带有 WebFlux 的 Spring Boot 总是在测试中抛出 403 状态
Posted
技术标签:
【中文标题】带有 WebFlux 的 Spring Boot 总是在测试中抛出 403 状态【英文标题】:Spring boot with WebFlux always throw 403 status in tests 【发布时间】:2020-07-06 17:16:03 【问题描述】:非常感谢查看我的问题)我有一些奇怪的主题:我的春季启动测试不起作用。它们成功启动,但在向任何控制器发出请求时总是抛出 403 HTTP 状态 我有一些具有下一个依赖项的项目:
buildscript
ext.kotlin_version = '1.3.71'
dependencies
classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:1.3.71"
classpath "org.springframework.boot:spring-boot-gradle-plugin:2.2.1.RELEASE"
classpath "com.google.cloud.tools.jib:com.google.cloud.tools.jib.gradle.plugin:1.8.0"
plugins
id "org.springframework.boot" version "2.2.5.RELEASE"
id "io.spring.dependency-management" version "1.0.9.RELEASE"
id "com.google.cloud.tools.jib" version "1.8.0"
id "org.jetbrains.kotlin.jvm" version "1.3.71"
id "org.jetbrains.kotlin.plugin.spring" version "1.3.71"
id "org.jetbrains.kotlin.plugin.jpa" version "1.3.71"
apply plugin: 'kotlin'
configurations
developmentOnly
runtimeClasspath
extendsFrom developmentOnly
repositories
maven
url "https://plugins.gradle.org/m2/"
maven
url "http://oss.jfrog.org/artifactory/oss-snapshot-local/"
mavenCentral()
kotlin
sourceSets
main.kotlin.srcDirs += 'src/main/myKotlin'
dependencies
implementation "joda-time:joda-time:2.10.5"
implementation "org.springframework.boot:spring-boot-starter-security"
implementation "org.springframework.boot:spring-boot-starter-actuator"
implementation "org.springframework.boot:spring-boot-starter-batch"
implementation "org.springframework.boot:spring-boot-starter-jdbc"
implementation "org.springframework.boot:spring-boot-starter-data-jpa"
implementation "org.springframework.boot:spring-boot-starter-data-mongodb-reactive"
implementation "org.springframework.boot:spring-boot-starter-mail"
implementation "org.springframework.boot:spring-boot-starter-quartz"
implementation "org.springframework.boot:spring-boot-starter-webflux"
implementation "com.fasterxml.jackson.module:jackson-module-kotlin"
implementation "io.springfox:springfox-swagger2:3.0.0-SNAPSHOT"
implementation "io.springfox:springfox-swagger-ui:3.0.0-SNAPSHOT"
implementation "io.springfox:springfox-spring-webflux:3.0.0-SNAPSHOT"
implementation "org.flywaydb:flyway-core"
implementation "org.jetbrains.kotlin:kotlin-reflect"
implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk8"
implementation "org.jetbrains.kotlinx:kotlinx-coroutines-reactor"
developmentOnly "org.springframework.boot:spring-boot-devtools"
runtimeOnly "org.postgresql:postgresql"
testImplementation("org.springframework.boot:spring-boot-starter-test")
exclude group: "org.junit.vintage", module: "junit-vintage-engine"
testImplementation("de.flapdoodle.embed:de.flapdoodle.embed.mongo")
testImplementation("io.projectreactor:reactor-test")
testImplementation("org.springframework.batch:spring-batch-test")
testImplementation("com.ninja-squad:springmockk:2.0.0")
testImplementation('com.h2database:h2')
test
useJUnitPlatform()
tasks.withType(org.jetbrains.kotlin.gradle.tasks.KotlinCompile).configureEach
kotlinOptions
freeCompilerArgs = ["-Xjsr305=strict"]
jvmTarget = "1.8"
我实现了一些功能,然后我开始用测试覆盖它。但是,然后我启动它们,spring 总是抛出异常,响应状态为 403。 以下是报告:
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v2.2.5.RELEASE)
2020-03-26 11:24:23.345 INFO 38406 --- [ Test worker] r.m.b.web.signin.SignInControllerTest : Starting SignInControllerTest on MacBook-Pro-Apple with PID 38406 (started by alexscrobot in /Users/alexscrobot/development/backends/medissima)
2020-03-26 11:24:23.347 INFO 38406 --- [ Test worker] r.m.b.web.signin.SignInControllerTest : No active profile set, falling back to default profiles: default
