aspose file tools*
The moose likes Spring and the fly likes Spring 3 Security: how to test it? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Spring 3 Security: how to test it?" Watch "Spring 3 Security: how to test it?" New topic
Author

Spring 3 Security: how to test it?

Gian Franco
blacksmith
Ranch Hand

Joined: Dec 16, 2003
Posts: 977
Hi Peter,

Congratulations with the publication of your book!

...regarding Spring 3 security, how would one go about
testing one of the solutions chosen for his/her own
application?

How do you normally test a security solution?

Cheers,

Gian


"Eppur si muove!"
Peter Mularien
Author
Ranch Hand

Joined: Sep 06, 2007
Posts: 84
Hello Gian,

We don't cover unit testing specifically in the book, but the general strategy that I have employed successfully in past projects with Spring Security goes something like this:
* In your Spring Security configuration files, separate out the few bits that will change between unit tests and production (for example, the UserDetailsService in unit tests may be configured with a static list of users, and not backed by a database)
* As part of your build / deploy environment, you have two secondary configuration files - one with a UserDetailsService containing static, unit test data, and one that is used in "production" (backed by JDBC, Hibernate, etc.)

Sounds pretty simple, but it really does work - it depends on how invasive your tests are, and how they are run (for example, Selenium or the like can be used to test the security of a running web application).

I'd suggest looking at the unit tests that ship with Spring Security 3 itself - they are very illustrative of how to set up some complex scenarios (such as embedded LDAP), and are quite easy to follow once you're familiar with how the framework works.

Hope that answers your question!

Best,
Peter


Author, Spring Security 3 (the Book), Packt Publishing, 2010
SCJP, OCP
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Spring 3 Security: how to test it?