適用於集成測試的shiro配置

Question

對於我的大多數集成測試，我不需要任何安全檢查。我只是想讓我的路走出去。 Beeing shiro noob我想知道是否有比我找到的更好的方法。

在我ShiroFilter類，如果驗證失敗，我添加了這個代碼：

try { 
    currentUser.login(token); 
    return CONTINUE; 
} catch (AuthenticationException e1) { 

    // if everything failed, we might actualy have the integration test configuration, let's try 
    UsernamePasswordToken testToken = new UsernamePasswordToken("testUser", "testPassword", true, host); 
    try { 
     currentUser.login(testToken); 
     return CONTINUE; 
    } catch (AuthenticationException e2) { 
     LOGGER.info("Unable to login", e2); 
    } 

} 

這是集成測試的shiro.ini：

[users] 
testUser = testPassword, administrator 

[roles] 
administrator = * 

Answer 1

用於模擬四郎上創建一個類集成測試。

package util; 

    import org.apache.shiro.SecurityUtils; 
    import org.apache.shiro.UnavailableSecurityManagerException; 
    import org.apache.shiro.mgt.SecurityManager; 
    import org.apache.shiro.subject.Subject; 
    import org.apache.shiro.subject.support.SubjectThreadState; 
    import org.apache.shiro.util.LifecycleUtils; 
    import org.apache.shiro.util.ThreadState; 
    import org.junit.AfterClass; 

    /** 
    * Abstract test case enabling Shiro in test environments. 
    */ 
    public abstract class AbstractShiroTest { 

     private static ThreadState subjectThreadState; 

     public AbstractShiroTest() { 
     } 

     /** 
     * Allows subclasses to set the currently executing {@link Subject} instance. 
     * 
     * @param subject the Subject instance 
     */ 
     protected void setSubject(Subject subject) { 
      clearSubject(); 
      subjectThreadState = createThreadState(subject); 
      subjectThreadState.bind(); 
     } 

     protected Subject getSubject() { 
      return SecurityUtils.getSubject(); 
     } 

     protected ThreadState createThreadState(Subject subject) { 
      return new SubjectThreadState(subject); 
     } 

     /** 
     * Clears Shiro's thread state, ensuring the thread remains clean for future test execution. 
     */ 
     protected void clearSubject() { 
      doClearSubject(); 
     } 

     private static void doClearSubject() { 
      if (subjectThreadState != null) { 
       subjectThreadState.clear(); 
       subjectThreadState = null; 
      } 
     } 

     protected static void setSecurityManager(SecurityManager securityManager) { 
      SecurityUtils.setSecurityManager(securityManager); 
     } 

     protected static SecurityManager getSecurityManager() { 
      return SecurityUtils.getSecurityManager(); 
     } 

     @AfterClass 
     public static void tearDownShiro() { 
      doClearSubject(); 
      try { 
       SecurityManager securityManager = getSecurityManager(); 
       LifecycleUtils.destroy(securityManager); 
      } catch (UnavailableSecurityManagerException e) { 
       //we don't care about this when cleaning up the test environment 
       //(for example, maybe the subclass is a unit test and it didn't 
       // need a SecurityManager instance because it was using only 
       // mock Subject instances) 
      } 
      setSecurityManager(null); 
     } 
    } 

然後在你有四郎依賴測試類：

@RunWith(MockitoJUnitRunner.class) 
public class ManterCampanhaServiceImplTest extends AbstractShiroTest { 

@Test 
public void someTest() throws Exception { 
    Subject subjectUnderTest = Mockito.mock(Subject.class); 
    when(subjectUnderTest.getPrincipal()).thenReturn(EntityObjectMother.getUserData()); //Subject for test 
    setSubject(subjectUnderTest); 

    // Now you have a test with a mock subject 

    // Write the test... 
}}