使用 CDI 注入的主体进行集成测试

【问题标题】:Integration Testing with a CDI Injected Principal使用 CDI 注入的主体进行集成测试
【发布时间】:2015-06-07 19:03:23
【问题描述】:

我有一个简单的请求范围 bean,其中包含一个注入的 Principal,以便我可以确定当前用户的 ID。然后将该 bean 注入到 Servlet 中,并且 Servlet 使用该 bean 来显示用户的 ID。例如:

界面:

public interface UserManager {

     public String getCurrentUserName();

}

实施:

@RequestScoped
public class CdiUserManager implements UserManager {

     @Inject
     private Principal principal;

     public CdiUserManager() {

     }

     @Override
     public String getCurrentUserName() {

         String name = null;

         if(principal != null && principal.getName() != null){
              name = principal.getName();
         }

         return name;
     }

 }

servlet:

@WebServlet({"/public/user", "/authenticated/user"})
public class UserServlet extends HttpServlet {

     @Inject
     private UserManager manager;

     public UserServlet() {
        super();
     }

     protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

         response.getWriter().write("UserName: " + manager.getCurrentUserName());
     }

 }

servlet 映射为经过身份验证和未经身份验证的访问。我为 web.xml 配置了适当的安全约束,因此只有经过身份验证的 URL 才需要基本身份验证。

我还有一个 EAR 文件。 EAR 中的 application.xml 包括带有 servlet 和托管 bean 的 web 模块以及在 web.xml 中定义的安全角色。此外,我还有一个 ibm-application-bnd.xml 文件,它将 web.xml 和 application.xml 中的安全角色映射到特殊主题 ALL_AUTHENTICATED_USERS。

我在 WAR 的 WEB-INF 目录中有一个空 beans.xml 文件。

我目前有两个问题似乎无法解决。

1) 当我以未经身份验证的用户身份访问公共 URL 时,我预计注入 Principal 或对 principal.getName() 的调用将为 null 或其他一些可识别的值……即“未经身份验证”。目前我得到一个带有下面堆栈跟踪的 NPE。如果我访问经过身份验证的 URL 并通过基本身份验证登录,则 servlet 按预期返回我的用户名。我不确定在这种情况下应该返回什么标准,但我认为这是一个错误?

java.lang.NullPointerException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:95)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:56)
at java.lang.reflect.Method.invoke(Method.java:620)
at org.apache.webbeans.component.BuildInOwbBean$BuildInBeanMethodHandler.invoke(BuildInOwbBean.java:273)
at [internal classes]
at org.javassist.tmp.java.lang.Object_$$_javassist_1.getName(Object_$$_javassist_1.java)
at com.testing.cdi.CdiUserManager.getCurrentUserName(CdiUserManager.java:23)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:95)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:56)
at java.lang.reflect.Method.invoke(Method.java:620)
at org.apache.webbeans.intercept.InterceptorHandler.invoke(InterceptorHandler.java:327)
at [internal classes]
at com.testing.cdi.CdiUserManager_$$_javassist_0.getCurrentUserName(CdiUserManager_$$_javassist_0.java)
at com.testing.cdi.UserServlet.doGet(UserServlet.java:31)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:575)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1285)
at [internal classes]

2) 我遇到的第二个问题是如何使用注入的 Principal 进行集成测试?我目前正在使用 Arquillian,并且我构建了一个如下所示的部署方法:

 @Deployment
 public static EnterpriseArchive createDeployment() {

    EnterpriseArchive ear = ShrinkWrap.create(EnterpriseArchive.class, CONTEXT_ROOT + ".ear");
    WebArchive war = ShrinkWrap.create(WebArchive.class, CONTEXT_ROOT + ".war");

    war.addPackages(true, UserManager.class.getPackage());

    war.addAsWebInfResource(EmptyAsset.INSTANCE, "beans.xml");
    war.setWebXML(new File("src/main/webapp/WEB-INF/web.xml"));

    ear.setApplicationXML(new File("../testing-ear/src/main/application/META-INF/application.xml"));
    ear.addAsManifestResource(new File("../testing-ear/src/main/application/META-INF/ibm-application-bnd.xml"));
    ear.addAsModule(war);

    return ear;
 }

我在每个测试用例之前验证我的测试用户,如下所示:

