Acegi and JUnit

**smccrory** · Sep 14th, 2004, 05:40 PM

I searched through the source tree but couldn't find anything more specific...

Is there a class or an example that shows how you can use JUnit to test Acegi-protected business services?

Here's what I came up with so far, based on another post I saw last month, but I get an exception about not having an authorizer for the TestingAuthenticationToken.

Code:

public abstract class SpringEnabledTestCase extends TestCase &#123;

    /**
     * Our logging object.
     */
    protected transient final Log log = LogFactory.getLog&#40;getClass&#40;&#41;&#41;;

    /**
     * The factory used to create DB Sessions.
     */
    protected SessionFactory sessionFactory = null;

    /**
     * Our session's default mode is AUTO, but you can set it to COMMIT and NEVER
     */
    protected FlushMode flushMode = FlushMode.AUTO;

    /**
     * All Hibernate DAO tests will use the same Spring BeanFactory.
     */
    private static ApplicationContext ctx = null;

    // This static block ensures that Spring's BeanFactory is only loaded once for all tests
    static &#123;
        ctx = new ClassPathXmlApplicationContext&#40;Constants.SPRING_APPLICATION_CONTEXT_CONFIG_FILE&#41;;
    &#125;

    /**
     * Basic constructor.
     */
    public SpringEnabledTestCase&#40;&#41; &#123;
        super&#40;&#41;;
    &#125;

    /**
     * Before each Test Case method is triggered, make the DB session available to Spring's transaction support.
     */
    protected void setUp&#40;&#41; throws Exception &#123;

        super.setUp&#40;&#41;;
        sessionFactory = &#40;SessionFactory&#41; getApplicationContext&#40;&#41;.getBean&#40;Constants.SESSION_FACTORY_CONTEXT_NAME&#41;;
        Session dbSession = SessionFactoryUtils.getSession&#40;sessionFactory, true&#41;;
        dbSession.setFlushMode&#40;flushMode&#41;;
        if &#40;TransactionSynchronizationManager.hasResource&#40;sessionFactory&#41;&#41; &#123;
            log
                    .warn&#40;"TransactionSynchronizationManager already has a session factory!  Look at the preceeding code for missing super&#40;&#41; calls, etc."&#41;;
        &#125;

        TransactionSynchronizationManager.bindResource&#40;sessionFactory, new SessionHolder&#40;dbSession&#41;&#41;;
        
        // Create and store the Acegi SecureContext into the ContextHolder
        createSecureContext&#40;&#41;;

    &#125;

    /**
     * After each Test Case method is done, flush and close the DB session.
     */
    protected void tearDown&#40;&#41; throws Exception &#123;
        
        // Remove the Acegi SecureContext from the ContextHolder
        destroySecureContext&#40;&#41;;

        SessionHolder holder = &#40;SessionHolder&#41; TransactionSynchronizationManager.unbindResource&#40;sessionFactory&#41;;
        Session dbSession = holder.getSession&#40;&#41;;

        if &#40;dbSession.getFlushMode&#40;&#41; != FlushMode.NEVER&#41; &#123;
            dbSession.flush&#40;&#41;;
        &#125;

        SessionFactoryUtils.closeSessionIfNecessary&#40;holder.getSession&#40;&#41;, sessionFactory&#41;;
        super.tearDown&#40;&#41;;

    &#125;

    /**
     * Returns the initialized ApplicationContext.
     * 
     * @return The initialized ApplicationContext
     */
    protected ApplicationContext getApplicationContext&#40;&#41; &#123;
        return ctx;
    &#125;

    /**
     * Creates an Acegi SecureContext and stores it on the ContextHolder
     */
    private static void createSecureContext&#40;&#41; &#123;
        
        TestingAuthenticationToken auth = new TestingAuthenticationToken&#40;"test", "test", new GrantedAuthority&#91;&#93; &#123;
                new GrantedAuthorityImpl&#40;"ROLE_TELLER"&#41;, new GrantedAuthorityImpl&#40;"ROLE_PERMISSION_LIST"&#41; &#125;&#41;;

        SecureContextImpl secureContext = new SecureContextImpl&#40;&#41;;
        secureContext.setAuthentication&#40;auth&#41;;
        ContextHolder.setContext&#40;secureContext&#41;;
        
    &#125;

    /**
     * Removed the Acegi SecureContext from the ContextHolder
     */
    private static void destroySecureContext&#40;&#41; &#123;
        ContextHolder.setContext&#40;null&#41;;
    &#125;

&#125;

Now here's the JUnit trace from a service unit test that extends SpringEnabledTestCase.

