SlideShare una empresa de Scribd logo

Testing the Grails Spring Security Plugins

Descargar como ODP, PDF
Burt Beckwith
Burt Beckwith

Talk at http://greach.es/ 2013 on testing Grails applications that use the Spring Security plugins

Tecnología
1 de 18
Testing the Grails Spring Security Plugins Burt Beckwith, SpringSource @burtbeckwith http://burtbeckwith.com/blog/ CONFIDENTIAL © 2010 SpringSource, A division of VMware. All rights reserved
Unit tests are not an option CONFIDENTIAL 2
Unit Tests  Spring Security is implemented as a filter chain • If you use unit testing, mocks, etc. you only test the mocks CONFIDENTIAL 3
Ok, so what about integration tests? CONFIDENTIAL 4
Integration Tests  Spring Security is implemented as a filter chain • If you use integration testing, mock request, response, etc. you still don't have a real filter chain CONFIDENTIAL 5
But there are uses for integration tests CONFIDENTIAL 6
Integration Tests  Grails integration tests are unit tests + Spring + DB + plugins • So you can test the configuration  There's no servlet container, but you can test services • So ACL testing (both Spring Security and Shiro) is a good fit here CONFIDENTIAL 7
Damn, so I have to use functional tests? CONFIDENTIAL 8
Yes. CONFIDENTIAL 9
Functional tests  Ideal for security testing • Make many real requests against a real, properly configured web server • Test authentication, authorization, configuration - everything CONFIDENTIAL 10
Functional tests  Functional test plugins • I use http://grails.org/plugin/functional-test (version 1.2.7) • Geb is a great option - http://www.gebish.org/ • Webdriver/Selenium • jQuery selector syntax • Spock, JUnit & TestNG • Actively developed, active mailing list CONFIDENTIAL 11
Grails functional-test plugin  Apache Commons HttpClient to make GET/POST requests  HtmlUnit to parse responses  JUnit 3 base class with helper methods  2.0 is in development, but I still use 1.2.7 • NEVER RUN create-functional-test script – will overwrite grails- app/conf files CONFIDENTIAL 12
Grails functional-test plugin  Usage • Add plugin dependency in BuildConfig.groovy • test ':functional-test:1.2.7' • Will fail to resolve dependencies on first compile • Fatal error during compilation org.apache.tools.ant.BuildException: java.lang.NoClassDefFoundError: Lcom/gargoylesoftware/htmlunit/html/HTMLParser$Html UnitDOMBuilder • Just run grails compile again CONFIDENTIAL 13
Grails functional-test plugin  Creating test classes • NEVER RUN create-functional-test script – will overwrite grails- app/conf files • Just create a class in test/functional that extends functionaltestplugin.FunctionalTestCase CONFIDENTIAL 14
Grails functional-test plugin import functionaltestplugin.FunctionalTestCase class LoginTests extends FunctionalTestCase { void testSomeWebsiteFeature() { // Here call get(uri) or post(uri) to start // the session and then use the custom // assertXXXX calls etc to check the response // // get('/something') // assertStatus 200 // assertContentContains 'the expected text' } } CONFIDENTIAL 15
How to find all controller actions? import grails.web.Action ... def data = [] for (controller in grailsApplication.controllerClasses) { List<String> actions = controller.clazz.methods.findAll( { it.getAnnotation(Action) })*.name data << [controller: controller.logicalPropertyName, controllerName: controller.fullName, actions: actions.sort()] } CONFIDENTIAL 16
How to find all controller actions? [controller:book, controllerName:greach.BookController, actions:[create, delete, edit, list, save, show, update]] [controller:errors, controllerName:greach.ErrorsController, actions:[error403, error404, error500]] [controller:login, controllerName:LoginController, actions: [ajaxDenied, ajaxSuccess, auth, authAjax, authfail, denied, full, index]] [controller:logout, controllerName:LogoutController, actions:[index]] [controller:secure, controllerName:greach.SecureController, actions:[admin, index, user]] CONFIDENTIAL 17
Demo CONFIDENTIAL 18

