Hi all,
I am looking to
unit test my
Struts actions (currently using the Struts
JUnit plugin (and my test classes extend StrutsTestCase). At the moment, my actions have nasty static calls to the get the Principal, such as:
My actions implement various interfaces such as SessionAware to make my unit-testing life easier. However, does implementing the PrincipalAware interface compromise security? For example, by implementing the PrincipalAware interface, I have to implement a setter for the PrincipalProxy. Is there not a risk that a user could alter security and set this themselves?
Thanks for reading. Kind regards,
James
