Added test for obtaining and invoking EJB and CDI beans from a SAM

arjantijms · arjantijms · commit 72702963f134 · 2015-11-09T18:06:08.000+01:00
diff --git a/jaspic/invoke-ejb-cdi/src/main/java/org/javaee7/jaspic/invoke/sam/TestServerAuthModule.java b/jaspic/invoke-ejb-cdi/src/main/java/org/javaee7/jaspic/invoke/sam/TestServerAuthModule.java
@@ -71,6 +71,39 @@ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject
             throw (AuthException) new AuthException().initCause(e);
         }
     }
+
+    @Override
+    public Class<?>[] getSupportedMessageTypes() {
+        return supportedMessageTypes;
+    }
+
+    @Override
+    public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException {
+
+        HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
+        HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
+
+        if ("cdi".equals(request.getParameter("tech"))) {
+            callCDIBean(response, "secureResponse");
+        } else if ("ejb".equals(request.getParameter("tech"))) {
+            callEJBBean(response, "secureResponse");
+        }
+
+        return SEND_SUCCESS;
+    }
+
+    @Override
+    public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {
+        
+        HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
+        HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
+
+        if ("cdi".equals(request.getParameter("tech"))) {
+            callCDIBean(response, "cleanSubject");
+        } else if ("ejb".equals(request.getParameter("tech"))) {
+            callEJBBean(response, "cleanSubject");
+        }
+    }
     
     private void callCDIBean(HttpServletResponse response, String phase) {
         try {
@@ -90,21 +123,5 @@ private void callEJBBean(HttpServletResponse response, String phase) {
         }
     }
     
-
-    @Override
-    public Class<?>[] getSupportedMessageTypes() {
-        return supportedMessageTypes;
-    }
-
-    @Override
-    public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException {
-        return SEND_SUCCESS;
-    }
-
-    @Override
-    public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {
-
-    }
-    
     
 }
diff --git a/jaspic/invoke-ejb-cdi/src/main/java/org/javaee7/jaspic/invoke/servlet/ProtectedServlet.java b/jaspic/invoke-ejb-cdi/src/main/java/org/javaee7/jaspic/invoke/servlet/ProtectedServlet.java
@@ -20,6 +20,7 @@ public class ProtectedServlet extends HttpServlet {
     @Override
     public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
         response.getWriter().write("Resource invoked\n");
+        request.logout();
     }
 
 }
diff --git a/jaspic/invoke-ejb-cdi/src/main/java/org/javaee7/jaspic/invoke/servlet/PublicServlet.java b/jaspic/invoke-ejb-cdi/src/main/java/org/javaee7/jaspic/invoke/servlet/PublicServlet.java
@@ -20,6 +20,7 @@ public class PublicServlet extends HttpServlet {
     @Override
     public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
         response.getWriter().write("Resource invoked\n");
+        request.logout();
     }
 
