Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #154 from arjantijms/tck_trace_policy
Add TCK test installing a tracing Policy.
- Loading branch information
Showing
8 changed files
with
595 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<!-- | ||
Copyright (c) 2024 Contributors to Eclipse Foundation. | ||
Copyright (c) 2015, 2020 Oracle and/or its affiliates. All rights reserved. | ||
This program and the accompanying materials are made available under the | ||
terms of the Eclipse Public License v. 2.0, which is available at | ||
http://www.eclipse.org/legal/epl-2.0. | ||
This Source Code may also be made available under the following Secondary | ||
Licenses when the conditions for such availability set forth in the | ||
Eclipse Public License v. 2.0 are satisfied: GNU General Public License, | ||
version 2 with the GNU Classpath Exception, which is available at | ||
https://www.gnu.org/software/classpath/license.html. | ||
SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 | ||
--> | ||
|
||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> | ||
<modelVersion>4.0.0</modelVersion> | ||
|
||
<parent> | ||
<groupId>org.eclipse.ee4j.authorization.tck</groupId> | ||
<artifactId>jakarta-authorization-tck</artifactId> | ||
<version>4.0.0-SNAPSHOT</version> | ||
</parent> | ||
|
||
<artifactId>app-custom-trace-policy</artifactId> | ||
<packaging>war</packaging> | ||
|
||
<description> | ||
This module installs a policy that tests several aspects of the Policy; | ||
whether it's called at all, and if certain context objects are available to it. | ||
</description> | ||
|
||
<properties> | ||
<failOnMissingWebXml>false</failOnMissingWebXml> | ||
</properties> | ||
|
||
<dependencies> | ||
<dependency> | ||
<groupId>org.eclipse.ee4j.authorization.tck</groupId> | ||
<artifactId>common</artifactId> | ||
<version>${project.version}</version> | ||
</dependency> | ||
</dependencies> | ||
|
||
<build> | ||
<finalName>app-custom-trace-policy</finalName> | ||
</build> | ||
</project> |
38 changes: 38 additions & 0 deletions
38
...ce-policy/src/main/java/ee/jakarta/tck/authorization/test/PolicyRegistrationListener.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
/* | ||
* Copyright (c) 2024 Contributors to the Eclipse Foundation. | ||
* | ||
* This program and the accompanying materials are made available under the | ||
* terms of the Eclipse Public License v. 2.0, which is available at | ||
* http://www.eclipse.org/legal/epl-2.0. | ||
* | ||
* This Source Code may also be made available under the following Secondary | ||
* Licenses when the conditions for such availability set forth in the | ||
* Eclipse Public License v. 2.0 are satisfied: GNU General Public License, | ||
* version 2 with the GNU Classpath Exception, which is available at | ||
* https://www.gnu.org/software/classpath/license.html. | ||
* | ||
* SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 | ||
*/ | ||
package ee.jakarta.tck.authorization.test; | ||
|
||
import jakarta.security.jacc.PolicyFactory; | ||
import jakarta.servlet.ServletContextEvent; | ||
import jakarta.servlet.ServletContextListener; | ||
import jakarta.servlet.annotation.WebListener; | ||
|
||
/** | ||
* ServletContextListener that is used to install a custom authorization policy. | ||
* | ||
* @author Arjan Tijms | ||
* | ||
*/ | ||
@WebListener | ||
public class PolicyRegistrationListener implements ServletContextListener { | ||
|
||
@Override | ||
public void contextInitialized(ServletContextEvent sce) { | ||
PolicyFactory policyFactory = PolicyFactory.getPolicyFactory(); | ||
policyFactory.setPolicy(new TSPolicy(policyFactory.getPolicy())); | ||
} | ||
|
||
} |
181 changes: 181 additions & 0 deletions
181
