Add TCK test installing a tracing Policy.

tck/app-custom-trace-policy/pom.xml

@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    Copyright (c) 2024 Contributors to Eclipse Foundation.
+    Copyright (c) 2015, 2020 Oracle and/or its affiliates. All rights reserved.
+
+    This program and the accompanying materials are made available under the
+    terms of the Eclipse Public License v. 2.0, which is available at
+    http://www.eclipse.org/legal/epl-2.0.
+
+    This Source Code may also be made available under the following Secondary
+    Licenses when the conditions for such availability set forth in the
+    Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+    version 2 with the GNU Classpath Exception, which is available at
+    https://www.gnu.org/software/classpath/license.html.
+
+    SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+
+	<parent>
+        <groupId>org.eclipse.ee4j.authorization.tck</groupId>
+        <artifactId>jakarta-authorization-tck</artifactId>
+        <version>4.0.0-SNAPSHOT</version>
+    </parent>
+
+	<artifactId>app-custom-trace-policy</artifactId>
+	<packaging>war</packaging>
+
+	<description>
+        This module installs a policy that tests several aspects of the Policy; 
+        whether it's called at all, and if certain context objects are available to it.
+    </description>
+
+	<properties>
+        <failOnMissingWebXml>false</failOnMissingWebXml>
+    </properties>
+
+	<dependencies>
+        <dependency>
+            <groupId>org.eclipse.ee4j.authorization.tck</groupId>
+            <artifactId>common</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+    </dependencies>
+
+	<build>
+        <finalName>app-custom-trace-policy</finalName>
+	</build>
+</project>

tck/app-custom-trace-policy/src/main/java/ee/jakarta/tck/authorization/test/PolicyRegistrationListener.java

@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2024 Contributors to the Eclipse Foundation.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+package ee.jakarta.tck.authorization.test;
+
+import jakarta.security.jacc.PolicyFactory;
+import jakarta.servlet.ServletContextEvent;
+import jakarta.servlet.ServletContextListener;
+import jakarta.servlet.annotation.WebListener;
+
+/**
+ * ServletContextListener that is used to install a custom authorization policy.
+ *
+ * @author Arjan Tijms
+ *
+ */
+@WebListener
+public class PolicyRegistrationListener implements ServletContextListener {
+
+    @Override
+    public void contextInitialized(ServletContextEvent sce) {
+        PolicyFactory policyFactory = PolicyFactory.getPolicyFactory();
+        policyFactory.setPolicy(new TSPolicy(policyFactory.getPolicy()));
+    }
+
+}

tck/app-custom-trace-policy/src/main/java/ee/jakarta/tck/authorization/test/TSPolicy.java

@@ -0,0 +1,181 @@
+/*
+ * Copyright (c) 2024 Contributors to the Eclipse Foundation.
+ * Copyright (c) 2007, 2020 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+package ee.jakarta.tck.authorization.test;
+
+import static java.util.logging.Level.FINER;
+import static java.util.logging.Level.INFO;
+import static java.util.logging.Level.SEVERE;
+
+import ee.jakarta.tck.authorization.util.logging.server.TSLogger;
+import jakarta.security.jacc.Policy;
+import jakarta.security.jacc.PolicyConfiguration;
+import jakarta.security.jacc.PolicyConfigurationFactory;
+import jakarta.security.jacc.PolicyContext;
+import jakarta.security.jacc.WebResourcePermission;
+import jakarta.servlet.http.HttpServletRequest;
+import java.security.Permission;
+import java.security.PermissionCollection;
+import javax.security.auth.Subject;
+
+/**
+ * This is a delegating Policy Implementation class which delegates the permission evaluation to vendor's policy
+ * implementation.
+ *
+ * @author Raja Perumal 08/14/02
+ *
+ */
+public final class TSPolicy implements Policy {
+
+    public static TSLogger logger = TSLogger.getTSLogger();
+
+    private Policy policy;
+
+    public TSPolicy(Policy policy) {
+        this.policy = policy;
+    }
+
+    /**
+     * Evaluates the global policy for the permissions granted to the ProtectionDomain and tests whether the permission is
+     * granted.
+     *
+     * @param permission the Permission object to be tested for implication.
+     * @param subject the Subject to test
+     *
+     * @return true if "permission" is a proper subset of a permission granted to this Subject.
+     * @since 1.4
+     */
+    @Override
+    public boolean implies(Permission permission, Subject subject) {
+        if ((permission instanceof WebResourcePermission) && (permission.getName().equals("/secured.jsp"))) {
+            logger.log(INFO, "Calling policyContextSubject()");
+            policyContextSubject();
+
+            logger.log(INFO, "Calling policyContextHttpServletRequest()");
+            policyContextHttpServletRequest();
+        }
+
+        // If there is a PolicyContext.getContextID, verify that getPolicyConfiguration() methods work
+        String contextId = PolicyContext.getContextID();
+        if (contextId != null) {
+            try {
+                PolicyConfigurationFactory policyConfigurationFactory = PolicyConfigurationFactory.getPolicyConfigurationFactory();
+
+                // Should be non-null PolicyConfiguration
+                PolicyConfiguration policyConfiguration = policyConfigurationFactory.getPolicyConfiguration();
+                if (policyConfiguration != null) {
+                    logger.log(INFO, "PolicyConfigurationFactory.getPolicyConfiguration() : PASSED");
+                } else {
+                    logger.log(INFO, "PolicyConfigurationFactory.getPolicyConfiguration() : FAILED");
+                }
+
+                // Should be non-null PolicyConfiguration and match no-arg getPolicyConfiguration()
+                PolicyConfiguration policyConfiguration2 = policyConfigurationFactory.getPolicyConfiguration(contextId);
+                if (policyConfiguration2 == null || !policyConfiguration.equals(policyConfiguration2)) {
+                    logger.log(INFO, "PolicyConfigurationFactory.getPolicyConfiguration(String) : FAILED");
+                } else {
+                    logger.log(INFO, "PolicyConfigurationFactory.getPolicyConfiguration(String) : PASSED");
+                }
+
+            } catch (Exception e) {
+                logger.log(INFO, "PolicyConfigurationFactory.getPolicyConfiguration() : FAILED");
+            }
+        }
+
+        return policy.implies(permission, subject);
+    }
+
+    /**
+     * Evaluates the global policy and returns a PermissionCollection object specifying the set of permissions allowed given
+     * the characteristics of the protection domain.
+     *
+     * @param subject the Subject associated with the caller.
+     *
+     * @return the set of permissions allowed for the <i>subject</i> according to the policy. The returned set of permissions
+     * must be a new mutable instance and it must support heterogeneous Permission types.
+     *
+     * @since 1.4
+     */
+    @Override
+    public PermissionCollection getPermissionCollection(Subject subject) {
+        if (logger.isLoggable(FINER)) {
+            logger.entering("TSPolicy", "getPermissions");
+        }
+
+        // Print permission collection as logger info ?
+        return policy.getPermissionCollection(subject);
+    }
+
+    /**
+     * Refreshes/reloads the policy configuration. The behavior of this method depends on the implementation. For example,
+     * calling <code>refresh</code> on a file-based policy will cause the file to be re-read.
+     *
+     */
+    @Override
+    public void refresh() {
+        policy.refresh();
+        if (logger != null) {
+            logger.log(INFO, "TSPolicy.refresh() invoked");
+        }
+    }
+
+    /**
+     * testName: policyContextHttpServletRequest
+     *
+     * @assertion_ids: JACC:SPEC:99; JACC:JAVADOC:30
+     *
+     * @test_Strategy: 1) call PolicyContext.getContext("jakarta.servlet.http.HttpServletRequest") 2) verify the return
+     * value is an instance of HttpServletRequest
+     *
+     */
+    private void policyContextHttpServletRequest() {
+        try {
+            // Get HttpServletRequest object
+            HttpServletRequest ctx = PolicyContext.getContext("jakarta.servlet.http.HttpServletRequest");
+            logger.log(INFO, "PolicyContext.getContext() " + "test passed for" + "jakarta.servlet.http.HttpServletRequest " + ctx.getContextPath());
+            logger.log(INFO, "PolicyContextHttpServletRequest: PASSED");
+        } catch (ClassCastException e) {
+            logger.log(INFO,"PolicyContext.getContext()" + "returned incorrect value for key " + "jakarta.servlet.http.HttpServletRequest");
+            logger.log(SEVERE, "PolicyContextHttpServletRequest: FAILED");
+        } catch (Exception e) {
+            logger.log(SEVERE, "PolicyContextHttpServletRequest: FAILED");
+        }
+    }
+
+    /**
+     * testName: policyContextSubject
+     *
+     * @assertion_ids: JACC:SPEC:97; JACC:JAVADOC:30
+     *
+     * @test_Strategy: 1) call PolicyContext.getContext("javax.security.auth.Subject.container) 2) verify the return value
+     * is an instance of javax.security.auth.Subject
+     *
+     */
+    private void policyContextSubject() {
+        try {
+            // Get Subject
+            Subject subject = PolicyContext.getContext("javax.security.auth.Subject.container");
+            logger.log(INFO, "PolicyContext.getContext() " + "test passed for" + "javax.security.auth.Subject.container " + subject.toString());
+            logger.log(INFO, "PolicyContextSubject: PASSED");
+        } catch (ClassCastException e) {
+            logger.log(INFO, "PolicyContext.getContext()" + "returned incorrect value for key " + "javax.security.auth.Subject.container");
+            logger.log(INFO, "PolicyContextSubject: FAILED");
+        } catch (Exception e) {
+            logger.log(SEVERE, "PolicyContextSubject: FAILED");
+        }
+    }
+
+}

