7 komentáře “How do YOU test access control of your application?

  1. Zpětný odkaz: » Šestý rok Myšlenek dne otce Fura Myšlenky dne otce Fura

  2. Had I nice annotations which you mention in your post I would consider not to write integration tests like these at all (assuming that each annotation is tested on its own) as they would not help me write production code or prevent future bugs. Only way to introduce bug is to miss to add annotation or delete one that’s already there – which is unlikely.

  3. Just a comment: You are setting access rights per role, but test users. IMHO it would be better to test roles. I mean that if your method has attribute @AllowedForAdministrator, I would expect to see something like this in the test: @RunAsRole(UserRoles.ADMINISTRATOR). Let the test runner figure out which user it needs to run the test.

    • Yes, you’re right. I usually have test user accounts named appropriatelly that represent those roles. So I use such accounts – but you are right it could be based directly on roles and it might make it a little more understandable.