tck/app-custom-trace-policy/src/main/java/ee/jakarta/tck/authorization/test/TSPolicy.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,181 @@ | ||
/* | ||
* Copyright (c) 2024 Contributors to the Eclipse Foundation. | ||
* Copyright (c) 2007, 2020 Oracle and/or its affiliates. All rights reserved. | ||
* | ||
* This program and the accompanying materials are made available under the | ||
* terms of the Eclipse Public License v. 2.0, which is available at | ||
* http://www.eclipse.org/legal/epl-2.0. | ||
* | ||
* This Source Code may also be made available under the following Secondary | ||
* Licenses when the conditions for such availability set forth in the | ||
* Eclipse Public License v. 2.0 are satisfied: GNU General Public License, | ||
* version 2 with the GNU Classpath Exception, which is available at | ||
* https://www.gnu.org/software/classpath/license.html. | ||
* | ||
* SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 | ||
*/ | ||
package ee.jakarta.tck.authorization.test; | ||
|
||
import static java.util.logging.Level.FINER; | ||
import static java.util.logging.Level.INFO; | ||
import static java.util.logging.Level.SEVERE; | ||
|
||
import ee.jakarta.tck.authorization.util.logging.server.TSLogger; | ||
import jakarta.security.jacc.Policy; | ||
import jakarta.security.jacc.PolicyConfiguration; | ||
import jakarta.security.jacc.PolicyConfigurationFactory; | ||
import jakarta.security.jacc.PolicyContext; | ||
import jakarta.security.jacc.WebResourcePermission; | ||
import jakarta.servlet.http.HttpServletRequest; | ||
import java.security.Permission; | ||
import java.security.PermissionCollection; | ||
import javax.security.auth.Subject; | ||
|
||
/** | ||
* This is a delegating Policy Implementation class which delegates the permission evaluation to vendor's policy | ||
* implementation. | ||
* | ||
* @author Raja Perumal 08/14/02 | ||
* | ||
*/ | ||
public final class TSPolicy implements Policy { | ||
|
||
public static TSLogger logger = TSLogger.getTSLogger(); | ||
|
||
private Policy policy; | ||
|
||
public TSPolicy(Policy policy) { | ||
this.policy = policy; | ||
} | ||
|
||
/** | ||
* Evaluates the global policy for the permissions granted to the ProtectionDomain and tests whether the permission is | ||
* granted. | ||
* | ||
* @param permission the Permission object to be tested for implication. | ||
* @param subject the Subject to test | ||
* | ||
* @return true if "permission" is a proper subset of a permission granted to this Subject. | ||
* @since 1.4 | ||
*/ | ||
@Override | ||
public boolean implies(Permission permission, Subject subject) { | ||
if ((permission instanceof WebResourcePermission) && (permission.getName().equals("/secured.jsp"))) { | ||
logger.log(INFO, "Calling policyContextSubject()"); | ||
policyContextSubject(); | ||
|
||
logger.log(INFO, "Calling policyContextHttpServletRequest()"); | ||
policyContextHttpServletRequest(); | ||
} | ||
|
||
// If there is a PolicyContext.getContextID, verify that getPolicyConfiguration() methods work | ||
String contextId = PolicyContext.getContextID(); | ||
if (contextId != null) { | ||
try { | ||
PolicyConfigurationFactory policyConfigurationFactory = PolicyConfigurationFactory.getPolicyConfigurationFactory(); | ||
|
||
// Should be non-null PolicyConfiguration | ||
PolicyConfiguration policyConfiguration = policyConfigurationFactory.getPolicyConfiguration(); | ||
if (policyConfiguration != null) { | ||
logger.log(INFO, "PolicyConfigurationFactory.getPolicyConfiguration() : PASSED"); | ||
} else { | ||
logger.log(INFO, "PolicyConfigurationFactory.getPolicyConfiguration() : FAILED"); | ||
} | ||
|
||
// Should be non-null PolicyConfiguration and match no-arg getPolicyConfiguration() | ||
PolicyConfiguration policyConfiguration2 = policyConfigurationFactory.getPolicyConfiguration(contextId); | ||
