I have a Spring Boot service that is acting as a resource server, it has been implemented using Webflux, client jwts are provided by a third party identity server. I am attempting to test the security of the endpoints using JUnit 5 and @SpringBootTest. (For the record security appears to work as required during manual testing)
I am mutating the WebTestClient to include a JWT with an appropriate claim (myClaim), however in my custom ReactiveAuthorizationManager there is no bearer token in the requests header, thus with nothing to decode or claim to validate the request fails authorisation, as it should (though without a JWT it should never have gotten to authorisation but I suspect thats an artefact of the testing)
My test setup is thus:
@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
@ActiveProfiles("test")
class ControllerTest {
@Autowired
private ApplicationContext applicationContext;
private WebTestClient webTestClient;
@BeforeEach
void init() {
webTestClient = WebTestClient
.bindToApplicationContext(applicationContext)
.apply(springSecurity())
.configureClient()
.build();
}
@Test
void willAllowAccessForJwtWithValidClaim() {
webTestClient.mutateWith(mockJwt().jwt(jwt -> jwt.claim("myClaim", "{myValue}")))
.get()
.uri("/securedEndpoint")
.exchange()
.expectStatus()
.isOk();
}
}
I have been attempting to follow this guide I have tried the client with and without .filter(basicAuthentication()) just in case :)
I could mock the ReactiveAuthorizationManager (or change my code so I can mock the ReativeJwtDecoder though given the lack of JWT in the request that is kinda pointless at the mo).
Is there anything I am missing? Perhaps there is a way to create "test" JWTs using the Identity Services JWK set uri?
Aucun commentaire:
Enregistrer un commentaire