Closed M-Razavi closed 3 years ago
I'm not sure I understood your use case, sorry.
This lib is to be used in unit-test only and populates test security context with a mocked KeycloakAuthenticationToken
, just as if a request arrived with a valid token issued by a real Keycloak server.
This KeycloakAuthenticationToken
is a pure Spring construct which is usable inside your own Spring code only. This lib won't create a JWT at all and as so will be of no use if you want to issue secured requests to the rest of the world.
I mean that I've defined some controllers and also Feign clients for them in my application and need to add some tests for the defined Feign clients.
Do you have spring security involved with this feign clients? If yes, how? Can you provide me with feign clients source code?
I've added spring security for the controllers, for clients I added the token.
ControllerConfig
http.authorizeRequests() .antMatchers(POST, "/abc/**").access(withPortalRoleAnd("role_create")) .antMatchers(PUT, "/abc/**").access(withPortalRoleAnd("role_edit")) ...
ClientConfig:
public RequestInterceptor bearerTokenRequestInterceptor() { System.out.println("interceptor1"); return template -> template.header(AUTHORIZATION, String.format("Bearer %s", keycloakPrincipal.getKeycloakSecurityContext().getTokenString())); }
When unit testing the @Controller
, feign clients should be mocked and @WithMockKeycloakAuth("role_edit")
should be enough.
What I understand from your ClientConfig
is you add end-user OAuth2 identity (JWT token issued by Keycloak) to some outgoing HTTP requests. Sending HTTP requests to another system is not unit test. This is integration testing and you should provide valid tokens issued by real Keycloak instance for that purpose.
Unless your Feign client code is annotated with spring-security rules, and you want to unit test it (test feign client only, in isolation from the rest of the world), this lib is not what you need.
@WithMockKeycloakAuth
can help you define what keycloakPrincipal.getKeycloakSecurityContext().getTokenString()
returns but this will very likely be an invalid JWT token that would be rejected by any system doing basic checking. Again, this string being invalid is not a problem for unit tests (for instance if you check the sent request actually contains a Bearer Authorization header with the token string you set in @WithMockKeycloakAuth
), but this for sure will be an issue if you also want to test response content (which is integration testing as you depend on other service being reachable and behaving a certain way).
@M-Razavi if you don't provide me with the feign clients source code I asked, I won't be able to help you and will close this ticket.
As I still did not understand what the issue is, I won't fix it.
I've added some Feign clients in my app to possibly other applications using this service with calling the provided clients. How it's possible to use mockKeycloak for the integration tests of these clients?