users@jersey.java.net

[Jersey] Re: JerseyTest and Spring Security

From: cowwoc <cowwoc_at_bbs.darktech.org>
Date: Fri, 28 Feb 2014 17:26:04 -0500

Don't forget to vote for this issue :)

Gili

On 28/02/2014 5:25 PM, Vetle Leinonen-Roeim wrote:
> Ok, I found https://java.net/jira/browse/JERSEY-2259, and reading that
> it seems that it's not possible to do what I want out of the box.
>
> On 28.02.14 23:12, Vetle Leinonen-Roeim wrote:
>> Hi,
>>
>> We're using Spring Security and
>> org.springframework.web.filter.DelegatingFilterProxy to handle
>> authentication. When testing with JerseyTest and GrizzlyTestContainer or
>> InMemoryTestContainer, the authentication doesn't work - whatever we do,
>> we only get 403 Forbidden.
>>
>> The authentication is based on setting the Authorization header, so
>> we're using PreAuthenticatedAuthenticationProvider in
>> spring-security-web.
>>
>> Spring Security is enabled by enabling the DelegatingFilterProxy servlet
>> filter in web.xml, and I assume it isn't picked up by JerseyTest.
>>
>> Is this correct, and is there any way to fix this?
>>
>> Perhaps it would be possible to create a ClientRequestFilter that
>> handles the authentication for Spring Security, but I'm hoping there's
>> an easier fix. Any suggestions?
>>
>> Regards,
>> Vetle
>>
>