Testing – Page 2 – Don't Panic!

User Impersonation with Spring Security

Published on August 20, 2015

A common requirement for secured applications is that admin / super users are able to login as any other user. For example, it may be helpful for a customer support analyst to access a system as if they were a real specific customer. The obvious way to do this is for the admin user to ask for the customer’s password or look it up in the password database. This is usually an unacceptable security compromise – no one should know a customer’s password except for the customer. And if the password database is implemented correctly it should be technically impossible for anyone – not even a system admin or DBA – to discover a user’s password.

An alternative solution is to allow admin users to login with their own unique username and password but allow them to then impersonate any other user. After the admin user has logged in, they can enter the username of another user and then view the application as if they were logged in as that user. Implementing user impersonation in this way also has the advantage that the system knows who has really logged in. If the system has an audit log, we can audit actions against the real admin user, rather than the impersonated user.

Testing with mock users in Spring / Spring MVC

Published on July 23, 2015

A common unit test scenario for Spring / Spring MVC applications is to verify behavior when logged in as a particular user. The new spring-security-test library available with Spring Security version 4 makes testing user access controls in Spring and Spring MVC applications far simpler.

Building Unit Test Data

Published on November 5, 2014

Unit tests have most value when they’re easy to read and understand. Unit tests typically follow a very straightforward pattern:

Simulate system state
Call the method under test
Verify the method’s result and side effects

So long as this pattern is obvious in the test, the test is readable.

XRebel

Published on August 10, 2014

ZeroTurnaround, the smart kids behind JRebel, have launched a new product: XRebel. And boy, it’s a good one! It’s described as “X-Ray glasses for your webapp”. It’s a performance profiler with features previously only seen in serious application performance monitoring (APM) solutions such as AppDynamics and New Relic.

Testing for SimpleDateFormat thread safety

Published on December 8, 2013

It’s a little alarming how many good developers are unaware that many standard Java classes – including subclasses of Format – are not thread safe. Many are also not sure about how their applications perform in a multi-threaded environment or how their web application container (Tomcat) will run their app in multiple threads. This can cause nasty intermittent bugs that can be incredibly hard to find and fix. It’s important to be aware of threading issues at development time but it’s also important to be able to test for them.

MockMVC to test Spring MVC form validation

Published on November 14, 2013

The MockMVC class allows tests to be run against a real Spring application context without actually having to run the complete application in a Servlet container

Coding in the Age of Distraction

Published on April 25, 2013

I must have seen a hundred blog posts suggesting that the best way to become more productive is to minimise distractions: Switch off IM, disconnect the phone, block out quiet time, get a private office and so on. While I’m sure that these would be of benefit, sometimes distraction is inevitable. I could switch off IM, email and my phone but I happen to work at the desk next to my boss. Convenient as it may be, my boss does not come with an off switch. Also, priorities happen. I may believe that my ‘in the zone’ coding time is golden and must not be interrupted on pain of code diva tantrum. However, if the production server goes down then scheduling a fix next week is just not good enough. Finally, I do on occasion like to stop work for the day and go home. A good night’s sleep is definitely a distraction from work but also I think quite important.

It’s certainly worthwhile arranging your environment and schedule so as to minimise distractions. But it is also important to accept that distraction will happen and to plan for it.

Integration Tests with Selenium and tomcat7-maven-plugin

Published on January 18, 2013

Integration tests are a valuable tool in the development of robust, quality software. Once each individual component has been unit tested, the integration test gives some confidence that the system stack as a whole does what is expected. Like unit tests, a great deal of the value of integration tests comes from the regression suite that they create. After any defect fix or enhancement to software, the unit and integration tests confirm that all existing features do exactly what they did before. If these tests are automated, they cost nothing to run and they’ll stay silent unless a defect is discovered.

I’ve looked at unit testing a few times in the past but this post explains how to integration test the full stack – database, Java application and web server. In this case, I’m running the tests as part of the Maven build lifecycle. As usual, I’m working from the Spanners demo (available for download), mainly working against the spanners-struts web component.

Protecting Service Methods with Spring Security Annotations

Published on August 19, 2012

Spring Security is typically used to protect Web Applications by restricting access to URLs based on a user role. However, it can also be used to secure methods and classes so that coding or configuration errors do not allow a back door into restricted data. This builds security deep into the system without cluttering the code. It also allows additional flexibility such as allowing users to access only information relevant to them and not to other users’ information.

DbUnit and Jailer

Published on November 23, 2011

The easiest way of creating datasets for DbUnit tests is often to script out values from a real database. This can be done with a few lines of code in DbUnit itself (see DbUnit FAQs) but it’s easier to use a database tool that can export to DbUnit dataset files. Jailer is one such tool. In its own words:

Jailer is a tool for database subsetting, schema and data browsing. It exports consistent, referentially intact row-sets from relational databases. It removes obsolete data without violating integrity. It is DBMS agnostic (by using JDBC), platform independent, and generates DbUnit datasets, hierarchically structured XML, and topologically sorted SQL-DML.

It’s pretty easy to set up and has the advantage that it can flexibly script target data as well as all associated data necessary to satisfy foreign key constraints.

Category: Testing