Testing the Grails Spring Security Plugins
Testing the Grails Spring Security Plugins
Burt Beckwith,
SpringSource@burtbeckwithhttp://burtbeckwith.com/blog/
Unit tests are not an option
Unit Tests
Spring Security is implemented as a filter chainIf you use unit
testing, mocks, etc. you only test the mocks
Ok, so what about integration tests?
Integration Tests
Spring Security is implemented as a filter chainIf you use
integration testing, mock request, response, etc. you still don't
have a real filter chain
But there are uses for integration tests
Integration Tests
Grails integration tests are unit tests + Spring + DB +
pluginsSo you can test the configuration
There's no servlet container, but you can test servicesSo ACL
testing (both Spring Security and Shiro) is a good fit here
Damn, so I have to use functional tests?
Yes.
Functional tests
Ideal for security testingMake many real requests against a
real, properly configured web server
Test authentication, authorization, configuration -
everything
Functional tests
Functional test pluginsI use
http://grails.org/plugin/functional-test (version 1.2.7)
Geb is a great option -
http://www.gebish.org/Webdriver/Selenium
jQuery selector syntax
Spock, JUnit & TestNG
Actively developed, active mailing list
Grails functional-test plugin
Apache Commons HttpClient to make GET/POST requests
HtmlUnit to parse responses
JUnit 3 base class with helper methods
2.0 is in development, but I still use 1.2.7NEVER RUN
create-functional-test script will overwrite grails-app/conf
files
Grails functional-test plugin
UsageAdd plugin dependency in BuildConfig.groovytest
':functional-test:1.2.7'
Will fail to resolve dependencies on first compileFatal error
during compilation org.apache.tools.ant.BuildException:
java.lang.NoClassDefFoundError:
Lcom/gargoylesoftware/htmlunit/html/HTMLParser$HtmlUnitDOMBuilder
Just run grails compile again
Grails functional-test plugin
Creating test classesNEVER RUN create-functional-test script
will overwrite grails-app/conf files
Just create a class in test/functional that extends
functionaltestplugin.FunctionalTestCase
Grails functional-test plugin
import functionaltestplugin.FunctionalTestCase
class LoginTests extends FunctionalTestCase {
void testSomeWebsiteFeature() { // Here call get(uri) or
post(uri) to start // the session and then use the custom //
assertXXXX calls etc to check the response // // get('/something')
// assertStatus 200 // assertContentContains 'the expected text'
}}
How to find all controller actions?
import grails.web.Action
...
def data = []
for (controller in grailsApplication.controllerClasses) {
List actions = controller.clazz.methods.findAll( {
it.getAnnotation(Action) })*.name
data
