Hi Juan,
I had a similar problem, except that I'm using tapestry-acegi. However,
tapestry-spring and tapestry-acegi seem very similar, so perhaps what I've
done may help you...
I have an IOC module TestInfrastructureModule that is included only in my
tests. It contains this contribution:
import static org.mockito.Mockito.mock;
/**
* Ensure that there are valid HTTP request/response objects in the
test, otherwise the ACEGI integration tends to blow up.
*/
public static void
contributeRequestHandler(OrderedConfiguration<RequestFilter> config, final
RequestGlobals requestGlobals) {
RequestFilter filter = new RequestFilter() {
public boolean service(Request request, Response response,
RequestHandler handler) throws IOException {
requestGlobals.storeServletRequestResponse(mock
(HttpServletRequest.class), mock(HttpServletResponse.class));
return handler.service(request, response);
}
};
config.add("EnsureNonNullHttpRequestAndResponse", filter,
"before:*");
}
Notice that I'm using Mockito to mock the request and response with the
mock() method. However, you can use your mock/stub/fake of choice for the
request and response.
I don't know if this will work for spring-security, but it's worth a
try...
Paul
[email protected] wrote on 17/07/2009 10:34:00:
>
> > So yes, i could create a mock of the security module in our
> > application but then how to test that the security is working through
> > the application?
> Okay I agree that for integration tests you probably need a tool
> like Selenium or HtmlUnit (HtmlUnit is a headless browser based
> tool)... I *think I recall reading a post not so long ago that
> Tapestry support was in the pipeline, but I stand to be corrected on
that.
>
> > How to assure that one of the developers didn't
> > forget to add security to a page or event?
> For lack of a better solution, if you do use testify with mocks then
> test only your code and not the module, that way you can check for
> the presence of the annotations at least, so you can probably put
> something superficial togeather using:
> getClass().isAnnotationPresent()
> getClass().getAnnotation()
> which gives you some coverage at least.
>
> Cheers
> Peter
>
>
> ----- Original Message -----
> From: "Juan E. Maya" <[email protected]>
> To: "Tapestry users" <[email protected]>
> Sent: Friday, 17 July, 2009 11:48:29 GMT +02:00 Athens, Beirut,
> Bucharest, Istanbul
> Subject: Re: Tapestry-Spring Security & Page Testing
>
> Oh Peter yes i understand you, and i totally agree with you. I think i
> didn't explain myself very well. So let me elaborate a bit more. Maybe
> u have different opinion.
>
> We want to test our application thoroughly therefore we are using unit
> tests and integrations tests. We want like to test every piece of
> functionality.
>
> The problem arose when we wanted to test our security module. The
> security module is written in top of Tapestry-Spring-Security. The
> only way we have found to create tests for this module has been using
> Selenium (Tapestry-Test) but our Continuous server can't launch a
> browser instance. When using Testify or tapestry page unit tests an
> exception is thrown because HttpServletRequest is not present.
>
> So yes, i could create a mock of the security module in our
> application but then how to test that the security is working through
> the application? How to assure that one of the developers didn't
> forget to add security to a page or event?
>
> Thanks a lot for your help!
>
> On Fri, Jul 17, 2009 at 10:30 AM, <[email protected]> wrote:
> > How you test is up to you Juan, but if I may be so bold as to give
> you a humble opinion: I think testing is not worthwhile if you don't
> isolate portions of code from their dependencies to validate their
> behavior, in other words if you include too much, you will just be
> rewriting everything and will eventually need tests for your tests.
> If you want to do integration tests then test only integration, and
> not the behavior or state of units as such, keep those as separate unit
tests.
> >
> > Sorry, but I don't think I can provide you the solution you
> want... but I don't know what will.
> >
> > Kind regards,
> > Peter
> >
> > ----- Original Message -----
> > From: "Juan E. Maya" <[email protected]>
> > To: "Tapestry users" <[email protected]>
> > Sent: Friday, 17 July, 2009 11:14:11 GMT +02:00 Athens, Beirut,
> Bucharest, Istanbul
> > Subject: Re: Tapestry-Spring Security & Page Testing
> >
> > Yes i tried and although it's possible i would be removing the
> > security module from the tests and that's actually one of the critical
> > things we want to test when testing the pages.
> >
> > Fri, Jul 17, 2009 at 9:53 AM, Peter
> > Stavrinides<[email protected]> wrote:
> >> Have you tried to use a Mock object for this?
> >>
> >> Peter
> >> ----- Original Message -----
> >> From: "Juan E. Maya" <[email protected]>
> >> To: "Tapestry users" <[email protected]>
> >> Sent: Friday, 17 July, 2009 10:25:15 GMT +02:00 Athens, Beirut,
> Bucharest, Istanbul
> >> Subject: Re: Tapestry-Spring Security & Page Testing
> >>
> >> Oh sorry for that. I thought it was the page for tapestry-test. I am
> >> actually already using testify.
> >>
> >> The problem i was referring occurs because Spring-Security detects
> >> that the render of a page doesn't come from an HttpServletRequest
> >> (Correct me if i am wrong). I could just not use the security module
> >> at all in my tests but then security will not take part on the
testing
> >> and i am not so eager to this.
