-
1. Re: JEE Security for Tests
aslak Aug 17, 2011 9:27 AM (in response to toepi)your understanding of the Arquillian internals are spot on btw..
hmm.. interesting
The simples of course is to not test incontainer in this case, by using @Deployment.testable=fasle and use the @ArquillianResource URL injection point to get a hold of a Secure Servlet in your deployment, for so to make a Secure Request on the client against this. The receving end should then be whithin a security context.
If you e.g. have a EJB that requires the security context, and you want to test that incontainer, you would need to write your Assertions in your 'SecuredServlet' for this to work..
-
2. Re: JEE Security for Tests
toepi Aug 17, 2011 2:57 PM (in response to aslak)Aslak Knutsen wrote:
The simples of course is to not test incontainer in this case, by using @Deployment.testable=fasle and use the @ArquillianResource URL injection point to get a hold of a Secure Servlet in your deployment, for so to make a Secure Request on the client against this. The receving end should then be whithin a security context.
I use this for tests some 'legacy' WebServices - which have a own war with basic authtification (yes very secure - very good webservice most of it use rpc-style ) It work like a charm, before arquillian we have do the test manual after a manuell deployment. But how can I use this for call a EJB method without creating a war for it?
Aslak Knutsen wrote:
If you e.g. have a EJB that requires the security context, and you want to test that incontainer, you would need to write your Assertions in your 'SecuredServlet' for this to work..
Can you explain this in more detail?
- What must I do? Write a own Protocol, Servlet ... both ... or you mean create manuall a security context on the server - it should be possible but for every conatiner? ... okay we only support one container (no jboss ) at this time but my target is to do write std jee apps run an nearly all containers.