Initial Contribution
Signed-off-by: Vinay Vishal <vinay.vishal@oracle.com>
diff --git a/appserver/tests/appserv-tests/devtests/security/README b/appserver/tests/appserv-tests/devtests/security/README
new file mode 100644
index 0000000..26173d0
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/README
@@ -0,0 +1,27 @@
+UNIT TESTS ON SECURITY
+======================
+
+PREREQUISITES:
+-------------
+LDAP server such as OpenDS (http://www.opends.org/).
+
+FOR RUNNING THE SECURITY TESTS:
+-------------------------------
+1. Update appserv-tests/config.properties.
+1a. Set the ENV variables S1AS_HOME to GFv3 home
+1b. Set the ENV variable APS_HOME t0 appserv-tests
+1c. Set the ENV variable JAVA_HOME to jdk home
+2. Start the domain, $S1AS_HOME/bin/asadmin start-domain
+3. Start derby database, $S1AS_HOME/bin/asadmin start-database
+4. Simple type "ant all" from appserv-tests/devtests/security.
+
+NOTE:
+-----
+If there is a problem in running wsimport for wss tests, then please check
+a) the line 127.0.0.1 is correct in /etc/hosts
+b) $APS_HOME should not have "/" at the end
+
+For jdk version 1.6.0_20+, add the follwing workaround.
+a) $S1AS_HOME/bin/asadmin create-jvm-options -Dsun.security.ssl.allowUnsafeRenegotiation=true
+
+For help contact sjsas-security-dev@sun.com
diff --git a/appserver/tests/appserv-tests/devtests/security/anyone/build.properties b/appserver/tests/appserv-tests/devtests/security/anyone/build.properties
new file mode 100644
index 0000000..6111203
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/anyone/build.properties
@@ -0,0 +1,36 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security-anyone"/>
+<property name="appname" value="${module}"/>
+<property name="assemble" value="${build.classes.dir}/archive"/>
+<property name="test.client"
+ value="com.sun.s1asdev.security.anyone.client.Client"/>
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="sun-application.xml" value="descriptor/sun-application.xml"/>
+<property name="ejb-jar.xml" value="descriptor/ejb-jar.xml"/>
+<property name="sun-ejb-jar.xml" value="descriptor/sun-ejb-jar.xml"/>
+<property name="web.xml" value="descriptor/web.xml"/>
+<property name="application-client.xml"
+ value="descriptor/application-client.xml"/>
+<property name="sun-application-client.xml"
+ value="descriptor/sun-application-client.xml"/>
+<property name="appclientjar.files" value="${build.classes.dir}"/>
+<property name="appclient.jar" value="${assemble.dir}/${appname}-client.jar"/>
+<property name="app.type" value="application"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/anyone/build.xml b/appserver/tests/appserv-tests/devtests/security/anyone/build.xml
new file mode 100644
index 0000000..ea4d953
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/anyone/build.xml
@@ -0,0 +1,162 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../config/common.xml">
+<!ENTITY commonSecurity SYSTEM "file:../common.xml">
+<!ENTITY testproperties SYSTEM "file:./build.properties">
+]>
+
+<project name="security-anyone" default="usage" basedir=".">
+
+ &commonSetup;
+ &commonBuild;
+ &testproperties;
+ &commonSecurity;
+
+ <target name="all" depends="clean, setup, build, deploy, run, undeploy, unsetup"/>
+
+ <target name="clean" depends="init-common">
+ <antcall target="clean-common"/>
+ </target>
+
+ <target name="setup" depends="init-common">
+ <!-- workaround for handling the special character : in the admin command -->
+ <echo message="file=${admin.domain.dir}/${admin.domain}/config/keyfile3" file="temp.txt"/>
+ <replace file="temp.txt" token="\" value="/"/>
+ <replace file="temp.txt" token=":" value="\\:"/>
+ <loadproperties srcFile="temp.txt"/>
+ <echo message="${file}"/>
+ <delete file="temp.txt"/>
+
+ <antcall target="create-auth-realm">
+ <param name="realmname" value="file3"/>
+ <param name="realmclass" value="com.sun.enterprise.security.auth.realm.file.FileRealm"/>
+ <param name="realmproperties" value="--property file=${file}:jaas-context=fileRealm:assign-groups=agroup"/>
+ </antcall>
+ <!-- <antcall target="reconfig-common"/>-->
+
+ <antcall target="create-user-common">
+ <param name="user" value="javaee"/>
+ <param name="password" value="javaee"/>
+ <param name="groups" value="javaee"/>
+ <param name="authrealmname" value="file3"/>
+ </antcall>
+ </target>
+
+ <target name="unsetup" depends="init-common">
+ <antcall target="delete-user-common">
+ <param name="user" value="javaee"/>
+ <param name="authrealmname" value="file3"/>
+ </antcall>
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-auth-realm" />
+ <param name="operand.props" value="file3"/>
+ </antcall>
+ </target>
+
+ <target name="compile" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="ejb"/>
+ <param name="build.classes.dir" value="${build.classes.dir}/nonweb"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="web"/>
+ <param name="build.classes.dir" value="${build.classes.dir}/web"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="client"/>
+ <param name="build.classes.dir" value="${build.classes.dir}/nonweb"/>
+ </antcall>
+ </target>
+
+ <target name="build" depends="compile">
+ <mkdir dir="${assemble.dir}"/>
+ <mkdir dir="${build.classes.dir}/META-INF"/>
+
+ <antcall target="package-ejbjar-common">
+ <param name="ejbjar.files" value="${build.classes.dir}/nonweb"/>
+ <param name="ejb.jar" value="${assemble.dir}/${appname}-ejb.jar"/>
+ <param name="ejbjar.classes" value="com/sun/**/ejb/*.class"/>
+ <param name="sun-ejb-jar.xml" value="${sun-ejb-jar.xml}"/>
+ </antcall>
+ <antcall target="package-war-common">
+ <param name="war.classes" value="${build.classes.dir}/web"/>
+ <param name="war.file" value="${assemble.dir}/${appname}-web.war"/>
+ </antcall>
+ <antcall target="package-appclientjar-common">
+ <param name="appclientjar.files" value="${build.classes.dir}/nonweb"/>
+ <param name="appclient.jar"
+ value="${assemble.dir}/${appname}-client.jar"/>
+ <param name="appclientjar.classes"
+ value="com/sun/**/client/*.class,com/sun/**/ejb/Hello.class"/>
+ </antcall>
+
+ <copy file="${application.xml}" tofile="${build.classes.dir}/META-INF/application.xml" failonerror="false"/>
+ <copy file="${sun-application.xml}" tofile="${build.classes.dir}/META-INF/sun-application.xml" failonerror="false"/>
+ <jar jarfile="${assemble.dir}/${appname}App.ear">
+ <fileset dir="${assemble.dir}">
+ <include name="*.jar"/>
+ <include name="*.war"/>
+ </fileset>
+ <fileset dir="${build.classes.dir}">
+ <include name="META-INF/application.xml"/>
+ <include name="META-INF/sun-application.xml"/>
+ </fileset>
+ <fileset dir="${env.APS_HOME}" includes="lib/reporter.jar"/>
+ </jar>
+
+ <copy file="${sun-application.xml}" tofile="${build.classes.dir}/META-INF/sun-application.xml" failonerror="false"/>
+ <jar jarfile="${assemble.dir}/${appname}App.ear">
+ <fileset dir="${assemble.dir}">
+ <include name="*.jar"/>
+ <include name="*.war"/>
+ </fileset>
+ <fileset dir="${build.classes.dir}">
+ <include name="META-INF/sun-application.xml"/>
+ </fileset>
+ </jar>
+ </target>
+
+ <target name="deploy" depends="init-common">
+ <antcall target="deploy-common"/>
+ </target>
+
+ <target name="run" depends="init-common">
+ <exec executable="${APPCLIENT}">
+ <arg line="-client" />
+ <arg line="${assemble.dir}/${appname}AppClient.jar"/>
+ <arg line="-textauth"/>
+ <arg line="-user"/>
+ <arg line="javaee"/>
+ <arg line="-password"/>
+ <arg line="javaee"/>
+ <arg line="${http.host} ${http.port}"/>
+ </exec>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-common"/>
+ </target>
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/anyone/client/Client.java b/appserver/tests/appserv-tests/devtests/security/anyone/client/Client.java
new file mode 100644
index 0000000..30b41d5
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/anyone/client/Client.java
@@ -0,0 +1,104 @@
+/*
+ * Copyright (c) 2005, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.anyone.client;
+
+import java.io.BufferedReader;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.OutputStream;
+import java.net.Socket;
+import javax.ejb.EJB;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+public class Client {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+ private static String testSuite = "Sec::Anyone test ";
+ private static @EJB com.sun.s1asdev.security.anyone.ejb.Hello hello;
+ private String host;
+ private int port;
+
+ public static void main(String[] args) {
+ Client client = new Client(args);
+ client.doTest();
+ }
+
+ public Client(String[] args) {
+ host = (args.length > 0) ? args[0] : "localhost";
+ port = (args.length > 1) ? Integer.parseInt(args[1]) : 8080;
+ }
+
+ public void doTest() {
+ stat.addDescription("security-anyone");
+
+ String description = null;
+ System.out.println("Invoking ejb");
+ try {
+ description = testSuite + " ejb: hello";
+ hello.hello("Sun");
+ stat.addStatus(description, stat.PASS);
+ } catch(Exception ex) {
+ ex.printStackTrace();
+ stat.addStatus(description, stat.FAIL);
+ }
+
+ System.out.println("Invoking servlet");
+ description = testSuite + " servlet";
+ try {
+ int count = goGet(host, port, "/security-anyone/servlet");
+ if (count == 1) {
+ stat.addStatus(description, stat.PASS);
+ } else {
+ System.out.println("Servlet does not return expected result.");
+ stat.addStatus(description, stat.FAIL);
+ }
+ } catch(Exception ex) {
+ ex.printStackTrace();
+ stat.addStatus(description, stat.FAIL);
+ }
+
+ stat.printSummary("security-anyone");
+ }
+
+ private static int goGet(String host, int port, String contextPath)
+ throws Exception {
+ Socket s = new Socket(host, port);
+
+ OutputStream os = s.getOutputStream();
+ System.out.println(("GET " + contextPath + " HTTP/1.0\n"));
+ os.write(("GET " + contextPath + " HTTP/1.0\n").getBytes());
+ os.write("Authorization: Basic amF2YWVlOmphdmFlZQ==\n".getBytes());
+ os.write("\n".getBytes());
+
+ InputStream is = s.getInputStream();
+ BufferedReader bis = new BufferedReader(new InputStreamReader(is));
+ String line = null;
+
+ int count = 0;
+ int lineNum = 0;
+ while ((line = bis.readLine()) != null) {
+ System.out.println(lineNum + ": " + line);
+ if (line.equals("Hello World")) {
+ count++;
+ }
+ lineNum++;
+ }
+
+ return count;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/anyone/client/MANIFEST.MF b/appserver/tests/appserv-tests/devtests/security/anyone/client/MANIFEST.MF
new file mode 100644
index 0000000..f018f17
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/anyone/client/MANIFEST.MF
@@ -0,0 +1,2 @@
+Manifest-Version: 1.0
+Main-Class: com.sun.s1asdev.security.anyone.client.Client
diff --git a/appserver/tests/appserv-tests/devtests/security/anyone/descriptor/application.xml b/appserver/tests/appserv-tests/devtests/security/anyone/descriptor/application.xml
new file mode 100644
index 0000000..35ba501
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/anyone/descriptor/application.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE application PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application 1.3//EN" "http://java.sun.com/dtd/application_1_3.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application>
+ <display-name>security-anyone</display-name>
+ <module>
+ <ejb>security-anyone-ejb.jar</ejb>
+ </module>
+ <module>
+ <web>
+ <web-uri>security-anyone-web.war</web-uri>
+ <context-root>security-anyone</context-root>
+ </web>
+ </module>
+ <module>
+ <java>security-anyone-client.jar</java>
+ </module>
+</application>
diff --git a/appserver/tests/appserv-tests/devtests/security/anyone/descriptor/sun-application.xml b/appserver/tests/appserv-tests/devtests/security/anyone/descriptor/sun-application.xml
new file mode 100644
index 0000000..7d4f9d2
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/anyone/descriptor/sun-application.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application PUBLIC "-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 J2EE Application 1.4//EN" "http://www.sun.com/software/sunone/appserver/dtds/sun-application_1_4-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application>
+ <unique-id>0</unique-id>
+ <security-role-mapping>
+ <role-name>javaee</role-name>
+ <principal-name>javaee</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>nobody</role-name>
+ <group-name>nobody</group-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>ANYONE</role-name>
+ <group-name>agroup</group-name>
+ </security-role-mapping>
+ <realm>file3</realm>
+</sun-application>
diff --git a/appserver/tests/appserv-tests/devtests/security/anyone/descriptor/sun-ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/anyone/descriptor/sun-ejb-jar.xml
new file mode 100644
index 0000000..4543cbf
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/anyone/descriptor/sun-ejb-jar.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 EJB 2.1//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-ejb-jar_2_1-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-ejb-jar>
+ <enterprise-beans>
+ <ejb>
+ <ejb-name>HelloEjb</ejb-name>
+ <ior-security-config>
+ <as-context>
+ <auth-method>username_password</auth-method>
+ <realm>file2</realm>
+ <required>true</required>
+ </as-context>
+ </ior-security-config>
+ </ejb>
+ </enterprise-beans>
+</sun-ejb-jar>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/anyone/descriptor/web.xml b/appserver/tests/appserv-tests/devtests/security/anyone/descriptor/web.xml
new file mode 100644
index 0000000..d1443c6
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/anyone/descriptor/web.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
+ <display-name>security anyone</display-name>
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>com.sun.s1asdev.security.anyone.web.Servlet</servlet-class>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/servlet</url-pattern>
+ </servlet-mapping>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>myServlet</web-resource-name>
+ <url-pattern>/servlet</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>ANYONE</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>default</realm-name>
+ </login-config>
+ <security-role>
+ <role-name>ANYONE</role-name>
+ </security-role>
+</web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/anyone/ejb/Hello.java b/appserver/tests/appserv-tests/devtests/security/anyone/ejb/Hello.java
new file mode 100644
index 0000000..b8bbbc5
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/anyone/ejb/Hello.java
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.anyone.ejb;
+
+public interface Hello {
+ public String hello(String msg);
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/anyone/ejb/HelloEjb.java b/appserver/tests/appserv-tests/devtests/security/anyone/ejb/HelloEjb.java
new file mode 100644
index 0000000..8616068
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/anyone/ejb/HelloEjb.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.anyone.ejb;
+
+import javax.annotation.Resource;
+import javax.annotation.security.DeclareRoles;
+import javax.annotation.security.RolesAllowed;
+import javax.ejb.Remote;
+import javax.ejb.SessionContext;
+import javax.ejb.Stateless;
+
+@Stateless
+@Remote({Hello.class})
+@DeclareRoles({"javaee", "nobody"})
+public class HelloEjb implements Hello {
+ @Resource private SessionContext sc;
+
+ @RolesAllowed(value={"ANYONE"})
+ public String hello(String msg) {
+ if (!sc.isCallerInRole("javaee") || sc.isCallerInRole("nobody")) {
+ throw new RuntimeException("Not of role javaee or is of role nobody");
+ }
+
+ return "Hello , " + msg;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/anyone/web/Servlet.java b/appserver/tests/appserv-tests/devtests/security/anyone/web/Servlet.java
new file mode 100644
index 0000000..13e81d0
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/anyone/web/Servlet.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.anyone.web;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.annotation.security.DeclareRoles;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@DeclareRoles({"javaee", "nobody"})
+public class Servlet extends HttpServlet {
+
+ public void service(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ resp.setContentType("text/html");
+ PrintWriter out = resp.getWriter();
+
+ out.println("<HTML><HEAD><TITLE>Servlet Output</TTILE></HEAD><BODY>");
+ if (req.isUserInRole("javaee") && !req.isUserInRole("nobody")) {
+ out.println("Hello World");
+ }
+ out.println("</BODY></HTML>");
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/authConf/build.xml b/appserver/tests/appserv-tests/devtests/security/authConf/build.xml
new file mode 100644
index 0000000..0e1686e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/authConf/build.xml
@@ -0,0 +1,94 @@
+<?xml version="1.0"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "file:./../../../config/run.xml">
+<!ENTITY commonSecurity SYSTEM "file:./../common.xml">
+<!-- <!ENTITY testProperties SYSTEM "./build.properties"> -->
+]>
+
+<!-- This version only tests that the auth.conf file is not
+ changed at startup. Issue: 3033. If changed to test an
+ end to end scenario, please change this message. -->
+<project name="security-authConf" basedir="." default="usage">
+
+ &commonSetup;
+ &commonBuild;
+ &commonRun;
+ &commonSecurity;
+ <!-- &testProperties; -->
+
+ <property name="provider.jar"
+ value="${env.S1AS_HOME}/lib/test-jmac-provider.jar"/>
+
+ <target name="all" depends="init-common">
+ <!-- stop server -->
+ <antcall target="stopDomain"/>
+ <sleep seconds="15"/>
+
+ <!-- add auth.conf file and provider jar -->
+ <copy file="conffile/auth.conf"
+ todir="${admin.domain.dir}/${admin.domain}/config"/>
+ <antcall target="build-provider-jar"/>
+
+ <!-- start server -->
+ <antcall target="startDomain"/>
+
+ <!-- quick diff of auth conf file -->
+ <length file="conffile/auth.conf" property="length.original"/>
+ <length file="${admin.domain.dir}/${admin.domain}/config/auth.conf"
+ property="length.new"/>
+ <echo message="original auth.conf length: ${length.original}"/>
+ <echo message="new auth.conf length: ${length.new}"/>
+ <!-- i don't know how to report failure without ending test run. TBD! -->
+ <fail>
+ <condition>
+ <not>
+ <length file="${admin.domain.dir}/${admin.domain}/config/auth.conf"
+ when="equal"
+ length="${length.original}"/>
+ </not>
+ </condition>
+ </fail>
+ <echo message="files are of same length. OK"/>
+
+ <!-- stop server, clean up, and restart -->
+ <antcall target="stopDomain"/>
+ <sleep seconds="15"/>
+ <delete file="${admin.domain.dir}/${admin.domain}/config/auth.conf"/>
+ <delete file="${provider.jar}"/>
+ <antcall target="startDomain"/>
+ </target>
+
+ <!-- build and copy the provider jar file to GF/lib -->
+ <target name="build-provider-jar" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="provider"/>
+ </antcall>
+ <jar destfile="${provider.jar}" basedir="${build.classes.dir}"/>
+ </target>
+
+ <target name="clean" depends="init-common">
+ <delete dir="${build.classes.dir}"/>
+ <delete dir="${assemble.dir}"/>
+ </target>
+
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/authConf/conffile/auth.conf b/appserver/tests/appserv-tests/devtests/security/authConf/conffile/auth.conf
new file mode 100644
index 0000000..671aa2c
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/authConf/conffile/auth.conf
@@ -0,0 +1,24 @@
+con-entry {
+ com.sun.xml.wss.provider.wsit.WSITAuthConfigProvider
+}
+con-entry {
+ com.sun.enterprise.security.jmac.config.GFServerConfigProvider
+}
+con-entry {
+ com.sun.security.auth.message.config.ServletAuthConfigProvider
+ AppContextIDs:server /webtest1,server /webtest2
+ ServerAuthModule:com.sun.security.auth.message.module.SPNEGOServerAuthModule
+}
+
+reg-entry {
+ con-entry {
+ com.sun.security.auth.message.config.ServletAuthConfigProvider
+ AppContextIDs:server /acwebtest
+ ServerAuthModule:com.sun.security.auth.message.module.SPNEGOServerAuthModule
+ }
+ reg-ctx {
+ layer:HttpServlet
+ app-ctx:server /acwebtest
+ description: test for auth config provider
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/authConf/provider/com/sun/security/auth/message/config/ServletAuthConfigProvider.java b/appserver/tests/appserv-tests/devtests/security/authConf/provider/com/sun/security/auth/message/config/ServletAuthConfigProvider.java
new file mode 100644
index 0000000..f19685c
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/authConf/provider/com/sun/security/auth/message/config/ServletAuthConfigProvider.java
@@ -0,0 +1,491 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.security.auth.message.config;
+
+import java.util.concurrent.locks.Lock;
+import java.util.concurrent.locks.ReentrantReadWriteLock;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.StringTokenizer;
+
+import java.security.AccessController;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.*;
+import javax.security.auth.message.config.*;
+import javax.security.auth.message.module.*;
+import javax.security.auth.Subject;
+
+/**
+ * This interface is implemented by objects that can be used to obtain
+ * authentication context configuration objects, that is,
+ * <code>ClientAuthConfig</code> or <code>ServerAuthConfig</code> objects.
+ *
+ * <p> Authentication context configuration objects serve as sources of
+ * the authentication context objects, that is, <code>ClientAuthContext</code> or
+ * <code>ServerAuthContext</code> objects, for a specific message layer
+ * and messaging context.
+ *
+ * <p> Authentication context objects encapsulate the initialization,
+ * configuration, and invocation of authentication modules, that is,
+ * <code>ClientAuthModule</code> or <code>ServerAuthModule</code> objects, for
+ * a specific message exchange within a specific message layer and
+ * messaging context.
+ *
+ * <p> Callers do not directly operate on authentication modules.
+ * Instead, they rely on a ClientAuthContext or ServerAuthContext
+ * to manage the invocation of modules. A caller obtains an instance
+ * of ClientAuthContext or ServerAuthContext by calling the respective
+ * <code>getAuthContext</code> method on a <code>ClientAuthConfig</code>
+ * or <code>ServerAuthConfig</code> object obtained from an
+ * AuthConfigProvider.
+ *
+ * <p> The following represents a typical sequence of calls for obtaining
+ * a client authentication context object, and then using it to secure
+ * a request.
+ * <ol>
+ * <li>AuthConfigProvider provider;
+ * <li>ClientAuthConfig config = provider.getClientAuthConfig(layer,appID,cbh);
+ * <li>String authContextID = config.getAuthContextID(messageInfo);
+ * <li>ClientAuthContext context = config.getAuthContext(authContextID,subject,properties);
+ * <li>context.secureRequest(messageInfo,subject);
+ * </ol>
+ *
+* <p> Every implementation of this interface must offer a public,
+ * two argument constructor with the following signature:
+ * <pre>
+ * <code>
+ * public AuthConfigProviderImpl(Map properties, AuthConfigFactory factory);
+ * </code>
+ *</pre>
+ * where the properties argument may be null, and where all values and
+ * keys occurring in a non-null properties argument must be of type String.
+ * When the factory argument is not null, it indicates that the
+ * provider is to self-register at the factory by calling the following
+ * method on the factory:
+ * <pre>
+ * <code>
+ * public String
+ * registerConfigProvider(AuthConfigProvider provider, String layer,
+ * String appContext, String description);
+ * </code>
+ * </pre>
+ * @version %I%, %G%
+ *
+ * @see ClientAuthContext
+ * @see ServerAuthContext
+ * @see AuthConfigFactory
+ */
+public class ServletAuthConfigProvider implements AuthConfigProvider {
+
+ private static ReentrantReadWriteLock rwLock =
+ new ReentrantReadWriteLock();
+ private static Lock rLock = rwLock.readLock();;
+ private static Lock wLock = rwLock.writeLock();
+
+ private static HashMap authConfigMap = new HashMap();
+ private static HashMap defaultAuthConfigMap;
+
+ private static String HTTP_SERVLET_LAYER = "HttpServlet";
+ private static String MANDATORY_KEY =
+ "javax.security.auth.message.MessagePolicy.isMandatory";
+
+ private static String MANDATORY_CONTEXT_ID = "mandatory";
+ private static String OPTIONAL_CONTEXT_ID = "optional";
+
+ private static String CONTEXTS_KEY = "AppContextIDs";
+ private static String MODULE_KEY = "ServerAuthModule";
+
+ private static String defaultModule = null;
+ private static Map defaultModuleOptions = null;
+
+ /**
+ * initialization properties
+ *
+ * ServerAuthModule=ClassName
+ * AppContextIDs=x,y,z
+ *
+ */
+ public ServletAuthConfigProvider
+ (Map properties, AuthConfigFactory factory) throws AuthException {
+
+ if (properties == null) {
+ throw new AuthException("properties required for construction");
+ }
+
+ String module = (String) properties.get(MODULE_KEY);
+ if (module == null) {
+ throw new AuthException("ServerAuthModule property is required");
+ }
+
+ HashMap options = new HashMap(properties);
+ options.remove(MODULE_KEY);
+
+ String[] contextID = parseStringValue
+ ((String) properties.get(CONTEXTS_KEY));
+
+ options.remove(CONTEXTS_KEY);
+
+ System.err.println("constructing ServletAuthConfigProvider: " +
+ module);
+
+ if (contextID != null) {
+
+ for (String appContext : contextID) {
+
+ System.err.println("constructing ServletServerAuthConfig: " +
+ appContext);
+
+ if (appContext != null && appContext.length() > 0) {
+
+ ServerAuthConfig sAC = new ServletServerAuthConfig
+ (appContext,module,options);
+
+ try {
+ wLock.lock();
+ authConfigMap.put(appContext,sAC);
+ } finally {
+ wLock.unlock();
+ }
+
+ if (factory != null) {
+ factory.registerConfigProvider
+ (this,HTTP_SERVLET_LAYER,appContext,module);
+ }
+ }
+ }
+ } else {
+ // record defaults to handle registration for all appcontexts
+ try {
+ wLock.lock();
+ defaultModule = module;
+ defaultModuleOptions = options;
+ defaultAuthConfigMap = new HashMap();
+ } finally {
+ wLock.unlock();
+ }
+ }
+ }
+
+ private static String[] parseStringValue(String value) {
+ String[] rvalue = null;
+ if (value != null) {
+
+ // removed blank
+ String delim = new String(":,;");
+ StringTokenizer tokenizer = new StringTokenizer(value,delim);
+ int count = tokenizer.countTokens();
+ if (count > 0) {
+ rvalue = new String[count];
+ for (int i = 0; i < count; i++) {
+ rvalue[i] = tokenizer.nextToken();
+ }
+ }
+ }
+ return rvalue;
+ }
+
+ public ClientAuthConfig getClientAuthConfig
+ (String layer, String appContext, CallbackHandler handler)
+ throws AuthException {
+ throw new AuthException("Not implemented");
+ }
+
+ public ServerAuthConfig getServerAuthConfig
+ (String layer, String appContext, CallbackHandler handler)
+ throws AuthException {
+
+ if (!HTTP_SERVLET_LAYER.equals(layer)) {
+ throw new AuthException("Layer Not implemented");
+ }
+
+ if (handler == null) {
+ throw new AuthException("default handler Not implemented");
+ }
+
+ // reuse config for a given layer and appcontext, handler will be
+ // set on first access.
