Unit testing protected Controllers

[hneiper]

I am trying to test controllers that are being protected by a "SecurityInterceptor". Here is my *-servlet.xml configuration:

Code:

<bean id="secureHandlerMapping" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
		<property name="interceptors">
		    <list>
			<ref local="securityInterceptor"/>
		    </list>
		</property>
		<property name="urlMap">
		    <map>
                        <entry key="/getserverlist.do">
                            <ref local="secure_getserverlist"/>
                        </entry>
    		    </map>
		</property>
	</bean>

<bean id="securityInterceptor" class="presentation.interceptor.authentication.SecurityInterceptor"/> 

<bean id="secure_getserverlist" class="presentation.controller.GetServerListController"/>

Now in my test I am going to want to get the bean for the GetServerListController. However, unlike the other beans that are mapped to say '/login.do' where I can just simply call something like this - ctx.getBean("/login.do"); I am not able to do the same given that the path '/getserverlist.do' is not actually a bean id now but rather it is an entry in a Map as a property to the 'secureHandlerMapping' bean.

Perhaps the plan is to create a new Url handler mapping class extending AbstractUrlHandlerMapping that not only has setter methods for the urlMap property but also getters. Sound right, another solution? I am all ears right now.

[Ben Alex]

I am trying to test controllers that are being protected by a "SecurityInterceptor"

Why reinvent the wheel? There are more security approaches out there than you can poke a stick at. Could you use Acegi Security, which what most Spring developers are using? It has URL mapping services already, comprehensive unit tested. I've personally used Acegi Security to build a content management system, and others have done the same thing, so it's likely to meet most needs (or at least provide extension hooks to do so).

[hneiper]

Why reinvent the wheel?

Well, basically because I am not reinventing the wheel. Maybe protected is not really a correct description. Plain and simple the Interceptor is just being used to check the state of certain objects managed by the Controller. I wish I could elaborate on more of the details around what is taking place in the Interceptor, but I am afraid that this is not possible do to the policies I have to live by set forth by my company. Anyhow, beyond that your suggestion has merit but not for the context of this topic.

So now that you have offered nothing to this discussion other than to tell us that you "used such and such" and "you did so and so" - if anyone else has any suggestions as to what a solution might be in the context of the topic - again I would be glad to listen.