I'm gearing up for a new JBoss/Jetty release.
When I run the web tests from jbosstest I get the following :
run-testcase:
[junit] Running org.jboss.test.web.test.TestWebIntegration
[junit] Found warDeployer named: :service=Jetty
[junit] Deploying: jbosstest-web.ear...Done
[junit] Connecting to:
http://jduke:theduke@localhost:8080/jbosstest/restricted/SecureServlet
[junit] responseCode=403, response=Forbidden
[junit] <HTML>
[junit] <HEAD>
[junit] <TITLE>Error 403 Forbidden</TITLE>
[junit] <BODY>
[junit] <H2>HTTP ERROR: 403 Forbidden</H2>
[junit] <P>RequestURI=/jbosstest/restricted/SecureServlet<!--
Padding for IE --><!--
Padding for IE --><!--
Padding for IE --><!--
Padding for IE --><!--
Padding for IE --><!--
Padding for IE --><!--
Padding for IE --><!--
Padding for IE --><!--
Padding for IE --><!--
Padding for IE -->
[junit] </BODY>
[junit] </HTML>
[junit]
[junit] Connecting to:
http://jduke:theduke@localhost:8080/jbosstest/ClientLoginServlet
[junit] responseCode=200, response=OK
[junit] Connecting to:
http://jduke:theduke@localhost:8080/jbosstest/EJBOnStartupServlet
[junit] responseCode=200, response=OK
[junit] Connecting to:
http://jduke:theduke@localhost:8080/jbosstest/EJBServlet
[junit] responseCode=200, response=OK
[junit] Connecting to:
http://jduke:theduke@localhost:8080/jbosstest/ENCServlet
[junit] responseCode=200, response=OK
[junit] Connecting to:
http://jduke:theduke@localhost:8080/jbosstest/restricted/include_ejb.jsp
[junit] responseCode=403, response=Forbidden
[junit] <HTML>
[junit] <HEAD>
[junit] <TITLE>Error 403 Forbidden</TITLE>
[junit] <BODY>
[junit] <H2>HTTP ERROR: 403 Forbidden</H2>
[junit] <P>RequestURI=/jbosstest/restricted/include_ejb.jsp<!--
Padding for IE --><!--
Padding for IE --><!--
Padding for IE --><!--
Padding for IE --><!--
Padding for IE --><!--
Padding for IE --><!--
Padding for IE --><!--
Padding for IE --><!--
Padding for IE --><!--
Padding for IE -->
[junit] </BODY>
[junit] </HTML>
[junit]
[junit] Connecting to:
http://jduke:theduke@localhost:8080/jbosstest/restricted/SecureEJBAccess
[junit] responseCode=403, response=Forbidden
[junit] <HTML>
[junit] <HEAD>
[junit] <TITLE>Error 403 Forbidden</TITLE>
[junit] <BODY>
[junit] <H2>HTTP ERROR: 403 Forbidden</H2>
[junit] <P>RequestURI=/jbosstest/restricted/SecureEJBAccess<!--
Padding for IE --><!--
Padding for IE --><!--
Padding for IE --><!--
Padding for IE --><!--
Padding for IE --><!--
Padding for IE --><!--
Padding for IE --><!--
Padding for IE --><!--
Padding for IE --><!--
Padding for IE -->
[junit] </BODY>
[junit] </HTML>
[junit]
[junit] Connecting to:
http://jduke:theduke@localhost:8080/jbosstest/restricted/SecureServlet
[junit] responseCode=403, response=Forbidden
[junit] <HTML>
[junit] <HEAD>
[junit] <TITLE>Error 403 Forbidden</TITLE>
[junit] <BODY>
[junit] <H2>HTTP ERROR: 403 Forbidden</H2>
[junit] <P>RequestURI=/jbosstest/restricted/SecureServlet<!--
Padding for IE --><!--
Padding for IE --><!--
Padding for IE --><!--
Padding for IE --><!--
Padding for IE --><!--
Padding for IE --><!--
Padding for IE --><!--
Padding for IE --><!--
Padding for IE --><!--
Padding for IE -->
[junit] </BODY>
[junit] </HTML>
[junit]
[junit] Connecting to:
http://jduke:theduke@localhost:8080/jbosstest/snoop.jsp
[junit] responseCode=200, response=OK
[junit] Connecting to:
http://jduke:theduke@localhost:8080/jbosstest/UnsecureEJBAccess
[junit] responseCode=200, response=OK
[junit] Tests run: 11, Failures: 4, Errors: 0, Time elapsed: 8.229
sec
[junit] TEST org.jboss.test.web.test.TestWebIntegration FAILED
BUILD SUCCESSFUL
Total time: 9 seconds
[jules@zeuglodon jetty]$
It looks as there are still some gaps in the security integration.
I ran the same test on the latest JBoss/Tomcat bundle - it failed
aswell, although I think it passed a couple more tests than Jetty.
I have been trying to figure out when the tests stopped running on
Jetty.
Can anyone tell me what the integration or web-container should be doing
in order to pass these tests ? Perhaps this is something that should be
in AbstractWebContainer ?
I have had a look through jbosstest and it seems to boil dow to the
contents of the roles.properties file which ships in the ejb-jar of the
test ear, whilst security is also set up in the war's web.xml.
If there are servlets being deployed into a restricted context, but the
security information is only made available to the ejb container, how is
this intended to work ?
I'm afraid that the security stuff is something that I still haven't
quite come to grips with, so if someone could help me out here I would
really appreciate it.
Perhaps 2.4.1 based distributions are not expected to pass this
testsuite anymore as it now contains 2.4.2-isms ?
Jules
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
