You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Alex Orlov <oo...@mail.ru> on 2021/05/20 15:34:12 UTC
Subject login/logout in tests
Hello all,
Can I use in one thread tests subject login/logout. Something like this:
@BeforeAll
protected void doBeforeAll() {
Subject subject = SecurityUtils.getSubject();
subject.login(token);
}
@AfterAll
protected void doAfterAll() {
Subject subject = SecurityUtils.getSubject();
subject.logout();
}
As I understand, subject.login() does thread binding, and subject.logout() does thread unbinding. So, could anyone say
if this code is correct.
--
Best regards, Alex Orlov
Re: Re[4]: Subject login/logout in tests
Posted by sreenivas harshith <sr...@yahoo.com>.
I have had issues with acquiring thread context subjects with securityutils.getsubject(). I used to get subjects of a previous user. I switched to subject builder and it solved all my issues.
________________________________
From: Brian Demers <br...@gmail.com>
Sent: Friday, 21 May, 2021, 8:37 pm
To: Alex Orlov
Cc: user@shiro.apache.org
Subject: Re: Re[4]: Subject login/logout in tests
Yes, it's totally fine.
You can use a Subject Builder, instead of the SecurityUtils:
https://shiro.apache.org/subject.html#Subject-Subject.Builder
And `subject.execute()`, and you should be able to avoid any before/after test cleanup.
But either option works ;)
On Fri, May 21, 2021 at 10:34 AM Alex Orlov <oo...@mail.ru>> wrote:
Yes, you are right. But what about the question — is it correct to use subject login/logout in IT tests?
Not subject mock, but a real subject with real realm work?
--
Best regards, Alex Orlov
Пятница, 21 мая 2021, 17:25 +03:00 от Brian Demers <br...@gmail.com>>:
In your case the subject is bound from `SecurityUtils.getSubject()`
https://github.com/apache/shiro/blob/df81077726b407f905ba16a9f57ba731b7736375/core/src/main/java/org/apache/shiro/SecurityUtils.java#L53-L60
On Fri, May 21, 2021 at 12:55 AM Alex Orlov <oo...@mail.ru>> wrote:
Hm… I am sure, that when we do subjec.login(..) then under the hood subject is bound to the tread.
I use the code I posted in integration tests and everything works as expected. I pass token, I see how
my realm does it work.
What did you mean, saying «login and out do not bind the user to the thread.»? I am saying that after calling
subject.login() subject is bound to thread and after subject.logout() subject is unbound from thread.
--
Best regards, Alex Orlov
Четверг, 20 мая 2021, 22:52 +03:00 от Brian Demers <br...@gmail.com>>:
login and out do not bind the user to the thread. Typically I use the ThreadContext directly when I need to do anything with threading
For example, mock a subject, and bind it to the thread:
https://github.com/apache/shiro/blob/df81077726b407f905ba16a9f57ba731b7736375/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/ShiroSecurityContextTest.groovy#L167-L168
Then unbind it:
https://github.com/apache/shiro/blob/df81077726b407f905ba16a9f57ba731b7736375/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/ShiroSecurityContextTest.groovy#L188
Though if you are using a "real" subject, you could just use the built in thread execution as well: https://shiro.apache.org/subject.html#thread-association
On Thu, May 20, 2021 at 11:34 AM Alex Orlov <oo...@mail.ru>> wrote:
Hello all,
Can I use in one thread tests subject login/logout. Something like this:
@BeforeAll
protected void doBeforeAll() {
Subject subject = SecurityUtils.getSubject();
subject.login(token);
}
@AfterAll
protected void doAfterAll() {
Subject subject = SecurityUtils.getSubject();
subject.logout();
}
As I understand, subject.login() does thread binding, and subject.logout() does thread unbinding. So, could anyone say
if this code is correct.
--
Best regards, Alex Orlov
Re: Re[4]: Subject login/logout in tests
Posted by Brian Demers <br...@gmail.com>.