if (policyConfiguration2 == null || !policyConfiguration.equals(policyConfiguration2)) { | ||
logger.log(INFO, "PolicyConfigurationFactory.getPolicyConfiguration(String) : FAILED"); | ||
} else { | ||
logger.log(INFO, "PolicyConfigurationFactory.getPolicyConfiguration(String) : PASSED"); | ||
} | ||
|
||
} catch (Exception e) { | ||
logger.log(INFO, "PolicyConfigurationFactory.getPolicyConfiguration() : FAILED"); | ||
} | ||
} | ||
|
||
return policy.implies(permission, subject); | ||
} | ||
|
||
/** | ||
* Evaluates the global policy and returns a PermissionCollection object specifying the set of permissions allowed given | ||
* the characteristics of the protection domain. | ||
* | ||
* @param subject the Subject associated with the caller. | ||
* | ||
* @return the set of permissions allowed for the <i>subject</i> according to the policy. The returned set of permissions | ||
* must be a new mutable instance and it must support heterogeneous Permission types. | ||
* | ||
* @since 1.4 | ||
*/ | ||
@Override | ||
public PermissionCollection getPermissionCollection(Subject subject) { | ||
if (logger.isLoggable(FINER)) { | ||
logger.entering("TSPolicy", "getPermissions"); | ||
} | ||
|
||
// Print permission collection as logger info ? | ||
return policy.getPermissionCollection(subject); | ||
} | ||
|
||
/** | ||
* Refreshes/reloads the policy configuration. The behavior of this method depends on the implementation. For example, | ||
* calling <code>refresh</code> on a file-based policy will cause the file to be re-read. | ||
* | ||
*/ | ||
@Override | ||
public void refresh() { | ||
policy.refresh(); | ||
if (logger != null) { | ||
logger.log(INFO, "TSPolicy.refresh() invoked"); | ||
} | ||
} | ||
|
||
/** | ||
* testName: policyContextHttpServletRequest | ||
* | ||
* @assertion_ids: JACC:SPEC:99; JACC:JAVADOC:30 | ||
* | ||
* @test_Strategy: 1) call PolicyContext.getContext("jakarta.servlet.http.HttpServletRequest") 2) verify the return | ||
* value is an instance of HttpServletRequest | ||
* | ||
*/ | ||
private void policyContextHttpServletRequest() { | ||
try { | ||
// Get HttpServletRequest object | ||
HttpServletRequest ctx = PolicyContext.getContext("jakarta.servlet.http.HttpServletRequest"); | ||
logger.log(INFO, "PolicyContext.getContext() " + "test passed for" + "jakarta.servlet.http.HttpServletRequest " + ctx.getContextPath()); | ||
logger.log(INFO, "PolicyContextHttpServletRequest: PASSED"); | ||
} catch (ClassCastException e) { | ||
logger.log(INFO,"PolicyContext.getContext()" + "returned incorrect value for key " + "jakarta.servlet.http.HttpServletRequest"); | ||
logger.log(SEVERE, "PolicyContextHttpServletRequest: FAILED"); | ||
} catch (Exception e) { | ||
logger.log(SEVERE, "PolicyContextHttpServletRequest: FAILED"); | ||
} | ||
} | ||
|
||
/** | ||
* testName: policyContextSubject | ||
* | ||
* @assertion_ids: JACC:SPEC:97; JACC:JAVADOC:30 | ||
* | ||
* @test_Strategy: 1) call PolicyContext.getContext("javax.security.auth.Subject.container) 2) verify the return value | ||
* is an instance of javax.security.auth.Subject | ||
* | ||
*/ | ||
private void policyContextSubject() { | ||
try { | ||
// Get Subject | ||
Subject subject = PolicyContext.getContext("javax.security.auth.Subject.container"); | ||
logger.log(INFO, "PolicyContext.getContext() " + "test passed for" + "javax.security.auth.Subject.container " + subject.toString()); | ||
logger.log(INFO, "PolicyContextSubject: PASSED"); | ||
} catch (ClassCastException e) { | ||
logger.log(INFO, "PolicyContext.getContext()" + "returned incorrect value for key " + "javax.security.auth.Subject.container"); | ||
logger.log(INFO, "PolicyContextSubject: FAILED"); | ||
} catch (Exception e) { | ||
