Java 用于集成测试的shiro配置
对于大多数集成测试,我不需要任何安全检查。我只想让shiro别挡我的路。我想知道是否有比我找到的更好的方法 在我的ShiroFilter类中,如果身份验证失败,我将添加以下代码:Java 用于集成测试的shiro配置,java,shiro,Java,Shiro,对于大多数集成测试,我不需要任何安全检查。我只想让shiro别挡我的路。我想知道是否有比我找到的更好的方法 在我的ShiroFilter类中,如果身份验证失败,我将添加以下代码: try { currentUser.login(token); return CONTINUE; } catch (AuthenticationException e1) { // if everything failed, we might actualy have the integrat
try {
currentUser.login(token);
return CONTINUE;
} catch (AuthenticationException e1) {
// if everything failed, we might actualy have the integration test configuration, let's try
UsernamePasswordToken testToken = new UsernamePasswordToken("testUser", "testPassword", true, host);
try {
currentUser.login(testToken);
return CONTINUE;
} catch (AuthenticationException e2) {
LOGGER.info("Unable to login", e2);
}
}
这是集成测试的shiro.ini:
[users]
testUser = testPassword, administrator
[roles]
administrator = *
在集成测试中为mock Shiro创建一个类
package util;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.UnavailableSecurityManagerException;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.subject.support.SubjectThreadState;
import org.apache.shiro.util.LifecycleUtils;
import org.apache.shiro.util.ThreadState;
import org.junit.AfterClass;
/**
* Abstract test case enabling Shiro in test environments.
*/
public abstract class AbstractShiroTest {
private static ThreadState subjectThreadState;
public AbstractShiroTest() {
}
/**
* Allows subclasses to set the currently executing {@link Subject} instance.
*
* @param subject the Subject instance
*/
protected void setSubject(Subject subject) {
clearSubject();
subjectThreadState = createThreadState(subject);
subjectThreadState.bind();
}
protected Subject getSubject() {
return SecurityUtils.getSubject();
}
protected ThreadState createThreadState(Subject subject) {
return new SubjectThreadState(subject);
}
/**
* Clears Shiro's thread state, ensuring the thread remains clean for future test execution.
*/
protected void clearSubject() {
doClearSubject();
}
private static void doClearSubject() {
if (subjectThreadState != null) {
subjectThreadState.clear();
subjectThreadState = null;
}
}
protected static void setSecurityManager(SecurityManager securityManager) {
SecurityUtils.setSecurityManager(securityManager);
}
protected static SecurityManager getSecurityManager() {
return SecurityUtils.getSecurityManager();
}
@AfterClass
public static void tearDownShiro() {
doClearSubject();
try {
SecurityManager securityManager = getSecurityManager();
LifecycleUtils.destroy(securityManager);
} catch (UnavailableSecurityManagerException e) {
//we don't care about this when cleaning up the test environment
//(for example, maybe the subclass is a unit test and it didn't
// need a SecurityManager instance because it was using only
// mock Subject instances)
}
setSecurityManager(null);
}
}
然后在具有Shiro依赖关系的测试类上:
@RunWith(MockitoJUnitRunner.class)
public class ManterCampanhaServiceImplTest extends AbstractShiroTest {
@Test
public void someTest() throws Exception {
Subject subjectUnderTest = Mockito.mock(Subject.class);
when(subjectUnderTest.getPrincipal()).thenReturn(EntityObjectMother.getUserData()); //Subject for test
setSubject(subjectUnderTest);
// Now you have a test with a mock subject
// Write the test...
}}
在我们的环境中,始终会创建一个具有所有权限的根用户,就像您的管理员一样,在每个测试开始时,我们只需登录该用户。所以,和你现在做的很相似。