aspose file tools*
The moose likes Spring and the fly likes How to TestNG tests a @PreAuthorize annotation and its spring EL specified by a spring MVC Controlle Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "How to TestNG tests a @PreAuthorize annotation and its spring EL specified by a spring MVC Controlle" Watch "How to TestNG tests a @PreAuthorize annotation and its spring EL specified by a spring MVC Controlle" New topic
Forums: Testing Spring
Author

How to TestNG tests a @PreAuthorize annotation and its spring EL specified by a spring MVC Controlle

Anthony Raj S
Greenhorn

Joined: Dec 27, 2011
Posts: 2
I've defined this method in my Spring MVC Controller

@PreAuthorize("isAuthenticated() and hasPermission(#request, 'CREATE_REQUISITION')")
@RequestMapping(method = RequestMethod.POST, value = "/trade/createrequisition")
public @ResponseBody
void createRequisition(@RequestBody CreateRequisitionRO[] request,
@RequestHeader("validateOnly") boolean validateOnly) {
.....
}
Then in my TestNG test I'd like to call this method and ensure that the PreAuthorize condition is verified. when I call this method in a normal way (not testing), the PreAuthorize is verified.

If it's possible, how to test this annotation in a TestNG test and how to catch the exception if it throws one ?

Best Regards
Bill Gorder
Bartender

Joined: Mar 07, 2010
Posts: 1632
    
    7

While you could do this why would you want to? What you would be doing is testing the framework. You can rest assured the Spring folks tested the @PreAuthorize annotation.


[How To Ask Questions][Read before you PM me]
Anthony Raj S
Greenhorn

Joined: Dec 27, 2011
Posts: 2
Bill Gorder wrote:While you could do this why would you want to? What you would be doing is testing the framework. You can rest assured the Spring folks tested the @PreAuthorize annotation.


It will be better if you could read the question properly before making any comments
Bill Gorder
Bartender

Joined: Mar 07, 2010
Posts: 1632
    
    7

Anthony Raj S wrote:when I call this method in a normal way (not testing), the PreAuthorize is verified.


Yup and integration testing is where I think this stuff should be verified.

Then in my TestNG test I'd like to call this method and ensure that the PreAuthorize condition is verified.


What I was saying is by unit testing this method on its PreAuthorize conditions you are mostly just testing the framework. Typically you would unit test what the method does and test the security layer as part of your integration testing. Now as I said before, yes it can be done. I assume you are using SpringJunit runner, and the Spring support classes but you did not post any test code so I cannot tell for sure. Make sure that load all of the Spring Security Configuration needed to initialize the @PreAuthorize annotations correctly. and in a @Before block (or just sometime before you invoke the method) make sure you get your set an authenticated authentication token on the SecurityContextHolder. Now whether you want to do this like below or call embedded ldap or something else is up to you.
It might look something like this:



that said the exception that you have to handle if the user does not have the proper authority is usually a AccessDeniedException.


I don't use TestNG but whatever testing framework you decide to use should be fine.


I hope that helps you but my original point still stands. I don't see a point in writing unit tests like this, I think it should be tested as part of integration testing. Security is a cross cutting concern.

 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to TestNG tests a @PreAuthorize annotation and its spring EL specified by a spring MVC Controlle
 
Similar Threads
TestNG Groups or Categorisation
testNG timeOut annotation generates AssertionError
How to have different data provides in TestNG
Next Generation Java Testing book
Restriction in a view Spring Security