+
+ ServletServerAuthConfig sSAC = null;
+
+ try {
+ rLock.lock();
+ sSAC = (ServletServerAuthConfig)
+ authConfigMap.get(appContext);
+ if (sSAC == null) {
+ if (defaultAuthConfigMap != null) {
+ sSAC = (ServletServerAuthConfig)
+ defaultAuthConfigMap.get(appContext);
+ }
+ }
+ if (sSAC != null) {
+ sSAC.setHandlerIfNotSet(handler);
+ }
+ } finally {
+ rLock.unlock();
+ }
+
+ if (sSAC == null) {
+ try {
+ wLock.lock();
+ if (defaultAuthConfigMap != null) {
+ sSAC = (ServletServerAuthConfig)
+ defaultAuthConfigMap.get(appContext);
+ }
+ if (sSAC == null) {
+ sSAC = new ServletServerAuthConfig
+ (appContext,defaultModule,defaultModuleOptions);
+ defaultAuthConfigMap.put(appContext,sSAC);
+ }
+ } finally {
+ rLock.unlock();
+ }
+ if (sSAC != null) {
+ sSAC.setHandlerIfNotSet(handler);
+ }
+ }
+
+ if (sSAC == null) {
+ throw new AuthException("context: " + appContext +
+ " not configured");
+ }
+
+ return sSAC;
+ }
+
+ public void refresh() {
+ }
+
+ static class ServletServerAuthConfig implements ServerAuthConfig {
+
+ static final Class[] PARAMS = { };
+ static final Object[] ARGS = { };
+
+ Lock rLockConfig;
+ Lock wLockConfig;
+
+ String appContext;
+ CallbackHandler cbh;
+
+ ServerAuthModule modules[] = null;
+
+ ServerAuthContext mandatoryContext;
+ ServerAuthContext optionalContext;
+
+ Map options;
+
+ static MessagePolicy mandatoryPolicy = new MessagePolicy
+ ( new MessagePolicy.TargetPolicy[]
+ { new MessagePolicy.TargetPolicy
+ ( (MessagePolicy.Target[]) null,
+ new ServletProtectionPolicy()) } , true);
+
+ static MessagePolicy optionalPolicy = new MessagePolicy
+ ( new MessagePolicy.TargetPolicy[]
+ { new MessagePolicy.TargetPolicy
+ ((MessagePolicy.Target[]) null,
+ new ServletProtectionPolicy()) }, false);
+
+ ServletServerAuthConfig (String appContext,
+ final String clazz, Map options) throws AuthException {
+
+ ReentrantReadWriteLock rwLock = new ReentrantReadWriteLock();
+ rLockConfig = rwLock.readLock();;
+ wLockConfig = rwLock.writeLock();
+
+ this.appContext = appContext;
+ this.options = options;
+
+ try {
+
+ modules = (ServerAuthModule[]) AccessController.doPrivileged
+
+ (new java.security.PrivilegedExceptionAction() {
+
+ public Object run() throws
+
+ java.lang.ClassNotFoundException,
+ java.lang.NoSuchMethodException,
+ java.lang.InstantiationException,
+ java.lang.IllegalAccessException,
+ java.lang.reflect.InvocationTargetException {
+
+ ClassLoader loader =
+ Thread.currentThread().getContextClassLoader();
+
+ Class c = Class.forName(clazz, true, loader);
+
+ java.lang.reflect.Constructor constructor =
+ c.getConstructor(PARAMS);
+
+ return new ServerAuthModule[]
+ { (ServerAuthModule) constructor.newInstance(ARGS),
+ (ServerAuthModule) constructor.newInstance(ARGS)
+ };
+ }
+
+ });
+
+ } catch (java.security.PrivilegedActionException pae) {
+ AuthException ae = new AuthException();
+ ae.initCause(pae.getCause());
+ throw ae;
+ }
+
+ System.out.println("created ServletServerAuthConfig: " +
+ appContext + " " + clazz);
+
+ mandatoryContext = null;
+ optionalContext = null;
+ }
+
+ public ServerAuthContext
+ getAuthContext(String authContextID, Subject serviceSubject,
+ Map properties) throws AuthException {
+
+ boolean mandatory = false;
+ if (MANDATORY_CONTEXT_ID.equals(authContextID)) {
+ mandatory = true;
+ } else if (!OPTIONAL_CONTEXT_ID.equals(authContextID)) {
+ throw new AuthException("invalid AuthContext ID");
+ }
+
+ ServerAuthContext rvalue = null;
+
+ try {
+ rLockConfig.lock();
+ if (mandatory) {
+ rvalue = mandatoryContext;
+ } else {
+ rvalue = optionalContext;
+ }
+ } finally {
+ rLockConfig.unlock();
+ }
+ if (rvalue == null) {
+ try {
+ wLockConfig.lock();
+ if (options != null && properties != null) {
+ properties = new HashMap(properties);
+ properties.putAll(options);
+ }
+
+ if (mandatory) {
+ mandatoryContext = new ServletServerAuthContext
+ (modules[1],mandatoryPolicy,cbh,properties);
+ rvalue = mandatoryContext;
+ } else {
+ optionalContext = new ServletServerAuthContext
+ (modules[0],optionalPolicy,cbh,properties);
+ rvalue = optionalContext;
+ }
+ } finally {
+ wLockConfig.unlock();
+ }
+ }
+ return rvalue;
+ }
+
+ public String getMessageLayer() {
+ return HTTP_SERVLET_LAYER;
+ }
+
+ public String getAppContext() {
+ return this.appContext;
+ }
+
+ public String getAuthContextID(MessageInfo messageInfo) {
+ if (messageInfo.getMap().containsKey(MANDATORY_KEY)) {
+ return MANDATORY_CONTEXT_ID;
+ } else {
+ return OPTIONAL_CONTEXT_ID;
+ }
+ }
+
+ public void refresh() {
+ }
+
+ public boolean isProtected() {
+ return true;
+ }
+
+ boolean setHandlerIfNotSet(CallbackHandler handler) {
+ try {
+ wLockConfig.lock();
+ if (this.cbh == null && handler != null) {
+ this.cbh = handler;
+ return true;
+ } else {
+ return false;
+ }
+ } finally {
+ wLockConfig.unlock();
+ }
+ }
+
+ static class ServletProtectionPolicy implements
+ MessagePolicy.ProtectionPolicy {
+
+ ServletProtectionPolicy() {
+ }
+
+ public String getID() {
+ return MessagePolicy.ProtectionPolicy.AUTHENTICATE_SENDER;
+ }
+ }
+ }
+
+ static class ServletServerAuthContext implements ServerAuthContext {
+
+ ServerAuthModule module;
+
+ ServletServerAuthContext (ServerAuthModule module,
+ MessagePolicy requestPolicy,
+ CallbackHandler cbh,
+ Map options) throws AuthException {
+
+ module.initialize(requestPolicy,null,cbh,options);
+ this.module = module;
+ }
+
+ public AuthStatus validateRequest
+ (MessageInfo messageInfo, Subject clientSubject,
+ Subject serviceSubject) throws AuthException {
+ return module.validateRequest
+ (messageInfo,clientSubject,serviceSubject);
+ }
+
+ public AuthStatus secureResponse
+ (MessageInfo messageInfo, Subject serviceSubject)
+ throws AuthException {
+ return module.secureResponse(messageInfo,serviceSubject);
+ }
+
+ public void cleanSubject(MessageInfo messageInfo, Subject subject)
+ throws AuthException {
+ module.cleanSubject(messageInfo,subject);
+ }
+
+ }
+
+}
+
+
+
+
+
+
diff --git a/appserver/tests/appserv-tests/devtests/security/authConf/provider/com/sun/security/auth/message/module/SPNEGOServerAuthModule.java b/appserver/tests/appserv-tests/devtests/security/authConf/provider/com/sun/security/auth/message/module/SPNEGOServerAuthModule.java
new file mode 100644
index 0000000..a83cbe5
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/authConf/provider/com/sun/security/auth/message/module/SPNEGOServerAuthModule.java
@@ -0,0 +1,607 @@
+/*
+ * Copyright (c) 2007, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.security.auth.message.module;
+
+import java.lang.StringBuffer;
+import java.io.IOException;
+
+import java.security.Principal;
+
+import java.util.Enumeration;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import java.util.Map;
+import java.util.Set;
+import java.util.StringTokenizer;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.*;
+import javax.security.auth.message.module.ServerAuthModule;
+import javax.security.auth.message.callback.CallerPrincipalCallback;
+import javax.security.auth.message.callback.GroupPrincipalCallback;
+import javax.security.auth.Subject;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.ietf.jgss.Oid;
+import org.ietf.jgss.GSSContext;
+import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSException;
+import org.ietf.jgss.GSSManager;
+import org.ietf.jgss.GSSName;
+
+import org.apache.catalina.util.Base64;
+
+import com.sun.security.jgss.GSSUtil;
+
+/**
+ * An implementation of this interface is used to validate received service
+ * request messages, and to secure service response messages.
+ *
+ * @version %I%, %G%
+ * @see MessageInfo
+ * @see Subject
+ */
+public class SPNEGOServerAuthModule implements ServerAuthModule {
+
+ private static Logger logger = Logger.getLogger
+ (SPNEGOServerAuthModule.class.getName());
+
+ private static String DEBUG_OPTIONS_KEY ="debug";
+
+ private static String ASSIGN_GROUPS_OPTIONS_KEY =
+ "assign.groups";
+
+ private static String POLICY_CONTEXT_OPTIONS_KEY =
+ "javax.security.jacc.PolicyContext";
+
+ public static final String AUTH_TYPE_INFO_KEY =
+ "javax.servlet.http.authType";
+
+ private static String IS_MANDATORY_INFO_KEY =
+ "javax.security.auth.message.MessagePolicy.isMandatory";
+
+ private static String AUTHORIZATION_HEADER = "authorization";
+
+ private static String AUTHENTICATION_HEADER = "WWW-Authenticate";
+
+ private static String NEGOTIATE = "Negotiate";
+
+ private static String NTLM_INITIAL_TOKEN = "NTLMSSP";
+
+ private static Class[] supportedMessageTypes = new Class[]
+ {
+ javax.servlet.http.HttpServletRequest.class,
+ javax.servlet.http.HttpServletResponse.class
+ };
+
+ private MessagePolicy requestPolicy;
+
+ private MessagePolicy responsePolicy;
+
+ private CallbackHandler handler;
+
+ private Map options;
+
+ private boolean debug;
+
+ private Level debugLevel;
+
+ private String policyContextID;
+
+ private String[] assignedGroups;
+
+ private boolean isMandatory;
+
+ private GSSManager gssManager;
+
+ /**
+ * Initialize this module with request and response message policies
+ * to enforce, a CallbackHandler, and any module-specific configuration
+ * properties.
+ *
+ * <p> The request policy and the response policy must not both be null.
+ *
+ * @param requestPolicy The request policy this module must enforce,
+ * or null.
+ *
+ * @param responsePolicy The response policy this module must enforce,
+ * or null.
+ *
+ * @param handler CallbackHandler used to request information.
+ *
+ * @param options A Map of module-specific configuration properties.
+ *
+ * @exception AuthException If module initialization fails, including for
+ * the case where the options argument contains elements that are not
+ * supported by the module.
+ */
+
+ public void initialize(MessagePolicy requestPolicy,
+ MessagePolicy responsePolicy,
+ CallbackHandler handler,
+ Map options)
+ throws AuthException {
+
+ this.requestPolicy = requestPolicy;
+ this.responsePolicy = responsePolicy;
+
+ this.isMandatory = requestPolicy.isMandatory();
+
+ this.handler = handler;
+ this.options = options;
+
+ if (options != null) {
+ debug = options.containsKey(DEBUG_OPTIONS_KEY);
+ policyContextID = (String)
+ options.get(POLICY_CONTEXT_OPTIONS_KEY);
+ } else {
+ debug = false;
+ policyContextID = null;
+ }
+
+ assignedGroups = getAssignedGroupNames();
+
+ debugLevel = (logger.isLoggable(Level.FINE) && !debug) ?
+ Level.FINE : Level.INFO;
+
+ gssManager = GSSManager.getInstance();
+ }
+
+ /**
+ * Get the one or more Class objects representing the message types
+ * supported by the module.
+ *
+ * @return An array of Class objects, with at least one element
+ * defining a message type supported by the module.
+ */
+ public Class[] getSupportedMessageTypes() {
+ return supportedMessageTypes;
+ }
+
+ /**
+ * Authenticate a received service request.
+ *
+ * This method is called to transform the mechanism-specific request
+ * message acquired by calling getRequestMessage (on messageInfo)
+ * into the validated application message to be returned to the message
+ * processing runtime.
+ * If the received message is a (mechanism-specific) meta-message,
+ * the method implementation must attempt to transform the meta-message
+ * into a corresponding mechanism-specific response message, or to the
+ * validated application request message.
+ * The runtime will bind a validated application message into the
+ * the corresponding service invocation.
+ * <p> This method conveys the outcome of its message processing either
+ * by returning an AuthStatus value or by throwing an AuthException.
+ *
+ * @param messageInfo A contextual object that encapsulates the
+ * client request and server response objects, and that may be
+ * used to save state across a sequence of calls made to the
+ * methods of this interface for the purpose of completing a
+ * secure message exchange.
+ *
+ * @param clientSubject A Subject that represents the source of the
+ * service
+ * request. It is used by the method implementation to store
+ * Principals and credentials validated in the request.
+ *
+ * @param serviceSubject A Subject that represents the recipient of the
+ * service request, or null. It may be used by the method
+ * implementation as the source of Principals or credentials to
+ * be used to validate the request. If the Subject is not null,
+ * the method implementation may add additional Principals or
+ * credentials (pertaining to the recipient of the service
+ * request) to the Subject.
+ *
+ * @return An AuthStatus object representing the completion status of
+ * the processing performed by the method.
+ * The AuthStatus values that may be returned by this method
+ * are defined as follows:
+ *
+ * <ul>
+ * <li> AuthStatus.SUCCESS when the application request message
+ * was successfully validated. The validated request message is
+ * available by calling getRequestMessage on messageInfo.
+ *
+ * <li> AuthStatus.SEND_SUCCESS to indicate that validation/processing
+ * of the request message successfully produced the secured application
+ * response message (in messageInfo). The secured response message is
+ * available by calling getResponseMessage on messageInfo.
+ *
+ * <li> AuthStatus.SEND_CONTINUE to indicate that message validation is
+ * incomplete, and that a preliminary response was returned as the
+ * response message in messageInfo.
+ *
+ * When this status value is returned to challenge an
+ * application request message, the challenged request must be saved
+ * by the authentication module such that it can be recovered
+ * when the module's validateRequest message is called to process
+ * the request returned for the challenge.
+ *
+ * <li> AuthStatus.SEND_FAILURE to indicate that message validation failed
+ * and that an appropriate failure response message is available by
+ * calling getResponseMessage on messageInfo.
+ * </ul>
+ *
+ * @exception AuthException When the message processing failed without
+ * establishing a failure response message (in messageInfo).
+ */
+ public AuthStatus validateRequest(MessageInfo messageInfo,
+ Subject clientSubject,
+ Subject serviceSubject) throws AuthException {
+
+ assert (messageInfo.getMap().containsKey(IS_MANDATORY_INFO_KEY) ==
+ this.isMandatory);
+
+ HttpServletRequest request =
+ (HttpServletRequest) messageInfo.getRequestMessage();
+
+ HttpServletResponse response =
+ (HttpServletResponse) messageInfo.getResponseMessage();
+
+ debugRequest(request);
+
+ // should specify encoder
+ String authorization = request.getHeader(AUTHORIZATION_HEADER);
+
+ if (authorization != null && authorization.startsWith(NEGOTIATE)) {
+
+ authorization = authorization.substring(NEGOTIATE.length()+1);
+
+ // should specify a decoder
+ byte[] requestToken = Base64.decode(authorization.getBytes());
+
+ try {
+
+ GSSContext gssContext =
+ gssManager.createContext((GSSCredential) null);
+
+ byte[] gssToken = gssContext.acceptSecContext
+ (requestToken,0,requestToken.length);
+
+ if (gssToken != null) {
+
+ byte[] responseToken = Base64.encode(gssToken);
+
+ response.setHeader(AUTHENTICATION_HEADER,
+ "Negotiate" + responseToken);
+
+ debugToken("jmac.servlet.authentication.token",
+ responseToken);
+ }
+
+ if (!gssContext.isEstablished()) {
+
+ if (debug || logger.isLoggable(Level.FINE)){
+ logger.log(debugLevel,"jmac.gss_dialog_continued");
+ }
+
+ response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+ return AuthStatus.SEND_CONTINUE;
+
+ } else {
+
+ String mechID;
+ try {
+ Oid oid = gssContext.getMech();
+ mechID = oid.toString();
+ } catch (GSSException gsse) {
+ mechID = "Undefined GSS Mechanism";
+
+ if (debug || logger.isLoggable(Level.FINE)){
+ logger.log(debugLevel,
+ "jmac.gss_mechanism_undefined",gsse);
+ }
+ }
+
+ GSSName name = gssContext.getSrcName();
+
+ if (!setCallerPrincipal(name,clientSubject)) {
+
+ return sendFailureMessage
+ (response,
+ HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
+ "Failed setting caller principal");
+ }
+
+ /* we may need to add something like a cookie to the
+ * response (that will be returned in subsequent requests).
+ * At this point, I am presuming that the browser will
+ * resend the authorization token.
+ */
+ messageInfo.getMap().put(AUTH_TYPE_INFO_KEY,mechID);
+
+ if (debug || logger.isLoggable(Level.FINE)){
+ logger.log(debugLevel,"jmac.gss_dialog_complete");
+ }
+
+ }
+
+ } catch (GSSException gsse) {
+
+ if (requestToken != null) {
+
+ debugToken("jmac.servlet.authorization.token",
+ requestToken);
+
+ if (isNTLMToken(requestToken)) {
+
+ // until we add support for NTLM
+ return sendFailureMessage
+ (response,
+ HttpServletResponse.SC_NOT_IMPLEMENTED,
+ "No support for NTLM");
+ }
+ }
+
+ if (debug || logger.isLoggable(Level.FINE)){
+ logger.log(debugLevel,"jmac.gss_dialog_failed",gsse);
+ }
+
+ // for other errors throw an AuthException
+
+ AuthException ae = new AuthException();
+ ae.initCause(gsse);
+ throw ae;
+ }
+
+ } else if (this.isMandatory) {
+
+ response.setHeader(AUTHENTICATION_HEADER,NEGOTIATE);
+ response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+
+ if (debug || logger.isLoggable(Level.FINE)){
+ logger.log(debugLevel,"jmac.sevlet_header_added_to_response",
+ NEGOTIATE);
+ }
+
+ return AuthStatus.SEND_CONTINUE;
+
+ } else {
+
+ if (authorization != null) {
+ logger.warning("jmac.servlet_authorization_header_ignored");
+ }
+
+ if (!setCallerPrincipal(null,clientSubject)) {
+ return sendFailureMessage
+ (response,
+ HttpServletResponse.SC_INTERNAL_SERVER_ERROR,
+ "Failed setting unauthenticated caller principal");
+ }
+
+ }
+
+ return AuthStatus.SUCCESS;
+ }
+
+ /**
+ * Secure a service response before sending it to the client.
+ *
+ * This method is called to transform the response message acquired by
+ * calling getResponseMessage (on messageInfo) into the mechanism-specific
+ * form to be sent by the runtime.
+ * <p> This method conveys the outcome of its message processing either
+ * by returning an AuthStatus value or by throwing an AuthException.
+ *
+ * @param messageInfo A contextual object that encapsulates the
+ * client request and server response objects, and that may be
+ * used to save state across a sequence of calls made to the
+ * methods of this interface for the purpose of completing a
+ * secure message exchange.
+ *
+ * @param serviceSubject A Subject that represents the source of the
+ * service
+ * response, or null. It may be used by the method implementation
+ * to retrieve Principals and credentials necessary to secure
+ * the response. If the Subject is not null,
+ * the method implementation may add additional Principals or
+ * credentials (pertaining to the source of the service
+ * response) to the Subject.
+ *
+ * @return An AuthStatus object representing the completion status of
+ * the processing performed by the method.
+ * The AuthStatus values that may be returned by this method
+ * are defined as follows:
+ *
+ * <ul>
+ * <li> AuthStatus.SEND_SUCCESS when the application response
+ * message was successfully secured. The secured response message may be
+ * obtained by calling getResponseMessage on messageInfo.
+ *
+ * <li> AuthStatus.SEND_CONTINUE to indicate that the application response
+ * message (within messageInfo) was replaced with a security message
+ * that should elicit a security-specific response (in the form of a
+ * request) from the peer.
+ *
+ * This status value serves to inform the calling runtime that
+ * (to successfully complete the message exchange) it will
+ * need to be capable of continuing the message dialog by processing
+ * at least one additional request/response exchange (after having
+ * sent the response message returned in messageInfo).
+ *
+ * When this status value is returned, the application response must
+ * be saved by the authentication module such that it can be recovered
+ * when the module's validateRequest message is called to process
+ * the elicited response.
+ *
+ * <li> AuthStatus.SEND_FAILURE to indicate that a failure occurred while
+ * securing the response message and that an appropriate failure response
+ * message is available by calling getResponseMeessage on messageInfo.
+ * </ul>
+ *
+ * @exception AuthException When the message processing failed without
+ * establishing a failure response message (in messageInfo).
+ */
+ public AuthStatus secureResponse(MessageInfo messageInfo,
+ Subject serviceSubject) throws AuthException {
+ return AuthStatus.SEND_SUCCESS;
+ }
+
+ /**
+ * Remove method specific principals and credentials from the subject.
+ *
+ * @param messageInfo a contextual object that encapsulates the
+ * client request and server response objects, and that may be
+ * used to save state across a sequence of calls made to the
+ * methods of this interface for the purpose of completing a
+ * secure message exchange.
+ *
+ * @param subject the Subject instance from which the Principals and
+ * credentials are to be removed.
+ *
+ * @exception AuthException If an error occurs during the Subject
+ * processing.
+ */
+
+ public void cleanSubject(MessageInfo messageInfo, Subject subject)
+ throws AuthException {
+ }
+
+ AuthStatus sendFailureMessage(HttpServletResponse response,
+ int status, String message){
+ try {
+ response.setStatus(status);
+ response.sendError(status,message);
+ } catch (Throwable t) {
+ // status code has been set, and proper AuthStatus will be returned
+ logger.log(Level.WARNING,"jmac.servlet_failed_sending_failure",t);
+ } finally {
+ return AuthStatus.SEND_FAILURE;
+ }
+ }
+
+ private boolean setCallerPrincipal(GSSName name,Subject clientSubject) {
+
+ Principal caller = null;
+
+ if (name != null) {
+
+ // create Subject with principals from name
+ Subject s = GSSUtil.createSubject(name,null);
+
+ Set principals = s.getPrincipals();
+
+ if (principals.size() > 0) {
+
+ clientSubject.getPrincipals().addAll(principals);
+
+ // if more than 1 prin, caller selection is unpredictable
+
+ caller = (Principal) principals.iterator().next();
+ } else if (debug || logger.isLoggable(Level.FINE)){
+ logger.log(debugLevel,"jmac.no_gss_caller_principal");
+ }
+ }
+
+ CallerPrincipalCallback cPCB =
+ new CallerPrincipalCallback(clientSubject,caller);
+
+ GroupPrincipalCallback gPCB = new GroupPrincipalCallback
+ (clientSubject,(caller == null ? null : assignedGroups));
+
+ try {
+ handler.handle(new Callback[] { cPCB, gPCB } );
+ if (debug || logger.isLoggable(Level.FINE)){
+ logger.log(debugLevel,"jmac.caller_principal",
+ new Object[] { caller } );
+ }
+ return true;
+ } catch (Exception e) {
+ // should not happen
+ logger.log(Level.WARNING,"jmac.failed_to_set_caller",e);
+ }
+
+ return false;
+ }
+
+ boolean isNTLMToken(byte[] bytes) {
+
+ String s = new String(bytes);
+ return s.startsWith(NTLM_INITIAL_TOKEN);
+ }
+
+ void debugToken(String message, byte[] bytes) {
+
+ if (debug || logger.isLoggable(Level.FINE)) {
+
+ StringBuffer sb = new StringBuffer();
+ sb.append("\n");
+ sb.append("Token " +
+ (Base64.isArrayByteBase64(bytes) ? "is" : "is Not") +
+ " Base64 encoded" + "\n");
+ sb.append("bytes: " );
+ boolean first = true;
+ for (byte b : bytes) {
+ int i = b;
+ if (first) {
+ sb.append(i);
+ first = false;
+ } else {
+ sb.append(", " + i);
+ }
+ }
+
+ logger.log(debugLevel,message,sb);
+ }
+ }
+
+ void debugRequest(HttpServletRequest request) {
+
+ if (debug || logger.isLoggable(Level.FINE)){
+ StringBuffer sb = new StringBuffer();
+ sb.append("\n");
+ try {
+ sb.append("Request: " +request.getRequestURL() + "\n");
+ sb.append("UserPrincipal: " + request.getUserPrincipal() + "\n");
+ sb.append("AuthType: " + request.getAuthType()+ "\n");
+ sb.append("Headers:" + "\n");
+ Enumeration names = request.getHeaderNames();
+ while (names.hasMoreElements()) {
+ String name = (String) names.nextElement();
+ sb.append("\t" + name + "\t" + request.getHeader(name) + "\n");
+ }
+
+ logger.log(debugLevel,"jmac.servlet_request",sb);
+
+ } catch(Throwable t) {
+ logger.log(Level.WARNING,"jmac.servlet_debug_request",t);
+ }
+ }
+ }
+
+ private String[] getAssignedGroupNames() {
+ String groupList = (String)
+ options.get(ASSIGN_GROUPS_OPTIONS_KEY);
+ String[] groups = null;
+ if (groupList != null) {
+ StringTokenizer tokenizer =
+ new StringTokenizer(groupList," ,:,;");
+ int count = tokenizer.countTokens();
+ if (count > 0) {
+ groups = new String[count];
+ for (int i = 0; i < count; i++) {
+ groups[i] = tokenizer.nextToken();
+ }
+ }
+ }
+ return groups;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/build.xml b/appserver/tests/appserv-tests/devtests/security/build.xml
new file mode 100644
index 0000000..9d0c12a
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/build.xml
@@ -0,0 +1,109 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+
+ Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!DOCTYPE project [
+<!ENTITY commonSetup SYSTEM "./../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "./../../config/common.xml">
+<!ENTITY reporting SYSTEM "./report.xml">
+<!ENTITY run SYSTEM "./../../config/run.xml">
+]>
+
+<project name="security" default="usage" basedir=".">
+
+ &commonSetup;
+ &commonBuild;
+ &reporting;
+ &run;
+
+<property file="build.properties" />
+
+ <target name="all">
+ <delete>
+ <fileset dir="${env.APS_HOME}" includes="test_results*, security-gtest-results.xml"/>
+ </delete>
+ <delete>
+ <fileset dir="." includes="*.output"/>
+ </delete>
+ <record name="security.output" action="start" />
+ <ant dir="jaccmr8" target="all"/>
+ <ant dir="uncovered-http-methods" target="all"/>
+<!-- <ant dir="simple-perf" target="all"/>--> <!-- DISABLED: Not listed -->
+ <ant dir="authConf" target="all"/>
+ <ant dir="negativeRealmPerApp" target="all"/>
+ <ant dir="realmPerApp" target="all"/>
+ <ant dir="soteria" target="all"/>
+<!-- <ant dir="weblogic-dd" target="all"/>--> <!-- DISABLED: Failures -->
+ <ant dir="sful" target="all"/>
+ <ant dir="userWithAtSymbol" target="all"/>
+ <ant dir="anyone" target="all"/>
+ <ant dir="ejb-oneway-ssl" target="all"/>
+ <ant dir="ejb-mutual-ssl" target="all"/>
+<!-- <ant dir="web-mutual-ssl" target="all"/>--> <!-- DISABLED -->
+<!-- <ant dir="cplogin" target="all"/>--> <!-- DISABLED -->
+<!-- <ant dir="plogin" target="all"/>--> <!-- DISABLED -->
+ <ant dir="jsp2sful" target="all"/>
+ <ant dir="httpMethod" target="all"/>
+ <ant dir="defaultp2r" target="all"/>
+ <ant dir="sameEjbName" target="all"/>
+<!-- <ant dir="mdb" target="all"/>--> <!-- DISABLED: Does not run -->
+<!-- <ant dir="timerStandalone" target="all"/>--> <!-- DISABLED: Failure -->
+ <ant dir="container-auth" target="all"/>
+ <ant dir="jmac" target="all"/>
+ <ant dir="wss" target="all"/>
+ <ant dir="ciphertest" target="all"/>
+ <ant dir="standalone" target="all"/>
+ <ant dir="simpleMultiRoleMapping" target="all"/>
+ <ant dir="multiRoleMapping" target="all"/>
+ <ant dir="jdbcrealm" target="all"/>
+<!-- <ant dir="pamrealm" target="all"/>--> <!-- DISABLED: Needs additional setup -->
+<!-- <ant dir="cert-realm-custom-loginmodule" target="all"/>--> <!-- DISABLED: Failure -->
+<!-- DISABLED: Needs a running LDAP server
