Repository: tomee Updated Branches: refs/heads/tomee-1.7.x b9b100865 -> 6aa4afab5
Adding an example for the CDI event based realm Project: http://git-wip-us.apache.org/repos/asf/tomee/repo Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/6aa4afab Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/6aa4afab Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/6aa4afab Branch: refs/heads/tomee-1.7.x Commit: 6aa4afab5cd48a07133bb3950dc8f54140f60dc2 Parents: b9b1008 Author: Jean-Louis Monteiro <[email protected]> Authored: Fri Jan 9 12:31:34 2015 +0100 Committer: Jean-Louis Monteiro <[email protected]> Committed: Fri Jan 9 12:31:42 2015 +0100 ---------------------------------------------------------------------- examples/cdi-event-realm/pom.xml | 143 ++++++++++++++++++ .../src/main/java/org/superbiz/AuthBean.java | 46 ++++++ .../main/java/org/superbiz/HelloServlet.java | 22 +++ .../main/java/org/superbiz/LoginServlet.java | 31 ++++ .../src/main/resources/META-INF/beans.xml | 22 +++ .../src/main/webapp/META-INF/context.xml | 23 +++ .../java/org/superbiz/CdiEventRealmTest.java | 148 +++++++++++++++++++ .../src/test/resources/arquillian.xml | 31 ++++ examples/pom.xml | 1 + 9 files changed, 467 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/tomee/blob/6aa4afab/examples/cdi-event-realm/pom.xml ---------------------------------------------------------------------- diff --git a/examples/cdi-event-realm/pom.xml b/examples/cdi-event-realm/pom.xml new file mode 100644 index 0000000..147156c --- /dev/null +++ b/examples/cdi-event-realm/pom.xml @@ -0,0 +1,143 @@ +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd";> + + <modelVersion>4.0.0</modelVersion> + <groupId>org.superbiz</groupId> + <artifactId>cdi-event-realm</artifactId> + <packaging>war</packaging> + <version>1.1.1-SNAPSHOT</version> + <name>OpenEJB :: Web Examples :: CDI Event based realm</name> + + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + <openejb.version>4.7.2-SNAPSHOT</openejb.version> + <tomee.version>1.7.2-SNAPSHOT</tomee.version> + <tomcat.version>7.0.57</tomcat.version> + </properties> + + <build> + <defaultGoal>install</defaultGoal> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-compiler-plugin</artifactId> + <version>3.1</version> + <configuration> + <source>1.6</source> + <target>1.6</target> + </configuration> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-war-plugin</artifactId> + <version>2.3</version> + <configuration> + <failOnMissingWebXml>false</failOnMissingWebXml> + </configuration> + </plugin> + <plugin> + <groupId>org.apache.openejb.maven</groupId> + <artifactId>tomee-maven-plugin</artifactId> + <version>${tomee.version}</version> + </plugin> + </plugins> + </build> + + <repositories> + <repository> + <id>apache-m2-snapshot</id> + <name>Apache Snapshot Repository</name> + <url>http://repository.apache.org/snapshots</url> + </repository> + <repository> + <id>tomcat-m2-repo</id> + <name>Tomcat Dev Repository</name> + <url>http://tomcat.apache.org/dev/dist/m2-repository/</url> + </repository> + </repositories> + + <pluginRepositories> + <pluginRepository> + <id>apache-m2-snapshot</id> + <name>Apache Snapshot Repository</name> + <url>http://repository.apache.org/snapshots</url> + </pluginRepository> + </pluginRepositories> + + <dependencies> + <dependency> + <groupId>org.apache.openejb</groupId> + <artifactId>javaee-api</artifactId> + <version>6.0-6</version> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <version>4.11</version> + <scope>test</scope> + </dependency> + <!-- Needed to observe events in the AuthBean --> + <dependency> + <groupId>org.apache.openejb</groupId> + <artifactId>tomee-catalina</artifactId> + <version>${tomee.version}</version> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>org.apache.tomcat</groupId> + <artifactId>tomcat-catalina</artifactId> + <version>${tomcat.version}</version> + <scope>provided</scope> + </dependency> + + <!-- test --> + <dependency> + <groupId>org.apache.openejb</groupId> + <artifactId>arquillian-tomee-embedded</artifactId> + <version>${tomee.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.apache.openejb</groupId> + <artifactId>ziplock</artifactId> + <version>${tomee.