JSecurity

Hi,

I am using JSecurity in a web application (the current technology mix is GWT/Spring/Hibernate/JSecurity) and therefore I am using the DefaultWebSecurityManager as security manager. This works perfectly and I am having no problems at all with normal operations. However, some unit tests for the service layer calls @RequiresRoles-annotated methods and as the unit tests have performed no authentication and does not even run in what I would call a web environment, a NullPointerException is thrown when JSecurity is trying to find out the session ID.

I have been thinking about the best way to perform a fake login in these unit tests and would like advice on the best way to do this. Ideally, this can be done without faking ServletRequests and/or ServletResponses which, if I understand matters correctly, are from where the DefaultWebSecurityManager gets the session ID (the NullPointerException occurs when trying to getCookies() from the request).

Any input on this is kindly appreciated! If anyone is interested of any details regarding my setup, please tell me what you need to know!

Kind regards,
Per