Hey Thiago, Thanks for the heads up. It helps. I'll see if I can move it forward. I need to send another email regarding the EJB @AroundConstruct issue we have to gather some thoughts as well.
Have a wonderful day. If there is something you want to work on, let me know. I can try to guide you and help. -- Jean-Louis Monteiro http://twitter.com/jlouismonteiro http://www.tomitribe.com On Tue, Jan 5, 2021 at 11:33 PM Thiago Henrique Hupner <[email protected]> wrote: > Hi all! > > So, I couldn't take a look at the TomEE for a while. > From what I recall I couldn't get any further because the annotation > scanning > wasn't looking for security annotations in Servlets, only EJBs. > > If someone could continue the work would be great. I've spent some time on > it, > but as I couldn't progress, I guess I can learn from the solution. > > > Em seg., 4 de jan. de 2021 às 09:55, Jean-Louis Monteiro < > [email protected]> escreveu: > > > Hey Thiago, > > > > Happy new year. > > Wanted to check if you got any change to move something forward, or if > you > > need something from us? > > > > Thanks > > -- > > Jean-Louis Monteiro > > http://twitter.com/jlouismonteiro > > http://www.tomitribe.com > > > > > > On Wed, Dec 16, 2020 at 6:51 PM Jean-Louis Monteiro < > > [email protected]> wrote: > > > > > In a meeting and about to get the kids for diner. I'll answer later. > > > > > > In regards to the debug, the deployment class does not run on the > server. > > > Check out the runtest script. At the beginning, there are a couple of > > > flags you can use to debug the server, the javatest, the harness (ds, > dj, > > > dh ...). > > > it gives the ports you can connect to. > > > -- > > > Jean-Louis Monteiro > > > http://twitter.com/jlouismonteiro > > > http://www.tomitribe.com > > > > > > > > > On Wed, Dec 16, 2020 at 6:04 PM Thiago Henrique Hupner < > [email protected] > > > > > > wrote: > > > > > >> Well, the AnnotationDeployer does in fact run on servlet classes, > > however > > >> it doesn't process the security > > >> annotations in the deploy method: > > >> > > >> > > > https://github.com/apache/tomee/blob/master/container/openejb-core/src/main/java/org/apache/openejb/config/AnnotationDeployer.java#L1084 > > >> > > >> I'll keep looking around. > > >> > > >> Thanks > > >> > > >> Em qua., 16 de dez. de 2020 às 13:48, Thiago Henrique Hupner < > > >> [email protected]> escreveu: > > >> > > >> > Hi. > > >> > > > >> > I tried to debug the DeploymentImpl however I wasn't able. Do you > know > > >> if > > >> > this class is only used by the > > >> > full TCK run or if it used by single run? > > >> > > > >> > I'm running the TCK with: > > >> > ./runtests -sql skip -ds --web tomee-plume > > >> > com.sun.ts.tests.servlet.ee.spec.security.runAs > > >> > And attaching the debugger to port 5005. > > >> > > > >> > I also find something weird: looks like the AnnotationDeployer class > > is > > >> > not run on Servlet classes. > > >> > From what I can tell, only the EJBs are been scanned. The > > >> > com.sun.ts.tests.servlet.ee.spec.security.runAs.ServletTwo doesn't > > >> reach > > >> > there and the applications > > >> > doesn't know about the RunAs("Manager"). > > >> > > > >> > About the DeploymentImpl probably I'll need to get more information > to > > >> > understand how it works. > > >> > For now, I've applied a patch to the DeployerEjb: > > >> > > > >> > if (slash > 0) { > > >> > String moduleId = name.substring(0, slash); > > >> > // To remove ".war" from the module name > > >> > moduleId = moduleId.substring(0, moduleId.length() - 4); > > >> > name = name.substring(slash + 1); > > >> > module = modules.get(moduleId); > > >> > } > > >> > > > >> > Probably I'll revisit it before sending some official