forked from jakartaee/authorization
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Specify and add TCK test for wrapping constructor for PolicyFactory
See issue jakartaee#156 Signed-off-by: Arjan Tijms <arjan.tijms@omnifish.ee>
- Loading branch information
1 parent
1c67b00
commit 2c1e971
Showing
13 changed files
with
413 additions
and
16 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<!-- | ||
Copyright (c) 2024 Contributors to Eclipse Foundation. | ||
Copyright (c) 2015, 2020 Oracle and/or its affiliates. All rights reserved. | ||
This program and the accompanying materials are made available under the | ||
terms of the Eclipse Public License v. 2.0, which is available at | ||
http://www.eclipse.org/legal/epl-2.0. | ||
This Source Code may also be made available under the following Secondary | ||
Licenses when the conditions for such availability set forth in the | ||
Eclipse Public License v. 2.0 are satisfied: GNU General Public License, | ||
version 2 with the GNU Classpath Exception, which is available at | ||
https://www.gnu.org/software/classpath/license.html. | ||
SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 | ||
--> | ||
|
||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> | ||
<modelVersion>4.0.0</modelVersion> | ||
|
||
<parent> | ||
<groupId>org.eclipse.ee4j.authorization.tck</groupId> | ||
<artifactId>jakarta-authorization-tck</artifactId> | ||
<version>4.0.0-SNAPSHOT</version> | ||
</parent> | ||
|
||
<artifactId>app-custom-policyfactory</artifactId> | ||
<packaging>war</packaging> | ||
|
||
<description> | ||
Like app-custom-policy, but uses a custom PolicyFactory defined in web.xml to supply a custom Policy. | ||
Note that this only tests for the PolicyFactory being replaceable and wrappable, and | ||
is not an example of how to easily supply a custom Policy or how to write a realistic | ||
PolicyFactory. | ||
</description> | ||
|
||
<properties> | ||
<failOnMissingWebXml>false</failOnMissingWebXml> | ||
</properties> | ||
|
||
<dependencies> | ||
<dependency> | ||
<groupId>org.eclipse.ee4j.authorization.tck</groupId> | ||
<artifactId>common</artifactId> | ||
<version>${project.version}</version> | ||
</dependency> | ||
</dependencies> | ||
|
||
<build> | ||
<finalName>app-custom-policyfactory</finalName> | ||
</build> | ||
</project> |
63 changes: 63 additions & 0 deletions
63
...ustom-policyfactory/src/main/java/ee/jakarta/tck/authorization/test/ProtectedServlet.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
/* | ||
* Copyright (c) 2024 Contributors to Eclipse Foundation. | ||
* Copyright (c) 2015, 2020 Oracle and/or its affiliates. All rights reserved. | ||
* | ||
* This program and the accompanying materials are made available under the | ||
* terms of the Eclipse Public License v. 2.0, which is available at | ||
* http://www.eclipse.org/legal/epl-2.0. | ||
* | ||
* This Source Code may also be made available under the following Secondary | ||
* Licenses when the conditions for such availability set forth in the | ||
* Eclipse Public License v. 2.0 are satisfied: GNU General Public License, | ||
* version 2 with the GNU Classpath Exception, which is available at | ||
* https://www.gnu.org/software/classpath/license.html. | ||
* | ||
* SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 | ||
*/ | ||
|
||
package ee.jakarta.tck.authorization.test; | ||
|
||
import jakarta.annotation.security.DeclareRoles; | ||
import jakarta.servlet.ServletException; | ||
import jakarta.servlet.annotation.HttpConstraint; | ||
import jakarta.servlet.annotation.ServletSecurity; | ||
import jakarta.servlet.annotation.WebServlet; | ||
import jakarta.servlet.http.HttpServlet; | ||
import jakarta.servlet.http.HttpServletRequest; | ||
import jakarta.servlet.http.HttpServletResponse; | ||
import java.io.IOException; | ||
|
||
/** | ||
* Protected Servlet that prints out the name of the authenticated caller and whether | ||
* this caller is in any of the roles {foo, bar, kaz} | ||
* | ||
* <p> | ||
