Thank you Vincent,
It made us able to authenticate to EJB's from Cactus
eventhough it was not straight forward using JBoss + Tomcat.
We had to make a static class in our corresponding bean testing class:
static class AppCallbackHandler implements CallbackHandler
{
private String username;
private char[] password;
public AppCallbackHandler(String username, char[] password)
{
this.username = username;
this.password = password;
}
public void handle(Callback[] callbacks) throws
java.io.IOException, UnsupportedCallbackException
{
for (int i = 0; i < callbacks.length; i++)
{
if (callbacks[i] instanceof NameCallback)
{
NameCallback nc = (NameCallback)callbacks[i];
nc.setName(username);
}
else if (callbacks[i] instanceof PasswordCallback)
{
PasswordCallback pc = (PasswordCallback)callbacks[i];
pc.setPassword(password);
}
else
{
throw new UnsupportedCallbackException(callbacks[i],
"Unrecognized Callback");
}
}
}
}
This was accessed from the setup method:
protected void setUp() {
PipelineHome pipelineHome = null;
ScriptHome scriptHome = null;
String sqlUrlName =
"http://localhost:8080/nomination/testPipelineSetup.sql";;
// Login as user WOS/xxx
final String username = "WOS";
final String password = "xxx";
try
{
cat.debug("Creating LoginContext");
AppCallbackHandler handler = new
AppCallbackHandler(username, password.toCharArray());
LoginContext lc = new LoginContext("testclient",
handler);
cat.debug("Created LoginContext");
lc.login();
cat.debug("Done login");
}
catch (LoginException le)
{
cat.debug("Login failed");
le.printStackTrace();
}
// Login end
try {
Hashtable env = new Hashtable();
env.put(Context.PROVIDER_URL, "jnp://localhost:1099");
env.put(Context.INITIAL_CONTEXT_FACTORY,
"org.jnp.interfaces.NamingContextFactory");
env.put(Context.URL_PKG_PREFIXES,
"org.jboss.naming:org.jnp.interfaces");
env.put(Context.SECURITY_PRINCIPAL, username);
env.put(Context.SECURITY_CREDENTIALS, password);
InitialContext ctx = new InitialContext(env);
Object objref = ctx.lookup("Pipeline");
pipelineHome = (PipelineHome)PortableRemoteObject.narrow(
objref, com.ec.gs.nomination.model.ejb.PipelineHome.class);
pipeline = pipelineHome.create();
objref = ctx.lookup("Script");
scriptHome = (ScriptHome)PortableRemoteObject.narrow(
objref, com.ec.util.sql.model.ejb.ScriptHome.class);
script = scriptHome.create();
script.execute("java:jdbc/EnergyXDB", sqlUrlName);
}
catch (Exception NamingException) {
NamingException.printStackTrace();
}
}
If anybody managed to do this in an easier way with Tomcat + JBoss, please
let me know.
Best regards,
Trond Lindanger
-----Original Message-----
From: Vincent Massol [mailto:[EMAIL PROTECTED]]
Sent: 13. oktober 2001 12:59
To: [EMAIL PROTECTED]
Subject: Re: Cactus - Security
----- Original Message -----
From: "Lindanger Trond Kjetil" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; "�lberg Egil"
<[EMAIL PROTECTED]>
Sent: Wednesday, October 10, 2001 12:22 PM
Subject: Cactus - Security
> Hi.
> We are using Cactus in a big J2EE project and find the tool to be very
> useful. Thanks to all developers.
> Lately we found out that Cactus does not support unit testing of Servlet
> code that uses Security APIs.
> This forced us to code and test as lot as possible before adding security
to
> the EJB's, since the tests will not be able to create the EJB's, and
> therefore fail, afterwards.
something I don't understand here ... do you want to unit test servlets or
EJB ?
Yes, at the current time, it is not possible to unit test servlet who uses
security API (although it is easy to bypass this - see other mails on the
subject). However, there are no restrictions for unit testing EJBs using
security features !
See the thread "Testing EJB", it gives detail on how to unit test EJB with
security activated (although this has nothing to do with Cactus !).
check :
http://www.mail-archive.com/cactus-user%40jakarta.apache.org/msg00574.html
> Can anybody tell when/ if this functionality will be added?
for servlets, it depends on how fast someone will volunteer to write it ...
:)
> At the moment we are, unfortunately, not able to participate in the
> development work of Cactus.
>
come back when you have mor time ... :)
> Regards,
> Trond Lindanger
> TietoEnator
>
Thanks
-Vincent