patch. > > >> > > > >> > Thanks! > > >> > > > >> > Em qua., 16 de dez. de 2020 às 10:39, Jean-Louis Monteiro < > > >> > [email protected]> escreveu: > > >> > > > >> >> Hi Thiago, > > >> >> > > >> >> That is astonishing how deep you got in such a little amount of > time. > > >> >> You have nothing to worry about or to be sorry about. > > >> >> > > >> >> We all truly appreciate the help. > > >> >> > > >> >> You are right on. > > >> >> Here are some pointers for debugging. > > >> >> > > >> >> Here is where we get notified by TCK stack about deployments and > > >> >> descriptors. > > >> >> > > >> >> > > >> > > > https://github.com/apache/tomee-tck/blob/master/src/main/java/org/apache/openejb/cts/DeploymentImpl.java#L170 > > >> >> > > >> >> L182, I added a hack the other day to support overriding the > context > > >> from > > >> >> the sun descriptor. > > >> >> I acknowledge it was a hack but changing the DeployerEjb is a bit > > >> tricky > > >> >> and can break too many things > > >> >> A solution would be to fork it in TomEE TCK and clean it up so we > can > > >> >> support all deployment descriptors for EAR, WAR packagings. > > >> >> > > >> >> We would use the TCK specific version to deploy and configure > > (finer). > > >> >> > > >> >> What do you think? > > >> >> > > >> >> > > >> >> > > >> >> -- > > >> >> Jean-Louis Monteiro > > >> >> http://twitter.com/jlouismonteiro > > >> >> http://www.tomitribe.com > > >> >> > > >> >> > > >> >> On Wed, Dec 16, 2020 at 12:14 PM Thiago Henrique Hupner < > > >> [email protected] > > >> >> > > > >> >> wrote: > > >> >> > > >> >> > Hi all! > > >> >> > > > >> >> > I started taking a look to get a feeling of the whole process. > > >> >> > I guess I was able to configure the TCK because I'm able to use > the > > >> >> > "runtests" script and debug in my IDE. > > >> >> > > > >> >> > So, as far as I could tell, there isn't any processing of > security > > >> for > > >> >> any > > >> >> > sun-*.xml. > > >> >> > > > >> >> > Another thing that I noticed is that the > > >> >> > `webModule.getAltDDs().get("sun-web.xml");` is returning null. > The > > >> >> process > > >> >> > of > > >> >> > including the in the "altDDs" > > >> >> (org.apache.openejb.assembler.DeployerEjb) is > > >> >> > trying to find the module > > >> >> > "servlet_ee_spec_security_runAs_second_module_web.war" > > >> >> > while the correct (I guess) is > > >> >> > "servlet_ee_spec_security_runAs_second_module_web" (because > > there's a > > >> >> entry > > >> >> > with this key). > > >> >> > > > >> >> > Sorry if I'm taking a lot of time to process all this information > > and > > >> >> thank > > >> >> > you for helping me. > > >> >> > > > >> >> > Em ter., 15 de dez. de 2020 às 12:41, Jonathan Gallimore < > > >> >> > [email protected]> escreveu: > > >> >> > > > >> >> > > There's a similar issue for some of the JAX-RS tests as well > > which > > >> I > > >> >> had > > >> >> > > been meaning to tackle in the same way - if you have some joy > > with > > >> the > > >> >> > > Servlet tests, you'll likely fix the JAX-RS tests too. > > >> >> > > > > >> >> > > Thanks for looking at this Thiago - let us know how you're > > getting > > >> on! > > >> >> > > > > >> >> > > Jon > > >> >> > > > > >> >> > > On Tue, Dec 15, 2020 at 1:02 PM Jean-Louis Monteiro < > > >> >> > > [email protected]> wrote: > > >> >> > > > > >> >> > > > Hi Thiago, > > >> >> > > > > > >> >> > > > No the TCK setup is unfortunately a bit more complex. > > >> >> > > > You can have a look at the readme from this repo > > >> >> > > > https://github.com/apache/tomee-tck > > >> >> > > > > > >> >> > > > What I would recommend is either create a unit test in > > >> openejb-core > > >> >> to > > >> >> > > > reproduce the issue. > > >> >> > > > Or at least create an example (starting from > > >> >> > > examples/alternate-descriptors > > >> >> > > > is probably good). > > >> >> > > > > > >> >> > > > The TCK is very simple. > > >> >> > > > This is where you can find it > > >> >> > > > > > >> >> > > > > > >> >> > > > > >> >> > > > >> >> > > >> > > > https://github.com/eclipse-ee4j/jakartaee-tck/tree/master/src/com/sun/ts/tests/servlet/ee/spec/security/runAs > > >> >> > > > > > >> >> > > > Basically ServletTwo is secured and called with a user j2ee > > with > > >> >> > > > Administrator role. > > >> >> > > > It has @RunAs("Manager"), so it can call the EJB with Manager > > >> >> > > > @RolesAllowed. > > >> >> > > > > > >> >> > > > The goal is to map j2ee with javajoe which has Manager role. > > >> >> > > > Check out the comments for the following method > > >> >> > > > > > >> >> > > > > > >> >> > > > > >> >> > > > >> >> > > >> > > > https://github.com/eclipse-ee4j/jakartaee-tck/blob/master/src/com/sun/ts/tests/servlet/ee/spec/security/runAs/Client.java#L211 > > >> >> > > > > > >> >> > > > If you want to go the junit simple test, have a look at > > >> >> > > > > > >> >> > > > > > >> >> > > > > >> >> > > > >> >> > > >> > > > https://github.com/apache/tomee/tree/master/container/openejb-core/src/test/java/org/apache/openejb/config > > >> >> > > > You can find a couple of Sun...Test files. > > >> >> > > > > > >> >> > > > The goal is pretty simple in essence. > > >> >> > > > In here > > >> >> > > > > > >> >> > > > > > >> >> > > > > >> >> > > > >> >> > > >> > > > https://github.com/apache/tomee/tree/master/container/openejb-jee/src/main/java/org/apache/openejb/jee > > >> >> > > > You have all descriptors supported. > > >> >> > > > > > >> >> > > > Under sun package, you will find deployment descriptors JAXB > > >> tree, > > >> >> for > > >> >> > > > instance to parse > > >> >> > > > > > >> >> > > > > > >> >> > > > > >> >> > > > >> >> > > >> > > > https://github.com/eclipse-ee4j/jakartaee-tck/blob/master/src/com/sun/ts/tests/servlet/ee/spec/security/runAs/servlet_ee_spec_security_runAs_second_module_web.war.sun-web.xml > > >> >> > > > The role mapping is here > > >> >> > > > > > >> >> > > > > > >> >> > > > > >> >> > > > >> >> > > >> > > > https://github.com/apache/tomee/blob/master/container/openejb-jee/src/main/java/org/apache/openejb/jee/sun/Servlet.java > > >> >> > > > > > >> >> > > > You need to convert to the JAXB tree under oejb3. > > >> >> > > > The role mapping is here > > >> >> > > > > > >> >> > > > > > >> >> > > > > >> >> > > > >> >> > > >> > > > https://github.com/apache/tomee/blob/master/container/openejb-jee/src/main/java/org/apache/openejb/jee/oejb3/RoleMapping.java > > >> >> > > > > > >> >> > > > Small trick to solve, for glassfish the mapping is done from > > >> servlet > > >> >> > name > > >> >> > > > to principal. > > >> >> > > > For OpenEJB/TomEE the mapping is done from role to principal > > >> >> > > > > > >> >> > > > Hope it helps > > >> >> > > > > > >> >> > > > -- > > >> >> > > > Jean-Louis Monteiro > > >> >> > > > http://twitter.com/jlouismonteiro > > >> >> > > > http://www.tomitribe.com > > >> >> > > > > > >> >> > > > > > >> >> > > > On Tue, Dec 15, 2020 at 1:46 PM Thiago Henrique Hupner < > > >> >> > [email protected] > > >> >> > > > > > >> >> > > > wrote: > > >> >> > > > > > >> >> > > > > I can have a look at the RunAs tests. > > >> >> > > > > > > >> >> > > > > I just want to know, if I make a change in the TomEE, using > > >> `mvn > > >> >> > clean > > >> >> > > > > install` would be enough to the tomee-tck use the new jars > or > > >> >> > > > > do I need to setup anything else? > > >> >> > > > > > > >> >> > > > > Thanks > > >> >> > > > > > > >> >> > > > > Em ter., 15 de dez. de 2020 às 08:16, Jean-Louis Monteiro < > > >> >> > > > > [email