• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Devaka Cooray
  • Knute Snortum
  • Paul Clapham
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Bear Bibeault
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Ron McLeod
  • Piet Souris
  • Frits Walraven
Bartenders:
  • Ganesh Patekar
  • Tim Holloway
  • salvin francis

How to TestNG tests a @PreAuthorize annotation and its spring EL specified by a spring MVC Controlle  RSS feed

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I've defined this method in my Spring MVC Controller

@PreAuthorize("isAuthenticated() and hasPermission(#request, 'CREATE_REQUISITION')")
@RequestMapping(method = RequestMethod.POST, value = "/trade/createrequisition")
public @ResponseBody
void createRequisition(@RequestBody CreateRequisitionRO[] request,
@RequestHeader("validateOnly") boolean validateOnly) {
.....
}
Then in my TestNG test I'd like to call this method and ensure that the PreAuthorize condition is verified. when I call this method in a normal way (not testing), the PreAuthorize is verified.

If it's possible, how to test this annotation in a TestNG test and how to catch the exception if it throws one ?

Best Regards
 
Bartender
Posts: 1682
7
Android IntelliJ IDE Linux Mac OS X Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
While you could do this why would you want to? What you would be doing is testing the framework. You can rest assured the Spring folks tested the @PreAuthorize annotation.
 
Anthony Raj S
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Bill Gorder wrote:While you could do this why would you want to? What you would be doing is testing the framework. You can rest assured the Spring folks tested the @PreAuthorize annotation.



It will be better if you could read the question properly before making any comments
 
Bill Gorder
Bartender
Posts: 1682
7
Android IntelliJ IDE Linux Mac OS X Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Anthony Raj S wrote:when I call this method in a normal way (not testing), the PreAuthorize is verified.



Yup and integration testing is where I think this stuff should be verified.

Then in my TestNG test I'd like to call this method and ensure that the PreAuthorize condition is verified.



What I was saying is by unit testing this method on its PreAuthorize conditions you are mostly just testing the framework. Typically you would unit test what the method does and test the security layer as part of your integration testing. Now as I said before, yes it can be done. I assume you are using SpringJunit runner, and the Spring support classes but you did not post any test code so I cannot tell for sure. Make sure that load all of the Spring Security Configuration needed to initialize the @PreAuthorize annotations correctly. and in a @Before block (or just sometime before you invoke the method) make sure you get your set an authenticated authentication token on the SecurityContextHolder. Now whether you want to do this like below or call embedded ldap or something else is up to you.
It might look something like this:



that said the exception that you have to handle if the user does not have the proper authority is usually a AccessDeniedException.


I don't use TestNG but whatever testing framework you decide to use should be fine.


I hope that helps you but my original point still stands. I don't see a point in writing unit tests like this, I think it should be tested as part of integration testing. Security is a cross cutting concern.

 
I wish to win the lottery. I wish for a lovely piece of pie. And I wish for a tiny ad:
ScroogeXHTML - small and flexible RTF to HTML converter library
https://coderanch.com/t/710903/ScroogeXHTML-RTF-HTML-XHTML-converter
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!