You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by stianlagstad <st...@gmail.com> on 2017/10/06 09:38:06 UTC
How to test a rest endpoint that's protected with @RequiresRoles?
I hope this is ok to post here. I have an endpoint that's protected with
@RequiresRoles and I would like to write a couple of tests to make sure it
works: One where a user without the roles tries to access it and it fails,
and one where a user with the role tries to access it and it succeeds. So
far I haven't been able to set up these tests. I've seen
https://shiro.apache.org/testing.html, but are there any other examples I
can look at? I've managed to write a test for an internal method that's
protected with @RequiresRoles, but not an external endpoint (i.e. a method
annotated with both @GET and @RequiresRoles). For example:
```java
@GET
@ApiOperation(value = "helloworld",
notes = "Simple hello world.",
response = String.class)
@RequiresRoles(READ)
public Response helloWorld() {
String hello = "Hello world!";
return Response.status(Response.Status.OK).entity(hello).build();
}
@GET
@Path("/{param}")
@ApiOperation(value = "helloReply",
notes = "Returns Hello you! and {param}",
response = String.class)
@RequiresRoles(WRITE)
public Response getMsg(@PathParam("param") String msg) {
String output = "Hello you! " + msg;
return Response.status(Response.Status.OK).entity(output).build();
}
```
If I start my application I can send requests to these endpoints and confirm
that they work as I intend. But how could/should I write tests for these?
--
Sent from: http://shiro-user.582556.n2.nabble.com/