2

I have a service:

@RolesAllowed({ROLE_ADMIN, ROLE_USER})
@Stateless
@Path("test")
public class TestServiceImpl implements TestService

And a TestNG test with the following

@Listeners({ApplicationComposerListener.class})
@EnableServices("jax-rs")
public class BaseTest {

    @EJB
    private TestService rs;

    @Module
    @Classes(cdi = true, value = {...})
    public WebApp myWebApplication() {
        return new WebApp()
                .contextRoot("myRoot")
                .addServlet("", ApplicationConfig.class.getName());
    }

...
    MyResponse res = WebClient
                .create("http://localhost:4204/myRoot")
                .accept(MediaType.APPLICATION_JSON)
                .type(MediaType.TEXT_PLAIN)
                .path("test/...")
                .query("param", someParam)
                .get(MyResponse.class);

This works fine as long as I remove the RolesAllowed from the service, but won't allow access when it's there (as it should)

Since I'm not testing the security but rather end-2-end functionality, is there a way to simulate the relevant security-context with no knowledge of the full authentication mechanism?

Maybe something like

@Module
@Classes(cdi = true, value = {...})
public WebApp myWebApplication() {
    return new WebApp()
            .contextRoot("myRoot")

.withRoles({ROLE_ADMIN, ROLE_USER})

            .addServlet("", ApplicationConfig.class.getName());
}
juherr
  • 5,640
  • 1
  • 21
  • 63
Aviram
  • 553
  • 1
  • 8
  • 21

0 Answers0