Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #143 from arjantijms/tck_initial
Initial tests for new TCK
- Loading branch information
Showing
22 changed files
with
1,894 additions
and
0 deletions.
There are no files selected for viewing
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<!-- | ||
Copyright (c) 2024 Contributors to Eclipse Foundation. | ||
Copyright (c) 2015, 2020 Oracle and/or its affiliates. All rights reserved. | ||
This program and the accompanying materials are made available under the | ||
terms of the Eclipse Public License v. 2.0, which is available at | ||
http://www.eclipse.org/legal/epl-2.0. | ||
This Source Code may also be made available under the following Secondary | ||
Licenses when the conditions for such availability set forth in the | ||
Eclipse Public License v. 2.0 are satisfied: GNU General Public License, | ||
version 2 with the GNU Classpath Exception, which is available at | ||
https://www.gnu.org/software/classpath/license.html. | ||
SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 | ||
--> | ||
|
||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> | ||
<modelVersion>4.0.0</modelVersion> | ||
|
||
<parent> | ||
<groupId>org.eclipse.ee4j.authorization.tck</groupId> | ||
<artifactId>jakarta-authorization-tck</artifactId> | ||
<version>4.0.0-SNAPSHOT</version> | ||
</parent> | ||
|
||
<artifactId>app-mem-policy</artifactId> | ||
<packaging>war</packaging> | ||
|
||
<description> | ||
This tests executing a custom permission check before authentication takes place. | ||
</description> | ||
|
||
<properties> | ||
<failOnMissingWebXml>false</failOnMissingWebXml> | ||
</properties> | ||
|
||
<dependencies> | ||
<dependency> | ||
<groupId>org.eclipse.ee4j.authorization.tck</groupId> | ||
<artifactId>common</artifactId> | ||
<version>${project.version}</version> | ||
</dependency> | ||
</dependencies> | ||
|
||
<build> | ||
<finalName>app-mem-policy</finalName> | ||
</build> | ||
</project> |
38 changes: 38 additions & 0 deletions
38
...pp-policy/src/main/java/ee/jakarta/tck/authorization/test/PolicyRegistrationListener.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
/* | ||
* Copyright (c) 2024 Contributors to the Eclipse Foundation | ||
* | ||
* This program and the accompanying materials are made available under the | ||
* terms of the Eclipse Public License v. 2.0, which is available at | ||
* http://www.eclipse.org/legal/epl-2.0. | ||
* | ||
* This Source Code may also be made available under the following Secondary | ||
* Licenses when the conditions for such availability set forth in the | ||
* Eclipse Public License v. 2.0 are satisfied: GNU General Public License, | ||
* version 2 with the GNU Classpath Exception, which is available at | ||
* https://www.gnu.org/software/classpath/license.html. | ||
* | ||
* SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 | ||
*/ | ||
package ee.jakarta.tck.authorization.test; | ||
|
||
import jakarta.security.jacc.PolicyFactory; | ||
import jakarta.servlet.ServletContextEvent; | ||
import jakarta.servlet.ServletContextListener; | ||
import jakarta.servlet.annotation.WebListener; | ||
|
||
/** | ||
* ServletContextListener that is used to install a custom authorization policy. | ||
* | ||
* @author Arjan Tijms | ||
* | ||
*/ | ||
@WebListener | ||
public class PolicyRegistrationListener implements ServletContextListener { | ||
|
||
@Override | ||
public void contextInitialized(ServletContextEvent sce) { | ||
PolicyFactory policyFactory = PolicyFactory.getPolicyFactory(); | ||
policyFactory.setPolicy(new TestPolicy(policyFactory.getPolicy())); | ||
} | ||
|
||
} |
63 changes: 63 additions & 0 deletions
63
tck/app-policy/src/main/java/ee/jakarta/tck/authorization/test/ProtectedServlet.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
/* | ||
* Copyright (c) 2024 Contributors to Eclipse Foundation. | ||
* Copyright (c) 2015, 2020 Oracle and/or its affiliates. All rights reserved. | ||
* | ||
* This program and the accompanying materials are made available under the | ||
* terms of the Eclipse Public License v. 2.0, which is available at | ||
* http://www.eclipse.org/legal/epl-2.0. | ||
* | ||
* This Source Code may also be made available under the following Secondary | ||
* Licenses when the conditions for such availability set forth in the | ||
* Eclipse Public License v. 2.0 are satisfied: GNU General Public License, | ||
* version 2 with the GNU Classpath Exception, which is available at | ||
* https://www.gnu.org/software/classpath/license.html. | ||
* | ||
* SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 | ||
*/ | ||
|
||
package ee.jakarta.tck.authorization.test; | ||
|
||
import jakarta.annotation.security.DeclareRoles; | ||
import jakarta.servlet.ServletException; | ||
import jakarta.servlet.annotation.HttpConstraint; | ||
import jakarta.servlet.annotation.ServletSecurity; | ||
import jakarta.servlet.annotation.WebServlet; | ||
import jakarta.servlet.http.HttpServlet; | ||
import jakarta.servlet.http.HttpServletRequest; | ||
import jakarta.servlet.http.HttpServletResponse; | ||
import java.io.IOException; | ||
|
||
/** | ||
* Protected Servlet that prints out the name of the authenticated caller and whether | ||
* this caller is in any of the roles {foo, bar, kaz} | ||
* | ||
* <p> | ||
* The role "foo" is required to access this Servlet. "bar" is a role assigned by the | ||
* TestIdentityStore, "kaz" doesn't exist (but we should still be able to test for it). | ||
* | ||
*/ | ||
@WebServlet("/protectedServlet/*") | ||
@DeclareRoles("bar") | ||
@ServletSecurity(@HttpConstraint(rolesAllowed = "foo")) | ||
public class ProtectedServlet extends HttpServlet { | ||
|
||
private static final long serialVersionUID = 1L; | ||
|
||
@Override | ||
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { | ||
|
||
response.getWriter().write("This is a servlet \n"); | ||
|
||
String webName = null; | ||
if (request.getUserPrincipal() != null) { | ||
webName = request.getUserPrincipal().getName(); | ||
} | ||
|
||
response.getWriter().write("web username: " + webName + "\n"); | ||
|
||
response.getWriter().write("web user has role \"foo\": " + request.isUserInRole("foo") + "\n"); | ||
response.getWriter().write("web user has role \"bar\": " + request.isUserInRole("bar") + "\n"); | ||
response.getWriter().write("web user has role \"kaz\": " + request.isUserInRole("kaz") + "\n"); | ||
} | ||
|
||
} |
65 changes: 65 additions & 0 deletions
65
tck/app-policy/src/main/java/ee/jakarta/tck/authorization/test/TestPolicy.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
/* | ||
* Copyright (c) 2024 Contributors to the Eclipse Foundation | ||
* | ||
* This program and the accompanying materials are made available under the | ||
* terms of the Eclipse Public License v. 2.0, which is available at | ||
* http://www.eclipse.org/legal/epl-2.0. | ||
* | ||
* This Source Code may also be made available under the following Secondary | ||
* Licenses when the conditions for such availability set forth in the | ||
* Eclipse Public License v. 2.0 are satisfied: GNU General Public License, | ||
* version 2 with the GNU Classpath Exception, which is available at | ||
* https://www.gnu.org/software/classpath/license.html. | ||
* | ||
* SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 | ||
*/ | ||
package ee.jakarta.tck.authorization.test; | ||
|
||
import jakarta.security.jacc.Policy; | ||
import jakarta.security.jacc.WebResourcePermission; | ||
import java.security.Permission; | ||
import java.security.PermissionCollection; | ||
import java.util.logging.Logger; | ||
import javax.security.auth.Subject; | ||
|
||
/** | ||
* Policy implementation that uses a custom permission check | ||
* to grant access to {@code /protectedServlet/[*]/test} to | ||
* the unauthenticated caller. | ||
*/ | ||
public class TestPolicy implements Policy { | ||
|
||
private static final Logger LOGGER = Logger.getLogger(TestPolicy.class.getName()); | ||
|
||
private final Policy originalPolicy; | ||
|
||
public TestPolicy(Policy policy) { | ||
this.originalPolicy = policy; | ||
} | ||
|
||
public boolean implies(Permission permissionToBeChecked, Subject subject) { | ||
LOGGER.info(permissionToBeChecked.toString()); | ||
LOGGER.info(subject.toString()); | ||
|
||
// First try our custom permission checking | ||
if (impliesCustom(permissionToBeChecked)) { | ||
return true; | ||
} | ||
|
||
// If custom doesn't grant access, try the original policy so we | ||
// keep all normal checks in place. | ||
return originalPolicy.implies(permissionToBeChecked, subject); | ||
} | ||
|
||
public PermissionCollection getPermissionCollection(Subject subject) { | ||
return originalPolicy.getPermissionCollection(subject); | ||
} | ||
|
||
private boolean impliesCustom(Permission permissionToBeChecked) { | ||
return | ||
permissionToBeChecked instanceof WebResourcePermission && | ||
permissionToBeChecked.getName().startsWith("/protectedServlet/") && | ||
permissionToBeChecked.getName().endsWith("/test"); | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<!-- | ||
Copyright (c) 2024 Contributors to Eclipse Foundation. | ||
Copyright (c) 2015, 2020 Oracle and/or its affiliates. All rights reserved. | ||
This program and the accompanying materials are made available under the | ||
terms of the Eclipse Public License v. 2.0, which is available at | ||
http://www.eclipse.org/legal/epl-2.0. | ||
This Source Code may also be made available under the following Secondary | ||
Licenses when the conditions for such availability set forth in the | ||
Eclipse Public License v. 2.0 are satisfied: GNU General Public License, | ||
version 2 with the GNU Classpath Exception, which is available at | ||
https://www.gnu.org/software/classpath/license.html. | ||
SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 | ||
--> | ||
