You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@click.apache.org by Sven Pfeiffer <sv...@madsep.de> on 2009/10/15 01:01:01 UTC
click-mock and username/role
Hi list,
I'd like to use click-mock for testing my click web-application.
Several times I need to get the username and role from the request,
which AFAIK are set by the SecurityRealm.
For example I display the users name on the top of the page using
context.getRequest().getUserPrincipal().getName()
For security reasons I check the users role in onSecurityCheck() using
context.getRequest().isUserInRole(<requiredRole>)
Is the a way to inject Username/Role with the mock API?
In the moment I am trying the following, which results in a NPEX
MockContainer container = new
MockContainer("C:/dev/projects/clock-mock-test/src/main/webapp");
container.start();
container.setParameter(Form.FORM_NAME, "filter");
//setting parameters for a FormTable
container.setParameter("filterForm_column_0", "entryDate");
container.setParameter("filterForm_operator_0", Operators.AFTER.name());
container.setParameter("filterForm_value_0", "01.07.2009");
//Thats where I get the NPEX
MyTestPage page = (MyTestPage) container.testPage(MyTestPage.class);
//The page forward to itself
assertTrue(MyTestPage.class.getName().equals(container.getForwardPageClass().getName()));
container.stop();
In the MockRequest sources I saw that
isUserInRole(String role) is not implemented yet and getUserPrincipal
returns a Principal with name getHeader("REMOTE_USER"), how can I set
REMOTE_USER?
Thanks in advance
SVen
Re: click-mock and username/role
Posted by Bob Schellink <sa...@gmail.com>.
Great, I've opened a JIRA[1] so we can include this in the next release.
Thanks
bob
[1]: https://issues.apache.org/jira/browse/CLK-585
Sven Pfeiffer wrote:
> Hi Bob,
>
> I like the Idea of having a MockPrincipal so on every request I can
> deside which Principal to use.
> Which will be very usefull to test the security-related features.
>
> So I simply created two classes:
> AuthenticatedMockRequest
> public class AuthenticatedMockRequest extends MockRequest {
>
> MockPrincipal userPrincipal;
>
> public AuthenticatedMockRequest(MockPrincipal userPrincipal) {
> this.userPrincipal = userPrincipal;
> }
>
> @Override
> public boolean isUserInRole(String name) {
> return userPrincipal.getRoles().contains(name);
> }
>
> @Override
> public Principal getUserPrincipal() {
> return userPrincipal;
> }
> }
> and
>
> MockPrincipal:
> public class MockPrincipal implements Principal {
>
> private String name;
> private List<String> roles = new ArrayList<String>();
>
> public MockPrincipal(String userName) {
> this.name = userName;
> }
>
> public MockPrincipal(String userName, List<String> roles) {
> this.name = userName;
> this.roles = roles;
> }
>
> @Override
> public String getName() {
> return name;
> }
>
> public List<String> getRoles() {
> return roles;
> }
>
> public void setRoles(String... newRoles) {
> roles.clear();
> for (String role : newRoles) {
> roles.add(role);
> }
> }
> }
>
> And I added the following lines to my testcase:
>
> MockPrincipal principal = new MockPrincipal("admin");
> principal.setRoles("admin", "user");
> container.setRequest(new AuthenticatedMockRequest(principal));
>
> And it works like a charm :)
>
> Thanks, once again, for your help!
>
> SVen
>
> Bob Schellink wrote:
>> Perhaps we can add a "roles" property to the MockRequest then we can
>> do something like this:
>>
>> // Setup remote user by a new MockPrincipal class
>> Principal p = new MockPrincipal("test");
>> container.getRequest().setPrincipal(p);
>>
>> // Setup roles
>> container.getRequest().setRoles("admin", "user");
>>
>> And then isUserInRoles implementation can be simple:
>>
>> public boolean isUserInRoles(String role) {
>> if (roles.contains(role)) {
>> return true;
>> } else {
>> return false;
>> }
>> }
>>
>>
>> Or MockPrincipal can expose a method to set its own roles:
>>
>> public boolean isUserInRoles(String role) {
>> if (getUserPrincipal().getRoles().contains(role)) {
>> return true;
>> } else {
>> return false;
>> }
>> }
>>
>> What do you think?