+ <ant dir="ldap/simpleweb" target="all" />
+ <ant dir="ldapRealmPerApp" target="all"/>
+-->
+<!-- <ant dir="solarisRealm" target="all"/>--> <!-- DISABLED -->
+ <ant dir="jaccApi" target="all"/>
+ <record name="security.output" action="stop" />
+ <antcall target="report"/>
+ </target>
+
+ <target name="ejb">
+ <ant dir="negativeRealmPerApp" target="all"/>
+ <ant dir="realmPerApp" target="all"/>
+ <ant dir="sful" target="all"/>
+ </target>
+ <target name="soteria">
+ <delete>
+ <fileset dir="${env.APS_HOME}" includes="test_results*, security-gtest-results.xml"/>
+ </delete>
+ <record name="soteria.output" action="start" />
+ <ant dir="soteria" target="all"/>
+ <record name="soteria.output" action="stop" />
+ <antcall target="report"/>
+ </target>
+
+ <target name="usage">
+ <echo>
+ Usage:
+ ant all (Executes all security tests)
+ ant ejb (Executes all ejb-related security tests
+ ant web (Executes the web tests TBD)
+ </echo>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/cert-realm-custom-loginmodule/WebSSLClient.java b/appserver/tests/appserv-tests/devtests/security/cert-realm-custom-loginmodule/WebSSLClient.java
new file mode 100644
index 0000000..4def3c4
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/cert-realm-custom-loginmodule/WebSSLClient.java
@@ -0,0 +1,154 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package devtests.security;
+
+import java.io.*;
+import java.util.*;
+import java.security.*;
+import java.net.*;
+import javax.net.ssl.*;
+import com.sun.ejte.ccl.reporter.*;
+
+/*
+ This is the standalone client java program to access AS web app
+ which has <security-constraint> protected by (in its web.xml)
+ <login-config>
+ <auth-method>CLIENT-CERT</auth-method>
+ <realm-name>default</realm-name>
+ </login-config>
+*/
+public class WebSSLClient {
+
+ private static final String TEST_NAME
+ = "security-cert-realm-custom-loginmodule";
+
+ private static final String EXPECTED_RESPONSE
+ = "This is CN=SSLTest, OU=Sun Java System Application Server, O=Sun Microsystems, L=Santa Clara, ST=California, C=US from index.jsp";
+
+ private static SimpleReporterAdapter stat
+ = new SimpleReporterAdapter("appserv-tests");
+
+
+ public static void main(String args[]) throws Exception{
+
+ String host = args[0];
+ String port = args[1];
+ String contextRoot = args[2];
+ String keyStorePath = args[3];
+ String trustStorePath = args[4];
+ String sslPassword = args[5];
+
+ System.out.println("host/port=" + host + "/" + port);
+
+ try {
+ stat.addDescription(TEST_NAME);
+ SSLSocketFactory ssf = getSSLSocketFactory(sslPassword,
+ keyStorePath,
+ trustStorePath);
+ HttpsURLConnection connection = connect("https://" + host + ":"
+ + port + contextRoot
+ + "/index.jsp",
+ ssf);
+
+ parseResponse(connection);
+
+ } catch (Throwable t) {
+ stat.addStatus(TEST_NAME, stat.FAIL);
+ t.printStackTrace();
+ }
+ stat.printSummary(TEST_NAME);
+ }
+
+
+ private static void parseResponse(HttpsURLConnection connection)
+ throws Exception {
+
+ BufferedReader in = null;
+
+ try {
+ in = new BufferedReader(new InputStreamReader(
+ connection.getInputStream()));
+
+ String line = null;
+ while ((line = in.readLine()) != null) {
+ if (EXPECTED_RESPONSE.equals(line)) {
+ stat.addStatus(TEST_NAME, stat.PASS);
+ break;
+ }
+ }
+
+ if (line == null) {
+ System.err.println("Wrong response. Expected: "
+ + EXPECTED_RESPONSE
+ + ", received: " + line);
+ stat.addStatus(TEST_NAME, stat.FAIL);
+ }
+ } finally {
+ if (in != null) {
+ in.close();
+ }
+ }
+ }
+
+
+ private static SSLSocketFactory getSSLSocketFactory(String sslPassword,
+ String keyStorePath,
+ String trustStorePath)
+ throws Exception {
+
+ SSLContext ctx = SSLContext.getInstance("TLS");
+
+ // Keystore
+ KeyStore ks = KeyStore.getInstance("JKS");
+ char[] passphrase = sslPassword.toCharArray();
+ ks.load(new FileInputStream(keyStorePath), passphrase);
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
+ kmf.init(ks, passphrase);
+
+ // Truststore
+ KeyStore trustStore = KeyStore.getInstance("JKS");
+ trustStore.load(new FileInputStream(trustStorePath), null);
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
+ tmf.init(trustStore);
+
+ ctx.init(kmf.getKeyManagers(),tmf.getTrustManagers(), null);
+
+ return ctx.getSocketFactory();
+ }
+
+
+ private static HttpsURLConnection connect(String urlAddress,
+ SSLSocketFactory ssf)
+ throws Exception {
+
+ URL url = new URL(urlAddress);
+ HttpsURLConnection.setDefaultSSLSocketFactory(ssf);
+ HttpsURLConnection connection = (HttpsURLConnection)
+ url.openConnection();
+
+ connection.setHostnameVerifier(
+ new HostnameVerifier() {
+ public boolean verify(String rserver, SSLSession sses) {
+ return true;
+ }
+ });
+
+ connection.setDoOutput(true);
+
+ return connection;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/cert-realm-custom-loginmodule/build.properties b/appserver/tests/appserv-tests/devtests/security/cert-realm-custom-loginmodule/build.properties
new file mode 100644
index 0000000..dab8273
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/cert-realm-custom-loginmodule/build.properties
@@ -0,0 +1,32 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="cert-realm-custom-loginmodule"/>
+<property name="appname" value="${module}" />
+<property name="app.type" value="application"/>
+<property name="assemble" value="${build.classes.dir}/archive"/>
+<property name="contextroot" value="/${appname}"/>
+<!--======= -->
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="sun-application.xml" value="descriptor/sun-application.xml"/>
+<property name="ejb-jar.xml" value="descriptor/ejb-jar.xml"/>
+<property name="sun-ejb-jar.xml" value="descriptor/sun-ejb-jar.xml"/>
+<property name="appname" value="statefulLoginBean"/>
+<property name="web.xml" value="descriptor/web.xml"/>
+<property name="sun-web.xml" value="descriptor/sun-web.xml"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/cert-realm-custom-loginmodule/build.xml b/appserver/tests/appserv-tests/devtests/security/cert-realm-custom-loginmodule/build.xml
new file mode 100644
index 0000000..3900329
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/cert-realm-custom-loginmodule/build.xml
@@ -0,0 +1,137 @@
+<?xml version="1.0"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "file:./../../../config/run.xml">
+<!ENTITY commonSecurity SYSTEM "file:./../common.xml">
+<!ENTITY testProperties SYSTEM "./build.properties">
+]>
+
+
+<project name="cert-realm-custom-loginmodule" basedir="." default="usage">
+
+ &commonSetup;
+ &commonBuild;
+ &commonRun;
+ &commonSecurity;
+ &testProperties;
+
+ <target name="all" depends="build, setup, deploy, run, undeploy, unsetup"/>
+ <target name="clean" depends="init-common">
+ <delete dir="${build.classes.dir}"/>
+ <delete dir="${assemble.dir}"/>
+ </target>
+
+ <target name="compile" depends="clean">
+ <mkdir dir="build"/>
+ <javac srcdir="." destdir="./build" classpath="${env.APS_HOME}/lib/reporter.jar"
+ includes="WebSSLClient.java"/>
+ </target>
+
+ <target name="build" depends="compile">
+ <property name="hasWebclient" value="yes"/>
+ <antcall target="webclient-war-common">
+ <param name="hasWebclient" value="yes" />
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="src"/>
+ </antcall>
+ <mkdir dir="${assemble.dir}"/>
+ <jar jarfile="${assemble.dir}/test-${appname}.jar" excludes="tmp/**">
+ <fileset dir="${build.classes.dir}"/>
+ </jar>
+ </target>
+
+ <target name="build-publish-war" depends="build, publish-war-common" />
+
+ <target name="deploy" depends="init-common,build">
+ <antcall target="deploy-war-common"/>
+ </target>
+
+ <target name="re-deploy" depends="init-common,build">
+ <antcall target="deploy-war-common"/>
+ </target>
+
+ <target name="run" depends="init-common,init-security-util">
+ <java classname="devtests.security.WebSSLClient">
+ <sysproperty key="javax.net.debug1" value="ssl,handshake,data,trustmanager" />
+ <sysproperty key="sun.security.ssl.allowUnsafeRenegotiation" value="true" />
+ <arg value="${s1asCN}"/>
+ <arg value="${https.port}"/>
+ <arg value="${contextroot}"/>
+ <arg value="${mykeystore.db.file}"/>
+ <arg value="${mytruststore.db.file}"/>
+ <arg value="${ssl.password}"/>
+ <classpath>
+ <pathelement location="${env.APS_HOME}/lib/reporter.jar"/>
+ <pathelement location="./build"/>
+ </classpath>
+ </java>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-war-common"/>
+ </target>
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+
+ <target name="setup" depends="init-common,prepare-store-common">
+ <antcall target="env-check" />
+ <copy file="${assemble.dir}/test-${appname}.jar"
+ todir="${env.S1AS_HOME}/lib"/>
+ <copy file="${admin.domain.dir}/${admin.domain}/config/login.conf"
+ tofile="${admin.domain.dir}/${admin.domain}/config/login.conf.ORIG"/>
+ <concat destfile="${admin.domain.dir}/${admin.domain}/config/login.conf" append="true"><![CDATA[certRealm {
+ com.sun.s1asdev.security.certrealm.lm.CertificateLM required;
+};]]>
+ </concat>
+ <antcall target="restart-server-instance-common"/>
+ <antcall target="asadmin-common">
+ <param name="admin.command"
+ value="set" />
+ <param name="as.props" value="${as.props}"/>
+ <param name="operand.props"
+ value="configs.config.server-config.security-service.auth-realm.certificate.property.jaas-context=certRealm" />
+ </antcall>
+ </target>
+
+ <target name="unsetup">
+ <antcall target="restore"/>
+ </target>
+
+ <target name="restore" depends="init-common" >
+ <antcall target="asadmin-common-ignore-fail">
+ <param name="admin.command"
+ value="set" />
+ <param name="as.props" value="${as.props}"/>
+ <param name="operand.props"
+ value="configs.config.server-config.security-service.auth-realm.certificate.property.jaas-context=" />
+ </antcall>
+ <antcall target="remove-store-common"/>
+ <move file="${admin.domain.dir}/${admin.domain}/config/login.conf.ORIG"
+ tofile="${admin.domain.dir}/${admin.domain}/config/login.conf"/>
+ <delete file="${env.S1AS_HOME}/lib/test-${appname}.jar" failonerror="false"/>
+ <antcall target="restart-server-instance-common"/>
+ </target>
+
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/cert-realm-custom-loginmodule/descriptor/sun-application.xml b/appserver/tests/appserv-tests/devtests/security/cert-realm-custom-loginmodule/descriptor/sun-application.xml
new file mode 100644
index 0000000..3f12201
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/cert-realm-custom-loginmodule/descriptor/sun-application.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application PUBLIC "-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 J2EE Application 1.3//EN" "http://www.sun.com/software/sunone/appserver/dtds/sun-application_1_3-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application>
+<!--
+ <security-role-mapping>
+ <role-name>MANAGER</role-name>
+ <principal-name>cn=test,O=Sun,OU=JWS,L=Santa Clara,C=US</principal-name>
+ </security-role-mapping>
+-->
+</sun-application>
diff --git a/appserver/tests/appserv-tests/devtests/security/cert-realm-custom-loginmodule/descriptor/sun-web.xml b/appserver/tests/appserv-tests/devtests/security/cert-realm-custom-loginmodule/descriptor/sun-web.xml
new file mode 100644
index 0000000..f59184f
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/cert-realm-custom-loginmodule/descriptor/sun-web.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 Servlet 2.3//EN" "http://www.sun.com/software/sunone/appserver/dtds/sun-web-app_2_3-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-web-app>
+ <security-role-mapping>
+ <role-name>MANAGER</role-name>
+ <group-name>cert-realm-custom-loginmodule-web:alice-group</group-name>
+ </security-role-mapping>
+</sun-web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/cert-realm-custom-loginmodule/descriptor/web.xml b/appserver/tests/appserv-tests/devtests/security/cert-realm-custom-loginmodule/descriptor/web.xml
new file mode 100644
index 0000000..ca59f71
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/cert-realm-custom-loginmodule/descriptor/web.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
+ http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
+ version="2.4">
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Protected Area</web-resource-name>
+ <url-pattern>/index.jsp</url-pattern>
+ <http-method>DELETE</http-method>
+ <http-method>GET</http-method>
+ <http-method>POST</http-method>
+ <http-method>PUT</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>MANAGER</role-name>
+ </auth-constraint>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>CLIENT-CERT</auth-method>
+ </login-config>
+
+ <security-role>
+ <role-name>MANAGER</role-name>
+ </security-role>
+
+</web-app>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/cert-realm-custom-loginmodule/docroot/error.html b/appserver/tests/appserv-tests/devtests/security/cert-realm-custom-loginmodule/docroot/error.html
new file mode 100644
index 0000000..467a8f4
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/cert-realm-custom-loginmodule/docroot/error.html
@@ -0,0 +1,28 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<html>
+<head><title> A typical Error Page</title></head>
+<body>
+<h2>A simple Error Page</h2>
+<hr>
+You could not be authenticated with the information provided. <BR>
+Please check your Username and Password.
+<br>
+</body>
+</html>
diff --git a/appserver/tests/appserv-tests/devtests/security/cert-realm-custom-loginmodule/docroot/index.jsp b/appserver/tests/appserv-tests/devtests/security/cert-realm-custom-loginmodule/docroot/index.jsp
new file mode 100644
index 0000000..e10f076
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/cert-realm-custom-loginmodule/docroot/index.jsp
@@ -0,0 +1,24 @@
+<%--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+--%>
+
+<html>
+<head><title>JSP Page Access Profile</title></head>
+<body>
+This is <%= request.getRemoteUser() %> from index.jsp
+</body>
+</html>
diff --git a/appserver/tests/appserv-tests/devtests/security/cert-realm-custom-loginmodule/src/CertificateLM.java b/appserver/tests/appserv-tests/devtests/security/cert-realm-custom-loginmodule/src/CertificateLM.java
new file mode 100644
index 0000000..9e6d334
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/cert-realm-custom-loginmodule/src/CertificateLM.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2010, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.certrealm.lm;
+
+import com.sun.appserv.security.AppservCertificateLoginModule;
+import java.util.StringTokenizer;
+import java.util.logging.Level;
+import javax.security.auth.login.LoginException;
+
+/**
+ *
+ * @author nasradu8
+ */
+public class CertificateLM extends AppservCertificateLoginModule {
+
+ @Override
+ protected void authenticateUser() throws LoginException {
+ // Get the distinguished name from the X500Principal.
+ String dname = getX500Principal().getName();
+ StringTokenizer st = new StringTokenizer(dname, " \t\n\r\f,");
+ _logger.log(Level.INFO, "Appname: " + getAppName() + " accessed by " + getX500Principal().getName());
+ while (st.hasMoreTokens()) {
+ String next = st.nextToken();
+ // At this point, one has the application name and the DN of
+ // the certificate. A suitable login decision can be made here.
+ if (next.startsWith("CN=")) {
+ String cname = next.substring(3);
+ if (cname.equals("SSLTest")){
+ commitUserAuthentication(new String[]{getAppName() + ":alice-group"});
+ return;
+ }
+ }
+ }
+ throw new LoginException("No OU found.");
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/ciphertest/CipherTest.java b/appserver/tests/appserv-tests/devtests/security/ciphertest/CipherTest.java
new file mode 100644
index 0000000..fbb5e0a
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ciphertest/CipherTest.java
@@ -0,0 +1,358 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.SSLServerSocketFactory;
+
+import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLHandshakeException;
+
+import javax.net.ServerSocketFactory;
+
+import java.io.InputStreamReader;
+import java.io.OutputStreamWriter;
+import java.io.BufferedReader;
+import java.io.BufferedWriter;
+import java.io.IOException;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+public class CipherTest {
+
+ private static final String DEFAULT_HOSTNAME = "localhost";
+ private static final int DEFAULT_PORT = 8181;
+
+ private static final String HTTP_GET_REQUEST = "GET / HTTP/1.0";
+
+ private static String serverHostname = null;
+ private static int serverPort = -1;
+
+ // Default and Supported chipher set
+ private static String[] DEFAULT_CIPHERS = null;
+ private static String[] SUPPORTED_CIPHERS = null;
+
+ // Flags
+ private static final String INTERACTIVE_OPTION = "-i";
+
+ private static final String HELP_OPTION = "-h";
+ private static final String DEBUG_OPTION = "-d";
+ private static final String VERBOSE1_OPTION = "-v";
+ private static final String VERBOSE2_OPTION = "-verbose";
+
+ private static final String HOST_OPTION = "-host";
+ private static final String PORT_OPTION = "-port";
+
+ private static final String SHOULD_PASS_OPTION = "-shouldPass";
+ private static final String SHOULD_FAIL_OPTION = "-shouldFail";
+ private static final String ENABLED_CIPHER_OPTION = "-enabledCipher";
+
+ private static boolean VERBOSE_FLAG = false;
+
+ private static void usage() {
+ System.out.println("usage: CipherTest [-i] [-d] [-h] [-host hostname] [-port port#] -shouldPass <comma-spa-ciphers> [-v|-verbose]");
+ System.out.println("-i interactive flag");
+ System.out.println("-d debug mode");
+ System.out.println("-v verbose mode");
+ System.out.println("-verbose verbose mode");
+ System.out.println("-h help/usage");
+ System.out.println("-host hostname - host to connect to");
+ System.out.println("-port port# - port to connect to");
+ System.out.println("-enabledCiphers - comma separated list of ciphers that should be ");
+ System.out.println("-shouldPass - comma separated list of ciphers that should pass");
+ System.out.println("-shouldFail - comma separated list of ciphers that should fail");
+ }
+
+ private static void verbose(String msg) {
+ if( VERBOSE_FLAG)
+ System.out.println(msg);
+ }
+
+ public static void main(String[] args) throws Exception {
+
+ boolean interactive = false;
+ boolean debug = false;
+ boolean help = false;
+
+ //Set<String> shouldPass = new Set<String>();
+ //Set<String> shouldFail = new Set<String>();
+ String shouldPass = null;
+ String shouldFail = null;
+ String enabledCipherAsString = null;
+
+ for(int i=0; i<args.length; i++) {
+ if( args[i].intern() == INTERACTIVE_OPTION.intern() ) {
+ interactive = true;
+ } else if( args[i].intern() == HELP_OPTION.intern() ) {
+ help = true;
+ } else if( args[i].intern() == VERBOSE1_OPTION.intern() ) {
+ VERBOSE_FLAG = true;
+ } else if( args[i].intern() == VERBOSE2_OPTION.intern() ) {
+ VERBOSE_FLAG = true;
+ } else if( args[i].intern() == DEBUG_OPTION.intern() ) {
+ debug = true;
+ } else if( args[i].intern() == HOST_OPTION.intern() ) {
+ serverHostname = args[++i];
+ } else if( args[i].intern() == PORT_OPTION.intern() ) {
+ serverPort = Integer.parseInt(args[++i]);
+ } else if( args[i].intern() == SHOULD_PASS_OPTION.intern() ) {
+ shouldPass = args[++i];
+
+ /*
+ * Workaround for JavaSE bug (6518827) where
+ * arguments of length 0 are not passed in on Windows.
+ */
+ if (shouldPass.startsWith("-")) {
+ // a "" param was skipped
+ shouldPass = "";
+ i--;
+ }
+ } else if( args[i].intern() == SHOULD_FAIL_OPTION.intern() ) {
+ shouldFail = args[++i];
+ } else if( args[i].intern() == ENABLED_CIPHER_OPTION.intern() ) {
+ enabledCipherAsString = args[++i];
+ } else {
+ System.out.println("Unrecognized option: " + args[i]);
+ usage();
+ System.exit(10);
+ }
+
+ }
+
+ for(int i=0; i<args.length; i++) {
+ verbose("Arg[" + i + "] " + args[i]);
+ }
+
+ if( help) {
+ usage();
+ System.exit(0);
+ }
+ if( debug ) {
+ System.setProperty("javax.net.debug", "all");
+ }
+
+ if( shouldPass == null ) {
+ usage();
+ System.exit(11);
+ }
+
+ if( serverHostname == null )
+ serverHostname = DEFAULT_HOSTNAME;
+
+ if( serverPort == -1 )
+ serverPort = DEFAULT_PORT;
+
+
+ initCiphers();
+
+ if( interactive ) {
+ interactive();
+ } else {
+ nonInteractive(enabledCipherAsString, shouldPass, shouldFail);
+ }
+
+ }
+
+ private static void interactive()
+ throws IOException {
+
+ BufferedReader reader =
+ new BufferedReader(new InputStreamReader(System.in));
+
+ while(true) {
+ System.out.println();
+ System.out.print(
+ "Enter number of cipher or cipher-name to enable on this client: ");
+ String s = reader.readLine();
+ CipherTest ct = null;
+ try {
+ int num = Integer.parseInt(s);
+ ct = new CipherTest(num, SUPPORTED_CIPHERS[num], null);
+ } catch(Exception e) {
+ // try it as a string
+ ct = new CipherTest(s, s, null);
+ }
+
+ ct.run();
+ }
+ }
+
+ private static void nonInteractive(String enabledCipher,
+ String shouldPass, String shouldFail) {
+
+// if( enabledCipher == null ) {
+// for(int i=0; i<SUPPORTED_CIPHERS.length; i++) {
+// CipherTest ct = new CipherTest(i, SUPPORTED_CIPHERS[i], shouldFail);
+// ct.run();
+// }
+// } else {
+// CipherTest ct = new CipherTest(enabledCipher, shouldPass, shouldFail);
+// ct.run();
+// }
+
+ CipherTest ct = new CipherTest(enabledCipher, shouldPass, shouldFail);
+ ct.run();
+ }
+
+ private static void nonInteractive(String[] enabledCipher,
+ String shouldPass, String shouldFail) {
+ // TODO
+ }
+
+
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+
+ private int startCipher = -1;
+ String[] ciphers = null;
+ String shouldPass;
+ String shouldFail;
+ private String testId = null;
+
+ public CipherTest(int start, String shouldPass, String shouldFail) {
+ startCipher = start;
+ ciphers = new String[1];
+ ciphers[0] = SUPPORTED_CIPHERS[startCipher];
+
+ this.shouldPass = shouldPass;
+ this.shouldFail = shouldFail;
+
+ }
+
+ public CipherTest(String cipherName, String shouldPass, String shouldFail) {
+ if( cipherName != null ) {
+ ciphers = new String[1];
+ ciphers[0] = cipherName;
+ }
+
+ this.shouldPass = shouldPass;
+ this.shouldFail = shouldFail;
+ }
+
+ public void run() {
+
+ try {
+
+ testId = "SSL cipher test - " + ciphers[0];
+ stat.addDescription("Security::SSL cipher test " + ciphers[0]);
+
+ doSSLTest(ciphers);
+ verbose("Supported cipher suite: " + ciphers[0]);
+
+ passed(ciphers);
+ //System.exit(0);
+
+ } catch(SSLHandshakeException e) {
+ failed(ciphers);
+ verbose("Unsupported (SSLHandshakeException) ciphers: " + ciphers[0] + " ...");
+ } catch(SSLException e) {
+ failed(ciphers);
+ verbose("SSLException with ciphers: " + ciphers[0] + e.getMessage());
+ } catch(IOException e) {
+ failed(ciphers);
+ verbose("IOException with ciphers: " + ciphers[0] + " ...");
+ } finally {
+ stat.printSummary(testId);
+ }
+ }
+
+ private void passed(String[] thatPassed) {
+ for(int i=0; i<thatPassed.length; i++) {
+ int index = shouldPass.indexOf(thatPassed[i]);
+ if( index < 0 ) {
+ // is not in the should pass, test failed
+ System.out.println("Cipher - " + thatPassed[i] +
+ " - pased, but should not have. Test failed");
+ stat.addStatus(testId, stat.FAIL);
+ return;
+ //System.exit(1);
+ }
+ }
+
+ System.out.println("Test passed");
+ stat.addStatus(testId, stat.PASS);
+ //System.exit(0);
+ }
+
+ private void failed(String[] thatFailed) {
+ for(int i=0; i<thatFailed.length; i++) {
+ int index = shouldPass.indexOf(thatFailed[i]);
+ if( index >= 0 ) {
+ // is in the should pass, but did not
+ System.out.println("Cipher - " + thatFailed[i] +
+ " - failed, but should have passed. Test failed");
+ stat.addStatus(testId, stat.FAIL);
+ return;
+ //System.exit(1);
+ }
+ }
+
+ System.out.println("(Negative) Test passed");
+ stat.addStatus(testId, stat.PASS);
+ //System.exit(0);
+ }
+
+ private void doSSLTest(String[] enableCiphers) throws IOException {
+
+ SSLSocketFactory sslSocketFactory =
+ (SSLSocketFactory)SSLSocketFactory.getDefault();
+
+ SSLSocket secureSocket = (SSLSocket)
+ sslSocketFactory.createSocket(serverHostname, serverPort);
+
+ if( enableCiphers != null )
+ secureSocket.setEnabledCipherSuites(enableCiphers);
+
+ BufferedWriter buffWriter = new BufferedWriter(
+ new OutputStreamWriter(secureSocket.getOutputStream()));
+ buffWriter.write(HTTP_GET_REQUEST);
+ buffWriter.newLine();
+ buffWriter.newLine();
+ buffWriter.flush();
+ //buffWriter.close();
+
+ //System.out.println("Written request to server: " + HTTP_GET_REQUEST);
+
+ BufferedReader buffReader = new BufferedReader(
+ new InputStreamReader(secureSocket.getInputStream()));
+ String readin = null;
+ while( (readin=buffReader.readLine()) != null ) {
+ //System.out.println(readin);
+ }
+ }
+
+ private static void initCiphers() {
+ ServerSocketFactory ssf = SSLServerSocketFactory.getDefault();
+ SSLServerSocketFactory sslssf = null;
+ if( ssf instanceof SSLServerSocketFactory ) {
+ sslssf = (SSLServerSocketFactory)ssf;
+ } else {
+ System.out.println(ssf.getClass().getName());
+ System.exit(1);
+ }
+ DEFAULT_CIPHERS = sslssf.getDefaultCipherSuites();
+ SUPPORTED_CIPHERS = sslssf.getSupportedCipherSuites();
+
+ for(int i=0; i<DEFAULT_CIPHERS.length; i++) {
+ verbose("Default cipher[" + i + "] "+DEFAULT_CIPHERS[i]);
+ }
+ for(int i=0; i<SUPPORTED_CIPHERS.length; i++) {
+ verbose("Supported cipher[" + i + "] " + SUPPORTED_CIPHERS[i]);
+ }
+
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/ciphertest/README b/appserver/tests/appserv-tests/devtests/security/ciphertest/README
new file mode 100644
index 0000000..8db5638
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ciphertest/README
@@ -0,0 +1,2 @@
+1. The cipher tests currently only work with RSA key and ciphers
+2. The check for server authentication only(no client authentication)
diff --git a/appserver/tests/appserv-tests/devtests/security/ciphertest/build.properties b/appserver/tests/appserv-tests/devtests/security/ciphertest/build.properties
new file mode 100644
index 0000000..5da4bf9
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ciphertest/build.properties
@@ -0,0 +1,21 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security"/>
+<property name="sub-module" value="ciphertest"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/ciphertest/build.xml b/appserver/tests/appserv-tests/devtests/security/ciphertest/build.xml
new file mode 100644
index 0000000..838c8da
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ciphertest/build.xml
@@ -0,0 +1,234 @@
+<?xml version="1.0"?>
+<!--
+
+ Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!DOCTYPE project [
+<!ENTITY commonSetup SYSTEM "./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "./../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "./../../../config/run.xml">
+<!ENTITY testProperties SYSTEM "./build.properties">
+<!ENTITY commonSecurity SYSTEM "./../common.xml">
+]>
+
+
+<project name="ciphertest" basedir="." default="usage">
+
+ &commonSetup;
+ &commonBuild;
+ &commonRun;
+ &testProperties;
+ &commonSecurity;
+
+ <target name="usage">
+ <echo>
+ Usage:
+ ant all (Executes all ciphertests)
+ </echo>
+ </target>
+
+ <target name="all" depends="build, setup, deploy,run, undeploy, unsetup">
