Title: Testing Security Example
<a name="TestingSecurityExample-Overview"></a>
# Overview

Builds upon the [Injection of EntityManager Example](injection-of-entitymanager-example.html)
 but adds the use of *@RolesAllowed* and *@PermitAll* in the @Stateful bean
to restrict who can perform create, persist and remove operations on the
EntityManager.	Shows a TestCase using the *@RunAs* annotation to execute
and test the bean code as various users.

In this example we restrict the ability to create Movie Entities to a
_Manager_ or an _Employee_.  Reads are open to anyone, logged in or not. 
And delete operations are only allowed by a _Manager_.

See the [Security Annotations](security-annotations.html)
 page for a full description of how the security annotations work.

_The source for this example is in the "testing-security" directory located
in the [openejb-examples.zip](openejb:download.html)
 available on the download page._

<a name="TestingSecurityExample-TheCode"></a>
# The Code

Just as with the [Testing Transactions Example](testing-transactions-example.html)
 the magic of this unit test is in the *ManagerBean* and *EmployeeBean*
@Stateless beans that we've tucked into our TestCase as inner classes. 
These beans allow us to execute our test code as either a Manager or as an
Employee and test that Movies @Stateful bean is setup to restrict and
permit calls according to our intended design.

{snippet:id=code|url=openejb3/examples/testing-security/src/main/java/org/superbiz/injection/secure/MoviesImpl.java|lang=java}

<a name="TestingSecurityExample-Writingaunittestfortheexample"></a>
# Writing a unit test for the example

{snippet:id=code|url=openejb3/examples/testing-security/src/test/java/org/superbiz/injection/secure/MovieTest.java|lang=java}

Curious on the InitialContext parameters used?	See the [Injection of DataSource Example](injection-of-datasource-example.html)
 for an explanation of how any Resource can be configured via properties in
the TestCase itself or via an openejb.xml file.

<a name="TestingSecurityExample-Running"></a>
#  Running

Running the example is fairly simple.  In the "testing-security" directory
of the [examples zip](openejb:download.html)
, just run:

$ mvn clean install

Which should create output like the following.


    -------------------------------------------------------
     T E S T S
    -------------------------------------------------------
    Running org.superbiz.injection.secure.MovieTest
    Apache OpenEJB 3.0    build: 20080408-04:13
    http://openejb.apache.org/
    INFO - openejb.home =
/Users/dblevins/work/openejb-3.0/examples/testing-security
    INFO - openejb.base =
/Users/dblevins/work/openejb-3.0/examples/testing-security
    INFO - Configuring Service(id=Default Security Service,
type=SecurityService, provider-id=Default Security Service)
    INFO - Configuring Service(id=Default Transaction Manager,
type=TransactionManager, provider-id=Default Transaction Manager)
    INFO - Configuring Service(id=movieDatabaseUnmanaged, type=Resource,
provider-id=Default JDBC Database)
    INFO - Configuring Service(id=movieDatabase, type=Resource,
provider-id=Default JDBC Database)
    INFO - Configuring Service(id=Default JDK 1.3 ProxyFactory,
type=ProxyFactory, provider-id=Default JDK 1.3 ProxyFactory)
    INFO - Found EjbModule in classpath:
/Users/dblevins/work/openejb-3.0/examples/testing-security/target/classes
    INFO - Found EjbModule in classpath:
/Users/dblevins/work/openejb-3.0/examples/testing-security/target/test-classes
    INFO - Configuring app:
/Users/dblevins/work/openejb-3.0/examples/testing-security/target/classes
    INFO - Configuring Service(id=Default Stateful Container, type=Container,
provider-id=Default Stateful Container)
    INFO - Auto-creating a container for bean Movies: Container(type=STATEFUL,
id=Default Stateful Container)
    INFO - Configuring PersistenceUnit(name=movie-unit)
    INFO - Loaded Module:
/Users/dblevins/work/openejb-3.0/examples/testing-security/target/classes
    INFO - Configuring app:
/Users/dblevins/work/openejb-3.0/examples/testing-security/target/test-classes
    INFO - Configuring Service(id=Default Stateless Container, type=Container,
provider-id=Default Stateless Container)
    INFO - Auto-creating a container for bean EmployeeBean:
Container(type=STATELESS, id=Default Stateless Container)
    INFO - Loaded Module:
/Users/dblevins/work/openejb-3.0/examples/testing-security/target/test-classes
    INFO - Assembling app:
/Users/dblevins/work/openejb-3.0/examples/testing-security/target/classes
    INFO - PersistenceUnit(name=movie-unit,
provider=org.apache.openjpa.persistence.PersistenceProviderImpl)
    ERROR - JAVA AGENT NOT INSTALLED. The JPA Persistence Provider requested
installation of a ClassFileTransformer which 
    	requires a JavaAgent.  See
http://openejb.apache.org/3.0/javaagent.html
    INFO - Jndi(name=MoviesLocal) --> Ejb(deployment-id=Movies)
    INFO - Created Ejb(deployment-id=Movies, ejb-name=Movies, container=Default
Stateful Container)
    INFO - Deployed
Application(path=/Users/dblevins/work/openejb-3.0/examples/testing-security/target/classes)
    INFO - Assembling app:
/Users/dblevins/work/openejb-3.0/examples/testing-security/target/test-classes
    INFO - Jndi(name=EmployeeBeanLocal) --> Ejb(deployment-id=EmployeeBean)
    INFO - Jndi(name=ManagerBeanLocal) --> Ejb(deployment-id=ManagerBean)
    INFO - Created Ejb(deployment-id=EmployeeBean, ejb-name=EmployeeBean,
container=Default Stateless Container)
    INFO - Created Ejb(deployment-id=ManagerBean, ejb-name=ManagerBean,
container=Default Stateless Container)
    INFO - Deployed
Application(path=/Users/dblevins/work/openejb-3.0/examples/testing-security/target/test-classes)
    Tests run: 3, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.109 sec
    
    Results :
    
    Tests run: 3, Failures: 0, Errors: 0, Skipped: 0