Well, the AnnotationDeployer does in fact run on servlet classes, however it doesn't process the security annotations in the deploy method: https://github.com/apache/tomee/blob/master/container/openejb-core/src/main/java/org/apache/openejb/config/AnnotationDeployer.java#L1084
I'll keep looking around. Thanks Em qua., 16 de dez. de 2020 às 13:48, Thiago Henrique Hupner < [email protected]> escreveu: > Hi. > > I tried to debug the DeploymentImpl however I wasn't able. Do you know if > this class is only used by the > full TCK run or if it used by single run? > > I'm running the TCK with: > ./runtests -sql skip -ds --web tomee-plume > com.sun.ts.tests.servlet.ee.spec.security.runAs > And attaching the debugger to port 5005. > > I also find something weird: looks like the AnnotationDeployer class is > not run on Servlet classes. > From what I can tell, only the EJBs are been scanned. The > com.sun.ts.tests.servlet.ee.spec.security.runAs.ServletTwo doesn't reach > there and the applications > doesn't know about the RunAs("Manager"). > > About the DeploymentImpl probably I'll need to get more information to > understand how it works. > For now, I've applied a patch to the DeployerEjb: > > if (slash > 0) { > String moduleId = name.substring(0, slash); > // To remove ".war" from the module name > moduleId = moduleId.substring(0, moduleId.length() - 4); > name = name.substring(slash + 1); > module = modules.get(moduleId); > } > > Probably I'll revisit it before sending some official patch. > > Thanks! > > Em qua., 16 de dez. de 2020 às 10:39, Jean-Louis Monteiro < > [email protected]> escreveu: > >> Hi Thiago, >> >> That is astonishing how deep you got in such a little amount of time. >> You have nothing to worry about or to be sorry about. >> >> We all truly appreciate the help. >> >> You are right on. >> Here are some pointers for debugging. >> >> Here is where we get notified by TCK stack about deployments and >> descriptors. >> >> https://github.com/apache/tomee-tck/blob/master/src/main/java/org/apache/openejb/cts/DeploymentImpl.java#L170 >> >> L182, I added a hack the other day to support overriding the context from >> the sun descriptor. >> I acknowledge it was a hack but changing the DeployerEjb is a bit tricky >> and can break too many things >> A solution would be to fork it in TomEE TCK and clean it up so we can >> support all deployment descriptors for EAR, WAR packagings. >> >> We would use the TCK specific version to deploy and configure (finer). >> >> What do you think? >> >> >> >> -- >> Jean-Louis Monteiro >> http://twitter.com/jlouismonteiro >> http://www.tomitribe.com >> >> >> On Wed, Dec 16, 2020 at 12:14 PM Thiago Henrique Hupner <[email protected] >> > >> wrote: >> >> > Hi all! >> > >> > I started taking a look to get a feeling of the whole process. >> > I guess I was able to configure the TCK because I'm able to use the >> > "runtests" script and debug in my IDE. >> > >> > So, as far as I could tell, there isn't any processing of security for >> any >> > sun-*.xml. >> > >> > Another thing that I noticed is that the >> > `webModule.getAltDDs().get("sun-web.xml");` is returning null. The >> process >> > of >> > including the in the "altDDs" >> (org.apache.openejb.assembler.DeployerEjb) is >> > trying to find the module >> > "servlet_ee_spec_security_runAs_second_module_web.war" >> > while the correct (I guess) is >> > "servlet_ee_spec_security_runAs_second_module_web" (because there's a >> entry >> > with this key). >> > >> > Sorry if I'm taking a lot of time to process all this information and >> thank >> > you for helping me. >> > >> > Em ter., 15 de dez. de 2020 às 12:41, Jonathan Gallimore < >> > [email protected]> escreveu: >> > >> > > There's a similar issue for some of the JAX-RS tests as well which I >> had >> > > been meaning to tackle in the same way - if you have some joy with the >> > > Servlet tests, you'll likely fix the JAX-RS tests too. >> > > >> > > Thanks for looking at this Thiago - let us know how you're getting on! >> > > >> > > Jon >> > > >> > > On Tue, Dec 15, 2020 at 1:02 PM Jean-Louis Monteiro < >> > > [email protected]> wrote: >> > > >> > > > Hi Thiago, >> > > > >> > > > No the TCK setup is unfortunately a bit more complex. >> > > > You can have a look at the readme from this repo >> > > > https://github.com/apache/tomee-tck >> > > > >> > > > What I would recommend is either create a unit test in openejb-core >> to >> > > > reproduce the issue. >> > > > Or at least create an example (starting from >> > > examples/alternate-descriptors >> > > > is probably good). >> > > > >> > > > The TCK is very simple. >> > > > This is where you can find it >> > > > >> > > > >> > > >> > >> https://github.com/eclipse-ee4j/jakartaee-tck/tree/master/src/com/sun/ts/tests/servlet/ee/spec/security/runAs >> > > > >> > > > Basically ServletTwo is secured and called with a user j2ee with >> > > > Administrator role. >> > > > It has @RunAs("Manager"), so it can call the EJB with Manager >> > > > @RolesAllowed. >> > > > >> > > > The goal is to map j2ee with javajoe which has Manager role. >> > > > Check out the comments for the following method >> > > > >> > > > >> > > >> > >> https://github.com/eclipse-ee4j/jakartaee-tck/blob/master/src/com/sun/ts/tests/servlet/ee/spec/security/runAs/Client.java#L211 >> > > > >> > > > If you want to go the junit simple test, have a look at >> > > > >> > > > >> > > >> > >> https://github.com/apache/tomee/tree/master/container/openejb-core/src/test/java/org/apache/openejb/config >> > > > You can find a couple of Sun...Test files. >> > > > >> > > > The goal is pretty simple in essence. >> > > > In here >> > > > >> > > > >> > > >> > >> https://github.com/apache/tomee/tree/master/container/openejb-jee/src/main/java/org/apache/openejb/jee >> > > > You have all descriptors supported. >> > > > >> > > > Under sun package, you will find deployment descriptors JAXB tree, >> for >> > > > instance to parse >> > > > >> > > > >> > > >> > >> https://github.com/eclipse-ee4j/jakartaee-tck/blob/master/src/com/sun/ts/tests/servlet/ee/spec/security/runAs/servlet_ee_spec_security_runAs_second_module_web.war.sun-web.xml >> > > > The role mapping is here >> > > > >> > > > >> > > >> > >> https://github.com/apache/tomee/blob/master/container/openejb-jee/src/main/java/org/apache/openejb/jee/sun/Servlet.java >> > > > >> > > > You need to convert to the JAXB tree under oejb3. >> > > > The role mapping is here >> > > > >> > > > >> > > >> > >> https://github.com/apache/tomee/blob/master/container/openejb-jee/src/main/java/org/apache/openejb/jee/oejb3/RoleMapping.java >> > > > >> > > > Small trick to solve, for glassfish the mapping is done from servlet >> > name >> > > > to principal. >> > > > For OpenEJB/TomEE the mapping is done from role to principal >> > > > >> > > > Hope it helps >> > > > >> > > > -- >> > > > Jean-Louis Monteiro >> > > > http://twitter.com/jlouismonteiro >> > > > http://www.tomitribe.com >> > > > >> > > > >> > > > On Tue, Dec 15, 2020 at 1:46 PM Thiago Henrique Hupner < >> > [email protected] >> > > > >> > > > wrote: >> > > > >> > > > > I can have a look at the RunAs tests. >> > > > > >> > > > > I just want to know, if I make a change in the TomEE, using `mvn >> > clean >> > > > > install` would be enough to the tomee-tck use the new jars or >> > > > > do I need to setup anything else? >> > > > > >> > > > > Thanks >> > > > > >> > > > > Em ter., 15 de dez. de 2020 às 08:16, Jean-Louis Monteiro < >> > > > > [email protected]> escreveu: >> > > > > >> > > > > > Hi community, >> > > > > > >> > > > > > I was working on the Servlet, I I have been able to bring it >> down >> > to >> > > > > > >> > > > > > >> > > > > >> > > > >> > > >> > >> https://tck.work/tomee/tests?build=1607984842299&path=com.sun.ts.tests.servlet >> > > > > > >> > > > > > 22 remaining failures. >> > > > > > >> > > > > > Based on Tomcat's following page >> > > > > > >> https://cwiki.apache.org/confluence/display/TOMCAT/Servlet+TCK+4.0 >> > > > > > >> > > > > > I added some excludes for tests which were fix because of known >> > bugs >> > > > > > See >> > > > > > >> > > > > > >> > > > > >> > > > >> > > >> > >> https://github.com/apache/tomee-tck/blob/master/src/test/resources/ts.jtx#L24 >> > > > > > >> > > > > > On the 22, we still have some pending tests as explained in the >> > > Tomcat >> > > > > > wiki. >> > > > > > I haven't excluded them because they aren't flagged as bugs on >> the >> > > TCK, >> > > > > so >> > > > > > until the challenge is accepted and fixed, we should leave them >> in >> > my >> > > > > > opinion. >> > > > > > >> > > > > > I'm trying to get some of the permission fixed as well by adding >> > the >> > > > > > security manager. >> > > > > > >> > > > > > >> > > > > > - com.sun.ts.tests.servlet.spec.security.clientcert.Client (1 >> > > > > > failure)--> JDK issue fixed with 1.8u221 - I already updated >> the >> > > > > > certificates because they were expired >> > > > > > - com.sun.ts.tests.servlet.ee >> .spec.security.permissiondd.Client >> > > (14 >> > > > > > failures) --> We need the security manager with Tomcat >> > > > > > - com.sun.ts.tests.servlet.ee.spec.security.runAs.Client (2 >> > > > failures) >> > > > > > --> we need a role mapping so user can switch from j2ee to >> > > javajoe. >> > > > We >> > > > > > do >> > > > > > support role mapping but with openejb-jar.xml (not standard >> way >> > - >> > > > each >> > > > > > container has its own). As the TCK provides Glassfish role >> > mapping >> > > > > > already, >> > > > > > we should be able to easily pass this by just improving the >> > > > > > SunConversion >> > > > > > class to read and map the roles to our internal model. >> > > > > > - >> com.sun.ts.tests.servlet.api.javax_servlet.srevent.URLClient >> > (1 >> > > > > > failure) >> > > > > > - >> > > com.sun.ts.tests.servlet.api.javax_servlet.asynccontext.URLClient >> > > > (2 >> > > > > > failures) >> > > > > > - com.sun.ts.tests.servlet.spec.security.secbasic.Client (2 >> > > > failures) >> > > > > > --> known. Under discussion >> > > > > > >> > > > > > If someone wants to take the RunAs, it's an easy one to do. I >> can >> > > > provide >> > > > > > some guidance. >> > > > > > >> > > > > > -- >> > > > > > Jean-Louis Monteiro >> > > > > > http://twitter.com/jlouismonteiro >> > > > > > http://www.tomitribe.com >> > > > > > >> > > > > >> > > > >> > > >> > >> >
