Hello,
I'm writing acceptance Junit tests for a Spring-MVC web
application that uses Shiro for its security.
Within these tests, I can login/logout as different users, no
problem, so long as there is only ever 1 logged in user - this is
pretty straightforward as the tests run synchronously.
What I'm trying to test now is simulating the case where 2 users are
simultaneously logged in , and are trying to access a resource. We
have some complicated business rules
involving permissions on who has is authorized to access a
contested resource, that I'd like to test.
So the psuedo-code for my test is:
loginAsUser1;
accessResource(user1);
loginAsUser2;
assertUser2CanOrCannotAccessResource(user2);
Since this all exceutes in a single thread, I'm not at all sure this
faithfully represents what would be going on in a multithreaded web
application.
For example, when user2 logs in, does Shiro logout user1? Can there be
2 principals(users) associated with a single Shiro session in the same
thread?
Alternatively, should I do the user2 operations in a Runnable in a
new thread? E.g.,
loginAsUser1;
accessResource(user1);
runinNewThread( user2 login, checkResourceAccess);
joinThreads
I've looked a bit into classes like SubjectAwareEXecutorService but
I don't think this is right for this situation - this class runs a
currently authenticated users's task in a new thread.
Any pointers would be greatly appreciated.
Thanks,
Richard Adams
