Spring MVC测试(安全集成测试),JSESSIONID不存在

前端之家收集整理的这篇文章主要介绍了Spring MVC测试(安全集成测试),JSESSIONID不存在前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

我为我的春季启动应用程序创建了自定义登录表单.
在我的表单集成测试中,我想检查收到的cookie是否包含JSESSIONID和XSRF-TOKEN.

但是,我只收到了XSRF-TOKEN.

这是我的测试:

@RunWith(SpringJUnit4ClassRunner.class)
@SpringApplicationConfiguration(classes = Application.class)
@WebAppConfiguration
@IntegrationTest("server.port:0")
public class UserIT {

    @Autowired
    private WebApplicationContext context;
    @Autowired
    private FilterChainProxy springSecurityFilterChain;

    @Value("${local.server.port}")
    private Integer port;

    private MockMvc mockMvc;

    @Before
    public void setup() {
        mockMvc =
                MockMvcBuilders.webAppContextSetup(context).addFilters(springSecurityFilterChain)
                        .build();
    }

    @Test
    public void getUserInfoTest() throws Exception {
        disableSslVerification();

        MvcResult result =
                mockMvc.perform(formLogin("/login").user("roy").password("spring")).andExpect(authenticated())
                        .andReturn();
        Cookie sessionId = result.getResponse().getCookie("JSESSIONID");
        Cookie token = result.getResponse().getCookie("XSRF-TOKEN");
}

安全配置:

@Override
    public void configure(HttpSecurity http) throws Exception {
        // @formatter:off   
        http
            //.httpBasic()
            //.and()
                .headers().frameOptions().disable()
            .and()
                .antMatcher("/**").authorizeRequests()
                .antMatchers("/actuator/health").permitAll()
                .antMatchers("/actuator/**").hasAuthority(Authority.Type.ROLE_ADMIN.getName())
                .antMatchers("/login**","/index.html","/home.html").permitAll()
                .anyRequest().authenticated()
            .and()
                .formLogin().loginPage("/login.jsp")
                    .usernameParameter("username")
                    .passwordParameter("password")
                    .loginProcessingUrl("/login")
                     .permitAll()
            .and()
                .logout().logoutSuccessUrl("/login.jsp").permitAll()
            .and()
                .csrf().csrfTokenRepository(csrfTokenRepository())
            .and()
                .addFilterAfter(csrfHeaderFilter(),CsrfFilter.class)
                .addFilterBefore(ssoFilter(),BasicAuthenticationFilter.class);
        // @formatter:on
    }

请帮助我获得所需的结果.

最佳答案
您也没有看到Set-Cookie标头.对我而言,这是MockMVC的一个很大的局限.有关解决方法,请参阅Why does Spring MockMvc result not contain a cookie?.

猜你在找的Spring相关文章