Hey Thiago, Happy new year. Wanted to check if you got any change to move something forward, or if you need something from us?
Thanks -- Jean-Louis Monteiro http://twitter.com/jlouismonteiro http://www.tomitribe.com On Wed, Dec 16, 2020 at 6:51 PM Jean-Louis Monteiro < [email protected]> wrote: > In a meeting and about to get the kids for diner. I'll answer later. > > In regards to the debug, the deployment class does not run on the server. > Check out the runtest script. At the beginning, there are a couple of > flags you can use to debug the server, the javatest, the harness (ds, dj, > dh ...). > it gives the ports you can connect to. > -- > Jean-Louis Monteiro > http://twitter.com/jlouismonteiro > http://www.tomitribe.com > > > On Wed, Dec 16, 2020 at 6:04 PM Thiago Henrique Hupner <[email protected]> > wrote: > >> Well, the AnnotationDeployer does in fact run on servlet classes, however >> it doesn't process the security >> annotations in the deploy method: >> >> https://github.com/apache/tomee/blob/master/container/openejb-core/src/main/java/org/apache/openejb/config/AnnotationDeployer.java#L1084 >> >> I'll keep looking around. >> >> Thanks >> >> Em qua., 16 de dez. de 2020 às 13:48, Thiago Henrique Hupner < >> [email protected]> escreveu: >> >> > Hi. >> > >> > I tried to debug the DeploymentImpl however I wasn't able. Do you know >> if >> > this class is only used by the >> > full TCK run or if it used by single run? >> > >> > I'm running the TCK with: >> > ./runtests -sql skip -ds --web tomee-plume >> > com.sun.ts.tests.servlet.ee.spec.security.runAs >> > And attaching the debugger to port 5005. >> > >> > I also find something weird: looks like the AnnotationDeployer class is >> > not run on Servlet classes. >> > From what I can tell, only the EJBs are been scanned. The >> > com.sun.ts.tests.servlet.ee.spec.security.runAs.ServletTwo doesn't >> reach >> > there and the applications >> > doesn't know about the RunAs("Manager"). >> > >> > About the DeploymentImpl probably I'll need to get more information to >> > understand how it works. >> > For now, I've applied a patch to the DeployerEjb: >> > >> > if (slash > 0) { >> > String moduleId = name.substring(0, slash); >> > // To remove ".war" from the module name >> > moduleId = moduleId.substring(0, moduleId.length() - 4); >> > name = name.substring(slash + 1); >> > module = modules.get(moduleId); >> > } >> > >> > Probably I'll revisit it before sending some official patch. >> > >> > Thanks! >> > >> > Em qua., 16 de dez. de 2020 às 10:39, Jean-Louis Monteiro < >> > [email protected]> escreveu: >> > >> >> Hi Thiago, >> >> >> >> That is astonishing how deep you got in such a little amount of time. >> >> You have nothing to worry about or to be sorry about. >> >> >> >> We all truly appreciate the help. >> >> >> >> You are right on. >> >> Here are some pointers for debugging. >> >> >> >> Here is where we get notified by TCK stack about deployments and >> >> descriptors. >> >> >> >> >> https://github.com/apache/tomee-tck/blob/master/src/main/java/org/apache/openejb/cts/DeploymentImpl.java#L170 >> >> >> >> L182, I added a hack the other day to support overriding the context >> from >> >> the sun descriptor. >> >> I acknowledge it was a hack but changing the DeployerEjb is a bit >> tricky >> >> and can break too many things >> >> A solution would be to fork it in TomEE TCK and clean it up so we can >> >> support all deployment descriptors for EAR, WAR packagings. >> >> >> >> We would use the TCK specific version to deploy and configure (finer). >> >> >> >> What do you think? >> >> >> >> >> >> >> >> -- >> >> Jean-Louis Monteiro >> >> http://twitter.com/jlouismonteiro >> >> http://www.tomitribe.com >> >> >> >> >> >> On Wed, Dec 16, 2020 at 12:14 PM Thiago Henrique Hupner < >> [email protected] >> >> > >> >> wrote: >> >> >> >> > Hi all! >> >> > >> >> > I started taking a look to get a feeling of the whole process. >> >> > I guess I was able to configure the TCK because I'm able to use the >> >> > "runtests" script and debug in my IDE. >> >> > >> >> > So, as far as I could tell, there isn't