Thursday January 08, 2004
Thursday January 08, 2004
Cactus and Form-Based Authentication Quick Summary: Did you know it's possible to login (with form-based authentication) before running each of your testXX methods in a ServletTestCase or CactusStrutsTestCase? Just add a "begin" method in your Base class, or in each of your Tests, and it will be called automatically, just like setUp() is called.
public void begin(WebRequest request) {
request.setRedirectorName("ServletRedirectorSecure");
request.setAuthentication(new FormAuthentication("tomcat","tomcat"));
}
Long and Winded:
Yesterday, I began adding the "roles" attribute to my Struts action-mappings - to limit access for certain user roles (Yes, XDoclet 1.2 supports this). This worked great in my web UI, until I tried to run my StrutsTestCases. Access was denied because I was not logged in. Rather, I was "faking it" by retrieving a UserForm object in my setUp() method and stuffing it into the session [View Source]. This worked like a charm until I added the roles restriction.
Cactus has a nice feature: if you write a beginXX method, it will be called before your testXX method. In other words, begin = client, test = server. So I added a number of beginEdit, beginSave, etc. method to my Action Tests. Great - everything worked. But it was ugly to add all those beginXX methods. Then, via Vincent Massol's wisdom, I learned of the global begin(WebRequest wr) method. Now I simply have a begin() method in my BaseStrutsTestCase class, and everything works as smooth as pie.
public void begin(WebRequest request) {
request.setRedirectorName("ServletRedirectorSecure");
request.setAuthentication(new FormAuthentication("tomcat","tomcat"));
}
A couple of issues I discovered:
- If you have an Action that doesn't have any roles in any of it's mappings, this will fail, so you have to override the begin() method with an empty {} method in your *Test.class. I believe the error message was it couldn't find the SecureServletRedirector.
- You must define all the roles (you plan to authenticate with) in your Ant build.xml file. [Read More]
- My <error-code>403<error-code> is not working on AppFuse or the current real-world app I'm working on. [Read More]
All in all, I'm pretty pumped that Cactus makes it this easy to test my app in its true production environment.
Later: I figured out the source of the 403 error-page not rendering. Once again, my Compression Filter does more harm than good. I switched it out for a more recent GZIPFilter and the same thing happens. The good news is that the new filter works on Resin, whereas the old one did not.
Posted in Java
at Jan 08 2004, 01:46:32 PM MST
Add a Comment
Comments:
Search This Site
Recent Entries
- Wine Tasting in Napa Valley
- How to build a Shot-Ski
- Bus Project Update
- Farewell to the 2011-2012 Ski Season
- Cruising around the Western Caribbean
- Spring Break!
- A Spectacular Trip to Stockholm and Madrid
- Comparing Web Frameworks and HTML5 with Play Scala at Jfokus 2012
- Play Framework 2.0 with Peter Hilton at Jfokus
- Secure JSON Services with Play Scala and SecureSocial