Return-Path: X-Original-To: apmail-cxf-users-archive@www.apache.org Delivered-To: apmail-cxf-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 543AE10EF8 for ; Sat, 12 Oct 2013 16:30:15 +0000 (UTC) Received: (qmail 59690 invoked by uid 500); 12 Oct 2013 16:30:14 -0000 Delivered-To: apmail-cxf-users-archive@cxf.apache.org Received: (qmail 59294 invoked by uid 500); 12 Oct 2013 16:30:08 -0000 Mailing-List: contact users-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cxf.apache.org Delivered-To: mailing list users@cxf.apache.org Received: (qmail 59286 invoked by uid 99); 12 Oct 2013 16:30:05 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 12 Oct 2013 16:30:05 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy includes SPF record at spf.trusted-forwarder.org) Received: from [212.50.160.34] (HELO smtpout.karoo.kcom.com) (212.50.160.34) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 12 Oct 2013 16:29:59 +0000 X-IronPort-AV: E=Sophos;i="4.93,480,1378854000"; d="scan'208";a="38638890" Received: from unknown (HELO tardis.spudsoft) ([91.84.217.110]) by smtpout.karoo.kcom.com with ESMTP; 12 Oct 2013 17:29:37 +0100 Received: from slave.spudsoft ([192.168.1.198]) by tardis.spudsoft with esmtpsa (TLSv1:DHE-RSA-CAMELLIA256-SHA:256) (Exim 4.80.1) (envelope-from ) id 1VV24N-0003w1-J0 for users@cxf.apache.org; Sat, 12 Oct 2013 17:29:35 +0100 Message-ID: <525978E8.2@spudsoft.co.uk> Date: Sat, 12 Oct 2013 17:29:28 +0100 From: Jim Talbut User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 MIME-Version: 1.0 To: users@cxf.apache.org Subject: How to use JUnit to test CXF JAX-RS methods protected by Spring-Security Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Hi, I want to use Spring-Security to protect a bunch of JAX-RS endpoints in a couple of different (independent) applications. One of the applications will start off using basic auth and will probably never progress beyond that, so I could use CXF interceptors to handle the auth. The other application will use CAS, and I'm not aware of any CXF interceptors that handle that. Hence the desire to use Spring-Security. My problem is that I want to be able to have maven run integration tests that validate the method level security on each build (and preferably in the same test cases that test other aspects of the REST interface). Previously I have just carried out my testing by having CXF construct a localhost endpoint, but this means that spring knows nothing about the network side of the tests and thus spring-security isn't used. Is it possible to introduce the Spring-Security filters into the jetty instance created by CXF? If not, is it possible to have a Spring JUnit testcase created as a (real, not mock) servlet container so that CXF can use a relative address? Another thought was to find a way to have the CXF WebClient use a Spring mock endpoint, but I have even less idea about how to do that. Any ideas? Thanks Jim