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <version>4.11</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>commons-io</groupId> + <artifactId>commons-io</artifactId> + <version>2.0.1</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpclient</artifactId> + <version>4.3.6</version> + <scope>test</scope> + </dependency> + + </dependencies> + + <!-- + This section allows you to configure where to publish libraries for sharing. + It is not required and may be deleted. For more information see: + http://maven.apache.org/plugins/maven-deploy-plugin/ + --> + <distributionManagement> + <repository> + <id>local-release-repo</id> + <url>file://${project.build.outputDirectory}/repo/</url> + </repository> + <snapshotRepository> + <id>local-snapshot-repo</id> + <url>file://${project.build.outputDirectory}/repo/</url> + </snapshotRepository> + </distributionManagement> +</project> http://git-wip-us.apache.org/repos/asf/tomee/blob/6aa4afab/examples/cdi-event-realm/src/main/java/org/superbiz/AuthBean.java ---------------------------------------------------------------------- diff --git a/examples/cdi-event-realm/src/main/java/org/superbiz/AuthBean.java b/examples/cdi-event-realm/src/main/java/org/superbiz/AuthBean.java new file mode 100644 index 0000000..dc91b83 --- /dev/null +++ b/examples/cdi-event-realm/src/main/java/org/superbiz/AuthBean.java @@ -0,0 +1,46 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.superbiz; + +import org.apache.catalina.realm.GenericPrincipal; +import org.apache.tomee.catalina.realm.event.UserPasswordAuthenticationEvent; + +import javax.enterprise.context.RequestScoped; +import javax.enterprise.event.Observes; +import java.util.Arrays; + +@RequestScoped +public class AuthBean { + + public void authenticate(@Observes final UserPasswordAuthenticationEvent event) { + final String username = event.getUsername(); + final String password = event.getCredential(); + + if (!"secret".equals(password)) return; + + if ("userA".equals(username)) { + event.setPrincipal(new GenericPrincipal(username, "", Arrays.asList("admin", "user"))); + + } else if ("userB".equals(username)) { + event.setPrincipal(new GenericPrincipal(username, "", Arrays.asList("user"))); + + } + + // no else, the user is not going to be authenticated + } + +} http://git-wip-us.apache.org/repos/asf/tomee/blob/6aa4afab/examples/cdi-event-realm/src/main/java/org/superbiz/HelloServlet.java ---------------------------------------------------------------------- diff --git a/examples/cdi-event-realm/src/main/java/org/superbiz/HelloServlet.java b/examples/cdi-event-realm/src/main/java/org/superbiz/HelloServlet.java new file mode 100644 index 0000000..c0a0389 --- /dev/null +++ b/examples/cdi-event-realm/src/main/java/org/superbiz/HelloServlet.java @@ -0,0 +1,22 @@ +package org.superbiz; + +import javax.servlet.ServletException; +import javax.servlet.annotation.HttpConstraint; +import javax.servlet.annotation.ServletSecurity; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +@WebServlet("/hello") +@ServletSecurity(@HttpConstraint(rolesAllowed = {"admin"})) +public class HelloServlet extends HttpServlet { + + @Override + protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException { + resp.setContentType("plain/text"); + resp.getWriter().write("Hello world!"); + } + +} http://git-wip-us.apache.org/repos/asf/tomee/blob/6aa4afab/examples/cdi-event-realm/src/main/java/org/superbiz/LoginServlet.java ---------------------------------------------------------------------- diff --git a/examples/cdi-event-realm/src/main/java/org/superbiz/LoginServlet.java b/examples/cdi-event-realm/src/main/java/org/superbiz/LoginServlet.java new file mode 100644 index 0000000..0346c59 --- /dev/null +++ b/examples/cdi-event-realm/src/main/java/org/superbiz/LoginServlet.java @@ -0,0 +1,31 @@ +package org.superbiz; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +@WebServlet("/login") +public class LoginServlet extends HttpServlet { + + @Override + protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException { + final String username = req.getParameter("username"); + final String password = req.getParameter("password"); + + try { + // create a session + req.getSession(true); + + // login + req.login(username, password); + + } catch (final ServletException se) { + resp.sendError(HttpServletResponse.SC_UNAUTHORIZED); + return; + } + } + +} http://git-wip-us.apache.org/repos/asf/tomee/blob/6aa4afab/examples/cdi-event-realm/src/main/resources/META-INF/beans.xml ---------------------------------------------------------------------- diff --git a/examples/cdi-event-realm/src/main/resources/META-INF/beans.xml b/examples/cdi-event-realm/src/main/resources/META-INF/beans.xml new file mode 100644 index 0000000..4692869 --- /dev/null +++ b/examples/cdi-event-realm/src/main/resources/META-INF/beans.xml @@ -0,0 +1,22 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<beans xmlns="http://java.sun.com/xml/ns/javaee"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://java.sun.com/xml/ns/javaee + http://java.sun.com/xml/ns/javaee/beans_1_0.xsd"/> http://git-wip-us.apache.org/repos/asf/tomee/blob/6aa4afab/examples/cdi-event-realm/src/main/webapp/META-INF/context.xml ---------------------------------------------------------------------- diff --git a/examples/cdi-event-realm/src/main/webapp/META-INF/context.xml b/examples/cdi-event-realm/src/main/webapp/META-INF/context.xml new file mode 100644 index 0000000..3ca5ef4 --- /dev/null +++ b/examples/cdi-event-realm/src/main/webapp/META-INF/context.xml @@ -0,0 +1,23 @@ +<!-- + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<Context> + <Realm className="org.apache.catalina.realm.LockOutRealm"> + <Realm className="org.apache.tomee.catalina.realm.CdiEventRealm"/> + </Realm> +</Context> http://git-wip-us.apache.org/repos/asf/tomee/blob/6aa4afab/examples/cdi-event-realm/src/test/java/org/superbiz/CdiEventRealmTest.java ---------------------------------------------------------------------- diff --git a/examples/cdi-event-realm/src/test/java/org/superbiz/CdiEventRealmTest.java b/examples/cdi-event-realm/src/test/java/org/superbiz/CdiEventRealmTest.java new file mode 100644 index 0000000..4732b59 --- /dev/null +++ b/examples/cdi-event-realm/src/test/java/org/superbiz/CdiEventRealmTest.java @@ -0,0 +1,148 @@ +package org.superbiz; + +import org.apache.http.NameValuePair; +import org.apache.http.client.entity.UrlEncodedFormEntity; +import org.apache.http.client.methods.CloseableHttpResponse; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.client.methods.HttpPost; +import org.apache.http.impl.client.BasicCookieStore; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.HttpClients; +import org.apache.http.message.BasicNameValuePair; +import org.apache.http.util.EntityUtils; +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.junit.Arquillian; +import org.jboss.arquillian.test.api.ArquillianResource; +import org.jboss.shrinkwrap.api.ShrinkWrap; +import org.jboss.shrinkwrap.api.asset.EmptyAsset; +import org.jboss.shrinkwrap.api.asset.FileAsset; +import org.jboss.shrinkwrap.api.spec.WebArchive; +import org.junit.Test; +import org.junit.runner.RunWith; + +import java.io.File; +import java.io.IOException; +import java.net.URL; +import java.util.ArrayList; +import java.util.List; + +import static org.junit.Assert.assertEquals; + +@RunWith(Arquillian.class) +public class CdiEventRealmTest { + + @Deployment(testable = false) + public static WebArchive war() { + return ShrinkWrap.create(WebArchive.class, "event-realm.war") + .addClasses(AuthBean.class, HelloServlet.class, LoginServlet.class) + .addAsManifestResource(new FileAsset(new File("src/main/webapp/META-INF/context.xml")), "context.xml") + .addAsWebInfResource(EmptyAsset.INSTANCE, "beans.xml"); + } + + @ArquillianResource + private URL webapp; + + @Test + public void notAuthenticated() throws IOException { + final CloseableHttpClient client = HttpClients.createDefault(); + + final HttpGet httpGet = new HttpGet(webapp.toExternalForm() + "hello"); + final CloseableHttpResponse resp = client.execute(httpGet); + try { + // Without login, it fails with a 403, not authorized + assertEquals(403, resp.getStatusLine().getStatusCode()); + + } finally { + resp.close(); + } + } + + @Test + public void badAuthentication() throws IOException { + final CloseableHttpClient client = HttpClients.createDefault(); + + // first authenticate with