* The role "foo" is required to access this Servlet. "bar" is a role assigned by the | ||
* native identity store, "kaz" doesn't exist (but we should still be able to test for it). | ||
* | ||
*/ | ||
@WebServlet("/protectedServlet/*") | ||
@DeclareRoles("bar") | ||
@ServletSecurity(@HttpConstraint(rolesAllowed = "foo")) | ||
public class ProtectedServlet extends HttpServlet { | ||
|
||
private static final long serialVersionUID = 1L; | ||
|
||
@Override | ||
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { | ||
|
||
response.getWriter().write("This is a servlet \n"); | ||
|
||
String webName = null; | ||
if (request.getUserPrincipal() != null) { | ||
webName = request.getUserPrincipal().getName(); | ||
} | ||
|
||
response.getWriter().write("web username: " + webName + "\n"); | ||
|
||
response.getWriter().write("web user has role \"foo\": " + request.isUserInRole("foo") + "\n"); | ||
response.getWriter().write("web user has role \"bar\": " + request.isUserInRole("bar") + "\n"); | ||
response.getWriter().write("web user has role \"kaz\": " + request.isUserInRole("kaz") + "\n"); | ||
} | ||
|
||
} |
65 changes: 65 additions & 0 deletions
65
tck/app-custom-policyfactory/src/main/java/ee/jakarta/tck/authorization/test/TestPolicy.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
/* | ||
* Copyright (c) 2024 Contributors to the Eclipse Foundation | ||
* | ||
* This program and the accompanying materials are made available under the | ||
* terms of the Eclipse Public License v. 2.0, which is available at | ||
* http://www.eclipse.org/legal/epl-2.0. | ||
* | ||
* This Source Code may also be made available under the following Secondary | ||
* Licenses when the conditions for such availability set forth in the | ||
* Eclipse Public License v. 2.0 are satisfied: GNU General Public License, | ||
* version 2 with the GNU Classpath Exception, which is available at | ||
* https://www.gnu.org/software/classpath/license.html. | ||
* | ||
* SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 | ||
*/ | ||
package ee.jakarta.tck.authorization.test; | ||
|
||
import jakarta.security.jacc.Policy; | ||
import jakarta.security.jacc.WebResourcePermission; | ||
import java.security.Permission; | ||
import java.security.PermissionCollection; | ||
import java.util.logging.Logger; | ||
import javax.security.auth.Subject; | ||
|
||
/** | ||
* Policy implementation that uses a custom permission check | ||
* to grant access to {@code /protectedServlet/[*]/test} to | ||
* the unauthenticated caller. | ||
*/ | ||
public class TestPolicy implements Policy { | ||
|
||
private static final Logger LOGGER = Logger.getLogger(TestPolicy.class.getName()); | ||
|
||
private final Policy originalPolicy; | ||
|
||
public TestPolicy(Policy policy) { | ||
this.originalPolicy = policy; | ||
} | ||
|
||
public boolean implies(Permission permissionToBeChecked, Subject subject) { | ||
LOGGER.info(permissionToBeChecked.toString()); | ||
LOGGER.info(subject.toString()); | ||
|
||
// First try our custom permission checking | ||
if (impliesCustom(permissionToBeChecked)) { | ||
return true; | ||
} | ||
|
||
// If custom doesn't grant access, try the original policy so we | ||
// keep all normal checks in place. | ||
return originalPolicy.implies(permissionToBeChecked, subject); | ||
} | ||
|
||
public PermissionCollection getPermissionCollection(Subject subject) { | ||
return originalPolicy.getPermissionCollection(subject); | ||
} | ||
|
||
private boolean impliesCustom(Permission permissionToBeChecked) { | ||
return | ||
permissionToBeChecked instanceof WebResourcePermission && | ||
permissionToBeChecked.getName().startsWith("/protectedServlet/") && | ||
permissionToBeChecked.getName().endsWith("/test"); | ||
} | ||
|
||
} |
47 changes: 47 additions & 0 deletions
47
...stom-policyfactory/src/main/java/ee/jakarta/tck/authorization/test/TestPolicyFactory.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
/* | ||
* Copyright (c) 2024 Contributors to Eclipse Foundation. | ||
* | ||
* This program and the accompanying materials are made available under the | ||