2020-03-26 11:24:26.418 INFO 38406 --- [ Test worker] ctiveUserDetailsServiceAutoConfiguration :
Using generated security password: 499ec504-7b25-484f-87b3-d6b6d2f7cc06
2020-03-26 11:24:26.553 DEBUG 38406 --- [ Test worker] s.w.r.r.m.a.RequestMappingHandlerMapping : 1 mappings in 'requestMappingHandlerMapping'
2020-03-26 11:24:26.671 DEBUG 38406 --- [ Test worker] o.s.w.r.handler.SimpleUrlHandlerMapping : Patterns [/swagger-ui.html**, /webjars/**] in 'resourceHandlerMapping'
2020-03-26 11:24:26.765 DEBUG 38406 --- [ Test worker] o.s.w.r.r.m.a.ControllerMethodResolver : ControllerAdvice beans: none
2020-03-26 11:24:27.338 DEBUG 38406 --- [ Test worker] o.s.w.s.adapter.HttpWebHandlerAdapter : enableLoggingRequestDetails='false': form data and headers will be masked to prevent unsafe logging of potentially sensitive data
2020-03-26 11:24:27.390 INFO 38406 --- [ Test worker] r.m.b.web.signin.SignInControllerTest : Started SignInControllerTest in 4.384 seconds (JVM running for 6.038)
2020-03-26 11:24:28.628 DEBUG 38406 --- [ Test worker] o.s.w.r.f.client.ExchangeFunctions : [48fcb68c] HTTP POST /api/sign-in
2020-03-26 11:24:28.759 DEBUG 38406 --- [ parallel-1] o.s.http.codec.json.Jackson2JsonEncoder : [48fcb68c] Encoding [RequestCredentials(email=test@test.com, password=123456)]
2020-03-26 11:24:28.797 DEBUG 38406 --- [ parallel-1] o.s.w.s.adapter.HttpWebHandlerAdapter : [6997f224] HTTP POST "/api/sign-in"
2020-03-26 11:24:28.911 DEBUG 38406 --- [oundedElastic-1] o.s.w.s.s.DefaultWebSessionManager : Created new WebSession.
2020-03-26 11:24:28.926 DEBUG 38406 --- [oundedElastic-1] o.s.w.s.adapter.HttpWebHandlerAdapter : [6997f224] Completed 403 FORBIDDEN
2020-03-26 11:24:28.930 DEBUG 38406 --- [oundedElastic-1] o.s.w.r.f.client.ExchangeFunctions : [48fcb68c] Response 403 FORBIDDEN
Status expected:<200 OK> but was:<403 FORBIDDEN>
> POST /api/sign-in
> WebTestClient-Request-Id: [1]
> Accept: [application/json]
> Content-Type: [application/json]
> Content-Length: [45]
"email":"test@test.com","password":"123456"
< 403 FORBIDDEN Forbidden
< Content-Type: [text/plain]
< Cache-Control: [no-cache, no-store, max-age=0, must-revalidate]
< Pragma: [no-cache]
< Expires: [0]
< X-Content-Type-Options: [nosniff]
< X-Frame-Options: [DENY]
< X-XSS-Protection: [1 ; mode=block]
< Referrer-Policy: [no-referrer]
CSRF Token has been associated to this client
java.lang.AssertionError: Status expected:<200 OK> but was:<403 FORBIDDEN>
> POST /api/sign-in
> WebTestClient-Request-Id: [1]
> Accept: [application/json]
> Content-Type: [application/json]
> Content-Length: [45]
"email":"test@test.com","password":"123456"
< 403 FORBIDDEN Forbidden
< Content-Type: [text/plain]
< Cache-Control: [no-cache, no-store, max-age=0, must-revalidate]
< Pragma: [no-cache]
< Expires: [0]
< X-Content-Type-Options: [nosniff]
< X-Frame-Options: [DENY]
< X-XSS-Protection: [1 ; mode=block]
< Referrer-Policy: [no-referrer]
CSRF Token has been associated to this client
at org.springframework.test.web.reactive.server.ExchangeResult.assertWithDiagnostics(ExchangeResult.java:209)
at org.springframework.test.web.reactive.server.StatusAssertions.assertStatusAndReturn(StatusAssertions.java:227)
at org.springframework.test.web.reactive.server.StatusAssertions.isOk(StatusAssertions.java:67)
at ru.medissima.backend.web.signin.SignInControllerTest.success authentication(SignInControllerTest.kt:80)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.junit.platform.commons.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:675)
at org.junit.jupiter.engine.execution.MethodInvocation.proceed(MethodInvocation.java:60)
