jakarta-cactus-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lesiecki Nicholas <ndlesie...@yahoo.com>
Subject RE: Cactus security checking
Date Wed, 11 Sep 2002 16:19:15 GMT
+1 on begin(WebRequest) end(WebRequest). I thought that was how it was
done. Serves me right for not looking at the code.

Nick

P.S. Erik always builds out of CVS so the 1.4 limitation won't bother
*him*. :P

--- Vincent Massol <vmassol@octo.com> wrote:
> 
> 
> > -----Original Message-----
> > From: Erik Hatcher [mailto:erik@hatcher.net]
> > Sent: 10 September 2002 20:49
> > To: Vincent Massol; Lesiecki Nicholas
> > Subject: Cactus security checking
> > 
> > I'm going directly to the source on this one - rather than the lists
> :)
> >   If you want to redirect me to an FAQ or to the list, feel free.
> 
> No worries. However, I'm answering to the list as I'm sure others are
> facing this issue as well. I'd also like everyone's feedback on the
> proposal I'm putting below.
> 
> > 
> > My team is integrating Cactus tests for session bean testing, and we
> > need to do role-based testing to ensure that a certain role cannot
> call
> > certain methods.
> > 
> > Is it true that you need a beginXXX to set up security for every test?
> 
> With Cactus 1.4, yes, it is true. You do it this way:
> 
> webRequest.setAuthentication(
>     new BasicAuthentication("testuser", "testpassword"));
> 
> With Cactus 1.4 the only solution if you wish to share this is to put it
> in a method of its own and call this method from all your XXX tests that
> need authentication.
> 
> > If so, is there anything that can be done to make this easier so that
> we
> > could, perhaps, simply write a base class that does the login and
> > subclass that for all our test cases and avoid writing a beginXXX for
> > every test?
> > 
> > Thanks, and sorry if this is an FAQ or something I could have found if
> I
> > tried.
> 
> No there isn't anything ATM. We need to invent it! :-)
> 
> In Cactus 1.5 in CVS, there is a global begin()/end() but its goal is to
> be called only once per test suite (and not per test). From what you
> say, we need a begin/end that are called for before and after each test.
> This already exist with the setUp()/teardown() but they are called on
> the server side. Thus, we need that on the client side.
> 
> Hum ...
> 
> What about begin(WebRequest) and end(WebResponse) ?
> 
> Now, do we leave the global begin()/end() or is it going to be
> confusing? Shall we choose other names for the global begin()/end()?
> Like init()/destroy()?
> 
> Thinking about it, I'm not even sure they are a good idea as it is
> possible to achieve the same effect with:
> 
> public static Test suite()
> {
>   return new TestSetup()
>   {
>     public void setUp()
>     {
>       // global set up, client side
>     }
>     public void teardown()
>     {
>       // global tear down, client side
>     }
>   }
> }
> 
> So maybe we should simply remove global begin()/end(), add
> begin(WebRequest)/end(WebResponse) and explain the TestSetup() stuff?
> 
> Comments?
> 
> -Vincent
> 
> PS: I can get that implemented very quickly if we reach a consensus.
> 
> > 
> > 	Erik
> 
> 


__________________________________________________
Yahoo! - We Remember
9-11: A tribute to the more than 3,000 lives lost
http://dir.remember.yahoo.com/tribute

--
To unsubscribe, e-mail:   <mailto:cactus-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:cactus-user-help@jakarta.apache.org>


Mime
View raw message