• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Spring 3 Security: how to test it?

 
Gian Franco
blacksmith
Ranch Hand
Posts: 979
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Peter,

Congratulations with the publication of your book!

...regarding Spring 3 security, how would one go about
testing one of the solutions chosen for his/her own
application?

How do you normally test a security solution?

Cheers,

Gian

 
Peter Mularien
Author
Ranch Hand
Posts: 84
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello Gian,

We don't cover unit testing specifically in the book, but the general strategy that I have employed successfully in past projects with Spring Security goes something like this:
* In your Spring Security configuration files, separate out the few bits that will change between unit tests and production (for example, the UserDetailsService in unit tests may be configured with a static list of users, and not backed by a database)
* As part of your build / deploy environment, you have two secondary configuration files - one with a UserDetailsService containing static, unit test data, and one that is used in "production" (backed by JDBC, Hibernate, etc.)

Sounds pretty simple, but it really does work - it depends on how invasive your tests are, and how they are run (for example, Selenium or the like can be used to test the security of a running web application).

I'd suggest looking at the unit tests that ship with Spring Security 3 itself - they are very illustrative of how to set up some complex scenarios (such as embedded LDAP), and are quite easy to follow once you're familiar with how the framework works.

Hope that answers your question!

Best,
Peter
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic