Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Write tests verifying proper integration with Spring Security [DATAREST-397] #774

Closed
spring-projects-issues opened this issue Oct 9, 2014 · 5 comments
Closed

Write tests verifying proper integration with Spring Security [DATAREST-397] #774

spring-projects-issues opened this issue Oct 9, 2014 · 5 comments
Assignees
@gregturn
Labels
in: repository type: enhancement A general enhancement
Milestone
2.4 RC1 (Gosling)

Comments

@spring-projects-issues
Copy link

Greg Turnquist opened DATAREST-397 and commented

We need test cases that prove Spring Security's annotations work at all levels as expected when controlling access to repository methods.

The task of filtering/not filtering metadata is not part of this task and is being analyzed separately in https://docs.google.com/a/pivotal.io/document/d/19fAbS90tZ_so88bf97PZCM_OHziX9WDD0UNJTQ8d2dg/edit

Issue Links:

  • SEC-2150 Annotating at class level does not protected Spring Data Repositories methods that are not overriden
    ("depends on")

  • DATAREST-15 Support using basic authentication with Spring Security
    ("is depended on by")

  • DATAREST-14 Document use of Spring Security to recure resources
    ("is depended on by")

  • DATAREST-454 Add section documenting conditional operations
    ("is depended on by")

  • DATAREST-289 Spring Security + Spring Data REST: HTTP 400 instead of 403

  • DATAREST-18 Support using OAuth-2 authentication with Spring Security/Spring OAuth
    ("supersedes")

Referenced from: pull request #171
@spring-projects-issues
Copy link
Author

Greg Turnquist commented

I updated this branch to use the newly released Spring Security 3.2.6.RELEASE. Had to tweak some test dependencies so that CassandraWebTests would still work

@spring-projects-issues
Copy link
Author

Oliver Drotbohm commented

See the comments in the PR. I think we should rather have test cases on the HTTP level rather than on the repository because otherwise it raises the question, why the test cases are actually present in Spring Data REST

@spring-projects-issues
Copy link
Author

Greg Turnquist commented

Updated and rebased against master.

Retooled the test cases to use MockMvc. Took a bit of work since the APIs for Mock testing with Spring Security had big changes. But now it all works perfectly

@spring-projects-issues
Copy link
Author

Oliver Drotbohm commented

The PR doesn't seem to rebase onto master cleanly. I guess it's mostly pom changes. WOuld you mind having another look?

@spring-projects-issues
Copy link
Author

Greg Turnquist commented

I rebased against master and fixed the issues. Should be a clean merge now

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gregturn gregturn

Labels
in: repository type: enhancement A general enhancement
Projects
None yet
Milestone
2.4 RC1 (Gosling)
Development

No branches or pull requests
2 participants
@gregturn @spring-projects-issues