我有一个控制器方法我注释,像这样:在Grails中,我如何在自动化测试中测试@Secured注解?
@Secured(['ROLE_ADMIN'])
def save() {
... // code ommitted
}
我想编写一个单元测试来验证,只有管理员用户可以点击的网址:
def "Only the admin user should be able to invoke save"() {
given:
def user = createNonAdminUser() // let's pretend this method exists
controller.springSecurityService = Mock(SpringSecurityService)
controller.springSecurityService.currentUser >> user
when:
controller.save()
then:
view ==~ 'accessdenied'
}
但是,返回的视图是save
视图,而不是拒绝访问视图。看起来它完全绕过了@Secured
注释。有没有办法从单元测试或集成测试中测试@Secured
注释?
你有没有找到任何解决方案呢? –