tck/app-custom-trace-policy/src/main/webapp/WEB-INF/beans.xml

@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    Copyright (c) 2024 Contributors to Eclipse Foundation.
+    Copyright (c) 2015, 2020 Oracle and/or its affiliates. All rights reserved.
+
+    This program and the accompanying materials are made available under the
+    terms of the Eclipse Public License v. 2.0, which is available at
+    http://www.eclipse.org/legal/epl-2.0.
+
+    This Source Code may also be made available under the following Secondary
+    Licenses when the conditions for such availability set forth in the
+    Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+    version 2 with the GNU Classpath Exception, which is available at
+    https://www.gnu.org/software/classpath/license.html.
+
+    SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+<beans xmlns="https://jakarta.ee/xml/ns/jakartaee"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/beans_3_0.xsd"
+       bean-discovery-mode="all" version="3.0">
+</beans>

tck/app-custom-trace-policy/src/main/webapp/WEB-INF/web.xml

@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    Copyright (c) 2024 Contributors to Eclipse Foundation.
+    Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+    This program and the accompanying materials are made available under the
+    terms of the Eclipse Public License v. 2.0, which is available at
+    http://www.eclipse.org/legal/epl-2.0.
+
+    This Source Code may also be made available under the following Secondary
+    Licenses when the conditions for such availability set forth in the
+    Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+    version 2 with the GNU Classpath Exception, which is available at
+    https://www.gnu.org/software/classpath/license.html.
+
+    SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app xmlns="https://jakarta.ee/xml/ns/jakartaee"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/web-app_6_0.xsd"
+         version="6.0">
+    <display-name>jacc_web_toolsContracts</display-name>
+
+
+    <!-- By role: authenticated caller in specified role can access  -->
+    <servlet>
+        <display-name>secured</display-name>
+        <servlet-name>secured</servlet-name>
+        <jsp-file>/secured.jsp</jsp-file>
+        <load-on-startup>0</load-on-startup>
+        <security-role-ref>
+            <role-name>ADM</role-name>
+            <role-link>Administrator</role-link>
+        </security-role-ref>
+    </servlet>
+    <servlet-mapping>
+        <servlet-name>secured</servlet-name>
+        <url-pattern>/secured.jsp</url-pattern>
+    </servlet-mapping>
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>MySecureBit3</web-resource-name>
+            <url-pattern>/secured.jsp</url-pattern>
+            <http-method>POST</http-method>
+            <http-method>GET</http-method>
+        </web-resource-collection>
+        <auth-constraint>
+            <role-name>Administrator</role-name>
+        </auth-constraint>
+        <user-data-constraint>
+            <transport-guarantee>NONE</transport-guarantee>
+        </user-data-constraint>
+    </security-constraint>
+
+
+    <login-config>
+        <auth-method>BASIC</auth-method>
+        <realm-name>default</realm-name>
+    </login-config>
+
+    <security-role>
+        <role-name>Administrator</role-name>
+    </security-role>
+    <security-role>
+        <role-name>Manager</role-name>
+    </security-role>
+    <security-role>
+        <role-name>Employee</role-name>
+    </security-role>
+</web-app>