Testing a secure webservice using JUnit

While working on creating a glassfish-sample for XML and Web Services Security(XWSS). Having everyone so often say "It's always nice to have unit tests", "developers should unit test their applications", its good practice, I thought I might as well write a JUnit test.

Now if I am just writing a secure client, I know I have to have wsit-client.xml that contains the security policy information and this is packaged and picked up correctly from the client webapp.

But using plain old JUnit, I do not have a webapp, and so the big question is "How do I test my secure web service using a standalone JUnit java class?". Good question, I thought.

In the absense of a wsit-client.xml, how is the client to know how and what to secure in the request it sends the service?. Quite understandably (and annoyingly so), the service keeps complaining "No security Header found". It's just saying it got a request that just wasn't secure.

So what is the solution? I already have a client webapp that is sending a secure request and the way I run the client is by invoking the client webapp from my browser. Isn't it?

Now if only there was a way to do this through JUnit....

There exists a framework called htmlunit that does this.

I read up the getting started on htmlunit page and created my JUnit test that invoked the secure service!! Here is what it looked like-

package webservices.secure_bank_app_client;

import java.net.URL;

import com.gargoylesoftware.htmlunit.WebClient;
import com.gargoylesoftware.htmlunit.html.HtmlAnchor;
import com.gargoylesoftware.htmlunit.html.HtmlElement;
import com.gargoylesoftware.htmlunit.html.HtmlInput;
import com.gargoylesoftware.htmlunit.html.HtmlPage;
import com.gargoylesoftware.htmlunit.BrowserVersion;

import junit.framework.TestCase;
import junit.framework.Assert;

/**
 * This test class tests secure bank application.
 */
public class SecureBankTest extends TestCase {
    
    // System property values used to configure the HTTP connection
    private String contextPath = "/secure-bank-app-client";    

    private String host = null;
    private int port = 0;
        
    /** Set up instance variables required by this test case. */
    public void setUp() throws Exception {
        
        host = System.getProperty("javaee.server.name");
        port = Integer.parseInt(System.getProperty("javaee.server.port"));
             
    }
    
    public void testHomePage() throws Exception {
       
        final WebClient webClient = new WebClient(BrowserVersion.MOZILLA_1_0);
                
        final HtmlPage page = (HtmlPage)webClient.getPage(getURL("/"));
        
        Assert.assertEquals( "Secure Bank Order Page", page.getTitleText() );
    }
    
       
    private URL getURL(String path) throws Exception {
               
        StringBuffer sb = new StringBuffer("http://");
        sb.append(host);
        if (port != 80) {
            sb.append(":");
            sb.append("").append(port);
        }
        sb.append(contextPath);
        sb.append(path);
        return (new URL(sb.toString()));

    }

    
}

Another problem solved.. for today atleast. Do you run into similar problems too? Would like to share how you solved them?

Posted at 04:17PM Mar 30, 2007 by Manveen Kaur in Sun  |  Comments[4]