New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
KeycloakAuthenticationToken null while @Preauthorize works #12
Comments
Welcome onboard @MrMedTech
No. All tests in this repo pass without any Keycloak instance running. You should not disable filters registration. As you can see here, I write my tests with Keycloak spring-boot configuration needs properties to be set but the instance is not reached during tests execution. You might notice What versions of are you using (keycloak, this lib and spring-boot)? I'm in a rush today but will further investigate tonight (UTC-10) on the effect of keycloak security filter not being registered. |
Thank you =)
My application.properties look pretty much like yours:
When I Use MockMvc with filters, my logs show that the startup fails because the .wellknown enpoint is not reachable. I created a bean that intercepts the request and provides the accesstoken that dan be Autowired in a controller. To make this working during my tests I have to read the token I have created with your lib and then use it as a mock for my accesstoken bean.
I use So to break it down: Thanks for your effort. The lib's helping a lot so far. |
@MrMedTech Did you I confirm So please:
If above is not enough, would you share your P.S., two alternatives to @SpringBootTest
@AutoConfigureMockMvc()
|
Hi,
The error I get is:
I was a bit confused by the different testing strategies. But you are right. I will change my stragtegy to test every method as a unit und mock the rest of the Methods. I was also planning to use e2e tests with postman to test the "user stories". Ah here my security config:
|
I just tried this MVC version but I'm running still in the same problem that it tries to reach a real keycloak instance on localhost:
|
It's curious, my tests pass with your conf (except for those expecting routes to be be allowed to AUTHORIZED_PERSONNEL only off course). How do you run your tests? P.S. mockMvc.perform(post(URL).contentType(MediaType.APPLICATION_JSON).header("Authorization", "Bearer accessToken")
.content(objectMapper.writeValueAsString(testProductDto))
.accept(MediaType.APPLICATION_JSON)) with api.post(testProductDto, URL) Default |
I run the test with right klick on the class -> Run .
The project is private. |
Have you tried removing My guess is because you provide a bearer token, spring-security tries to parse and validate it against the authorization server. |
You are right. The now I have another problem with Mockito but that should not be part of the discussione here. But as you said if I use the header, spring security tries to connect to keycloak. |
Hi,
I used your lib in my Spring Project. Therefor I disabled all Filters in my
@AutoConfigureMockMvc(addFilters = false)
so Spring does not try to contact a running external keycloak instance.My Test is annotated with:
This is my test annotation. Thing is that the role check in my pre authorize works while my KeycloakAuthenticationToken is always null.
Is it correct that this kind of validation only works with a running Keycloak instance?
Thx in advance and for your lib so far
The text was updated successfully, but these errors were encountered: