Thanks - this will help me a big step forward 2014-11-07 11:22 GMT+01:00 Romain Manni-Bucau <[email protected]>:
> FYI: https://issues.apache.org/jira/browse/TOMEE-1439 (sample > > https://git-wip-us.apache.org/repos/asf?p=tomee.git;a=blob;f=server/openejb-cxf-rs/src/test/java/org/apache/openejb/server/cxf/rs/SecurityContextIsUsableTest.java;h=d0a093ac0ef5fcf5460819c898b96707637f5f51;hb=5971b1a858404e65c5b551eb4b67dbc9c6653e86 > ) > Romain Manni-Bucau > Twitter: @rmannibucau > Blog: http://rmannibucau.wordpress.com/ > LinkedIn: http://fr.linkedin.com/in/rmannibucau > Github: https://github.com/rmannibucau > > > > 2014-11-07 10:16 GMT+00:00 Romain Manni-Bucau <[email protected]>: > > @WebFilter > > public class MyFilter implements javax.servlet.Filter { > > .... > > doFilter(....) { > > ThreadLocalSecurityContext.set(new MySecurityContext()); > > chain.doFilter(...); > > } > > } > > > > > > It should be fixed on trunk in the day BTW. > > > > > > > > Romain Manni-Bucau > > @rmannibucau > > http://www.tomitribe.com > > http://rmannibucau.wordpress.com > > https://github.com/rmannibucau > > > > > > 2014-11-07 9:23 GMT+00:00 Ulrich Metzger <[email protected]>: > >> Thanks for your answer - i try to understand our idea, but because i'm > new > >> to J2EE this sounds very theoretically for me. Best would be to have an > >> example how to setup such an interceptor or @WebFilter in my junit test. > >> > >> 2014-11-07 9:43 GMT+01:00 Romain Manni-Bucau <[email protected]>: > >> > >>> Well severals things: > >>> - maybe we dont wire security in httpejbd layer and we can desire it > >>> - you can set yourself this threadlocal with an interceptor for > instance or > >>> a @WebFilter > >>> > >>> 2 will fix your issue today but 1 is surely better for a long term fix > >>> Le 7 nov. 2014 07:35, "Ulrich Metzger" <[email protected]> a écrit > : > >>> > >>> > I get an org.apache.openejb.rest.ThreadLocalSecurityContext in the > >>> > UserService, but with an empty UserPrincipal. > >>> > I found out, that the ApplicationComposer calls the > >>> > ThreadLocalContextManager which creates an empty > >>> ThreadLocalSecurityContext > >>> > instance. So the question is where to hook in to replace either the > >>> > complete manager or the securityContext with a custom one. > >>> > > >>> > 2014-11-06 19:13 GMT+01:00 Romain Manni-Bucau <[email protected] > >: > >>> > > >>> > > Hi > >>> > > > >>> > > You mean you get null? Normally nothing special is needed > >>> > > > >>> > > > >>> > > Romain Manni-Bucau > >>> > > @rmannibucau > >>> > > http://www.tomitribe.com > >>> > > http://rmannibucau.wordpress.com > >>> > > https://github.com/rmannibucau > >>> > > > >>> > > > >>> > > 2014-11-06 17:35 GMT+00:00 Ulrich Metzger <[email protected]>: > >>> > > > Hi list, > >>> > > > does anybody know how to mock a SecurityContext which gets > injected > >>> in > >>> > a > >>> > > > Service Class exposed as Rest service in a junit test? > >>> > > > > >>> > > > Here is the Service Class (the get method checks the currently > logged > >>> > in > >>> > > > user): > >>> > > > ##################### ... > >>> > > > @Path("/user") > >>> > > > @Produces(MediaType.APPLICATION_JSON) > >>> > > > @Stateless > >>> > > > @Lock(LockType.READ) > >>> > > > public class UserService { > >>> > > > > >>> > > > @Context > >>> > > > private SecurityContext context; > >>> > > > > >>> > > > /** > >>> > > > * returns logged in user > >>> > > > */ > >>> > > > @Path("/get") > >>> > > > @GET > >>> > > > @Lock(LockType.WRITE) > >>> > > > public Response get() { > >>> > > > try { > >>> > > > User user = ((UserPrincipal) > >>> > > > context.getUserPrincipal()).getUser(); > >>> > > > return Response.ok(getDefaultGson().toJson(user), > >>> > > > MediaType.APPLICATION_JSON_TYPE).build(); > >>> > > > } catch (Exception e) { > >>> > > > logger.debug("no user principal in context"); > >>> > > > return Response.status(Status.FORBIDDEN).build(); > >>> > > > } > >>> > > > } > >>> > > > > >>> > > > ... ######################### > >>> > > > > >>> > > > the JUnit tests uses the ApplicationComposer and looks like this: > >>> > > > > >>> > > > ....######################### > >>> > > > > >>> > > > @EnableServices(value = "jaxrs") > >>> > > > @RunWith(ApplicationComposer.class) > >>> > > > > >>> > > > public class UserServiceTest { > >>> > > > > >>> > > > @Module > >>> > > > @Classes(value = { UserService.class}, cdi = true) // scan > these > >>> > > classes > >>> > > > public WebApp war() { > >>> > > > return new WebApp() // define rest Application > >>> > > > .contextRoot("UserServiceTest"); > >>> > > > } > >>> > > > > >>> > > > @Test > >>> > > > public void get() throws IOException, NamingException { > >>> > > > final Response message = WebClient.create(" > >>> > http://localhost:4204 > >>> > > ") > >>> > > > > >>> .path("/UserServiceTest/user/get").get(Response.class); > >>> > > > assertEquals(403, message.getStatus()); > >>> > > > } > >>> > > > > >>> > > > ....################### > >>> > > > I tried several hours to find an example how to create a > >>> > SecurityContext > >>> > > > mock in the test, which than is injected in the UserService with > no > >>> > luck. > >>> > > > I hope someone has a hint for me. > >>> > > > > >>> > > > Uli > >>> > > > >>> > > >>> >
