I have had issues with acquiring thread context subjects with securityutils.getsubject(). I used to get subjects of a previous user. I switched to subject builder and it solved all my issues. ________________________________ From: Brian Demers <[email protected]> Sent: Friday, 21 May, 2021, 8:37 pm To: Alex Orlov Cc: [email protected] Subject: Re: Re[4]: Subject login/logout in tests
Yes, it's totally fine. You can use a Subject Builder, instead of the SecurityUtils: https://shiro.apache.org/subject.html#Subject-Subject.Builder And `subject.execute()`, and you should be able to avoid any before/after test cleanup. But either option works ;) On Fri, May 21, 2021 at 10:34 AM Alex Orlov <[email protected]<mailto:[email protected]>> wrote: Yes, you are right. But what about the question — is it correct to use subject login/logout in IT tests? Not subject mock, but a real subject with real realm work? -- Best regards, Alex Orlov Пятница, 21 мая 2021, 17:25 +03:00 от Brian Demers <[email protected]<mailto:[email protected]>>: In your case the subject is bound from `SecurityUtils.getSubject()` https://github.com/apache/shiro/blob/df81077726b407f905ba16a9f57ba731b7736375/core/src/main/java/org/apache/shiro/SecurityUtils.java#L53-L60 On Fri, May 21, 2021 at 12:55 AM Alex Orlov <[email protected]<//e.mail.ru/compose/?mailto=mailto%[email protected]>> wrote: Hm… I am sure, that when we do subjec.login(..) then under the hood subject is bound to the tread. I use the code I posted in integration tests and everything works as expected. I pass token, I see how my realm does it work. What did you mean, saying «login and out do not bind the user to the thread.»? I am saying that after calling subject.login() subject is bound to thread and after subject.logout() subject is unbound from thread. -- Best regards, Alex Orlov Четверг, 20 мая 2021, 22:52 +03:00 от Brian Demers <[email protected]<//e.mail.ru/compose/?mailto=mailto%[email protected]>>: login and out do not bind the user to the thread. Typically I use the ThreadContext directly when I need to do anything with threading For example, mock a subject, and bind it to the thread: https://github.com/apache/shiro/blob/df81077726b407f905ba16a9f57ba731b7736375/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/ShiroSecurityContextTest.groovy#L167-L168 Then unbind it: https://github.com/apache/shiro/blob/df81077726b407f905ba16a9f57ba731b7736375/support/jaxrs/src/test/groovy/org/apache/shiro/web/jaxrs/ShiroSecurityContextTest.groovy#L188 Though if you are using a "real" subject, you could just use the built in thread execution as well: https://shiro.apache.org/subject.html#thread-association On Thu, May 20, 2021 at 11:34 AM Alex Orlov <[email protected]<http://e.mail.ru/compose/?mailto=mailto%[email protected]>> wrote: Hello all, Can I use in one thread tests subject login/logout. Something like this: @BeforeAll protected void doBeforeAll() { Subject subject = SecurityUtils.getSubject(); subject.login(token); } @AfterAll protected void doAfterAll() { Subject subject = SecurityUtils.getSubject(); subject.logout(); } As I understand, subject.login() does thread binding, and subject.logout() does thread unbinding. So, could anyone say if this code is correct. -- Best regards, Alex Orlov