at org.junit.jupiter.engine.execution.InvocationInterceptorChain$ValidatingInvocation.proceed(InvocationInterceptorChain.java:125)
at org.junit.jupiter.engine.extension.TimeoutExtension.intercept(TimeoutExtension.java:132)
at org.junit.jupiter.engine.extension.TimeoutExtension.interceptTestableMethod(TimeoutExtension.java:124)
at org.junit.jupiter.engine.extension.TimeoutExtension.interceptTestMethod(TimeoutExtension.java:74)
at org.junit.jupiter.engine.execution.ExecutableInvoker$ReflectiveInterceptorCall.lambda$ofVoidMethod$0(ExecutableInvoker.java:115)
at org.junit.jupiter.engine.execution.ExecutableInvoker.lambda$invoke$0(ExecutableInvoker.java:105)
at org.junit.jupiter.engine.execution.InvocationInterceptorChain$InterceptedInvocation.proceed(InvocationInterceptorChain.java:104)
at org.junit.jupiter.engine.execution.InvocationInterceptorChain.proceed(InvocationInterceptorChain.java:62)
at org.junit.jupiter.engine.execution.InvocationInterceptorChain.chainAndInvoke(InvocationInterceptorChain.java:43)
at org.junit.jupiter.engine.execution.InvocationInterceptorChain.invoke(InvocationInterceptorChain.java:35)
at org.junit.jupiter.engine.execution.ExecutableInvoker.invoke(ExecutableInvoker.java:104)
at org.junit.jupiter.engine.execution.ExecutableInvoker.invoke(ExecutableInvoker.java:98)
at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor.lambda$invokeTestMethod$6(TestMethodTestDescriptor.java:202)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor.invokeTestMethod(TestMethodTestDescriptor.java:198)
at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor.execute(TestMethodTestDescriptor.java:135)
at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor.execute(TestMethodTestDescriptor.java:69)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$5(NodeTestTask.java:135)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$7(NodeTestTask.java:125)
at org.junit.platform.engine.support.hierarchical.Node.around(Node.java:135)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$8(NodeTestTask.java:123)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.executeRecursively(NodeTestTask.java:122)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.execute(NodeTestTask.java:80)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1540)
at org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService.invokeAll(SameThreadHierarchicalTestExecutorService.java:38)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$5(NodeTestTask.java:139)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$7(NodeTestTask.java:125)
at org.junit.platform.engine.support.hierarchical.Node.around(Node.java:135)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$8(NodeTestTask.java:123)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.executeRecursively(NodeTestTask.java:122)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.execute(NodeTestTask.java:80)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1540)
at org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService.invokeAll(SameThreadHierarchicalTestExecutorService.java:38)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$5(NodeTestTask.java:139)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$7(NodeTestTask.java:125)
at org.junit.platform.engine.support.hierarchical.Node.around(Node.java:135)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$8(NodeTestTask.java:123)
at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.executeRecursively(NodeTestTask.java:122)
at org.junit.platform.engine.support.hierarchical.NodeTestTask.execute(NodeTestTask.java:80)
at org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService.submit(SameThreadHierarchicalTestExecutorService.java:32)
