I'm following the instructions on how to do unit testing with Shiro:
http://shiro.apache.org/testing.html
I've got everything compiling and running. However, I'm unclear on how to
actually specify the subject I want to use. The following creates a
DelegatingSubject, but it appears to be unauthenticated with no principles
or anything. I know I haven't properly set them, but I'm unsure the right
way to do it.
Subject subjectUnderTest = new
Subject.Builder(getSecurityManager()).buildSubject();
My application uses Spring to configure Shiro and it has a custom realm that
creates permissions. Do I need to create another realm to use only during
testing? Or can I use my curent realm and force a specific user
authentication? For instance, I'd like to run my tests assuming that the
user with an ID of 1 has authenticated.
Following the testing instructions, I've set up an INI file that gets
loaded, even though with my normal application, I use Spring to configure
Shiro. It seems like going with an INI for testing might be simpler. Should
I be using Spring to configure Shiro for unit testing, or is using INI just
fine?
[main]
sha256Matcher = org.apache.shiro.authc.credential.Sha256CredentialsMatcher
rememberMeManager = com.company.security.MyRememberMeManager
rememberMeManager.cipherKey = xymVvsqSTov2/tcoHnax0B==
myRealm = com.company.security.MyRealm
myRealm.credentialsMatcher = $sha256Matcher
securityManager.sessionManager.globalSessionTimeout = 1800000
securityManager.rememberMeManager = $rememberMeManager
[users]
[roles]
So what is the simplest way to make user ID 1 authenticated? Should I create
a custom Realm for testing that has the user hard coded into
doGetAuthenticationInfo? Or should I be specify the user in the [users]
section and somehow use it? Or can I pass a custom AuthenticationToken with
the proper details to my current Realm implementation? How would I do that?
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken
authcToken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
Member member = memberService.findMember(token.getUsername());
if (member != null && member.isValidated()) {
return new SimpleAuthenticationInfo(member.getId(),
member.getPassword(), getName());
} else {
return null;
}
}
Ideally, I'd just build an AuthenticationToken and somehow pass it to the
realm.doGetAuthInfo() method. But I'm unclear how that would be
accomplished.
Thanks!
Tauren