Yes, it's totally fine.
You can use a Subject Builder, instead of the SecurityUtils:
https://shiro.apache.org/subject.html#Subject-Subject.Builder
And `subject.execute()`, and you should be able to avoid any before/after
test cleanup.
But either option works ;)
On Fri, May 21, 2021 at 10:34 AM Alex Orlov <oo...@mail.ru> wrote:
> Yes, you are right. But what about the question — is it correct to use
> subject login/logout in IT tests?
> Not subject mock, but a real subject with real realm work?
>
>
> --
> Best regards, Alex Orlov
>
>
>
> Пятница, 21 мая 2021, 17:25 +03:00 от Brian Demers <brian.demers@gmail.com
> >:
>
> In your case the subject is bound from `SecurityUtils.getSubject()`
>
>
> https://github.com/apache/shiro/blob/df81077726b407f905ba16a9f57ba731b7736375/core/src/main/java/org/apache/shiro/SecurityUtils.java#L53-L60
>
> On Fri, May 21, 2021 at 12:55 AM Alex Orlov <ooo_saturn7@mail.ru
> <//...@mail.ru>> wrote:
>
> Hm… I am sure, that when we do subjec.login(..) then under the hood
> subject is bound to the tread.
> I use the code I posted in integration tests and everything works as
> expected. I pass token, I see how
> my realm does it work.
>
> What did you mean, saying «login and out do not bind the user to the
> thread.»? I am saying that after calling
> subject.login() subject is bound to thread and after subject.logout()
> subject is unbound from thread.
>
>
> --
> Best regards, Alex Orlov
>
>
>
> Четверг, 20 мая 2021, 22:52 +03:00 от Brian Demers <brian.demers@gmail.com
> <//...@gmail.com>>:
>
> login and out do not bind the user to the thread. Typically I use the
> ThreadContext directly when I need to do anything with threading
>
> For example, mock a subject, and bind it to the thread:
>
> https://github.com/apache/shiro/blob/df81077726b407f905ba16a9f57ba731b7736375/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/ShiroSecurityContextTest.groovy#L167-L168
> Then unbind it:
>
> https://github.com/apache/shiro/blob/df81077726b407f905ba16a9f57ba731b7736375/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/ShiroSecurityContextTest.groovy#L188
>
> Though if you are using a "real" subject, you could just use the built in
> thread execution as well:
> https://shiro.apache.org/subject.html#thread-association
>
>
> On Thu, May 20, 2021 at 11:34 AM Alex Orlov <ooo_saturn7@mail.ru
> <ht...@mail.ru>> wrote:
>
> Hello all,
>
> Can I use in one thread tests subject login/logout. Something like this:
>
> @BeforeAll
> protected void doBeforeAll() {
> Subject subject = SecurityUtils.getSubject();
> subject.login(token);
> }
> @AfterAll
> protected void doAfterAll() {
> Subject subject = SecurityUtils.getSubject();
> subject.logout();
> }
>
> As I understand, subject.login() does thread binding, and subject.logout()
> does thread unbinding. So, could anyone say
> if this code is correct.
>
> --
> Best regards, Alex Orlov
>
>
>
>
>
Re[4]: Subject login/logout in tests
Posted by Alex Orlov <oo...@mail.ru>.
Yes, you are right. But what about the question — is it correct to use subject login/logout in IT tests?
Not subject mock, but a real subject with real realm work?
--
Best regards, Alex Orlov
>Пятница, 21 мая 2021, 17:25 +03:00 от Brian Demers <br...@gmail.com>:
>
>In your case the subject is bound from `SecurityUtils.getSubject()`
>
>https://github.com/apache/shiro/blob/df81077726b407f905ba16a9f57ba731b7736375/core/src/main/java/org/apache/shiro/SecurityUtils.java#L53-L60
>On Fri, May 21, 2021 at 12:55 AM Alex Orlov < ooo_saturn7@mail.ru > wrote:
>>Hm… I am sure, that when we do subjec.login(..) then under the hood subject is bound to the tread.
