Mocking SecurityContext

170 views
Skip to first unread message

uris77

unread,
Oct 8, 2011, 2:12:31 AM10/8/11
to grails-jaxrs-discuss
I need to mock SecurityContext while doing an Integration Test. When I
run the app, I can access SecurityContext, but when I run an
Integration test, it fails because SecurityContext.getSubject()
returns null.

Martin Krasser

unread,
Oct 9, 2011, 1:33:13 PM10/9/11
to grails-jax...@googlegroups.com

Am 08.10.11 08:12, schrieb uris77:

How do you think that mocking the SecurityContext is related to the
grails-jaxrs plugin? Can't you set a mock security context during
setUp() of the integration test? Since I've never used the Spring
security plugin, I cannot tell you how to do that but I wonder why
grails-jaxrs should need to know about that security context.


--
Martin Krasser

blog: http://krasserm.blogspot.com
code: http://github.com/krasserm
twitter: http://twitter.com/mrt1nz

Michael Corum

unread,
Oct 9, 2011, 2:41:21 PM10/9/11
to grails-jax...@googlegroups.com
Well, I would suspect that it is because of the mocking environment that
jax-rs requires for integration tests. It essentially has its own versions
of the grails spring security contexts. This is why I was never able to
solve the problems with Spring-ldap and jax-rs in integration tests.

Mike

Martin Krasser

unread,
Oct 10, 2011, 12:39:15 PM10/10/11
to grails-jax...@googlegroups.com

Am 09.10.11 20:41, schrieb Michael Corum:


> Well, I would suspect that it is because of the mocking environment that
> jax-rs requires for integration tests. It essentially has its own versions
> of the grails spring security contexts.

Where do you think the plugin is doing that? Can you point me to the
relevant piece of source code?

Roberto Guerra

unread,
Oct 10, 2011, 11:57:23 PM10/10/11
to grails-jax...@googlegroups.com
I figured it out. So the reason I wanted to mock SecurityContext is because I have a function like so:

Response readAll(@Context SecurityContext sc){
def principal = sc.getUserPrincipal()
//Get user associated with principal and do stuff.
}

I need the user because I log what user modifies a record and I also need to check if the user has sufficient permissions to view/modify the record. I'm using the shiro plugin so there are other things going on and I realized I can actually forego the whole SecurityContext thingy by using org.apache.shiro.SecurityUtils.

Thanks anyway.
--
Brother let your heart be wounded
And give no mercy to your fear

Reply all
Reply to author
Forward
0 new messages