Recomendados

Automated Web Testing using JavaScript
Automated Web Testing using JavaScriptAutomated Web Testing using JavaScript
Automated Web Testing using JavaScriptSimon Guest
 
AngularJS Unit Test
AngularJS Unit TestAngularJS Unit Test
AngularJS Unit TestChiew Carol
 
Testing ansible roles with molecule
Testing ansible roles with moleculeTesting ansible roles with molecule
Testing ansible roles with moleculeWerner Dijkerman
 
Test-Driven JavaScript Development (JavaZone 2010)
Test-Driven JavaScript Development (JavaZone 2010)Test-Driven JavaScript Development (JavaZone 2010)
Test-Driven JavaScript Development (JavaZone 2010)Christian Johansen
 
Protractor overview
Protractor overviewProtractor overview
Protractor overviewAbhishek Yadav
 
Selenium-Webdriver With PHPUnit Automation test for Joomla CMS!
Selenium-Webdriver With PHPUnit Automation test for Joomla CMS!Selenium-Webdriver With PHPUnit Automation test for Joomla CMS!
Selenium-Webdriver With PHPUnit Automation test for Joomla CMS!Puneet Kala
 
JavaLand - Integration Testing How-to
JavaLand - Integration Testing How-toJavaLand - Integration Testing How-to
JavaLand - Integration Testing How-toNicolas Fränkel
 
Using Selenium to Improve a Teams Development Cycle
Using Selenium to Improve a Teams Development CycleUsing Selenium to Improve a Teams Development Cycle
Using Selenium to Improve a Teams Development Cycleseleniumconf
 

Recomendados

Automated Web Testing using JavaScript
Automated Web Testing using JavaScriptAutomated Web Testing using JavaScript
Automated Web Testing using JavaScriptSimon Guest
 
AngularJS Unit Test
AngularJS Unit TestAngularJS Unit Test
AngularJS Unit TestChiew Carol
 
Testing ansible roles with molecule
Testing ansible roles with moleculeTesting ansible roles with molecule
Testing ansible roles with moleculeWerner Dijkerman
 
Test-Driven JavaScript Development (JavaZone 2010)
Test-Driven JavaScript Development (JavaZone 2010)Test-Driven JavaScript Development (JavaZone 2010)
Test-Driven JavaScript Development (JavaZone 2010)Christian Johansen
 
Protractor overview
Protractor overviewProtractor overview
Protractor overviewAbhishek Yadav
 
Selenium-Webdriver With PHPUnit Automation test for Joomla CMS!
Selenium-Webdriver With PHPUnit Automation test for Joomla CMS!Selenium-Webdriver With PHPUnit Automation test for Joomla CMS!
Selenium-Webdriver With PHPUnit Automation test for Joomla CMS!Puneet Kala
 
JavaLand - Integration Testing How-to
JavaLand - Integration Testing How-toJavaLand - Integration Testing How-to
JavaLand - Integration Testing How-toNicolas Fränkel
 
Using Selenium to Improve a Teams Development Cycle
Using Selenium to Improve a Teams Development CycleUsing Selenium to Improve a Teams Development Cycle
Using Selenium to Improve a Teams Development Cycleseleniumconf
 
Testing React Applications
Testing React ApplicationsTesting React Applications
Testing React Applicationsstbaechler
 
API Testing following the Test Pyramid
API Testing following the Test PyramidAPI Testing following the Test Pyramid
API Testing following the Test PyramidElias Nogueira
 
Riga Dev Day - Automated Android Continuous Integration
Riga Dev Day - Automated Android Continuous IntegrationRiga Dev Day - Automated Android Continuous Integration
Riga Dev Day - Automated Android Continuous IntegrationNicolas Fränkel
 
Selenium 2 for PHP(Unit)
Selenium 2 for PHP(Unit)Selenium 2 for PHP(Unit)
Selenium 2 for PHP(Unit)AOE
 
