Thanks for your answer - i try to understand our idea, but because i'm new to J2EE this sounds very theoretically for me. Best would be to have an example how to setup such an interceptor or @WebFilter in my junit test.
2014-11-07 9:43 GMT+01:00 Romain Manni-Bucau <[email protected]>: > Well severals things: > - maybe we dont wire security in httpejbd layer and we can desire it > - you can set yourself this threadlocal with an interceptor for instance or > a @WebFilter > > 2 will fix your issue today but 1 is surely better for a long term fix > Le 7 nov. 2014 07:35, "Ulrich Metzger" <[email protected]> a écrit : > > > I get an org.apache.openejb.rest.ThreadLocalSecurityContext in the > > UserService, but with an empty UserPrincipal. > > I found out, that the ApplicationComposer calls the > > ThreadLocalContextManager which creates an empty > ThreadLocalSecurityContext > > instance. So the question is where to hook in to replace either the > > complete manager or the securityContext with a custom one. > > > > 2014-11-06 19:13 GMT+01:00 Romain Manni-Bucau <[email protected]>: > > > > > Hi > > > > > > You mean you get null? Normally nothing special is needed > > > > > > > > > Romain Manni-Bucau > > > @rmannibucau > > > http://www.tomitribe.com > > > http://rmannibucau.wordpress.com > > > https://github.com/rmannibucau > > > > > > > > > 2014-11-06 17:35 GMT+00:00 Ulrich Metzger <[email protected]>: > > > > Hi list, > > > > does anybody know how to mock a SecurityContext which gets injected > in > > a > > > > Service Class exposed as Rest service in a junit test? > > > > > > > > Here is the Service Class (the get method checks the currently logged > > in > > > > user): > > > > ##################### ... > > > > @Path("/user") > > > > @Produces(MediaType.APPLICATION_JSON) > > > > @Stateless > > > > @Lock(LockType.READ) > > > > public class UserService { > > > > > > > > @Context > > > > private SecurityContext context; > > > > > > > > /** > > > > * returns logged in user > > > > */ > > > > @Path("/get") > > > > @GET > > > > @Lock(LockType.WRITE) > > > > public Response get() { > > > > try { > > > > User user = ((UserPrincipal) > > > > context.getUserPrincipal()).getUser(); > > > > return Response.ok(getDefaultGson().toJson(user), > > > > MediaType.APPLICATION_JSON_TYPE).build(); > > > > } catch (Exception e) { > > > > logger.debug("no user principal in context"); > > > > return Response.status(Status.FORBIDDEN).build(); > > > > } > > > > } > > > > > > > > ... ######################### > > > > > > > > the JUnit tests uses the ApplicationComposer and looks like this: > > > > > > > > ....######################### > > > > > > > > @EnableServices(value = "jaxrs") > > > > @RunWith(ApplicationComposer.class) > > > > > > > > public class UserServiceTest { > > > > > > > > @Module > > > > @Classes(value = { UserService.class}, cdi = true) // scan these > > > classes > > > > public WebApp war() { > > > > return new WebApp() // define rest Application > > > > .contextRoot("UserServiceTest"); > > > > } > > > > > > > > @Test > > > > public void get() throws IOException, NamingException { > > > > final Response message = WebClient.create(" > > http://localhost:4204 > > > ") > > > > > .path("/UserServiceTest/user/get").get(Response.class); > > > > assertEquals(403, message.getStatus()); > > > > } > > > > > > > > ....################### > > > > I tried several hours to find an example how to create a > > SecurityContext > > > > mock in the test, which than is injected in the UserService with no > > luck. > > > > I hope someone has a hint for me. > > > > > > > > Uli > > > > > >
