content/testing-security-example.cwiki - tomee-site - Git at Google

 h1. Overview

 Builds upon the [Injection of EntityManager Example] but adds the use of *@RolesAllowed* and *@PermitAll* in the @Stateful bean to restrict who can perform create, persist and remove operations on the EntityManager.  Shows a TestCase using the *@RunAs* annotation to execute and test the bean code as various users.

 In this example we restrict the ability to create Movie Entities to a _Manager_ or an _Employee_.  Reads are open to anyone, logged in or not.  And delete operations are only allowed by a _Manager_.

 See the [Security Annotations] page for a full description of how the security annotations work.

 _The source for this example is in the "testing-security" directory located in the [openejb-examples.zip|OPENEJB:Download] available on the download page._

 h1. The Code

 Just as with the [Testing Transactions Example] the magic of this unit test is in the *ManagerBean* and *EmployeeBean* @Stateless beans that we've tucked into our TestCase as inner classes.  These beans allow us to execute our test code as either a Manager or as an Employee and test that Movies @Stateful bean is setup to restrict and permit calls according to our intended design.

 {snippet:id=code|url=openejb3/examples/testing-security/src/main/java/org/superbiz/injection/secure/MoviesImpl.java|lang=java}

 h1. Writing a unit test for the example

 {snippet:id=code|url=openejb3/examples/testing-security/src/test/java/org/superbiz/injection/secure/MovieTest.java|lang=java}

 Curious on the InitialContext parameters used?  See the [Injection of DataSource Example] for an explanation of how any Resource can be configured via properties in the TestCase itself or via an openejb.xml file.

 h1.  Running

 Running the example is fairly simple.  In the "testing-security" directory of the [examples zip|OPENEJB:Download], just run:

 $ mvn clean install

 Which should create output like the following.

 {noformat}
 -------------------------------------------------------
  T E S T S
 -------------------------------------------------------
 Running org.superbiz.injection.secure.MovieTest
 Apache OpenEJB 3.0    build: 20080408-04:13
 http://openejb.apache.org/
 INFO - openejb.home = /Users/dblevins/work/openejb-3.0/examples/testing-security
 INFO - openejb.base = /Users/dblevins/work/openejb-3.0/examples/testing-security
 INFO - Configuring Service(id=Default Security Service, type=SecurityService, provider-id=Default Security Service)
 INFO - Configuring Service(id=Default Transaction Manager, type=TransactionManager, provider-id=Default Transaction Manager)
 INFO - Configuring Service(id=movieDatabaseUnmanaged, type=Resource, provider-id=Default JDBC Database)
 INFO - Configuring Service(id=movieDatabase, type=Resource, provider-id=Default JDBC Database)
 INFO - Configuring Service(id=Default JDK 1.3 ProxyFactory, type=ProxyFactory, provider-id=Default JDK 1.3 ProxyFactory)
 INFO - Found EjbModule in classpath: /Users/dblevins/work/openejb-3.0/examples/testing-security/target/classes
 INFO - Found EjbModule in classpath: /Users/dblevins/work/openejb-3.0/examples/testing-security/target/test-classes
 INFO - Configuring app: /Users/dblevins/work/openejb-3.0/examples/testing-security/target/classes
 INFO - Configuring Service(id=Default Stateful Container, type=Container, provider-id=Default Stateful Container)
 INFO - Auto-creating a container for bean Movies: Container(type=STATEFUL, id=Default Stateful Container)
 INFO - Configuring PersistenceUnit(name=movie-unit)
 INFO - Loaded Module: /Users/dblevins/work/openejb-3.0/examples/testing-security/target/classes
 INFO - Configuring app: /Users/dblevins/work/openejb-3.0/examples/testing-security/target/test-classes
 INFO - Configuring Service(id=Default Stateless Container, type=Container, provider-id=Default Stateless Container)
 INFO - Auto-creating a container for bean EmployeeBean: Container(type=STATELESS, id=Default Stateless Container)
 INFO - Loaded Module: /Users/dblevins/work/openejb-3.0/examples/testing-security/target/test-classes
 INFO - Assembling app: /Users/dblevins/work/openejb-3.0/examples/testing-security/target/classes
 INFO - PersistenceUnit(name=movie-unit, provider=org.apache.openjpa.persistence.PersistenceProviderImpl)
 ERROR - JAVA AGENT NOT INSTALLED. The JPA Persistence Provider requested installation of a ClassFileTransformer which
         requires a JavaAgent.  See http://openejb.apache.org/3.0/javaagent.html
 INFO - Jndi(name=MoviesLocal) --> Ejb(deployment-id=Movies)
 INFO - Created Ejb(deployment-id=Movies, ejb-name=Movies, container=Default Stateful Container)
 INFO - Deployed Application(path=/Users/dblevins/work/openejb-3.0/examples/testing-security/target/classes)
 INFO - Assembling app: /Users/dblevins/work/openejb-3.0/examples/testing-security/target/test-classes
 INFO - Jndi(name=EmployeeBeanLocal) --> Ejb(deployment-id=EmployeeBean)
 INFO - Jndi(name=ManagerBeanLocal) --> Ejb(deployment-id=ManagerBean)
 INFO - Created Ejb(deployment-id=EmployeeBean, ejb-name=EmployeeBean, container=Default Stateless Container)
 INFO - Created Ejb(deployment-id=ManagerBean, ejb-name=ManagerBean, container=Default Stateless Container)
 INFO - Deployed Application(path=/Users/dblevins/work/openejb-3.0/examples/testing-security/target/test-classes)
 Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.109 sec

 Results :

 Tests run: 3, Failures: 0, Errors: 0, Skipped: 0
 {noformat}
	h1. Overview

	Builds upon the [Injection of EntityManager Example] but adds the use of @RolesAllowed and @PermitAll in the @Stateful bean to restrict who can perform create, persist and remove operations on the EntityManager. Shows a TestCase using the @RunAs annotation to execute and test the bean code as various users.