at org.junit.platform.engine.support.hierarchical.HierarchicalTestExecutor.execute(HierarchicalTestExecutor.java:57)
at org.junit.platform.engine.support.hierarchical.HierarchicalTestEngine.execute(HierarchicalTestEngine.java:51)
at org.junit.platform.launcher.core.DefaultLauncher.execute(DefaultLauncher.java:220)
at org.junit.platform.launcher.core.DefaultLauncher.lambda$execute$6(DefaultLauncher.java:188)
at org.junit.platform.launcher.core.DefaultLauncher.withInterceptedStreams(DefaultLauncher.java:202)
at org.junit.platform.launcher.core.DefaultLauncher.execute(DefaultLauncher.java:181)
at org.junit.platform.launcher.core.DefaultLauncher.execute(DefaultLauncher.java:128)
at org.gradle.api.internal.tasks.testing.junitplatform.JUnitPlatformTestClassProcessor$CollectAllTestClassesExecutor.processAllTestClasses(JUnitPlatformTestClassProcessor.java:99)
at org.gradle.api.internal.tasks.testing.junitplatform.JUnitPlatformTestClassProcessor$CollectAllTestClassesExecutor.access$000(JUnitPlatformTestClassProcessor.java:79)
at org.gradle.api.internal.tasks.testing.junitplatform.JUnitPlatformTestClassProcessor.stop(JUnitPlatformTestClassProcessor.java:75)
at org.gradle.api.internal.tasks.testing.SuiteTestClassProcessor.stop(SuiteTestClassProcessor.java:61)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.gradle.internal.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:36)
at org.gradle.internal.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:24)
at org.gradle.internal.dispatch.ContextClassLoaderDispatch.dispatch(ContextClassLoaderDispatch.java:33)
at org.gradle.internal.dispatch.ProxyDispatchAdapter$DispatchingInvocationHandler.invoke(ProxyDispatchAdapter.java:94)
at com.sun.proxy.$Proxy2.stop(Unknown Source)
at org.gradle.api.internal.tasks.testing.worker.TestWorker.stop(TestWorker.java:132)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.gradle.internal.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:36)
at org.gradle.internal.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:24)
at org.gradle.internal.remote.internal.hub.MessageHubBackedObjectConnection$DispatchWrapper.dispatch(MessageHubBackedObjectConnection.java:182)
at org.gradle.internal.remote.internal.hub.MessageHubBackedObjectConnection$DispatchWrapper.dispatch(MessageHubBackedObjectConnection.java:164)
at org.gradle.internal.remote.internal.hub.MessageHub$Handler.run(MessageHub.java:412)
at org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:64)
at org.gradle.internal.concurrent.ManagedExecutorImpl$1.run(ManagedExecutorImpl.java:48)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.gradle.internal.concurrent.ThreadFactoryImpl$ManagedThreadRunnable.run(ThreadFactoryImpl.java:56)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: java.lang.AssertionError: Status expected:<200 OK> but was:<403 FORBIDDEN>
at org.springframework.test.util.AssertionErrors.fail(AssertionErrors.java:59)
at org.springframework.test.util.AssertionErrors.assertEquals(AssertionErrors.java:122)
at org.springframework.test.web.reactive.server.StatusAssertions.lambda$assertStatusAndReturn$4(StatusAssertions.java:227)
at org.springframework.test.web.reactive.server.ExchangeResult.assertWithDiagnostics(ExchangeResult.java:206)
... 91 more
2020-03-26 11:24:28.990 DEBUG 38406 --- [ Test worker] o.s.w.r.f.client.ExchangeFunctions : [5ee937d3] HTTP POST /api/sign-in
2020-03-26 11:24:28.991 DEBUG 38406 --- [ parallel-2] o.s.w.s.adapter.HttpWebHandlerAdapter : [5fe66132] HTTP POST "/api/sign-in"
2020-03-26 11:24:28.992 DEBUG 38406 --- [oundedElastic-1] o.s.w.s.s.DefaultWebSessionManager : Created new WebSession.
