由于在Service层通过annotation限定了访问权限,并且需要根据用户权限进行业务数据过滤,因此shiro官方提供的方案实现不了。如果只是简单的需求,可以参照官方文档。
shiro配置
为了能够集成测试,需要为shiro单独设立一个测试用的配置文件,和运行时配置文件相比唯一的区别是使用了不同的SecurityManager,由于集成测试环境并不是真正的Web环境,所以使用DefaultSecurityManager.
applicationContext-shiro-test.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd"
default-lazy-init="false">
<bean id="securityManager" class="org.apache.shiro.mgt.DefaultSecurityManager">
<property name="realm" ref="shiroDbRealm"/>
<!--<property name="cacheManager" ref="shiroEhcacheManager" />-->
</bean>
</beans>
测试基类
@ContextConfiguration({"classpath:spring/applicationContext.xml"})
@ActiveProfiles("dev")
public abstract class AbstractServiceTests extends AbstractTransactionalJUnit4SpringContextTests {
}
集成shiro的测试基类
@ContextConfiguration({"classpath:spring/applicationContext.xml", "classpath:/spring/applicationContext-shiro-test.xml"})
public abstract class AbstractServiceTestWithShiro extends AbstractServiceTests {
private static ThreadState subjectThreadState;
@Autowired
private DefaultSecurityManager securityManager;
protected void login(String userName, String password){
assertTrue("userName can not be empty or null.", !StringUtils.isAnyEmpty(userName));
assertTrue("password can not be empty or null.", !StringUtils.isAnyEmpty(password));
setSecurityManager(securityManager);
Subject subject = SecurityUtils.getSubject();
subject.login(new UsernamePasswordToken(userName, password));
}
private void setSubject(Subject subject){
doClearSubject();
createThreadState(subject).bind();
}
private Subject getSubject(){
return SecurityUtils.getSubject();
}
private ThreadState createThreadState(Subject subject){
return new SubjectThreadState(subject);
}
private static void setSecurityManager(SecurityManager securityManager){
SecurityUtils.setSecurityManager(securityManager);
}
private SecurityManager getSecurityManager(){
return SecurityUtils.getSecurityManager();
}
private void doClearSubject(){
if(subjectThreadState != null){
subjectThreadState.clear();
subjectThreadState = null;
}
}
@After
public void tearDown(){
SecurityUtils.getSubject().logout();
}
}
具体测试类
public class MarketActionServiceTest extends AbstractServiceTestWithShiro {
@Autowired
private MarketActionService marketActionService;
@Test
public void getAllByDivisionManager(){
login("user01","123456");
Page<MarketAction> page = marketActionService.getAll(1, "项目");
int rows = jdbcTemplate.queryForObject("select count(*) from ila_market_action where brief like ?", Integer.class, "%项目%");
assertEquals(page.getTotalElements(), rows);
assertEquals(page.getSize(), 10);
}
@Test
public void getAllBySales(){
login("user02", "123456");
Page<MarketAction> page = marketActionService.getAll(1, "");
int rows = jdbcTemplate.queryForObject("select count(*) from ila_market_action where brief like ? and user_id = ?", Integer.class, new Object[]{"%%", ((User)SecurityUtils.getSubject().getPrincipal()).getId()});
assertEquals(rows, page.getTotalElements());
}
}