问题
I am trying to unit-test login and security in my REST API, so I try to mock real-life request sequences as close as possible.
My first request would be:
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).
addFilters(springSecurityFilterChain).build();
this.mapper = new ObjectMapper();
....
MvcResult result=mockMvc.perform(get("/login/csrf")).andExpect(status().is(200)).andReturn();
Cookie[] cookies = result.getResponse().getCookies();
(See full class on pastebin).
I try to get the cookie here to be able to login with the received CSRF token later, but the cookies array is empty!
However, if I run my application and call
curl -i http://localhost:8080/login/csrf
I do get back a Set-Cookie header and can use that cookie (and the CSRF token) later to authenticate.
So the question is: How do I get MockMvc to return a cookie to me?
回答1:
I have found a workaround, using the ability to directly extract session objects from the MockHttpServletRequest:
session=(MockHttpSession)result.getRequest().getSession();
And later inserting the session directly:
req.session(session);
The reason why I am not pleased with this solution is that if the mock httpservlet behaves differently than the real servlet in this regard, how can I be sure whether it behaves the same as the real servlet in other cases. So I am not testing the application itself, which potentially leaves gaps in the tests.
回答2:
I work with RestTemplate for testing with cookies. RestTemplate cookies handler
@RunWith(SpringRunner.class)
@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
@Import(RestTemplateWithCookies.class)
public class ApplicationTest {
@LocalServerPort
private int port;
@Autowired
private Environment env;
@Autowired
private RestTemplateWithCookies restTemplate;
@Test
public void appTest() throws Exception {
HttpHeaders headers = new HttpHeaders();
headers.set("Referer", env.getProperty("allowed_referer"));
HttpEntity<String> entity = new HttpEntity<String>("parameters", headers);
ResponseEntity<String> response = restTemplate.exchange("http://localhost:" + port + "/scan?email=xxx@xxx.com", HttpMethod.GET, entity, String.class);
assertTrue(response.getStatusCode() == HttpStatus.FOUND);
HttpCookie c = restTemplate.getCoookies().stream().filter(x -> env.getProperty("server.session.cookie.name").equals(x.getName())).findAny().orElse(null);
assertTrue(c != null);
}
}
回答3:
Based on P.Péter's answer a made this code fragment which will get and put back the session automatically for each request performed (MockHttpServletRequestBuilder) on mockMvc.
@Autowired
private WebApplicationContext webApplicationContext;
@Autowired
private Filter springSecurityFilterChain;
@Before
public void setUp() throws Exception {
final MockHttpServletRequestBuilder defaultRequestBuilder = get("/dummy-path");
this.mockMvc = MockMvcBuilders.webAppContextSetup(this.webApplicationContext)
.defaultRequest(defaultRequestBuilder)
.alwaysDo(result -> setSessionBackOnRequestBuilder(defaultRequestBuilder, result.getRequest()))
.apply(springSecurity(springSecurityFilterChain))
.build();
}
private MockHttpServletRequest setSessionBackOnRequestBuilder(final MockHttpServletRequestBuilder requestBuilder,
final MockHttpServletRequest request) {
requestBuilder.session((MockHttpSession) request.getSession());
return request;
}
For a long answer: check this solution (the answer is for spring 4): How to login a user with spring 3.2 new mvc testing
来源:https://stackoverflow.com/questions/26142631/why-does-spring-mockmvc-result-not-contain-a-cookie