Breedlove: spring - @AuthenticationPrincipal object return session value -

Sunday 15 March 2015

spring - @AuthenticationPrincipal object return session value -

@authenticationprincipal object homecoming previous value stored in session.

spring boot + spring security oauth rest server. https://github.com/legshort/spring-boot-sample

these 2 rest methos in controller. problem lastly argument, userdetailsimpl @ deleteuser() same value userdetailsimpl @ updateuser() when run test code.

@requestmapping(method = requestmethod.put, value = "/users/{userid}") public responseentity updateuser(@pathvariable long userid,         @authenticationprincipal userdetailsimpl userdetailsimpl,         @valid @requestbody userupdateform userupdateform,         bindingresult bindingresult) {     logger.info("userupdate: " + userupdateform);      user updateduser = userservice.updateuser(userupdateform             .createuser(userid));       homecoming new responseentity(updateduser, httpstatus.ok); }  @requestmapping(method = requestmethod.delete, value = "/users/{userid}") public responseentity deleteuser(@pathvariable long userid,         @authenticationprincipal userdetailsimpl userdetailsimpl) {     logger.info("userdelete: " + userid);      user requesteduser = new user(userid);     userservice.deleteuser(requesteduser);       homecoming new responseentity(httpstatus.no_content); }

below controller test code

i don't know how sec request testdeleteuser() has session value , it's same user used previous test. thought @ origin of deleteuser() validate access token , load right new user somehow real value @ userdetailsimpl has wrong user created @ origin of testupdateuser().

@before public void setup() {     mockmvc = mockmvcbuilders.webappcontextsetup(wac).addfilters(filterchainproxy).build(); }  @test public void testupdateuser() throws exception {     user saveduser = signupuser();      // @formatter:off     mockmvc.perform(             put("/users/" + saveduser.getid())             .header(headerutil.authorization, getauthorizationwithaccesstoken())             .contenttype(testutil.application_json_utf8)             .content(testutil.convertobjecttojsonbytes(userupdateformfactory.newinstance())))             .andexpect(status().isok())             .andexpect(content().contenttype(testutil.application_json_utf8))             .andexpect(jsonpath("$.id", is(greaterthan(numberutils.integer_zero))))             .andexpect(jsonpath("$.name", is(equalto(stringutil.new + userfactory.name))));     // @formatter:on }  @test public void testdeleteuser() throws exception {     user saveduser = signupuser();     string authorization = getauthorizationwithaccesstoken();      // @formatter:off     mockmvc.perform(             delete("/users/" + saveduser.getid())             .header(headerutil.authorization, authorization)             .contenttype(testutil.application_json_utf8))             .anddo(print())             .andexpect(status().isnocontent());     // @formatter:on }

this userdetailservice implementation, when comes loaduserbyusername() validate access token, loads proper user database , homecoming new user created @ origin of every test method(signupuser()).

@service public class userdetailsserviceimpl implements userdetailsservice {      @autowired     private userservice userservice;      @override     public userdetails loaduserbyusername(string email)             throws usernamenotfoundexception {          user requesteduser = new user();         requesteduser.setemail(email);          user saveduser = userservice.findbyemail(requesteduser);           homecoming new userdetailsimpl(saveduser);     } }

i tried disable session failed, seems fine configuration , test code me. there practical illustration spring-security-oauth?

updated

as far understand mockmvc is, clears settings , creates pretty much new mock server every time setup() method. therefore, access token store should cleared every time somehow token store maintains authenticated tokens.

asking access token requested "/oauth/token" ommited during test, below how inmemorytokenstore called.

testing process log

testupdateuser() -> post: /oauth/token -> store token token: 50b10897-9e15-4859-aeb0-43d0802ba42c user: id=2

testupdateuser() -> put: /users/2 -> read token token: 50b10897-9e15-4859-aeb0-43d0802ba42c user: id=2

testupdateuserwithwronguserid() -> get: /oauth/token -> store token token: 50b10897-9e15-4859-aeb0-43d0802ba42c -> existed in token user: id=2 -> id=4: user updated new 1

testupdateuserwithwronguserid() -> put: /users/0 -> read token token: 50b10897-9e15-4859-aeb0-43d0802ba42c user: id=2

testdeleteuser() -> get: /oauth/token -> did not store token, supposed store token

testdeleteuser() -> delete: /users/5 -> read token token: 50b10897-9e15-4859-aeb0-43d0802ba42c user: id=2 -> user supposed id=5 created usersignup()

questions how clear inmemorytokenstore every test method mockmvc?

// ignore spring security session http.sessionmanagement().sessioncreationpolicy(sessioncreationpolicy.never);

spring rest spring-security spring-test spring-security-oauth2

Breedlove

Sunday 15 March 2015

spring - @AuthenticationPrincipal object return session value -

No comments:

Post a Comment