+ </target>
+
+ <target name="setup" depends="init-common, prepare-store-common">
+ <property name="https.1.port" value="1${https.port}" />
+ <property name="https.2.port" value="2${https.port}" />
+ <copy file="testsetup.asadmin.template" tofile="testsetup.asadmin" overwrite="true"/>
+ <replace file="testsetup.asadmin">
+ <replacefilter token="@HTTPS1PORT@" value="${https.1.port}"/>
+ <replacefilter token="@HTTPS2PORT@" value="${https.2.port}"/>
+ </replace>
+
+ <antcall target="asadmin-batch-common">
+ <param name="asadmin.file" value="testsetup.asadmin"/>
+ </antcall>
+
+ <delete file="testsetup.asadmin" />
+ <antcall target="restart-server-instance-common"/>
+ </target>
+
+ <target name="unsetup" depends="init-common, remove-store-common">
+ <antcall target="asadmin-batch-common">
+ <param name="asadmin.file" value="testunsetup.asadmin"/>
+ </antcall>
+ <antcall target="restart-server-instance-common"/>
+ </target>
+
+ <target name="clean" depends="init-common">
+ <delete dir="${build.classes.dir}"/>
+ <delete dir="${assemble.dir}"/>
+ </target>
+
+ <target name="compile" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="."/>
+ </antcall>
+ </target>
+
+ <target name="build" depends="compile">
+ </target>
+
+ <target name="deploy" depends="init-common">
+ </target>
+
+ <target name="run" depends="init-common">
+ <antcall target="runciphertest-1"/>
+ <antcall target="runciphertest-2"/>
+ <antcall target="runciphertest-3"/>
+ </target>
+
+ <target name="echo" depends="init-common">
+ <echo message="as.props = ${as.props}"/>
+ <echo message="mykeystore.db.file = ${mykeystore.db.file}"/>
+ <echo message="mytruststore.db.file = ${mytruststore.db.file}"/>
+ </target>
+
+ <target name="cipher-test">
+
+ <java classname="CipherTest" fork="true">
+ <classpath>
+ <pathelement path="${build.classes.dir}:${s1astest.classpath}"/>
+ </classpath>
+ <jvmarg value="-Djavax.net.ssl.trustStore=${mytruststore.db.file}"/>
+ <jvmarg value="-Djavax.net.ssl.trustStorePassword=${ssl.password}"/>
+ <jvmarg value="-Djavax.net.ssl.keyStore=${mykeystore.db.file}"/>
+ <jvmarg value="-Djavax.net.ssl.keyStorePassword=${ssl.password}"/>
+
+<!-- <arg value="-verbose"/> -->
+ <arg value="-host"/>
+ <arg value="${http.host}"/>
+ <arg value="-port"/>
+ <arg value="${https.port}"/>
+ <arg value="-shouldPass"/>
+ <arg value="${should-pass-cipher}"/>
+ <arg value="-enabledCipher"/>
+ <arg value="${enable-cipher}"/>
+ </java>
+
+ </target>
+
+ <target name="runciphertest-1" depends="init-common">
+
+ <property name="https.1.port" value="1${https.port}" />
+ <property name="https.2.port" value="2${https.port}" />
+
+ <antcall target="cipher-test">
+ <param name="should-pass-cipher" value=""/>
+ <param name="enable-cipher" value="SSL_RSA_WITH_DES_CBC_SHA"/>
+ <param name="https.port" value="${https.1.port}"/>
+ </antcall>
+
+ <antcall target="cipher-test">
+ <param name="should-pass-cipher" value=""/>
+ <param name="enable-cipher" value="SSL_RSA_EXPORT_WITH_RC4_40_MD5"/>
+ <param name="https.port" value="${https.1.port}"/>
+ </antcall>
+
+ <antcall target="cipher-test">
+ <param name="should-pass-cipher" value=""/>
+ <param name="enable-cipher" value="SSL_RSA_WITH_NULL_MD5"/>
+ <param name="https.port" value="${https.1.port}"/>
+ </antcall>
+
+ <antcall target="cipher-test">
+ <param name="should-pass-cipher" value=""/>
+ <param name="enable-cipher" value="SSL_RSA_WITH_RC4_128_SHA"/>
+ <param name="https.port" value="${https.1.port}"/>
+ </antcall>
+
+ <antcall target="cipher-test">
+ <param name="should-pass-cipher" value=""/>
+ <param name="enable-cipher" value="SSL_RSA_WITH_NULL_SHA"/>
+ <param name="https.port" value="${https.1.port}"/>
+ </antcall>
+ </target>
+
+
+ <target name="runciphertest-2" depends="init-common">
+
+ <property name="https.1.port" value="1${https.port}" />
+ <property name="https.2.port" value="2${https.port}" />
+
+<!-- JDK 8 u172 - 3DES cipher suites disabled
+ <antcall target="cipher-test">
+ <param name="should-pass-cipher" value="SSL_RSA_WITH_3DES_EDE_CBC_SHA"/>
+ <param name="enable-cipher" value="SSL_RSA_WITH_3DES_EDE_CBC_SHA"/>
+ <param name="https.port" value="${https.2.port}"/>
+ </antcall>
+-->
+
+<!-- Disable failing test cases (use of -Dsun.security.ssl.allowUnsafeRenegotiation=true has no impact)
+ <antcall target="cipher-test">
+ <param name="should-pass-cipher" value="SSL_RSA_WITH_DES_CBC_SHA"/>
+ <param name="enable-cipher" value="SSL_RSA_WITH_DES_CBC_SHA"/>
+ <param name="https.port" value="${https.2.port}"/>
+ </antcall>
+
+ <antcall target="cipher-test">
+ <param name="should-pass-cipher" value="SSL_RSA_EXPORT_WITH_RC4_40_MD5"/>
+ <param name="enable-cipher" value="SSL_RSA_EXPORT_WITH_RC4_40_MD5"/>
+ <param name="https.port" value="${https.2.port}"/>
+ </antcall>
+-->
+
+ <antcall target="cipher-test">
+ <param name="should-pass-cipher" value="SSL_RSA_WITH_NULL_MD5"/>
+ <param name="enable-cipher" value="SSL_RSA_WITH_NULL_MD5"/>
+ <param name="https.port" value="${https.2.port}"/>
+ </antcall>
+
+ <antcall target="cipher-test">
+ <param name="should-pass-cipher" value="SSL_RSA_WITH_NULL_SHA"/>
+ <param name="enable-cipher" value="SSL_RSA_WITH_NULL_SHA"/>
+ <param name="https.port" value="${https.2.port}"/>
+ </antcall>
+
+ <antcall target="cipher-test">
+ <param name="should-pass-cipher" value=""/>
+ <param name="enable-cipher" value="SSL_RSA_WITH_RC4_128_MD5"/>
+ <param name="https.port" value="${https.2.port}"/>
+ </antcall>
+ </target>
+
+ <target name="runciphertest-3" depends="init-common">
+ <property name="https.1.port" value="1${https.port}" />
+ <property name="https.2.port" value="2${https.port}" />
+ <antcall target="cipher-test">
+ <param name="should-pass-cipher" value=""/>
+ <param name="enable-cipher" value="SSL_DH_anon_WITH_RC4_128_MD5"/>
+ </antcall>
+ <antcall target="cipher-test">
+ <param name="should-pass-cipher" value=""/>
+ <param name="enable-cipher" value="SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"/>
+ </antcall>
+ <antcall target="cipher-test">
+ <param name="should-pass-cipher" value=""/>
+ <param name="enable-cipher" value="SSL_DH_anon_WITH_DES_CBC_SHA"/>
+ </antcall>
+ <antcall target="cipher-test">
+ <param name="should-pass-cipher" value=""/>
+ <param name="enable-cipher" value="SSL_DH_anon_EXPORT_WITH_RC4_40_MD5"/>
+ </antcall>
+ <antcall target="cipher-test">
+ <param name="should-pass-cipher" value=""/>
+ <param name="enable-cipher" value="SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA"/>
+ </antcall>
+
+ </target>
+
+ <target name="undeploy" depends="init-common"/>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/ciphertest/testsetup.asadmin.template b/appserver/tests/appserv-tests/devtests/security/ciphertest/testsetup.asadmin.template
new file mode 100644
index 0000000..d8adee4
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ciphertest/testsetup.asadmin.template
@@ -0,0 +1,8 @@
+delete-http-listener test-http-listener-1
+delete-http-listener test-http-listener-2
+
+create-http-listener --listeneraddress 0.0.0.0 --listenerport @HTTPS1PORT@ --defaultvs server --securityenabled=true test-http-listener-1
+create-ssl --type http-listener --certname s1as --ssl3tlsciphers "SSL_RSA_WITH_RC4_128_MD5" test-http-listener-1
+
+create-http-listener --listeneraddress 0.0.0.0 --listenerport @HTTPS2PORT@ --defaultvs server --securityenabled=true test-http-listener-2
+create-ssl --type http-listener --certname s1as --ssl3tlsciphers "SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5,SSL_RSA_WITH_NULL_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_NULL_SHA" test-http-listener-2
diff --git a/appserver/tests/appserv-tests/devtests/security/ciphertest/testunsetup.asadmin b/appserver/tests/appserv-tests/devtests/security/ciphertest/testunsetup.asadmin
new file mode 100644
index 0000000..d984326
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ciphertest/testunsetup.asadmin
@@ -0,0 +1,2 @@
+delete-http-listener test-http-listener-1
+delete-http-listener test-http-listener-2
diff --git a/appserver/tests/appserv-tests/devtests/security/common.xml b/appserver/tests/appserv-tests/devtests/security/common.xml
new file mode 100644
index 0000000..b6b3b4c
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/common.xml
@@ -0,0 +1,396 @@
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!-- common security tasks -->
+<property name="webtest.classname" value="org.apache.tomcat.task.GTest"/>
+<property name="webtest.classpath" value="${env.APS_HOME}/lib/testdriversecurity.jar:${env.APS_HOME}/lib/commons-logging.jar"/>
+<property name="webtest.report.dir" value="${env.APS_HOME}/"/>
+<!-- this is for referencing generate key/trust stores in client -->
+<property name="mykeystore.db.file" value="${env.APS_HOME}/build/__keystore.jks"/>
+<property name="mytruststore.db.file" value="${env.APS_HOME}/build/__cacerts.jks"/>
+<property name="appserver.config.name" value="server-config"/>
+<property name="wsimport.VMARGS" value=""/>
+
+<target name="init-security-util" depends="gethostname">
+<!-- <ant dir="${env.APS_HOME}/devtests/security/util" target="all"/>
+ <taskdef name="s1asCN" classname="devtests.security.util.S1ASCN" classpath="${env.APS_HOME}/devtests/security/util/build:${env.S1AS_HOME}/lib/appserv-rt.jar"/>
+ <s1asCN/>
+ <echo message="s1as CN = ${s1asCN}"/> -->
+</target>
+<target name="gethostname">
+ <exec executable="hostname" osfamily="unix" failifexecutionfails="false" outputproperty="env.COMPUTERNAME"/>
+ <property name="s1asCN" value="${env.COMPUTERNAME}" />
+ <echo message="s1as CN = ${s1asCN}"/>
+</target>
+<!-- Create auth realm -->
+<target name="create-auth-realm" depends="init-common">
+ <echo message="Creating auth realm ${realmname} ..."/>
+ <exec executable="${ASADMIN}">
+ <arg line="create-auth-realm"/>
+ <arg line="${as.props} --target=${appserver.instance.name}"/>
+ <arg line="--classname ${realmclass}"/>
+ <arg line="${realmproperties}"/>
+ <arg line="${realmname}"/>
+ </exec>
+</target>
+
+<!-- Create file auth realm -->
+<target name="create-auth-filerealm">
+ <!-- workaround for handling the special character : in the admin command -->
+ <echo message="file=${keyfile.path}" file="temp.txt"/>
+ <replace file="temp.txt" token="\" value="/"/>
+ <replace file="temp.txt" token=":" value="\\:"/>
+ <loadproperties srcFile="temp.txt"/>
+ <echo message="${file}"/>
+ <delete file="temp.txt"/>
+
+ <antcall target="create-auth-realm">
+ <param name="realmname" value="${file.realm.name}"/>
+ <param name="realmclass" value="com.sun.enterprise.security.auth.realm.file.FileRealm"/>
+ <param name="realmproperties" value="--property file=${file}:jaas-context=fileRealm"/>
+ </antcall>
+</target>
+
+<target name="create-user">
+ <antcall target="create-user-common">
+ <param name="user" value="harpreet"/>
+ <param name="password" value="harpreet"/>
+ <param name="groups" value="employee"/>
+ </antcall>
+</target>
+
+<target name="delete-user">
+ <antcall target="delete-user-common">
+ <param name="user" value="harpreet"/>
+ </antcall>
+</target>
+
+<target name="env-check" depends="init-common">
+ <!--
+ Determine if we need to use the certutil or the keytool command to
+ access the certificate truststore
+ -->
+ <property name="nss.db.dir" location="${admin.domain.dir}/${admin.domain}/config"/>
+ <condition property="isNSS">
+ <and>
+ <available file="${nss.db.dir}/cert8.db"/>
+ <available file="${nss.db.dir}/key3.db"/>
+ <available file="${nss.db.dir}/secmod.db"/>
+ </and>
+ </condition>
+</target>
+
+<!-- this target parpare stores with client and server have different keys -->
+<target name="prepare-store-common" depends="env-check">
+ <property name="cert.rfc.file" location="${build.base.dir}/${cert.nickname}.rfc"/>
+ <property name="keycert.rfc.file" location="${build.base.dir}/ssltest.rfc"/>
+ <delete quiet="true" file="${mytruststore.db.file}"/>
+ <delete quiet="true" file="${mykeystore.db.file}"/>
+ <delete quiet="true" file="${cert.rfc.file}"/>
+ <delete quiet="true" file="${keycert.rfc.file}"/>
+
+ <mkdir dir="${build.base.dir}"/>
+ <antcall target="prepare-store-certutil-common"/>
+ <antcall target="prepare-store-keytool-common"/>
+</target>
+
+<target name="prepare-store-certutil-common" depends="init-common" if="isNSS">
+ <exec executable="${env.S1AS_HOME}/lib/certutil" failonerror="true" output="${cert.rfc.file}">
+ <!--
+ LD_LIBRARY_PATH is needed on Unix platforms and should have no
+ effect on Windows
+ -->
+ <env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib"/>
+ <arg line="-L -n '${cert.nickname}' -a"/>
+ <arg value="-d"/>
+ <arg file="${nss.db.dir}"/>
+ </exec>
+ <antcall target="import-cert-jks">
+ <param name="cert.alias" value="${cert.nickname}"/>
+ <param name="keystore.file" value="${mytruststore.db.file}"/>
+ <param name="cert.file" value="${cert.rfc.file}"/>
+ </antcall>
+
+ <antcall target="generate-jks-key"/>
+ <exec executable="${java.home}/bin/keytool" failonerror="true">
+ <arg line="-export -rfc -alias ssltest -file ${keycert.rfc.file} -keystore ${mykeystore.db.file} -storepass ${ssl.password}"/>
+ </exec>
+
+ <exec executable="${env.S1AS_HOME}/lib/certutil" failonerror="true">
+ <!--
+ LD_LIBRARY_PATH is needed on Unix platforms and should have no
+ effect on Windows
+ -->
+ <env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib"/>
+ <arg line="-A -n ssltest -i ${keycert.rfc.file} -a"/>
+ <arg value="-t"/>
+ <arg value="P,p,p"/>
+ <arg value="-d"/>
+ <arg file="${nss.db.dir}"/>
+ </exec>
+</target>
+
+<target name="prepare-store-keytool-common" depends="init-common" unless="isNSS">
+ <copy file="${admin.domain.dir}/${admin.domain}/config/cacerts.jks" tofile="${mytruststore.db.file}"/>
+ <antcall target="generate-jks-key"/>
+
+ <exec executable="${java.home}/bin/keytool" failonerror="true">
+ <arg line="-export -rfc -alias ssltest -file ${keycert.rfc.file} -keystore ${mykeystore.db.file} -storepass ${ssl.password}"/>
+ </exec>
+ <exec executable="${java.home}/bin/keytool" failonerror="true">
+ <arg line="-import -trustcacerts -alias ssltest -storepass '${ssl.password}' -noprompt "/>
+ <arg value="-file"/>
+ <arg file="${keycert.rfc.file}"/>
+ <arg value="-keystore"/>
+ <arg file="${admin.domain.dir}/${admin.domain}/config/cacerts.jks"/>
+ </exec>
+</target>
+
+<target name="generate-jks-key" depends="init-common">
+ <exec executable="${java.home}/bin/keytool" failonerror="true">
+ <arg line="-genkey -alias ssltest -dname"/>
+ <arg value="CN=SSLTest, OU=Sun Java System Application Server, O=Sun Microsystems, L=Santa Clara, ST=California, C=US"/>
+ <arg value="-validity"/>
+ <arg value="3650"/>
+ <arg value="-keypass"/>
+ <arg value="${ssl.password}"/>
+ <arg value="-keystore"/>
+ <arg value="${mykeystore.db.file}"/>
+ <arg value="-storepass"/>
+ <arg value="${ssl.password}"/>
+ </exec>
+</target>
+
+<target name="remove-store-common" depends="env-check">
+ <property name="keycert.rfc.file" location="${build.base.dir}/ssltest.rfc"/>
+
+ <delete quiet="true" file="${mykeystore.db.file}"/>
+ <delete quiet="true" file="${keycert.rfc.file}"/>
+
+ <antcall target="remove-store-certutil-common"/>
+ <antcall target="remove-store-keytool-common"/>
+</target>
+
+<target name="remove-store-certutil-common" depends="init-common" if="isNSS">
+ <exec executable="${env.S1AS_HOME}/lib/certutil" failonerror="true">
+ <!--
+ LD_LIBRARY_PATH is needed on Unix platforms and should have no
+ effect on Windows
+ -->
+ <env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib"/>
+ <arg line="-D -n ssltest "/>
+ <arg value="-d"/>
+ <arg file="${nss.db.dir}"/>
+ </exec>
+</target>
+
+<target name="remove-store-keytool-common" depends="init-common" unless="isNSS">
+ <exec executable="${java.home}/bin/keytool" failonerror="true">
+ <arg line="-delete -alias ssltest -storepass '${ssl.password}'"/>
+ <arg value="-keystore"/>
+ <arg file="${admin.domain.dir}/${admin.domain}/config/cacerts.jks"/>
+ </exec>
+</target>
+
+<!-- this target parpare stores with client and server have the same key -->
+<target name="prepare-store-nickname-common" depends="env-check">
+ <property name="cert.rfc.file" location="${build.base.dir}/${cert.nickname}.rfc"/>
+ <property name="keycert.rfc.file" location="${build.base.dir}/ssltest.rfc"/>
+ <delete quiet="true" file="${mytruststore.db.file}"/>
+ <delete quiet="true" file="${mykeystore.db.file}"/>
+ <delete quiet="true" file="${cert.rfc.file}"/>
+ <delete quiet="true" file="${keycert.rfc.file}"/>
+
+ <mkdir dir="${build.base.dir}"/>
+ <antcall target="prepare-store-nickname-certutil-common"/>
+ <antcall target="prepare-store-nickname-keytool-common"/>
+</target>
+
+<target name="prepare-store-nickname-keytool-common" depends="init-common" unless="isNSS">
+ <copy file="${admin.domain.dir}/${admin.domain}/config/keystore.jks" tofile="${mykeystore.db.file}"/>
+ <copy file="${admin.domain.dir}/${admin.domain}/config/cacerts.jks" tofile="${mytruststore.db.file}"/>
+</target>
+
+<target name="prepare-store-nickname-certutil-common" depends="init-common" if="isNSS">
+ <antcall target="export-cert-p12-nss">
+ <param name="cert.file" value="${build.base.dir}/s1as.p12"/>
+ <param name="cert.dir" value="${nss.db.dir}"/>
+ <param name="certdb.pwd" value="${ssl.password}"/>
+ <param name="cert.pwd" value="${ssl.password}"/>
+ <param name="cert.nickname" value="${cert.nickname}"/>
+ </antcall>
+ <antcall target="convert-pkcs12-to-jks">
+ <param name="pkcs12.file" value="${build.base.dir}/s1as.p12"/>
+ <param name="pkcs12.pass" value="${ssl.password}"/>
+ <param name="jks.file" value="${mykeystore.db.file}"/>
+ <param name="jks.pass" value="${ssl.password}"/>
+ </antcall>
+ <antcall target="get-certdb-to-jks">
+ <param name="cert.nickname" value="${cert.nickname}"/>
+ </antcall>
+</target>
+
+<target name="export-cert-p12-nss" depends="init-common">
+ <exec executable="${env.S1AS_HOME}/lib/pk12util">
+ <env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib:${os.nss.path}"/>
+ <arg line="-o ${cert.file}"/>
+ <arg line="-d ${cert.dir}"/>
+ <arg line="-n ${cert.nickname}"/>
+ <arg line="-K ${certdb.pwd}"/>
+ <arg line="-W ${cert.pwd}"/>
+ </exec>
+</target>
+
+
+<target name="convert-pkcs12-to-jks" depends="init-common">
+ <delete file="${jks.file}" failonerror="false"/>
+ <java classname="com.sun.enterprise.security.KeyTool">
+ <arg line="-pkcs12"/>
+ <arg line="-pkcsFile ${pkcs12.file}"/>
+ <arg line="-pkcsKeyStorePass ${pkcs12.pass}"/>
+ <arg line="-pkcsKeyPass ${pkcs12.pass}"/>
+ <arg line="-jksFile ${jks.file}"/>
+ <arg line="-jksKeyStorePass ${jks.pass}"/>
+ <classpath>
+ <pathelement path="${s1as.classpath}"/>
+ <pathelement path="${env.JAVA_HOME}/jre/lib/jsse.jar"/>
+ <pathelement path="${env.JAVA_HOME}/bundle/Classes/jsse.jar"/>
+ </classpath>
+ </java>
+</target>
+
+
+<!-- Get certificate from NSS db to JKS format -->
+<target name="get-certdb-to-jks" depends="init-common">
+ <exec executable="${env.S1AS_HOME}/lib/certutil" output="${admin.domain.dir}/${admin.domain}/config/certdb.rfc">
+ <env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib"/>
+ <arg line="-L -n ${cert.nickname}"/>
+ <arg line="-d ${nss.db.dir} -a"/>
+ </exec>
+ <antcall target="import-cert-jks">
+ <param name="cert.alias" value="${cert.nickname}"/>
+ <param name="keystore.file" value="${mytruststore.db.file}"/>
+ <param name="cert.file" value="${admin.domain.dir}/${admin.domain}/config/certdb.rfc"/>
+ </antcall>
+</target>
+
+<target name="import-cert-jks">
+ <exec executable="${java.home}/bin/keytool" failonerror="true">
+ <arg line="-import -trustcacerts -alias ${cert.alias} -storepass '${ssl.password}' -noprompt "/>
+ <arg value="-file"/>
+ <arg file="${cert.file}"/>
+ <arg value="-keystore"/>
+ <arg file="${keystore.file}"/>
+ </exec>
+</target>
+
+<!-- for WSS -->
+<target name="enable-wss-message-security-provider" depends="init-common">
+ <exec executable="${ASADMIN}">
+ <arg line="set"/>
+ <arg line="${as.props}"/>
+ <arg line="${appserver.config.name}.security-service.message-security-config.SOAP.default_provider=${wss.server.provider.name}"/>
+ </exec>
+ <exec executable="${ASADMIN}">
+ <arg line="set"/>
+ <arg line="${as.props}"/>
+ <arg line="${appserver.config.name}.security-service.message-security-config.SOAP.default_client_provider=${wss.client.provider.name}"/>
+ </exec>
+</target>
+
+<target name="disable-wss-message-security-provider" depends="init-common">
+ <exec executable="${ASADMIN}">
+ <arg line="set"/>
+ <arg line="${as.props}"/>
+ <arg line="${appserver.config.name}.security-service.message-security-config.SOAP.default_provider="/>
+ </exec>
+ <exec executable="${ASADMIN}">
+ <arg line="set"/>
+ <arg line="${as.props}"/>
+ <arg line="${appserver.config.name}.security-service.message-security-config.SOAP.default_client_provider="/>
+ </exec>
+</target>
+
+<target name="set-wss-provider-request-auth-recipient" depends="init-common">
+ <exec executable="${ASADMIN}">
+ <arg line="set"/>
+ <arg line="${as.props}"/>
+ <arg line="${appserver.config.name}.security-service.message-security-config.SOAP.provider-config.${wss.provider.name}.request-policy.auth_recipient=${request.auth.recipient}"/>
+ </exec>
+</target>
+
+<target name="set-wss-provider-response-auth-recipient" depends="init-common">
+ <exec executable="${ASADMIN}">
+ <arg line="set"/>
+ <arg line="${as.props}"/>
+ <arg line="${appserver.config.name}.security-service.message-security-config.SOAP.provider-config.${wss.provider.name}.response-policy.auth_recipient=${response.auth.recipient}"/>
+ </exec>
+</target>
+
+<target name="backup-glassfish-acc.xml" depends="init-common">
+ <copy overwrite="true" failonerror="false" file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml" tofile="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml.SAVE"/>
+</target>
+
+<target name="enable-wss-appclient-message-security-provider" depends="init-common">
+ <replace file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml" token=""SOAP">" value=""SOAP" default-client-provider="${wss.client.provider.name}">"/>
+</target>
+
+<target name="set-wss-appclient-request-recipient">
+ <replace file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml" token="request-policy auth-source" value="request-policy auth-recipient="${request.auth.recipient}" auth-source"/>
+</target>
+
+<target name="set-wss-appclient-response-recipient">
+ <replace file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml" token="response-policy auth-source" value="response-policy auth-recipient="${response.auth.recipient}" auth-source"/>
+</target>
+
+<target name="disable-wss-appclient-message-security-provider" depends="init-common">
+ <replace file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml" token=""SOAP" default-client-provider="${wss.client.provider.name}">" value=""SOAP">"/>
+</target>
+
+<target name="unset-wss-appclient-request-recipient">
+ <replace file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml" token="request-policy auth-recipient="${request.auth.recipient}" auth-source" value="request-policy auth-source"/>
+</target>
+
+<target name="unset-wss-appclient-response-recipient">
+ <replace file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml" token="response-policy auth-recipient="${response.auth.recipient}" auth-source" value="response-policy auth-source"/>
+</target>
+
+<target name="setJAXWSToolsForWin" if="isWindows">
+ <property name="WSGEN" value="${env.S1AS_HOME}/bin/wsgen.bat"/>
+ <property name="WSIMPORT" value="${env.S1AS_HOME}/bin/wsimport.bat"/>
+ <property name="ASAPT" value="${env.S1AS_HOME}/bin/asapt.bat"/>
+</target>
+
+<target name="setJAXWSToolsForUnix" if="isUnix">
+ <property name="WSGEN" value="${env.S1AS_HOME}/bin/wsgen"/>
+ <property name="WSIMPORT" value="${env.S1AS_HOME}/bin/wsimport"/>
+ <property name="ASAPT" value="${env.S1AS_HOME}/bin/asapt"/>
+</target>
+
+<target name="wsgen" depends="init-common,setJAXWSToolsForWin,setJAXWSToolsForUnix">
+ <exec executable="${WSGEN}" failonerror="true" >
+ <arg line="${wsgen.args}" />
+ </exec>
+</target>
+
+<target name="wsimport" depends="init-common,setJAXWSToolsForWin,setJAXWSToolsForUnix">
+ <exec executable="${WSIMPORT}" failonerror="true" >
+ <env key="WSIMPORT_OPTS" value="${wsimport.VMARGS}"/>
+ <arg line="${wsimport.args}" />
+ </exec>
+</target>
diff --git a/appserver/tests/appserv-tests/devtests/security/container-auth/build.properties b/appserver/tests/appserv-tests/devtests/security/container-auth/build.properties
new file mode 100644
index 0000000..34b4055
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/container-auth/build.properties
@@ -0,0 +1,20 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/container-auth/build.xml b/appserver/tests/appserv-tests/devtests/security/container-auth/build.xml
new file mode 100644
index 0000000..a1f2537
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/container-auth/build.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "file:./../../../config/run.xml">
+<!ENTITY testProperties SYSTEM "./build.properties">
+]>
+
+
+<project name="container-auth" basedir="." default="usage">
+
+ &commonSetup;
+ &commonBuild;
+ &commonRun;
+ &testProperties;
+
+ <target name="all" depends="build, run"/>
+
+ <target name="clean" depends="init-common">
+ <delete dir="${build.classes.dir}"/>
+ <delete dir="${assemble.dir}"/>
+ </target>
+
+ <target name="compile" depends="clean">
+ <mkdir dir="${build.classes.dir}"/>
+ <echo message="Compiling test source files" level="verbose"/>
+ <javac srcdir="jauth"
+ destdir="${build.classes.dir}"
+ classpath="${env.S1AS_HOME}/lib/appserv-rt.jar:${s1astest.classpath}"
+ debug="on"
+ failonerror="true"
+ />
+ </target>
+
+ <target name="build" depends="compile">
+ </target>
+
+ <target name="run" depends="init-common">
+ <antcall target="runaccxml"/>
+ </target>
+
+ <target name="runaccxml" depends="init-common">
+<!--TODO uncomment later-->
+ <java classname="AuthConfigTest" fork="yes">
+ <classpath>
+ <pathelement path="${env.S1AS_HOME}/lib/appserv-rt.jar:${build.classes.dir}"/>
+ <pathelement path="${env.S1AS_HOME}/lib/appserv-admin.jar"/>
+ <pathelement path="${env.S1AS_HOME}/lib/j2ee.jar"/>
+ <pathelement path="${env.S1AS_HOME}/lib/jmac-api.jar"/>
+ <pathelement path="${env.S1AS_HOME}/lib/dtds"/>
+ <pathelement path="${env.S1AS_HOME}/lib/schemas"/>
+ <pathelement path="${env.APS_HOME}/lib/reporter.jar"/>
+ </classpath>
+ <arg value="xml-parse" />
+ <sysproperty key="java.security.debug" value="configfile,configxmlparser"/>
+ <sysproperty key="sun-acc.xml.url" value="${env.APS_HOME}/devtests/security/container-auth/testConfig/sun-acc.xml"/>
+ <!--<jvmarg value="-Xdebug" />
+ <jvmarg value="-Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8008"/>-->
+ </java>
+ </target>
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/container-auth/jauth/AuthConfigTest.java b/appserver/tests/appserv-tests/devtests/security/container-auth/jauth/AuthConfigTest.java
new file mode 100644
index 0000000..af0f14b