any processing of security >> for >> >> any >> >> > sun-*.xml. >> >> > >> >> > Another thing that I noticed is that the >> >> > `webModule.getAltDDs().get("sun-web.xml");` is returning null. The >> >> process >> >> > of >> >> > including the in the "altDDs" >> >> (org.apache.openejb.assembler.DeployerEjb) is >> >> > trying to find the module >> >> > "servlet_ee_spec_security_runAs_second_module_web.war" >> >> > while the correct (I guess) is >> >> > "servlet_ee_spec_security_runAs_second_module_web" (because there's a >> >> entry >> >> > with this key). >> >> > >> >> > Sorry if I'm taking a lot of time to process all this information and >> >> thank >> >> > you for helping me. >> >> > >> >> > Em ter., 15 de dez. de 2020 às 12:41, Jonathan Gallimore < >> >> > [email protected]> escreveu: >> >> > >> >> > > There's a similar issue for some of the JAX-RS tests as well which >> I >> >> had >> >> > > been meaning to tackle in the same way - if you have some joy with >> the >> >> > > Servlet tests, you'll likely fix the JAX-RS tests too. >> >> > > >> >> > > Thanks for looking at this Thiago - let us know how you're getting >> on! >> >> > > >> >> > > Jon >> >> > > >> >> > > On Tue, Dec 15, 2020 at 1:02 PM Jean-Louis Monteiro < >> >> > > [email protected]> wrote: >> >> > > >> >> > > > Hi Thiago, >> >> > > > >> >> > > > No the TCK setup is unfortunately a bit more complex. >> >> > > > You can have a look at the readme from this repo >> >> > > > https://github.com/apache/tomee-tck >> >> > > > >> >> > > > What I would recommend is either create a unit test in >> openejb-core >> >> to >> >> > > > reproduce the issue. >> >> > > > Or at least create an example (starting from >> >> > > examples/alternate-descriptors >> >> > > > is probably good). >> >> > > > >> >> > > > The TCK is very simple. >> >> > > > This is where you can find it >> >> > > > >> >> > > > >> >> > > >> >> > >> >> >> https://github.com/eclipse-ee4j/jakartaee-tck/tree/master/src/com/sun/ts/tests/servlet/ee/spec/security/runAs >> >> > > > >> >> > > > Basically ServletTwo is secured and called with a user j2ee with >> >> > > > Administrator role. >> >> > > > It has @RunAs("Manager"), so it can call the EJB with Manager >> >> > > > @RolesAllowed. >> >> > > > >> >> > > > The goal is to map j2ee with javajoe which has Manager role. >> >> > > > Check out the comments for the following method >> >> > > > >> >> > > > >> >> > > >> >> > >> >> >> https://github.com/eclipse-ee4j/jakartaee-tck/blob/master/src/com/sun/ts/tests/servlet/ee/spec/security/runAs/Client.java#L211 >> >> > > > >> >> > > > If you want to go the junit simple test, have a look at >> >> > > > >> >> > > > >> >> > > >> >> > >> >> >> https://github.com/apache/tomee/tree/master/container/openejb-core/src/test/java/org/apache/openejb/config >> >> > > > You can find a couple of Sun...Test files. >> >> > > > >> >> > > > The goal is pretty simple in essence. >> >> > > > In here >> >> > > > >> >> > > > >> >> > > >> >> > >> >> >> https://github.com/apache/tomee/tree/master/container/openejb-jee/src/main/java/org/apache/openejb/jee >> >> > > > You have all descriptors supported. >> >> > > > >> >> > > > Under sun package, you will find deployment descriptors JAXB >> tree, >> >> for >> >> > > > instance to parse >> >> > > > >> >> > > > >> >> > > >> >> > >> >> >> https://github.com/eclipse-ee4j/jakartaee-tck/blob/master/src/com/sun/ts/tests/servlet/ee/spec/security/runAs/servlet_ee_spec_security_runAs_second_module_web.war.sun-web.xml >> >> > > > The role mapping is here >> >> > > > >> >> > > > >> >> > > >> >> > >> >> >> https://github.com/apache/tomee/blob/master/container/openejb-jee/src/main/java/org/apache/openejb/jee/sun/Servlet.java >> >> > > > >> >> > > > You need to convert to the JAXB tree under oejb3. >> >> > > > The role mapping is here >> >> > > > >> >> > > > >> >> > > >> >> > >> >> >> https://github.com/apache/tomee/blob/master/container/openejb-jee/src/main/java/org/apache/openejb/jee/oejb3/RoleMapping.java >> >> > > > >> >> > > > Small trick to solve, for glassfish the mapping is done from >> servlet >> >> > name >> >> > > > to