Skip to content

Added JASPIC tests for EJB propagation after register session #347

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
arjantijms merged 3 commits into from
May 1, 2016
Merged

Added JASPIC tests for EJB propagation after register session #347

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
e7a3b43
Added JASPIC tests for EJB propagation after register session
arjantijms Apr 29, 2016
3568d3a
Added assertion messages for JASPIC register session test
arjantijms May 1, 2016
fd8bb4d
Added printing of last response for JASPIC tests and updated .gitignore
arjantijms May 1, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,3 +94,10 @@ local.properties

# Testing environment specific
derby.log


######################
# Liberty tools
######################

.factorypath
9 changes: 7 additions & 2 deletions jaspic/common/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,9 @@
<version>1.0-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<groupId>org.javaee7</groupId>

<artifactId>jaspic-common</artifactId>
<version>1.0-SNAPSHOT</version>

<packaging>jar</packaging>
<name>Java EE 7 Sample: jaspic - common</name>

Expand All @@ -36,5 +36,10 @@
<version>2.13</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.jsoup</groupId>
<artifactId>jsoup</artifactId>
<version>1.9.1</version>
</dependency>
</dependencies>
</project>
45 changes: 44 additions & 1 deletion jaspic/common/src/main/java/org/javaee7/jaspic/common/ArquillianBase.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,25 @@
package org.javaee7.jaspic.common;

import static java.lang.Boolean.getBoolean;
import static java.util.logging.Level.SEVERE;
import static org.jboss.shrinkwrap.api.ShrinkWrap.create;
import static org.jsoup.Jsoup.parse;
import static org.jsoup.parser.Parser.xmlParser;

import java.io.File;
import java.io.IOException;
import java.net.URL;
import java.util.logging.Logger;

import org.jboss.arquillian.test.api.ArquillianResource;
import org.jboss.shrinkwrap.api.Archive;
import org.jboss.shrinkwrap.api.spec.EnterpriseArchive;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.After;
import org.junit.Before;
import org.junit.Rule;
import org.junit.rules.TestWatcher;
import org.junit.runner.Description;

import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
import com.gargoylesoftware.htmlunit.WebClient;
Expand All @@ -25,8 +32,38 @@
public class ArquillianBase {

private static final String WEBAPP_SRC = "src/main/webapp";
private static final Logger logger = Logger.getLogger(ArquillianBase.class.getName());

private WebClient webClient;
private String response;

@Rule
public TestWatcher ruleExample = new TestWatcher() {
@Override
protected void failed(Throwable e, Description description) {
super.failed(e, description);

logger.log(SEVERE,
"\n\nTest failed: " +
description.getClassName() + "." + description.getMethodName() +

"\nMessage: " + e.getMessage() +

"\nLast response: " +

"\n\n" + formatHTML(response) + "\n\n");

}
};

public static String formatHTML(String html) {
try {
return parse(html, "", xmlParser()).toString();
} catch (Exception e) {
return html;
}
}

public static Archive<?> defaultArchive() {
return tryWrapEAR(defaultWebArchive());
}
Expand All @@ -48,6 +85,8 @@ public static Archive<?> tryWrapEAR(WebArchive webArchive) {
create(EnterpriseArchive.class, "test.ear")

// Liberty needs to have the binding file in an ear.
// TODO: this is no longer the case and this code can be removed (-bnd.xml
// needs to be moved to correct place)
.addAsManifestResource(resource("ibm-application-bnd.xml"))

// Web module
Expand Down Expand Up @@ -82,6 +121,8 @@ public void tearDown() {
webClient.getCookieManager().clearCookies();
webClient.closeAllWindows();
}



protected WebClient getWebClient() {
return webClient;
Expand All @@ -100,7 +141,9 @@ protected URL getBase() {
*/
protected String getFromServerPath(final String path) {
try {
return webClient.getPage(base + path).getWebResponse().getContentAsString();
response = null;
response = webClient.getPage(base + path).getWebResponse().getContentAsString();
return response;
} catch (FailingHttpStatusCodeException | IOException e) {
throw new IllegalStateException(e);
}
Expand Down
51 changes: 51 additions & 0 deletions ...c/register-session/src/main/java/org/javaee7/jaspic/registersession/ejb/ProtectedEJB.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
package org.javaee7.jaspic.registersession.ejb;

import javax.annotation.Resource;
import javax.annotation.security.DeclareRoles;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import javax.ejb.EJBContext;
import javax.ejb.Stateless;

