Testing for Authorization

[Sandeep Joshi]

Hi All,

I am GSoC student for this year working of Human Resource Module. As part of my first iteration I am writing unit tests.I have this doubt about testing authorization.

I writing my test classes extending BaseModuleContextSensitiveTest. I went through the source code and found there is this authenticate method that is used to authenticate the current user. The method uses admin and test as default username password, I have changed password for admin on my machine. The javadoc says that there will be a popup asking for username and password, I do not get anything like this when I run the tests.

I am testing services and I have authorization constraints implemented using @Authorized annotation on my services. All my tests are green even if I do not call authenticate() method. I am not getting this. I want to test if the authorization constraints are enforced. How to do this? Am I making any conceptual mistake?

Thanks in advance...

Ragerds,

Sandeep

[Darius Jazayeri]

Hi Sandeep,

Are you trying to write a unit test against your own mysql database? (Note that this is not generally recommended, and it's not valid for checked-in unit tests.) If this is what you're trying to do, you need to override the useInMemoryDatabase() method to return false...

Tests that extend BaseModuleContextSensitiveTest will automatically set up an in-memory database according to standardTestDataset.xml, and authenticate you as admin against that database. You can avoid this behavior by using the @SkipBaseSetup annotation.

-Darius

-- OpenMRS Developers: http://go.openmrs.org/dev
Post: d...@openmrs.org
Unsubscribe: dev+uns...@openmrs.org

[Sandeep Joshi]

Thanks Darius, this helps. I am not running tests against my own mysql db.Point I missed is that the user will be picked up from initialInMemoryTestDataSet.xml and not my local db. Thanks again..

--
With Regards
Sandeep Joshi