You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Felipe Carvalho <fe...@gmail.com> on 2012/07/27 22:00:15 UTC
Shiro unit tests with @RequiresPermissions
Hello,
I'm using Shiro - Spring integration and it works great on my webapp. I'm
able to restrict users by either using
SecurityUtils.getSubject().isPermitted("something:do")
or @RequiresPermissions({"something:do"}).
The thing is I can't get @RequiresPermissions({"something:do"}) to work
with unit tests. If I use the AbstractShiroTest class shown here (
https://cwiki.apache.org/confluence/display/SHIRO/Testing), my tests work
fine for SecurityUtils.getSubject().isPermitted("something:do"),
but @RequiresPermissions({"something:do"}) is just ignored.
If I load up applicationContext.xml, it works fine, as the annotation
aspect is configured as below:
Spring - Shiro integration is configured on applicationContext.xml as
below:
* <bean id="securityManager"
class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">*
* <property name="realm" ref="myRealm"/>*
* <property name="rememberMeManager"><null/></property>*
* </bean>*
* <bean id="lifecycleBeanPostProcessor"
class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>*
*
*
* <!-- Enable Shiro Annotations for Spring-configured beans. Only run
after -->*
* <!-- the lifecycleBeanProcessor has run: -->*
* <bean
class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
*
* depends-on="lifecycleBeanPostProcessor"/>*
* <bean
class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
*
* <property name="securityManager" ref="securityManager"/>*
* </bean>*
Is there a way to "mock" Spring AOP behaviour so that my unit tests don't
need to load Spring context for annotations to work?
Thanks a lot
Re: Shiro unit tests with @RequiresPermissions
Posted by Les Hazlewood <lh...@apache.org>.
Hi Felipe,
Did you get anywhere with this? I can't seem to replicate it. Do you
have a quick/sample test that you could share?
Cheers,
--
Les Hazlewood | @lhazlewood
CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282
Stormpath wins GigaOM Structure Launchpad Award! http://bit.ly/MvZkMk
On Fri, Jul 27, 2012 at 1:00 PM, Felipe Carvalho
<fe...@gmail.com> wrote:
> Hello,
> I'm using Shiro - Spring integration and it works great on my webapp. I'm
> able to restrict users by either using
> SecurityUtils.getSubject().isPermitted("something:do") or
> @RequiresPermissions({"something:do"}).
>
> The thing is I can't get @RequiresPermissions({"something:do"}) to work
> with unit tests. If I use the AbstractShiroTest class shown here
> (https://cwiki.apache.org/confluence/display/SHIRO/Testing), my tests work
> fine for SecurityUtils.getSubject().isPermitted("something:do"), but
> @RequiresPermissions({"something:do"}) is just ignored.
>
> If I load up applicationContext.xml, it works fine, as the annotation
> aspect is configured as below:
> Spring - Shiro integration is configured on applicationContext.xml as
> below:
>
> <bean id="securityManager"
> class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
> <property name="realm" ref="myRealm"/>
> <property name="rememberMeManager"><null/></property>
> </bean>
> <bean id="lifecycleBeanPostProcessor"
> class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
>
> <!-- Enable Shiro Annotations for Spring-configured beans. Only run
> after -->
> <!-- the lifecycleBeanProcessor has run: -->
> <bean
> class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
> depends-on="lifecycleBeanPostProcessor"/>
> <bean
> class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
> <property name="securityManager" ref="securityManager"/>
> </bean>
>
> Is there a way to "mock" Spring AOP behaviour so that my unit tests don't
> need to load Spring context for annotations to work?
>
> Thanks a lot
>