Hi all!
I started taking a look to get a feeling of the whole process.
I guess I was able to configure the TCK because I'm able to use the
"runtests" script and debug in my IDE.
So, as far as I could tell, there isn't any processing of security for any
sun-*.xml.
Another thing that I noticed is that the
`webModule.getAltDDs().get("sun-web.xml");` is returning null. The process
of
including the in the "altDDs" (org.apache.openejb.assembler.DeployerEjb) is
trying to find the module
"servlet_ee_spec_security_runAs_second_module_web.war"
while the correct (I guess) is
"servlet_ee_spec_security_runAs_second_module_web" (because there's a entry
with this key).
Sorry if I'm taking a lot of time to process all this information and thank
you for helping me.
Em ter., 15 de dez. de 2020 às 12:41, Jonathan Gallimore <
[email protected]> escreveu:
> There's a similar issue for some of the JAX-RS tests as well which I had
> been meaning to tackle in the same way - if you have some joy with the
> Servlet tests, you'll likely fix the JAX-RS tests too.
>
> Thanks for looking at this Thiago - let us know how you're getting on!
>
> Jon
>
> On Tue, Dec 15, 2020 at 1:02 PM Jean-Louis Monteiro <
> [email protected]> wrote:
>
> > Hi Thiago,
> >
> > No the TCK setup is unfortunately a bit more complex.
> > You can have a look at the readme from this repo
> > https://github.com/apache/tomee-tck
> >
> > What I would recommend is either create a unit test in openejb-core to
> > reproduce the issue.
> > Or at least create an example (starting from
> examples/alternate-descriptors
> > is probably good).
> >
> > The TCK is very simple.
> > This is where you can find it
> >
> >
> https://github.com/eclipse-ee4j/jakartaee-tck/tree/master/src/com/sun/ts/tests/servlet/ee/spec/security/runAs
> >
> > Basically ServletTwo is secured and called with a user j2ee with
> > Administrator role.
> > It has @RunAs("Manager"), so it can call the EJB with Manager
> > @RolesAllowed.
> >
> > The goal is to map j2ee with javajoe which has Manager role.
> > Check out the comments for the following method
> >
> >
> https://github.com/eclipse-ee4j/jakartaee-tck/blob/master/src/com/sun/ts/tests/servlet/ee/spec/security/runAs/Client.java#L211
> >
> > If you want to go the junit simple test, have a look at
> >
> >
> https://github.com/apache/tomee/tree/master/container/openejb-core/src/test/java/org/apache/openejb/config
> > You can find a couple of Sun...Test files.
> >
> > The goal is pretty simple in essence.
> > In here
> >
> >
> https://github.com/apache/tomee/tree/master/container/openejb-jee/src/main/java/org/apache/openejb/jee
> > You have all descriptors supported.
> >
> > Under sun package, you will find deployment descriptors JAXB tree, for
> > instance to parse
> >
> >
> https://github.com/eclipse-ee4j/jakartaee-tck/blob/master/src/com/sun/ts/tests/servlet/ee/spec/security/runAs/servlet_ee_spec_security_runAs_second_module_web.war.sun-web.xml
> > The role mapping is here
> >
> >
> https://github.com/apache/tomee/blob/master/container/openejb-jee/src/main/java/org/apache/openejb/jee/sun/Servlet.java
> >
> > You need to convert to the JAXB tree under oejb3.
> > The role mapping is here
> >
> >
> https://github.com/apache/tomee/blob/master/container/openejb-jee/src/main/java/org/apache/openejb/jee/oejb3/RoleMapping.java
> >
> > Small trick to solve, for glassfish the mapping is done from servlet name
> > to principal.
> > For OpenEJB/TomEE the mapping is done from role to principal
> >
> > Hope it helps
> >
> > --
> > Jean-Louis Monteiro
> > http://twitter.com/jlouismonteiro
> > http://www.tomitribe.com
> >
> >
> > On Tue, Dec 15, 2020 at 1:46 PM Thiago Henrique Hupner <[email protected]
> >
> > wrote:
> >
> > > I can have a look at the RunAs tests.
> > >
> > > I just want to know, if I make a change in the TomEE, using `mvn clean
> > > install` would be enough to the tomee-tck use the new jars or
> > > do I need to setup anything else?
> > >
> > > Thanks
> > >
> > > Em ter., 15 de dez. de 2020 às 08:16, Jean-Louis Monteiro <
> > > [email protected]> escreveu:
> > >
> > > > Hi community,
> > > >
> > > > I was working on the Servlet, I I have been able to bring it down to
> > > >
> > > >
> > >
> >
> https://tck.work/tomee/tests?build=1607984842299&path=com.sun.ts.tests.servlet
> > > >
> > > > 22 remaining failures.
> > > >
> > > > Based on Tomcat's following page
> > > > https://cwiki.apache.org/confluence/display/TOMCAT/Servlet+TCK+4.0
> > > >
> > > > I added some excludes for tests which were fix because of known bugs
> > > > See
> > > >
> > > >
> > >
> >
> https://github.com/apache/tomee-tck/blob/master/src/test/resources/ts.jtx#L24
> > > >
> > > > On the 22, we still have some pending tests as explained in the
> Tomcat
> > > > wiki.
> > > > I haven't excluded them because they aren't flagged as bugs on the
> TCK,
> > > so
> > > > until the challenge is accepted and fixed, we should leave them in my
> > > > opinion.
> > > >
> > > > I'm trying to get some of the permission fixed as well by adding the
> > > > security manager.
> > > >
> > > >
> > > > - com.sun.ts.tests.servlet.spec.security.clientcert.Client (1
> > > > failure)--> JDK issue fixed with 1.8u221 - I already updated the
> > > > certificates because they were expired
> > > > - com.sun.ts.tests.servlet.ee.spec.security.permissiondd.Client
> (14
> > > > failures) --> We need the security manager with Tomcat
> > > > - com.sun.ts.tests.servlet.ee.spec.security.runAs.Client (2
> > failures)
> > > > --> we need a role mapping so user can switch from j2ee to
> javajoe.
> > We
> > > > do
> > > > support role mapping but with openejb-jar.xml (not standard way -
> > each
> > > > container has its own). As the TCK provides Glassfish role mapping
> > > > already,
> > > > we should be able to easily pass this by just improving the
> > > > SunConversion
> > > > class to read and map the roles to our internal model.
> > > > - com.sun.ts.tests.servlet.api.javax_servlet.srevent.URLClient (1
> > > > failure)
> > > > -
> com.sun.ts.tests.servlet.api.javax_servlet.asynccontext.URLClient
> > (2
> > > > failures)
> > > > - com.sun.ts.tests.servlet.spec.security.secbasic.Client (2
> > failures)
> > > > --> known. Under discussion
> > > >
> > > > If someone wants to take the RunAs, it's an easy one to do. I can
> > provide
> > > > some guidance.
> > > >
> > > > --
> > > > Jean-Louis Monteiro
> > > > http://twitter.com/jlouismonteiro
> > > > http://www.tomitribe.com
> > > >
> > >
> >
>