Code:

net.sf.acegisecurity.providers.ProviderNotFoundException&#58; No authentication provider for net.sf.acegisecurity.providers.TestingAuthenticationToken
	at net.sf.acegisecurity.providers.ProviderManager.doAuthentication&#40;ProviderManager.java&#58;136&#41;
	at net.sf.acegisecurity.AbstractAuthenticationManager.authenticate&#40;AbstractAuthenticationManager.java&#58;49&#41;
	at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.interceptor&#40;AbstractSecurityInterceptor.java&#58;294&#41;
	at net.sf.acegisecurity.intercept.method.MethodSecurityInterceptor.invoke&#40;MethodSecurityInterceptor.java&#58;82&#41;
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed&#40;ReflectiveMethodInvocation.java&#58;138&#41;
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke&#40;JdkDynamicAopProxy.java&#58;152&#41;
	at $Proxy6.get&#40;Unknown Source&#41;
	at com.a4technologies.auditpoint.service.test.ReportServiceTest.testGet&#40;ReportServiceTest.java&#58;79&#41;
	at sun.reflect.NativeMethodAccessorImpl.invoke0&#40;Native Method&#41;
	at sun.reflect.NativeMethodAccessorImpl.invoke&#40;NativeMethodAccessorImpl.java&#58;39&#41;
	at sun.reflect.DelegatingMethodAccessorImpl.invoke&#40;DelegatingMethodAccessorImpl.java&#58;25&#41;
	at java.lang.reflect.Method.invoke&#40;Method.java&#58;324&#41;
	at junit.framework.TestCase.runTest&#40;TestCase.java&#58;154&#41;
	at junit.framework.TestCase.runBare&#40;TestCase.java&#58;127&#41;
	at junit.framework.TestResult$1.protect&#40;TestResult.java&#58;106&#41;
	at junit.framework.TestResult.runProtected&#40;TestResult.java&#58;124&#41;
	at junit.framework.TestResult.run&#40;TestResult.java&#58;109&#41;
	at junit.framework.TestCase.run&#40;TestCase.java&#58;118&#41;
	at junit.framework.TestSuite.runTest&#40;TestSuite.java&#58;208&#41;
	at junit.framework.TestSuite.run&#40;TestSuite.java&#58;203&#41;
	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests&#40;RemoteTestRunner.java&#58;421&#41;
	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run&#40;RemoteTestRunner.java&#58;305&#41;
	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main&#40;RemoteTestRunner.java&#58;186&#41;

Thanks in advance, Scott

**Ben Alex** · Sep 14th, 2004, 06:55 PM

Add a net.sf.acegisecurity.providers.TestingAuthenticati onProvider bean to your net.sf.acegisecurity.providers.ProviderManager bean in the application context. Note you shouldn't do this in a production application context (just your test case application context).

The other issue is whether it makes sense to test your business methods when security is enabled. We provide the classes, but unless the business methods actually interact with the ContextHolder or say the access control list package, it is probably adding complexity to your test case without adding corresponding value.

**smccrory** · Sep 14th, 2004, 08:36 PM

Originally Posted by Ben Alex

The other issue is whether it makes sense to test your business methods when security is enabled. We provide the classes, but unless the business methods actually interact with the ContextHolder or say the access control list package, it is probably adding complexity to your test case without adding corresponding value.

Good point - I'll just test using my TransactionProxyFactoryBeans instead of using their security wrappers. Thanks!
Scott

Thread: Acegi and JUnit

Thread Tools

Display

Acegi and JUnit

Similar Threads

How can I test authorization in Junit?

Posting Permissions