>>I use the code I posted in integration tests and everything works as expected. I pass token, I see how
>>my realm does it work.
>>
>>What did you mean, saying «login and out do not bind the user to the thread.»? I am saying that after calling
>>subject.login() subject is bound to thread and after subject.logout() subject is unbound from thread.
>>
>>
>>--
>>Best regards, Alex Orlov
>>
>>
>>>Четверг, 20 мая 2021, 22:52 +03:00 от Brian Demers < brian.demers@gmail.com >:
>>>
>>>login and out do not bind the user to the thread. Typically I use the ThreadContext directly when I need to do anything with threading
>>>
>>>For example, mock a subject, and bind it to the thread:
>>>https://github.com/apache/shiro/blob/df81077726b407f905ba16a9f57ba731b7736375/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/ShiroSecurityContextTest.groovy#L167-L168
>>>Then unbind it:
>>>https://github.com/apache/shiro/blob/df81077726b407f905ba16a9f57ba731b7736375/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/ShiroSecurityContextTest.groovy#L188
>>>
>>>Though if you are using a "real" subject, you could just use the built in thread execution as well: https://shiro.apache.org/subject.html#thread-association
>>>
>>>On Thu, May 20, 2021 at 11:34 AM Alex Orlov < ooo_saturn7@mail.ru > wrote:
>>>>Hello all,
>>>>
>>>>Can I use in one thread tests subject login/logout. Something like this:
>>>>
>>>> @BeforeAll
>>>> protected void doBeforeAll() {
>>>> Subject subject = SecurityUtils.getSubject();
>>>> subject.login(token);
>>>> }
>>>> @AfterAll
>>>> protected void doAfterAll() {
>>>> Subject subject = SecurityUtils.getSubject();
>>>> subject.logout();
>>>> }
>>>>
>>>>As I understand, subject.login() does thread binding, and subject.logout() does thread unbinding. So, could anyone say
>>>>if this code is correct.
>>>>
>>>>--
>>>>Best regards, Alex Orlov
>>
Re: Re[2]: Subject login/logout in tests
Posted by Brian Demers <br...@gmail.com>.
In your case the subject is bound from `SecurityUtils.getSubject()`
https://github.com/apache/shiro/blob/df81077726b407f905ba16a9f57ba731b7736375/core/src/main/java/org/apache/shiro/SecurityUtils.java#L53-L60
On Fri, May 21, 2021 at 12:55 AM Alex Orlov <oo...@mail.ru> wrote:
> Hm… I am sure, that when we do subjec.login(..) then under the hood
> subject is bound to the tread.
> I use the code I posted in integration tests and everything works as
> expected. I pass token, I see how
> my realm does it work.
>
> What did you mean, saying «login and out do not bind the user to the
> thread.»? I am saying that after calling
> subject.login() subject is bound to thread and after subject.logout()
> subject is unbound from thread.
>
>
> --
> Best regards, Alex Orlov
>
>
>
> Четверг, 20 мая 2021, 22:52 +03:00 от Brian Demers <brian.demers@gmail.com
> >:
>
> login and out do not bind the user to the thread. Typically I use the
> ThreadContext directly when I need to do anything with threading
>
> For example, mock a subject, and bind it to the thread:
>
> https://github.com/apache/shiro/blob/df81077726b407f905ba16a9f57ba731b7736375/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/ShiroSecurityContextTest.groovy#L167-L168
> Then unbind it:
>
> https://github.com/apache/shiro/blob/df81077726b407f905ba16a9f57ba731b7736375/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/ShiroSecurityContextTest.groovy#L188
>
> Though if you are using a "real" subject, you could just use the built in
> thread execution as well:
> https://shiro.apache.org/subject.html#thread-association
>
>
> On Thu, May 20, 2021 at 11:34 AM Alex Orlov <ooo_saturn7@mail.ru
> <//...@mail.ru>> wrote:
>
> Hello all,
>
> Can I use in one thread tests subject login/logout. Something like this:
>
> @BeforeAll
> protected void doBeforeAll() {
> Subject subject = SecurityUtils.getSubject();
> subject.login(token);
> }
> @AfterAll
> protected void doAfterAll() {
> Subject subject = SecurityUtils.getSubject();
> subject.logout();
> }
>
> As I understand, subject.login() does thread binding, and subject.logout()
> does thread unbinding. So, could anyone say
> if this code is correct.