> >>
> >>
> >> On Fri, Jul 17, 2009 at 7:39 AM, Peter
> >> Stavrinides<[email protected]> wrote:
> >>> Testify is not selenium, its basic unit and integration testing,
> built on top of Tapestry and page tester you do you need a browser.
> >>>
> >>> ----- Original Message -----
> >>> From: "Juan E. Maya" <[email protected]>
> >>> To: "Tapestry users" <[email protected]>
> >>> Sent: Thursday, 16 July, 2009 17:54:23 GMT +02:00 Athens,
> Beirut, Bucharest, Istanbul
> >>> Subject: Re: Tapestry-Spring Security & Page Testing
> >>>
> >>> I had already look at it, but due to restrictions in the test server
> >>> we can't launch an instance of a browser to execute the test.
> >>>
> >>> Thanks anyway Peter
> >>>
> >>> On Thu, Jul 16, 2009 at 4:26 PM, <[email protected]> wrote:
> >>>> Look at the project Tapestry testify:
> >>>> https://tapestry.formos.com/nightly/tapestry-testify/
> >>>>
> >>>> This should give you the tools you need to test your pages
> precisely, you also will need to include a mocking framework
> (EasyMock or Mockito) with testify.
> >>>>
> >>>> good luck,
> >>>> Peter
> >>>>
> >>>> ----- Original Message -----
> >>>> From: "Juan E. Maya" <[email protected]>
> >>>> To: "Tapestry users" <[email protected]>
> >>>> Sent: Thursday, 16 July, 2009 17:09:23 GMT +02:00 Athens,
> Beirut, Bucharest, Istanbul
> >>>> Subject: Re: Tapestry-Spring Security & Page Testing
> >>>>
> >>>> I came to the conclusion (maybe i am wrong) that this is not
possible
> >>>> (at least now) using Spring-security. Sadly this is a deal breaker
for
> >>>> me :S
> >>>>
> >>>> The nice thing is that thanks to tapestry modularity it was
extremely
> >>>> easy to replace the security to use Chennilleit Access! I am really
> >>>> looking forward for CK new release :)
> >>>>
> >>>> On Wed, Jul 15, 2009 at 9:04 AM, Juan E. Maya<[email protected]>
wrote:
> >>>>> Does anybody has found a way to unit test pages of an application
that
> >>>>> use Tapestry-Spring Security?
> >>>>>
> >>>>> I always get the error:
> >>>>>
> >>>>>
> >>>>> java.lang.RuntimeException: java.io.IOException: Can only process
> >>>>> HttpServletRequest
> >>>>> at org.apache.tapestry5.test.PageTester.
> renderPage(PageTester.java:200)
> >>>>> at com.rinco.misacas.web.test.SimplePageTest.
> simpleTest(SimplePageTest.java:53)
> >>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
> >>>>> at sun.reflect.NativeMethodAccessorImpl.
> invoke(NativeMethodAccessorImpl.java:39)
> >>>>> at sun.reflect.DelegatingMethodAccessorImpl.
> invoke(DelegatingMethodAccessorImpl.java:25)
> >>>>> at java.lang.reflect.Method.invoke(Method.java:585)
> >>>>> at org.testng.internal.MethodHelper.
> invokeMethod(MethodHelper.java:580)
> >>>>> at
org.testng.internal.Invoker.invokeMethod(Invoker.java:478)
> >>>>> at
org.testng.internal.Invoker.invokeTestMethod(Invoker.java:617)
> >>>>> at org.testng.internal.Invoker.
> invokeTestMethods(Invoker.java:885)
> >>>>> at org.testng.internal.TestMethodWorker.
> invokeTestMethods(TestMethodWorker.java:126)
> >>>>> at org.testng.internal.TestMethodWorker.
> run(TestMethodWorker.java:110)
> >>>>> at org.testng.TestRunner.runWorkers(TestRunner.java:712)
> >>>>> at org.testng.TestRunner.privateRun(TestRunner.java:582)
> >>>>> at org.testng.TestRunner.run(TestRunner.java:477)
> >>>>> at org.testng.SuiteRunner.runTest(SuiteRunner.java:324)
> >>>>> at
org.testng.SuiteRunner.runSequentially(SuiteRunner.java:319)
> >>>>> at org.testng.SuiteRunner.privateRun(SuiteRunner.java:292)
> >>>>> at org.testng.SuiteRunner.run(SuiteRunner.java:198)
> >>>>> at
org.testng.TestNG.createAndRunSuiteRunners(TestNG.java:823)
> >>>>> at org.testng.TestNG.runSuitesLocally(TestNG.java:790)
> >>>>> at org.testng.TestNG.run(TestNG.java:708)
> >>>>> at org.testng.remote.RemoteTestNG.run(RemoteTestNG.java:73)
> >>>>> at
org.testng.remote.RemoteTestNG.main(RemoteTestNG.java:124)
> >>>>> Caused by: java.io.IOException: Can only process
HttpServletRequest
> >>>>> at nu.localhost.tapestry5.springsecurity.services.