the login servlet + final HttpPost httpPost = new HttpPost(webapp.toExternalForm() + "login"); + final List<NameValuePair> data = new ArrayList<NameValuePair>() {{ + add(new BasicNameValuePair("username", "userB")); + add(new BasicNameValuePair("password", "bla bla")); + }}; + httpPost.setEntity(new UrlEncodedFormEntity(data)); + final CloseableHttpResponse respLogin = client.execute(httpPost); + try { + assertEquals(401, respLogin.getStatusLine().getStatusCode()); + + } finally { + respLogin.close(); + } + } + + @Test + public void notAuthorized() throws IOException { + final BasicCookieStore cookieStore = new BasicCookieStore(); + final CloseableHttpClient client = HttpClients.custom() + .setDefaultCookieStore(cookieStore) + .build(); + + // first authenticate with the login servlet + final HttpPost httpPost = new HttpPost(webapp.toExternalForm() + "login"); + final List<NameValuePair> data = new ArrayList<NameValuePair>() {{ + add(new BasicNameValuePair("username", "userB")); + add(new BasicNameValuePair("password", "secret")); + }}; + httpPost.setEntity(new UrlEncodedFormEntity(data)); + final CloseableHttpResponse respLogin = client.execute(httpPost); + try { + assertEquals(200, respLogin.getStatusLine().getStatusCode()); + + } finally { + respLogin.close(); + } + + // then we can just call the hello servlet + final HttpGet httpGet = new HttpGet(webapp.toExternalForm() + "hello"); + final CloseableHttpResponse resp = client.execute(httpGet); + try { + assertEquals(403, resp.getStatusLine().getStatusCode()); + + } finally { + resp.close(); + } + } + + @Test + public void success() throws IOException { + final BasicCookieStore cookieStore = new BasicCookieStore(); + final CloseableHttpClient client = HttpClients.custom() + .setDefaultCookieStore(cookieStore) + .build(); + + // first authenticate with the login servlet + final HttpPost httpPost = new HttpPost(webapp.toExternalForm() + "login"); + final List<NameValuePair> data = new ArrayList<NameValuePair>() {{ + add(new BasicNameValuePair("username", "userA")); + add(new BasicNameValuePair("password", "secret")); + }}; + httpPost.setEntity(new UrlEncodedFormEntity(data)); + final CloseableHttpResponse respLogin = client.execute(httpPost); + try { + assertEquals(200, respLogin.getStatusLine().getStatusCode()); + + } finally { + respLogin.close(); + } + + // then we can just call the hello servlet + final HttpGet httpGet = new HttpGet(webapp.toExternalForm() + "hello"); + final CloseableHttpResponse resp = client.execute(httpGet); + try { + assertEquals(200, resp.getStatusLine().getStatusCode()); + System.out.println(EntityUtils.toString(resp.getEntity())); + + } finally { + resp.close(); + } + } + + +} http://git-wip-us.apache.org/repos/asf/tomee/blob/6aa4afab/examples/cdi-event-realm/src/test/resources/arquillian.xml ---------------------------------------------------------------------- diff --git a/examples/cdi-event-realm/src/test/resources/arquillian.xml b/examples/cdi-event-realm/src/test/resources/arquillian.xml new file mode 100644 index 0000000..5dd9613 --- /dev/null +++ b/examples/cdi-event-realm/src/test/resources/arquillian.xml @@ -0,0 +1,31 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<arquillian xmlns="http://jboss.org/schema/arquillian"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://jboss.org/schema/arquillian http://jboss.org/schema/arquillian/arquillian_1_0.xsd";> + <container qualifier="tomee" default="true"> + <configuration> + <property name="httpPort">-1</property> + <property name="stopPort">-1</property> + <property name="ajpPort">-1</property> + <property name="dir">target/tomee</property> + <property name="appWorkingDir">target/arquillian-dump-dir</property> + </configuration> + </container> +</arquillian> http://git-wip-us.apache.org/repos/asf/tomee/blob/6aa4afab/examples/pom.xml ---------------------------------------------------------------------- diff --git a/examples/pom.xml b/examples/pom.xml index a286ad6..4ae1977 100644 --- a/examples/pom.xml +++ b/examples/pom.xml @@ -157,6 +157,7 @@ <module>webservice-holder</module> <module>moviefun</module> <module>moviefun-rest</module> + <module>cdi-event-realm</module> </modules> <dependencies>