@Before
public void setup() throws LoginException, WSSecurityException {

    // WLP provided classes to authenticate a user.
    CallbackHandler wscbh = new WSCallbackHandlerImpl("user", "password");
    LoginContext ctx = new LoginContext("WSLogin", wscbh);
    ctx.login();

    // Set the user as the current user on the thread.
    Subject mySubject = ctx.getSubject();
    WSSubject.setRunAsSubject(mySubject);

}

然后在测试用例中,我正在检查用户名是否为空,如下所示:

@Test
public void testAuthenticatedPrincipal() throws LoginException, WSSecurityException {


    assertNull("User name should not be null.", manager.getCurrentUserName());
}

这个测试用例的执行总是会导致一个带有堆栈跟踪的 NPE:

java.lang.NullPointerException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:95)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:56)
at java.lang.reflect.Method.invoke(Method.java:620)
at org.apache.webbeans.component.BuildInOwbBean$BuildInBeanMethodHandler.invoke(BuildInOwbBean.java:273)
at org.apache.webbeans.component.BuildInOwbBean$BuildInBeanMethodHandler.invoke(BuildInOwbBean.java:267)
at org.javassist.tmp.java.lang.Object_$$_javassist_2.getName(Object_$$_javassist_2.java)
at com.testing.cdi.CdiUserManager.getCurrentUserName(CdiUserManager.java:23)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:95)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:56)
at java.lang.reflect.Method.invoke(Method.java:620)
at org.apache.webbeans.intercept.InterceptorHandler.invoke(InterceptorHandler.java:327)
at org.apache.webbeans.intercept.NormalScopedBeanInterceptorHandler.invoke(NormalScopedBeanInterceptorHandler.java:117)
at org.apache.webbeans.intercept.NormalScopedBeanInterceptorHandler.invoke(NormalScopedBeanInterceptorHandler.java:108)
at com.testing.cdi.CdiUserManager_$$_javassist_1.getCurrentUserName(CdiUserManager_$$_javassist_1.java)
at com.testing.cdi.test.UserManagerTest.testAuthenticatedPrincipal(UserManagerTest.java:85)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:95)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:56)
at java.lang.reflect.Method.invoke(Method.java:620)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
at org.jboss.arquillian.junit.Arquillian$6$1.invoke(Arquillian.java:325)
at org.jboss.arquillian.container.test.impl.execution.LocalTestExecuter.execute(LocalTestExecuter.java:60)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:95)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:56)
at java.lang.reflect.Method.invoke(Method.java:620)
at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94)
at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:99)
at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:81)
at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:145)
at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:116)
at org.jboss.arquillian.core.impl.EventImpl.fire(EventImpl.java:67)
at org.jboss.arquillian.container.test.impl.execution.ContainerTestExecuter.execute(ContainerTestExecuter.java:38)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:95)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:56)
at java.lang.reflect.Method.invoke(Method.java:620)
at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94)
at org.jboss.arquillian.core.impl.EventContextImpl.invokeObservers(EventContextImpl.java:99)
at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:81)
at org.jboss.arquillian.test.impl.TestContextHandler.createTestContext(TestContextHandler.java:102)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:95)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:56)
at java.lang.reflect.Method.invoke(Method.java:620)
at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94)
at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88)
at org.jboss.arquillian.test.impl.TestContextHandler.createClassContext(TestContextHandler.java:84)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:95)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:56)
at java.lang.reflect.Method.invoke(Method.java:620)
at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94)
at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88)
at org.jboss.arquillian.test.impl.TestContextHandler.createSuiteContext(TestContextHandler.java:65)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:95)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:56)
at java.lang.reflect.Method.invoke(Method.java:620)
at org.jboss.arquillian.core.impl.ObserverImpl.invoke(ObserverImpl.java:94)
at org.jboss.arquillian.core.impl.EventContextImpl.proceed(EventContextImpl.java:88)
at org.jboss.arquillian.core.impl.ManagerImpl.fire(ManagerImpl.java:145)
at org.jboss.arquillian.test.impl.EventTestRunnerAdaptor.test(EventTestRunnerAdaptor.java:135)
at org.jboss.arquillian.junit.Arquillian$6.evaluate(Arquillian.java:318)
at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
at org.jboss.arquillian.junit.Arquillian$5.evaluate(Arquillian.java:277)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
at org.jboss.arquillian.junit.Arquillian$2.evaluate(Arquillian.java:202)
at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:377)
at org.jboss.arquillian.junit.Arquillian.access$200(Arquillian.java:52)
at org.jboss.arquillian.junit.Arquillian$3.evaluate(Arquillian.java:216)
at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
at org.jboss.arquillian.junit.Arquillian.run(Arquillian.java:164)
at org.junit.runner.JUnitCore.run(JUnitCore.java:160)
at org.junit.runner.JUnitCore.run(JUnitCore.java:138)
at org.jboss.arquillian.junit.container.JUnitTestRunner.execute(JUnitTestRunner.java:66)
at org.jboss.arquillian.protocol.servlet.runner.ServletTestRunner.executeTest(ServletTestRunner.java:159)
at org.jboss.arquillian.protocol.servlet.runner.ServletTestRunner.execute(ServletTestRunner.java:125)
at org.jboss.arquillian.protocol.servlet.runner.ServletTestRunner.doGet(ServletTestRunner.java:89)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:575)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1285)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:776)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:473)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1104)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:4845)
at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.handleRequest(DynamicVirtualHost.java:297)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:981)
at com.ibm.ws.webcontainer.osgi.DynamicVirtualHost$2.run(DynamicVirtualHost.java:262)
at com.ibm.ws.http.dispatcher.internal.channel.HttpDispatcherLink$TaskWrapper.run(HttpDispatcherLink.java:955)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1157)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:627)
at java.lang.Thread.run(Thread.java:863)

