從歷史上講，很難對(duì)安全的EJB進(jìn)行測(cè)試。 到目前為止，我一直在使用諸如用Arquillian 在WildFly 8.1.x上測(cè)試安全的EJB文章中描述的JBossLoginContextFactory等專(zhuān)有技術(shù)來(lái)測(cè)試安全的EJB。

在本年度Devoxx中 ， Apache TomEE項(xiàng)目（輕量級(jí)Java EE應(yīng)用程序服務(wù)器）的創(chuàng)始人David Blevins為我?guī)?lái)了一個(gè)小竅門(mén)，我們可以使用該技巧以一種標(biāo)準(zhǔn)方式處理Java EE安全性，該方法可在所有符合Java EE的服務(wù)器上運(yùn)行。

GitHub上的javaee-testing / security提供了本文中使用的示例。

編碼

要測(cè)試的代碼包括一個(gè)實(shí)體和一個(gè)EJB服務(wù)，如下所示。

圖書(shū)實(shí)體

@Entity public class Book {@Id@GeneratedValue(strategy = GenerationType.IDENTITY)private Integer id;private String isbn;private String title;public Book() {}public Book(String isbn, String title) {this.isbn = isbn;this.title = title;}// getters and setters omitted for brevity }

書(shū)架EJB服務(wù)

@Stateless public class BookshelfService {@PersistenceContext(unitName = "bookshelfManager")private EntityManager entityManager;@RolesAllowed({ "User", "Manager" })public void addBook(Book book) {entityManager.persist(book);}@RolesAllowed({ "Manager" })public void deleteBook(Book book) {entityManager.remove(book);}@PermitAll@TransactionAttribute(TransactionAttributeType.SUPPORTS)public List<Book> getBooks() {TypedQuery<Book> query = entityManager.createQuery("SELECT b from Book as b", Book.class);return query.getResultList();} }

測(cè)試類(lèi)使用Arquillian進(jìn)行集成測(cè)試，并斷言尊重我們EJB上定義的安全角色。

書(shū)架服務(wù)測(cè)試

@RunWith(Arquillian.class) public class BookshelfServiceIT {@Injectprivate BookshelfService bookshelfService;@Injectprivate BookshelfManager manager;@Injectprivate BookshelfUser user;@Deploymentpublic static JavaArchive createDeployment() throws IOException {return ShrinkWrap.create(JavaArchive.class, "javaee-testing-security.jar").addClasses(Book.class, BookshelfService.class, BookshelfManager.class, BookshelfUser.class).addAsManifestResource("META-INF/persistence.xml", "persistence.xml").addAsManifestResource(EmptyAsset.INSTANCE, ArchivePaths.create("beans.xml"));}@Testpublic void testAsManager() throws Exception {manager.call(new Callable<Book>() {@Overridepublic Book call() throws Exception {bookshelfService.addBook(new Book("978-1-4302-4626-8", "Beginning Java EE 7"));bookshelfService.addBook(new Book("978-1-4493-2829-0", "Continuous Enterprise Development in Java"));List<Book> books = bookshelfService.getBooks();Assert.assertEquals("List.size()", 2, books.size());for (Book book : books) {bookshelfService.deleteBook(book);}Assert.assertEquals("BookshelfService.getBooks()", 0, bookshelfService.getBooks().size());return null;}});}@Testpublic void testAsUser() throws Exception {user.call(new Callable<Book>() {@Overridepublic Book call() throws Exception {bookshelfService.addBook(new Book("978-1-4302-4626-8", "Beginning Java EE 7"));bookshelfService.addBook(new Book("978-1-4493-2829-0", "Continuous Enterprise Development in Java"));List<Book> books = bookshelfService.getBooks();Assert.assertEquals("List.size()", 2, books.size());for (Book book : books) {try {bookshelfService.deleteBook(book);Assert.fail("Users should not be allowed to delete");} catch (EJBAccessException e) {// Good, users cannot delete things}}// The list should not be emptyAssert.assertEquals("BookshelfService.getBooks()", 2, bookshelfService.getBooks().size());return null;}});}@Testpublic void testUnauthenticated() throws Exception {try {bookshelfService.addBook(new Book("978-1-4302-4626-8", "Beginning Java EE 7"));Assert.fail("Unauthenticated users should not be able to add books");} catch (EJBAccessException e) {// Good, unauthenticated users cannot add things}try {bookshelfService.deleteBook(null);Assert.fail("Unauthenticated users should not be allowed to delete");} catch (EJBAccessException e) {// Good, unauthenticated users cannot delete things}try {// Read access should be allowedList<Book> books = bookshelfService.getBooks();Assert.assertEquals("BookshelfService.getBooks()", 0, books.size());} catch (EJBAccessException e) {Assert.fail("Read access should be allowed");}} }

技巧是在兩個(gè)輔助EJB上，它們通過(guò)使用@RunAs標(biāo)準(zhǔn)注釋允許我們的測(cè)試代碼在所需的安全范圍內(nèi)執(zhí)行。

書(shū)架經(jīng)理角色

@Stateless @RunAs("Manager") @PermitAll public class BookshelfManager {public <V> V call(Callable<V> callable) throws Exception {return callable.call();} }

書(shū)架用戶角色

@Stateless @RunAs("User") @PermitAll public class BookshelfUser {public <V> V call(Callable<V> callable) throws Exception {return callable.call();} }

跑步

-------------------------------------------------------T E S T S ------------------------------------------------------- Running com.samaxes.javaeetesting.security.BookshelfServiceIT nov 23, 2014 2:44:48 AM org.xnio.Xnio <clinit> INFO: XNIO version 3.2.0.Beta4 nov 23, 2014 2:44:48 AM org.xnio.nio.NioXnio <clinit> INFO: XNIO NIO Implementation Version 3.2.0.Beta4 nov 23, 2014 2:44:49 AM org.jboss.remoting3.EndpointImpl <clinit> INFO: JBoss Remoting version (unknown) Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 36.69 sec - in com.samaxes.javaeetesting.security.BookshelfServiceITResults :Tests run: 3, Failures: 0, Errors: 0, Skipped: 0

測(cè)試愉快！

翻譯自: https://www.javacodegeeks.com/2014/11/testing-secured-ejbs-with-arquillian.html

總結(jié)

以上是生活随笔為你收集整理的使用Arquillian测试安全的EJB的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。