WARNING: The unit tests erase the contents of the test user details store. Do not run them against a production database.
The unit tests for Emmet are in the test tree. The easy way to run the unit tests is to select the 'emmet' project in Eclipse and use the context menu to run "Run As>JUnit Test". You can also run the tests using the Maven "test" goal.
The unit tests that exercise the Emmet MVC controller and user details store require a MySQL database backend. The following configuration details are assumed by default:
For details on how to set up and configure a MySQL database installation, please refer to your Linux distro's documentation and/or the MySQL documentation on the MySQL website.
You can override these settings by creating a "test.properties" file in the root of your Eclipse workspace, and adding property overrides to that file as required. Warning ... I'm not sure that this is correct.
The procedure for doing this is described in the Test Shibboleth IdP Setup HOWTO. This covers setting up the Identity Provider (IdP) on a remote machine, and the infrastructure for a local Service Provider (SP).
We are currently taking the route of implementing the SP for Emmet using the "mod_shib" module for Apache and the associated "shibd" daemon which handles interactions with the IdP. (We are not entirely happy with this as it is not a pure Java solution, and is fraught with deployment issues. But the only alternative for us would be to reimplement the mod_shib / shibd functionality from scratch in Java, and that is not feasible given our project's timeframe.)
Depending on how you configure it, mod_shib can provides mandatory or optional authorization and mandatory or optional access control for parts of the Apache server's webspace. Our goal is to support a hybrid scheme that combines Shibboleth, OpenId and local authentication with local authorization and fine-grained access control, all under the control of SpringSecurity. In order to do this, mod_shib and shibd need to implement shibboleth sessions and shibboleth login and logout, but initiation of session creation (login) and all access control decisions need to be handled in the Danno servlet(s). Accordingly, we use the following "mod_shib" configuration settings for the Emmet and Danno webspaces:
<Location /emmet>
AuthType shibboleth
ShibRequestSetting requireSession 0
ShibUseHeaders On
require shibboleth
</Location>
<Location /dannodemo>
AuthType shibboleth
ShibRequestSetting requireSession 0
ShibUseHeaders On
require shibboleth
</Location>We also configure the Apache reverse proxy configuration to use AJP; e.g.
ProxyPreserveHost on
ProxyPass /emmet/ ajp://localhost:8009/emmet/
ProxyPassReverse /emmet/ ajp://localhost:8009/emmeto/
ProxyPass /dannodemo/ ajp://localhost:8009/dannodemo/
ProxyPassReverse /dannodemo/ ajp://localhost:8009/dannodemo/(I'm not entirely sure that this is necessary, but the Shibboleth 2 installation instructions say to use AJP.)