>
> --
> Best regards, Alex Orlov
>
>
>
Re[2]: Subject login/logout in tests
Posted by Alex Orlov <oo...@mail.ru>.
Hm… I am sure, that when we do subjec.login(..) then under the hood subject is bound to the tread.
I use the code I posted in integration tests and everything works as expected. I pass token, I see how
my realm does it work.
What did you mean, saying «login and out do not bind the user to the thread.»? I am saying that after calling
subject.login() subject is bound to thread and after subject.logout() subject is unbound from thread.
--
Best regards, Alex Orlov
>Четверг, 20 мая 2021, 22:52 +03:00 от Brian Demers <br...@gmail.com>:
>
>login and out do not bind the user to the thread. Typically I use the ThreadContext directly when I need to do anything with threading
>
>For example, mock a subject, and bind it to the thread:
>https://github.com/apache/shiro/blob/df81077726b407f905ba16a9f57ba731b7736375/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/ShiroSecurityContextTest.groovy#L167-L168
>Then unbind it:
>https://github.com/apache/shiro/blob/df81077726b407f905ba16a9f57ba731b7736375/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/ShiroSecurityContextTest.groovy#L188
>
>Though if you are using a "real" subject, you could just use the built in thread execution as well: https://shiro.apache.org/subject.html#thread-association
>
>On Thu, May 20, 2021 at 11:34 AM Alex Orlov < ooo_saturn7@mail.ru > wrote:
>>Hello all,
>>
>>Can I use in one thread tests subject login/logout. Something like this:
>>
>> @BeforeAll
>> protected void doBeforeAll() {
>> Subject subject = SecurityUtils.getSubject();
>> subject.login(token);
>> }
>> @AfterAll
>> protected void doAfterAll() {
>> Subject subject = SecurityUtils.getSubject();
>> subject.logout();
>> }
>>
>>As I understand, subject.login() does thread binding, and subject.logout() does thread unbinding. So, could anyone say
>>if this code is correct.
>>
>>--
>>Best regards, Alex Orlov
Re: Subject login/logout in tests
Posted by Brian Demers <br...@gmail.com>.
login and out do not bind the user to the thread. Typically I use the
ThreadContext directly when I need to do anything with threading
For example, mock a subject, and bind it to the thread:
https://github.com/apache/shiro/blob/df81077726b407f905ba16a9f57ba731b7736375/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/ShiroSecurityContextTest.groovy#L167-L168
Then unbind it:
https://github.com/apache/shiro/blob/df81077726b407f905ba16a9f57ba731b7736375/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/ShiroSecurityContextTest.groovy#L188
Though if you are using a "real" subject, you could just use the built in
thread execution as well:
https://shiro.apache.org/subject.html#thread-association
On Thu, May 20, 2021 at 11:34 AM Alex Orlov <oo...@mail.ru> wrote:
> Hello all,
>
> Can I use in one thread tests subject login/logout. Something like this:
>
> @BeforeAll
> protected void doBeforeAll() {
> Subject subject = SecurityUtils.getSubject();
> subject.login(token);
> }
> @AfterAll
> protected void doAfterAll() {
> Subject subject = SecurityUtils.getSubject();
> subject.logout();
> }
>
> As I understand, subject.login() does thread binding, and subject.logout()
> does thread unbinding. So, could anyone say
> if this code is correct.
>
> --
> Best regards, Alex Orlov
>