Return-Path: Delivered-To: apmail-jakarta-cactus-user-archive@apache.org Received: (qmail 62740 invoked from network); 31 Oct 2002 15:29:49 -0000 Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131) by daedalus.apache.org with SMTP; 31 Oct 2002 15:29:49 -0000 Received: (qmail 14972 invoked by uid 97); 31 Oct 2002 15:30:37 -0000 Delivered-To: qmlist-jakarta-archive-cactus-user@jakarta.apache.org Received: (qmail 14934 invoked by uid 97); 31 Oct 2002 15:30:37 -0000 Mailing-List: contact cactus-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Cactus Users List" Reply-To: "Cactus Users List" Delivered-To: mailing list cactus-user@jakarta.apache.org Received: (qmail 14917 invoked by uid 98); 31 Oct 2002 15:30:36 -0000 X-Antivirus: nagoya (v4218 created Aug 14 2002) From: "Vincent Massol" To: "'Cactus Users List'" Subject: RE: followRedirects is false Date: Thu, 31 Oct 2002 15:28:31 -0000 Organization: OCTO Technology Message-ID: <00b701c280f2$2b618ed0$0200a8c0@octovma> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4024 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <20021031130959.99518.qmail@web21502.mail.yahoo.com> X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N > -----Original Message----- > From: Charlene Mitchell [mailto:charlene_ml@yahoo.co.uk] > Sent: 31 October 2002 13:10 > To: Cactus Users List > Subject: RE: followRedirects is false > > Thanks (yet again) for the reply. > > What I am trying to achieve is actually very simple > (at the moment). > > For example, I have a method 'getData()' in an EJB, I > simply want to call this method using Cactus and > assert whether I get > a) data (ok) > b) null (fail) > c) exception (fail) > (the Cactus code is written, and looks/compiles fine - > so no problems there). > > I don't want to test http codes, I don't want to test > authentication, I just want to test a method. Hey great. That's exactly the goal of Cactus! :-) > > Since the normal EJB 'getData()' method cannot be > invoked unless a valid user is logged in to the > application (due to standard method-level J2EE > security constraints within ejb-jar.xml), this means > that the Cactus test also needs a valid user logged in > (else I will get an authentication exception). Ah ok. I understand now. > > So, for me, typing the uid/pwd in a login web-page is > enough, I do not need FormAuthentication class (though > at the same time I have downloaded the nightly build > jakarta-cactus-13-20021022.zip and am also trying from > Ant, but that's another story.) > > So, what happens at the moment is that I type the URL > of the TestCase in my browser, the Web/AppServer > decides that I am trying to access a protected > resource and redirects me to a logon page, I then type > in my uid/pwd, and then instead of being redirected > back to the TestCase (now that I am allowed to execute > it), I see the 302 errors. Ok. I see. There's much simpler I think. As you say your goal is not to test authentication. Here's what I would recommend: - set up your web.xml to use BASIC authentication on the Cactus redirector.Ex:

SecurityRestriction

Protect the Cactus redirector servlet.

