3 Replies Latest reply on Mar 29, 2011 8:49 AM by stefanorg

    JSFUnit logout test problem (spring-security ?!?)

    stefanorg

      Hi all,

       

      i'm trying to do some base test for my application.

       

      I've a secure login form (handled by spring-security) and i want to test login and logout. My problem is that when clicking in the logout button the application do nothing.

       

      This is my code:

       

      WebClientSpec wcSpec = new WebClientSpec("/pages/login.jsf",BrowserVersion.FIREFOX_3);
       FormAuthenticationStrategy formAuth = new FormAuthenticationStrategy("amministratore", "test", "submitBtn");     
       wcSpec.setInitialRequestStrategy(formAuth);
      
                          JSFSession jsfSession = new JSFSession(wcSpec);
                          JSFClientSession client = jsfSession.getJSFClientSession();
      
                          HtmlAnchor logoutLink = (HtmlAnchor) client.getElement("logoutLink");
                          assertNotNull(logoutLink); 
      
                          assertEquals(true, client.getContentPage().getWebResponse().getContentAsString().contains("amministratore"));
                          log.debug(client.getPageAsText());
                          assertEquals(true, client.getPageAsText().contains("amministratore"));
      
                              //the assertions before are true, loginBean.username has to be 'amministratore'
                              //but is null
                              //assertEquals("amministratore", server.getManagedBeanValue("#{loginBean.username}"));
      
                          HtmlAnchor link = (HtmlAnchor) client.getElement("logoutLink");
      
                          Page p = link.click();// <-- i can reach the following logout() action 
      
                          log.debug("url dopo logout:"+p.getUrl());
      
      
      

       

      When the event click is fired (link.click()) i'm able to reach the server side code that execute the logout action:

       

      public String logout() throws IOException{
      
                          FacesContext fc = FacesContext.getCurrentInstance();
                          fc.getExternalContext().getSessionMap().put("loginBean", null);
                          HttpSession session = (HttpSession)fc.getExternalContext().getSession(false);
                          session.invalidate();
      
                          //id="j_spring_security_logout"
      
                          ExternalContext ec = fc.getExternalContext();
                          ec.dispatch("/logout"); // <-- It stops here
      
                          fc.responseComplete();
                          //return "login";
                          return null;
                } 
      
      
      

       

      Another strange thing is that the server side check of managed bean doesn't work...

       

      any idea?!?

       

      Thanks

        • 1. Re: JSFUnit logout test problem (spring-security ?!?)
          kragoth
          public String logout() throws IOException{ 
                              FacesContext fc = FacesContext.getCurrentInstance();
                              fc.getExternalContext().getSessionMap().put("loginBean", null);
                              HttpSession session = (HttpSession)fc.getExternalContext().getSession(false);
                              session.invalidate();
           
                              //id="j_spring_security_logout" 
                              ExternalContext ec = fc.getExternalContext();
                              ec.dispatch("/logout"); // <-- It stops here 
                              fc.responseComplete();
                              //return "login";                    return null;
                    } 
           
           
           
           
          

           

          What do you mean

           

          ec.dispatch("/logout"); // <-- It stops here

           

          Java doesn't just stop. Is it throwing an exception? If so what is the exception? How do you know it stops there?

           

          My guess is that something ins going wrong here because the session gets invalidated but then you do more work.

          HttpSession session = (HttpSession)fc.getExternalContext().getSession(false);
          session.invalidate();

          I don't know for sure though. If Stan is around I'm pretty sure he'll know the answer.

          • 2. JSFUnit logout test problem (spring-security ?!?)
            ssilvert

            I'm betting that Tim is right on this one.  You are probably invalidating the session by some means other than the ExteneralContext.  In JSFUnit you must get the session from the ExternalContext or HttpSession.invalidate() will blow away JSFUnit's context.

             

            See Logging Out section of 'Testing Secure Pages".

             

            Stan

            • 3. JSFUnit logout test problem (spring-security ?!?)
              stefanorg

              ok the problem was the spring configuration:

               

              <logout logout-url="/logout" logout-success-url="/pages/welcome.jsf" invalidate-session="true"/>

               

              invalidate-session="true" has to be false.

               

              thanks