# 测试身份验证
在[将 Spring 安全支持应用到WebTestClient
]之后,我们可以使用注释或mutateWith
支持。例如:
爪哇
@Test
public void messageWhenNotAuthenticated() throws Exception {
this.rest
.get()
.uri("/message")
.exchange()
.expectStatus().isUnauthorized();
}
// --- WithMockUser ---
@Test
@WithMockUser
public void messageWhenWithMockUserThenForbidden() throws Exception {
this.rest
.get()
.uri("/message")
.exchange()
.expectStatus().isEqualTo(HttpStatus.FORBIDDEN);
}
@Test
@WithMockUser(roles = "ADMIN")
public void messageWhenWithMockAdminThenOk() throws Exception {
this.rest
.get()
.uri("/message")
.exchange()
.expectStatus().isOk()
.expectBody(String.class).isEqualTo("Hello World!");
}
// --- mutateWith mockUser ---
@Test
public void messageWhenMutateWithMockUserThenForbidden() throws Exception {
this.rest
.mutateWith(mockUser())
.get()
.uri("/message")
.exchange()
.expectStatus().isEqualTo(HttpStatus.FORBIDDEN);
}
@Test
public void messageWhenMutateWithMockAdminThenOk() throws Exception {
this.rest
.mutateWith(mockUser().roles("ADMIN"))
.get()
.uri("/message")
.exchange()
.expectStatus().isOk()
.expectBody(String.class).isEqualTo("Hello World!");
}
Kotlin
import org.springframework.test.web.reactive.server.expectBody
//...
@Test
@WithMockUser
fun messageWhenWithMockUserThenForbidden() {
this.rest.get().uri("/message")
.exchange()
.expectStatus().isEqualTo(HttpStatus.FORBIDDEN)
}
@Test
@WithMockUser(roles = ["ADMIN"])
fun messageWhenWithMockAdminThenOk() {
this.rest.get().uri("/message")
.exchange()
.expectStatus().isOk
.expectBody<String>().isEqualTo("Hello World!")
}
// --- mutateWith mockUser ---
@Test
fun messageWhenMutateWithMockUserThenForbidden() {
this.rest
.mutateWith(mockUser())
.get().uri("/message")
.exchange()
.expectStatus().isEqualTo(HttpStatus.FORBIDDEN)
}
@Test
fun messageWhenMutateWithMockAdminThenOk() {
this.rest
.mutateWith(mockUser().roles("ADMIN"))
.get().uri("/message")
.exchange()
.expectStatus().isOk
.expectBody<String>().isEqualTo("Hello World!")
}
除了mockUser()
之外, Spring 安全船还带有其他几个方便的突变器,用于诸如CSRF和OAuth 2.0之类的事情。