jakarta-cactus-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vincent Massol" <vmas...@octo.com>
Subject RE: followRedirects is false
Date Thu, 31 Oct 2002 15:28:31 GMT


> -----Original Message-----
> From: Charlene Mitchell [mailto:charlene_ml@yahoo.co.uk]
> Sent: 31 October 2002 13:10
> To: Cactus Users List
> Subject: RE: followRedirects is false
> 
> Thanks (yet again) for the reply.
> 
> What I am trying to achieve is actually very simple
> (at the moment).
> 
> For example, I have a method 'getData()' in an EJB, I
> simply want to call this method using Cactus and
> assert whether I get
>   a) data (ok)
>   b) null (fail)
>   c) exception (fail)
> (the Cactus code is written, and looks/compiles fine -
> so no problems there).
> 
> I don't want to test http codes, I don't want to test
> authentication, I just want to test a method.

Hey great. That's exactly the goal of Cactus! :-)

> 
> Since the normal EJB 'getData()' method cannot be
> invoked unless a valid user is logged in to the
> application (due to standard method-level J2EE
> security constraints within ejb-jar.xml), this means
> that the Cactus test also needs a valid user logged in
> (else I will get an authentication exception).

Ah ok. I understand now.

> 
> So, for me, typing the uid/pwd in a login web-page is
> enough, I do not need FormAuthentication class (though
> at the same time I have downloaded the nightly build
> jakarta-cactus-13-20021022.zip and am also trying from
> Ant, but that's another story.)
> 
> So, what happens at the moment is that I type the URL
> of the TestCase in my browser, the Web/AppServer
> decides that I am trying to access a protected
> resource and redirects me to a logon page, I then type
> in my uid/pwd, and then instead of being redirected
> back to the TestCase (now that I am allowed to execute
> it), I see the 302 errors.

Ok. I see. There's much simpler I think. As you say your goal is not to
test authentication. Here's what I would recommend:

- set up your web.xml to use BASIC authentication on the Cactus
redirector.Ex:

  	<security-constraint>
     	<web-resource-collection>
 
<web-resource-name>SecurityRestriction</web-resource-name>
         	<description>Protect the Cactus redirector
servlet.</description>
         	<url-pattern>/ServletRedirector</url-pattern>
         	<http-method>GET</http-method>
         	<http-method>POST</http-method>
     	</web-resource-collection>
     	<auth-constraint>
         	<description>Authorized Users Group</description>
         	<role-name>test</role-name>
     	</auth-constraint>
     	<user-data-constraint>
        	<transport-guarantee>NONE</transport-guarantee>
    	</user-data-constraint>
   	</security-constraint>

    <login-config>
    	<auth-method>BASIC</auth-method>
   	</login-config>

	<security-role>
		<description>Test role</description>
		<role-name>test</role-name>
	</security-role>

- configure your application server to map this role to a physical user
and to pass the credential to the EJB layer
- in beginXXX(), use the BasicAuthentication

        request.setAuthentication(
            new BasicAuthentication("testuser", "testpassword"));

- start the test from wherever you wish: browser, Ant, etc.

Thus no need to sign in, no need to have login page, no need for an
error page, etc.

That's all!