protected]> escreveu: > > >> >> > > > > > > >> >> > > > > > Hi community, > > >> >> > > > > > > > >> >> > > > > > I was working on the Servlet, I I have been able to bring > > it > > >> >> down > > >> >> > to > > >> >> > > > > > > > >> >> > > > > > > > >> >> > > > > > > >> >> > > > > > >> >> > > > > >> >> > > > >> >> > > >> > > > https://tck.work/tomee/tests?build=1607984842299&path=com.sun.ts.tests.servlet > > >> >> > > > > > > > >> >> > > > > > 22 remaining failures. > > >> >> > > > > > > > >> >> > > > > > Based on Tomcat's following page > > >> >> > > > > > > > >> >> https://cwiki.apache.org/confluence/display/TOMCAT/Servlet+TCK+4.0 > > >> >> > > > > > > > >> >> > > > > > I added some excludes for tests which were fix because of > > >> known > > >> >> > bugs > > >> >> > > > > > See > > >> >> > > > > > > > >> >> > > > > > > > >> >> > > > > > > >> >> > > > > > >> >> > > > > >> >> > > > >> >> > > >> > > > https://github.com/apache/tomee-tck/blob/master/src/test/resources/ts.jtx#L24 > > >> >> > > > > > > > >> >> > > > > > On the 22, we still have some pending tests as explained > in > > >> the > > >> >> > > Tomcat > > >> >> > > > > > wiki. > > >> >> > > > > > I haven't excluded them because they aren't flagged as > bugs > > >> on > > >> >> the > > >> >> > > TCK, > > >> >> > > > > so > > >> >> > > > > > until the challenge is accepted and fixed, we should > leave > > >> them > > >> >> in > > >> >> > my > > >> >> > > > > > opinion. > > >> >> > > > > > > > >> >> > > > > > I'm trying to get some of the permission fixed as well by > > >> adding > > >> >> > the > > >> >> > > > > > security manager. > > >> >> > > > > > > > >> >> > > > > > > > >> >> > > > > > - > > >> com.sun.ts.tests.servlet.spec.security.clientcert.Client (1 > > >> >> > > > > > failure)--> JDK issue fixed with 1.8u221 - I already > > >> updated > > >> >> the > > >> >> > > > > > certificates because they were expired > > >> >> > > > > > - com.sun.ts.tests.servlet.ee > > >> >> .spec.security.permissiondd.Client > > >> >> > > (14 > > >> >> > > > > > failures) --> We need the security manager with Tomcat > > >> >> > > > > > - com.sun.ts.tests.servlet.ee > > .spec.security.runAs.Client > > >> (2 > > >> >> > > > failures) > > >> >> > > > > > --> we need a role mapping so user can switch from > j2ee > > to > > >> >> > > javajoe. > > >> >> > > > We > > >> >> > > > > > do > > >> >> > > > > > support role mapping but with openejb-jar.xml (not > > >> standard > > >> >> way > > >> >> > - > > >> >> > > > each > > >> >> > > > > > container has its own). As the TCK provides Glassfish > > role > > >> >> > mapping > > >> >> > > > > > already, > > >> >> > > > > > we should be able to easily pass this by just > improving > > >> the > > >> >> > > > > > SunConversion > > >> >> > > > > > class to read and map the roles to our internal model. > > >> >> > > > > > - > > >> >> com.sun.ts.tests.servlet.api.javax_servlet.srevent.URLClient > > >> >> > (1 > > >> >> > > > > > failure) > > >> >> > > > > > - > > >> >> > > > com.sun.ts.tests.servlet.api.javax_servlet.asynccontext.URLClient > > >> >> > > > (2 > > >> >> > > > > > failures) > > >> >> > > > > > - > com.sun.ts.tests.servlet.spec.security.secbasic.Client > > >> (2 > > >> >> > > > failures) > > >> >> > > > > > --> known. Under discussion > > >> >> > > > > > > > >> >> > > > > > If someone wants to take the RunAs, it's an easy one to > > do. I > > >> >> can > > >> >> > > > provide > > >> >> > > > > > some guidance. > > >> >> > > > > > > > >> >> > > > > > -- > > >> >> > > > > > Jean-Louis Monteiro > > >> >> > > > > > http://twitter.com/jlouismonteiro > > >> >> > > > > > http://www.tomitribe.com > > >> >> > > > > > > > >> >> > > > > > > >> >> > > > > > >> >> > > > > >> >> > > > >> >> > > >> > > > >> > > > > > >