Automated Smoke Tests with Protractor
Automated Smoke Tests with ProtractorAutomated Smoke Tests with Protractor
Automated Smoke Tests with Protractor🌱 Dale Spoonemore
 
Unit testing JavaScript: Jasmine & karma intro
Unit testing JavaScript: Jasmine & karma introUnit testing JavaScript: Jasmine & karma intro
Unit testing JavaScript: Jasmine & karma introMaurice De Beijer [MVP]
 
Protractor Tutorial Quality in Agile 2015
Protractor Tutorial Quality in Agile 2015Protractor Tutorial Quality in Agile 2015
Protractor Tutorial Quality in Agile 2015Andrew Eisenberg
 
Arquillian
ArquillianArquillian
Arquilliannukeevry1
 
Spring Boot
Spring BootSpring Boot
Spring BootJaran Flaath
 
AngularJS and Protractor
AngularJS and ProtractorAngularJS and Protractor
AngularJS and ProtractorFilipe Falcão
 
Front-End Testing: Demystified
Front-End Testing: DemystifiedFront-End Testing: Demystified
Front-End Testing: DemystifiedSeth McLaughlin
 
Building Quality with Foundations of Mud
Building Quality with Foundations of MudBuilding Quality with Foundations of Mud
Building Quality with Foundations of Mudseleniumconf
 
Testing Java EE apps with Arquillian
Testing Java EE apps with ArquillianTesting Java EE apps with Arquillian
Testing Java EE apps with ArquillianIvan Ivanov
 
Testing in AngularJS
Testing in AngularJSTesting in AngularJS
Testing in AngularJSPeter Drinnan
 
Automated Testing in Angular Slides
Automated Testing in Angular SlidesAutomated Testing in Angular Slides
Automated Testing in Angular SlidesJim Lynch
 
Angular Unit Testing
Angular Unit TestingAngular Unit Testing
Angular Unit TestingShailendra Chauhan
 
How to customize Spring Boot?
How to customize Spring Boot?How to customize Spring Boot?
How to customize Spring Boot?GilWon Oh
 
Spring Boot
Spring BootSpring Boot
Spring BootHongSeong Jeon
 
Testing Web Applications
Testing Web ApplicationsTesting Web Applications
Testing Web ApplicationsSeth McLaughlin
 
2014 Joker - Integration Testing from the Trenches
2014 Joker - Integration Testing from the Trenches2014 Joker - Integration Testing from the Trenches
2014 Joker - Integration Testing from the TrenchesNicolas Fränkel
 
Интеграция решения по тестированию производительности в существующий фреймвор...
Интеграция решения по тестированию производительности в существующий фреймвор...Интеграция решения по тестированию производительности в существующий фреймвор...
Интеграция решения по тестированию производительности в существующий фреймвор...COMAQA.BY
 
How to work with Selenium Grid and Cloud Solutions
How to work with Selenium Grid and Cloud SolutionsHow to work with Selenium Grid and Cloud Solutions
How to work with Selenium Grid and Cloud SolutionsNoam Zakai
 

Más contenido relacionado

La actualidad más candente

Testing React Applications
Testing React ApplicationsTesting React Applications
Testing React Applicationsstbaechler
 
API Testing following the Test Pyramid
API Testing following the Test PyramidAPI Testing following the Test Pyramid
API Testing following the Test PyramidElias Nogueira
 
Riga Dev Day - Automated Android Continuous Integration
Riga Dev Day - Automated Android Continuous IntegrationRiga Dev Day - Automated Android Continuous Integration
Riga Dev Day - Automated Android Continuous IntegrationNicolas Fränkel
 
Selenium 2 for PHP(Unit)
Selenium 2 for PHP(Unit)Selenium 2 for PHP(Unit)
Selenium 2 for PHP(Unit)AOE
 
Automated Smoke Tests with Protractor
Automated Smoke Tests with ProtractorAutomated Smoke Tests with Protractor
Automated Smoke Tests with Protractor🌱 Dale Spoonemore
 