2020-03-26 11:24:28.994 DEBUG 38406 --- [oundedElastic-1] o.s.w.s.adapter.HttpWebHandlerAdapter : [5fe66132] Completed 403 FORBIDDEN
2020-03-26 11:24:28.994 DEBUG 38406 --- [oundedElastic-1] o.s.w.r.f.client.ExchangeFunctions : [5ee937d3] Response 403 FORBIDDEN
SignInControllerTest > success authentication() FAILED
java.lang.AssertionError at SignInControllerTest.kt:80
Caused by: java.lang.AssertionError at SignInControllerTest.kt:80
2 tests completed, 1 failed
这里是测试实现的代码
@RunWith(value = SpringRunner::class)
@WebFluxTest(value = [SignInController::class])
class SignInControllerTest(
@Autowired val webTestClient: WebTestClient
)
@MockkBean
private lateinit var service: AuthorizationService
@MockkBean
private lateinit var validationService: ValidationService
@MockkBean
private lateinit var repository: AuthRepository
@Test
fun `failed sign in test`()
webTestClient
.post()
.uri("/api/sign-in")
.accept(MediaType.APPLICATION_JSON)
.exchange()
.expectStatus().isForbidden
@Test
fun `success authentication`()
val user = createTestUser()
val request = RequestCredentials(
"test@test.com",
"123456"
)
val response = Mono.just(user)
every repository.findByEmail("") .returns(Optional.of(user))
every validationService.matchPasswords("", "") .returns(Unit)
every service.authorize("", "") returns response
webTestClient
.post()
.uri("/api/sign-in")
.bodyValue(request)
.accept(MediaType.APPLICATION_JSON)
.exchange()
.expectStatus().isOk
我看到了,需要那个 csrf 令牌,但我尝试像这样调整配置:
@Configuration
class SecurityConfiguration
@Bean
fun springWebFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain
return http
.csrf().disable()
.authorizeExchange()
.pathMatchers("/api/**").permitAll()
.anyExchange().permitAll()
.and()
.httpBasic()
.and()
.build()
没用。请帮助我理解为什么测试环境没有正确启动。
【问题讨论】:
如果没问题,您可以禁用测试安全性。只是一种选择。 @pvpkiran 我们如何做到这一点? security.basic.enabled=false ? 在班级级别尝试此注释@AutoConfigureMockMvc(addFilters = false)
@pvpkiran 这是一个 mcv 注释,而不是 webflux
【参考方案1】:
这是因为您正在发出启用了 CSRF Protection 的 POST 请求。 PUT 请求也是如此。有an open issue regarding this behaviour。现在,作为一种变通方法,只需如下所示修改您的测试代码以通过 403 响应
webClient.mutateWith(csrf()).post()
【讨论】:
以上是关于带有 WebFlux 的 Spring Boot 总是在测试中抛出 403 状态的主要内容,如果未能解决你的问题,请参考以下文章
带有 Webflux 的 Spring Boot:请求的资源上不存在“Access-Control-Allow-Origin”标头
Kotlin Spring Boot Webflux 使用 @Valid 注解验证 @RequestBody
将错误消息从 SSE (Webflux) Spring Boot 应用程序传递到 Angular 7 前端
WebFilter bean 在安全的 Spring Boot Webflux 应用程序中调用了两次