/**
* This is a "protected" EJB in the sense that there is role checking done prior to accessing (some) methods.
* <p>
* In JBoss EAP 6.1+ the use of any declarative security annotation switches the bean to a different mode, called "secured" in
* JBoss terms.
* <p>
* GlassFish requires the <code>@DeclareRoles</code> annotation when programmatic role checking is done (making dynamic role
* checking impossible).
*
* @author Arjan Tijms
*/
@Stateless
//Required by GlassFish
@DeclareRoles({ "architect" })
//JBoss EAP 6.1+ defaults unchecked methods to DenyAll
@PermitAll
public class ProtectedEJB {

@Resource
private EJBContext ejbContext;

@RolesAllowed("architect")
public String getUserName() {
try {
return ejbContext.getCallerPrincipal() != null ? ejbContext.getCallerPrincipal().getName() : null;
} catch (Exception e) {
e.printStackTrace();
}
return null;
}

public boolean isUserArchitect() {
try {
return ejbContext.isCallerInRole("architect");
} catch (Exception e) {
e.printStackTrace();
}
return false;

}

}
27 changes: 27 additions & 0 deletions jaspic/register-session/src/main/java/org/javaee7/jaspic/registersession/ejb/PublicEJB.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
package org.javaee7.jaspic.registersession.ejb;
import javax.annotation.Resource;
import javax.ejb.EJBContext;
import javax.ejb.Stateless;

/**
* This is a "public" EJB in the sense that all its methods should be accessible and there is no declarative role checking prior
* to accessing a method.
*
* @author Arjan Tijms
*
*/
@Stateless
public class PublicEJB {

@Resource
private EJBContext ejbContext;

public String getUserName() {
try {
return ejbContext.getCallerPrincipal() != null ? ejbContext.getCallerPrincipal().getName() : null;
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
}
63 changes: 63 additions & 0 deletions ...n/src/main/java/org/javaee7/jaspic/registersession/servlet/PublicServletProtectedEJB.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
package org.javaee7.jaspic.registersession.servlet;
import static java.util.logging.Level.SEVERE;

import java.io.IOException;
import java.util.logging.Logger;

import javax.ejb.EJB;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.javaee7.jaspic.registersession.ejb.ProtectedEJB;


/**
*
* @author Arjan Tijms
*
*/
@WebServlet(urlPatterns = "/public/servlet-protected-ejb")
public class PublicServletProtectedEJB extends HttpServlet {

private static final long serialVersionUID = 1L;
private final static Logger logger = Logger.getLogger(PublicServletProtectedEJB.class.getName());

@EJB
private ProtectedEJB protectedEJB;

@Override
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

String webName = null;
if (request.getUserPrincipal() != null) {
webName = request.getUserPrincipal().getName();
}

String ejbName = "";
try {
ejbName = protectedEJB.getUserName();
} catch (Exception e) {
logger.log(SEVERE, "", e);
}

response.getWriter().write("web username: " + webName + "\n" + "EJB username: " + ejbName + "\n");

boolean webHasRole = request.isUserInRole("architect");

boolean ejbHasRole = false;
try {
ejbHasRole = protectedEJB.isUserArchitect();
} catch (Exception e) {
logger.log(SEVERE, "", e);
}

response.getWriter().write(
"web user has role \"architect\": " + webHasRole + "\n" + "EJB user has role \"architect\": " + ejbHasRole
+ "\n");

}

}
50 changes: 50 additions & 0 deletions ...sion/src/main/java/org/javaee7/jaspic/registersession/servlet/PublicServletPublicEJB.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
package org.javaee7.jaspic.registersession.servlet;
import static java.util.logging.Level.SEVERE;

import java.io.IOException;
import java.util.logging.Logger;

import javax.ejb.EJB;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.javaee7.jaspic.registersession.ejb.PublicEJB;


/**
*
* @author Arjan Tijms
*
*/
@WebServlet(urlPatterns = "/public/servlet-public-ejb")
public class PublicServletPublicEJB extends HttpServlet {

private static final long serialVersionUID = 1L;
private final static Logger logger = Logger.getLogger(PublicServletPublicEJB.class.getName());

@EJB
private PublicEJB publicEJB;

@Override
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

String webName = null;
if (request.getUserPrincipal() != null) {
webName = request.getUserPrincipal().getName();
}

String ejbName = "";
try {
ejbName = publicEJB.getUserName();
} catch (Exception e) {
logger.log(SEVERE, "", e);
}

response.getWriter().write("web username: " + webName + "\n" + "EJB username: " + ejbName + "\n");

}

}
Loading