FYI: https://issues.apache.org/jira/browse/TOMEE-1439 (sample https://git-wip-us.apache.org/repos/asf?p=tomee.git;a=blob;f=server/openejb-cxf-rs/src/test/java/org/apache/openejb/server/cxf/rs/SecurityContextIsUsableTest.java;h=d0a093ac0ef5fcf5460819c898b96707637f5f51;hb=5971b1a858404e65c5b551eb4b67dbc9c6653e86 ) Romain Manni-Bucau Twitter: @rmannibucau Blog: http://rmannibucau.wordpress.com/ LinkedIn: http://fr.linkedin.com/in/rmannibucau Github: https://github.com/rmannibucau
2014-11-07 10:16 GMT+00:00 Romain Manni-Bucau <[email protected]>: > @WebFilter > public class MyFilter implements javax.servlet.Filter { > .... > doFilter(....) { > ThreadLocalSecurityContext.set(new MySecurityContext()); > chain.doFilter(...); > } > } > > > It should be fixed on trunk in the day BTW. > > > > Romain Manni-Bucau > @rmannibucau > http://www.tomitribe.com > http://rmannibucau.wordpress.com > https://github.com/rmannibucau > > > 2014-11-07 9:23 GMT+00:00 Ulrich Metzger <[email protected]>: >> Thanks for your answer - i try to understand our idea, but because i'm new >> to J2EE this sounds very theoretically for me. Best would be to have an >> example how to setup such an interceptor or @WebFilter in my junit test. >> >> 2014-11-07 9:43 GMT+01:00 Romain Manni-Bucau <[email protected]>: >> >>> Well severals things: >>> - maybe we dont wire security in httpejbd layer and we can desire it >>> - you can set yourself this threadlocal with an interceptor for instance or >>> a @WebFilter >>> >>> 2 will fix your issue today but 1 is surely better for a long term fix >>> Le 7 nov. 2014 07:35, "Ulrich Metzger" <[email protected]> a écrit : >>> >>> > I get an org.apache.openejb.rest.ThreadLocalSecurityContext in the >>> > UserService, but with an empty UserPrincipal. >>> > I found out, that the ApplicationComposer calls the >>> > ThreadLocalContextManager which creates an empty >>> ThreadLocalSecurityContext >>> > instance. So the question is where to hook in to replace either the >>> > complete manager or the securityContext with a custom one. >>> > >>> > 2014-11-06 19:13 GMT+01:00 Romain Manni-Bucau <[email protected]>: >>> > >>> > > Hi >>> > > >>> > > You mean you get null? Normally nothing special is needed >>> > > >>> > > >>> > > Romain Manni-Bucau >>> > > @rmannibucau >>> > > http://www.tomitribe.com >>> > > http://rmannibucau.wordpress.com >>> > > https://github.com/rmannibucau >>> > > >>> > > >>> > > 2014-11-06 17:35 GMT+00:00 Ulrich Metzger <[email protected]>: >>> > > > Hi list, >>> > > > does anybody know how to mock a SecurityContext which gets injected >>> in >>> > a >>> > > > Service Class exposed as Rest service in a junit test? >>> > > > >>> > > > Here is the Service Class (the get method checks the currently logged >>> > in >>> > > > user): >>> > > > ##################### ... >>> > > > @Path("/user") >>> > > > @Produces(MediaType.APPLICATION_JSON) >>> > > > @Stateless >>> > > > @Lock(LockType.READ) >>> > > > public class UserService { >>> > > > >>> > > > @Context >>> > > > private SecurityContext context; >>> > > > >>> > > > /** >>> > > > * returns logged in user >>> > > > */ >>> > > > @Path("/get") >>> > > > @GET >>> > > > @Lock(LockType.WRITE) >>> > > > public Response get() { >>> > > > try { >>> > > > User user = ((UserPrincipal) >>> > > > context.getUserPrincipal()).getUser(); >>> > > > return Response.ok(getDefaultGson().toJson(user), >>> > > > MediaType.APPLICATION_JSON_TYPE).build(); >>> > > > } catch (Exception e) { >>> > > > logger.debug("no user principal in context"); >>> > > > return Response.status(Status.FORBIDDEN).build(); >>> > > > } >>> > > > } >>> > > > >>> > > > ... ######################### >>> > > > >>> > > > the JUnit tests uses the ApplicationComposer and looks like this: >>> > > > >>> > > > ....######################### >>> > > > >>> > > > @EnableServices(value = "jaxrs") >>> > > > @RunWith(ApplicationComposer.class) >>> > > > >>> > > > public class UserServiceTest { >>> > > > >>> > > > @Module >>> > > > @Classes(value = { UserService.class}, cdi = true) // scan these >>> > > classes >>> > > > public WebApp war() { >>> > > > return new WebApp() // define rest Application >>> > > > .contextRoot("UserServiceTest"); >>> > > > } >>> > > > >>> > > > @Test >>> > > > public void get() throws IOException, NamingException { >>> > > > final Response message = WebClient.create(" >>> > http://localhost:4204 >>> > > ") >>> > > > >>> .path("/UserServiceTest/user/get").get(Response.class); >>> > > > assertEquals(403, message.getStatus()); >>> > > > } >>> > > > >>> > > > ....################### >>> > > > I tried several hours to find an example how to create a >>> > SecurityContext >>> > > > mock in the test, which than is injected in the UserService with no >>> > luck. >>> > > > I hope someone has a hint for me. >>> > > > >>> > > > Uli >>> > > >>> > >>>
