search

ch4mpy / spring-addons

Ease spring OAuth2 resource-servers configuration and testing
Apache License 2.0
532 stars 87 forks source link

Add some sample for Feign client #21

Closed M-Razavi closed 3 years ago

M-Razavi commented 3 years ago

I've added some Feign clients in my app to possibly other applications using this service with calling the provided clients. How it's possible to use mockKeycloak for the integration tests of these clients?

ch4mpy commented 3 years ago

I'm not sure I understood your use case, sorry.

This lib is to be used in unit-test only and populates test security context with a mocked KeycloakAuthenticationToken, just as if a request arrived with a valid token issued by a real Keycloak server.

This KeycloakAuthenticationToken is a pure Spring construct which is usable inside your own Spring code only. This lib won't create a JWT at all and as so will be of no use if you want to issue secured requests to the rest of the world.

M-Razavi commented 3 years ago

I mean that I've defined some controllers and also Feign clients for them in my application and need to add some tests for the defined Feign clients.

ch4mpy commented 3 years ago

Do you have spring security involved with this feign clients? If yes, how? Can you provide me with feign clients source code?

M-Razavi commented 3 years ago

I've added spring security for the controllers, for clients I added the token.

ControllerConfig http.authorizeRequests() .antMatchers(POST, "/abc/**").access(withPortalRoleAnd("role_create")) .antMatchers(PUT, "/abc/**").access(withPortalRoleAnd("role_edit")) ...

ClientConfig: public RequestInterceptor bearerTokenRequestInterceptor() { System.out.println("interceptor1"); return template -> template.header(AUTHORIZATION, String.format("Bearer %s", keycloakPrincipal.getKeycloakSecurityContext().getTokenString())); }

ch4mpy commented 3 years ago

When unit testing the @Controller, feign clients should be mocked and @WithMockKeycloakAuth("role_edit") should be enough.

What I understand from your ClientConfig is you add end-user OAuth2 identity (JWT token issued by Keycloak) to some outgoing HTTP requests. Sending HTTP requests to another system is not unit test. This is integration testing and you should provide valid tokens issued by real Keycloak instance for that purpose.

Unless your Feign client code is annotated with spring-security rules, and you want to unit test it (test feign client only, in isolation from the rest of the world), this lib is not what you need.

@WithMockKeycloakAuth can help you define what keycloakPrincipal.getKeycloakSecurityContext().getTokenString() returns but this will very likely be an invalid JWT token that would be rejected by any system doing basic checking. Again, this string being invalid is not a problem for unit tests (for instance if you check the sent request actually contains a Bearer Authorization header with the token string you set in @WithMockKeycloakAuth), but this for sure will be an issue if you also want to test response content (which is integration testing as you depend on other service being reachable and behaving a certain way).

ch4mpy commented 3 years ago

@M-Razavi if you don't provide me with the feign clients source code I asked, I won't be able to help you and will close this ticket.

As I still did not understand what the issue is, I won't fix it.