In the project I'm working on, we are using OpenEJB as a framework to test our EJB. We construct an InitialContext programatically, and use it to get the transaction manager and the various EJB.

However, the EJB I have to test now has the @RolesAllowed annotation, and so OpenEJB refuses to get that EJB, arguing I don't have the permissions required.

H开发者_StackOverflow社区ow can I specify to OpenEJB the user this test is supposed to simulate, and the role associated with him?

The @RunAs suggestion bkail mentions is definitely a good way to go. The second approach that doesn't involve inner classes is to login in the testcase.

Login approach

When you bootstrap OpenEJB, specify the user/pass in the InitialContext properties as follows:

public void testAsManager() throws Exception {
    Properties p = new Properties();
    p.put(Context.INITIAL_CONTEXT_FACTORY, "org.apache.openejb.client.LocalInitialContextFactory");
    p.put(Context.SECURITY_PRINCIPAL, "jane");
    p.put(Context.SECURITY_CREDENTIALS, "waterfall");

    InitialContext context = new InitialContext(p);

    try {
        movies.addMovie(new Movie("Quentin Tarantino", "Reservoir Dogs", 1992));
        movies.addMovie(new Movie("Joel Coen", "Fargo", 1996));
        movies.addMovie(new Movie("Joel Coen", "The Big Lebowski", 1998));

        List<Movie> list = movies.getMovies();
        assertEquals("List.size()", 3, list.size());

        for (Movie movie : list) {
            movies.deleteMovie(movie);
        }

        assertEquals("Movies.getMovies()", 0, movies.getMovies().size());
    } finally {
        context.close();
    }
}

Then perhaps test again as a different user:

public void testAsEmployee() throws Exception {
    Properties p = new Properties();
    p.put(Context.INITIAL_CONTEXT_FACTORY, "org.apache.openejb.client.LocalInitialContextFactory");
    p.put(Context.SECURITY_PRINCIPAL, "joe");
    p.put(Context.SECURITY_CREDENTIALS, "cool");

    InitialContext context = new InitialContext(p);

    try {
        movies.addMovie(new Movie("Quentin Tarantino", "Reservoir Dogs", 1992));
        movies.addMovie(new Movie("Joel Coen", "Fargo", 1996));
        movies.addMovie(new Movie("Joel Coen", "The Big Lebowski", 1998));

        List<Movie> list = movies.getMovies();
        assertEquals("List.size()", 3, list.size());

        for (Movie movie : list) {
            try {
                movies.deleteMovie(movie);
                fail("Employees should not be allowed to delete");
            } catch (EJBAccessException e) {
                // Good, Employees cannot delete things
            }
        }

        // The list should still be three movies long
        assertEquals("Movies.getMovies()", 3, movies.getMovies().size());
    } finally {
        context.close();
    }
}

Test users and groups

You can configure test users and groups by putting a users.properties and groups.properties file in the classpath of the testcase. In maven that'd be at the following locations:

• src/test/resources/users.properties
• src/test/resources/groups.properties

The users.properties file might look like this

joe=cool
jane=waterfall

And groups.properties like so

Manager=jane
Employee=jane,joe

See the OpenEJB Testing Security Example. Basically, you indirect through a test bean that has no @RolesAllowed, but uses @RunAs to switch roles before calling the second bean.