• Like
  • Save
Testing the Grails Spring Security Plugins
Upcoming SlideShare
Loading in...5
×
 

Testing the Grails Spring Security Plugins

on

  • 2,398 views

Talk at http://greach.es/ 2013 on testing Grails applications that use the Spring Security plugins

Talk at http://greach.es/ 2013 on testing Grails applications that use the Spring Security plugins

Statistics

Views

Total Views
2,398
Views on SlideShare
2,249
Embed Views
149

Actions

Likes
0
Downloads
18
Comments
0

4 Embeds 149

http://greach.es 125
http://librosweb.es 22
https://twitter.com 1
https://www.google.co.uk 1

Accessibility

Categories

Upload Details

Uploaded via as OpenOffice

Usage Rights

CC Attribution-ShareAlike LicenseCC Attribution-ShareAlike License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Testing the Grails Spring Security Plugins Testing the Grails Spring Security Plugins Presentation Transcript

    • Testing the Grails Spring Security PluginsBurt Beckwith, SpringSource@burtbeckwithhttp://burtbeckwith.com/blog/ CONFIDENTIAL © 2010 SpringSource, A division of VMware. All rights reserved
    • Unit tests are not an option CONFIDENTIAL 2
    • Unit Tests Spring Security is implemented as a filter chain • If you use unit testing, mocks, etc. you only test the mocks CONFIDENTIAL 3
    • Ok, so what about integration tests? CONFIDENTIAL 4
    • Integration Tests Spring Security is implemented as a filter chain • If you use integration testing, mock request, response, etc. you still dont have a real filter chain CONFIDENTIAL 5
    • But there are uses for integration tests CONFIDENTIAL 6
    • Integration Tests Grails integration tests are unit tests + Spring + DB + plugins • So you can test the configuration Theres no servlet container, but you can test services • So ACL testing (both Spring Security and Shiro) is a good fit here CONFIDENTIAL 7
    • Damn, so I have to use functional tests? CONFIDENTIAL 8
    • Yes.CONFIDENTIAL 9
    • Functional tests Ideal for security testing • Make many real requests against a real, properly configured web server • Test authentication, authorization, configuration - everything CONFIDENTIAL 10
    • Functional tests Functional test plugins • I use http://grails.org/plugin/functional-test (version 1.2.7) • Geb is a great option - http://www.gebish.org/ • Webdriver/Selenium • jQuery selector syntax • Spock, JUnit & TestNG • Actively developed, active mailing list CONFIDENTIAL 11
    • Grails functional-test plugin Apache Commons HttpClient to make GET/POST requests HtmlUnit to parse responses JUnit 3 base class with helper methods 2.0 is in development, but I still use 1.2.7 • NEVER RUN create-functional-test script – will overwrite grails- app/conf files CONFIDENTIAL 12
    • Grails functional-test plugin Usage • Add plugin dependency in BuildConfig.groovy • test :functional-test:1.2.7 • Will fail to resolve dependencies on first compile • Fatal error during compilation org.apache.tools.ant.BuildException: java.lang.NoClassDefFoundError: Lcom/gargoylesoftware/htmlunit/html/HTMLParser$Html UnitDOMBuilder • Just run grails compile again CONFIDENTIAL 13
    • Grails functional-test plugin Creating test classes • NEVER RUN create-functional-test script – will overwrite grails- app/conf files • Just create a class in test/functional that extends functionaltestplugin.FunctionalTestCase CONFIDENTIAL 14
    • Grails functional-test plugin import functionaltestplugin.FunctionalTestCase class LoginTests extends FunctionalTestCase { void testSomeWebsiteFeature() { // Here call get(uri) or post(uri) to start // the session and then use the custom // assertXXXX calls etc to check the response // // get(/something) // assertStatus 200 // assertContentContains the expected text } } CONFIDENTIAL 15
    • How to find all controller actions? import grails.web.Action ... def data = [] for (controller in grailsApplication.controllerClasses) { List<String> actions = controller.clazz.methods.findAll( { it.getAnnotation(Action) })*.name data << [controller: controller.logicalPropertyName, controllerName: controller.fullName, actions: actions.sort()] } CONFIDENTIAL 16
    • How to find all controller actions?[controller:book, controllerName:greach.BookController, actions:[create, delete, edit, list, save, show, update]][controller:errors, controllerName:greach.ErrorsController, actions:[error403, error404, error500]][controller:login, controllerName:LoginController, actions: [ajaxDenied, ajaxSuccess, auth, authAjax, authfail, denied, full, index]][controller:logout, controllerName:LogoutController, actions:[index]][controller:secure, controllerName:greach.SecureController, actions:[admin, index, user]] CONFIDENTIAL 17
    • DemoCONFIDENTIAL 18