<beans xmlns="https://jakarta.ee/xml/ns/jakartaee" | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/beans_3_0.xsd" | ||
bean-discovery-mode="all" version="3.0"> | ||
</beans> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<!-- | ||
Copyright (c) 2024 Contributors to Eclipse Foundation. | ||
This program and the accompanying materials are made available under the | ||
terms of the Eclipse Public License v. 2.0, which is available at | ||
http://www.eclipse.org/legal/epl-2.0. | ||
This Source Code may also be made available under the following Secondary | ||
Licenses when the conditions for such availability set forth in the | ||
Eclipse Public License v. 2.0 are satisfied: GNU General Public License, | ||
version 2 with the GNU Classpath Exception, which is available at | ||
https://www.gnu.org/software/classpath/license.html. | ||
SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 | ||
--> | ||
<web-app xmlns="https://jakarta.ee/xml/ns/jakartaee" | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/web-app_6_0.xsd" | ||
version="6.0"> | ||
|
||
<login-config> | ||
<auth-method>BASIC</auth-method> | ||
<realm-name>file</realm-name> | ||
</login-config> | ||
</web-app> |
97 changes: 97 additions & 0 deletions
97
tck/app-policy/src/test/java/ee/jakarta/tck/authorization/test/AppPolicyIT.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,97 @@ | ||
/* | ||
* Copyright (c) 2024 Contributors to Eclipse Foundation. | ||
* Copyright (c) 2015, 2020 Oracle and/or its affiliates. All rights reserved. | ||
* | ||
* This program and the accompanying materials are made available under the | ||
* terms of the Eclipse Public License v. 2.0, which is available at | ||
* http://www.eclipse.org/legal/epl-2.0. | ||
* | ||
* This Source Code may also be made available under the following Secondary | ||
* Licenses when the conditions for such availability set forth in the | ||
* Eclipse Public License v. 2.0 are satisfied: GNU General Public License, | ||
* version 2 with the GNU Classpath Exception, which is available at | ||
* https://www.gnu.org/software/classpath/license.html. | ||
* | ||
* SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 | ||
*/ | ||
|
||
package ee.jakarta.tck.authorization.test; | ||
|
||
import static ee.jakarta.tck.authorization.util.Assert.assertDefaultAccess; | ||
import static ee.jakarta.tck.authorization.util.Assert.assertDefaultAuthenticated; | ||
import static ee.jakarta.tck.authorization.util.Assert.assertDefaultNoAccess; | ||
import static ee.jakarta.tck.authorization.util.Assert.assertDefaultNotAuthenticated; | ||
import static ee.jakarta.tck.authorization.util.ShrinkWrap.mavenWar; | ||
|
||
import com.gargoylesoftware.htmlunit.DefaultCredentialsProvider; | ||
import ee.jakarta.tck.authorization.util.ArquillianBase; | ||
import org.jboss.arquillian.container.test.api.Deployment; | ||
import org.jboss.arquillian.junit.Arquillian; | ||
import org.jboss.shrinkwrap.api.Archive; | ||
import org.junit.Test; | ||
import org.junit.runner.RunWith; | ||
|
||
|
||
@RunWith(Arquillian.class) | ||
public class AppPolicyIT extends ArquillianBase { | ||
|
||
@Deployment(testable = false) | ||
public static Archive<?> createDeployment() { | ||
return mavenWar(); | ||
} | ||
|
||
// Test several general conditions to make sure security | ||
// works in the normal way | ||
|
||
/** | ||
* Normally authenticated for a request to the default path. | ||
* Should have access via the role foo | ||
*/ | ||
@Test | ||
public void testAuthenticated() { | ||
DefaultCredentialsProvider credentialsProvider = new DefaultCredentialsProvider(); | ||
credentialsProvider.addCredentials("reza", "secret1"); | ||
|
||
getWebClient().setCredentialsProvider(credentialsProvider); | ||
|
||
assertDefaultAuthenticated( | ||
readFromServer("/protectedServlet")); | ||
} | ||
|
||
/** | ||
* Not authenticated on the default path. | ||
* Should not have access, since not in the required role foo | ||
*/ | ||
@Test | ||
public void testNotAuthenticated() { | ||
assertDefaultNoAccess( | ||
readFromServer("/protectedServlet")); | ||
} | ||
|
||
/** | ||
* Wrongly authenticated on the default path. | ||
* Should not have access, since not in the required role foo | ||
*/ | ||
@Test | ||
public void testNotAuthenticatedWrongName() { | ||
assertDefaultNoAccess( | ||
readFromServer("/protectedServlet?name=romo&password=secret1")); | ||
} | ||
|
||
// Test on the special test path which a custom policy is observing | ||
|
||
/** | ||
* Should have access, despite not being in the required role foo. | ||
* The custom policy made an exception here. | ||
* | ||
* But, the caller should not be in any roles (specially, should not be in role foo) | ||
*/ | ||
@Test | ||
public void testNotAuthenticatedSpecial() { | ||
String response = readFromServer("/protectedServlet/foo/test"); | ||
|
||
assertDefaultAccess(response); | ||
assertDefaultNotAuthenticated(response); | ||
} | ||
|
||
} |
Oops, something went wrong.