I have resource server, when it's starts - it's sending request to Authentication server ("http://localhost:xxxx/auth/oauth/token_key"), and it's okay when all up and running.
But when I testing my services I do not need this at all. How can I disable resource server or maybe I should mock something so it won't be dependent on auth server(for future security tests for controllers)?
My spring boot main:
@SpringBootApplication @EnableEurekaClient @EnableResourceServer public class CalendarApplication { public static void main(String[] args) throws Exception { SpringApplication.run(CalendarApplication.class, args); } } application.yml
security: basic: enabled: false oauth2: resource: jwt: keyUri: http://localhost:xxxx/auth/oauth/token_key Test class annotations:
@RunWith(SpringJUnit4ClassRunner.class) @WebMvcTest(value = TypeController.class, secure = false) public class TypeControllerTest {} 3 Answers
Answers 1
Why don't you create a separate @Configuration for your @AuthenticationServer with a separate profile (@Profile("test"))? That way, you don't need to disable security and can have an in-memory Token. That's how I dealt with it. You can also disable Spring Security for your tests completely. Have a look at this question.
Answers 2
You can use @WithMockUser for tests
Answers 3
The way I've worked around this was to create a token in the database I'm using for test and to ensure that requests to my API used the token before making a request to the resource under test.
You do want your token there, since it acts as a reasonable sanity check for security. If you expect this resource to not be accessible without a specific token, then that is a useful test to have.
0 comments:
Post a Comment