How to programatically specify my user/role in OpenEJB?

开发者 https://www.devze.com 2023-04-11 02:25 出处：网络

In the project I\'m working on, we are using OpenEJB as a framework to test our EJB. We construct an InitialContext programatically, and use it to get the transaction manager and the various EJB.

相关专题：jaas openejb

In the project I'm working on, we are using OpenEJB as a framework to test our EJB. We construct an InitialContext programatically, and use it to get the transaction manager and the various EJB.

However, the EJB I have to test now has the @RolesAllowed annotation, and so OpenEJB refuses to get that EJB, arguing I don't have the permissions required.

H开发者_StackOverflow社区ow can I specify to OpenEJB the user this test is supposed to simulate, and the role associated with him?

The @RunAs suggestion bkail mentions is definitely a good way to go. The second approach that doesn't involve inner classes is to login in the testcase.

Login approach

When you bootstrap OpenEJB, specify the user/pass in the InitialContext properties as follows:

public void testAsManager() throws Exception {
    Properties p = new Properties();
    p.put(Context.INITIAL_CONTEXT_FACTORY, "org.apache.openejb.client.LocalInitialContextFactory");
    p.put(Context.SECURITY_PRINCIPAL, "jane");
    p.put(Context.SECURITY_CREDENTIALS, "waterfall");

    InitialContext context = new InitialContext(p);

    try {
        movies.addMovie(new Movie("Quentin Tarantino", "Reservoir Dogs", 1992));
        movies.addMovie(new Movie("Joel Coen", "Fargo", 1996));
        movies.addMovie(new Movie("Joel Coen", "The Big Lebowski", 1998));

        List<Movie> list = movies.getMovies();
        assertEquals("List.size()", 3, list.size());

        for (Movie movie : list) {
            movies.deleteMovie(movie);
        }

        assertEquals("Movies.getMovies()", 0, movies.getMovies().size());
    } finally {
        context.close();
    }
}

Then perhaps test again as a different user:

public void testAsEmployee() throws Exception {
    Properties p = new Properties();
    p.put(Context.INITIAL_CONTEXT_FACTORY, "org.apache.openejb.client.LocalInitialContextFactory");
    p.put(Context.SECURITY_PRINCIPAL, "joe");
    p.put(Context.SECURITY_CREDENTIALS, "cool");

    InitialContext context = new InitialContext(p);

    try {
        movies.addMovie(new Movie("Quentin Tarantino", "Reservoir Dogs", 1992));
        movies.addMovie(new Movie("Joel Coen", "Fargo", 1996));
        movies.addMovie(new Movie("Joel Coen", "The Big Lebowski", 1998));

        List<Movie> list = movies.getMovies();
        assertEquals("List.size()", 3, list.size());

        for (Movie movie : list) {
            try {
                movies.deleteMovie(movie);
                fail("Employees should not be allowed to delete");
            } catch (EJBAccessException e) {
                // Good, Employees cannot delete things
            }
        }

        // The list should still be three movies long
        assertEquals("Movies.getMovies()", 3, movies.getMovies().size());
    } finally {
        context.close();
    }
}

Test users and groups

You can configure test users and groups by putting a users.properties and groups.properties file in the classpath of the testcase. In maven that'd be at the following locations:

src/test/resources/users.properties
src/test/resources/groups.properties

The users.properties file might look like this

joe=cool
jane=waterfall

And groups.properties like so

Manager=jane
Employee=jane,joe

See the OpenEJB Testing Security Example. Basically, you indirect through a test bean that has no @RolesAllowed, but uses @RunAs to switch roles before calling the second bean.