tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Burch <>
Subject Re: New unit tests for Authenticators and SingleSignOn
Date Sat, 14 Jan 2012 23:33:13 GMT
On 15/01/12 04:16, Mark Thomas wrote:
> On 14/01/2012 08:24, Brian Burch wrote:
>> I realise everyone will be busy on the 7.0.24 release, so don't let this
>> distract you - it isn't urgent.
> I had to fix a failing unit test so it was no bother.

Thanks very much, Mark.

> I've added this to trunk and will port it to 7.0.x once I have taken a
> closer look at it. The only change so far is to remove the author tag
> which we no longer add in Tomcat. You'll get full credit in the commit
> messages and the change log.

It wasn't my ego that made me put it there! I used one of the older 
tests as my template and tried to follow the style... this class doesn't 
look much like any junit test I've written before, but I believe 
maintaining project style is very important. Once a new test class works 
in the trunk, it will be most likely only looked at by people who are 
either fixing a new bug, or trying to understand an existing contract.

The only aspect that leaves me feeling slightly uncomfortable is my use 
of session timeouts. The main point of the SSO tests (as well as 
confirming obvious behaviour, of course), is to verify that SSO sessions 
time out properly. I did this by modelling the "real world", using http 
status codes and short timeouts, but making them long enough for the 
tomcat background thread to reliably clean them out (i.e. trigger 
listener methods) when expected.

I resisted the temptation to..
a) reconfigure the background thread to scan for expired sessions more 
and b) write a test-only event listener to confirm session expiry.

My decision was to make the tests easily understandable by people who 
don't have much internals knowledge. Also, the authenticators are 
responsible for setting and returning the error status codes and I 
didn't like the idea of skipping that logic.

The price is a few extra 5-10 second sleeps, but I felt this was 
negligible compared to starting and stopping tomcat hundreds 
(thousands?) of times in a full test run.

Do you approve of my design decision?

I will wait a couple of days in case you have any detailed observations 
(and changes). Then I'll make the next SSO-enabled test look consistent 
and submit it.


> Mark
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message