>>
>> bob
>>
>>
>> Bob Schellink wrote:
>>> Hi Sven,
>>>
>>> You should be able to set the REMOTE_USER with:
>>>
>>> container.getRequest().addHeader("REMOTE_USER", "admin");
>>>
>>> This won't get you past the unimplemented isUserInRole however. You
>>> could provide a custom MockRequest and set that on the Container
>>> before starting it e.g:
>>>
>>> container.setRequest(new MyMockRequest());
>>> container.start();
>>>
>>> where MyMockRequest somehow implements isUserInRole. Haven't really
>>> though of a way to implement isUserInRole but maybe we can expose a
>>> way to setup Roles and Principals for the container which
>>> isUserInRole can test against?
>>>
>>> kind regards
>>>
>>> bob
>>>
>>> Sven Pfeiffer wrote:
>>>>
>>>> I'd like to use click-mock for testing my click web-application.
>>>>
>>>> Several times I need to get the username and role from the request,
>>>> which AFAIK are set by the SecurityRealm.
>>>>
>>>> For example I display the users name on the top of the page using
>>>> context.getRequest().getUserPrincipal().getName()
>>>>
>>>> For security reasons I check the users role in onSecurityCheck() using
>>>> context.getRequest().isUserInRole(<requiredRole>)
>>>>
>>>> Is the a way to inject Username/Role with the mock API?
>>>> In the moment I am trying the following, which results in a NPEX
>>>>
>>>> MockContainer container = new
>>>> MockContainer("C:/dev/projects/clock-mock-test/src/main/webapp");
>>>> container.start();
>>>> container.setParameter(Form.FORM_NAME, "filter");
>>>>
>>>> //setting parameters for a FormTable
>>>> container.setParameter("filterForm_column_0", "entryDate");
>>>> container.setParameter("filterForm_operator_0",
>>>> Operators.AFTER.name());
>>>> container.setParameter("filterForm_value_0", "01.07.2009");
>>>>
>>>> //Thats where I get the NPEX
>>>> MyTestPage page = (MyTestPage) container.testPage(MyTestPage.class);
>>>>
>>>> //The page forward to itself
>>>> assertTrue(MyTestPage.class.getName().equals(container.getForwardPageClass().getName()));
>>>>
>>>>
>>>> container.stop();
>>>>
>>>> In the MockRequest sources I saw that
>>>> isUserInRole(String role) is not implemented yet and
>>>> getUserPrincipal returns a Principal with name
>>>> getHeader("REMOTE_USER"), how can I set REMOTE_USER?
>>>>
>>>>
>>>> Thanks in advance
>>>> SVen
>>>>
>>>
>>>
>>
>>
>
>
Re: click-mock and username/role
Posted by Sven Pfeiffer <sv...@madsep.de>.
Hi Bob,
I like the Idea of having a MockPrincipal so on every request I can
deside which Principal to use.
Which will be very usefull to test the security-related features.
So I simply created two classes:
AuthenticatedMockRequest
public class AuthenticatedMockRequest extends MockRequest {
MockPrincipal userPrincipal;
public AuthenticatedMockRequest(MockPrincipal userPrincipal) {
this.userPrincipal = userPrincipal;
}
@Override
public boolean isUserInRole(String name) {
return userPrincipal.getRoles().contains(name);
}
@Override
public Principal getUserPrincipal() {
return userPrincipal;
}
}
and
MockPrincipal:
public class MockPrincipal implements Principal {
private String name;
private List<String> roles = new ArrayList<String>();
public MockPrincipal(String userName) {
this.name = userName;
}
public MockPrincipal(String userName, List<String> roles) {
this.name = userName;
this.roles = roles;
}
@Override
public String getName() {
return name;
}
public List<String> getRoles() {
return roles;
}
public void setRoles(String... newRoles) {
roles.clear();
for (String role : newRoles) {
roles.add(role);
}
}
}
And I added the following lines to my testcase:
MockPrincipal principal = new MockPrincipal("admin");
principal.setRoles("admin", "user");
container.setRequest(new AuthenticatedMockRequest(principal));
And it works like a charm :)
Thanks, once again, for your help!
SVen
Bob Schellink wrote:
> Perhaps we can add a "roles" property to the MockRequest then we can
> do something like this:
>
> // Setup remote user by a new MockPrincipal class
> Principal p = new MockPrincipal("test");
> container.getRequest().setPrincipal(p);
>
> // Setup roles
> container.getRequest().setRoles("admin", "user");
>
> And then isUserInRoles implementation can be simple:
>
> public boolean isUserInRoles(String role) {
> if (roles.contains(role)) {
> return true;
> } else {
> return false;
> }
> }
>
>
> Or MockPrincipal can expose a method to set its own roles:
>
> public boolean isUserInRoles(String role) {
> if (getUserPrincipal().getRoles().contains(role)) {
> return true;
> } else {
> return false;
> }
> }
>
> What do you think?
>
> bob
>
>
> Bob Schellink wrote:
>> Hi Sven,
>>
>> You should be able to set the REMOTE_USER with:
>>
>> container.getRequest().addHeader("REMOTE_USER", "admin");
>>
>> This won't get you past the unimplemented isUserInRole however. You
>> could provide a custom MockRequest and set that on the Container
>> before starting it e.g:
>>
>> container.setRequest(new MyMockRequest());
>> container.start();
>>
>> where MyMockRequest somehow implements isUserInRole. Haven't really
>> though of a way to implement isUserInRole but maybe we can expose a
>> way to setup Roles and Principals for the container which
>> isUserInRole can test against?
>>
>> kind regards
>>
>> bob
>>
>> Sven Pfeiffer wrote:
>>>
>>> I'd like to use click-mock for testing my click web-application.
>>>
>>> Several times I need to get the username and role from the request,
>>> which AFAIK are set by the SecurityRealm.
>>>
>>> For example I display the users name on the top of the page using
>>> context.getRequest().getUserPrincipal().getName()
>>>
>>> For security reasons I check the users role in onSecurityCheck() using
>>> context.getRequest().isUserInRole(<requiredRole>)
>>>
>>> Is the a way to inject Username/Role with the mock API?
>>> In the moment I am trying the following, which results in a NPEX
>>>
>>> MockContainer container = new
>>> MockContainer("C:/dev/projects/clock-mock-test/src/main/webapp");
>>> container.start();
>>> container.setParameter(Form.FORM_NAME, "filter");
>>>
>>> //setting parameters for a FormTable
>>> container.setParameter("filterForm_column_0", "entryDate");
>>> container.setParameter("filterForm_operator_0",
>>> Operators.AFTER.name());
>>> container.setParameter("filterForm_value_0", "01.07.2009");
>>>
>>> //Thats where I get the NPEX
>>> MyTestPage page = (MyTestPage) container.testPage(MyTestPage.class);
>>>
>>> //The page forward to itself
>>> assertTrue(MyTestPage.class.getName().equals(container.getForwardPageClass().getName()));
>>>
>>>
>>> container.stop();
>>>
>>> In the MockRequest sources I saw that
>>> isUserInRole(String role) is not implemented yet and
>>> getUserPrincipal returns a Principal with name
>>> getHeader("REMOTE_USER"), how can I set REMOTE_USER?
>>>
>>>
>>> Thanks in advance
>>> SVen
>>>
>>
>>
>
>
Re: click-mock and username/role
Posted by Bob Schellink <sa...@gmail.com>.
Perhaps we can add a "roles" property to the MockRequest then we can do
something like this:
// Setup remote user by a new MockPrincipal class
Principal p = new MockPrincipal("test");
container.getRequest().setPrincipal(p);
// Setup roles
container.getRequest().setRoles("admin", "user");
And then isUserInRoles implementation can be simple:
public boolean isUserInRoles(String role) {
if (roles.contains(role)) {
return true;
} else {
return false;
}
}
Or MockPrincipal can expose a method to set its own roles:
public boolean isUserInRoles(String role) {
if (getUserPrincipal().getRoles().contains(role)) {
return true;
} else {
return false;
}
}
What do you think?
bob
Bob Schellink wrote:
> Hi Sven,
>
> You should be able to set the REMOTE_USER with:
>
> container.getRequest().addHeader("REMOTE_USER", "admin");
>
> This won't get you past the unimplemented isUserInRole however. You
> could provide a custom MockRequest and set that on the Container before
> starting it e.g:
>
> container.setRequest(new MyMockRequest());
> container.start();
>
> where MyMockRequest somehow implements isUserInRole. Haven't really
> though of a way to implement isUserInRole but maybe we can expose a way
> to setup Roles and Principals for the container which isUserInRole can
> test against?
