File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Spring and the fly likes Spring 3 Security: how to test it? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Spring 3 Security: how to test it?" Watch "Spring 3 Security: how to test it?" New topic

Spring 3 Security: how to test it?

Gian Franco
Ranch Hand

Joined: Dec 16, 2003
Posts: 977
Hi Peter,

Congratulations with the publication of your book!

...regarding Spring 3 security, how would one go about
testing one of the solutions chosen for his/her own

How do you normally test a security solution?



"Eppur si muove!"
Peter Mularien
Ranch Hand

Joined: Sep 06, 2007
Posts: 84
Hello Gian,

We don't cover unit testing specifically in the book, but the general strategy that I have employed successfully in past projects with Spring Security goes something like this:
* In your Spring Security configuration files, separate out the few bits that will change between unit tests and production (for example, the UserDetailsService in unit tests may be configured with a static list of users, and not backed by a database)
* As part of your build / deploy environment, you have two secondary configuration files - one with a UserDetailsService containing static, unit test data, and one that is used in "production" (backed by JDBC, Hibernate, etc.)

Sounds pretty simple, but it really does work - it depends on how invasive your tests are, and how they are run (for example, Selenium or the like can be used to test the security of a running web application).

I'd suggest looking at the unit tests that ship with Spring Security 3 itself - they are very illustrative of how to set up some complex scenarios (such as embedded LDAP), and are quite easy to follow once you're familiar with how the framework works.

Hope that answers your question!


Author, Spring Security 3 (the Book), Packt Publishing, 2010
I agree. Here's the link:
subject: Spring 3 Security: how to test it?
It's not a secret anymore!