	In this example we restrict the ability to create Movie Entities to a _Manager_ or an _Employee_. Reads are open to anyone, logged in or not. And delete operations are only allowed by a _Manager_.

	See the [Security Annotations] page for a full description of how the security annotations work.

	_The source for this example is in the "testing-security" directory located in the [openejb-examples.zip\|OPENEJB:Download] available on the download page._

	h1. The Code

	Just as with the [Testing Transactions Example] the magic of this unit test is in the ManagerBean and EmployeeBean @Stateless beans that we've tucked into our TestCase as inner classes. These beans allow us to execute our test code as either a Manager or as an Employee and test that Movies @Stateful bean is setup to restrict and permit calls according to our intended design.

	{snippet:id=code\|url=openejb3/examples/testing-security/src/main/java/org/superbiz/injection/secure/MoviesImpl.java\|lang=java}

	h1. Writing a unit test for the example

	{snippet:id=code\|url=openejb3/examples/testing-security/src/test/java/org/superbiz/injection/secure/MovieTest.java\|lang=java}

	Curious on the InitialContext parameters used? See the [Injection of DataSource Example] for an explanation of how any Resource can be configured via properties in the TestCase itself or via an openejb.xml file.

	h1. Running

	Running the example is fairly simple. In the "testing-security" directory of the [examples zip\|OPENEJB:Download], just run:

	$ mvn clean install

	Which should create output like the following.

	{noformat}
	-------------------------------------------------------
	T E S T S
	-------------------------------------------------------
	Running org.superbiz.injection.secure.MovieTest
	Apache OpenEJB 3.0 build: 20080408-04:13
	http://openejb.apache.org/
	INFO - openejb.home = /Users/dblevins/work/openejb-3.0/examples/testing-security
	INFO - openejb.base = /Users/dblevins/work/openejb-3.0/examples/testing-security
	INFO - Configuring Service(id=Default Security Service, type=SecurityService, provider-id=Default Security Service)
	INFO - Configuring Service(id=Default Transaction Manager, type=TransactionManager, provider-id=Default Transaction Manager)
	INFO - Configuring Service(id=movieDatabaseUnmanaged, type=Resource, provider-id=Default JDBC Database)
	INFO - Configuring Service(id=movieDatabase, type=Resource, provider-id=Default JDBC Database)
	INFO - Configuring Service(id=Default JDK 1.3 ProxyFactory, type=ProxyFactory, provider-id=Default JDK 1.3 ProxyFactory)
	INFO - Found EjbModule in classpath: /Users/dblevins/work/openejb-3.0/examples/testing-security/target/classes
	INFO - Found EjbModule in classpath: /Users/dblevins/work/openejb-3.0/examples/testing-security/target/test-classes
	INFO - Configuring app: /Users/dblevins/work/openejb-3.0/examples/testing-security/target/classes
	INFO - Configuring Service(id=Default Stateful Container, type=Container, provider-id=Default Stateful Container)
	INFO - Auto-creating a container for bean Movies: Container(type=STATEFUL, id=Default Stateful Container)
	INFO - Configuring PersistenceUnit(name=movie-unit)
	INFO - Loaded Module: /Users/dblevins/work/openejb-3.0/examples/testing-security/target/classes
	INFO - Configuring app: /Users/dblevins/work/openejb-3.0/examples/testing-security/target/test-classes
	INFO - Configuring Service(id=Default Stateless Container, type=Container, provider-id=Default Stateless Container)
	INFO - Auto-creating a container for bean EmployeeBean: Container(type=STATELESS, id=Default Stateless Container)
	INFO - Loaded Module: /Users/dblevins/work/openejb-3.0/examples/testing-security/target/test-classes
	INFO - Assembling app: /Users/dblevins/work/openejb-3.0/examples/testing-security/target/classes
	INFO - PersistenceUnit(name=movie-unit, provider=org.apache.openjpa.persistence.PersistenceProviderImpl)
	ERROR - JAVA AGENT NOT INSTALLED. The JPA Persistence Provider requested installation of a ClassFileTransformer which
	requires a JavaAgent. See http://openejb.apache.org/3.0/javaagent.html
	INFO - Jndi(name=MoviesLocal) --> Ejb(deployment-id=Movies)
	INFO - Created Ejb(deployment-id=Movies, ejb-name=Movies, container=Default Stateful Container)
	INFO - Deployed Application(path=/Users/dblevins/work/openejb-3.0/examples/testing-security/target/classes)
	INFO - Assembling app: /Users/dblevins/work/openejb-3.0/examples/testing-security/target/test-classes
	INFO - Jndi(name=EmployeeBeanLocal) --> Ejb(deployment-id=EmployeeBean)
	INFO - Jndi(name=ManagerBeanLocal) --> Ejb(deployment-id=ManagerBean)
	INFO - Created Ejb(deployment-id=EmployeeBean, ejb-name=EmployeeBean, container=Default Stateless Container)
	INFO - Created Ejb(deployment-id=ManagerBean, ejb-name=ManagerBean, container=Default Stateless Container)
	INFO - Deployed Application(path=/Users/dblevins/work/openejb-3.0/examples/testing-security/target/test-classes)
	Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.109 sec

	Results :

	Tests run: 3, Failures: 0, Errors: 0, Skipped: 0
	{noformat}