principal. >> >> > > > For OpenEJB/TomEE the mapping is done from role to principal >> >> > > > >> >> > > > Hope it helps >> >> > > > >> >> > > > -- >> >> > > > Jean-Louis Monteiro >> >> > > > http://twitter.com/jlouismonteiro >> >> > > > http://www.tomitribe.com >> >> > > > >> >> > > > >> >> > > > On Tue, Dec 15, 2020 at 1:46 PM Thiago Henrique Hupner < >> >> > [email protected] >> >> > > > >> >> > > > wrote: >> >> > > > >> >> > > > > I can have a look at the RunAs tests. >> >> > > > > >> >> > > > > I just want to know, if I make a change in the TomEE, using >> `mvn >> >> > clean >> >> > > > > install` would be enough to the tomee-tck use the new jars or >> >> > > > > do I need to setup anything else? >> >> > > > > >> >> > > > > Thanks >> >> > > > > >> >> > > > > Em ter., 15 de dez. de 2020 às 08:16, Jean-Louis Monteiro < >> >> > > > > [email protected]> escreveu: >> >> > > > > >> >> > > > > > Hi community, >> >> > > > > > >> >> > > > > > I was working on the Servlet, I I have been able to bring it >> >> down >> >> > to >> >> > > > > > >> >> > > > > > >> >> > > > > >> >> > > > >> >> > > >> >> > >> >> >> https://tck.work/tomee/tests?build=1607984842299&path=com.sun.ts.tests.servlet >> >> > > > > > >> >> > > > > > 22 remaining failures. >> >> > > > > > >> >> > > > > > Based on Tomcat's following page >> >> > > > > > >> >> https://cwiki.apache.org/confluence/display/TOMCAT/Servlet+TCK+4.0 >> >> > > > > > >> >> > > > > > I added some excludes for tests which were fix because of >> known >> >> > bugs >> >> > > > > > See >> >> > > > > > >> >> > > > > > >> >> > > > > >> >> > > > >> >> > > >> >> > >> >> >> https://github.com/apache/tomee-tck/blob/master/src/test/resources/ts.jtx#L24 >> >> > > > > > >> >> > > > > > On the 22, we still have some pending tests as explained in >> the >> >> > > Tomcat >> >> > > > > > wiki. >> >> > > > > > I haven't excluded them because they aren't flagged as bugs >> on >> >> the >> >> > > TCK, >> >> > > > > so >> >> > > > > > until the challenge is accepted and fixed, we should leave >> them >> >> in >> >> > my >> >> > > > > > opinion. >> >> > > > > > >> >> > > > > > I'm trying to get some of the permission fixed as well by >> adding >> >> > the >> >> > > > > > security manager. >> >> > > > > > >> >> > > > > > >> >> > > > > > - >> com.sun.ts.tests.servlet.spec.security.clientcert.Client (1 >> >> > > > > > failure)--> JDK issue fixed with 1.8u221 - I already >> updated >> >> the >> >> > > > > > certificates because they were expired >> >> > > > > > - com.sun.ts.tests.servlet.ee >> >> .spec.security.permissiondd.Client >> >> > > (14 >> >> > > > > > failures) --> We need the security manager with Tomcat >> >> > > > > > - com.sun.ts.tests.servlet.ee.spec.security.runAs.Client >> (2 >> >> > > > failures) >> >> > > > > > --> we need a role mapping so user can switch from j2ee to >> >> > > javajoe. >> >> > > > We >> >> > > > > > do >> >> > > > > > support role mapping but with openejb-jar.xml (not >> standard >> >> way >> >> > - >> >> > > > each >> >> > > > > > container has its own). As the TCK provides Glassfish role >> >> > mapping >> >> > > > > > already, >> >> > > > > > we should be able to easily pass this by just improving >> the >> >> > > > > > SunConversion >> >> > > > > > class to read and map the roles to our internal model. >> >> > > > > > - >> >> com.sun.ts.tests.servlet.api.javax_servlet.srevent.URLClient >> >> > (1 >> >> > > > > > failure) >> >> > > > > > - >> >> > > com.sun.ts.tests.servlet.api.javax_servlet.asynccontext.URLClient >> >> > > > (2 >> >> > > > > > failures) >> >> > > > > > - com.sun.ts.tests.servlet.spec.security.secbasic.Client >> (2 >> >> > > > failures) >> >> > > > > > --> known. Under discussion >> >> > > > > > >> >> > > > > > If someone wants to take the RunAs, it's an easy one to do. I >> >> can >> >> > > > provide >> >> > > > > > some guidance. >> >> > > > > > >> >> > > > > > -- >> >> > > > > > Jean-Louis Monteiro >> >> > > > > > http://twitter.com/jlouismonteiro >> >> > > > > > http://www.tomitribe.com >> >> > > > > > >> >> > > > > >> >> > > > >> >> > > >> >> > >> >> >> > >> >
