Hi Thiago, No the TCK setup is unfortunately a bit more complex. You can have a look at the readme from this repo https://github.com/apache/tomee-tck
What I would recommend is either create a unit test in openejb-core to reproduce the issue. Or at least create an example (starting from examples/alternate-descriptors is probably good). The TCK is very simple. This is where you can find it https://github.com/eclipse-ee4j/jakartaee-tck/tree/master/src/com/sun/ts/tests/servlet/ee/spec/security/runAs Basically ServletTwo is secured and called with a user j2ee with Administrator role. It has @RunAs("Manager"), so it can call the EJB with Manager @RolesAllowed. The goal is to map j2ee with javajoe which has Manager role. Check out the comments for the following method https://github.com/eclipse-ee4j/jakartaee-tck/blob/master/src/com/sun/ts/tests/servlet/ee/spec/security/runAs/Client.java#L211 If you want to go the junit simple test, have a look at https://github.com/apache/tomee/tree/master/container/openejb-core/src/test/java/org/apache/openejb/config You can find a couple of Sun...Test files. The goal is pretty simple in essence. In here https://github.com/apache/tomee/tree/master/container/openejb-jee/src/main/java/org/apache/openejb/jee You have all descriptors supported. Under sun package, you will find deployment descriptors JAXB tree, for instance to parse https://github.com/eclipse-ee4j/jakartaee-tck/blob/master/src/com/sun/ts/tests/servlet/ee/spec/security/runAs/servlet_ee_spec_security_runAs_second_module_web.war.sun-web.xml The role mapping is here https://github.com/apache/tomee/blob/master/container/openejb-jee/src/main/java/org/apache/openejb/jee/sun/Servlet.java You need to convert to the JAXB tree under oejb3. The role mapping is here https://github.com/apache/tomee/blob/master/container/openejb-jee/src/main/java/org/apache/openejb/jee/oejb3/RoleMapping.java Small trick to solve, for glassfish the mapping is done from servlet name to principal. For OpenEJB/TomEE the mapping is done from role to principal Hope it helps -- Jean-Louis Monteiro http://twitter.com/jlouismonteiro http://www.tomitribe.com On Tue, Dec 15, 2020 at 1:46 PM Thiago Henrique Hupner <[email protected]> wrote: > I can have a look at the RunAs tests. > > I just want to know, if I make a change in the TomEE, using `mvn clean > install` would be enough to the tomee-tck use the new jars or > do I need to setup anything else? > > Thanks > > Em ter., 15 de dez. de 2020 às 08:16, Jean-Louis Monteiro < > [email protected]> escreveu: > > > Hi community, > > > > I was working on the Servlet, I I have been able to bring it down to > > > > > https://tck.work/tomee/tests?build=1607984842299&path=com.sun.ts.tests.servlet > > > > 22 remaining failures. > > > > Based on Tomcat's following page > > https://cwiki.apache.org/confluence/display/TOMCAT/Servlet+TCK+4.0 > > > > I added some excludes for tests which were fix because of known bugs > > See > > > > > https://github.com/apache/tomee-tck/blob/master/src/test/resources/ts.jtx#L24 > > > > On the 22, we still have some pending tests as explained in the Tomcat > > wiki. > > I haven't excluded them because they aren't flagged as bugs on the TCK, > so > > until the challenge is accepted and fixed, we should leave them in my > > opinion. > > > > I'm trying to get some of the permission fixed as well by adding the > > security manager. > > > > > > - com.sun.ts.tests.servlet.spec.security.clientcert.Client (1 > > failure)--> JDK issue fixed with 1.8u221 - I already updated the > > certificates because they were expired > > - com.sun.ts.tests.servlet.ee.spec.security.permissiondd.Client (14 > > failures) --> We need the security manager with Tomcat > > - com.sun.ts.tests.servlet.ee.spec.security.runAs.Client (2 failures) > > --> we need a role mapping so user can switch from j2ee to javajoe. We > > do > > support role mapping but with openejb-jar.xml (not standard way - each > > container has its own). As the TCK provides Glassfish role mapping > > already, > > we should be able to easily pass this by just improving the > > SunConversion > > class to read and map the roles to our internal model. > > - com.sun.ts.tests.servlet.api.javax_servlet.srevent.URLClient (1 > > failure) > > - com.sun.ts.tests.servlet.api.javax_servlet.asynccontext.URLClient (2 > > failures) > > - com.sun.ts.tests.servlet.spec.security.secbasic.Client (2 failures) > > --> known. Under discussion > > > > If someone wants to take the RunAs, it's an easy one to do. I can provide > > some guidance. > > > > -- > > Jean-Louis Monteiro > > http://twitter.com/jlouismonteiro > > http://www.tomitribe.com > > >