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/container-auth/jauth/AuthConfigTest.java
@@ -0,0 +1,497 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+import com.sun.enterprise.security.jauth.*;
+
+import javax.security.auth.Subject;
+//import javax.security.auth.message.config.ServerAuthContext;
+//import javax.security.auth.message.config.ClientAuthContext;;
+import com.sun.enterprise.security.jauth.AuthConfig;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.AppConfigurationEntry;
+import java.util.*;
+import java.lang.reflect.*;
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+/**
+ * 1. domain.xml test:
+ *
+ * %java -Ddomain.xml.url=domain.xml
+ * -Djava.security.debug=configfile,configxmlparser
+ * -classpath .:classes:config-api.jar:appserv-commons.jar:schema2beans.jar
+ * AuthConfigTest xml-parse
+ *
+ * 2. sun-acc.xml test:
+ *
+ * %java -Dsun-acc.xml.url=sun-acc.xml
+ * -Djava.security.debug=configfile,configxmlparser
+ * -classpath .:classes:config-api.jar:appserv-commons.jar:schema2beans.jar
+ * AuthConfigTest xml-parse
+ *
+ * 3. custom module config file test:
+ *
+ * %java -Djava.authconfig=testConfig/config.module
+ * -Dconfigfile.parser=file
+ * -Djava.security.debug=configfile,configfileparser
+ * -classpath .:classes:config-api.jar:appserv-commons.jar:schema2beans.jar
+ * AuthConfigTest file-parse
+ */
+
+public class AuthConfigTest extends Thread {
+
+ private static final String SOAP = "SOAP";
+ private static final String HTTP = "HTTP";
+ private static final String EJB = "EJB";
+
+ private static final String testId = "Sec::Container-Auth_Test_Num_";
+
+ private static final AuthPolicy configRequest =
+ new AuthPolicy(AuthPolicy.SOURCE_AUTH_SENDER, true, true);
+
+ private static final AuthPolicy configResponse =
+ new AuthPolicy(AuthPolicy.SOURCE_AUTH_CONTENT, true, false);
+
+ private static final AuthPolicy ddRequest =
+ new AuthPolicy(AuthPolicy.SOURCE_AUTH_CONTENT, false, false);
+
+ private static final AuthPolicy ddResponse =
+ new AuthPolicy(AuthPolicy.SOURCE_AUTH_SENDER, false, false);
+
+ private static final AuthPolicy ddHttpRequest =
+ new AuthPolicy(AuthPolicy.SOURCE_AUTH_NONE, false, false);
+
+ private static final AuthPolicy ddHttpResponse =
+ new AuthPolicy(AuthPolicy.SOURCE_AUTH_CONTENT, false, false);
+
+ private static final AuthPolicy ddEjbResponse =
+ new AuthPolicy(AuthPolicy.SOURCE_AUTH_NONE, true, false);
+
+ private static SimpleReporterAdapter stat = new SimpleReporterAdapter("appserv-tests");
+
+ public static void main(String[] args) throws Exception {
+
+ int testnum = 0;
+ if (args == null || args.length == 0 ||
+ args[0].equalsIgnoreCase("xml-parse")) {
+
+ testnum = xmlParse(testnum);
+
+ } else if (args[0].equalsIgnoreCase("file-parse")) {
+
+ testnum = fileParse(testnum);
+
+ } else {
+ throw new Exception("unrecognized command for AuthConfigTest");
+ }
+ }
+
+ private static int xmlParse(int testnum) throws Exception {
+
+ try{
+ System.setProperty("config.parser", "com.sun.enterprise.security.appclient.ConfigXMLParser");
+ AuthConfig config = AuthConfig.getAuthConfig();
+ ClientAuthContext cac;
+ ServerAuthContext sac;
+
+ Subject subject = new Subject();
+ HashMap options;
+ TestCredential cred1;
+
+ /**
+ * Test NULL return
+ */
+ stat.addDescription("Sec::Container-auth tests");
+ String testid = testId + testnum;
+ if (config.getServerAuthContext(EJB, "foo", null, null, null) != null) {
+ stat.addStatus(testid, stat.FAIL);
+ }else
+ stat.addStatus(testid, stat.PASS);
+ testnum++;
+ System.out.println("Testing Container-auth testid = "+testnum);
+
+ if (config.getServerAuthContext(EJB, null, null, null, null) != null) {
+ stat.addStatus(testid+testnum, stat.FAIL);
+ }else
+ stat.addStatus(testid+testnum, stat.PASS);
+ testnum++;
+
+ /**
+ * SOAP - CLIENT
+ */
+ System.out.println("Testing Container-auth testid = "+testnum);
+
+ cac = config.getClientAuthContext(SOAP, "foo", null, null, null);
+ cac.secureRequest(null, subject, null);
+ options = new HashMap();
+ options.put("option1", "true");
+ cred1 = new TestCredential("ClientModule1",
+ options,
+ configRequest,
+ configResponse);
+ if (!subject.getPublicCredentials().contains(cred1)) {
+ stat.addStatus(testid+testnum, stat.FAIL);
+ }else
+ stat.addStatus(testid+testnum, stat.PASS);
+
+ cac.disposeSubject(subject, null);
+ testnum++;
+ System.out.println("Testing Container-auth testid = "+testnum);
+
+ cac = config.getClientAuthContext(SOAP,
+ "app1",
+ ddRequest,
+ ddResponse,
+ null);
+ cac.secureRequest(null, subject, null);
+ cred1 = new TestCredential("ClientModule1",
+ new HashMap(),
+ ddRequest,
+ ddResponse);
+
+ if (!subject.getPublicCredentials().contains(cred1)) {
+ stat.addStatus(testid+testnum, stat.FAIL);
+ }else
+ stat.addStatus(testid+testnum, stat.PASS);
+
+ cac.disposeSubject(subject, null);
+ testnum++;
+
+ System.out.println("Testing Container-auth testid = "+testnum);
+ cac = config.getClientAuthContext(SOAP,
+ "app4",
+ ddRequest,
+ null,
+ null);
+ cac.secureRequest(null, subject, null);
+ cred1 = new TestCredential("ClientModule1",
+ new HashMap(),
+ ddRequest,
+ null);
+ if (!subject.getPublicCredentials().contains(cred1)) {
+ stat.addStatus(testid+testnum, stat.FAIL);
+ }else
+ stat.addStatus(testid+testnum, stat.PASS);
+
+ cac.disposeSubject(subject, null);
+ testnum++;
+ System.out.println("Testing Container-auth testid = "+testnum);
+
+ cac = config.getClientAuthContext(SOAP,
+ "app3",
+ null,
+ ddResponse,
+ null);
+ cac.secureRequest(null, subject, null);
+ cred1 = new TestCredential("ClientModule1",
+ new HashMap(),
+ null,
+ ddResponse);
+ if (!subject.getPublicCredentials().contains(cred1)) {
+ stat.addStatus(testid+testnum, stat.FAIL);
+ }else
+ stat.addStatus(testid+testnum, stat.PASS);
+
+ cac.disposeSubject(subject, null);
+ testnum++;
+ System.out.println("Testing Container-auth testid = "+testnum);
+
+ cac = config.getClientAuthContext(SOAP,
+ "foo",
+ ddRequest,
+ ddResponse,
+ null);
+ cac.secureRequest(null, subject, null);
+ options = new HashMap();
+ options.put("option1", "true");
+ cred1 = new TestCredential("ClientModule1",
+ options,
+ ddRequest,
+ ddResponse);
+ if (!subject.getPublicCredentials().contains(cred1)) {
+ stat.addStatus(testid+testnum, stat.FAIL);
+ }else
+ stat.addStatus(testid+testnum, stat.PASS);
+
+ cac.disposeSubject(subject, null);
+ testnum++;
+ System.out.println("Testing Container-auth testid = "+testnum);
+
+ cac = config.getClientAuthContext(SOAP,
+ null,
+ ddRequest,
+ ddResponse,
+ null);
+ cac.secureRequest(null, subject, null);
+ options = new HashMap();
+ options.put("option1", "true");
+ cred1 = new TestCredential("ClientModule1",
+ options,
+ ddRequest,
+ ddResponse);
+ if (!subject.getPublicCredentials().contains(cred1)) {
+ stat.addStatus(testid+testnum, stat.FAIL);
+ }else
+ stat.addStatus(testid+testnum, stat.PASS);
+
+ cac.disposeSubject(subject, null);
+
+ testnum++;
+ System.out.println("Testing Container-auth testid = "+testnum);
+
+ cac = config.getClientAuthContext(SOAP,
+ "app1",
+ ddRequest,
+ null,
+ null);
+ cac.secureRequest(null, subject, null);
+ cred1 = new TestCredential("ClientModule1",
+ new HashMap(),
+ ddRequest,
+ null);
+ if (!subject.getPublicCredentials().contains(cred1)) {
+ stat.addStatus(testid+testnum, stat.FAIL);
+ }else
+ stat.addStatus(testid+testnum, stat.PASS);
+
+ cac.disposeSubject(subject, null);
+ testnum++;
+ System.out.println("Testing Container-auth testid = "+testnum);
+
+ cac = config.getClientAuthContext(SOAP,
+ "app1",
+ null,
+ ddResponse,
+ null);
+ cac.secureRequest(null, subject, null);
+ cred1 = new TestCredential("ClientModule1",
+ new HashMap(),
+ null,
+ ddResponse);
+ if (!subject.getPublicCredentials().contains(cred1)) {
+ stat.addStatus(testid+testnum, stat.FAIL);
+ }else
+ stat.addStatus(testid+testnum, stat.PASS);
+
+ cac.disposeSubject(subject, null);
+ testnum++;
+ System.out.println("Testing Container-auth testid = "+testnum);
+
+ // SKIP DD URI8 entry in XML-PARSE case
+
+ cac = config.getClientAuthContext(SOAP,
+ null,
+ ddRequest,
+ null,
+ null);
+ cac.secureRequest(null, subject, null);
+ options = new HashMap();
+ options.put("option1", "true");
+ cred1 = new TestCredential("ClientModule1",
+ options,
+ ddRequest,
+ null);
+ if (!subject.getPublicCredentials().contains(cred1)) {
+ stat.addStatus(testid+testnum, stat.FAIL);
+ }else
+ stat.addStatus(testid+testnum, stat.PASS);
+
+ cac.disposeSubject(subject, null);
+ testnum++;
+ System.out.println("Testing Container-auth testid = "+testnum);
+
+ cac = config.getClientAuthContext(SOAP,
+ null,
+ null,
+ ddResponse,
+ null);
+ cac.secureRequest(null, subject, null);
+ options = new HashMap();
+ options.put("option1", "true");
+ cred1 = new TestCredential("ClientModule1",
+ options,
+ null,
+ ddResponse);
+ if (!subject.getPublicCredentials().contains(cred1)) {
+ stat.addStatus(testid+testnum, stat.FAIL);
+ }else
+ stat.addStatus(testid+testnum, stat.PASS);
+
+ cac.disposeSubject(subject, null);
+ testnum++;
+ System.out.println("Testing Container-auth testid = "+testnum);
+
+ /**
+ * SOAP - SERVER
+ */
+
+ sac = config.getServerAuthContext(SOAP,
+ null,
+ ddRequest,
+ null,
+ null);
+ sac.validateRequest(null, subject, null);
+ cred1 = new TestCredential("ServerModule1",
+ new HashMap(),
+ ddRequest,
+ null);
+ if (!subject.getPublicCredentials().contains(cred1)) {
+ stat.addStatus(testid+testnum, stat.FAIL);
+ }else
+ stat.addStatus(testid+testnum, stat.PASS);
+ cac.disposeSubject(subject, null);
+ testnum++;
+ System.out.println("Testing Container-auth testid = "+testnum);
+
+ sac = config.getServerAuthContext(SOAP,
+ null,
+ null,
+ ddResponse,
+ null);
+ sac.validateRequest(null, subject, null);
+ cred1 = new TestCredential("ServerModule1",
+ new HashMap(),
+ null,
+ ddResponse);
+ if (!subject.getPublicCredentials().contains(cred1)) {
+ stat.addStatus(testid+testnum, stat.FAIL);
+ }else
+ stat.addStatus(testid+testnum, stat.PASS);
+
+ cac.disposeSubject(subject, null);
+ testnum++;
+ System.out.println("Testing Container-auth testid = "+testnum);
+
+ /**
+ * SOAP - check null request/response policies
+ */
+
+ if (config.getServerAuthContext(SOAP,
+ "app6",
+ null,
+ null,
+ null) != null) {
+ stat.addStatus(testid+testnum, stat.FAIL);
+ }else
+ stat.addStatus(testid+testnum, stat.PASS);
+
+ testnum++;
+ System.out.println("Testing Container-auth testid = "+testnum);
+ }finally{
+ stat.printSummary();
+ }
+
+ return testnum;
+ }
+
+ private static int fileParse(int testnum) throws Exception {
+
+ AuthConfig config = AuthConfig.getAuthConfig();
+ ClientAuthContext cac;
+ ServerAuthContext sac;
+
+ Subject subject = new Subject();
+ HashMap options;
+ TestCredential cred1;
+ TestCredential cred2;
+
+ testnum = xmlParse(testnum);
+
+ /**
+ * test case for multiple modules
+ */
+
+ cac = config.getClientAuthContext(SOAP,
+ "app5",
+ ddRequest,
+ ddResponse,
+ null);
+ cac.secureRequest(null, subject, null);
+ cred1 = new TestCredential("ClientModule1",
+ new HashMap(),
+ ddRequest,
+ ddResponse);
+ cred2 = new TestCredential("ClientModule2",
+ new HashMap(),
+ ddRequest,
+ ddResponse);
+ if (!subject.getPublicCredentials().contains(cred1) ||
+ !subject.getPublicCredentials().contains(cred2)) {
+ throw new SecurityException("test " + testnum++ + " failed");
+ }
+ cac.disposeSubject(subject, null);
+ testnum++;
+
+ /**
+ * HTTP - SERVER
+ */
+
+ sac = config.getServerAuthContext(HTTP,
+ null,
+ ddHttpRequest,
+ null,
+ null);
+ sac.validateRequest(null, subject, null);
+ cred1 = new TestCredential("ServerModule1",
+ new HashMap(),
+ ddHttpRequest,
+ configResponse);
+ cred2 = null;
+ if (!subject.getPublicCredentials().contains(cred1)) {
+ throw new SecurityException("test " + testnum++ + " failed");
+ }
+ sac.disposeSubject(subject, null);
+ testnum++;
+
+ sac = config.getServerAuthContext(HTTP,
+ "app9",
+ null,
+ ddHttpResponse,
+ null);
+ sac.validateRequest(null, subject, null);
+ cred1 = new TestCredential("ServerModule1",
+ new HashMap(),
+ configRequest,
+ ddHttpResponse);
+ cred2 = null;
+ if (!subject.getPublicCredentials().contains(cred1)) {
+ throw new SecurityException("test " + testnum++ + " failed");
+ }
+ sac.disposeSubject(subject, null);
+ testnum++;
+
+ /**
+ * EJB - SERVER
+ */
+ sac = config.getServerAuthContext(EJB,
+ "app10",
+ null,
+ ddEjbResponse,
+ null);
+ sac.validateRequest(null, subject, null);
+ cred1 = new TestCredential("ServerModule1",
+ new HashMap(),
+ configRequest,
+ ddEjbResponse);
+ cred2 = null;
+ if (!subject.getPublicCredentials().contains(cred1)) {
+ throw new SecurityException("test " + testnum++ + " failed");
+ }
+ sac.disposeSubject(subject, null);
+ testnum++;
+
+ return testnum;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/container-auth/jauth/ClientModule1.java b/appserver/tests/appserv-tests/devtests/security/container-auth/jauth/ClientModule1.java
new file mode 100644
index 0000000..0a7ea6a
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/container-auth/jauth/ClientModule1.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+import java.util.*;
+
+import com.sun.enterprise.security.jauth.*;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+
+public class ClientModule1 extends CommonModule {
+
+ public ClientModule1() { }
+
+/*
+ public void initialize(AuthPolicy requestPolicy,
+ AuthPolicy responsePolicy,
+ CallbackHandler handler,
+ Map options) {
+ }
+
+ public void secureRequest(AuthParam param,
+ Subject subject,
+ Map sharedState)
+ throws AuthException {
+ }
+
+ public void validateResponse(AuthParam param,
+ Subject subject,
+ Map sharedState)
+ throws AuthException {
+ }
+
+ public void disposeSubject(Subject subject,
+ Map sharedState)
+ throws AuthException {
+ }
+*/
+}
+
diff --git a/appserver/tests/appserv-tests/devtests/security/container-auth/jauth/ClientModule2.java b/appserver/tests/appserv-tests/devtests/security/container-auth/jauth/ClientModule2.java
new file mode 100644
index 0000000..01ccabc
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/container-auth/jauth/ClientModule2.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+import java.util.*;
+
+import com.sun.enterprise.security.jauth.*;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+
+public class ClientModule2 extends CommonModule {
+
+ public ClientModule2() { }
+
+/*
+ public void initialize(AuthPolicy requestPolicy,
+ AuthPolicy responsePolicy,
+ CallbackHandler handler,
+ Map options) {
+ }
+
+ public void secureRequest(AuthParam param,
+ Subject subject,
+ Map sharedState)
+ throws AuthException {
+ }
+
+ public void validateResponse(AuthParam param,
+ Subject subject,
+ Map sharedState)
+ throws AuthException {
+ }
+
+ public void disposeSubject(Subject subject,
+ Map sharedState)
+ throws AuthException {
+ }
+*/
+}
+
diff --git a/appserver/tests/appserv-tests/devtests/security/container-auth/jauth/CommonModule.java b/appserver/tests/appserv-tests/devtests/security/container-auth/jauth/CommonModule.java
new file mode 100644
index 0000000..cb9c5d8
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/container-auth/jauth/CommonModule.java
@@ -0,0 +1,104 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+import java.util.*;
+
+import com.sun.enterprise.security.jauth.*;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+
+public class CommonModule implements ClientAuthModule, ServerAuthModule {
+
+ protected AuthPolicy requestPolicy;
+ protected AuthPolicy responsePolicy;
+ protected CallbackHandler handler;
+ protected Map options;
+
+ protected TestCredential cred;
+
+ protected CommonModule() { }
+
+ public void initialize(AuthPolicy requestPolicy,
+ AuthPolicy responsePolicy,
+ CallbackHandler handler,
+ Map options) {
+ this.requestPolicy = requestPolicy;
+ this.responsePolicy = responsePolicy;
+ this.handler = handler;
+ this.options = options;
+ }
+
+ public void secureRequest(AuthParam param,
+ Subject subject,
+ Map sharedState)
+ throws AuthException {
+ if (cred == null) {
+ cred = new TestCredential(this.getClass().getName(),
+ options,
+ requestPolicy,
+ responsePolicy);
+ }
+ subject.getPublicCredentials().add(cred);
+ }
+
+ public void validateResponse(AuthParam param,
+ Subject subject,
+ Map sharedState)
+ throws AuthException {
+ if (cred == null) {
+ cred = new TestCredential(this.getClass().getName(),
+ options,
+ requestPolicy,
+ responsePolicy);
+ }
+ subject.getPublicCredentials().add(cred);
+ }
+
+ public void validateRequest(AuthParam param,
+ Subject subject,
+ Map sharedState)
+ throws AuthException {
+ if (cred == null) {
+ cred = new TestCredential(this.getClass().getName(),
+ options,
+ requestPolicy,
+ responsePolicy);
+ }
+ subject.getPublicCredentials().add(cred);
+ }
+
+ public void secureResponse(AuthParam param,
+ Subject subject,
+ Map sharedState)
+ throws AuthException {
+ if (cred == null) {
+ cred = new TestCredential(this.getClass().getName(),
+ options,
+ requestPolicy,
+ responsePolicy);
+ }
+ subject.getPublicCredentials().add(cred);
+ }
+
+ public void disposeSubject(Subject subject,
+ Map sharedState)
+ throws AuthException {
+ if (cred != null) {
+ subject.getPublicCredentials().remove(cred);
+ }
+ }
+}
+
diff --git a/appserver/tests/appserv-tests/devtests/security/container-auth/jauth/ServerModule1.java b/appserver/tests/appserv-tests/devtests/security/container-auth/jauth/ServerModule1.java
new file mode 100644
index 0000000..5f58dc6
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/container-auth/jauth/ServerModule1.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+import java.util.*;
+
+import com.sun.enterprise.security.jauth.*;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+
+public class ServerModule1 extends CommonModule {
+
+ public ServerModule1() { }
+
+/*
+ public void initialize(AuthPolicy requestPolicy,
+ AuthPolicy responsePolicy,
+ CallbackHandler handler,
+ Map options) {
+ }
+
+ public void validateRequest(AuthParam param,
+ Subject subject,
+ Map sharedState)
+ throws AuthException {
+ }
+
+ public void secureResponse(AuthParam param,
+ Subject subject,
+ Map sharedState)
+ throws AuthException {
+ }
+
+ public void disposeSubject(Subject subject,
+ Map sharedState)
+ throws AuthException {
+ }
+*/
+}
+
diff --git a/appserver/tests/appserv-tests/devtests/security/container-auth/jauth/ServerModule2.java b/appserver/tests/appserv-tests/devtests/security/container-auth/jauth/ServerModule2.java
new file mode 100644
index 0000000..e3571fc
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/container-auth/jauth/ServerModule2.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+import java.util.*;
+
+import com.sun.enterprise.security.jauth.*;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+
+public class ServerModule2 extends CommonModule {
+
+ public ServerModule2() { }
+
+/*
+ public void initialize(AuthPolicy requestPolicy,
+ AuthPolicy responsePolicy,
+ CallbackHandler handler,
+ Map options) {
+ }
+
+ public void validateRequest(AuthParam param,
+ Subject subject,
+ Map sharedState)
+ throws AuthException {
+ }
+
+ public void secureResponse(AuthParam param,
+ Subject subject,
+ Map sharedState)
+ throws AuthException {
+ }
+
+ public void disposeSubject(Subject subject,
+ Map sharedState)
+ throws AuthException {
+ }
+*/
+}
+
diff --git a/appserver/tests/appserv-tests/devtests/security/container-auth/jauth/TestCredential.java b/appserver/tests/appserv-tests/devtests/security/container-auth/jauth/TestCredential.java
new file mode 100644
index 0000000..5c90820
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/container-auth/jauth/TestCredential.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+import java.util.*;
+
+import com.sun.enterprise.security.jauth.*;
+
+public class TestCredential {
+
+ String moduleClass;
+ Map options;
+ AuthPolicy requestPolicy;
+ AuthPolicy responsePolicy;
+
+ public TestCredential(String moduleClass,
+ Map options,
+ AuthPolicy requestPolicy,
+ AuthPolicy responsePolicy) {
+ this.moduleClass = moduleClass;
+ this.options = options;
+ this.requestPolicy = requestPolicy;
+ this.responsePolicy = responsePolicy;
+ }
+
+ public boolean equals(Object o) {
+ if (this == o) {
+ return true;
+ }
+
+ if (!(o instanceof TestCredential)) {
+ return false;
+ }
+ TestCredential that = (TestCredential)o;
+
+ if (this.moduleClass.equals(that.moduleClass) &&
+ this.options.equals(that.options) &&
+ (this.requestPolicy == that.requestPolicy ||
+ (this.requestPolicy != null &&
+ this.requestPolicy.equals(that.requestPolicy))) &&
+ (this.responsePolicy == that.responsePolicy ||
+ (this.responsePolicy != null &&
+ this.responsePolicy.equals(that.responsePolicy)))) {
+ return true;
+ }
+
+ return false;
+ }
+
+ public int hashCode() {
+ return moduleClass.hashCode() + options.hashCode();
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/container-auth/testConfig/domain.xml b/appserver/tests/appserv-tests/devtests/security/container-auth/testConfig/domain.xml
new file mode 100644
index 0000000..e10ccb4
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/container-auth/testConfig/domain.xml
@@ -0,0 +1,262 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE domain PUBLIC "-//Sun Microsystems Inc.//DTD Application Server 8.0 Domain//EN" "http://www.sun.com/software/appserver/dtds/sun-domain_1_1.dtd">
+<!--
+
+ Copyright (c) 2004, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!-- Generated from default-domain.xml.template -->
+<domain application-root="${com.sun.aas.instanceRoot}/applications" log-root="${com.sun.aas.instanceRoot}/logs">
+ <applications>
+ <j2ee-application availability-enabled="false" directory-deployed="false" enabled="true" location="${com.sun.aas.instanceRoot}/applications/j2ee-apps/MEjbApp" name="MEjbApp" object-type="system-all"/>
+ <j2ee-application availability-enabled="false" directory-deployed="false" enabled="true" location="${com.sun.aas.instanceRoot}/applications/j2ee-apps/__ejb_container_timer_app" name="__ejb_container_timer_app" object-type="system-all"/>
+ <j2ee-application availability-enabled="false" directory-deployed="false" enabled="true" location="${com.sun.aas.instanceRoot}/applications/j2ee-apps/ejb-stateful-persistenceApp" name="ejb-stateful-persistenceApp" object-type="user"/>
+ <web-module availability-enabled="false" context-root="/web1" directory-deployed="true" enabled="true" location="${com.sun.aas.installRoot}/lib/install/applications/adminapp/adminapp_war" name="adminapp" object-type="system-admin">
+ <!-- System Web Module - DO NOT DELETE! -->
+ </web-module>
+ <web-module availability-enabled="false" context-root="/asadmin" directory-deployed="true" enabled="true" location="${com.sun.aas.installRoot}/lib/install/applications/admingui/adminGUI_war" name="admingui" object-type="system-admin">
+ <!-- System Web Module - DO NOT DELETE! -->
+ </web-module>
+ <web-module availability-enabled="false" context-root="/com_sun_web_ui" directory-deployed="true" enabled="true" location="${com.sun.aas.installRoot}/lib/install/applications/com_sun_web_ui" name="com_sun_web_ui" object-type="system-admin">
+ <!-- System Web Module - DO NOT DELETE! -->
+ </web-module>
+ <connector-module directory-deployed="false" enabled="true" location="${com.sun.aas.instanceRoot}/applications/j2ee-modules/cciblackbox-tx" name="cciblackbox-tx" object-type="user"/>
+ </applications>
+ <resources>
+ <jdbc-resource enabled="true" jndi-name="jdbc/__TimerPool" object-type="system-all" pool-name="__TimerPool"/>
+ <jdbc-resource enabled="true" jndi-name="jdbc/PointBase" object-type="user" pool-name="PointBasePool"/>
+ <jdbc-resource enabled="true" jndi-name="jdbc/bmp-enrollerDB" object-type="user" pool-name="bmpEnrollerPool"/>
+ <jdbc-resource enabled="true" jndi-name="jdbc/s1qeDB" object-type="user" pool-name="jdbc-pointbase-pool"/>
+ <jdbc-resource enabled="true" jndi-name="jdbc/ejb-subclassing" object-type="user" pool-name="ejb-subclassing-pool"/>
+ <persistence-manager-factory-resource enabled="true" factory-class="com.sun.jdo.spi.persistence.support.sqlstore.impl.PersistenceManagerFactoryImpl" jdbc-resource-jndi-name="jdbc/s1qeDB" jndi-name="jdo/s1qePM" object-type="user"/>
+ <admin-object-resource enabled="true" jndi-name="jms/SampleQueue" object-type="user" res-adapter="jmsra" res-type="javax.jms.Queue">
+ <property name="Name" value="Queue"/>
+ </admin-object-resource>
+ <admin-object-resource enabled="true" jndi-name="jms/adminQueue" object-type="user" res-adapter="jmsra" res-type="javax.jms.Queue">
+ <property name="Name" value="adminQueue"/>
+ </admin-object-resource>
+ <admin-object-resource enabled="true" jndi-name="jms/MyQueue" object-type="user" res-adapter="jmsra" res-type="javax.jms.Queue">
+ <property name="Name" value="MyQueue"/>
+ </admin-object-resource>
+ <connector-resource enabled="true" jndi-name="jms/QCFactory" object-type="user" pool-name="__SYSTEM/pools/jms/QCFactory"/>
+ <connector-resource enabled="true" jndi-name="jms/QueueConnectionFactory" object-type="user" pool-name="__SYSTEM/pools/jms/QueueConnectionFactory"/>
+ <connector-resource enabled="true" jndi-name="jms/MyQueueConnectionFactory" object-type="user" pool-name="__SYSTEM/pools/jms/MyQueueConnectionFactory"/>
+ <jdbc-connection-pool connection-validation-method="auto-commit" datasource-classname="com.pointbase.xa.xaDataSource" fail-all-connections="false" idle-timeout-in-seconds="300" is-connection-validation-required="false" is-isolation-level-guaranteed="true" max-pool-size="32" max-wait-time-in-millis="60000" name="__TimerPool" pool-resize-quantity="2" res-type="javax.sql.XADataSource" steady-pool-size="8">
+ <property name="DatabaseName" value="jdbc:pointbase:embedded:ejbtimer,database.home=${com.sun.aas.instanceRoot}/lib/databases"/>
+ <property name="User" value="pbPublic"/>
+ <property name="Password" value="pbPublic"/>
+ </jdbc-connection-pool>
+ <jdbc-connection-pool connection-validation-method="auto-commit" datasource-classname="com.pointbase.xa.xaDataSource" fail-all-connections="false" idle-timeout-in-seconds="300" is-connection-validation-required="false" is-isolation-level-guaranteed="true" max-pool-size="32" max-wait-time-in-millis="60000" name="PointBasePool" pool-resize-quantity="2" res-type="javax.sql.XADataSource" steady-pool-size="8">
+ <property name="DatabaseName" value="jdbc:pointbase:server://localhost:9092/sun-appserv-samples"/>
+ <property name="Password" value="pbPublic"/>
+ <property name="User" value="pbPublic"/>
+ </jdbc-connection-pool>
+ <jdbc-connection-pool connection-validation-method="auto-commit" datasource-classname="com.pointbase.jdbc.jdbcDataSource" fail-all-connections="false" idle-timeout-in-seconds="300" is-connection-validation-required="false" is-isolation-level-guaranteed="true" max-pool-size="32" max-wait-time-in-millis="60000" name="bmpEnrollerPool" pool-resize-quantity="2" res-type="javax.sql.DataSource" steady-pool-size="8">
+ <property name="DatabaseName" value="jdbc:pointbase:server://localhost:9092/sqe-samples,new"/>
+ <property name="User" value="DBUSER"/>
