Hi Ben, Its me again. I figured out that I do need to run the Commons Attribute ANT compiler. I should have looked at the javadocs for the org.springframework.metadata.commons.CommonsAttributes before asking the question. So, I have switched gears and coded the MethodSecurityInterceptor by setting the objectDefinitionSource using the property editor in the Application Context. The CommonsAttribute way looked cool but I feel that I would run into synchronization issues if I forget to run the Ant task before deploying my application. Once I did this I was able to get my Junit test to work.
Sorry for the trouble. Thanks, Guy -----Original Message----- From: Guy Tuberson [mailto:[EMAIL PROTECTED] Sent: Thursday, September 30, 2004 10:19 AM To: Acegisecurity-Developer (E-mail) Subject: [Acegisecurity-developer] Re: ACEGI and Spring Application Context Hi Ben, Thank you for the quick response. Any suggestions you have would be greatly appreciated, since I'm new to these frameworks and I'm sure I'm doing some things in an unorthodox manner. I have only started using Junit testing in the past month, and I'm using the Joint testing as a learning tool to test if the items I put into my Application context work. I'm sure I will have more problems down the road when I actually have to implement these features in my Web Application, but at least I know the non-web stuff works. I did two things: 1) I moved the securityInterceptor from the autoTxProxyCreator to the serviceManager and now I can at least create the Spring application context without having an Authenticated user. 2) I implemented the testingAuthenticationProvider and authenticationManager that you provided and now I'm getting an access denied error. net.sf.acegisecurity.AccessDeniedException: Access is denied. at net.sf.acegisecurity.vote.AffirmativeBased.decide(AffirmativeBased.java:93) at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.interceptor(Abstr actSecurityInterceptor.java:302) at net.sf.acegisecurity.intercept.method.MethodSecurityInterceptor.invoke(Metho dSecurityInterceptor.java:82) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(Reflect iveMethodInvocation.java:138) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopPro xy.java:152) at $Proxy0.save(Unknown Source) at test.oberthurcs.mp.service.UtilityManagerTestCase.setupServices(UtilityManag erTestCase.java:251) at test.oberthurcs.mp.service.UtilityManagerTestCase.testSimulation(UtilityMana gerTestCase.java:806) The save method on the serviceManager has a Commons Attribute @@SecurityConfig("ROLE_SYSTEM"), and when I created my test authenticated user, I made sure the user has the GrantedAuthority of "ROLE_SYSTEM" (SEE BELOW). After debugging the Junit test to the point were the exception is being raised, I noticed that there were no ConfigAttributes. Do I need to do anything special to get the Commons Attribute to work? Do I need to run the attribute-compiler ant task to create the SecurityConfig? Debug message from Acegi: 09:41:17,734 DEBUG AbstractSecurityInterceptor.273 - Secure object: Invocation: method=[public abstract com.oberthurcs.mp.model.objects.MpService com.oberthurcs.mp.service.ServiceManager.save(com.oberthurcs.mp.model.object s.MpService) throws com.oberthurcs.common.model.exception.ExistingInstanceException,com.oberthur cs.common.model.exception.NamedBusinessObjectWithIdNotNamed] args=[Ljava.lang.Object;@58e2a1] target is of class [$Proxy0]; ConfigAttributes: [] 09:41:17,734 DEBUG ProviderManager.125 - Authentication attempt using net.sf.acegisecurity.providers.TestingAuthenticationProvider 09:41:17,734 DEBUG AbstractSecurityInterceptor.297 - Authenticated: [EMAIL PROTECTED]: Username: admin; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_SYSTEM /** * serviceManagerImpl.save * * @see com.oberthurcs.mp.service.ServiceManager#create(com.oberthurcs.mp.model.obje cts.MpService) * @@SecurityConfig("ROLE_SYSTEM") */ public MpService save(MpService entityObject) throws ExistingInstanceException, NamedBusinessObjectWithIdNotNamed { MpService result = null; if (entityObject.getName() == null) throw new NamedBusinessObjectWithIdNotNamed(_mpService); List existing = getDao().findByName(entityObject); if (existing.size() > 0) { throw new com.oberthurcs.common.model.exception.ExistingInstanceException( entityObject, entityObject.getClass().getName(), existing); } result = (MpService) getDao().save(entityObject); return result; } /** * springTestCase.setCurrentUser * * Creates an Test authentication token with a granted authority of "ROLE_SYSTEM". */ protected void setCurrentUser(String username, String password) { GrantedAuthority[] authorities = new GrantedAuthority[1]; authorities[0] = new GrantedAuthorityImpl("ROLE_SYSTEM"); Authentication auth = new TestingAuthenticationToken(username, password, authorities); SecureContext secureContext = new SecureContextImpl(); secureContext.setAuthentication(auth); ContextHolder.setContext(secureContext); } Guy Tuberson Software Engineer [EMAIL PROTECTED] 703-263-0100 >Guy Tuberson wrote: > > >Hi, > > > >Please bare with me I"m new to Hibernate, Spring and Acegi. > > > >I"m using ACEGI to provide the Security framework for my Web Application and > >I"m having some issues with my Junit tests. > >I"m trying to load the Spring Application Context in a JUnit test and I"m > >getting the following errors. > > > > > > > > > Hi Guy > > You should be using TestingAuthenticationToken and have the following > setup in your application context: > > <!-- This authentication provider accepts any presented > TestingAuthenticationToken --> > <bean id="testingAuthenticationProvider" > class="net.sf.acegisecurity.providers.TestingAuthenticationProvider"/> > > <!-- The authentication manager that iterates through our only > authentication provider --> > <bean id="authenticationManager" > class="net.sf.acegisecurity.providers.ProviderManager"> > <property name="providers"> > <list> > <ref local="testingAuthenticationProvider"/> > </list> > </property> > </bean> > > Having said that, why are you trying to unit test a business object > which even has Acegi Security wired in front of it? Typically unit tests > should focus on only the business logic - not the integration with such > things as security. So I"d recommend you review whether you are even > loading Acegi Security beans in a test-related application content. > > Of course, sometimes just _need_ to test with security enabled. A good > example is say your business object has code like this: > > public Account getAccount(Long number) { > Account account = accountDao.getAccount(number); > // Check they have access > Authentication authentication = ((SecureContext) > ContextHolder.getContext()).getAuthentication(); > if (authentication.getPrincipal().equals("someUser")) { > return account; > } else { > return account.removeSomeProperties(); > } > } > > In this sort of situation, where your business logic _needs_ Acegi > Security, you"d use the TestingAuthenticationProvider. Thus you can > setup the Authentication object with whatever username and > GrantedAuthority[]s your business logic wants to see. In the above > example you"d run a TestingAuthenticationToken with "someUser" as the > principal, probably null as the principal, and probably "notSomeUser" as > the principal. > > HTH > Ben > > PS: The forums at springframework.org are the best place for user > questions, as it helps develop a long-term searchable archive for new users. ########################################### This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange. For more information, connect to http://www.F-Secure.com/ ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer ########################################### This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange. For more information, connect to http://www.F-Secure.com/ ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer