Unit Test Secured EJBs in Production : Page 3

Unit testing EJBs that are secured through permissions is complex. Learn how to unit test secured EJBs and EJB-based applications in the same production environment without needing to switch off the permission settings.

by Gopal Sharma

Jun 19, 2006

Page 3 of 5

WEBINAR:

On-Demand

Application Security Testing: An Integral Part of DevOps

~~Watch~~→

Create a Custom Servlet

Begin by creating the custom servlet code:

Override the init method of the JUnitEEServlet servlet with the following code:

		
public void init(ServletConfig config) throws ServletException {  
          super.init(config);
   	Hashtable env = new Hashtable();
   	env.put(Context.INITIAL_CONTEXT_FACTORY,
   	 "com.ibm.websphere.naming.WsnInitialContextFactory");
   	env.put(Context.PROVIDER_URL, config.getInitParameter("PROVIDER_URL"));
  Context initialContext = null;
   	try {
  	initialContext = new InitialContext(env);
  	Object obj = initialContext.lookup("");
  } catch (NamingException e) {	
  	e.printStackTrace();
  }
  
              //programmatic log-in
  
   	LoginContext lc = null;
   	 try {
   	 	lc = new LoginContext("WSLogin",new WSCallbackHandlerImpl(config.getInitParameter("USER_ID"), _
   	 	config.getInitParameter("PASSWORD")));
                       lc.login();
} catch (LoginException le) {  	
  System.out.println("Cannot create LoginContext. " + le.getMessage());
} catch(SecurityException se) {
  System.out.println("Cannot create LoginContext." + se.getMessage());     
}
subject = lc.getSubject();
}

Override the runTests method of JUnitEEServlet with the following code:








		
  //running test cases in the WebSphere secure environment.
        protected TestRunnerResults runTests(String test, String[] testClassNames, HttpServletRequest _
        request, boolean forkThread) {
    final String iTest = test;
    final boolean bForkThread = forkThread;
    final String[] testNames = testClassNames;
    final HttpServletRequest fRequest = request;
  	final TestRunnerResults results = new TestRunnerResults();
    final TestRunner tester = new TestRunner(this.getDynamicClassLoader(), results, forkThread);
     try{
    	WSSubject.doAs(subject, new java.security.PrivilegedAction() {
  	  	  public Object run() {
  	  	    java.security.AccessController.doPrivileged(new java.security.PrivilegedAction() {
  	  	    public Object run() {
  	  	    	String id = fRequest.getSession().getId();
  	  	    	System.setProperty("sessionid",id);
  	  	    	if (iTest == null) {
  	  	          if (bForkThread) {
  	  	            HttpSession session = fRequest.getSession(true);
  	  	            session.setAttribute(TESTRUNNER_KEY, tester);
  	  	            session.setAttribute(TESTRESULT_KEY, results);
  	  	          }
  	  	          tester.run(testNames);
  	  	        } else {
  	  	          tester.run(testNames[0], iTest);
  	  	        }
  	
  	  		    return null;
  		    }
  		   });
  		  return null;
  		  }
	  });
              } catch (Exception e) {
         e.printStackTrace();
  }  
    
    return results;
  }

Override the service methods with the following:

		
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
super.doGet(request, response);  
    }

public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
super.doPost(request,response);
}