+ <property name="Password" value="DBPASSWORD"/>
+ </jdbc-connection-pool>
+ <jdbc-connection-pool connection-validation-method="auto-commit" datasource-classname="com.pointbase.jdbc.jdbcDataSource" fail-all-connections="false" idle-timeout-in-seconds="300" is-connection-validation-required="false" is-isolation-level-guaranteed="true" max-pool-size="32" max-wait-time-in-millis="60000" name="jdbc-pointbase-pool" pool-resize-quantity="2" res-type="javax.sql.DataSource" steady-pool-size="8">
+ <property name="DatabaseName" value="jdbc:pointbase:server://localhost:9092/sqe-samples,new"/>
+ <property name="User" value="DBUSER"/>
+ <property name="Password" value="DBPASSWORD"/>
+ </jdbc-connection-pool>
+ <jdbc-connection-pool connection-validation-method="auto-commit" datasource-classname="com.pointbase.jdbc.jdbcDataSource" fail-all-connections="false" idle-timeout-in-seconds="300" is-connection-validation-required="false" is-isolation-level-guaranteed="true" max-pool-size="32" max-wait-time-in-millis="60000" name="ejb-subclassing-pool" pool-resize-quantity="2" res-type="javax.sql.DataSource" steady-pool-size="8">
+ <property name="DatabaseName" value="jdbc:pointbase:server://localhost:9092/sqe-samples,new"/>
+ <property name="User" value="DBUSER"/>
+ <property name="Password" value="DBPASSWORD"/>
+ </jdbc-connection-pool>
+ <connector-connection-pool connection-definition-name="javax.jms.QueueConnectionFactory" fail-all-connections="false" idle-timeout-in-seconds="300" max-pool-size="250" max-wait-time-in-millis="60000" name="__SYSTEM/pools/jms/QCFactory" pool-resize-quantity="2" resource-adapter-name="jmsra" steady-pool-size="1"/>
+ <connector-connection-pool connection-definition-name="javax.jms.QueueConnectionFactory" fail-all-connections="false" idle-timeout-in-seconds="300" max-pool-size="250" max-wait-time-in-millis="60000" name="__SYSTEM/pools/jms/QueueConnectionFactory" pool-resize-quantity="2" resource-adapter-name="jmsra" steady-pool-size="1"/>
+ <connector-connection-pool connection-definition-name="javax.jms.QueueConnectionFactory" fail-all-connections="false" idle-timeout-in-seconds="300" max-pool-size="250" max-wait-time-in-millis="60000" name="__SYSTEM/pools/jms/MyQueueConnectionFactory" pool-resize-quantity="2" resource-adapter-name="jmsra" steady-pool-size="1"/>
+ </resources>
+ <configs>
+ <config dynamic-reconfiguration-enabled="true" name="server-config">
+ <http-service>
+ <http-listener acceptor-threads="100" address="0.0.0.0" blocking-enabled="false" default-virtual-server="server" enabled="true" family="inet" id="http-listener-1" port="${http-listener-1-port}" security-enabled="false" server-name="" xpowered-by="true">
+ </http-listener>
+ <http-listener acceptor-threads="100" address="0.0.0.0" blocking-enabled="false" default-virtual-server="server" enabled="true" family="inet" id="http-listener-2" port="${http-listener-2-port}" security-enabled="true" server-name="" xpowered-by="true">
+ </http-listener>
+ <http-listener acceptor-threads="100" address="0.0.0.0" blocking-enabled="false" default-virtual-server="__asadmin" enabled="true" family="inet" id="admin-listener" port="${admin-listener-port}" security-enabled="false" server-name="" xpowered-by="true">
+ </http-listener>
+ <virtual-server hosts="${com.sun.aas.hostName}" http-listeners="http-listener-1,http-listener-2" id="server" state="on">
+ <property name="docroot" value="${com.sun.aas.instanceRoot}/docroot"/>
+ <property name="accesslog" value="${com.sun.aas.instanceRoot}/logs/access"/>
+ </virtual-server>
+ <virtual-server default-web-module="admingui" hosts="${com.sun.aas.hostName}" http-listeners="admin-listener" id="__asadmin" state="on">
+ <property name="docroot" value="${com.sun.aas.instanceRoot}/docroot"/>
+ <property name="accesslog" value="${com.sun.aas.instanceRoot}/logs/access"/>
+ </virtual-server>
+ </http-service>
+ <iiop-service client-authentication-required="false">
+ <orb max-connections="1024" message-fragment-size="1024" use-thread-pool-ids="thread-pool-1"/>
+ <iiop-listener address="0.0.0.0" enabled="true" id="orb-listener-1" port="${orb-listener-1-port}" security-enabled="false"/>
+ <iiop-listener address="0.0.0.0" enabled="true" id="SSL" port="${SSL-port}" security-enabled="true">
+ <ssl cert-nickname="s1as" client-auth-enabled="false" ssl2-enabled="false" ssl3-enabled="true" tls-enabled="true" tls-rollback-enabled="true"/>
+ </iiop-listener>
+ <iiop-listener address="0.0.0.0" enabled="true" id="SSL_MUTUALAUTH" port="${SSL_MUTUALAUTH-port}" security-enabled="true">
+ <ssl cert-nickname="s1as" client-auth-enabled="true" ssl2-enabled="false" ssl3-enabled="true" tls-enabled="true" tls-rollback-enabled="true"/>
+ </iiop-listener>
+ </iiop-service>
+ <admin-service type="das-and-server">
+ <das-config admin-session-timeout-in-minutes="60" autodeploy-dir="${com.sun.aas.instanceRoot}/autodeploy" autodeploy-enabled="true" autodeploy-jsp-precompilation-enabled="false" autodeploy-polling-interval-in-seconds="2" autodeploy-verifier-enabled="false" deploy-xml-validation="full" dynamic-reload-enabled="true" dynamic-reload-poll-interval-in-seconds="2"/>
+ </admin-service>
+ <web-container/>
+ <ejb-container cache-idle-timeout-in-seconds="600" cache-resize-quantity="32" commit-option="B" max-cache-size="512" max-pool-size="32" pool-idle-timeout-in-seconds="600" pool-resize-quantity="8" removal-timeout-in-seconds="5400" session-store="${com.sun.aas.instanceRoot}/session-store" steady-pool-size="0" victim-selection-policy="nru">
+ <ejb-timer-service max-redeliveries="1" minimum-delivery-interval-in-millis="7000" redelivery-interval-internal-in-millis="5000"/>
+ </ejb-container>
+ <mdb-container idle-timeout-in-seconds="600" max-pool-size="32" pool-resize-quantity="8" steady-pool-size="0"/>
+ <jms-service addresslist-behavior="random" addresslist-iterations="3" init-timeout-in-seconds="60" reconnect-attempts="3" reconnect-enabled="true" reconnect-interval-in-seconds="60" type="LOCAL">
+ <jms-host admin-password="admin" admin-user-name="admin" host="d-usca14-133-73.SFBay.Sun.COM" name="default_JMS_host" port="7676"/>
+ </jms-service>
+ <log-service alarms="false" file="${com.sun.aas.instanceRoot}/logs/server.log" log-rotation-limit-in-bytes="2000000000" log-rotation-timelimit-in-minutes="0" log-to-console="false" use-system-logging="false">
+ <module-log-levels admin="INFO" classloader="INFO" cmp="INFO" cmp-container="INFO" configuration="INFO" connector="INFO" corba="INFO" deployment="INFO" ejb-container="INFO" javamail="INFO" jaxr="INFO" jaxrpc="INFO" jdo="INFO" jms="INFO" jta="INFO" jts="INFO" mdb-container="INFO" naming="INFO" resource-adapter="INFO" root="INFO" saaj="INFO" security="INFO" server="INFO" util="INFO" verifier="INFO" web-container="INFO"/>
+ </log-service>
+ <security-service anonymous-role="ANYONE" audit-enabled="false" audit-modules="default" default-realm="file" jacc="default">
+ <auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="file">
+ <property name="file" value="${com.sun.aas.instanceRoot}/config/keyfile"/>
+ <property name="jaas-context" value="fileRealm"/>
+ </auth-realm>
+ <auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate">
+ </auth-realm>
+ <jacc-provider name="default" policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl" policy-provider="com.sun.enterprise.security.provider.PolicyWrapper">
+ <property name="repository" value="${com.sun.aas.instanceRoot}/generated/policy"/>
+ </jacc-provider>
+ <audit-module classname="com.sun.enterprise.security.Audit" name="default">
+ <property name="auditOn" value="false"/>
+ </audit-module>
+
+
+
+
+
+ <message-security-config auth-layer="SOAP" default-provider="app7" default-client-provider="app2">
+ <provider-config provider-id="app1" provider-type="client" class-name="ClientModule1">
+ <request-policy auth-source="sender" auth-recipient="before-content"></request-policy>
+ <response-policy auth-source="content" auth-recipient="after-content"></response-policy>
+ </provider-config>
+ <provider-config provider-id="app2" provider-type="client" class-name="ClientModule1">
+ <request-policy auth-source="sender" auth-recipient="before-content"></request-policy>
+ <response-policy auth-source="content" auth-recipient="after-content"></response-policy>
+ <property name="option1" value="true"/>
+ </provider-config>
+ <provider-config provider-id="app3" provider-type="client" class-name="ClientModule1">
+ <request-policy auth-source="sender" auth-recipient="before-content"></request-policy>
+ </provider-config>
+ <provider-config provider-id="app4" provider-type="client" class-name="ClientModule1">
+ <response-policy auth-source="content" auth-recipient="after-content"></response-policy>
+ </provider-config>
+ <provider-config provider-id="app5" provider-type="client" class-name="ClientModule1">
+ </provider-config>
+ <provider-config provider-id="app6" provider-type="server" class-name="ServerModule1">
+ </provider-config>
+ <provider-config provider-id="app7" provider-type="server" class-name="ServerModule1">
+ <request-policy auth-source="sender" auth-recipient="before-content"></request-policy>
+ <response-policy auth-source="content" auth-recipient="after-content"></response-policy>
+ </provider-config>
+ </message-security-config>
+
+
+<!-- not supported yet
+
+
+ <message-security-config auth-layer="HTTP" default-provider="app8">
+ </provider-config>
+ <provider-config provider-id="app8" provider-type="server" class-name="ServerModule1">
+ </provider-config>
+ <provider-config provider-id="app9" provider-type="server" class-name="ServerModule1">
+ </message-security-config>
+
+
+ <message-security-config auth-layer="EJB" default-provider="app10">
+ </provider-config>
+ <provider-config provider-id="app10" provider-type="server" class-name="ServerModule1">
+ </message-security-config>
+
+-->
+
+
+ </security-service>
+ <transaction-service automatic-recovery="false" heuristic-decision="rollback" keypoint-interval="2048" retry-timeout-in-seconds="600" timeout-in-seconds="0" tx-log-dir="${com.sun.aas.instanceRoot}/logs"/>
+ <monitoring-service>
+<!--
+XXX CHARLIE
+ <module-monitoring-levels connector-connection-pool="OFF" ejb-container="OFF" http-service="OFF" jdbc-connection-pool="OFF" jndi="OFF" orb="OFF" thread-pool="OFF" transaction-service="OFF" web-container="OFF"/>
+-->
+ </monitoring-service>
+ <java-config classpath-suffix="${com.sun.aas.installRoot}/pointbase/lib/pbclient.jar${path.separator}${com.sun.aas.installRoot}/pointbase/lib/pbembedded.jar" debug-enabled="false" debug-options="-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=1044" env-classpath-ignored="true" java-home="${com.sun.aas.javaRoot}" javac-options="-g" rmic-options="-iiop -poa -alwaysgenerate -keepgenerated -g" server-classpath="${com.sun.aas.javaRoot}/lib/tools.jar${path.separator}${com.sun.aas.installRoot}/lib/install/applications/jmsra/imqjmsra.jar${path.separator}${com.sun.aas.imqLib}/jaxm-api.jar${path.separator}${com.sun.aas.imqLib}/fscontext.jar${path.separator}${com.sun.aas.installRoot}/lib/ant/lib/ant.jar">
+ <!-- various required jvm-options -->
+ <jvm-options>-client</jvm-options>
+ <jvm-options>-Djava.endorsed.dirs=${com.sun.aas.installRoot}/lib/endorsed</jvm-options>
+ <jvm-options>-Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy</jvm-options>
+ <jvm-options>-Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf</jvm-options>
+ <jvm-options>-Dsun.rmi.dgc.server.gcInterval=3600000</jvm-options>
+ <jvm-options>-Dsun.rmi.dgc.client.gcInterval=3600000</jvm-options>
+ <jvm-options>-Dcom.sun.web.console.appbase=/${com.sun.aas.installRoot}/lib/install/applications/com_sun_web_ui</jvm-options>
+ <jvm-options>-Xmx512m</jvm-options>
+ <jvm-options>-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.jks</jvm-options>
+ <jvm-options>-Djavax.net.ssl.trustStore=${com.sun.aas.instanceRoot}/config/cacerts.jks</jvm-options>
+ <jvm-options>-Djava.ext.dirs=${com.sun.aas.javaRoot}/jre/lib/ext${path.separator}${com.sun.aas.instanceRoot}/lib/ext</jvm-options>
+ <jvm-options> -Djdbc.drivers=com.pointbase.jdbc.jdbcUniversalDriver</jvm-options>
+ <jvm-options>-Djavax.management.builder.initial=com.sun.enterprise.admin.server.core.jmx.AppServerMBeanServerBuilder</jvm-options>
+ <jvm-options>-Dcom.sun.enterprise.config.config_environment_factory_class=com.sun.enterprise.config.serverbeans.AppserverConfigEnvironmentFactory</jvm-options>
+ <jvm-options>-Dcom.sun.enterprise.taglibs=appserv-jstl.jar,jsf-impl.jar</jvm-options>
+ <jvm-options>-XX:NewRatio=2</jvm-options>
+ </java-config>
+ <thread-pools>
+ <thread-pool idle-thread-timeout-in-seconds="120" max-thread-pool-size="200" min-thread-pool-size="0" num-work-queues="1" thread-pool-id="thread-pool-1"/>
+ </thread-pools>
+ <system-property name="http-listener-1-port" value="8080"/>
+ <system-property name="http-listener-2-port" value="1043"/>
+ <system-property name="admin-listener-port" value="4848"/>
+ <system-property name="orb-listener-1-port" value="3700"/>
+ <system-property name="SSL-port" value="1060"/>
+ <system-property name="SSL_MUTUALAUTH-port" value="1061"/>
+ </config>
+ <!-- config model with name "server-config" ends -->
+ </configs>
+ <servers>
+ <server config-ref="server-config" name="server">
+ <application-ref disable-timeout-in-minutes="30" enabled="true" lb-enabled="false" ref="adminapp" virtual-servers="__asadmin"/>
+ <application-ref disable-timeout-in-minutes="30" enabled="true" lb-enabled="false" ref="admingui" virtual-servers="__asadmin"/>
+ <application-ref disable-timeout-in-minutes="30" enabled="true" lb-enabled="false" ref="com_sun_web_ui" virtual-servers="__asadmin"/>
+ <application-ref disable-timeout-in-minutes="30" enabled="true" lb-enabled="false" ref="MEjbApp" virtual-servers="server"/>
+ <application-ref disable-timeout-in-minutes="30" enabled="true" lb-enabled="false" ref="__ejb_container_timer_app" virtual-servers="server"/>
+ <application-ref disable-timeout-in-minutes="30" enabled="true" lb-enabled="false" ref="cciblackbox-tx"/>
+ <application-ref disable-timeout-in-minutes="30" enabled="true" lb-enabled="false" ref="ejb-stateful-persistenceApp"/>
+ <resource-ref enabled="true" ref="jdbc/__TimerPool"/>
+ <resource-ref enabled="true" ref="jdbc/PointBase"/>
+ <resource-ref enabled="true" ref="bmpEnrollerPool"/>
+ <resource-ref enabled="true" ref="jdbc/bmp-enrollerDB"/>
+ <resource-ref enabled="true" ref="jdbc-pointbase-pool"/>
+ <resource-ref enabled="true" ref="jdbc/s1qeDB"/>
+ <resource-ref enabled="true" ref="jdo/s1qePM"/>
+ <resource-ref enabled="true" ref="__SYSTEM/pools/jms/QCFactory"/>
+ <resource-ref enabled="true" ref="jms/QCFactory"/>
+ <resource-ref enabled="true" ref="jms/SampleQueue"/>
+ <resource-ref enabled="true" ref="ejb-subclassing-pool"/>
+ <resource-ref enabled="true" ref="jdbc/ejb-subclassing"/>
+ <resource-ref enabled="true" ref="__SYSTEM/pools/jms/QueueConnectionFactory"/>
+ <resource-ref enabled="true" ref="jms/QueueConnectionFactory"/>
+ <resource-ref enabled="true" ref="jms/adminQueue"/>
+ <resource-ref enabled="true" ref="__SYSTEM/pools/jms/MyQueueConnectionFactory"/>
+ <resource-ref enabled="true" ref="jms/MyQueueConnectionFactory"/>
+ <resource-ref enabled="true" ref="jms/MyQueue"/>
+ <resource-ref enabled="true" ref="CCI-CONNPOOL"/>
+ <resource-ref enabled="true" ref="EMBEDDED-CCI-CONNPOOL"/>
+ </server>
+ </servers>
+</domain>
diff --git a/appserver/tests/appserv-tests/devtests/security/container-auth/testConfig/sun-acc.xml b/appserver/tests/appserv-tests/devtests/security/container-auth/testConfig/sun-acc.xml
new file mode 100644
index 0000000..690acab
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/container-auth/testConfig/sun-acc.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2004, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!DOCTYPE client-container PUBLIC "-//Sun Microsystems Inc.//DTD Application Server 8.0 Application Client Container//EN" "http://www.sun.com/software/appserver/dtds/sun-application-client-container_1_2.dtd">
+
+<client-container>
+ <target-server name="d-usca14-133-73.SFBay.Sun.COM" address="d-usca14-133-73.SFBay.Sun.COM" port="3700"/>
+ <log-service file="" level="WARNING"/>
+
+ <message-security-config auth-layer="SOAP" default-provider="app7" default-client-provider="app2">
+ <provider-config provider-id="app1" provider-type="client" class-name="ClientModule1">
+ <request-policy auth-source="sender" auth-recipient="before-content"></request-policy>
+ <response-policy auth-source="content" auth-recipient="after-content"></response-policy>
+ </provider-config>
+ <provider-config provider-id="app2" provider-type="client" class-name="ClientModule1">
+ <request-policy auth-source="sender" auth-recipient="before-content"></request-policy>
+ <response-policy auth-source="content" auth-recipient="after-content"></response-policy>
+ <property name="option1" value="true"/>
+ </provider-config>
+ <provider-config provider-id="app3" provider-type="client" class-name="ClientModule1">
+ <request-policy auth-source="sender" auth-recipient="before-content"></request-policy>
+ </provider-config>
+ <provider-config provider-id="app4" provider-type="client" class-name="ClientModule1">
+ <response-policy auth-source="content" auth-recipient="after-content"></response-policy>
+ </provider-config>
+ <provider-config provider-id="app5" provider-type="client" class-name="ClientModule1">
+ </provider-config>
+ <provider-config provider-id="app6" provider-type="server" class-name="ServerModule1">
+ </provider-config>
+ <provider-config provider-id="app7" provider-type="server" class-name="ServerModule1">
+ <request-policy auth-source="sender" auth-recipient="before-content"></request-policy>
+ <response-policy auth-source="content" auth-recipient="after-content"></response-policy>
+ </provider-config>
+ </message-security-config>
+
+
+<!-- not supported yet
+
+
+ <message-security-config auth-layer="HTTP" default-provider="app8">
+ </provider-config>
+ <provider-config provider-id="app8" provider-type="server" class-name="ServerModule1">
+ </provider-config>
+ <provider-config provider-id="app9" provider-type="server" class-name="ServerModule1">
+ </message-security-config>
+
+
+ <message-security-config auth-layer="EJB" default-provider="app10">
+ </provider-config>
+ <provider-config provider-id="app10" provider-type="server" class-name="ServerModule1">
+ </message-security-config>
+
+-->
+
+</client-container>
diff --git a/appserver/tests/appserv-tests/devtests/security/cplogin/build.properties b/appserver/tests/appserv-tests/devtests/security/cplogin/build.properties
new file mode 100644
index 0000000..e1bb6d7
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/cplogin/build.properties
@@ -0,0 +1,52 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="sec-plogin"/>
+<property name="appname" value="${module}-converter"/>
+
+<property name="assemble"
+ value="${build.classes.dir}/archive"/>
+<property name="appclientjar.files" value="${build.classes.dir}"/>
+<property name="appclient.jar"
+ value="${assemble.dir}/${appname}-client.jar"/>
+
+<property name="test.client"
+ value="com.sun.devtest.security.plogin.converter.client.ConverterClient"/>
+
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="sun-application.xml" value="descriptor/sun-application.xml"/>
+<property name="ejb-jar.xml" value="descriptor/ejb-jar.xml"/>
+<property name="sun-ejb-jar.xml" value="descriptor/sun-ejb-jar.xml"/>
+<property name="application-client.xml"
+ value="descriptor/application-client.xml"/>
+<property name="sun-application-client.xml"
+ value="descriptor/sun-application-client.xml"/>
+
+<property name="app.type" value="application"/>
+
+<!-- ============================================================ -->
+<!-- Standalone Client specific properties which run without ACC -->
+<!-- ============================================================ -->
+<!--
+<property name="jndi.name" value="PLoginConverter"/>
+<property name="provider.url" value="iiop://localhost:${orb.port}"/>
+<property name="ctxfactory" value="com.sun.enterprise.naming.SerialInitContextFactory"/>
+<property name="ctxfactory" value="com.sun.jndi.cosnaming.CNCtxFactory"/>
+-->
+
diff --git a/appserver/tests/appserv-tests/devtests/security/cplogin/build.xml b/appserver/tests/appserv-tests/devtests/security/cplogin/build.xml
new file mode 100644
index 0000000..4192da7
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/cplogin/build.xml
@@ -0,0 +1,173 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../config/common.xml">
+<!ENTITY testproperties SYSTEM "file:./build.properties">
+<!ENTITY commonSecurity SYSTEM "file:./../common.xml">
+]>
+
+<project name="PLoginConverterApp" default="usage" basedir=".">
+
+ &commonSetup;
+ &commonBuild;
+ &testproperties;
+ &commonSecurity;
+
+ <!-- cf config/common.xml -->
+ <target name="all" depends="build,setup,deploy,run,undeploy,unsetup"/>
+ <!-- run-test target added to have setup/unsetup commonly -->
+ <target name="run-test" depends="build,deploy,run,undeploy"/>
+
+ <target name="clean" depends="init-common">
+ <antcall target="clean-common"/>
+ </target>
+
+ <target name="compile" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="ejb"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="client"/>
+ </antcall>
+ </target>
+
+ <target name="build" depends="compile">
+ <antcall target="build-ear-common"/>
+ </target>
+
+ <target name="setup" depends="init-common">
+ <antcall target="create-auth-filerealm">
+ <param name="file.realm.name" value="file2"/>
+ <param name="keyfile.path" value="${admin.domain.dir}/${admin.domain}/config/keyfile2"/>
+ </antcall>
+ <!--<antcall target="reconfig-common"/>-->
+
+ <antcall target="create-user-common">
+ <param name="user" value="shingwai"/>
+ <param name="password" value="shingwai"/>
+ <param name="groups" value="employee"/>
+ <param name="authrealmname" value="file2"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="swchan"/>
+ <param name="password" value="swchan"/>
+ <param name="groups" value="employee"/>
+ <param name="authrealmname" value="file2"/>
+ </antcall>
+ <antcall target="create-permission"/>
+ </target>
+
+ <target name="unsetup" depends="init-common">
+ <antcall target="delete-user-common">
+ <param name="user" value="shingwai"/>
+ <param name="authrealmname" value="file2"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="swchan"/>
+ <param name="authrealmname" value="file2"/>
+ </antcall>
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-auth-realm" />
+ <param name="operand.props" value="file2"/>
+ </antcall>
+
+ <antcall target="restore-permission"/>
+ </target>
+
+ <target name="create-permission" depends="init-common">
+ <copy file="${admin.domain.dir}/../lib/appclient/client.policy"
+ tofile="${admin.domain.dir}/../lib/appclient/client.policy.org"
+ overwrite="true"/>
+ <!-- replace "\" by "/" in PC env -->
+ <echo message="jassembledir=${assemble.dir}" file="temp.txt"/>
+ <replace file="temp.txt" token="\" value="/"/>
+ <loadproperties srcFile="temp.txt"/>
+ <delete file="temp.txt"/>
+ <echo message="grant codeBase "file:${jassembledir}/${appname}AppClient.jar" {
+ permission com.sun.appserv.security.ProgrammaticLoginPermission "login";
+ permission com.sun.appserv.security.ProgrammaticLoginPermission "logout";
+};"
+ file="${admin.domain.dir}/../lib/appclient/client.policy"
+ append="true"/>
+ </target>
+
+ <target name="restore-permission" depends="init-common">
+ <copy file="${admin.domain.dir}/../lib/appclient/client.policy.org"
+ tofile="${admin.domain.dir}/../lib/appclient/client.policy"
+ overwrite="true"/>
+ </target>
+
+ <target name="deploy" depends="init-common">
+ <antcall target="deploy-common"/>
+ </target>
+
+ <target name="run" depends="init-common">
+ <antcall target="runclient-local"/>
+ <antcall target="run-standalone-client"/>
+ </target>
+
+ <target name="runclient-local" depends="init-common">
+ <echo message="Running appclient ..."/>
+ <exec executable="${APPCLIENT}">
+ <arg value="-client" />
+ <arg value="${assemble.dir}/${appname}AppClient.jar"/>
+ <!-- dummy user added as appclient throwing login window -->
+ </exec>
+ </target>
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-common"/>
+ </target>
+
+ <!-- =============================================== -->
+ <!-- Target to run the standalone client without ACC -->
+ <!-- =============================================== -->
+ <target name="run-standalone-client" depends="init-common">
+ <property name="jndi.name" value="PLoginConverter"/>
+ <property name="provider.url" value="iiop://${admin.host}:${orb.port}"/>
+ <property name="ctxfactory"
+ value="com.sun.enterprise.naming.SerialInitContextFactory"/>
+ <echo message="Running standalone client ..."/>
+ <echo message="provider.url used is ${provider.url}"/>
+ <java classname="${test.client}"
+ classpath="${admin.domain.dir}/../lib/appserv-rt.jar:${s1astest.classpath}:${assemble.dir}/${appname}AppClient.jar:${admin.domain.dir}/../imq/lib/imq.jar"
+ failonerror="true" fork="true">
+ <jvmarg value="-Djava.security.auth.login.config=${admin.domain.dir}/../lib/appclient/appclientlogin.conf"/>
+ <jvmarg value="-Dorg.omg.CORBA.ORBInitialHost=${admin.host}"/>
+ <jvmarg value="-Dorg.omg.CORBA.ORBInitialPort=${orb.port}"/>
+ <jvmarg value="-Dcom.sun.CORBA.connection.ORBSocketFactoryClass=com.sun.enterprise.iiop.IIOPSSLSocketFactory"/>
+<!--
+ <jvmarg value="-Djavax.rmi.CORBA.UtilClass=com.sun.corba.ee.impl.javax.rmi.CORBA.Util"/>
+ <jvmarg value="-Djavax.rmi.CORBA.StubClass=com.sun.corba.ee.impl.javax.rmi.CORBA.StubDelegateImpl"/>
+ <jvmarg value="-Djavax.rmi.CORBA.PortableRemoteObjectClass=com.sun.corba.ee.impl.javax.rmi.PortableRemoteObject"/>
+ <jvmarg value="-Dorg.omg.CORBA.ORBClass=com.sun.corba.ee.impl.orb.ORBImpl"/>
+ <jvmarg value="-Dorg.omg.CORBA.ORBSingletonClass=com.sun.corba.ee.impl.orb.ORBSingleton"/>
+-->
+ <arg value="${provider.url}"/>
+ <arg value="${ctxfactory}"/>
+ <arg value="${jndi.name}"/>
+ </java>
+ </target>
+
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/cplogin/client/ConverterClient.java b/appserver/tests/appserv-tests/devtests/security/cplogin/client/ConverterClient.java
new file mode 100644
index 0000000..698a80e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/cplogin/client/ConverterClient.java
@@ -0,0 +1,234 @@
+/*
+ * Copyright (c) 2004, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.devtest.security.plogin.converter.client;
+
+import java.util.Properties;
+import java.math.BigDecimal;
+import javax.naming.Context;
+import javax.naming.InitialContext;
+import javax.rmi.PortableRemoteObject;
+import javax.transaction.UserTransaction;
+import com.sun.appserv.security.*;
+import com.sun.devtest.security.plogin.converter.ejb.*;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+/**
+ * A simple java client. This uses the services provided by the <code>ConverterBean</code> and
+ * converts 100 US dollars to Yen and 100 Yen to Euro.