Unit testing JavaScript: Jasmine & karma intro
Unit testing JavaScript: Jasmine & karma introUnit testing JavaScript: Jasmine & karma intro
Unit testing JavaScript: Jasmine & karma introMaurice De Beijer [MVP]
 
Protractor Tutorial Quality in Agile 2015
Protractor Tutorial Quality in Agile 2015Protractor Tutorial Quality in Agile 2015
Protractor Tutorial Quality in Agile 2015Andrew Eisenberg
 
AngularJS and Protractor
AngularJS and ProtractorAngularJS and Protractor
AngularJS and ProtractorFilipe Falcão
 
Front-End Testing: Demystified
Front-End Testing: DemystifiedFront-End Testing: Demystified
Front-End Testing: DemystifiedSeth McLaughlin
 
Building Quality with Foundations of Mud
Building Quality with Foundations of MudBuilding Quality with Foundations of Mud
Building Quality with Foundations of Mudseleniumconf
 
Testing Java EE apps with Arquillian
Testing Java EE apps with ArquillianTesting Java EE apps with Arquillian
Testing Java EE apps with ArquillianIvan Ivanov
 
Testing in AngularJS
Testing in AngularJSTesting in AngularJS
Testing in AngularJSPeter Drinnan
 
Automated Testing in Angular Slides
Automated Testing in Angular SlidesAutomated Testing in Angular Slides
Automated Testing in Angular SlidesJim Lynch
 
How to customize Spring Boot?
How to customize Spring Boot?How to customize Spring Boot?
How to customize Spring Boot?GilWon Oh
 
Testing Web Applications
Testing Web ApplicationsTesting Web Applications
Testing Web ApplicationsSeth McLaughlin
 
2014 Joker - Integration Testing from the Trenches
2014 Joker - Integration Testing from the Trenches2014 Joker - Integration Testing from the Trenches
2014 Joker - Integration Testing from the TrenchesNicolas Fränkel
 

La actualidad más candente (20)

Testing React Applications
Testing React ApplicationsTesting React Applications
Testing React Applications
 
API Testing following the Test Pyramid
API Testing following the Test PyramidAPI Testing following the Test Pyramid
API Testing following the Test Pyramid
 
Riga Dev Day - Automated Android Continuous Integration
Riga Dev Day - Automated Android Continuous IntegrationRiga Dev Day - Automated Android Continuous Integration
Riga Dev Day - Automated Android Continuous Integration
 
Selenium 2 for PHP(Unit)
Selenium 2 for PHP(Unit)Selenium 2 for PHP(Unit)
Selenium 2 for PHP(Unit)
 
Automated Smoke Tests with Protractor
Automated Smoke Tests with ProtractorAutomated Smoke Tests with Protractor
Automated Smoke Tests with Protractor
 
Unit testing JavaScript: Jasmine & karma intro
Unit testing JavaScript: Jasmine & karma introUnit testing JavaScript: Jasmine & karma intro
Unit testing JavaScript: Jasmine & karma intro
 
Protractor Tutorial Quality in Agile 2015
Protractor Tutorial Quality in Agile 2015Protractor Tutorial Quality in Agile 2015
Protractor Tutorial Quality in Agile 2015
 
Arquillian
ArquillianArquillian
Arquillian
 
Spring Boot
Spring BootSpring Boot
Spring Boot
 
AngularJS and Protractor
AngularJS and ProtractorAngularJS and Protractor
AngularJS and Protractor
 
Front-End Testing: Demystified
Front-End Testing: DemystifiedFront-End Testing: Demystified
Front-End Testing: Demystified
 
Building Quality with Foundations of Mud
Building Quality with Foundations of MudBuilding Quality with Foundations of Mud
Building Quality with Foundations of Mud
 
Testing Java EE apps with Arquillian
Testing Java EE apps with ArquillianTesting Java EE apps with Arquillian
Testing Java EE apps with Arquillian
 
Testing in AngularJS
Testing in AngularJSTesting in AngularJS
Testing in AngularJS
 
Automated Testing in Angular Slides
Automated Testing in Angular SlidesAutomated Testing in Angular Slides
Automated Testing in Angular Slides
 
Angular Unit Testing
Angular Unit TestingAngular Unit Testing
Angular Unit Testing
 
How to customize Spring Boot?
How to customize Spring Boot?How to customize Spring Boot?
How to customize Spring Boot?
 
Spring Boot
Spring BootSpring Boot
Spring Boot
 
Testing Web Applications
Testing Web ApplicationsTesting Web Applications
Testing Web Applications
 
2014 Joker - Integration Testing from the Trenches
2014 Joker - Integration Testing from the Trenches2014 Joker - Integration Testing from the Trenches
2014 Joker - Integration Testing from the Trenches
 

Similar a Testing the Grails Spring Security Plugins

Интеграция решения по тестированию производительности в существующий фреймвор...
Интеграция решения по тестированию производительности в существующий фреймвор...Интеграция решения по тестированию производительности в существующий фреймвор...
Интеграция решения по тестированию производительности в существующий фреймвор...COMAQA.BY
 
How to work with Selenium Grid and Cloud Solutions
How to work with Selenium Grid and Cloud SolutionsHow to work with Selenium Grid and Cloud Solutions
How to work with Selenium Grid and Cloud SolutionsNoam Zakai
 
UI Testing Automation - Alex Kalinovsky - CreamTec LLC
UI Testing Automation - Alex Kalinovsky - CreamTec LLCUI Testing Automation - Alex Kalinovsky - CreamTec LLC
UI Testing Automation - Alex Kalinovsky - CreamTec LLCJim Lane
 
Automated Testing using JavaScript
Automated Testing using JavaScriptAutomated Testing using JavaScript
Automated Testing using JavaScriptSimon Guest
 
Cloud Platforms for Java
Cloud Platforms for JavaCloud Platforms for Java
Cloud Platforms for Java3Pillar Global
 
Enterprise Build And Test In The Cloud
Enterprise Build And Test In The CloudEnterprise Build And Test In The Cloud
Enterprise Build And Test In The CloudCarlos Sanchez
 
Testing your application on Google App Engine
Testing your application on Google App EngineTesting your application on Google App Engine
Testing your application on Google App EngineInphina Technologies
 
Testing Your Application On Google App Engine
Testing Your Application On Google App EngineTesting Your Application On Google App Engine
Testing Your Application On Google App EngineIndicThreads
 
End to-end testing from rookie to pro
End to-end testing from rookie to proEnd to-end testing from rookie to pro
End to-end testing from rookie to proDomenico Gemoli
 
Codeception introduction and use in Yii
Codeception introduction and use in YiiCodeception introduction and use in Yii
Codeception introduction and use in YiiIlPeach
 
Selenium-Browser-Based-Automated-Testing-for-Grails-Apps
Selenium-Browser-Based-Automated-Testing-for-Grails-AppsSelenium-Browser-Based-Automated-Testing-for-Grails-Apps
Selenium-Browser-Based-Automated-Testing-for-Grails-Appschrisb206 chrisb206
 
Java Day Kharkiv - Integration Testing from the Trenches Rebooted
Java Day Kharkiv - Integration Testing from the Trenches RebootedJava Day Kharkiv - Integration Testing from the Trenches Rebooted
Java Day Kharkiv - Integration Testing from the Trenches RebootedNicolas Fränkel
 
Oh so you test? - A guide to testing on Android from Unit to Mutation
Oh so you test? - A guide to testing on Android from Unit to MutationOh so you test? - A guide to testing on Android from Unit to Mutation
Oh so you test? - A guide to testing on Android from Unit to MutationPaul Blundell
 
Selenium Automation in Java Using HttpWatch Plug-in
Selenium Automation in Java Using HttpWatch Plug-in Selenium Automation in Java Using HttpWatch Plug-in
Selenium Automation in Java Using HttpWatch Plug-in Sandeep Tol
 
Никита Галкин "Testing in Frontend World"
Никита Галкин "Testing in Frontend World"Никита Галкин "Testing in Frontend World"
Никита Галкин "Testing in Frontend World"Fwdays
 
Altitude San Francisco 2018: Testing with Fastly Workshop
Altitude San Francisco 2018: Testing with Fastly WorkshopAltitude San Francisco 2018: Testing with Fastly Workshop
Altitude San Francisco 2018: Testing with Fastly WorkshopFastly
 
Aikau testing tech talk live 83 20150204
Aikau testing tech talk live 83 20150204Aikau testing tech talk live 83 20150204
Aikau testing tech talk live 83 20150204David Webster
 
Testing in Ballerina Language
Testing in Ballerina LanguageTesting in Ballerina Language
Testing in Ballerina LanguageLynn Langit
 
Test Driven Development for Microservices
Test Driven Development for MicroservicesTest Driven Development for Microservices
Test Driven Development for MicroservicesBallerina
 

Similar a Testing the Grails Spring Security Plugins (20)

Интеграция решения по тестированию производительности в существующий фреймвор...
Интеграция решения по тестированию производительности в существующий фреймвор...Интеграция решения по тестированию производительности в существующий фреймвор...
Интеграция решения по тестированию производительности в существующий фреймвор...
 
How to work with Selenium Grid and Cloud Solutions
How to work with Selenium Grid and Cloud SolutionsHow to work with Selenium Grid and Cloud Solutions
How to work with Selenium Grid and Cloud Solutions
 
UI Testing Automation - Alex Kalinovsky - CreamTec LLC
UI Testing Automation - Alex Kalinovsky - CreamTec LLCUI Testing Automation - Alex Kalinovsky - CreamTec LLC
UI Testing Automation - Alex Kalinovsky - CreamTec LLC
 
Automated Testing using JavaScript
Automated Testing using JavaScriptAutomated Testing using JavaScript
Automated Testing using JavaScript
 
Cloud Platforms for Java
Cloud Platforms for JavaCloud Platforms for Java
Cloud Platforms for Java
 
Enterprise Build And Test In The Cloud
Enterprise Build And Test In The CloudEnterprise Build And Test In The Cloud
Enterprise Build And Test In The Cloud
 
Testing your application on Google App Engine
Testing your application on Google App EngineTesting your application on Google App Engine
Testing your application on Google App Engine
 
Testing Your Application On Google App Engine
Testing Your Application On Google App EngineTesting Your Application On Google App Engine
Testing Your Application On Google App Engine
 
End to-end testing from rookie to pro
End to-end testing from rookie to proEnd to-end testing from rookie to pro
End to-end testing from rookie to pro
 
Codeception introduction and use in Yii
Codeception introduction and use in YiiCodeception introduction and use in Yii
Codeception introduction and use in Yii
 
Angular Unit Testing
Angular Unit TestingAngular Unit Testing
Angular Unit Testing
 
Selenium-Browser-Based-Automated-Testing-for-Grails-Apps
Selenium-Browser-Based-Automated-Testing-for-Grails-AppsSelenium-Browser-Based-Automated-Testing-for-Grails-Apps
Selenium-Browser-Based-Automated-Testing-for-Grails-Apps
 
Java Day Kharkiv - Integration Testing from the Trenches Rebooted
Java Day Kharkiv - Integration Testing from the Trenches RebootedJava Day Kharkiv - Integration Testing from the Trenches Rebooted
Java Day Kharkiv - Integration Testing from the Trenches Rebooted
 
Oh so you test? - A guide to testing on Android from Unit to Mutation
Oh so you test? - A guide to testing on Android from Unit to MutationOh so you test? - A guide to testing on Android from Unit to Mutation
Oh so you test? - A guide to testing on Android from Unit to Mutation
 
Selenium Automation in Java Using HttpWatch Plug-in
Selenium Automation in Java Using HttpWatch Plug-in Selenium Automation in Java Using HttpWatch Plug-in
Selenium Automation in Java Using HttpWatch Plug-in
 
Никита Галкин "Testing in Frontend World"
Никита Галкин "Testing in Frontend World"Никита Галкин "Testing in Frontend World"
Никита Галкин "Testing in Frontend World"
 
Altitude San Francisco 2018: Testing with Fastly Workshop
Altitude San Francisco 2018: Testing with Fastly WorkshopAltitude San Francisco 2018: Testing with Fastly Workshop
Altitude San Francisco 2018: Testing with Fastly Workshop
 
Aikau testing tech talk live 83 20150204
Aikau testing tech talk live 83 20150204Aikau testing tech talk live 83 20150204
Aikau testing tech talk live 83 20150204
 
Testing in Ballerina Language
Testing in Ballerina LanguageTesting in Ballerina Language
Testing in Ballerina Language
 
Test Driven Development for Microservices
Test Driven Development for MicroservicesTest Driven Development for Microservices
Test Driven Development for Microservices
 

Más de Burt Beckwith

Advanced GORM - Performance, Customization and Monitoring
Advanced GORM - Performance, Customization and MonitoringAdvanced GORM - Performance, Customization and Monitoring
Advanced GORM - Performance, Customization and MonitoringBurt Beckwith
 
Fun With Spring Security
Fun With Spring SecurityFun With Spring Security
Fun With Spring SecurityBurt Beckwith
 
Little Did He Know ...
Little Did He Know ...Little Did He Know ...
Little Did He Know ...Burt Beckwith
 
Hacking the Grails Spring Security 2.0 Plugin
Hacking the Grails Spring Security 2.0 PluginHacking the Grails Spring Security 2.0 Plugin
Hacking the Grails Spring Security 2.0 PluginBurt Beckwith
 
What's New in spring-security-core 2.0
What's New in spring-security-core 2.0What's New in spring-security-core 2.0
What's New in spring-security-core 2.0Burt Beckwith
 
Grails Worst Practices
Grails Worst PracticesGrails Worst Practices
Grails Worst PracticesBurt Beckwith
 
Grails Plugin Best Practices
Grails Plugin Best PracticesGrails Plugin Best Practices
Grails Plugin Best PracticesBurt Beckwith
 
Securing Grails Applications
Securing Grails ApplicationsSecuring Grails Applications
Securing Grails ApplicationsBurt Beckwith
 
Under the Hood: Using Spring in Grails
Under the Hood: Using Spring in GrailsUnder the Hood: Using Spring in Grails
Under the Hood: Using Spring in GrailsBurt Beckwith
 

Más de Burt Beckwith (10)

Advanced GORM - Performance, Customization and Monitoring
Advanced GORM - Performance, Customization and MonitoringAdvanced GORM - Performance, Customization and Monitoring
Advanced GORM - Performance, Customization and Monitoring
 
Fun With Spring Security
Fun With Spring SecurityFun With Spring Security
Fun With Spring Security
 
Little Did He Know ...
Little Did He Know ...Little Did He Know ...
Little Did He Know ...
 
Hacking the Grails Spring Security 2.0 Plugin
Hacking the Grails Spring Security 2.0 PluginHacking the Grails Spring Security 2.0 Plugin
Hacking the Grails Spring Security 2.0 Plugin
 
What's New in spring-security-core 2.0
What's New in spring-security-core 2.0What's New in spring-security-core 2.0
What's New in spring-security-core 2.0
 
Grails Worst Practices
Grails Worst PracticesGrails Worst Practices
Grails Worst Practices
 
Grails Transactions
Grails TransactionsGrails Transactions
Grails Transactions
 
Grails Plugin Best Practices
Grails Plugin Best PracticesGrails Plugin Best Practices
Grails Plugin Best Practices
 
Securing Grails Applications
Securing Grails ApplicationsSecuring Grails Applications
Securing Grails Applications
 
Under the Hood: Using Spring in Grails
Under the Hood: Using Spring in GrailsUnder the Hood: Using Spring in Grails
Under the Hood: Using Spring in Grails
 

Último

SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 

Último (20)

SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 

Testing the Grails Spring Security Plugins

  • 1. Testing the Grails Spring Security Plugins Burt Beckwith, SpringSource @burtbeckwith http://burtbeckwith.com/blog/ CONFIDENTIAL © 2010 SpringSource, A division of VMware. All rights reserved
  • 2. Unit tests are not an option CONFIDENTIAL 2
  • 3. Unit Tests  Spring Security is implemented as a filter chain • If you use unit testing, mocks, etc. you only test the mocks CONFIDENTIAL 3
  • 4. Ok, so what about integration tests? CONFIDENTIAL 4
  • 5. Integration Tests  Spring Security is implemented as a filter chain • If you use integration testing, mock request, response, etc. you still don't have a real filter chain CONFIDENTIAL 5
  • 6. But there are uses for integration tests CONFIDENTIAL 6
  • 7. Integration Tests  Grails integration tests are unit tests + Spring + DB + plugins • So you can test the configuration  There's no servlet container, but you can test services • So ACL testing (both Spring Security and Shiro) is a good fit here CONFIDENTIAL 7
  • 8. Damn, so I have to use functional tests? CONFIDENTIAL 8
  • 10. Functional tests  Ideal for security testing • Make many real requests against a real, properly configured web server • Test authentication, authorization, configuration - everything CONFIDENTIAL 10
  • 11. Functional tests  Functional test plugins • I use http://grails.org/plugin/functional-test (version 1.2.7) • Geb is a great option - http://www.gebish.org/ • Webdriver/Selenium • jQuery selector syntax • Spock, JUnit & TestNG • Actively developed, active mailing list CONFIDENTIAL 11
  • 12. Grails functional-test plugin  Apache Commons HttpClient to make GET/POST requests  HtmlUnit to parse responses  JUnit 3 base class with helper methods  2.0 is in development, but I still use 1.2.7 • NEVER RUN create-functional-test script – will overwrite grails- app/conf files CONFIDENTIAL 12
  • 13. Grails functional-test plugin  Usage • Add plugin dependency in BuildConfig.groovy • test ':functional-test:1.2.7' • Will fail to resolve dependencies on first compile • Fatal error during compilation org.apache.tools.ant.BuildException: java.lang.NoClassDefFoundError: Lcom/gargoylesoftware/htmlunit/html/HTMLParser$Html UnitDOMBuilder • Just run grails compile again CONFIDENTIAL 13
  • 14. Grails functional-test plugin  Creating test classes • NEVER RUN create-functional-test script – will overwrite grails- app/conf files • Just create a class in test/functional that extends functionaltestplugin.FunctionalTestCase CONFIDENTIAL 14
  • 15. Grails functional-test plugin import functionaltestplugin.FunctionalTestCase class LoginTests extends FunctionalTestCase { void testSomeWebsiteFeature() { // Here call get(uri) or post(uri) to start // the session and then use the custom // assertXXXX calls etc to check the response // // get('/something') // assertStatus 200 // assertContentContains 'the expected text' } } CONFIDENTIAL 15
  • 16. How to find all controller actions? import grails.web.Action ... def data = [] for (controller in grailsApplication.controllerClasses) { List<String> actions = controller.clazz.methods.findAll( { it.getAnnotation(Action) })*.name data << [controller: controller.logicalPropertyName, controllerName: controller.fullName, actions: actions.sort()] } CONFIDENTIAL 16
  • 17. How to find all controller actions? [controller:book, controllerName:greach.BookController, actions:[create, delete, edit, list, save, show, update]] [controller:errors, controllerName:greach.ErrorsController, actions:[error403, error404, error500]] [controller:login, controllerName:LoginController, actions: [ajaxDenied, ajaxSuccess, auth, authAjax, authfail, denied, full, index]] [controller:logout, controllerName:LogoutController, actions:[index]] [controller:secure, controllerName:greach.SecureController, actions:[admin, index, user]] CONFIDENTIAL 17