>
> kind regards
>
> bob
>
> Sven Pfeiffer wrote:
>>
>> I'd like to use click-mock for testing my click web-application.
>>
>> Several times I need to get the username and role from the request,
>> which AFAIK are set by the SecurityRealm.
>>
>> For example I display the users name on the top of the page using
>> context.getRequest().getUserPrincipal().getName()
>>
>> For security reasons I check the users role in onSecurityCheck() using
>> context.getRequest().isUserInRole(<requiredRole>)
>>
>> Is the a way to inject Username/Role with the mock API?
>> In the moment I am trying the following, which results in a NPEX
>>
>> MockContainer container = new
>> MockContainer("C:/dev/projects/clock-mock-test/src/main/webapp");
>> container.start();
>> container.setParameter(Form.FORM_NAME, "filter");
>>
>> //setting parameters for a FormTable
>> container.setParameter("filterForm_column_0", "entryDate");
>> container.setParameter("filterForm_operator_0", Operators.AFTER.name());
>> container.setParameter("filterForm_value_0", "01.07.2009");
>>
>> //Thats where I get the NPEX
>> MyTestPage page = (MyTestPage) container.testPage(MyTestPage.class);
>>
>> //The page forward to itself
>> assertTrue(MyTestPage.class.getName().equals(container.getForwardPageClass().getName()));
>>
>>
>> container.stop();
>>
>> In the MockRequest sources I saw that
>> isUserInRole(String role) is not implemented yet and getUserPrincipal
>> returns a Principal with name getHeader("REMOTE_USER"), how can I set
>> REMOTE_USER?
>>
>>
>> Thanks in advance
>> SVen
>>
>
>
Re: click-mock and username/role
Posted by Bob Schellink <sa...@gmail.com>.
Hi Sven,
You should be able to set the REMOTE_USER with:
container.getRequest().addHeader("REMOTE_USER", "admin");
This won't get you past the unimplemented isUserInRole however. You
could provide a custom MockRequest and set that on the Container before
starting it e.g:
container.setRequest(new MyMockRequest());
container.start();
where MyMockRequest somehow implements isUserInRole. Haven't really
though of a way to implement isUserInRole but maybe we can expose a way
to setup Roles and Principals for the container which isUserInRole can
test against?
kind regards
bob
Sven Pfeiffer wrote:
>
> I'd like to use click-mock for testing my click web-application.
>
> Several times I need to get the username and role from the request,
> which AFAIK are set by the SecurityRealm.
>
> For example I display the users name on the top of the page using
> context.getRequest().getUserPrincipal().getName()
>
> For security reasons I check the users role in onSecurityCheck() using
> context.getRequest().isUserInRole(<requiredRole>)
>
> Is the a way to inject Username/Role with the mock API?
> In the moment I am trying the following, which results in a NPEX
>
> MockContainer container = new
> MockContainer("C:/dev/projects/clock-mock-test/src/main/webapp");
> container.start();
> container.setParameter(Form.FORM_NAME, "filter");
>
> //setting parameters for a FormTable
> container.setParameter("filterForm_column_0", "entryDate");
> container.setParameter("filterForm_operator_0", Operators.AFTER.name());
> container.setParameter("filterForm_value_0", "01.07.2009");
>
> //Thats where I get the NPEX
> MyTestPage page = (MyTestPage) container.testPage(MyTestPage.class);
>
> //The page forward to itself
> assertTrue(MyTestPage.class.getName().equals(container.getForwardPageClass().getName()));
>
>
> container.stop();
>
> In the MockRequest sources I saw that
> isUserInRole(String role) is not implemented yet and getUserPrincipal
> returns a Principal with name getHeader("REMOTE_USER"), how can I set
> REMOTE_USER?
>
>
> Thanks in advance
> SVen
>