使用安全性配置Jersey测试框架 [英] Configuring Jersey Test Framework with Security
问题描述
我正在使用Jersey编写REST Web服务,并且正在尝试编写一组单元测试以使用Jersey Test Framework测试该服务.
I am writing a REST web service using Jersey, and I'm trying to write a set of unit tests to test the service using the Jersey Test Framework.
但是,我将HTTP Authentication和SecurityContext用作Web服务的一部分,并且在设置JTF以允许我测试这些方面时遇到了问题.我可以在请求中发送身份验证信息,但是如何配置它以了解我希望设置的不同角色和用户?
However, I use HTTP Authentication and SecurityContext as part of my web service, and I'm having issues setting up JTF to allow me to test these aspects. I can send authentication information in the request, but how do I configure it to know about the different roles and users I wish to set up?
我目前正在使用Jetty(通过JettyTestContainerFactory),但是可以根据需要切换到其他测试容器.
I'm currently using Jetty (via JettyTestContainerFactory), but can switch to different test containers if needed.
我要实现的特定配置是两个角色,以及四个具有这些可能角色(例如,无角色,角色a,角色b,角色a和b)的用户.该Web服务将处理授予对不同URL的访问的权限,因此无需在配置中指定.
The specific configuration I am trying to achieve is two roles, and four users with the combinations of those possible roles (e.g. No roles, role a, role b, roles a and b). The web service will handle giving access to different URLs, so that doesn't need to be specified in the configuration.
推荐答案
我通过实现自己的Jetty Test容器(与Jersey提供的容器类似)来完成此任务.我们使用嵌入式Jetty正常测试开发中的应用程序,并基于该嵌入式Jetty创建我们自己的测试容器,就像通过Java主进程启动该应用程序一样,它会加载Web应用程序.
I have done this by implementing my own Jetty Test container similar to the one provided by Jersey. We use an embedded Jetty for testing our application in development normally and by creating our own test container based on that embedded Jetty it loads our web application as it would if it was started by a Java main process.
我们使用在jetty-env.xml文件中配置的自定义Jetty安全处理程序,嵌入式Jetty用于配置安全性.
We use a custom Jetty Security Handler configured in a jetty-env.xml file which the embedded Jetty uses to configure the security.
<Set name="securityHandler">
<New class="com.example.DevelopmentSecurityHandler">
<Set name="loginService">
<New class="com.example.DevelopmentLoginService">
<Set name="name">LocalRealm</Set>
<Set name="config">src/main/webapp/WEB-INF/users.properties</Set>
<Call name="start" />
</New>
</Set>
<Set name="authenticator">
<New class="com.example.DevelopmentAuthenticator"></New>
</Set>
<Set name="checkWelcomeFiles">true</Set>
</New>
</Set>
该Jetty env文件是由嵌入式Jetty加载的:
That Jetty env file is loaded by embedded Jetty:
XmlConfiguration configuration = null;
if (jettyEnvFile.exists()) {
try {
configuration = new XmlConfiguration(jettyEnvFile.toURI().toURL());
} catch (Exception e) {
throw new ProcessingException(String.format("Exception loading jetty config from %s", jettyEnvFile));
}
} else {
LOG.warn("No jetty-env.xml found.");
}
该xml中引用的users.properties文件是简单的用户到角色的映射,例如 USERNAME = PASSWORD,ROLE_NAME1,ROLE_NAME2
The users.properties file referenced in that xml is a simple user to role mapping e.g. USERNAME=PASSWORD,ROLE_NAME1,ROLE_NAME2
根据您配置Jetty安全性的方式,这可能对您不起作用.您还可以通过编程方式进行配置,这里有很多嵌入式Jetty的示例
Depending how you configure your Jetty security this may or may not work for you. You can also configure this programmatically, there's lots of examples of embedded Jetty here. The SecuredHelloHandler.java example there could be a good start for you.
对于测试容器,基本上可以从复制org.glassfish.jersey.test.jetty.JettyTestContainerFactory和org.glassfish.jersey.jetty.JettyHttpContainerFactory开始,本质上是更改
For the test container you can basically start by copying org.glassfish.jersey.test.jetty.JettyTestContainerFactory and org.glassfish.jersey.jetty.JettyHttpContainerFactory essentially changing the
public static Server createServer(final URI uri, final SslContextFactory sslContextFactory, final JettyHttpContainer handler, final boolean start)
使用需要配置的安全性来创建嵌入式Jetty服务器版本的方法.
method to create your version of an embedded Jetty server with security configured however you require.
这篇关于使用安全性配置Jersey测试框架的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