+ * <p>In this regard, it does the following in order
+ * <ul>
+ * <li>Locates the home interface of the enterprise bean
+ * <li>Gets a reference to the remote interface
+ * <li>Invokes business methods
+ * </ul>
+ * <br>
+ * <b>Locating the home interface:</b>
+ * <blockquote><pre>
+ * Context initial = new InitialContext();
+ * Context myEnv = (Context)initial.lookup("java:comp/env");
+ * Object objref = myEnv.lookup("ejb/SimpleConverter");
+ * ConverterHome home = (ConverterHome)PortableRemoteObject.narrow(objref, ConverterHome.class);
+ * </pre></blockquote>
+ * <br>
+ * <b>Creating the remote interface:</b>
+ * <blockquote><pre>
+ * Converter currencyConverter = home.create();
+ * </pre></blockquote>
+ * <br>
+ * <b>Invoking business methods:</b>
+ * <blockquote><pre>
+ * BigDecimal param = new BigDecimal ("100.00");
+ * amount = currencyConverter.dollarToYen(param);
+ * amount = currencyConverter.yenToEuro(param);
+ * </pre></blockquote>
+ * <br>
+ * <b>Output:</b>
+ * <pre>
+ * 12160.00
+ * 0.77
+ * </pre>
+ *
+ *
+ */
+
+public class ConverterClient {
+
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+
+ ConverterClient() {
+ }
+
+ /**
+ * The main method of the client. This invokes the <code>ConverterBean</code> to use
+ * its services. It then asks the bean to convert 100 dollars to yen and
+ * 100 yen to euro. The results are printed at the terminal where the client is run.
+ * See <code>appclient</code> documentation in SunONE app server to run the clinet.
+ *
+ */
+ public static void main(String[] args) {
+ ConverterClient client = new ConverterClient();
+ client.run(args);
+ }
+
+ private void run(String[] args) {
+ String url = null;
+ String testIdPrefix = null;
+ String testId = "";
+ String jndiName = null;
+ Context context = null;
+ String ctxFactory = null;
+ java.lang.Object obj = null;
+ try {
+ stat.addDescription("Security::client side programmatic login");
+
+ if (args.length == 3) {
+ url = args[0];
+ ctxFactory = args[1];
+ jndiName = args[2];
+ }
+
+ String user = "shingwai";
+ String password = "shingwai";
+
+ ProgrammaticLogin plogin = new ProgrammaticLogin();
+ plogin.login(user, password);
+ boolean isAppClientTest = (url == null) || (ctxFactory == null);
+
+ /*
+ * User tx is to test issue:
+ * https://glassfish.dev.java.net/issues/show_bug.cgi?id=1568
+ */
+ UserTransaction ut = null;
+
+ if (isAppClientTest) {
+ testIdPrefix = "Sec::PLogin Converter Sample AppClient";
+ testId = testIdPrefix;
+ // Initialize the Context with default properties
+ context = new InitialContext();
+ System.out.println("PLogin Test \nDefault Context Initialized...");
+ // Create Home object
+ obj = context.lookup("java:comp/env/ejb/PLoginSimpleConverter");
+ ut = (UserTransaction) context.lookup("UserTransaction");
+ } else {
+ testIdPrefix = "Sec::PLogin Standalone-Client";
+ testId = testIdPrefix;
+ Properties env = new Properties();
+ env.put("java.naming.provider.url", url);
+ env.put("java.naming.factory.initial", ctxFactory);
+ // Initialize the Context with JNDI specific properties
+ context = new InitialContext(env);
+ System.out.println("Context Initialized with " +
+ "URL: " + url + ", Factory: " + ctxFactory);
+ // Create Home object
+ obj = context.lookup(jndiName);
+
+ ut = (UserTransaction) context.lookup("UserTransaction");
+ }
+ ConverterRemoteHome home =
+ (ConverterRemoteHome) PortableRemoteObject.narrow(obj,
+ ConverterRemoteHome.class);
+
+ ConverterRemote currencyConverter = home.create();
+
+ System.out.println("\n\n\n===========Beginning Simple Test=====\n\n");
+ testId = testIdPrefix + " Programmatic Login";
+ processRequest(home, "100");
+ processRequest(home, "200");
+ processRequest(home, "300", ut);
+ stat.addStatus(testId, stat.PASS);
+ try {
+ System.out.println("Logout ...");
+ testId = testIdPrefix + " Programmatic Logout";
+ plogin.logout();
+ if (!isAppClientTest) {
+ //in case of appclient, this will prompt for password in GUI
+ processRequest(home, "400");
+ stat.addStatus(testId, stat.FAIL);
+ System.out.println("Unauthorized Access to Converter!");
+ }
+ } catch(java.rmi.AccessException ae) {
+ stat.addStatus(testId, stat.PASS);
+ System.out.println("OK! Got an expected java.rmi.AccessException");
+ }
+
+ testId = testIdPrefix + " Programmatic Relogin after logout";
+ plogin.login(user, password);
+ processRequest(home, "500");
+ processRequest(home, "600");
+ stat.addStatus(testId, stat.PASS);
+
+ try {
+ System.out.println("Incorrect Login ...");
+ testId = testIdPrefix + " Programmatic Incorrect login";
+ plogin.login(user, password + "123");
+ processRequest(home, "700");
+ stat.addStatus(testId, stat.FAIL);
+ System.out.println("Unauthorized Access to Converter!");
+ } catch(java.rmi.AccessException ae) {
+ stat.addStatus(testId, stat.PASS);
+ System.out.println("OK! Got an expected java.rmi.AccessException");
+ }
+
+ testId = testIdPrefix + " Programmatic Relogin after fail login";
+ plogin.login(user, password);
+ processRequest(home, "800");
+ stat.addStatus(testId, stat.PASS);
+ } catch (Throwable ex) {
+ System.err.println("TestID" +testId);
+ stat.addStatus(testId, stat.FAIL);
+ System.err.println("Caught an unexpected exception!");
+ ex.printStackTrace();
+ } finally {
+ stat.printSummary();
+ }
+ }
+
+ // default method that does not require transaction
+ private void processRequest(ConverterRemoteHome home, String amt)
+ throws Exception {
+
+ processRequest(home, amt, null);
+ }
+
+ private void processRequest(ConverterRemoteHome home, String amt,
+ UserTransaction tx) throws Exception {
+
+ ConverterRemote currencyConverter = home.create();
+
+ String s = currencyConverter.myCallerPrincipal();
+ System.out.println(" The caller principal received from ejb ->"+s);
+
+ BigDecimal param = new BigDecimal (amt);
+ if (tx != null) {
+ System.out.println("Beginning user transaction");
+ tx.begin();
+ }
+
+ BigDecimal amount = currencyConverter.dollarToYen(param);
+ System.out.println("$" + amt + " is : "+amount+"Yen");
+ amount = currencyConverter.yenToEuro(param);
+ System.out.println("Yen is :"+amount+"Euro\n");
+
+ if (tx != null) {
+ System.out.println("Committing user transaction");
+ tx.commit();
+ }
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/cplogin/client/MANIFEST.MF b/appserver/tests/appserv-tests/devtests/security/cplogin/client/MANIFEST.MF
new file mode 100644
index 0000000..979e96a
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/cplogin/client/MANIFEST.MF
@@ -0,0 +1,4 @@
+Manifest-Version: 1.0
+Created-By: 1.4.0 (Sun Microsystems Inc.)
+Main-Class: com.sun.devtest.security.plogin.converter.client.ConverterClient
+
diff --git a/appserver/tests/appserv-tests/devtests/security/cplogin/descriptor/application-client.xml b/appserver/tests/appserv-tests/devtests/security/cplogin/descriptor/application-client.xml
new file mode 100644
index 0000000..6d47880
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/cplogin/descriptor/application-client.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE application-client PUBLIC '-//Sun Microsystems, Inc.//DTD J2EE Application Client 1.3//EN' 'http://java.sun.com/dtd/application-client_1_3.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application-client>
+ <display-name>sec-plogin-converterClient</display-name>
+ <ejb-ref>
+ <ejb-ref-name>ejb/PLoginSimpleConverter</ejb-ref-name>
+ <ejb-ref-type>Session</ejb-ref-type>
+ <home>com.sun.devtest.security.plogin.converter.ejb.ConverterRemoteHome</home>
+ <remote>com.sun.devtest.security.plogin.converter.ejb.ConverterRemote</remote>
+ </ejb-ref>
+</application-client>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/cplogin/descriptor/application.xml b/appserver/tests/appserv-tests/devtests/security/cplogin/descriptor/application.xml
new file mode 100644
index 0000000..d02d09c
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/cplogin/descriptor/application.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE application PUBLIC '-//Sun Microsystems, Inc.//DTD J2EE Application 1.2//EN' 'http://java.sun.com/j2ee/dtds/application_1_2.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application>
+ <icon>
+ <small-icon></small-icon>
+ <large-icon></large-icon>
+ </icon>
+ <display-name>PLoginConverterApp</display-name>
+ <module>
+ <java>sec-plogin-converter-client.jar</java>
+ </module>
+ <module>
+ <ejb>sec-plogin-converter-ejb.jar</ejb>
+ </module>
+</application>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/cplogin/descriptor/ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/cplogin/descriptor/ejb-jar.xml
new file mode 100644
index 0000000..33d9572
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/cplogin/descriptor/ejb-jar.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 1.1//EN' 'http://java.sun.com/j2ee/dtds/ejb-jar_1_1.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<ejb-jar>
+ <enterprise-beans>
+ <session>
+ <display-name>PLoginConverterApp</display-name>
+ <ejb-name>PLoginTheConverter</ejb-name>
+ <home>com.sun.devtest.security.plogin.converter.ejb.ConverterRemoteHome</home>
+ <remote>com.sun.devtest.security.plogin.converter.ejb.ConverterRemote</remote>
+ <ejb-class>com.sun.devtest.security.plogin.converter.ejb.ConverterBean</ejb-class>
+ <session-type>Stateless</session-type>
+ <transaction-type>Bean</transaction-type>
+ </session>
+ </enterprise-beans>
+ <assembly-descriptor>
+ <security-role>
+ <role-name>Employee</role-name>
+ </security-role>
+ <method-permission>
+ <role-name>Employee</role-name>
+ <method>
+ <ejb-name>PLoginTheConverter</ejb-name>
+ <method-intf>Remote</method-intf>
+ <method-name>*</method-name>
+ </method>
+ </method-permission>
+ </assembly-descriptor>
+</ejb-jar>
diff --git a/appserver/tests/appserv-tests/devtests/security/cplogin/descriptor/sun-application-client.xml b/appserver/tests/appserv-tests/devtests/security/cplogin/descriptor/sun-application-client.xml
new file mode 100644
index 0000000..85fcb2e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/cplogin/descriptor/sun-application-client.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application-client PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 Application Client 1.3//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-application-client_1_3-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application-client>
+ <ejb-ref>
+ <ejb-ref-name>ejb/PLoginSimpleConverter</ejb-ref-name>
+ <jndi-name>PLoginConverter</jndi-name>
+ </ejb-ref>
+</sun-application-client>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/cplogin/descriptor/sun-application.xml b/appserver/tests/appserv-tests/devtests/security/cplogin/descriptor/sun-application.xml
new file mode 100644
index 0000000..ec70552
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/cplogin/descriptor/sun-application.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application PUBLIC "-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 J2EE Application 1.4//EN" "http://www.sun.com/software/sunone/appserver/dtds/sun-application_1_4-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application>
+ <unique-id>0</unique-id>
+ <security-role-mapping>
+ <role-name>Administrator</role-name>
+ <principal-name>shingwai</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>Employee</role-name>
+ <principal-name>shingwai</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>Manager</role-name>
+ <principal-name>shingwai</principal-name>
+ </security-role-mapping>
+ <realm>file2</realm>
+</sun-application>
diff --git a/appserver/tests/appserv-tests/devtests/security/cplogin/descriptor/sun-ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/cplogin/descriptor/sun-ejb-jar.xml
new file mode 100644
index 0000000..e42a1c0
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/cplogin/descriptor/sun-ejb-jar.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 EJB 2.0//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-ejb-jar_2_0-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-ejb-jar>
+ <enterprise-beans>
+ <unique-id>1</unique-id>
+ <ejb>
+ <ejb-name>PLoginTheConverter</ejb-name>
+ <jndi-name>PLoginConverter</jndi-name>
+ </ejb>
+ </enterprise-beans>
+</sun-ejb-jar>
diff --git a/appserver/tests/appserv-tests/devtests/security/cplogin/ejb/ConverterBean.java b/appserver/tests/appserv-tests/devtests/security/cplogin/ejb/ConverterBean.java
new file mode 100644
index 0000000..1537c52
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/cplogin/ejb/ConverterBean.java
@@ -0,0 +1,92 @@
+/*
+ * Copyright (c) 2004, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.devtest.security.plogin.converter.ejb;
+
+import java.rmi.RemoteException;
+import javax.ejb.SessionBean;
+import javax.ejb.SessionContext;
+import java.math.*;
+
+/**
+ * A simple stateless bean for the Converter application. This bean implements all
+ * business method as declared by the remote interface, <code>Converter</code>.
+ *
+ * @see Converter
+ * @see ConverterHome
+ */
+public class ConverterBean implements SessionBean {
+
+ BigDecimal yenRate = new BigDecimal("121.6000");
+ BigDecimal euroRate = new BigDecimal("0.0077");
+ SessionContext mysc = null;
+
+ public String myCallerPrincipal(){
+ return mysc.getCallerPrincipal().toString();
+ }
+ /**
+ * Returns the yen value for a given dollar amount.
+ * @param dollars dollar amount to be converted to yen.
+ */
+ public BigDecimal dollarToYen(BigDecimal dollars) {
+ BigDecimal result = dollars.multiply(yenRate);
+ return result.setScale(2,BigDecimal.ROUND_UP);
+ }
+
+ /**
+ * Returns the euro value for a given yen amount.
+ * @param yen yen amount to be converted to euro.
+ */
+ public BigDecimal yenToEuro(BigDecimal yen) {
+ BigDecimal result = yen.multiply(euroRate);
+ return result.setScale(2,BigDecimal.ROUND_UP);
+ }
+
+ /**
+ * Required by EJB spec.
+ */
+ public ConverterBean() {}
+
+ /**
+ * Creates a bean. Required by EJB spec.
+ * @exception throws CreateException.
+ */
+ public void ejbCreate() {}
+
+ /**
+ * Removes the bean. Required by EJB spec.
+ */
+ public void ejbRemove() {}
+
+ /**
+ * Loads the state of the bean from secondary storage. Required by EJB spec.
+ */
+ public void ejbActivate() {}
+
+ /**
+ * Keeps the state of the bean to secondary storage. Required by EJB spec.
+ */
+ public void ejbPassivate() {}
+
+ /**
+ * Sets the session context. Required by EJB spec.
+ * @param ctx A SessionContext object.
+ */
+ public void setSessionContext(SessionContext sc) {
+ mysc = sc;
+ }
+
+} // ConverterBean
diff --git a/appserver/tests/appserv-tests/devtests/security/cplogin/ejb/ConverterRemote.java b/appserver/tests/appserv-tests/devtests/security/cplogin/ejb/ConverterRemote.java
new file mode 100644
index 0000000..64d1062
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/cplogin/ejb/ConverterRemote.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2004, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.devtest.security.plogin.converter.ejb;
+
+import javax.ejb.EJBObject;
+import java.rmi.RemoteException;
+import java.math.*;
+
+/**
+ * Remote interface for the <code>ConverterBean</code>. The remote interface, </code>Converter</code>
+ * defines all possible business methods for the bean. These are methods, going tobe invoked
+ * remotely by clients, once they have a reference to the remote interface.
+ *
+ * Clients generally take the help of JNDI to lookup the bean's home interface and
+ * then use the home interface to obtain references to the bean's remote interface.
+ *
+ * @see ConverterHome
+ * @see ConverterBean
+ */
+public interface ConverterRemote extends EJBObject {
+
+ /**
+ * Returns the yen value for a given dollar amount.
+ * @param dollars dollar amount to be converted to yen.
+ */
+ public BigDecimal dollarToYen(BigDecimal dollars) throws RemoteException;
+
+ /**
+ * Returns the euro value for a given yen amount.
+ * @param yen yen amount to be converted to euro.
+ */
+ public BigDecimal yenToEuro(BigDecimal yen) throws RemoteException;
+
+ public String myCallerPrincipal() throws RemoteException;
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/cplogin/ejb/ConverterRemoteHome.java b/appserver/tests/appserv-tests/devtests/security/cplogin/ejb/ConverterRemoteHome.java
new file mode 100644
index 0000000..681994f
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/cplogin/ejb/ConverterRemoteHome.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2004, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.devtest.security.plogin.converter.ejb;
+
+import java.io.Serializable;
+import java.rmi.RemoteException;
+import javax.ejb.CreateException;
+import javax.ejb.EJBHome;
+
+/**
+ * Home interface for the <code>ConverterBean</code>. Clients generally use home interface
+ * to obtain references to the bean's remote interface, <code>Converter</code>.
+ *
+ * @see Converter
+ * @see ConverterBean
+ */
+public interface ConverterRemoteHome extends EJBHome {
+ /**
+ * Gets a reference to the remote interface of the <code>ConverterBean</code>.
+ * @exception throws CreateException and RemoteException.
+ *
+ */
+ ConverterRemote create() throws RemoteException, CreateException;
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/defaultp2r/build.properties b/appserver/tests/appserv-tests/devtests/security/defaultp2r/build.properties
new file mode 100644
index 0000000..b98e0ff
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/defaultp2r/build.properties
@@ -0,0 +1,30 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security-defaultp2r"/>
+<property name="appname" value="${module}" />
+<property name="app.type" value="application"/>
+<!--
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="sun-application.xml" value="descriptor/sun-application.xml"/>
+<property name="ejb-jar.xml" value="descriptor/ejb-jar.xml"/>
+<property name="sun-ejb-jar.xml" value="descriptor/sun-ejb-jar.xml"/>
+<property name="sun-web.xml" value="descriptor/sun-web.xml"/>
+-->
+<property name="web.xml" value="descriptor/web.xml"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/defaultp2r/build.xml b/appserver/tests/appserv-tests/devtests/security/defaultp2r/build.xml
new file mode 100644
index 0000000..889c8cd
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/defaultp2r/build.xml
@@ -0,0 +1,200 @@
+<?xml version="1.0"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "file:./../../../config/run.xml">
+<!ENTITY commonSecurity SYSTEM "file:./../common.xml">
+<!ENTITY testProperties SYSTEM "./build.properties">
+]>
+
+<project name="security-defaultp2r" basedir="." default="usage">
+
+ &commonSetup;
+ &commonBuild;
+ &commonRun;
+ &commonSecurity;
+ &testProperties;
+
+ <target name="all" depends="build, setup">
+ <antcall target="test-p2r-enabled"/>
+ <antcall target="test-p2r-disabled"/>
+ <antcall target="unsetup"/>
+ </target>
+
+ <target name="test-p2r-enabled"
+ depends="enable-p2r, deploy, run, undeploy"/>
+
+ <target name="test-p2r-disabled"
+ depends="disable-p2r, deploy, run-negative, undeploy"/>
+
+ <target name="clean" depends="init-common">
+ <delete dir="${build.classes.dir}"/>
+ <delete dir="${assemble.dir}"/>
+ </target>
+
+ <target name="compile" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="web"/>
+ </antcall>
+ </target>
+
+ <target name="build" depends="compile">
+ <antcall target="webclient-war-common">
+ <param name="hasWebclient" value="yes" />
+ </antcall>
+ </target>
+
+ <target name="deploy" depends="init-common">
+ <antcall target="deploy-war-common">
+ <param name="contextroot" value="${appname}"/>
+ </antcall>
+ </target>
+
+ <target name="run" depends="init-common">
+ <antcall target="runweb">
+ <param name="servlet" value="TestServlet"/>
+ <param name="webuser" value="bobby"/>
+ <param name="webpassword" value="bb"/>
+ <param name="httpMethod" value="FOO"/>
+ <param name="goldenfile" value="goldenfiles/foo.html"/>
+ <param name="testcaseid" value="user-auth-with-foo"/>
+ </antcall>
+ <antcall target="runweb">
+ <param name="servlet" value="TestServlet"/>
+ <param name="webuser" value="bobby"/>
+ <param name="webpassword" value="bb"/>
+ <param name="httpMethod" value="GET"/>
+ <param name="goldenfile" value="goldenfiles/get.html"/>
+ <param name="testcaseid" value="user-auth-with-get"/>
+ </antcall>
+ </target>
+
+ <target name="run-negative" depends="init-common">
+ <antcall target="runweb-403">
+ <param name="servlet" value="TestServlet"/>
+ <param name="webuser" value="bobby"/>
+ <param name="webpassword" value="bb"/>
+ <param name="httpMethod" value="GET"/>
+ <param name="testcaseid" value="user-auth-should-fail"/>
+ </antcall>
+ </target>
+
+ <target name="runweb" depends="init-common">
+ <taskdef name="webtest" classname="${webtest.classname}"
+ classpath="${webtest.classpath}" />
+ <webtest request="${httpMethod} /security-defaultp2r/${servlet} HTTP/1.0"
+ debug="9"
+ host="${http.host}"
+ port="${http.port}"
+ authMethod="BASIC"
+ userName="${webuser}"
+ password="${webpassword}"
+ firstTask="true"
+ lastTest="true"
+ lastCase="true"
+ lastTask="true"
+ resultFileName="${webtest.report.dir}/security-gtest-results.xml"
+ testSession="security-defaultp2r"
+ requestHeaders="Host:${http.host}:${http.port}"
+ goldenFile="${env.APS_HOME}/devtests/security/defaultp2r/${goldenfile}"
+ testSuiteId="security-defaultp2r"
+ testSuiteName="security-defaultp2r"
+ testSuiteDescription="Security Test"
+ testId="security-defaultp2r"
+ testName="security-defaultp2r"
+ testDescription="Testing default principal to role mapping: ${testcaseid}"
+ testCaseId="${testcaseid}"
+ testCaseName="${testcaseid}"
+ testCaseDescription="Testing default principal to role mapping"
+ testStrategy="Testing default principal to role mapping"/>
+ </target>
+
+ <target name="runweb-403" depends="init-common">
+ <taskdef name="webtest" classname="${webtest.classname}"
+ classpath="${webtest.classpath}" />
+ <webtest request="${httpMethod} /security-defaultp2r/${servlet} HTTP/1.0"
+ debug="9"
+ host="${http.host}"
+ port="${http.port}"
+ authMethod="BASIC"
+ userName="${webuser}"
+ password="${webpassword}"
+ firstTask="true"
+ lastTest="true"
+ lastCase="true"
+ lastTask="true"
+ resultFileName="${webtest.report.dir}/security-gtest-results.xml"
+ testSession="security-httpMethod"
+ requestHeaders="Host:${http.host}:${http.port}"
+ returnCode="HTTP/1.1 403"
+ testSuiteId="security-httpMethod"
+ testSuiteName="security-httpMethod"
+ testSuiteDescription="Security Test"
+ testId="security-httpMethod"
+ testName="security-httpMethod"
+ testDescription="Testing default p2r mapping disabled: ${testcaseid}"
+ testCaseId="${testcaseid}"
+ testCaseName="${testcaseid}"
+ testCaseDescription="Testing default p2r mapping disabled"
+ testStrategy="Testing default p2r mapping disabled"/>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-war-common"/>
+ </target>
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+
+ <target name="setup">
+ <antcall target="create-user-common">
+ <param name="user" value="bobby"/>
+ <param name="password" value="bb"/>
+ <param name="groups" value="mygroup"/>
+ </antcall>
+ <!-- <antcall target="reconfig-common"/>-->
+ </target>
+
+ <target name="unsetup">
+ <!-- remove test users, just cleanup. -->
+ <antcall target="delete-user-common">
+ <param name="user" value="bobby"/>
+ </antcall>
+ </target>
+
+ <target name="enable-p2r" depends="init-common">
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="set"/>
+ <param name="operand.props"
+ value="server-config.security-service.activate-default-principal-to-role-mapping=true"/>
+ </antcall>
+ </target>
+
+ <target name="disable-p2r" depends="init-common">
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="set"/>
+ <param name="operand.props"
+ value="server-config.security-service.activate-default-principal-to-role-mapping=false"/>
+ </antcall>
+ </target>
+
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/defaultp2r/descriptor/web.xml b/appserver/tests/appserv-tests/devtests/security/defaultp2r/descriptor/web.xml
new file mode 100644
index 0000000..2550d2e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/defaultp2r/descriptor/web.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN' 'http://java.sun.com/j2ee/dtds/web-app_2_2.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app>
+
+ <display-name>security-defaultp2r</display-name>
+ <distributable></distributable>
+ <servlet>
+ <servlet-name>TestServlet</servlet-name>
+ <servlet-class>com.sun.s1asdev.security.defaultp2r.TestServlet</servlet-class>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>TestServlet</servlet-name>
+ <url-pattern>/TestServlet</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>secure</web-resource-name>
+ <url-pattern>/TestServlet</url-pattern>
+ <http-method>FOO</http-method>
+ <http-method>GET</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>mygroup</role-name>
+ </auth-constraint>
+ <user-data-constraint>
+ <transport-guarantee>NONE</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>default</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>mygroup</role-name>
+ </security-role>
+
+</web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/defaultp2r/goldenfiles/foo.html b/appserver/tests/appserv-tests/devtests/security/defaultp2r/goldenfiles/foo.html
new file mode 100644
index 0000000..671474c
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/defaultp2r/goldenfiles/foo.html
@@ -0,0 +1 @@
+doFoo with bobby
diff --git a/appserver/tests/appserv-tests/devtests/security/defaultp2r/goldenfiles/get.html b/appserver/tests/appserv-tests/devtests/security/defaultp2r/goldenfiles/get.html
new file mode 100644
index 0000000..0b0cc90
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/defaultp2r/goldenfiles/get.html
@@ -0,0 +1 @@
+doGet with bobby
diff --git a/appserver/tests/appserv-tests/devtests/security/defaultp2r/web/TestServlet.java b/appserver/tests/appserv-tests/devtests/security/defaultp2r/web/TestServlet.java
new file mode 100644
index 0000000..a611e3e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/defaultp2r/web/TestServlet.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.defaultp2r;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import java.io.IOException;
+import java.io.PrintWriter;
+
+public class TestServlet extends HttpServlet {
+
+ public void service(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ String method = req.getMethod();
+ if (method.equals("FOO")) {
+ doFoo(req, resp);
+ } else {
+ super.service(req, resp);
+ }
+ }
+
+ public void doFoo(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ PrintWriter out = resp.getWriter();
+ out.println("doFoo with " + req.getUserPrincipal());
+ out.close();
+ }
+
+ public void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ PrintWriter out = resp.getWriter();
+ out.println("doGet with " + req.getUserPrincipal());
+ out.close();
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/build.properties b/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/build.properties
new file mode 100644
index 0000000..34b4055
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/build.properties
@@ -0,0 +1,20 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/build.xml b/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/build.xml
new file mode 100644
index 0000000..8c02c7b
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/build.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "./../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "./../../../config/run.xml">
+<!ENTITY testProperties SYSTEM "./build.properties">
+<!ENTITY commonSecurity SYSTEM "./../common.xml">
+]>
+
+
+<project name="ejb-auth-propagation" basedir="." default="usage" xmlns:artifact="antlib:org.apache.maven.artifact.ant">
+
+ &commonSetup;
+ &commonBuild;
+ &commonRun;
+ &testProperties;
+ &commonSecurity;
+ <property environment="env"/>
+ <get src="http://central.maven.org/maven2/org/apache/maven/maven-ant-tasks/2.1.3/maven-ant-tasks-2.1.3.jar" dest="${env.APS_HOME}/lib/maven-ant-tasks-2.1.3.jar"/>
+ <path id="maven-ant-tasks.classpath" path="${env.APS_HOME}/lib/maven-ant-tasks-2.1.3.jar" />
+ <typedef resource="org/apache/maven/artifact/ant/antlib.xml"
+ uri="antlib:org.apache.maven.artifact.ant"
+ classpathref="maven-ant-tasks.classpath" />
+ <target name="all" depends="runMaven"/>
+ <target name="runMaven">
+ <artifact:mvn mavenHome="${env.M2_HOME}" fork="true">
+ <jvmarg value="-Dmaven.multiModuleProjectDirectory"/>
+ <jvmarg value="-Dmaven.javadoc.skip=true" />
+ <arg value="clean"/>
+ <arg value="verify"/>
+ </artifact:mvn>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/pom.xml b/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/pom.xml
new file mode 100644
index 0000000..58637a8
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/pom.xml
@@ -0,0 +1,48 @@
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <parent>
+ <groupId>org.glassfish.main</groupId>
+ <artifactId>glassfish-nucleus-parent</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ <relativePath/>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.glassfish.test.authpropagation</groupId>
+ <artifactId>scheduler-service</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ <packaging>war</packaging>
+ <dependencies>
+ <dependency>
+ <groupId>javax</groupId>
+ <artifactId>javaee-api</artifactId>
+ <version>7.0</version>
+ <scope>provided</scope>
+ </dependency>
+ </dependencies>
+ <build>
+ <finalName>scheduler-service</finalName>
+ </build>
+ <properties>
+ <maven.compiler.source>1.8</maven.compiler.source>
+ <maven.compiler.target>1.8</maven.compiler.target>
+ <failOnMissingWebXml>false</failOnMissingWebXml>
+ </properties>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/src/main/java/org/glassfish/test/auth-propagation/AppResource.java b/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/src/main/java/org/glassfish/test/auth-propagation/AppResource.java
new file mode 100644
index 0000000..a1d016f
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/src/main/java/org/glassfish/test/auth-propagation/AppResource.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.test.authpropagation;
+
+import javax.ejb.EJB;
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.Response;
+
+@Path("/")
+public class AppResource {
+ @EJB
+ private Service service;
+
+ @GET
+ public Response hello() throws Exception {
+ return Response.ok("hello").build();
+ }
+
+ @POST
+ public Response login(@Context HttpServletRequest request) throws Exception {
+ request.getSession(true);
+ request.login("user1", "user1");
+ service.exec();
+ return Response.ok("ok").build();
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/src/main/java/org/glassfish/test/auth-propagation/AuthGroup.java b/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/src/main/java/org/glassfish/test/auth-propagation/AuthGroup.java
new file mode 100644
index 0000000..fec004c
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/src/main/java/org/glassfish/test/auth-propagation/AuthGroup.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.test.authpropagation;
+
+import javax.persistence.*;
+import java.io.Serializable;
+import java.util.List;
+
+@Entity
+public class AuthGroup implements Serializable {
+
+
+ @Id
+ private String groupName;
+
+ @ManyToMany
+ @JoinTable(
+ joinColumns = @JoinColumn(name = "groupName", referencedColumnName = "groupName"),
+ inverseJoinColumns = @JoinColumn(name = "userName", referencedColumnName = "userName"))
+ private List<MyUser> users;
+
+
+ protected AuthGroup() {
+ super();
+ }
+
+ public AuthGroup(String groupName, List<MyUser> users) {
+ this.groupName = groupName;
+ this.users = users;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/src/main/java/org/glassfish/test/auth-propagation/DataSourceInitializer.java b/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/src/main/java/org/glassfish/test/auth-propagation/DataSourceInitializer.java
new file mode 100644
index 0000000..dac748c
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/src/main/java/org/glassfish/test/auth-propagation/DataSourceInitializer.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.test.authpropagation;
+
+import javax.annotation.*;
+import javax.annotation.sql.DataSourceDefinition;
+import javax.ejb.Singleton;
+import javax.ejb.Startup;
+import javax.persistence.EntityManager;
+import javax.persistence.PersistenceContext;
+import javax.sql.DataSource;
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.ArrayList;
+import java.util.List;
+
+@DataSourceDefinition(
+ name = "java:app/primaryDS",
+ className = "org.apache.derby.jdbc.ClientXADataSource",
+ portNumber = 1527,
+ serverName = "localhost",
+ user = "APP",
+ password = "APP",
+ databaseName="db",
+ properties = {"connectionAttributes=;create=true"}
+)
+@Singleton
+@Startup
+public class DataSourceInitializer {
+
+ @PersistenceContext(unitName = "primaryPU")
+ private EntityManager em;
+
+ @Resource(lookup = "java:app/primaryDS")
+ private DataSource dataSource;
+
+ @PostConstruct
+ public void init() {
+ List<AuthGroup> groups = new ArrayList<>();
+ MyUser user = new MyUser("user1", hash("user1"), groups);
+
+ em.persist(user);
+
+ List<MyUser> users = new ArrayList<>();
+ users.add(user);
+ AuthGroup group = new AuthGroup("group1", users);
+ em.persist(group);
+
+ groups.add(group);
+ }
+
+ private String hash(String plainPassword) {
+ try {
+ MessageDigest md = MessageDigest.getInstance("SHA-256");
+ md.update(plainPassword.getBytes(StandardCharsets.UTF_8));
+ return bytesToHex(md.digest());
+ } catch (NoSuchAlgorithmException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ private final static char[] hexArray = "0123456789abcdef".toCharArray();
+ public static String bytesToHex(byte[] bytes) {
+ char[] hexChars = new char[bytes.length * 2];
+ for ( int j = 0; j < bytes.length; j++ ) {
+ int v = bytes[j] & 0xFF;
+ hexChars[j * 2] = hexArray[v >>> 4];
+ hexChars[j * 2 + 1] = hexArray[v & 0x0F];
+ }
+ return new String(hexChars);
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/src/main/java/org/glassfish/test/auth-propagation/MyUser.java b/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/src/main/java/org/glassfish/test/auth-propagation/MyUser.java
new file mode 100644
index 0000000..8242a9b
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/src/main/java/org/glassfish/test/auth-propagation/MyUser.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.test.authpropagation;
+
+import javax.persistence.*;
+import java.io.Serializable;
+import java.util.List;
+
+@Entity
+public class MyUser implements Serializable {
+
+ @Id
+ private String userName;
+
+ private String password;
+
+ @ManyToMany(mappedBy = "users")
+ private List<AuthGroup> groups;
+
+ protected MyUser() {
+ super();
+ }
+
+ public MyUser(String userName, String password, List<AuthGroup> groups) {
+ this.userName = userName;
+ this.password = password;
+ this.groups = groups;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/src/main/java/org/glassfish/test/auth-propagation/RsApplication.java b/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/src/main/java/org/glassfish/test/auth-propagation/RsApplication.java
new file mode 100644
index 0000000..9c63836
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/src/main/java/org/glassfish/test/auth-propagation/RsApplication.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.test.authpropagation;
+
+import javax.ws.rs.ApplicationPath;
+import javax.ws.rs.core.Application;
+
+@ApplicationPath("rs")
+public class RsApplication extends Application {
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/src/main/java/org/glassfish/test/auth-propagation/SchedulerService.java b/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/src/main/java/org/glassfish/test/auth-propagation/SchedulerService.java
new file mode 100644
index 0000000..210ffff
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/src/main/java/org/glassfish/test/auth-propagation/SchedulerService.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.test.authpropagation;
+
+import javax.annotation.PostConstruct;
+import javax.annotation.Resource;
+import javax.ejb.*;
+import java.util.logging.Logger;
+
+@Singleton
+@Startup
+@ConcurrencyManagement(ConcurrencyManagementType.CONTAINER)
+public class SchedulerService {
+ private static final Logger logger = Logger.getLogger(SchedulerService.class.getName());
+
+ @Resource
+ private TimerService timerService;
+
+ @Resource
+ private SessionContext context;
+
+ @PostConstruct
+ public void postConstruct() {
+ TimerConfig timerConfig = new TimerConfig();
+ // ...
