Repository: tomee Updated Branches: refs/heads/develop 78a246483 -> fea2a0243
TOMEE-1490 enhancing cdi-realm with a test Project: http://git-wip-us.apache.org/repos/asf/tomee/repo Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/fea2a024 Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/fea2a024 Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/fea2a024 Branch: refs/heads/develop Commit: fea2a02434ed1ccd361556cbd43eb3d7b495a788 Parents: 78a2464 Author: Romain Manni-Bucau <[email protected]> Authored: Fri Jan 9 11:23:12 2015 +0100 Committer: Romain Manni-Bucau <[email protected]> Committed: Fri Jan 9 11:23:12 2015 +0100 ---------------------------------------------------------------------- examples/cdi-realm/pom.xml | 36 ++++++- .../src/main/java/org/superbiz/AuthBean.java | 20 ++-- .../main/java/org/superbiz/SecuredServlet.java | 32 ++++++ .../src/main/webapp/META-INF/context.xml | 8 +- .../test/java/org/superbiz/AuthBeanTest.java | 102 +++++++++++++++++++ .../cdi-realm/src/test/resources/arquillian.xml | 31 ++++++ 6 files changed, 208 insertions(+), 21 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/tomee/blob/fea2a024/examples/cdi-realm/pom.xml ---------------------------------------------------------------------- diff --git a/examples/cdi-realm/pom.xml b/examples/cdi-realm/pom.xml index 769c0a4..9b83764 100644 --- a/examples/cdi-realm/pom.xml +++ b/examples/cdi-realm/pom.xml @@ -22,10 +22,11 @@ <groupId>org.superbiz</groupId> <artifactId>cdi-realm</artifactId> <packaging>war</packaging> - <version>1.1.0-SNAPSHOT</version> + <version>1.1.1-SNAPSHOT</version> <name>OpenEJB :: Examples :: CDI Realm</name> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + <tomee.version>2.0.0-SNAPSHOT</tomee.version> </properties> <build> <defaultGoal>install</defaultGoal> @@ -35,8 +36,8 @@ <artifactId>maven-compiler-plugin</artifactId> <version>3.1</version> <configuration> - <source>1.7</source> - <target>1.7</target> + <source>1.6</source> + <target>1.6</target> </configuration> </plugin> <plugin> @@ -50,7 +51,7 @@ <plugin> <groupId>org.apache.openejb.maven</groupId> <artifactId>tomee-maven-plugin</artifactId> - <version>2.0.0-SNAPSHOT</version> + <version>${tomee.version}</version> </plugin> </plugins> </build> @@ -58,7 +59,7 @@ <repository> <id>apache-m2-snapshot</id> <name>Apache Snapshot Repository</name> - <url>https://repository.apache.org/content/groups/snapshots</url> + <url>http://repository.apache.org/snapshots</url> </repository> </repositories> <dependencies> @@ -68,6 +69,31 @@ <version>7.0-SNAPSHOT</version> <scope>provided</scope> </dependency> + + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <version>4.12</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.jboss.arquillian.junit</groupId> + <artifactId>arquillian-junit-container</artifactId> + <version>1.1.5.Final</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.apache.openejb</groupId> + <artifactId>arquillian-tomee-remote</artifactId> + <version>${tomee.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpclient</artifactId> + <version>4.3.6</version> + <scope>test</scope> + </dependency> </dependencies> <!-- This section allows you to configure where to publish libraries for http://git-wip-us.apache.org/repos/asf/tomee/blob/fea2a024/examples/cdi-realm/src/main/java/org/superbiz/AuthBean.java ---------------------------------------------------------------------- diff --git a/examples/cdi-realm/src/main/java/org/superbiz/AuthBean.java b/examples/cdi-realm/src/main/java/org/superbiz/AuthBean.java index 78086ee..bee66b9 100644 --- a/examples/cdi-realm/src/main/java/org/superbiz/AuthBean.java +++ b/examples/cdi-realm/src/main/java/org/superbiz/AuthBean.java @@ -19,10 +19,9 @@ package org.superbiz; import javax.enterprise.context.RequestScoped; import java.security.Principal; -@RequestScoped +@RequestScoped // just to show we can be bound to the request but @ApplicationScoped is what makes sense public class AuthBean { - - public Principal authenticate(final String username, final String password) { + public Principal authenticate(final String username, String password) { if (("userA".equals(username) || "userB".equals(username)) && "test".equals(password)) { return new Principal() { @Override @@ -40,15 +39,10 @@ public class AuthBean { } public boolean hasRole(final Principal principal, final String role) { - if (principal == null) { - return false; - } - if (principal.getName().equals("userA") && (role.equals("admin") || role.equals("user"))) { - return true; - } - if (principal.getName().equals("userB") && (role.equals("user"))) { - return true; - } - return false; + return principal != null && ( + principal.getName().equals("userA") && (role.equals("admin") + || role.equals("user")) + || principal.getName().equals("userB") && (role.equals("user")) + ); } } http://git-wip-us.apache.org/repos/asf/tomee/blob/fea2a024/examples/cdi-realm/src/main/java/org/superbiz/SecuredServlet.java ---------------------------------------------------------------------- diff --git a/examples/cdi-realm/src/main/java/org/superbiz/SecuredServlet.java b/examples/cdi-realm/src/main/java/org/superbiz/SecuredServlet.java new file mode 100644 index 0000000..884db32 --- /dev/null +++ b/examples/cdi-realm/src/main/java/org/superbiz/SecuredServlet.java @@ -0,0 +1,32 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.superbiz; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +@WebServlet("/servlet") +public class SecuredServlet extends HttpServlet { + @Override + protected void service(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException { + resp.getWriter().write("Servlet!"); + } +} http://git-wip-us.apache.org/repos/asf/tomee/blob/fea2a024/examples/cdi-realm/src/main/webapp/META-INF/context.xml ---------------------------------------------------------------------- diff --git a/examples/cdi-realm/src/main/webapp/META-INF/context.xml b/examples/cdi-realm/src/main/webapp/META-INF/context.xml index d7959ae..367d033 100644 --- a/examples/cdi-realm/src/main/webapp/META-INF/context.xml +++ b/examples/cdi-realm/src/main/webapp/META-INF/context.xml @@ -15,6 +15,8 @@ See the License for the specific language governing permissions and limitations under the License. --> -<Context> - <Realm cdi="true" className="org.apache.tomee.catalina.realm.LazyRealm" realmClass="org.superbiz.AuthBean"/> -</Context> \ No newline at end of file +<Context preemptiveAuthentication="true"> + <Valve className="org.apache.catalina.authenticator.BasicAuthenticator" /> + <Realm className="org.apache.tomee.catalina.realm.LazyRealm" + cdi="true" realmClass="org.superbiz.AuthBean"/> +</Context> http://git-wip-us.apache.org/repos/asf/tomee/blob/fea2a024/examples/cdi-realm/src/test/java/org/superbiz/AuthBeanTest.java ---------------------------------------------------------------------- diff --git a/examples/cdi-realm/src/test/java/org/superbiz/AuthBeanTest.java b/examples/cdi-realm/src/test/java/org/superbiz/AuthBeanTest.java new file mode 100644 index 0000000..d89d691 --- /dev/null +++ b/examples/cdi-realm/src/test/java/org/superbiz/AuthBeanTest.java @@ -0,0 +1,102 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.superbiz; + +import org.apache.http.HttpHost; +import org.apache.http.auth.AuthScope; +import org.apache.http.auth.UsernamePasswordCredentials; +import org.apache.http.client.AuthCache; +import org.apache.http.client.methods.CloseableHttpResponse; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.client.protocol.HttpClientContext; +import org.apache.http.impl.auth.BasicScheme; +import org.apache.http.impl.client.BasicAuthCache; +import org.apache.http.impl.client.BasicCredentialsProvider; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.HttpClients; +import org.apache.http.util.EntityUtils; +import org.apache.openejb.arquillian.common.IO; +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.junit.Arquillian; +import org.jboss.arquillian.test.api.ArquillianResource; +import org.jboss.shrinkwrap.api.ShrinkWrap; +import org.jboss.shrinkwrap.api.asset.EmptyAsset; +import org.jboss.shrinkwrap.api.asset.FileAsset; +import org.jboss.shrinkwrap.api.spec.WebArchive; +import org.junit.Test; +import org.junit.runner.RunWith; + +import java.io.File; +import java.io.IOException; +import java.net.URL; + +import static org.hamcrest.CoreMatchers.startsWith; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertThat; + +@RunWith(Arquillian.class) +public class AuthBeanTest { + @Deployment(testable = false) + public static WebArchive createDeployment() { + return ShrinkWrap.create(WebArchive.class, "low-typed-realm.war") + .addClasses(SecuredServlet.class, AuthBean.class) + .addAsManifestResource(new FileAsset(new File("src/main/webapp/META-INF/context.xml")), "context.xml") + .addAsWebInfResource(EmptyAsset.INSTANCE, "beans.xml"); + } + + @ArquillianResource + private URL webapp; + + @Test + public void success() throws IOException { + assertEquals("200 Servlet!", get("userA", "test")); + } + + @Test + public void failure() throws IOException { + assertThat(get("userA", "oops, wrong password"), startsWith("401")); + } + + private String get(final String user, final String password) { + final BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider(); + basicCredentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(user, password)); + final CloseableHttpClient client = HttpClients.custom() + .setDefaultCredentialsProvider(basicCredentialsProvider).build(); + + final HttpHost httpHost = new HttpHost(webapp.getHost(), webapp.getPort(), webapp.getProtocol()); + final AuthCache authCache = new BasicAuthCache(); + final BasicScheme basicAuth = new BasicScheme(); + authCache.put(httpHost, basicAuth); + final HttpClientContext context = HttpClientContext.create(); + context.setAuthCache(authCache); + + final HttpGet get = new HttpGet(webapp.toExternalForm() + "servlet"); + CloseableHttpResponse response = null; + try { + response = client.execute(httpHost, get, context); + return response.getStatusLine().getStatusCode() + " " + EntityUtils.toString(response.getEntity()); + } catch (final IOException e) { + throw new IllegalStateException(e); + } finally { + try { + IO.close(response); + } catch (final IOException e) { + // no-op + } + } + } +} http://git-wip-us.apache.org/repos/asf/tomee/blob/fea2a024/examples/cdi-realm/src/test/resources/arquillian.xml ---------------------------------------------------------------------- diff --git a/examples/cdi-realm/src/test/resources/arquillian.xml b/examples/cdi-realm/src/test/resources/arquillian.xml new file mode 100644 index 0000000..1db3d40 --- /dev/null +++ b/examples/cdi-realm/src/test/resources/arquillian.xml @@ -0,0 +1,31 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<arquillian xmlns="http://jboss.org/schema/arquillian"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://jboss.org/schema/arquillian http://jboss.org/schema/arquillian/arquillian_1_0.xsd";> + <container qualifier="tomee" default="true"> + <configuration> + <property name="httpPort">-1</property> + <property name="stopPort">-1</property> + <property name="ajpPort">-1</property> + <property name="dir">target/tomee</property> + <property name="appWorkingDir">target/arquillian-dump-dir</property> + </configuration> + </container> +</arquillian>
