Re[4]: Subject login/logout in tests

Fri, 21 May 2021 08:05:02 -0700 

Yes, you are right. But what about the question — is it correct to use subject 
login/logout in IT tests?
Not subject mock, but a real subject with real realm work?
 
 
--
Best regards, Alex Orlov
 
  
>Пятница, 21 мая 2021, 17:25 +03:00 от Brian Demers <[email protected]>:
> 
>In your case the subject is bound from `SecurityUtils.getSubject()`
> 
>https://github.com/apache/shiro/blob/df81077726b407f905ba16a9f57ba731b7736375/core/src/main/java/org/apache/shiro/SecurityUtils.java#L53-L60
>  
>On Fri, May 21, 2021 at 12:55 AM Alex Orlov < [email protected] > wrote:
>>Hm… I am sure, that when we do subjec.login(..) then under the hood subject 
>>is bound to the tread.
>>I use the code I posted in integration tests and everything works as 
>>expected. I pass token, I see how
>>my realm does it work.
>> 
>>What did you mean, saying «login and out do not bind the user to the 
>>thread.»? I am saying that after calling
>>subject.login() subject is bound to thread and after subject.logout() subject 
>>is unbound from thread.
>> 
>> 
>>--
>>Best regards, Alex Orlov
>> 
>>  
>>>Четверг, 20 мая 2021, 22:52 +03:00 от Brian Demers < [email protected] 
>>>>:
>>> 
>>>login and out do not bind the user to the thread. Typically I use the 
>>>ThreadContext directly when I need to do anything with threading
>>> 
>>>For example, mock a subject, and bind it to the thread:
>>>https://github.com/apache/shiro/blob/df81077726b407f905ba16a9f57ba731b7736375/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/ShiroSecurityContextTest.groovy#L167-L168
>>>Then unbind it:
>>>https://github.com/apache/shiro/blob/df81077726b407f905ba16a9f57ba731b7736375/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/ShiroSecurityContextTest.groovy#L188
>>>
>>>Though if you are using a "real" subject, you could just use the built in 
>>>thread execution as well:  
>>>https://shiro.apache.org/subject.html#thread-association
>>>   
>>>On Thu, May 20, 2021 at 11:34 AM Alex Orlov < [email protected] > wrote:
>>>>Hello all,
>>>> 
>>>>Can I use in one thread tests subject login/logout. Something like this:
>>>> 
>>>>    @BeforeAll
>>>>    protected void doBeforeAll() {
>>>>        Subject subject = SecurityUtils.getSubject();
>>>>        subject.login(token);
>>>>    }
>>>>    @AfterAll
>>>>    protected void doAfterAll() {
>>>>        Subject subject = SecurityUtils.getSubject();
>>>>        subject.logout();
>>>>    }
>>>> 
>>>>As I understand, subject.login() does thread binding, and subject.logout() 
>>>>does thread unbinding. So, could anyone say
>>>>if this code is correct.
>>>> 
>>>>--
>>>>Best regards, Alex Orlov
>> 
 

Reply via email to