click-mock and username/role

>
> I'd like to use click-mock for testing my click web-application.
>
> Several times I need to get the username and role from the request,
> which AFAIK are set by the SecurityRealm.
>
> For example I display the users name on the top of the page using
> context.getRequest().getUserPrincipal().getName()
>
> For security reasons I check the users role in onSecurityCheck() using
> context.getRequest().isUserInRole(<requiredRole>)
>
> Is the a way to inject Username/Role with the mock API?
> In the moment I am trying the following, which results in a NPEX
>
> MockContainer container = new
> MockContainer("C:/dev/projects/clock-mock-test/src/main/webapp");
> container.start();
> container.setParameter(Form.FORM_NAME, "filter");
>
> //setting parameters for a FormTable
> container.setParameter("filterForm_column_0", "entryDate");
> container.setParameter("filterForm_operator_0", Operators.AFTER.name());
> container.setParameter("filterForm_value_0", "01.07.2009");
>
> //Thats where I get the NPEX
> MyTestPage page = (MyTestPage) container.testPage(MyTestPage.class);
>
> //The page forward to itself
> assertTrue(MyTestPage.class.getName().equals(container.getForwardPageClass().getName()));
>
>
> container.stop();
>
> In the MockRequest sources I saw that
> isUserInRole(String role) is not implemented yet and getUserPrincipal
> returns a Principal with name getHeader("REMOTE_USER"), how can I set
> REMOTE_USER?
>
>
> Thanks in advance
> SVen
>

> Hi Sven,
>
> You should be able to set the REMOTE_USER with:
>
>   container.getRequest().addHeader("REMOTE_USER", "admin");
>
> This won't get you past the unimplemented isUserInRole however. You
> could provide a custom MockRequest and set that on the Container before
> starting it e.g:
>
>   container.setRequest(new MyMockRequest());
>   container.start();
>
> where MyMockRequest somehow implements isUserInRole. Haven't really
> though of a way to implement isUserInRole but maybe we can expose a way
> to setup Roles and Principals for the container which isUserInRole can
> test against?
>
> kind regards
>
> bob
>
> Sven Pfeiffer wrote:
>>
>> I'd like to use click-mock for testing my click web-application.
>>
>> Several times I need to get the username and role from the request,
>> which AFAIK are set by the SecurityRealm.
>>
>> For example I display the users name on the top of the page using
>> context.getRequest().getUserPrincipal().getName()
>>
>> For security reasons I check the users role in onSecurityCheck() using
>> context.getRequest().isUserInRole(<requiredRole>)
>>
>> Is the a way to inject Username/Role with the mock API?
>> In the moment I am trying the following, which results in a NPEX
>>
>> MockContainer container = new
>> MockContainer("C:/dev/projects/clock-mock-test/src/main/webapp");
>> container.start();
>> container.setParameter(Form.FORM_NAME, "filter");
>>
>> //setting parameters for a FormTable
>> container.setParameter("filterForm_column_0", "entryDate");
>> container.setParameter("filterForm_operator_0", Operators.AFTER.name());
>> container.setParameter("filterForm_value_0", "01.07.2009");
>>
>> //Thats where I get the NPEX
>> MyTestPage page = (MyTestPage) container.testPage(MyTestPage.class);
>>
>> //The page forward to itself
>> assertTrue(MyTestPage.class.getName().equals(container.getForwardPageClass().getName()));
>>
>>
>> container.stop();
>>
>> In the MockRequest sources I saw that
>> isUserInRole(String role) is not implemented yet and getUserPrincipal
>> returns a Principal with name getHeader("REMOTE_USER"), how can I set
>> REMOTE_USER?
>>
>>
>> Thanks in advance
>> SVen
>>
>
>

> Perhaps we can add a "roles" property to the MockRequest then we can
> do something like this:
>
> // Setup remote user by a new MockPrincipal class
> Principal p = new MockPrincipal("test");
> container.getRequest().setPrincipal(p);
>
> // Setup roles
> container.getRequest().setRoles("admin", "user");
>
> And then isUserInRoles implementation can be simple:
>
>   public boolean isUserInRoles(String role) {
>     if (roles.contains(role)) {
>       return true;
>     } else {
>       return false;
>     }
>   }
>
>
> Or MockPrincipal can expose a method to set its own roles:
>
>   public boolean isUserInRoles(String role) {
>     if (getUserPrincipal().getRoles().contains(role)) {
>       return true;
>     } else {
>       return false;
>     }
>   }
>
> What do you think?