Hope it helps,
-Vincent

> 
> Charlene
> 
>  --- Vincent Massol <vmassol@octo.com> wrote: >
> >
> > > -----Original Message-----
> > > From: Charlene Mitchell
> > [mailto:charlene_ml@yahoo.co.uk]
> > > Sent: 31 October 2002 10:28
> > > To: Cactus Users List
> > > Subject: RE: followRedirects is false
> > >
> > > Hi,
> > >
> > > Thanks for the replies - much appreciated.
> > >
> > > > Following redirect is off in Cactus as Cactus is
> > a
> > > > unit testing tool.
> > > > Thus the idea is that if one of your method on
> > the
> > > > server side returns a
> > > > 302 HTTP response you should be able to assert
> > that
> > > > in endXXX().
> > >
> > > I'm sorry, I don't understand what you mean here.
> > > It is JBoss that is returning a 302 response, not
> > my
> > > application, after redirecting from my test to the
> > > login page and then (presumably) trying to
> > redirect
> > > back to the test.
> >
> > Sorry, my turn to not understand. What do you want
> > to do:
> > 1/ Test that when you access a protected resource,
> > you get a 302
> > or
> > 2/ Do a test on a protected resource (the cactus
> > redirector) and you
> > want to perform Form Authentication in Cactus so
> > that you can test code
> > that uses the security API (isUserInRole(), etc) ?
> >
> > If 2, then you need to use the cactus code in CVS as
> > this is not in
> > Cactus 1.4.1. In addition, there was a bug fixed
> > recently for Form
> > Authentication.
> >
> > >
> > > > That said some persons have expressed a wish to
> > make
> > > > that configurable
> > > > so that follow redirects could be turned on. I
> > think
> > > > it's a good idea. I
> > > > someone wants to submit a patch... :-)
> > > >
> > > > You mention a browser error. How do you start
> > the
> > > > test?
> > >
> > > I simply type the URL in my browser as follows:
> > > http://localhost:19201/myapp-
> > >
> >
> ejbtest/ServletTestRunner?suite=my.package.MyBeanTest
> > >
> >
> > That's fine.
> >
> > > The web.xml file knows to redirect all requests to
> > a
> > > login page where I type my username and password
> > and
> > > then I expect to be redirected back to the test.
> > > This is how the application itself works when you
> > > request a web-page before authenticating so I
> > assumed
> > > that the test could work the same way.
> >
> > It can (see above).
> >
> > >
> > > I will also try testing from within Ant, as you
> > > suggested (thanks for that), but I'm also
> > interested
> > > in getting it working from the browser too.
> >
> > Yes, although it won't work. You need to use the
> > Cactus version in CVS
> > (or a recent nightly build).
> >
> > I'm not sure what your question is in the end. Is
> > it: "I would like to
> > protect the Cactus redirector using Form based
> > authentication so that I
> > can unit test code that uses the servlet security
> > API" ?
> >
> > BTW, with Cactus 1.4.1 you can use
> > BasicAuthentication and it should be
> > transparent for the code using the servlet security
> > API. But if what you
> > wish to test in integration is your setting of the
> > Form authentication
> > then you need Cactus 1.5
> >
> > Cheers,
> > -Vincent
> >
> > >
> > > Thanks
> > >
> > > Charlene
> > >
> > > > > -----Original Message-----
> > > > > From: Charlene Mitchell
> > > > [mailto:charlene_ml@yahoo.co.uk]
> > > > > Sent: 29 October 2002 13:26
> > > > > To: cactus-user@jakarta.apache.org
> > > > > Subject: followRedirects is false
> > > > >
> > > > > Hi,
> > > > >
> > > > > I have a secure EJB application running on
> > > > > JBoss3.0.3/Jetty and I'm trying to integrate
> > some
> > > > > Cactus Unit Tests. I have read the docs and
> > > > created a
> > > > > sample EJB Test, deployed it in a war and
> > added
> > > > > security to the web.xml so that I can
> > authenticate
> > > > and
> > > > > run the tests from a browser.
> > > > >
> > > > > ..but after I log in I get a page back
> > indicating
> > > > an
> > > > > error as follows:
> > > > > BROWSER ERROR
> > > > > =============
> > > > > "Failed to get the test results. This is
> > probably
> > > > due
> > > > > to an error that happened on the server side
> > when
> > > > > trying to execute the tests. Here is what was
> > > > returned
> > > > > by the server : []"
> > > > >
> > > > > This tells me nothing so I look in the JBoss
> > log
> > > > and I
> > > > > see the following:
> > > > > JBOSS ERROR
> > > > > ===========
> > > > > INFO  [wire] >> "Content-type:
> > > > > application/x-www-form-urlencoded"
> > > > > INFO  [wire] >> "Host: localhost"
> > > > > INFO  [wire] >> "User-Agent: Jakarta HTTP
> > > > > Client/2.0.0a1"
> > > > > INFO  [wire] >> \r\n
> > > > > INFO  [wire] << "HTTP/1.1 302 Moved
> > Temporarily"
> > > > > [\r\n]
> > > > > INFO  [wire] << "Date: Tue, 29 Oct 2002
> > 08:16:09
> > > > GMT"
> > > > > [\r\n]
> > > > > INFO  [wire] << "Server: Jetty/4.1.0 (SunOS
> > 5.8
> > > > > sparc)" [\r\n]
> > > > > INFO  [wire] << "Servlet-Engine: Jetty/4.1.0
> > > > (Servlet
> > > > > 2.3; JSP 1.2; java 1.4.0_01)" [\r\n]
> > > > > INFO  [wire] << "Set-Cookie:
> > > > > JSESSIONID=bsp7oiipqikl7;Path=/myapp-ejbtest"
> > > > [\r\n]
> > > > > INFO  [wire] << "Set-Cookie2:
> > > > >
> > > >
> > >
> >
> JSESSIONID=bsp7oiipqikl7;Version=1;Path=/myapp-ejbtest;Discard"
> > > > > [\r\n]
> > > > > INFO  [wire] << "Location:
> > > > >
> > > >
> > >
> >
> http://localhost/myapp-ejbtest/login.html;JSESSIONID=bsp7oiipqikl7"
> > > > > [\r\n]
> > > > > INFO  [wire] << "Transfer-Encoding: chunked"
> > > > [\r\n]
> > > > > INFO  [HttpMethod] HttpMethodBase.execute():
> > > > Received
> > > > > 302 response, but followRedirects is false.
> > > > Returning
> > > > > 302.
> > > > >
> > > > > The WebServer doesn't indicate any error as
> > such:
> > > > > WEB SERVER ERROR
> >
> === message truncated ===
> 
> __________________________________________________
> Do You Yahoo!?
> Everything you'll ever need on one web page
> from News and Sport to Email and Music Charts
> http://uk.my.yahoo.com
> 
> --
> To unsubscribe, e-mail:   <mailto:cactus-user-
> unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:cactus-user-
> help@jakarta.apache.org>



--
To unsubscribe, e-mail:   <mailto:cactus-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:cactus-user-help@jakarta.apache.org>


Mime
View raw message