过去我曾构建 EJB 项目并使用此方法对它们进行集成测试。在这种情况下,注入 SessionContext 会替换 Principal。有没有人对如何让这个测试用例运行有任何建议或经验?

附:我将 IBM JDK v1.7.1 与 WebSphere Liberty Developer Edition v8.5.5.5 一起使用。

【问题讨论】:

    标签: security integration-testing cdi jboss-arquillian websphere-liberty


    【解决方案1】:

    通常,空值用于未登录用户的主体,例如如果用户尚未通过身份验证,HttpServletRequest.getUserPrincipal() 将返回 null。

    因此,我认为注入的 Principal 为 null 并非不合理。然而,Principal 也是一个被代理的 CDI bean。由于您有一个注入的代理对象,您无法测试它是否为空,但是当您调用 getName() 时,CDI 会尝试为登录用户找到真正的 Principal 并对其调用 getName(),从而导致 NullPointerException。

    我意识到这并没有太大帮助,因为您不能真正使用 Principal bean 来检查用户是否经过身份验证,但我认为这没有错。

    对于 Arquillian 测试,您可以将测试作为客户端而不是在服务器上运行,这样您就可以手动调用 servlet URL 并提供身份验证凭据。您必须让 servlet 打印出用户名并检查客户端上的响应是否正确。

    这里有一些关于在客户端模式下运行测试的信息:https://docs.jboss.org/author/display/ARQ/Test+run+modes

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 2015-09-20
      • 2015-03-21
      • 2013-11-02
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode