3. Unit Tests
Spring Security is implemented as
a filter chain
• If you use unit testing, mocks, etc.
you only test the mocks
CONFIDENTIAL 3
4. Ok, so what about integration tests?
CONFIDENTIAL 4
5. Integration Tests
Spring Security is implemented as
a filter chain
• If you use integration testing, mock
request, response, etc. you still don't
have a real filter chain
CONFIDENTIAL 5
6. But there are uses for integration tests
CONFIDENTIAL 6
7. Integration Tests
Grails integration tests are unit tests + Spring + DB + plugins
• So you can test the configuration
There's no servlet container, but you can test services
• So ACL testing (both Spring Security and Shiro) is a good fit here
CONFIDENTIAL 7
8. Damn, so I have to use functional tests?
CONFIDENTIAL 8
10. Functional tests
Ideal for security testing
• Make many real requests against a real, properly configured web server
• Test authentication, authorization, configuration - everything
CONFIDENTIAL 10
11. Functional tests
Functional test plugins
• I use http://grails.org/plugin/functional-test (version 1.2.7)
• Geb is a great option - http://www.gebish.org/
• Webdriver/Selenium
• jQuery selector syntax
• Spock, JUnit & TestNG
• Actively developed, active mailing list
CONFIDENTIAL 11
12. Grails functional-test plugin
Apache Commons HttpClient to make GET/POST requests
HtmlUnit to parse responses
JUnit 3 base class with helper methods
2.0 is in development, but I still use 1.2.7
• NEVER RUN create-functional-test script – will overwrite grails-
app/conf files
CONFIDENTIAL 12
13. Grails functional-test plugin
Usage
• Add plugin dependency in BuildConfig.groovy
• test ':functional-test:1.2.7'
• Will fail to resolve dependencies on first compile
• Fatal error during compilation
org.apache.tools.ant.BuildException:
java.lang.NoClassDefFoundError:
Lcom/gargoylesoftware/htmlunit/html/HTMLParser$Html
UnitDOMBuilder
• Just run grails compile again
CONFIDENTIAL 13
14. Grails functional-test plugin
Creating test classes
• NEVER RUN create-functional-test script – will overwrite grails-
app/conf files
• Just create a class in test/functional that extends
functionaltestplugin.FunctionalTestCase
CONFIDENTIAL 14
15. Grails functional-test plugin
import functionaltestplugin.FunctionalTestCase
class LoginTests extends FunctionalTestCase {
void testSomeWebsiteFeature() {
// Here call get(uri) or post(uri) to start
// the session and then use the custom
// assertXXXX calls etc to check the response
//
// get('/something')
// assertStatus 200
// assertContentContains 'the expected text'
}
}
CONFIDENTIAL 15
16. How to find all controller actions?
import grails.web.Action
...
def data = []
for (controller in grailsApplication.controllerClasses) {
List<String> actions = controller.clazz.methods.findAll(
{ it.getAnnotation(Action) })*.name
data << [controller: controller.logicalPropertyName,
controllerName: controller.fullName,
actions: actions.sort()]
}
CONFIDENTIAL 16