>
> bob
>
>
> Bob Schellink wrote:
>> Hi Sven,
>>
>> You should be able to set the REMOTE_USER with:
>>
>>   container.getRequest().addHeader("REMOTE_USER", "admin");
>>
>> This won't get you past the unimplemented isUserInRole however. You
>> could provide a custom MockRequest and set that on the Container
>> before starting it e.g:
>>
>>   container.setRequest(new MyMockRequest());
>>   container.start();
>>
>> where MyMockRequest somehow implements isUserInRole. Haven't really
>> though of a way to implement isUserInRole but maybe we can expose a
>> way to setup Roles and Principals for the container which
>> isUserInRole can test against?
>>
>> kind regards
>>
>> bob
>>
>> Sven Pfeiffer wrote:
>>>
>>> I'd like to use click-mock for testing my click web-application.
>>>
>>> Several times I need to get the username and role from the request,
>>> which AFAIK are set by the SecurityRealm.
>>>
>>> For example I display the users name on the top of the page using
>>> context.getRequest().getUserPrincipal().getName()
>>>
>>> For security reasons I check the users role in onSecurityCheck() using
>>> context.getRequest().isUserInRole(<requiredRole>)
>>>
>>> Is the a way to inject Username/Role with the mock API?
>>> In the moment I am trying the following, which results in a NPEX
>>>
>>> MockContainer container = new
>>> MockContainer("C:/dev/projects/clock-mock-test/src/main/webapp");
>>> container.start();
>>> container.setParameter(Form.FORM_NAME, "filter");
>>>
>>> //setting parameters for a FormTable
>>> container.setParameter("filterForm_column_0", "entryDate");
>>> container.setParameter("filterForm_operator_0",
>>> Operators.AFTER.name());
>>> container.setParameter("filterForm_value_0", "01.07.2009");
>>>
>>> //Thats where I get the NPEX
>>> MyTestPage page = (MyTestPage) container.testPage(MyTestPage.class);
>>>
>>> //The page forward to itself
>>> assertTrue(MyTestPage.class.getName().equals(container.getForwardPageClass().getName()));
>>>
>>>
>>> container.stop();
>>>
>>> In the MockRequest sources I saw that
>>> isUserInRole(String role) is not implemented yet and
>>> getUserPrincipal returns a Principal with name
>>> getHeader("REMOTE_USER"), how can I set REMOTE_USER?
>>>
>>>
>>> Thanks in advance
>>> SVen
>>>
>>
>>
>
>

> Hi Bob,
>
> I like the Idea of having a MockPrincipal so on every request I can
> deside which Principal to use.
> Which will be very usefull to test the security-related features.
>
> So I simply created two classes:
> AuthenticatedMockRequest
> public class AuthenticatedMockRequest extends MockRequest {
>
>    MockPrincipal userPrincipal;
>
>    public AuthenticatedMockRequest(MockPrincipal userPrincipal) {
>        this.userPrincipal = userPrincipal;
>    }
>
>    @Override
>    public boolean isUserInRole(String name) {
>        return userPrincipal.getRoles().contains(name);
>    }
>
>    @Override
>    public Principal getUserPrincipal() {
>        return userPrincipal;
>    }
> }
> and
>
> MockPrincipal:
> public class MockPrincipal implements Principal {
>
>    private String name;
>    private List<String> roles = new ArrayList<String>();
>
>    public MockPrincipal(String userName) {
>        this.name = userName;
>    }
>
>    public MockPrincipal(String userName, List<String> roles) {
>        this.name = userName;
>        this.roles = roles;
>    }
>
>    @Override
>    public String getName() {
>        return name;
>    }
>
>    public List<String> getRoles() {
>        return roles;
>    }
>
>    public void setRoles(String... newRoles) {
>        roles.clear();
>        for (String role : newRoles) {
>            roles.add(role);
>        }
>    }
> }
>
> And I added the following lines to my testcase:
>
> MockPrincipal principal = new MockPrincipal("admin");
> principal.setRoles("admin", "user");
> container.setRequest(new AuthenticatedMockRequest(principal));
>
> And it works like a charm :)
>
> Thanks, once again,  for your help!
