@WebFilter
public class MyFilter implements javax.servlet.Filter {
....
doFilter(....) {
ThreadLocalSecurityContext.set(new MySecurityContext());
chain.doFilter(...);
}
}
It should be fixed on trunk in the day BTW.
Romain Manni-Bucau
@rmannibucau
http://www.tomitribe.com
http://rmannibucau.wordpress.com
https://github.com/rmannibucau
2014-11-07 9:23 GMT+00:00 Ulrich Metzger <[email protected]>:
> Thanks for your answer - i try to understand our idea, but because i'm new
> to J2EE this sounds very theoretically for me. Best would be to have an
> example how to setup such an interceptor or @WebFilter in my junit test.
>
> 2014-11-07 9:43 GMT+01:00 Romain Manni-Bucau <[email protected]>:
>
>> Well severals things:
>> - maybe we dont wire security in httpejbd layer and we can desire it
>> - you can set yourself this threadlocal with an interceptor for instance or
>> a @WebFilter
>>
>> 2 will fix your issue today but 1 is surely better for a long term fix
>> Le 7 nov. 2014 07:35, "Ulrich Metzger" <[email protected]> a écrit :
>>
>> > I get an org.apache.openejb.rest.ThreadLocalSecurityContext in the
>> > UserService, but with an empty UserPrincipal.
>> > I found out, that the ApplicationComposer calls the
>> > ThreadLocalContextManager which creates an empty
>> ThreadLocalSecurityContext
>> > instance. So the question is where to hook in to replace either the
>> > complete manager or the securityContext with a custom one.
>> >
>> > 2014-11-06 19:13 GMT+01:00 Romain Manni-Bucau <[email protected]>:
>> >
>> > > Hi
>> > >
>> > > You mean you get null? Normally nothing special is needed
>> > >
>> > >
>> > > Romain Manni-Bucau
>> > > @rmannibucau
>> > > http://www.tomitribe.com
>> > > http://rmannibucau.wordpress.com
>> > > https://github.com/rmannibucau
>> > >
>> > >
>> > > 2014-11-06 17:35 GMT+00:00 Ulrich Metzger <[email protected]>:
>> > > > Hi list,
>> > > > does anybody know how to mock a SecurityContext which gets injected
>> in
>> > a
>> > > > Service Class exposed as Rest service in a junit test?
>> > > >
>> > > > Here is the Service Class (the get method checks the currently logged
>> > in
>> > > > user):
>> > > > ##################### ...
>> > > > @Path("/user")
>> > > > @Produces(MediaType.APPLICATION_JSON)
>> > > > @Stateless
>> > > > @Lock(LockType.READ)
>> > > > public class UserService {
>> > > >
>> > > > @Context
>> > > > private SecurityContext context;
>> > > >
>> > > > /**
>> > > > * returns logged in user
>> > > > */
>> > > > @Path("/get")
>> > > > @GET
>> > > > @Lock(LockType.WRITE)
>> > > > public Response get() {
>> > > > try {
>> > > > User user = ((UserPrincipal)
>> > > > context.getUserPrincipal()).getUser();
>> > > > return Response.ok(getDefaultGson().toJson(user),
>> > > > MediaType.APPLICATION_JSON_TYPE).build();
>> > > > } catch (Exception e) {
>> > > > logger.debug("no user principal in context");
>> > > > return Response.status(Status.FORBIDDEN).build();
>> > > > }
>> > > > }
>> > > >
>> > > > ... #########################
>> > > >
>> > > > the JUnit tests uses the ApplicationComposer and looks like this:
>> > > >
>> > > > ....#########################
>> > > >
>> > > > @EnableServices(value = "jaxrs")
>> > > > @RunWith(ApplicationComposer.class)
>> > > >
>> > > > public class UserServiceTest {
>> > > >
>> > > > @Module
>> > > > @Classes(value = { UserService.class}, cdi = true) // scan these
>> > > classes
>> > > > public WebApp war() {
>> > > > return new WebApp() // define rest Application
>> > > > .contextRoot("UserServiceTest");
>> > > > }
>> > > >
>> > > > @Test
>> > > > public void get() throws IOException, NamingException {
>> > > > final Response message = WebClient.create("
>> > http://localhost:4204
>> > > ")
>> > > >
>> .path("/UserServiceTest/user/get").get(Response.class);
>> > > > assertEquals(403, message.getStatus());
>> > > > }
>> > > >
>> > > > ....###################
>> > > > I tried several hours to find an example how to create a
>> > SecurityContext
>> > > > mock in the test, which than is injected in the UserService with no
>> > luck.
>> > > > I hope someone has a hint for me.
>> > > >
>> > > > Uli
>> > >
>> >
>>
