Hi Ben,
Thank you for the quick response. Any suggestions you have would be greatly
appreciated, since I'm new to these frameworks and I'm sure I'm doing some
things in an unorthodox manner. I have only started using Junit testing in
the past month, and I'm using the Joint testing as a learning tool to test
if the items I put into my Application context work. I'm sure I will have
more problems down the road when I actually have to implement these features
in my Web Application, but at least I know the non-web stuff works.
I did two things:
1) I moved the securityInterceptor from the autoTxProxyCreator to the
serviceManager and now I can at least create the Spring application context
without having an Authenticated user.
2) I implemented the testingAuthenticationProvider and authenticationManager
that you provided and now I'm getting an access denied error.
net.sf.acegisecurity.AccessDeniedException: Access is denied.
at
net.sf.acegisecurity.vote.AffirmativeBased.decide(AffirmativeBased.java:93)
at
net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.interceptor(Abstr
actSecurityInterceptor.java:302)
at
net.sf.acegisecurity.intercept.method.MethodSecurityInterceptor.invoke(Metho
dSecurityInterceptor.java:82)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(Reflect
iveMethodInvocation.java:138)
at
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopPro
xy.java:152)
at $Proxy0.save(Unknown Source)
at
test.oberthurcs.mp.service.UtilityManagerTestCase.setupServices(UtilityManag
erTestCase.java:251)
at
test.oberthurcs.mp.service.UtilityManagerTestCase.testSimulation(UtilityMana
gerTestCase.java:806)
The save method on the serviceManager has a Commons Attribute
@@SecurityConfig("ROLE_SYSTEM"), and when I created my test authenticated
user, I made sure the user has the GrantedAuthority of "ROLE_SYSTEM" (SEE
BELOW). After debugging the Junit test to the point were the exception is
being raised, I noticed that there were no ConfigAttributes. Do I need to
do anything special to get the Commons Attribute to work? Do I need to run
the attribute-compiler ant task to create the SecurityConfig?
Debug message from Acegi:
09:41:17,734 DEBUG AbstractSecurityInterceptor.273 - Secure object:
Invocation: method=[public abstract
com.oberthurcs.mp.model.objects.MpService
com.oberthurcs.mp.service.ServiceManager.save(com.oberthurcs.mp.model.object
s.MpService) throws
com.oberthurcs.common.model.exception.ExistingInstanceException,com.oberthur
cs.common.model.exception.NamedBusinessObjectWithIdNotNamed]
args=[Ljava.lang.Object;@58e2a1] target is of class [$Proxy0];
ConfigAttributes: []
09:41:17,734 DEBUG ProviderManager.125 - Authentication attempt using
net.sf.acegisecurity.providers.TestingAuthenticationProvider
09:41:17,734 DEBUG AbstractSecurityInterceptor.297 - Authenticated:
[EMAIL PROTECTED]: Username:
admin; Password: [PROTECTED]; Authenticated: true; Details: null; Granted
Authorities: ROLE_SYSTEM
/**
* serviceManagerImpl.save
*
* @see
com.oberthurcs.mp.service.ServiceManager#create(com.oberthurcs.mp.model.obje
cts.MpService)
* @@SecurityConfig("ROLE_SYSTEM")
*/
public MpService save(MpService entityObject)
throws ExistingInstanceException,
NamedBusinessObjectWithIdNotNamed {
MpService result = null;
if (entityObject.getName() == null)
throw new NamedBusinessObjectWithIdNotNamed(_mpService);
List existing = getDao().findByName(entityObject);
if (existing.size() > 0) {
throw new
com.oberthurcs.common.model.exception.ExistingInstanceException(
entityObject, entityObject.getClass().getName(),
existing);
}
result = (MpService) getDao().save(entityObject);
return result;
}
/**
* springTestCase.setCurrentUser
*
* Creates an Test authentication token with a granted authority of
"ROLE_SYSTEM".
*/
protected void setCurrentUser(String username, String password) {
GrantedAuthority[] authorities = new GrantedAuthority[1];
authorities[0] = new GrantedAuthorityImpl("ROLE_SYSTEM");
Authentication auth = new TestingAuthenticationToken(username,
password,
authorities);
SecureContext secureContext = new SecureContextImpl();
secureContext.setAuthentication(auth);
ContextHolder.setContext(secureContext);
}
Guy Tuberson
Software Engineer
[EMAIL PROTECTED]
703-263-0100
>Guy Tuberson wrote:
>
> >Hi,
> >
> >Please bare with me I"m new to Hibernate, Spring and Acegi.
> >
> >I"m using ACEGI to provide the Security framework for my Web Application
and
> >I"m having some issues with my Junit tests.
> >I"m trying to load the Spring Application Context in a JUnit test and I"m
> >getting the following errors.
> >
> >
> >
> >
> Hi Guy
>
> You should be using TestingAuthenticationToken and have the following
> setup in your application context:
>
> <!-- This authentication provider accepts any presented
> TestingAuthenticationToken -->
> <bean id="testingAuthenticationProvider"
> class="net.sf.acegisecurity.providers.TestingAuthenticationProvider"/>
>
> <!-- The authentication manager that iterates through our only
> authentication provider -->
> <bean id="authenticationManager"
> class="net.sf.acegisecurity.providers.ProviderManager">
> <property name="providers">
> <list>
> <ref local="testingAuthenticationProvider"/>
> </list>
> </property>
> </bean>
>
> Having said that, why are you trying to unit test a business object
> which even has Acegi Security wired in front of it? Typically unit tests
> should focus on only the business logic - not the integration with such
> things as security. So I"d recommend you review whether you are even
> loading Acegi Security beans in a test-related application content.
>
> Of course, sometimes just _need_ to test with security enabled. A good
> example is say your business object has code like this:
>
> public Account getAccount(Long number) {
> Account account = accountDao.getAccount(number);
> // Check they have access
> Authentication authentication = ((SecureContext)
> ContextHolder.getContext()).getAuthentication();
> if (authentication.getPrincipal().equals("someUser")) {
> return account;
> } else {
> return account.removeSomeProperties();
> }
> }
>
> In this sort of situation, where your business logic _needs_ Acegi
> Security, you"d use the TestingAuthenticationProvider. Thus you can
> setup the Authentication object with whatever username and
> GrantedAuthority[]s your business logic wants to see. In the above
> example you"d run a TestingAuthenticationToken with "someUser" as the
> principal, probably null as the principal, and probably "notSomeUser" as
> the principal.
>
> HTH
> Ben
>
> PS: The forums at springframework.org are the best place for user
> questions, as it helps develop a long-term searchable archive for new
users.
###########################################
This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange.
For more information, connect to http://www.F-Secure.com/
-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Acegisecurity-developer mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