 }
diff --git a/jaspic/invoke-ejb-cdi/src/test/java/org/javaee7/jaspictest/invoke/InvokeCDIBeanProtectedTest.java b/jaspic/invoke-ejb-cdi/src/test/java/org/javaee7/jaspictest/invoke/InvokeCDIBeanProtectedTest.java
@@ -0,0 +1,60 @@
+package org.javaee7.jaspictest.invoke;
+
+import static org.junit.Assert.assertTrue;
+
+import org.javaee7.jaspic.common.ArquillianBase;
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.shrinkwrap.api.Archive;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+/**
+ * This tests that a SAM is able to obtain and call a CDI bean when the request is to a protected resource 
+ * (a resource for which security constraints have been set).
+ * 
+ * @author Arjan Tijms
+ * 
+ */
+@RunWith(Arquillian.class)
+public class InvokeCDIBeanProtectedTest extends ArquillianBase {
+
+    @Deployment(testable = false)
+    public static Archive<?> createDeployment() {
+        return tryWrapEAR(
+            defaultWebArchive()
+                .addAsWebInfResource(resource("beans.xml"))
+        );
+    }
+
+    @Test
+    public void protectedInvokeCDIFromValidateRequest() {
+        String response = getFromServerPath("protected/servlet?tech=cdi");
+        
+        assertTrue(
+            "Response did not contain output from CDI bean for validateRequest for protected resource. (note: this is not required by the spec)",
+            response.contains("validateRequest: Called from CDI")
+        );
+    }
+    
+    @Test
+    public void protectedInvokeCDIFromCleanSubject() {
+        String response = getFromServerPath("protected/servlet?tech=cdi");
+        
+        assertTrue(
+            "Response did not contain output from CDI bean for cleanSubject for protected resource. (note: this is not required by the spec)", 
+            response.contains("cleanSubject: Called from CDI")
+        );
+    }
+    
+    @Test
+    public void protectedInvokeCDIFromSecureResponse() {
+        String response = getFromServerPath("protected/servlet?tech=cdi");
+        
+        assertTrue(
+            "Response did not contain output from CDI bean for secureResponse for protected resource. (note: this is not required by the spec)",
+            response.contains("secureResponse: Called from CDI")
+        );
+    }
+
+}
diff --git a/jaspic/invoke-ejb-cdi/src/test/java/org/javaee7/jaspictest/invoke/InvokeCDIBeanPublicTest.java b/jaspic/invoke-ejb-cdi/src/test/java/org/javaee7/jaspictest/invoke/InvokeCDIBeanPublicTest.java
@@ -0,0 +1,60 @@
+package org.javaee7.jaspictest.invoke;
+
+import static org.junit.Assert.assertTrue;
+
+import org.javaee7.jaspic.common.ArquillianBase;
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.shrinkwrap.api.Archive;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+/**
+ * This tests that a SAM is able to obtain and call a CDI bean when the request is to a public resource 
+ * (a resource for which no security constraints have been set).
+ * 
+ * @author Arjan Tijms
+ * 
+ */
+@RunWith(Arquillian.class)
+public class InvokeCDIBeanPublicTest extends ArquillianBase {
+
+    @Deployment(testable = false)
+    public static Archive<?> createDeployment() {
+        return tryWrapEAR(
+            defaultWebArchive()
+                .addAsWebInfResource(resource("beans.xml"))
+        );
+    }
+
+    @Test
+    public void publicInvokeCDIFromValidateRequest() {
+        String response = getFromServerPath("public/servlet?tech=cdi");
+        
+        assertTrue(
+            "Response did not contain output from CDI bean for validateRequest for public resource. (note: this is not required by the spec)", 
+            response.contains("validateRequest: Called from CDI")
+        );
+    }
+    
+    @Test
+    public void publicInvokeCDIFromCleanSubject() {
+        String response = getFromServerPath("public/servlet?tech=cdi");
+        
+        assertTrue(
+            "Response did not contain output from CDI bean for cleanSubject for public resource. (note: this is not required by the spec)", 
+            response.contains("cleanSubject: Called from CDI")
+        );
+    }
+    
+    @Test
+    public void publicInvokeCDIFromSecureResponse() {
+        String response = getFromServerPath("public/servlet?tech=cdi");
+        
+        assertTrue(
+            "Response did not contain output from CDI bean for secureResponse for public resource. (note: this is not required by the spec)", 
+            response.contains("secureResponse: Called from CDI")
+        );
+    }
+
+}
diff --git a/jaspic/invoke-ejb-cdi/src/test/java/org/javaee7/jaspictest/invoke/InvokeCDIBeanTest.java b/jaspic/invoke-ejb-cdi/src/test/java/org/javaee7/jaspictest/invoke/InvokeCDIBeanTest.java
diff --git a/jaspic/invoke-ejb-cdi/src/test/java/org/javaee7/jaspictest/invoke/InvokeEJBBeanProtectedTest.java b/jaspic/invoke-ejb-cdi/src/test/java/org/javaee7/jaspictest/invoke/InvokeEJBBeanProtectedTest.java