> internal.RequestFilterWrapper.service(RequestFilterWrapper.java:64)
> >>>>> at $RequestHandler_1227d30e8e4.
> service($RequestHandler_1227d30e8e4.java)
> >>>>> at com.rinco.misacas.web.services.MisacasModule$1.
> service(MisacasModule.java:109)
> >>>>> at $RequestFilter_1227d30e8e0.
> service($RequestFilter_1227d30e8e0.java)
> >>>>> at $RequestHandler_1227d30e8e4.
> service($RequestHandler_1227d30e8e4.java)
> >>>>> at org.apache.tapestry5.internal.services.
> RequestErrorFilter.service(RequestErrorFilter.java:26)
> >>>>> at $RequestHandler_1227d30e8e4.
> service($RequestHandler_1227d30e8e4.java)
> >>>>> at org.apache.tapestry5.services.TapestryModule$4.
> service(TapestryModule.java:778)
> >>>>> at $RequestHandler_1227d30e8e4.
> service($RequestHandler_1227d30e8e4.java)
> >>>>> at org.apache.tapestry5.services.TapestryModule$3.
> service(TapestryModule.java:767)
> >>>>> at $RequestHandler_1227d30e8e4.
> service($RequestHandler_1227d30e8e4.java)
> >>>>> at org.apache.tapestry5.internal.services.
> StaticFilesFilter.service(StaticFilesFilter.java:85)
> >>>>> at $RequestHandler_1227d30e8e4.
> service($RequestHandler_1227d30e8e4.java)
> >>>>> at org.apache.tapestry5.internal.test.
> EndOfRequestCleanupFilter.service(EndOfRequestCleanupFilter.java:42)
> >>>>> at $RequestHandler_1227d30e8e4.
> service($RequestHandler_1227d30e8e4.java)
> >>>>> at org.apache.tapestry5.internal.services.
> CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:90)
> >>>>> at org.apache.tapestry5.internal.services.
> CheckForUpdatesFilter$2.invoke(CheckForUpdatesFilter.java:81)
> >>>>> at org.apache.tapestry5.ioc.internal.util.
> ConcurrentBarrier.withRead(ConcurrentBarrier.java:85)
> >>>>> at org.apache.tapestry5.internal.services.
> CheckForUpdatesFilter.service(CheckForUpdatesFilter.java:103)
> >>>>> at $RequestHandler_1227d30e8e4.
> service($RequestHandler_1227d30e8e4.java)
> >>>>> at $RequestHandler_1227d30e8b9.
> service($RequestHandler_1227d30e8b9.java)
> >>>>> at org.apache.tapestry5.test.PageTester.
> renderPage(PageTester.java:173)
> >>>>> ... 23 more
> >>>>> Caused by: javax.servlet.ServletException: Can only process
> HttpServletRequest
> >>>>> at org.springframework.security.ui.
> SpringSecurityFilter.doFilter(SpringSecurityFilter.java:46)
> >>>>> at nu.localhost.tapestry5.springsecurity.services.
> internal.RequestFilterWrapper.service(RequestFilterWrapper.java:55)
> >>>>> ... 44 more
> >>>>>
> >>>>> After running a test like this:
> >>>>>
> >>>>> @Test
> >>>>> public void simpleTest() {
> >>>>> private PageTester MISACAS_tester_TESTER = new
> >>>>> PageTester(APP_NAME, APP_PACKAGE, APP_CONTEXT);
> >>>>> Document doc = tester.renderPage("Index");
> >>>>>
Assert.notNull(doc.getElementById("featuredItems"));
> >>>>> }
> >>>>>
> >>>>> Of course this is natural, as HTTP is not being used to render the
> >>>>> pages during test, what would like to know is if it's possible to
> >>>>> avoid the execution of the Security RequestHandler ? I though
about
> >>>>> overriding the handler for tests or forcing the test to avoid
loading
> >>>>> the security module but i haven't been able to achieve any of
those :S
> >>>>>
> >>>>> Any ideas?
> >>>>>
> >>>>> Thanks a lot!
> >>>>>
> >>>>
> >>>>
---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: [email protected]
> >>>> For additional commands, e-mail: [email protected]
> >>>>
> >>>>
> >>>>
---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: [email protected]
> >>>> For additional commands, e-mail: [email protected]
> >>>>
> >>>>
> >>>
> >>>
---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: [email protected]
> >>> For additional commands, e-mail: [email protected]
> >>>
> >>>
> >>>
---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: [email protected]
> >>> For additional commands, e-mail: [email protected]
> >>>
> >>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: [email protected]
> >> For additional commands, e-mail: [email protected]
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: [email protected]
> >> For additional commands, e-mail: [email protected]
> >>
> >>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [email protected]
> > For additional commands, e-mail: [email protected]
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [email protected]
> > For additional commands, e-mail: [email protected]
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
---
This e-mail may contain confidential and/or privileged information. If you are
not the intended recipient (or have received this e-mail in error) please
notify the sender immediately and delete this e-mail. Any unauthorized copying,
disclosure or distribution of the material in this e-mail is strictly forbidden.
Please refer to http://www.db.com/en/content/eu_disclosures.htm for additional
EU corporate and regulatory disclosures.
