axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eran Chinthaka <>
Subject Re: [Axix2] [Vote] Move rampart, rahas and secpolicy modules of axis2 out into a new project
Date Sun, 07 Jan 2007 16:11:21 GMT
Hash: SHA1

David Illsley wrote:
> I'm dead against moving security out of the axis2 build and leaving a
> substantial amount of security tests in the axis2 builds. The converse
> to an earlier argument is also true, namely that axis2 becomes
> dependant on rampart to build and that people working on rampart won't
> see the axis2 build failures.

+1. And +1 for setting up the continuum build.

But this is different from the point I wanna make. Forgive me if my
explanation made you all think some thing else.

What I was continuously pointing out was lack of integration tests Axis2
has on its own. The security tests Ruchith had written, which are in
integration module, were testing the real Axis2 integration stuff
together with his security scenarios. What I was asking is to understand
 the exact integration scenarios those security tests are testing, in
security tests, and write new set of tests Axis2, without depending on
security or any other tests.

Let me give you an example. IIRC, Security scenario 1 test fails, if the
addressing handlers are not engaged. This tests, the module deployment
functionality, handler integration mechanism, execution chains and the
addressing module. If we move this scenario 1 test out from Axis2, then
what I ask is some one to write a new tests to test the above

Please understand that I never wanted to keep security tests inside
Axis2, when the rampart is moved out. Yes I also against it.

One could argue that continuum will fix the problem. But IMHO, it won't.
The reason is none will check with continuum for each and every commit.
So the only option is to run continuum as a cron job, once a day. By the
time continuum fails and generates a mail, there can be numerous commits
done to the commit. So everyone is having trouble fixing the problem.

Since I believe in prevention than cure :), let's add some more
integration tests in to Axis2, to fill the vacuum created due to the
removal of security tests. Since we always run all the tests in Axis2,
before committing anything, you will get to know the problem before
hand, rather than waiting for continuum. But yes, continuum will point
out the effect of a change in Axis2 to some other dependent project. But
the changes I am referring are critical for Axis2.

When I was doing changes to Axis2, getting the integration tests passed,
especially the security tests, was the most challenging part, at least
for me. I assume it is the same for everyone out there.

Ruchith, you can remember we talked about this some time back, meaning
the importance of security integration tests. If what I am talking is
unclear, please add more to this discussion.


Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message