.a.ExceptionTranslationFilter : Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
When I deploy the application security does work, so it's just MockMvc problem.
Aucun commentaire:
Enregistrer un commentaire