logger.log(SEVERE, "PolicyContextSubject: FAILED"); | ||
} | ||
} | ||
|
||
} |
24 changes: 24 additions & 0 deletions
24
tck/app-custom-trace-policy/src/main/webapp/WEB-INF/beans.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<!-- | ||
Copyright (c) 2024 Contributors to Eclipse Foundation. | ||
Copyright (c) 2015, 2020 Oracle and/or its affiliates. All rights reserved. | ||
This program and the accompanying materials are made available under the | ||
terms of the Eclipse Public License v. 2.0, which is available at | ||
http://www.eclipse.org/legal/epl-2.0. | ||
This Source Code may also be made available under the following Secondary | ||
Licenses when the conditions for such availability set forth in the | ||
Eclipse Public License v. 2.0 are satisfied: GNU General Public License, | ||
version 2 with the GNU Classpath Exception, which is available at | ||
https://www.gnu.org/software/classpath/license.html. | ||
SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 | ||
--> | ||
<beans xmlns="https://jakarta.ee/xml/ns/jakartaee" | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/beans_3_0.xsd" | ||
bean-discovery-mode="all" version="3.0"> | ||
</beans> |
73 changes: 73 additions & 0 deletions
73
tck/app-custom-trace-policy/src/main/webapp/WEB-INF/web.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<!-- | ||
Copyright (c) 2024 Contributors to Eclipse Foundation. | ||
Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved. | ||
This program and the accompanying materials are made available under the | ||
terms of the Eclipse Public License v. 2.0, which is available at | ||
http://www.eclipse.org/legal/epl-2.0. | ||
This Source Code may also be made available under the following Secondary | ||
Licenses when the conditions for such availability set forth in the | ||
Eclipse Public License v. 2.0 are satisfied: GNU General Public License, | ||
version 2 with the GNU Classpath Exception, which is available at | ||
https://www.gnu.org/software/classpath/license.html. | ||
SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 | ||
--> | ||
|
||
<web-app xmlns="https://jakarta.ee/xml/ns/jakartaee" | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/web-app_6_0.xsd" | ||
version="6.0"> | ||
<display-name>jacc_web_toolsContracts</display-name> | ||
|
||
|
||
<!-- By role: authenticated caller in specified role can access --> | ||
<servlet> | ||
<display-name>secured</display-name> | ||
<servlet-name>secured</servlet-name> | ||
<jsp-file>/secured.jsp</jsp-file> | ||
<load-on-startup>0</load-on-startup> | ||
<security-role-ref> | ||
<role-name>ADM</role-name> | ||
<role-link>Administrator</role-link> | ||
</security-role-ref> | ||
</servlet> | ||
<servlet-mapping> | ||
<servlet-name>secured</servlet-name> | ||
<url-pattern>/secured.jsp</url-pattern> | ||
</servlet-mapping> | ||
<security-constraint> | ||
<web-resource-collection> | ||
<web-resource-name>MySecureBit3</web-resource-name> | ||
<url-pattern>/secured.jsp</url-pattern> | ||
<http-method>POST</http-method> | ||
<http-method>GET</http-method> | ||
</web-resource-collection> | ||
<auth-constraint> | ||
<role-name>Administrator</role-name> | ||
</auth-constraint> | ||
<user-data-constraint> | ||
<transport-guarantee>NONE</transport-guarantee> | ||
</user-data-constraint> | ||
</security-constraint> | ||
|
||
|
||
<login-config> | ||
<auth-method>BASIC</auth-method> | ||
<realm-name>default</realm-name> | ||
</login-config> | ||
|
||
<security-role> | ||
<role-name>Administrator</role-name> | ||
</security-role> | ||
<security-role> | ||
<role-name>Manager</role-name> | ||
</security-role> | ||
<security-role> | ||
<role-name>Employee</role-name> | ||
</security-role> | ||
</web-app> |
Oops, something went wrong.