Google Git
Sign in
apache / tomee-site / initial-version / . / content / testing-security-example.mdtext
blob: 214b632a631780a00c8aaf9de9e24a56965fd167 [file] [log] [blame]
Title: Testing Security Example
<a name="TestingSecurityExample-Overview"></a>
# Overview
Builds upon the [Injection of EntityManager Example](injection-of-entitymanager-example.html)
but adds the use of *@RolesAllowed* and *@PermitAll* in the @Stateful bean
to restrict who can perform create, persist and remove operations on the
EntityManager. Shows a TestCase using the *@RunAs* annotation to execute
and test the bean code as various users.
In this example we restrict the ability to create Movie Entities to a
_Manager_ or an _Employee_. Reads are open to anyone, logged in or not.
And delete operations are only allowed by a _Manager_.
See the [Security Annotations](security-annotations.html)
page for a full description of how the security annotations work.
_The source for this example is in the "testing-security" directory located
in the [openejb-examples.zip](openejb:download.html)
available on the download page._
<a name="TestingSecurityExample-TheCode"></a>
# The Code
Just as with the [Testing Transactions Example](testing-transactions-example.html)
the magic of this unit test is in the *ManagerBean* and *EmployeeBean*
@Stateless beans that we've tucked into our TestCase as inner classes.
These beans allow us to execute our test code as either a Manager or as an
Employee and test that Movies @Stateful bean is setup to restrict and
permit calls according to our intended design.
{snippet:id=code|url=openejb3/examples/testing-security/src/main/java/org/superbiz/injection/secure/MoviesImpl.java|lang=java}
<a name="TestingSecurityExample-Writingaunittestfortheexample"></a>
# Writing a unit test for the example
{snippet:id=code|url=openejb3/examples/testing-security/src/test/java/org/superbiz/injection/secure/MovieTest.java|lang=java}
Curious on the InitialContext parameters used? See the [Injection of DataSource Example](injection-of-datasource-example.html)
for an explanation of how any Resource can be configured via properties in
the TestCase itself or via an openejb.xml file.
<a name="TestingSecurityExample-Running"></a>
# Running
Running the example is fairly simple. In the "testing-security" directory
of the [examples zip](openejb:download.html)
, just run:
$ mvn clean install
Which should create output like the following.
-------------------------------------------------------
T E S T S
-------------------------------------------------------
Running org.superbiz.injection.secure.MovieTest
Apache OpenEJB 3.0 build: 20080408-04:13
http://openejb.apache.org/
INFO - openejb.home =
/Users/dblevins/work/openejb-3.0/examples/testing-security
INFO - openejb.base =
/Users/dblevins/work/openejb-3.0/examples/testing-security
INFO - Configuring Service(id=Default Security Service,
type=SecurityService, provider-id=Default Security Service)
INFO - Configuring Service(id=Default Transaction Manager,
type=TransactionManager, provider-id=Default Transaction Manager)
INFO - Configuring Service(id=movieDatabaseUnmanaged, type=Resource,
provider-id=Default JDBC Database)
INFO - Configuring Service(id=movieDatabase, type=Resource,
provider-id=Default JDBC Database)
INFO - Configuring Service(id=Default JDK 1.3 ProxyFactory,
type=ProxyFactory, provider-id=Default JDK 1.3 ProxyFactory)
INFO - Found EjbModule in classpath:
/Users/dblevins/work/openejb-3.0/examples/testing-security/target/classes
INFO - Found EjbModule in classpath:
/Users/dblevins/work/openejb-3.0/examples/testing-security/target/test-classes
INFO - Configuring app:
/Users/dblevins/work/openejb-3.0/examples/testing-security/target/classes
INFO - Configuring Service(id=Default Stateful Container, type=Container,
provider-id=Default Stateful Container)
INFO - Auto-creating a container for bean Movies: Container(type=STATEFUL,
id=Default Stateful Container)
INFO - Configuring PersistenceUnit(name=movie-unit)
INFO - Loaded Module:
/Users/dblevins/work/openejb-3.0/examples/testing-security/target/classes
INFO - Configuring app:
/Users/dblevins/work/openejb-3.0/examples/testing-security/target/test-classes
INFO - Configuring Service(id=Default Stateless Container, type=Container,
provider-id=Default Stateless Container)
INFO - Auto-creating a container for bean EmployeeBean:
Container(type=STATELESS, id=Default Stateless Container)
INFO - Loaded Module:
/Users/dblevins/work/openejb-3.0/examples/testing-security/target/test-classes
INFO - Assembling app:
/Users/dblevins/work/openejb-3.0/examples/testing-security/target/classes
INFO - PersistenceUnit(name=movie-unit,
provider=org.apache.openjpa.persistence.PersistenceProviderImpl)
ERROR - JAVA AGENT NOT INSTALLED. The JPA Persistence Provider requested
installation of a ClassFileTransformer which
requires a JavaAgent. See
http://openejb.apache.org/3.0/javaagent.html
INFO - Jndi(name=MoviesLocal) --> Ejb(deployment-id=Movies)
INFO - Created Ejb(deployment-id=Movies, ejb-name=Movies, container=Default
Stateful Container)
INFO - Deployed
Application(path=/Users/dblevins/work/openejb-3.0/examples/testing-security/target/classes)
INFO - Assembling app:
/Users/dblevins/work/openejb-3.0/examples/testing-security/target/test-classes
INFO - Jndi(name=EmployeeBeanLocal) --> Ejb(deployment-id=EmployeeBean)
INFO - Jndi(name=ManagerBeanLocal) --> Ejb(deployment-id=ManagerBean)
INFO - Created Ejb(deployment-id=EmployeeBean, ejb-name=EmployeeBean,
container=Default Stateless Container)
INFO - Created Ejb(deployment-id=ManagerBean, ejb-name=ManagerBean,
container=Default Stateless Container)
INFO - Deployed
Application(path=/Users/dblevins/work/openejb-3.0/examples/testing-security/target/test-classes)
Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.109 sec
Results :
Tests run: 3, Failures: 0, Errors: 0, Skipped: 0