5 Replies Latest reply on Jan 17, 2011 10:22 AM by magnus.smith

    Java EE Security Subject and Arquillian TestNG

    magnus.smith

      I have some EJBs to test with TestNG that require role based security authorisation.

       

      I'm using Arquillian (version 1.0.0.Alpha4) and testNG(version 5.14) to test EJBs with EclipseLink using Embedded Glassfish.

       

      What I have attempted is

       

      1. Create a class JAASAdminWorkerSubject that implements the IHookable interface and creates the javax.security.auth.Subject.with the principal and roles required to test the ejbs.
      2. Call the test using Subject.doAs(Subject, PrivilegedExceptionAction) with the security subject so that I can then use the @RolesAllowed annotation on the ejb.
      3. Add the JAASAdminWorkerSubject as a @Listener to the test class.

       

       

      public class JAASAdminWorkerSubject implements ITestNGListener, IHookable {

       

          private TestPrincipal user;

          private TestPrincipal[] roles;

          private TestGroup group;

       

          public JAASAdminWorkerSubject() {

              user = new TestPrincipal("magnus");

              roles = new TestPrincipal[]{new TestPrincipal("ADMIN WORKER")};

              group = new TestGroup("Roles");

              for (TestPrincipal role : roles) {

                  group.addMember(role);

              }

          }

       

          @Override

          public void run(IHookCallBack icb, ITestResult testResult) {

              try {

                  Subject adminWorker = new Subject();

                  adminWorker.getPrincipals().add(user);

                  adminWorker.getPrincipals().add(group);

                  Subject.doAs(adminWorker, new PrivilegedExceptionActionImpl(icb, testResult));

              } catch (PrivilegedActionException ex) {

              }

       

          }

       

          private class PrivilegedExceptionActionImpl implements PrivilegedExceptionAction {

       

              final ITestResult testResult;

              final IHookCallBack icb;

       

              PrivilegedExceptionActionImpl(IHookCallBack icb, ITestResult testResult) {

                  this.testResult = testResult;

                  this.icb = icb;

              }

       

              @Override

              public Object run() {

                  icb.runTestMethod(testResult);

                  return null;

              }

          }

       

      Then adding JAASAdminWorkerSubject as a listener to the test class

       

      @Test(groups = "integration")

      @Listeners({uk.gov.sunderland.ccms.model.test.JAASAdminWorkerSubject.class})

      public class AllInOneTestCase extends Arquillian {

      ....

       

       

      For some unknown to me reason the listener class seems to be ignored by arquillian when I run the test. 

      I've tried other types of testng listeners such as the IInvokedMethodListener and I can see that one being called correctly.

       

      I was wondering if anyone has managed to get this sort of thing working with arquillian?

       

      Many Thanks