Yes, it's totally fine. You can use a Subject Builder, instead of the SecurityUtils: https://shiro.apache.org/subject.html#Subject-Subject.Builder
And `subject.execute()`, and you should be able to avoid any before/after test cleanup. But either option works ;) On Fri, May 21, 2021 at 10:34 AM Alex Orlov <[email protected]> wrote: > Yes, you are right. But what about the question — is it correct to use > subject login/logout in IT tests? > Not subject mock, but a real subject with real realm work? > > > -- > Best regards, Alex Orlov > > > > Пятница, 21 мая 2021, 17:25 +03:00 от Brian Demers <[email protected] > >: > > In your case the subject is bound from `SecurityUtils.getSubject()` > > > https://github.com/apache/shiro/blob/df81077726b407f905ba16a9f57ba731b7736375/core/src/main/java/org/apache/shiro/SecurityUtils.java#L53-L60 > > On Fri, May 21, 2021 at 12:55 AM Alex Orlov <[email protected] > <//e.mail.ru/compose/?mailto=mailto%[email protected]>> wrote: > > Hm… I am sure, that when we do subjec.login(..) then under the hood > subject is bound to the tread. > I use the code I posted in integration tests and everything works as > expected. I pass token, I see how > my realm does it work. > > What did you mean, saying «login and out do not bind the user to the > thread.»? I am saying that after calling > subject.login() subject is bound to thread and after subject.logout() > subject is unbound from thread. > > > -- > Best regards, Alex Orlov > > > > Четверг, 20 мая 2021, 22:52 +03:00 от Brian Demers <[email protected] > <//e.mail.ru/compose/?mailto=mailto%[email protected]>>: > > login and out do not bind the user to the thread. Typically I use the > ThreadContext directly when I need to do anything with threading > > For example, mock a subject, and bind it to the thread: > > https://github.com/apache/shiro/blob/df81077726b407f905ba16a9f57ba731b7736375/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/ShiroSecurityContextTest.groovy#L167-L168 > Then unbind it: > > https://github.com/apache/shiro/blob/df81077726b407f905ba16a9f57ba731b7736375/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/ShiroSecurityContextTest.groovy#L188 > > Though if you are using a "real" subject, you could just use the built in > thread execution as well: > https://shiro.apache.org/subject.html#thread-association > > > On Thu, May 20, 2021 at 11:34 AM Alex Orlov <[email protected] > <http://e.mail.ru/compose/?mailto=mailto%[email protected]>> wrote: > > Hello all, > > Can I use in one thread tests subject login/logout. Something like this: > > @BeforeAll > protected void doBeforeAll() { > Subject subject = SecurityUtils.getSubject(); > subject.login(token); > } > @AfterAll > protected void doAfterAll() { > Subject subject = SecurityUtils.getSubject(); > subject.logout(); > } > > As I understand, subject.login() does thread binding, and subject.logout() > does thread unbinding. So, could anyone say > if this code is correct. > > -- > Best regards, Alex Orlov > > > > >
