2.4.1 tomcat bundle had a bug in it. The 2.4.1a bundle which is the only
bundle available from sourceforge currently passes all tests. Complete
security integration cannot be done at the AbstractWebContainer level as
every
web container has its own security api.
The AbstractWebContainer makes the security manager associated with the
jboss-web.xml/security-domain element available to the web application via
JNDI under the name java:comp/env/security.
This is how the org.jboss.jetty.JBossUserRealm integrates with the JBossSX
api.
----- Original Message -----
From: "Julian Gosnell" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, September 24, 2001 1:56 PM
Subject: [JBoss-dev] 2.4.1 : jbosstest - web tests - changes ?
>
> I'm gearing up for a new JBoss/Jetty release.
>
> When I run the web tests from jbosstest I get the following :
>
> run-testcase:
> [junit] Running org.jboss.test.web.test.TestWebIntegration
> [junit] Found warDeployer named: :service=Jetty
> [junit] Deploying: jbosstest-web.ear...Done
> [junit] Connecting to:
> http://jduke:theduke@localhost:8080/jbosstest/restricted/SecureServlet
> [junit] responseCode=403, response=Forbidden
> [junit] <HTML>
> [junit] <HEAD>
> [junit] <TITLE>Error 403 Forbidden</TITLE>
> [junit] <BODY>
> [junit] <H2>HTTP ERROR: 403 Forbidden</H2>
> [junit] <P>RequestURI=/jbosstest/restricted/SecureServlet<!--
> Padding for IE --><!--
> Padding for IE --><!--
> Padding for IE --><!--
> Padding for IE --><!--
> Padding for IE --><!--
> Padding for IE --><!--
> Padding for IE --><!--
> Padding for IE --><!--
> Padding for IE --><!--
> Padding for IE -->
> [junit] </BODY>
> [junit] </HTML>
> [junit]
> [junit] Connecting to:
> http://jduke:theduke@localhost:8080/jbosstest/ClientLoginServlet
> [junit] responseCode=200, response=OK
> [junit] Connecting to:
> http://jduke:theduke@localhost:8080/jbosstest/EJBOnStartupServlet
> [junit] responseCode=200, response=OK
> [junit] Connecting to:
> http://jduke:theduke@localhost:8080/jbosstest/EJBServlet
> [junit] responseCode=200, response=OK
> [junit] Connecting to:
> http://jduke:theduke@localhost:8080/jbosstest/ENCServlet
> [junit] responseCode=200, response=OK
> [junit] Connecting to:
> http://jduke:theduke@localhost:8080/jbosstest/restricted/include_ejb.jsp
>
> [junit] responseCode=403, response=Forbidden
> [junit] <HTML>
> [junit] <HEAD>
> [junit] <TITLE>Error 403 Forbidden</TITLE>
> [junit] <BODY>
> [junit] <H2>HTTP ERROR: 403 Forbidden</H2>
> [junit] <P>RequestURI=/jbosstest/restricted/include_ejb.jsp<!--
> Padding for IE --><!--
> Padding for IE --><!--
> Padding for IE --><!--
> Padding for IE --><!--
> Padding for IE --><!--
> Padding for IE --><!--
> Padding for IE --><!--
> Padding for IE --><!--
> Padding for IE --><!--
> Padding for IE -->
> [junit] </BODY>
> [junit] </HTML>
> [junit]
> [junit] Connecting to:
> http://jduke:theduke@localhost:8080/jbosstest/restricted/SecureEJBAccess
>
> [junit] responseCode=403, response=Forbidden
> [junit] <HTML>
> [junit] <HEAD>
> [junit] <TITLE>Error 403 Forbidden</TITLE>
> [junit] <BODY>
> [junit] <H2>HTTP ERROR: 403 Forbidden</H2>
> [junit] <P>RequestURI=/jbosstest/restricted/SecureEJBAccess<!--
> Padding for IE --><!--
> Padding for IE --><!--
> Padding for IE --><!--
> Padding for IE --><!--
> Padding for IE --><!--
> Padding for IE --><!--
> Padding for IE --><!--
> Padding for IE --><!--
> Padding for IE --><!--
> Padding for IE -->
> [junit] </BODY>
> [junit] </HTML>
> [junit]
> [junit] Connecting to:
> http://jduke:theduke@localhost:8080/jbosstest/restricted/SecureServlet
> [junit] responseCode=403, response=Forbidden
> [junit] <HTML>
> [junit] <HEAD>
> [junit] <TITLE>Error 403 Forbidden</TITLE>
> [junit] <BODY>
> [junit] <H2>HTTP ERROR: 403 Forbidden</H2>
> [junit] <P>RequestURI=/jbosstest/restricted/SecureServlet<!--
> Padding for IE --><!--
> Padding for IE --><!--
> Padding for IE --><!--
> Padding for IE --><!--
> Padding for IE --><!--
> Padding for IE --><!--
> Padding for IE --><!--
> Padding for IE --><!--
> Padding for IE --><!--
> Padding for IE -->
> [junit] </BODY>
> [junit] </HTML>
> [junit]
> [junit] Connecting to:
> http://jduke:theduke@localhost:8080/jbosstest/snoop.jsp
> [junit] responseCode=200, response=OK
> [junit] Connecting to:
> http://jduke:theduke@localhost:8080/jbosstest/UnsecureEJBAccess
> [junit] responseCode=200, response=OK
> [junit] Tests run: 11, Failures: 4, Errors: 0, Time elapsed: 8.229
> sec
> [junit] TEST org.jboss.test.web.test.TestWebIntegration FAILED
>
> BUILD SUCCESSFUL
>
> Total time: 9 seconds
> [jules@zeuglodon jetty]$
>
>
> It looks as there are still some gaps in the security integration.
>
> I ran the same test on the latest JBoss/Tomcat bundle - it failed
> aswell, although I think it passed a couple more tests than Jetty.
> I have been trying to figure out when the tests stopped running on
> Jetty.
>
> Can anyone tell me what the integration or web-container should be doing
> in order to pass these tests ? Perhaps this is something that should be
> in AbstractWebContainer ?
>
> I have had a look through jbosstest and it seems to boil dow to the
> contents of the roles.properties file which ships in the ejb-jar of the
> test ear, whilst security is also set up in the war's web.xml.
>
> If there are servlets being deployed into a restricted context, but the
> security information is only made available to the ejb container, how is
> this intended to work ?
>
> I'm afraid that the security stuff is something that I still haven't
> quite come to grips with, so if someone could help me out here I would
> really appreciate it.
>
> Perhaps 2.4.1 based distributions are not expected to pass this
> testsuite anymore as it now contains 2.4.2-isms ?
>
>
>
> Jules
>
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
