jakarta-cactus-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erik Hatcher <li...@ehatchersolutions.com>
Subject Re: Cactus security checking
Date Wed, 11 Sep 2002 13:12:29 GMT
Vincent,

	+1 on your suggestions of begin/end method refactoring!

Thanks,
	Erik


Vincent Massol wrote:
> 
>>-----Original Message-----
>>From: Erik Hatcher [mailto:erik@hatcher.net]
>>Sent: 10 September 2002 20:49
>>To: Vincent Massol; Lesiecki Nicholas
>>Subject: Cactus security checking
>>
>>I'm going directly to the source on this one - rather than the lists
> 
> :)
> 
>>  If you want to redirect me to an FAQ or to the list, feel free.
> 
> 
> No worries. However, I'm answering to the list as I'm sure others are
> facing this issue as well. I'd also like everyone's feedback on the
> proposal I'm putting below.
> 
> 
>>My team is integrating Cactus tests for session bean testing, and we
>>need to do role-based testing to ensure that a certain role cannot
> 
> call
> 
>>certain methods.
>>
>>Is it true that you need a beginXXX to set up security for every test?
> 
> 
> With Cactus 1.4, yes, it is true. You do it this way:
> 
> webRequest.setAuthentication(
>     new BasicAuthentication("testuser", "testpassword"));
> 
> With Cactus 1.4 the only solution if you wish to share this is to put it
> in a method of its own and call this method from all your XXX tests that
> need authentication.
> 
> 
>>If so, is there anything that can be done to make this easier so that
> 
> we
> 
>>could, perhaps, simply write a base class that does the login and
>>subclass that for all our test cases and avoid writing a beginXXX for
>>every test?
>>
>>Thanks, and sorry if this is an FAQ or something I could have found if
> 
> I
> 
>>tried.
> 
> 
> No there isn't anything ATM. We need to invent it! :-)
> 
> In Cactus 1.5 in CVS, there is a global begin()/end() but its goal is to
> be called only once per test suite (and not per test). From what you
> say, we need a begin/end that are called for before and after each test.
> This already exist with the setUp()/teardown() but they are called on
> the server side. Thus, we need that on the client side.
> 
> Hum ...
> 
> What about begin(WebRequest) and end(WebResponse) ?
> 
> Now, do we leave the global begin()/end() or is it going to be
> confusing? Shall we choose other names for the global begin()/end()?
> Like init()/destroy()?
> 
> Thinking about it, I'm not even sure they are a good idea as it is
> possible to achieve the same effect with:
> 
> public static Test suite()
> {
>   return new TestSetup()
>   {
>     public void setUp()
>     {
>       // global set up, client side
>     }
>     public void teardown()
>     {
>       // global tear down, client side
>     }
>   }
> }
> 
> So maybe we should simply remove global begin()/end(), add
> begin(WebRequest)/end(WebResponse) and explain the TestSetup() stuff?
> 
> Comments?
> 
> -Vincent
> 
> PS: I can get that implemented very quickly if we reach a consensus.
> 
> 
>>	Erik
> 
> 
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:cactus-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:cactus-user-help@jakarta.apache.org>
> 
> 
> 



--
To unsubscribe, e-mail:   <mailto:cactus-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:cactus-user-help@jakarta.apache.org>


Mime
View raw message