/ServletRedirector

GET

POST

Authorized Users Group

test

NONE

BASIC

Test role

test

- configure your application server to map this role to a physical user and to pass the credential to the EJB layer - in beginXXX(), use the BasicAuthentication request.setAuthentication( new BasicAuthentication("testuser", "testpassword")); - start the test from wherever you wish: browser, Ant, etc. Thus no need to sign in, no need to have login page, no need for an error page, etc. That's all! Hope it helps, -Vincent > > Charlene > > --- Vincent Massol wrote: > > > > > > -----Original Message----- > > > From: Charlene Mitchell > > [mailto:charlene_ml@yahoo.co.uk] > > > Sent: 31 October 2002 10:28 > > > To: Cactus Users List > > > Subject: RE: followRedirects is false > > > > > > Hi, > > > > > > Thanks for the replies - much appreciated. > > > > > > > Following redirect is off in Cactus as Cactus is > > a > > > > unit testing tool. > > > > Thus the idea is that if one of your method on > > the > > > > server side returns a > > > > 302 HTTP response you should be able to assert > > that > > > > in endXXX(). > > > > > > I'm sorry, I don't understand what you mean here. > > > It is JBoss that is returning a 302 response, not > > my > > > application, after redirecting from my test to the > > > login page and then (presumably) trying to > > redirect > > > back to the test. > > > > Sorry, my turn to not understand. What do you want > > to do: > > 1/ Test that when you access a protected resource, > > you get a 302 > > or > > 2/ Do a test on a protected resource (the cactus > > redirector) and you > > want to perform Form Authentication in Cactus so > > that you can test code > > that uses the security API (isUserInRole(), etc) ? > > > > If 2, then you need to use the cactus code in CVS as > > this is not in > > Cactus 1.4.1. In addition, there was a bug fixed > > recently for Form > > Authentication. > > > > > > > > > That said some persons have expressed a wish to > > make > > > > that configurable > > > > so that follow redirects could be turned on. I > > think > > > > it's a good idea. I > > > > someone wants to submit a patch... :-) > > > > > > > > You mention a browser error. How do you start > > the > > > > test? > > > > > > I simply type the URL in my browser as follows: > > > http://localhost:19201/myapp- > > > > > > ejbtest/ServletTestRunner?suite=my.package.MyBeanTest > > > > > > > That's fine. > > > > > The web.xml file knows to redirect all requests to > > a > > > login page where I type my username and password > > and > > > then I expect to be redirected back to the test. > > > This is how the application itself works when you > > > request a web-page before authenticating so I > > assumed > > > that the test could work the same way. > > > > It can (see above). > > > > > > > > I will also try testing from within Ant, as you > > > suggested (thanks for that), but I'm also > > interested > > > in getting it working from the browser too. > > > > Yes, although it won't work. You need to use the > > Cactus version in CVS > > (or a recent nightly build). > > > > I'm not sure what your question is in the end. Is > > it: "I would like to > > protect the Cactus redirector using Form based > > authentication so that I > > can unit test code that uses the servlet security > > API" ? > > > > BTW, with Cactus 1.4.1 you can use > > BasicAuthentication and it should be > > transparent for the code using the servlet security > > API. But if what you > > wish to test in integration is your setting of the > > Form authentication > > then you need Cactus 1.5 > > > > Cheers, > > -Vincent > > > > > > > > Thanks > > > > > > Charlene > > > > > > > > -----Original Message----- > > > > > From: Charlene Mitchell > > > > [mailto:charlene_ml@yahoo.co.uk] > > > > > Sent: 29 October 2002 13:26 > > > > > To: cactus-user@jakarta.apache.org > > > > > Subject: followRedirects is false > > > > > > > > > > Hi, > > > > > > > > > > I have a secure EJB application running on > > > > > JBoss3.0.3/Jetty and I'm trying to integrate > > some > > > > > Cactus Unit Tests. I have read the docs and > > > > created a > > > > > sample EJB Test, deployed it in a war and > > added > > > > > security to the web.xml so that I can > > authenticate > > > > and > > > > > run the tests from a browser. > > > > > > > > > > ..but after I log in I get a page back > > indicating > > > > an > > > > > error as follows: > > > > > BROWSER ERROR > > > > > ============= > > > > > "Failed to get the test results. This is > > probably > > > > due > > > > > to an error that happened on the server side > > when > > > > > trying to execute the tests. Here is what was > > > > returned > > > > > by the server : []" > > > > > > > > > > This tells me nothing so I look in the JBoss > > log > > > > and I > > > > > see the following: > > > > > JBOSS ERROR > > > > > =========== > > > > > INFO [wire] >> "Content-type: > > > > > application/x-www-form-urlencoded" > > > > > INFO [wire] >> "Host: localhost" > > > > > INFO [wire] >> "User-Agent: Jakarta HTTP > > > > > Client/2.0.0a1" > > > > > INFO [wire] >> \r\n > > > > > INFO [wire] << "HTTP/1.1 302 Moved > > Temporarily" > > > > > [\r\n] > > > > > INFO [wire] << "Date: Tue, 29 Oct 2002 > > 08:16:09 > > > > GMT" > > > > > [\r\n] > > > > > INFO [wire] << "Server: Jetty/4.1.0 (SunOS > > 5.8 > > > > > sparc)" [\r\n] > > > > > INFO [wire] << "Servlet-Engine: Jetty/4.1.0 > > > > (Servlet > > > > > 2.3; JSP 1.2; java 1.4.0_01)" [\r\n] > > > > > INFO [wire] << "Set-Cookie: > > > > > JSESSIONID=bsp7oiipqikl7;Path=/myapp-ejbtest" > > > > [\r\n] > > > > > INFO [wire] << "Set-Cookie2: > > > > > > > > > > > > > > > JSESSIONID=bsp7oiipqikl7;Version=1;Path=/myapp-ejbtest;Discard" > > > > > [\r\n] > > > > > INFO [wire] << "Location: > > > > > > > > > > > > > > > http://localhost/myapp-ejbtest/login.html;JSESSIONID=bsp7oiipqikl7" > > > > > [\r\n] > > > > > INFO [wire] << "Transfer-Encoding: chunked" > > > > [\r\n] > > > > > INFO [HttpMethod] HttpMethodBase.execute(): > > > > Received > > > > > 302 response, but followRedirects is false. > > > > Returning > > > > > 302. > > > > > > > > > > The WebServer doesn't indicate any error as > > such: > > > > > WEB SERVER ERROR > > > === message truncated === > > __________________________________________________ > Do You Yahoo!? > Everything you'll ever need on one web page > from News and Sport to Email and Music Charts > http://uk.my.yahoo.com > > -- > To unsubscribe, e-mail: unsubscribe@jakarta.apache.org> > For additional commands, e-mail: help@jakarta.apache.org> -- To unsubscribe, e-mail: For additional commands, e-mail: