Hi Bob,
I like the Idea of having a MockPrincipal so on every request I can
deside which Principal to use.
Which will be very usefull to test the security-related features.
So I simply created two classes:
AuthenticatedMockRequest
public class AuthenticatedMockRequest extends MockRequest {
MockPrincipal userPrincipal;
public AuthenticatedMockRequest(MockPrincipal userPrincipal) {
this.userPrincipal = userPrincipal;
}
@Override
public boolean isUserInRole(String name) {
return userPrincipal.getRoles().contains(name);
}
@Override
public Principal getUserPrincipal() {
return userPrincipal;
}
}
and
MockPrincipal:
public class MockPrincipal implements Principal {
private String name;
private List<String> roles = new ArrayList<String>();
public MockPrincipal(String userName) {
this.name = userName;
}
public MockPrincipal(String userName, List<String> roles) {
this.name = userName;
this.roles = roles;
}
@Override
public String getName() {
return name;
}
public List<String> getRoles() {
return roles;
}
public void setRoles(String... newRoles) {
roles.clear();
for (String role : newRoles) {
roles.add(role);
}
}
}
And I added the following lines to my testcase:
MockPrincipal principal = new MockPrincipal("admin");
principal.setRoles("admin", "user");
container.setRequest(new AuthenticatedMockRequest(principal));
And it works like a charm :)
Thanks, once again, for your help!
SVen
Bob Schellink wrote:
Perhaps we can add a "roles" property to the MockRequest then we can
do something like this:
// Setup remote user by a new MockPrincipal class
Principal p = new MockPrincipal("test");
container.getRequest().setPrincipal(p);
// Setup roles
container.getRequest().setRoles("admin", "user");
And then isUserInRoles implementation can be simple:
public boolean isUserInRoles(String role) {
if (roles.contains(role)) {
return true;
} else {
return false;
}
}
Or MockPrincipal can expose a method to set its own roles:
public boolean isUserInRoles(String role) {
if (getUserPrincipal().getRoles().contains(role)) {
return true;
} else {
return false;
}
}
What do you think?
bob
Bob Schellink wrote:
Hi Sven,
You should be able to set the REMOTE_USER with:
container.getRequest().addHeader("REMOTE_USER", "admin");
This won't get you past the unimplemented isUserInRole however. You
could provide a custom MockRequest and set that on the Container
before starting it e.g:
container.setRequest(new MyMockRequest());
container.start();
where MyMockRequest somehow implements isUserInRole. Haven't really
though of a way to implement isUserInRole but maybe we can expose a
way to setup Roles and Principals for the container which
isUserInRole can test against?
kind regards
bob
Sven Pfeiffer wrote:
I'd like to use click-mock for testing my click web-application.
Several times I need to get the username and role from the request,
which AFAIK are set by the SecurityRealm.
For example I display the users name on the top of the page using
context.getRequest().getUserPrincipal().getName()
For security reasons I check the users role in onSecurityCheck() using
context.getRequest().isUserInRole(<requiredRole>)
Is the a way to inject Username/Role with the mock API?
In the moment I am trying the following, which results in a NPEX
MockContainer container = new
MockContainer("C:/dev/projects/clock-mock-test/src/main/webapp");
container.start();
container.setParameter(Form.FORM_NAME, "filter");
//setting parameters for a FormTable
container.setParameter("filterForm_column_0", "entryDate");
container.setParameter("filterForm_operator_0",
Operators.AFTER.name());
container.setParameter("filterForm_value_0", "01.07.2009");
//Thats where I get the NPEX
MyTestPage page = (MyTestPage) container.testPage(MyTestPage.class);
//The page forward to itself
assertTrue(MyTestPage.class.getName().equals(container.getForwardPageClass().getName()));
container.stop();
In the MockRequest sources I saw that
isUserInRole(String role) is not implemented yet and
getUserPrincipal returns a Principal with name
getHeader("REMOTE_USER"), how can I set REMOTE_USER?
Thanks in advance
SVen
