JavaSpring安全测试:检索令牌
我已经成功地实现了代码,它允许我通过OAuth和UserDetailsService从应用程序中检索JWT令牌
Atm我正在尝试进行测试以确认这一点,但我不断收到400个错误请求
@Test
public void is_status_up() throws InterruptedException, JSONException {
// Given
final String TOKEN_URL = "http://localhost:8080/oauth/token";
MultiValueMap<String, String> params = new LinkedMultiValueMap<String, String>();
params.add("username","username");
params.add("credential","credentials");
params.add("grant_type","password");
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON_UTF8));
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
HttpEntity<String> entity = new HttpEntity<>("parameters" , headers);
HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<MultiValueMap<String, String>>(params, headers);
RestTemplate restTemplate = new RestTemplate();
restTemplate.getInterceptors().add(new BasicAuthorizationInterceptor("client-id","client-secret"));
//When
String result = restTemplate.postForObject(TOKEN_URL, request, String.class);
//Then
assertThat(result).isNotNull();
}
这应该尝试从Spring Security Authorization Server的/oauth/token端点检索令牌,因为我遇到了400个错误请求
在成功检索令牌的postman中,我设置了请求
标题 授权:基本 内容类型:application/x-www-form-urlencoded
正文(x-www-form-urlencoded selected) 用户名: 密码: 授权类型:“密码”
# 1 楼答案
问题是我把凭证放在参数映射中,而它应该是密码。我最初这样做是因为Sonarint或IntelliJ在它下面加了下划线,并发出嘶嘶声,以至于密码这个词被公开声明