对于我的大多数集成测试,我不需要任何安全检查。我只是想让shiro不受我影响。 Beeing a shiro noob我想知道是否有比我找到的更好的方式。
在我的ShiroFilter类中,如果身份验证失败,我添加了以下代码:
try {
currentUser.login(token);
return CONTINUE;
} catch (AuthenticationException e1) {
// if everything failed, we might actualy have the integration test configuration, let's try
UsernamePasswordToken testToken = new UsernamePasswordToken("testUser", "testPassword", true, host);
try {
currentUser.login(testToken);
return CONTINUE;
} catch (AuthenticationException e2) {
LOGGER.info("Unable to login", e2);
}
}
这是集成测试的shiro.ini:
[users]
testUser = testPassword, administrator
[roles]
administrator = *
答案 0 :(得分:0)
在集成测试中为模拟Shiro创建一个类。
package util;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.UnavailableSecurityManagerException;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.subject.support.SubjectThreadState;
import org.apache.shiro.util.LifecycleUtils;
import org.apache.shiro.util.ThreadState;
import org.junit.AfterClass;
/**
* Abstract test case enabling Shiro in test environments.
*/
public abstract class AbstractShiroTest {
private static ThreadState subjectThreadState;
public AbstractShiroTest() {
}
/**
* Allows subclasses to set the currently executing {@link Subject} instance.
*
* @param subject the Subject instance
*/
protected void setSubject(Subject subject) {
clearSubject();
subjectThreadState = createThreadState(subject);
subjectThreadState.bind();
}
protected Subject getSubject() {
return SecurityUtils.getSubject();
}
protected ThreadState createThreadState(Subject subject) {
return new SubjectThreadState(subject);
}
/**
* Clears Shiro's thread state, ensuring the thread remains clean for future test execution.
*/
protected void clearSubject() {
doClearSubject();
}
private static void doClearSubject() {
if (subjectThreadState != null) {
subjectThreadState.clear();
subjectThreadState = null;
}
}
protected static void setSecurityManager(SecurityManager securityManager) {
SecurityUtils.setSecurityManager(securityManager);
}
protected static SecurityManager getSecurityManager() {
return SecurityUtils.getSecurityManager();
}
@AfterClass
public static void tearDownShiro() {
doClearSubject();
try {
SecurityManager securityManager = getSecurityManager();
LifecycleUtils.destroy(securityManager);
} catch (UnavailableSecurityManagerException e) {
//we don't care about this when cleaning up the test environment
//(for example, maybe the subclass is a unit test and it didn't
// need a SecurityManager instance because it was using only
// mock Subject instances)
}
setSecurityManager(null);
}
}
然后在你有Shiro依赖的测试类上:
@RunWith(MockitoJUnitRunner.class)
public class ManterCampanhaServiceImplTest extends AbstractShiroTest {
@Test
public void someTest() throws Exception {
Subject subjectUnderTest = Mockito.mock(Subject.class);
when(subjectUnderTest.getPrincipal()).thenReturn(EntityObjectMother.getUserData()); //Subject for test
setSubject(subjectUnderTest);
// Now you have a test with a mock subject
// Write the test...
}}