I have multiples Services: ServiceA, ServiceB, ServiceC with JWT Authentication and Propagation enabled. The service responsible to authenticate the users is ServiceA.
So how can I testing (JUnit5) my services B and C if authentication is enabled and this services don't know how to authenticate?
[main] INFO i.m.context.env.DefaultEnvironment - Established active environments: [test]
[nioEventLoopGroup-1-3] DEBUG i.m.http.client.DefaultHttpClient - Sending HTTP Request: POST /serviceB/order/item
[nioEventLoopGroup-1-3] DEBUG i.m.http.client.DefaultHttpClient - Chosen Server: localhost(33006)
[nioEventLoopGroup-1-3] TRACE i.m.http.client.DefaultHttpClient - Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJzaGVybG9jayIsIm5iZiI6MTU4MTI3NjA2NSwicm9sZXMiOltdLCJpc3MiOiJ1c2VyIiwiZXhwIjoxNTgxMjc5NjY1LCJpYXQiOjE1ODEyNzYwNjV9.yrVqAluyZvKIGjtu4tDVSnZZiZ8kdhduN20n1xd1z6U
[nioEventLoopGroup-1-3] TRACE i.m.http.client.DefaultHttpClient - host: localhost:33006
[nioEventLoopGroup-1-3] TRACE i.m.http.client.DefaultHttpClient - connection: close
[nioEventLoopGroup-1-3] TRACE i.m.http.client.DefaultHttpClient - content-type: application/json
[nioEventLoopGroup-1-3] TRACE i.m.http.client.DefaultHttpClient - content-length: 2
[nioEventLoopGroup-1-3] TRACE i.m.http.client.DefaultHttpClient - Request Body
[nioEventLoopGroup-1-3] TRACE i.m.http.client.DefaultHttpClient - HTTP Client Response Received for Request: POST http://localhost:33006/serviceB/order/item
[nioEventLoopGroup-1-3] TRACE i.m.http.client.DefaultHttpClient - Status Code: 403 Forbidden
[nioEventLoopGroup-1-3] TRACE i.m.http.client.DefaultHttpClient - Date: Sun, 9 Feb 2020 19:23:08 GMT
[nioEventLoopGroup-1-3] TRACE i.m.http.client.DefaultHttpClient - connection: close
Using: Micronaut 1.3.0, JDK 1.8
In gitter.im/micronautfw there is an answer using MockAuthenticationProvider implements AuthenticationProvider and SecurityBypassFilter implements HttpClientFilter to Mock the authentication logic.
package demo
import io.micronaut.context.annotation.Requires
import io.micronaut.context.env.Environment
import io.micronaut.security.authentication.AuthenticationFailed
import io.micronaut.security.authentication.AuthenticationProvider
import io.micronaut.security.authentication.AuthenticationRequest
import io.micronaut.security.authentication.AuthenticationResponse
import io.micronaut.security.authentication.UserDetails
import io.reactivex.Flowable
import org.reactivestreams.Publisher
import javax.inject.Singleton
@Requires(env = Environment.TEST)
@Requires(property = 'spec.name', notEquals = 'SecuritySpec')
@Singleton
class MockAuthenticationProvider implements AuthenticationProvider {
@Override
Publisher<AuthenticationResponse> authenticate(AuthenticationRequest authenticationRequest) {
if ( authenticationRequest.identity == 'user' && authenticationRequest.secret == 'password' ) {
return Flowable.just(new UserDetails('user', []))
}
return Flowable.just(new AuthenticationFailed())
}
}
and
package groovycalamari.bookmark
import io.micronaut.context.annotation.Requires
import io.micronaut.context.env.Environment
import io.micronaut.http.HttpResponse
import io.micronaut.http.MutableHttpRequest
import io.micronaut.http.annotation.Filter
import io.micronaut.http.filter.ClientFilterChain
import io.micronaut.http.filter.HttpClientFilter
import org.reactivestreams.Publisher
@Filter('/**')
@Requires(env = Environment.TEST)
@Requires(property = 'spec.name', notEquals = 'SecuritySpec')
class SecurityBypassFilter implements HttpClientFilter {
@Override
Publisher<? extends HttpResponse<?>> doFilter(MutableHttpRequest<?> request, ClientFilterChain chain) {
request.basicAuth('user', 'password')
return chain.proceed(request)
}
}