@@ -0,0 +1,57 @@
+package org.javaee7.jaspictest.invoke;
+
+import static org.junit.Assert.assertTrue;
+
+import org.javaee7.jaspic.common.ArquillianBase;
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.shrinkwrap.api.Archive;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+/**
+ * This tests that a SAM is able to obtain and call an EJB bean when the request is to a protected resource 
+ * (a resource for which security constraints have been set).
+ * 
+ * @author Arjan Tijms
+ * 
+ */
+@RunWith(Arquillian.class)
+public class InvokeEJBBeanProtectedTest extends ArquillianBase {
+
+    @Deployment(testable = false)
+    public static Archive<?> createDeployment() {
+        return defaultArchive();
+    }
+
+    @Test
+    public void protectedInvokeEJBFromValidateRequest() {
+        String response = getFromServerPath("protected/servlet?tech=ejb");
+        
+        assertTrue(
+            "Response did not contain output from EJB bean for validateRequest for protected resource. (note: spec is silent on this, but it should work)", 
+            response.contains("validateRequest: Called from EJB")
+        );
+    }
+    
+    @Test
+    public void protectedInvokeEJBFromCleanSubject() {
+        String response = getFromServerPath("protected/servlet?tech=ejb");
+        
+        assertTrue(
+            "Response did not contain output from EJB bean for cleanSubject for protected resource. (note: spec is silent on this, but it should work)", 
+            response.contains("cleanSubject: Called from EJB")
+        );
+    }
+    
+    @Test
+    public void protectedInvokeEJBFromSecureResponse() {
+        String response = getFromServerPath("protected/servlet?tech=ejb");
+        
+        assertTrue(
+            "Response did not contain output from EJB bean for secureResponse for protected resource. (note: spec is silent on this, but it should work)", 
+            response.contains("secureResponse: Called from EJB")
+        );
+    }
+
+}
diff --git a/jaspic/invoke-ejb-cdi/src/test/java/org/javaee7/jaspictest/invoke/InvokeEJBBeanPublicTest.java b/jaspic/invoke-ejb-cdi/src/test/java/org/javaee7/jaspictest/invoke/InvokeEJBBeanPublicTest.java
@@ -0,0 +1,57 @@
+package org.javaee7.jaspictest.invoke;
+
+import static org.junit.Assert.assertTrue;
+
+import org.javaee7.jaspic.common.ArquillianBase;
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.shrinkwrap.api.Archive;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+/**
+ * This tests that a SAM is able to obtain and call an EJB bean when the request is to a public resource 
+ * (a resource for which no security constraints have been set).
+ * 
+ * @author Arjan Tijms
+ * 
+ */
+@RunWith(Arquillian.class)
+public class InvokeEJBBeanPublicTest extends ArquillianBase {
+
+    @Deployment(testable = false)
+    public static Archive<?> createDeployment() {
+        return defaultArchive();
+    }
+
+    @Test
+    public void publicInvokeEJBFromValidateRequest() {
+        String response = getFromServerPath("public/servlet?tech=ejb");
+        
+        assertTrue(
+            "Response did not contain output from EJB bean for validateRequest for public resource.", 
+            response.contains("validateRequest: Called from EJB")
+        );
+    }
+    
+    @Test
+    public void publicInvokeEJBFromCleanSubject() {
+        String response = getFromServerPath("public/servlet?tech=ejb");
+        
+        assertTrue(
+            "Response did not contain output from EJB bean for cleanSubject for public resource.", 
+            response.contains("cleanSubject: Called from EJB")
+        );
+    }
+    
+    @Test
+    public void publicInvokeEJBFromSecureResponse() {
+        String response = getFromServerPath("public/servlet?tech=ejb");
+        
+        assertTrue(
+            "Response did not contain output from EJB bean for secureResponse for public resource.", 
+            response.contains("secureResponse: Called from EJB")
+        );
+    }
+
+}
diff --git a/jaspic/pom.xml b/jaspic/pom.xml

Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,7 @@ public class ProtectedServlet extends HttpServlet {`
`20`	`20`	`@Override`
`21`	`21`	`public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {`
`22`	`22`	`response.getWriter().write("Resource invoked\n");`
	`23`	`+ request.logout();`
`23`	`24`	`}`
`24`	`25`
`25`	`26`	`}`
Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,7 @@ public class PublicServlet extends HttpServlet {`
`20`	`20`	`@Override`
`21`	`21`	`public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {`
`22`	`22`	`response.getWriter().write("Resource invoked\n");`
	`23`	`+ request.logout();`
`23`	`24`	`}`
`24`	`25`
`25`	`26`	`}`