0

I am writing a REST web service using Jersey, and I'm trying to write a set of unit tests to test the service using the Jersey Test Framework.

However, I use HTTP Authentication and SecurityContext as part of my web service, and I'm having issues setting up JTF to allow me to test these aspects. I can send authentication information in the request, but how do I configure it to know about the different roles and users I wish to set up?

I'm currently using Jetty (via JettyTestContainerFactory), but can switch to different test containers if needed.

The specific configuration I am trying to achieve is two roles, and four users with the combinations of those possible roles (e.g. No roles, role a, role b, roles a and b). The web service will handle giving access to different URLs, so that doesn't need to be specified in the configuration.

James Baker
  • 1,143
  • 17
  • 39

1 Answers1

1

I have done this by implementing my own Jetty Test container similar to the one provided by Jersey. We use an embedded Jetty for testing our application in development normally and by creating our own test container based on that embedded Jetty it loads our web application as it would if it was started by a Java main process.

We use a custom Jetty Security Handler configured in a jetty-env.xml file which the embedded Jetty uses to configure the security.

<Set name="securityHandler">
    <New class="com.example.DevelopmentSecurityHandler">
        <Set name="loginService">
            <New class="com.example.DevelopmentLoginService">
                <Set name="name">LocalRealm</Set>
                <Set name="config">src/main/webapp/WEB-INF/users.properties</Set>
                <Call name="start" />
            </New>
        </Set>
        <Set name="authenticator">
             <New class="com.example.DevelopmentAuthenticator"></New>
        </Set>
        <Set name="checkWelcomeFiles">true</Set>
    </New>
</Set>

That Jetty env file is loaded by embedded Jetty:

XmlConfiguration configuration = null;
if (jettyEnvFile.exists()) {
    try {
    configuration = new XmlConfiguration(jettyEnvFile.toURI().toURL());
    } catch (Exception e) {
        throw new ProcessingException(String.format("Exception loading jetty config from %s", jettyEnvFile));
    }
} else {
    LOG.warn("No jetty-env.xml found.");
}

The users.properties file referenced in that xml is a simple user to role mapping e.g. USERNAME=PASSWORD,ROLE_NAME1,ROLE_NAME2

Depending how you configure your Jetty security this may or may not work for you. You can also configure this programmatically, there's lots of examples of embedded Jetty here. The SecuredHelloHandler.java example there could be a good start for you.

For the test container you can basically start by copying org.glassfish.jersey.test.jetty.JettyTestContainerFactory and org.glassfish.jersey.jetty.JettyHttpContainerFactory essentially changing the 

public static Server createServer(final URI uri, final SslContextFactory sslContextFactory, final JettyHttpContainer handler, final boolean start)

method to create your version of an embedded Jetty server with security configured however you require.

Kerry
  • 11
  • 2