* terms of the Eclipse Public License v. 2.0, which is available at | ||
* http://www.eclipse.org/legal/epl-2.0. | ||
* | ||
* This Source Code may also be made available under the following Secondary | ||
* Licenses when the conditions for such availability set forth in the | ||
* Eclipse Public License v. 2.0 are satisfied: GNU General Public License, | ||
* version 2 with the GNU Classpath Exception, which is available at | ||
* https://www.gnu.org/software/classpath/license.html. | ||
* | ||
* SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 | ||
*/ | ||
package ee.jakarta.tck.authorization.test; | ||
|
||
import jakarta.security.jacc.Policy; | ||
import jakarta.security.jacc.PolicyFactory; | ||
|
||
/** | ||
* Test policy configuration factory. | ||
* | ||
* <p> | ||
* This factort is solely used to test for replacement and wrapping of the PolicyFactory. | ||
* It ignores the <code>contextId</code> which is not something real factories should | ||
* do in most cases, and therefor should not be used as an example of how to create | ||
* a custom PolicyFactory. | ||
*/ | ||
public class TestPolicyFactory extends PolicyFactory { | ||
|
||
private Policy policy; | ||
|
||
public TestPolicyFactory(PolicyFactory policyFactory) { | ||
super(policyFactory); | ||
policy = new TestPolicy(policyFactory.getPolicy()); | ||
} | ||
|
||
public Policy getPolicy(String contextId) { | ||
return policy; | ||
} | ||
|
||
@Override | ||
public void setPolicy(String contextId, Policy policy) { | ||
this.policy = new TestPolicy(policy); | ||
} | ||
} |
24 changes: 24 additions & 0 deletions
24
tck/app-custom-policyfactory/src/main/webapp/WEB-INF/beans.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<!-- | ||
Copyright (c) 2024 Contributors to Eclipse Foundation. | ||
Copyright (c) 2015, 2020 Oracle and/or its affiliates. All rights reserved. | ||
This program and the accompanying materials are made available under the | ||
terms of the Eclipse Public License v. 2.0, which is available at | ||
http://www.eclipse.org/legal/epl-2.0. | ||
This Source Code may also be made available under the following Secondary | ||
Licenses when the conditions for such availability set forth in the | ||
Eclipse Public License v. 2.0 are satisfied: GNU General Public License, | ||
version 2 with the GNU Classpath Exception, which is available at | ||
https://www.gnu.org/software/classpath/license.html. | ||
SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 | ||
--> | ||
<beans xmlns="https://jakarta.ee/xml/ns/jakartaee" | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/beans_3_0.xsd" | ||
bean-discovery-mode="all" version="3.0"> | ||
</beans> |
33 changes: 33 additions & 0 deletions
33
tck/app-custom-policyfactory/src/main/webapp/WEB-INF/web.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<!-- | ||
Copyright (c) 2024 Contributors to Eclipse Foundation. | ||
This program and the accompanying materials are made available under the | ||
terms of the Eclipse Public License v. 2.0, which is available at | ||
http://www.eclipse.org/legal/epl-2.0. | ||
This Source Code may also be made available under the following Secondary | ||
Licenses when the conditions for such availability set forth in the | ||
Eclipse Public License v. 2.0 are satisfied: GNU General Public License, | ||
version 2 with the GNU Classpath Exception, which is available at | ||
https://www.gnu.org/software/classpath/license.html. | ||
SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 | ||
--> | ||
<web-app xmlns="https://jakarta.ee/xml/ns/jakartaee" | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/web-app_6_0.xsd" | ||
version="6.0"> | ||
|
||
<context-param> | ||
<param-name>jakarta.security.jacc.PolicyFactory.provider</param-name> | ||
<param-value>ee.jakarta.tck.authorization.test.TestPolicyFactory</param-value> | ||
</context-param> | ||
|
||
<login-config> | ||
<auth-method>BASIC</auth-method> | ||
<realm-name>file</realm-name> | ||
</login-config> | ||
</web-app> |
Oops, something went wrong.