jakarta-cactus-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vincent Massol" <vmas...@octo.com>
Subject RE: Cactus security checking
Date Wed, 11 Sep 2002 08:07:28 GMT


> -----Original Message-----
> From: Erik Hatcher [mailto:erik@hatcher.net]
> Sent: 10 September 2002 20:49
> To: Vincent Massol; Lesiecki Nicholas
> Subject: Cactus security checking
> 
> I'm going directly to the source on this one - rather than the lists
:)
>   If you want to redirect me to an FAQ or to the list, feel free.

No worries. However, I'm answering to the list as I'm sure others are
facing this issue as well. I'd also like everyone's feedback on the
proposal I'm putting below.

> 
> My team is integrating Cactus tests for session bean testing, and we
> need to do role-based testing to ensure that a certain role cannot
call
> certain methods.
> 
> Is it true that you need a beginXXX to set up security for every test?

With Cactus 1.4, yes, it is true. You do it this way:

webRequest.setAuthentication(
    new BasicAuthentication("testuser", "testpassword"));

With Cactus 1.4 the only solution if you wish to share this is to put it
in a method of its own and call this method from all your XXX tests that
need authentication.

> If so, is there anything that can be done to make this easier so that
we
> could, perhaps, simply write a base class that does the login and
> subclass that for all our test cases and avoid writing a beginXXX for
> every test?
> 
> Thanks, and sorry if this is an FAQ or something I could have found if
I
> tried.

No there isn't anything ATM. We need to invent it! :-)

In Cactus 1.5 in CVS, there is a global begin()/end() but its goal is to
be called only once per test suite (and not per test). From what you
say, we need a begin/end that are called for before and after each test.
This already exist with the setUp()/teardown() but they are called on
the server side. Thus, we need that on the client side.

Hum ...

What about begin(WebRequest) and end(WebResponse) ?

Now, do we leave the global begin()/end() or is it going to be
confusing? Shall we choose other names for the global begin()/end()?
Like init()/destroy()?

Thinking about it, I'm not even sure they are a good idea as it is
possible to achieve the same effect with:

public static Test suite()
{
  return new TestSetup()
  {
    public void setUp()
    {
      // global set up, client side
    }
    public void teardown()
    {
      // global tear down, client side
    }
  }
}

So maybe we should simply remove global begin()/end(), add
begin(WebRequest)/end(WebResponse) and explain the TestSetup() stuff?

Comments?

-Vincent

PS: I can get that implemented very quickly if we reach a consensus.

> 
> 	Erik



--
To unsubscribe, e-mail:   <mailto:cactus-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:cactus-user-help@jakarta.apache.org>


Mime
View raw message