>
> SVen
>
> Bob Schellink wrote:
>> Perhaps we can add a "roles" property to the MockRequest then we can
>> do something like this:
>>
>> // Setup remote user by a new MockPrincipal class
>> Principal p = new MockPrincipal("test");
>> container.getRequest().setPrincipal(p);
>>
>> // Setup roles
>> container.getRequest().setRoles("admin", "user");
>>
>> And then isUserInRoles implementation can be simple:
>>
>>   public boolean isUserInRoles(String role) {
>>     if (roles.contains(role)) {
>>       return true;
>>     } else {
>>       return false;
>>     }
>>   }
>>
>>
>> Or MockPrincipal can expose a method to set its own roles:
>>
>>   public boolean isUserInRoles(String role) {
>>     if (getUserPrincipal().getRoles().contains(role)) {
>>       return true;
>>     } else {
>>       return false;
>>     }
>>   }
>>
>> What do you think?
>>
>> bob
>>
>>
>> Bob Schellink wrote:
>>> Hi Sven,
>>>
>>> You should be able to set the REMOTE_USER with:
>>>
>>>   container.getRequest().addHeader("REMOTE_USER", "admin");
>>>
>>> This won't get you past the unimplemented isUserInRole however. You
>>> could provide a custom MockRequest and set that on the Container
>>> before starting it e.g:
>>>
>>>   container.setRequest(new MyMockRequest());
>>>   container.start();
>>>
>>> where MyMockRequest somehow implements isUserInRole. Haven't really
>>> though of a way to implement isUserInRole but maybe we can expose a
>>> way to setup Roles and Principals for the container which
>>> isUserInRole can test against?
>>>
>>> kind regards
>>>
>>> bob
>>>
>>> Sven Pfeiffer wrote:
>>>>
>>>> I'd like to use click-mock for testing my click web-application.
>>>>
>>>> Several times I need to get the username and role from the request,
>>>> which AFAIK are set by the SecurityRealm.
>>>>
>>>> For example I display the users name on the top of the page using
>>>> context.getRequest().getUserPrincipal().getName()
>>>>
>>>> For security reasons I check the users role in onSecurityCheck() using
>>>> context.getRequest().isUserInRole(<requiredRole>)
>>>>
>>>> Is the a way to inject Username/Role with the mock API?
>>>> In the moment I am trying the following, which results in a NPEX
>>>>
>>>> MockContainer container = new
>>>> MockContainer("C:/dev/projects/clock-mock-test/src/main/webapp");
>>>> container.start();
>>>> container.setParameter(Form.FORM_NAME, "filter");
>>>>
>>>> //setting parameters for a FormTable
>>>> container.setParameter("filterForm_column_0", "entryDate");
>>>> container.setParameter("filterForm_operator_0",
>>>> Operators.AFTER.name());
>>>> container.setParameter("filterForm_value_0", "01.07.2009");
>>>>
>>>> //Thats where I get the NPEX
>>>> MyTestPage page = (MyTestPage) container.testPage(MyTestPage.class);
>>>>
>>>> //The page forward to itself
>>>> assertTrue(MyTestPage.class.getName().equals(container.getForwardPageClass().getName()));
>>>>
>>>>
>>>> container.stop();
>>>>
>>>> In the MockRequest sources I saw that
>>>> isUserInRole(String role) is not implemented yet and
>>>> getUserPrincipal returns a Principal with name
>>>> getHeader("REMOTE_USER"), how can I set REMOTE_USER?
>>>>
>>>>
>>>> Thanks in advance
>>>> SVen
>>>>
>>>
>>>
>>
>>
>
>