0
Testing the Grails Spring Security PluginsBurt Beckwith, SpringSource@burtbeckwithhttp://burtbeckwith.com/blog/           ...
Unit tests are not an option           CONFIDENTIAL        2
Unit Tests Spring Security is implemented as a filter chain • If you use unit testing, mocks, etc.   you only test the mo...
Ok, so what about integration tests?               CONFIDENTIAL            4
Integration Tests Spring Security is implemented as a filter chain • If you use integration testing, mock   request, resp...
But there are uses for integration tests                 CONFIDENTIAL              6
Integration Tests Grails integration tests are unit tests + Spring + DB + plugins • So you can test the configuration Th...
Damn, so I have to use functional tests?                 CONFIDENTIAL              8
Yes.CONFIDENTIAL   9
Functional tests Ideal for security testing  • Make many real requests against a real, properly configured web server  • ...
Functional tests Functional test plugins • I use http://grails.org/plugin/functional-test (version 1.2.7) • Geb is a grea...
Grails functional-test plugin Apache Commons HttpClient to make GET/POST requests HtmlUnit to parse responses JUnit 3 b...
Grails functional-test plugin Usage • Add plugin dependency in BuildConfig.groovy   • test :functional-test:1.2.7 • Will ...
Grails functional-test plugin Creating test classes • NEVER RUN create-functional-test script – will overwrite grails-   ...
Grails functional-test plugin  import functionaltestplugin.FunctionalTestCase  class LoginTests extends FunctionalTestCase...
How to find all controller actions?  import grails.web.Action  ...  def data = []  for (controller in grailsApplication.co...
How to find all controller actions?[controller:book, controllerName:greach.BookController, actions:[create, delete, edit, ...
DemoCONFIDENTIAL   18
Upcoming SlideShare
Loading in...5
×

Testing the Grails Spring Security Plugins

2,257

Published on

Talk at http://greach.es/ 2013 on testing Grails applications that use the Spring Security plugins

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,257
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
23
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Testing the Grails Spring Security Plugins"

  1. 1. Testing the Grails Spring Security PluginsBurt Beckwith, SpringSource@burtbeckwithhttp://burtbeckwith.com/blog/ CONFIDENTIAL © 2010 SpringSource, A division of VMware. All rights reserved
  2. 2. Unit tests are not an option CONFIDENTIAL 2
  3. 3. Unit Tests Spring Security is implemented as a filter chain • If you use unit testing, mocks, etc. you only test the mocks CONFIDENTIAL 3
  4. 4. Ok, so what about integration tests? CONFIDENTIAL 4
  5. 5. Integration Tests Spring Security is implemented as a filter chain • If you use integration testing, mock request, response, etc. you still dont have a real filter chain CONFIDENTIAL 5
  6. 6. But there are uses for integration tests CONFIDENTIAL 6
  7. 7. Integration Tests Grails integration tests are unit tests + Spring + DB + plugins • So you can test the configuration Theres no servlet container, but you can test services • So ACL testing (both Spring Security and Shiro) is a good fit here CONFIDENTIAL 7
  8. 8. Damn, so I have to use functional tests? CONFIDENTIAL 8
  9. 9. Yes.CONFIDENTIAL 9
  10. 10. Functional tests Ideal for security testing • Make many real requests against a real, properly configured web server • Test authentication, authorization, configuration - everything CONFIDENTIAL 10
  11. 11. Functional tests Functional test plugins • I use http://grails.org/plugin/functional-test (version 1.2.7) • Geb is a great option - http://www.gebish.org/ • Webdriver/Selenium • jQuery selector syntax • Spock, JUnit & TestNG • Actively developed, active mailing list CONFIDENTIAL 11
  12. 12. Grails functional-test plugin Apache Commons HttpClient to make GET/POST requests HtmlUnit to parse responses JUnit 3 base class with helper methods 2.0 is in development, but I still use 1.2.7 • NEVER RUN create-functional-test script – will overwrite grails- app/conf files CONFIDENTIAL 12
  13. 13. Grails functional-test plugin Usage • Add plugin dependency in BuildConfig.groovy • test :functional-test:1.2.7 • Will fail to resolve dependencies on first compile • Fatal error during compilation org.apache.tools.ant.BuildException: java.lang.NoClassDefFoundError: Lcom/gargoylesoftware/htmlunit/html/HTMLParser$Html UnitDOMBuilder • Just run grails compile again CONFIDENTIAL 13
  14. 14. Grails functional-test plugin Creating test classes • NEVER RUN create-functional-test script – will overwrite grails- app/conf files • Just create a class in test/functional that extends functionaltestplugin.FunctionalTestCase CONFIDENTIAL 14
  15. 15. Grails functional-test plugin import functionaltestplugin.FunctionalTestCase class LoginTests extends FunctionalTestCase { void testSomeWebsiteFeature() { // Here call get(uri) or post(uri) to start // the session and then use the custom // assertXXXX calls etc to check the response // // get(/something) // assertStatus 200 // assertContentContains the expected text } } CONFIDENTIAL 15
  16. 16. How to find all controller actions? import grails.web.Action ... def data = [] for (controller in grailsApplication.controllerClasses) { List<String> actions = controller.clazz.methods.findAll( { it.getAnnotation(Action) })*.name data << [controller: controller.logicalPropertyName, controllerName: controller.fullName, actions: actions.sort()] } CONFIDENTIAL 16
  17. 17. How to find all controller actions?[controller:book, controllerName:greach.BookController, actions:[create, delete, edit, list, save, show, update]][controller:errors, controllerName:greach.ErrorsController, actions:[error403, error404, error500]][controller:login, controllerName:LoginController, actions: [ajaxDenied, ajaxSuccess, auth, authAjax, authfail, denied, full, index]][controller:logout, controllerName:LogoutController, actions:[index]][controller:secure, controllerName:greach.SecureController, actions:[admin, index, user]] CONFIDENTIAL 17
  18. 18. DemoCONFIDENTIAL 18
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×