Unit testing filters

Hello all,

I have come in midway into a project, and I am trying to retrofit a sanitization filter into an existing spring project.

My understanding is that to sanitize a request before moving down the chain, I have to wrap the request in a wrapper, as it is normally read only.

So I found the following article about XSS sanitization and decided this would be a good starting point....

http://greatwebguy.com/programming/java/simple-cross-site-scripting-xss-servlet-filter/

The project already has a security filter, so I was either going to daisychain the sanitization filter onto the end, or edit the security filter to also do the sanitiation.

All I want to do is to have a JUnit test that creates a series of requests with a payload similar to those found at

http://ha.ckers.org/xss.html

So that I can check that the filter is indeed filtering malicious code attacks.

I originally tried cactus, but that has a bunch of dependancies that break the project when I copy the Jars into the lib folder.

Could anyone recommend an alternative approach to testing the filter?

Many thanks.

Lee,
Can you use a mock objects framework like jMock or mockito and just test the logic without everything else? If not, I would refactor the code to test the logic independent of the filter.

Hi Jeanne,

Thanks for the answer. My colleagues had come to the same conclusion as youself; to refactor the code to allow the important methods to be called via JUnit.

I'm glad we came to the same conclusion as you.

Thanks again.

Great minds think alike . Thanks for sharing your conclusion.