Matt RaibleMatt Raible is a Web Developer and Java Champion. Connect with him on LinkedIn.

The Angular Mini-Book The Angular Mini-Book is a guide to getting started with Angular. You'll learn how to develop a bare-bones application, test it, and deploy it. Then you'll move on to adding Bootstrap, Angular Material, continuous integration, and authentication.

Spring Boot is a popular framework for building REST APIs. You'll learn how to integrate Angular with Spring Boot and use security best practices like HTTPS and a content security policy.

For book updates, follow @angular_book on Twitter.

The JHipster Mini-Book The JHipster Mini-Book is a guide to getting started with hip technologies today: Angular, Bootstrap, and Spring Boot. All of these frameworks are wrapped up in an easy-to-use project called JHipster.

This book shows you how to build an app with JHipster, and guides you through the plethora of tools, techniques and options you can use. Furthermore, it explains the UI and API building blocks so you understand the underpinnings of your great application.

For book updates, follow @jhipster-book on Twitter.

10+ YEARS


Over 10 years ago, I wrote my first blog post. Since then, I've authored books, had kids, traveled the world, found Trish and blogged about it all.

Cactus and Form-Based Authentication

Quick Summary: Did you know it's possible to login (with form-based authentication) before running each of your testXX methods in a ServletTestCase or CactusStrutsTestCase? Just add a "begin" method in your Base class, or in each of your Tests, and it will be called automatically, just like setUp() is called.

    public void begin(WebRequest request) {
        request.setRedirectorName("ServletRedirectorSecure");
        request.setAuthentication(new FormAuthentication("tomcat","tomcat"));
    }

Long and Winded: Yesterday, I began adding the "roles" attribute to my Struts action-mappings - to limit access for certain user roles (Yes, XDoclet 1.2 supports this). This worked great in my web UI, until I tried to run my StrutsTestCases. Access was denied because I was not logged in. Rather, I was "faking it" by retrieving a UserForm object in my setUp() method and stuffing it into the session [View Source]. This worked like a charm until I added the roles restriction.

Cactus has a nice feature: if you write a beginXX method, it will be called before your testXX method. In other words, begin = client, test = server. So I added a number of beginEdit, beginSave, etc. method to my Action Tests. Great - everything worked. But it was ugly to add all those beginXX methods. Then, via Vincent Massol's wisdom, I learned of the global begin(WebRequest wr) method. Now I simply have a begin() method in my BaseStrutsTestCase class, and everything works as smooth as pie.

    public void begin(WebRequest request) {
        request.setRedirectorName("ServletRedirectorSecure");
        request.setAuthentication(new FormAuthentication("tomcat","tomcat"));
    }

A couple of issues I discovered:

  • If you have an Action that doesn't have any roles in any of it's mappings, this will fail, so you have to override the begin() method with an empty {} method in your *Test.class. I believe the error message was it couldn't find the SecureServletRedirector.
  • You must define all the roles (you plan to authenticate with) in your Ant build.xml file. [Read More]
  • My <error-code>403<error-code> is not working on AppFuse or the current real-world app I'm working on. [Read More]

All in all, I'm pretty pumped that Cactus makes it this easy to test my app in its true production environment.

Later: I figured out the source of the 403 error-page not rendering. Once again, my Compression Filter does more harm than good. I switched it out for a more recent GZIPFilter and the same thing happens. The good news is that the new filter works on Resin, whereas the old one did not.

Posted in Java at Jan 08 2004, 01:46:32 PM MST Add a Comment