+ timerService.createIntervalTimer(0, 1000, timerConfig);
+ }
+
+ @Timeout
+ public void handleTimeout(Timer timer) {
+ logger.info("handleTimeout()[" + context.getCallerPrincipal() + "]:" + Thread.currentThread().getName());
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/src/main/java/org/glassfish/test/auth-propagation/Service.java b/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/src/main/java/org/glassfish/test/auth-propagation/Service.java
new file mode 100644
index 0000000..8ecb656
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/src/main/java/org/glassfish/test/auth-propagation/Service.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.test.authpropagation;
+
+import javax.annotation.Resource;
+import javax.ejb.Asynchronous;
+import javax.ejb.LocalBean;
+import javax.ejb.SessionContext;
+import javax.ejb.Stateless;
+import java.util.logging.Logger;
+
+@Stateless
+@LocalBean
+public class Service {
+ private static final Logger logger = Logger.getLogger(Service.class.getName());
+
+ @Resource
+ private SessionContext context;
+
+ @Asynchronous
+ public void exec() {
+ logger.info("exec()[" + context.getCallerPrincipal() + "]:" + Thread.currentThread().getName());
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/src/main/resources/META-INF/persistence.xml b/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/src/main/resources/META-INF/persistence.xml
new file mode 100644
index 0000000..ed00e80
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/src/main/resources/META-INF/persistence.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<persistence xmlns="http://xmlns.jcp.org/xml/ns/persistence"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ version="2.1"
+ xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/persistence http://xmlns.jcp.org/xml/ns/persistence/persistence_2_1.xsd">
+
+ <persistence-unit name="primaryPU" transaction-type="JTA">
+ <jta-data-source>java:app/primaryDS</jta-data-source>
+ <exclude-unlisted-classes>false</exclude-unlisted-classes>
+ <properties>
+ <property name="javax.persistence.schema-generation.database.action" value="create"/>
+ </properties>
+ </persistence-unit>
+
+</persistence>
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/src/main/webapp/WEB-INF/beans.xml b/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/src/main/webapp/WEB-INF/beans.xml
new file mode 100644
index 0000000..076f421
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/src/main/webapp/WEB-INF/beans.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<beans xmlns="http://xmlns.jcp.org/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/beans_1_1.xsd"
+ bean-discovery-mode="all">
+</beans>
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/src/main/webapp/WEB-INF/web.xml b/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 0000000..3d203ab
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-auth-async/scheduler-service/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
+ http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
+ version="3.1">
+
+ <security-constraint>
+ <display-name>protected-pages</display-name>
+ <web-resource-collection>
+ <web-resource-name>protected-pages</web-resource-name>
+ <url-pattern>/faces/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>group1</role-name>
+ </auth-constraint>
+ <user-data-constraint>
+ <transport-guarantee>NONE</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+ <login-config>
+ <auth-method>FORM</auth-method>
+ <realm-name>appJdbcRealm</realm-name>
+ <form-login-config>
+ <form-login-page>/index.xhtml</form-login-page>
+ <form-error-page>/index.xhtml</form-error-page>
+ </form-login-config>
+ </login-config>
+ <security-role>
+ <role-name>group1</role-name>
+ </security-role>
+
+</web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/build.properties b/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/build.properties
new file mode 100644
index 0000000..8cb034d
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/build.properties
@@ -0,0 +1,35 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="sec-ssl"/>
+<property name="appname" value="${module}-converter"/>
+
+<property name="test.client"
+ value="com.sun.s1peqe.security.ssl.converter.client.ConverterClient"/>
+
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="sun-application.xml" value="descriptor/sun-application.xml"/>
+<property name="ejb-jar.xml" value="descriptor/ejb-jar.xml"/>
+<property name="sun-ejb-jar.xml" value="descriptor/sun-ejb-jar.xml"/>
+<property name="application-client.xml"
+ value="descriptor/application-client.xml"/>
+<property name="sun-application-client.xml"
+ value="descriptor/sun-application-client.xml"/>
+
+<property name="app.type" value="application"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/build.xml b/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/build.xml
new file mode 100644
index 0000000..ba1b38e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/build.xml
@@ -0,0 +1,119 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "file:./../../../config/run.xml">
+<!ENTITY commonSecurity SYSTEM "file:./../common.xml">
+<!ENTITY testproperties SYSTEM "file:./build.properties">
+]>
+
+<project name="mutualSSLconverterApp" default="usage" basedir=".">
+
+ &commonSetup;
+ &commonBuild;
+ &commonRun;
+ &commonSecurity;
+ &testproperties;
+
+
+ <target name="all" depends="build,setup,deploy,run,undeploy,unsetup"/>
+ <!-- run-test target added to have setup/unsetup commonly -->
+ <target name="run-test" depends="build,deploy,run,undeploy"/>
+
+ <target name="clean" depends="init-common">
+ <antcall target="clean-common"/>
+ </target>
+
+ <target name="setup" depends="init-common">
+ <antcall target="prepare-store-common"/>
+ <antcall target="restart"/>
+ </target>
+
+ <target name="unsetup" depends="init-common">
+ <antcall target="remove-store-common"/>
+ <!--antcall target="restart"/-->
+ </target>
+
+ <target name="compile" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="ejb"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="client"/>
+ </antcall>
+ </target>
+
+ <target name="build" depends="compile">
+ <antcall target="build-ear-common"/>
+ </target>
+
+ <target name="deploy" depends="init-common">
+ <antcall target="deploy-common"/>
+ </target>
+
+ <target name="run" depends="init-common">
+ <antcall target="runclient-local"/>
+ <antcall target="run-standalone-client"/>
+ </target>
+
+ <target name="runclient-local" depends="init-common">
+ <exec executable="${APPCLIENT}">
+ <env key="VMARGS" value=" -Djavax.net.ssl.keyStore=${mykeystore.db.file} -Djavax.net.ssl.trustStore=${mytruststore.db.file} -Djavax.net.ssl.keyStorePassword=${ssl.password} -Djavax.net.ssl.trustStorePassword=${ssl.password}"/>
+ <arg value="-client" />
+ <arg value="${assemble.dir}/${appname}AppClient.jar"/>
+ </exec>
+ </target>
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-common"/>
+ </target>
+
+ <!-- =============================================== -->
+ <!-- Target to run the standalone client without ACC -->
+ <!-- =============================================== -->
+ <target name="run-standalone-client" depends="init-common,init-security-util">
+ <property name="jndi.name" value="SSLconverter"/>
+ <property name="provider.url" value="iiop://${s1asCN}:${orb.port}"/>
+ <property name="ctxfactory"
+ value="com.sun.enterprise.naming.SerialInitContextFactory"/>
+ <echo message="provider.url used is ${provider.url}"/>
+ <java classname="${test.client}"
+ classpath="${s1astest.classpath}:${env.S1AS_HOME}/lib/appserv-rt.jar:${assemble.dir}/${appname}AppClient.jar"
+ failonerror="true" fork="true">
+ <jvmarg value="-Dorg.omg.CORBA.ORBInitialHost=${s1asCN}"/>
+ <jvmarg value="-Dorg.omg.CORBA.ORBInitialPort=${orb.port}"/>
+ <jvmarg value="-Djavax.net.ssl.keyStore=${mykeystore.db.file}"/>
+ <jvmarg value="-Djavax.net.ssl.trustStore=${mytruststore.db.file}"/>
+ <jvmarg value="-Djavax.net.ssl.keyStorePassword=${ssl.password}"/>
+ <jvmarg value="-Djavax.net.ssl.trustStorePassword=${ssl.password}"/>
+ <arg value="${provider.url}"/>
+ <arg value="${ctxfactory}"/>
+ <arg value="${jndi.name}"/>
+ </java>
+ </target>
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+
+ <target name="restart">
+ <antcall target="restart-server-instance-common"/>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/client/ConverterClient.java b/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/client/ConverterClient.java
new file mode 100644
index 0000000..acedf8e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/client/ConverterClient.java
@@ -0,0 +1,157 @@
+/*
+ * Copyright (c) 2002, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1peqe.security.ssl.converter.client;
+
+import java.util.Properties;
+import java.math.BigDecimal;
+import javax.naming.Context;
+import javax.naming.InitialContext;
+import javax.rmi.PortableRemoteObject;
+import com.sun.s1peqe.security.ssl.converter.ejb.*;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+/**
+ * A simple java client. This uses the services provided by the <code>ConverterBean</code> and
+ * converts 100 US dollars to Yen and 100 Yen to Euro.
+ * <p>In this regard, it does the following in order
+ * <ul>
+ * <li>Locates the home interface of the enterprise bean
+ * <li>Gets a reference to the remote interface
+ * <li>Invokes business methods
+ * </ul>
+ * <br>
+ * <b>Locating the home interface:</b>
+ * <blockquote><pre>
+ * Context initial = new InitialContext();
+ * Context myEnv = (Context)initial.lookup("java:comp/env");
+ * Object objref = myEnv.lookup("ejb/SimpleConverter");
+ * ConverterHome home = (ConverterHome)PortableRemoteObject.narrow(objref, ConverterHome.class);
+ * </pre></blockquote>
+ * <br>
+ * <b>Creating the remote interface:</b>
+ * <blockquote><pre>
+ * Converter currencyConverter = home.create();
+ * </pre></blockquote>
+ * <br>
+ * <b>Invoking business methods:</b>
+ * <blockquote><pre>
+ * BigDecimal param = new BigDecimal ("100.00");
+ * amount = currencyConverter.dollarToYen(param);
+ * amount = currencyConverter.yenToEuro(param);
+ * </pre></blockquote>
+ * <br>
+ * <b>Output:</b>
+ * <pre>
+ * 12160.00
+ * 0.77
+ * </pre>
+ *
+ *
+ */
+
+public class ConverterClient {
+
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+
+ ConverterClient() {
+ }
+
+ /**
+ * The main method of the client. This invokes the <code>ConverterBean</code> to use
+ * its services. It then asks the bean to convert 100 dollars to yen and
+ * 100 yen to euro. The results are printed at the terminal where the client is run.
+ * See <code>appclient</code> documentation in SunONE app server to run the clinet.
+ *
+ */
+ public static void main(String[] args) {
+ ConverterClient client = new ConverterClient();
+ client.run(args);
+ }
+
+ private void run(String[] args) {
+ String url = null;
+ String testId = null;
+ String jndiName = null;
+ Context context = null;
+ String ctxFactory = null;
+ java.lang.Object obj = null;
+ try {
+ stat.addDescription("Security::SSL tester -converter sample.");
+
+ if (args.length == 3) {
+ url = args[0];
+ ctxFactory = args[1];
+ jndiName = args[2];
+ }
+
+ if ( (url == null) || (ctxFactory == null) ) {
+ testId = "Sec::Mutual_SSL_simple Converter Sample AppClient";
+ // Initialize the Context with default properties
+ context = new InitialContext();
+ System.out.println("Default Context Initialized...");
+ // Create Home object
+ obj = context.lookup("java:comp/env/ejb/SSLSimpleConverter");
+ } else {
+ testId = "Sec::Mutual_SSL_simple Standalone-Client";
+ Properties env = new Properties();
+ env.put("java.naming.provider.url", url);
+ env.put("java.naming.factory.initial", ctxFactory);
+ // Initialize the Context with JNDI specific properties
+ context = new InitialContext(env);
+ System.out.println("Context Initialized with " +
+ "URL: " + url + ", Factory: " + ctxFactory);
+ // Create Home object
+ obj = context.lookup(jndiName);
+ }
+ String mys = "CN=SSLTest, OU=Sun Java System Application Server, O=Sun Microsystems, L=Santa Clara, ST=California, C=US";
+ System.out.println("Certname in appclication-client ->"+mys);
+ ConverterRemoteHome home =
+ (ConverterRemoteHome) PortableRemoteObject.narrow(obj,
+ ConverterRemoteHome.class);
+
+ ConverterRemote currencyConverter = home.create();
+
+
+ String s = currencyConverter.myCallerPrincipal();
+
+ System.out.println(" The caller principal received from ejb ->"+s);
+
+ if(!mys.equalsIgnoreCase(s)){
+ String error = "The caller principals dont match!! - Test Failed";
+ System.out.println(error);
+ throw new Exception(error);
+ }else{
+ System.out.println("Mutual Authentication worked - calling other methods");
+ }
+ BigDecimal param = new BigDecimal ("100.00");
+ BigDecimal amount = currencyConverter.dollarToYen(param);
+ System.out.println("\n\n\n===========Beginning Simple Test=====\n\n");
+ System.out.println("$100 is : "+amount+"Yen");
+ amount = currencyConverter.yenToEuro(param);
+ System.out.println("Yen is :"+amount+"Euro");
+ stat.addStatus(testId, stat.PASS);
+ } catch (Exception ex) {
+ stat.addStatus(testId, stat.FAIL);
+ System.err.println("Caught an unexpected exception!");
+ ex.printStackTrace();
+ } finally {
+ stat.printSummary(testId);
+ }
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/client/MANIFEST.MF b/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/client/MANIFEST.MF
new file mode 100644
index 0000000..bf0333b
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/client/MANIFEST.MF
@@ -0,0 +1,4 @@
+Manifest-Version: 1.0
+Created-By: 1.4.0 (Sun Microsystems Inc.)
+Main-Class: com.sun.s1peqe.security.ssl.converter.client.ConverterClient
+
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/descriptor/application-client.xml b/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/descriptor/application-client.xml
new file mode 100644
index 0000000..abede97
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/descriptor/application-client.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE application-client PUBLIC '-//Sun Microsystems, Inc.//DTD J2EE Application Client 1.3//EN' 'http://java.sun.com/dtd/application-client_1_3.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application-client>
+ <display-name>sec-ssl-converterClient</display-name>
+ <env-entry>
+ <env-entry-name>certname</env-entry-name>
+ <env-entry-type>java.lang.String</env-entry-type>
+ <env-entry-value>CN=SSLTest, OU=Sun Java System Application Server, O=Sun Microsystems, L=Santa Clara, ST=California, C=US</env-entry-value>
+ </env-entry>
+ <ejb-ref>
+ <ejb-ref-name>ejb/SSLSimpleConverter</ejb-ref-name>
+ <ejb-ref-type>Session</ejb-ref-type>
+ <home>com.sun.s1peqe.security.ssl.converter.ejb.ConverterRemoteHome</home>
+ <remote>com.sun.s1peqe.security.ssl.converter.ejb.ConverterRemote</remote>
+ </ejb-ref>
+</application-client>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/descriptor/application.xml b/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/descriptor/application.xml
new file mode 100644
index 0000000..26b2189
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/descriptor/application.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE application PUBLIC '-//Sun Microsystems, Inc.//DTD J2EE Application 1.2//EN' 'http://java.sun.com/j2ee/dtds/application_1_2.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application>
+ <icon>
+ <small-icon></small-icon>
+ <large-icon></large-icon>
+ </icon>
+ <display-name>SSLConverterApp</display-name>
+ <module>
+ <java>sec-ssl-converter-client.jar</java>
+ </module>
+ <module>
+ <ejb>sec-ssl-converter-ejb.jar</ejb>
+ </module>
+</application>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/descriptor/ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/descriptor/ejb-jar.xml
new file mode 100644
index 0000000..d2e113e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/descriptor/ejb-jar.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 1.1//EN' 'http://java.sun.com/j2ee/dtds/ejb-jar_1_1.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<ejb-jar>
+ <enterprise-beans>
+ <session>
+ <display-name>SSLConverterApp</display-name>
+ <ejb-name>SSLTheConverter</ejb-name>
+ <home>com.sun.s1peqe.security.ssl.converter.ejb.ConverterRemoteHome</home>
+ <remote>com.sun.s1peqe.security.ssl.converter.ejb.ConverterRemote</remote>
+ <ejb-class>com.sun.s1peqe.security.ssl.converter.ejb.ConverterBean</ejb-class>
+ <session-type>Stateless</session-type>
+ <transaction-type>Bean</transaction-type>
+ </session>
+ </enterprise-beans>
+</ejb-jar>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/descriptor/sun-application-client.xml b/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/descriptor/sun-application-client.xml
new file mode 100644
index 0000000..fb42e00
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/descriptor/sun-application-client.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application-client PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 Application Client 1.3//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-application-client_1_3-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application-client>
+ <ejb-ref>
+ <ejb-ref-name>ejb/SSLSimpleConverter</ejb-ref-name>
+ <jndi-name>SSLconverter</jndi-name>
+ </ejb-ref>
+</sun-application-client>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/descriptor/sun-ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/descriptor/sun-ejb-jar.xml
new file mode 100644
index 0000000..56ba52a
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/descriptor/sun-ejb-jar.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 EJB 2.0//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-ejb-jar_2_0-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-ejb-jar>
+ <enterprise-beans>
+ <unique-id>1</unique-id>
+ <ejb>
+ <ejb-name>SSLTheConverter</ejb-name>
+ <jndi-name>SSLconverter</jndi-name>
+ <ior-security-config>
+ <transport-config>
+ <integrity>required</integrity>
+ <confidentiality>required</confidentiality>
+ <establish-trust-in-target>supported</establish-trust-in-target>
+ <establish-trust-in-client>required</establish-trust-in-client>
+ </transport-config>
+ <as-context>
+ <auth-method>username_password</auth-method>
+ <realm>default</realm>
+ <required>false</required>
+ </as-context>
+ <sas-context>
+ <caller-propagation>supported</caller-propagation>
+ </sas-context>
+ </ior-security-config>
+ </ejb>
+ </enterprise-beans>
+</sun-ejb-jar>
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/ejb/ConverterBean.java b/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/ejb/ConverterBean.java
new file mode 100644
index 0000000..9e2a374
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/ejb/ConverterBean.java
@@ -0,0 +1,92 @@
+/*
+ * Copyright (c) 2002, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1peqe.security.ssl.converter.ejb;
+
+import java.rmi.RemoteException;
+import javax.ejb.SessionBean;
+import javax.ejb.SessionContext;
+import java.math.*;
+
+/**
+ * A simple stateless bean for the Converter application. This bean implements all
+ * business method as declared by the remote interface, <code>Converter</code>.
+ *
+ * @see Converter
+ * @see ConverterHome
+ */
+public class ConverterBean implements SessionBean {
+
+ BigDecimal yenRate = new BigDecimal("121.6000");
+ BigDecimal euroRate = new BigDecimal("0.0077");
+ SessionContext mysc = null;
+
+ public String myCallerPrincipal(){
+ return mysc.getCallerPrincipal().toString();
+ }
+ /**
+ * Returns the yen value for a given dollar amount.
+ * @param dollars dollar amount to be converted to yen.
+ */
+ public BigDecimal dollarToYen(BigDecimal dollars) {
+ BigDecimal result = dollars.multiply(yenRate);
+ return result.setScale(2,BigDecimal.ROUND_UP);
+ }
+
+ /**
+ * Returns the euro value for a given yen amount.
+ * @param yen yen amount to be converted to euro.
+ */
+ public BigDecimal yenToEuro(BigDecimal yen) {
+ BigDecimal result = yen.multiply(euroRate);
+ return result.setScale(2,BigDecimal.ROUND_UP);
+ }
+
+ /**
+ * Required by EJB spec.
+ */
+ public ConverterBean() {}
+
+ /**
+ * Creates a bean. Required by EJB spec.
+ * @exception throws CreateException.
+ */
+ public void ejbCreate() {}
+
+ /**
+ * Removes the bean. Required by EJB spec.
+ */
+ public void ejbRemove() {}
+
+ /**
+ * Loads the state of the bean from secondary storage. Required by EJB spec.
+ */
+ public void ejbActivate() {}
+
+ /**
+ * Keeps the state of the bean to secondary storage. Required by EJB spec.
+ */
+ public void ejbPassivate() {}
+
+ /**
+ * Sets the session context. Required by EJB spec.
+ * @param ctx A SessionContext object.
+ */
+ public void setSessionContext(SessionContext sc) {
+ mysc = sc;
+ }
+
+} // ConverterBean
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/ejb/ConverterRemote.java b/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/ejb/ConverterRemote.java
new file mode 100644
index 0000000..ed4894a
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/ejb/ConverterRemote.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2002, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1peqe.security.ssl.converter.ejb;
+
+import javax.ejb.EJBObject;
+import java.rmi.RemoteException;
+import java.math.*;
+
+/**
+ * Remote interface for the <code>ConverterBean</code>. The remote interface, </code>Converter</code>
+ * defines all possible business methods for the bean. These are methods, going tobe invoked
+ * remotely by clients, once they have a reference to the remote interface.
+ *
+ * Clients generally take the help of JNDI to lookup the bean's home interface and
+ * then use the home interface to obtain references to the bean's remote interface.
+ *
+ * @see ConverterHome
+ * @see ConverterBean
+ */
+public interface ConverterRemote extends EJBObject {
+
+ /**
+ * Returns the yen value for a given dollar amount.
+ * @param dollars dollar amount to be converted to yen.
+ */
+ public BigDecimal dollarToYen(BigDecimal dollars) throws RemoteException;
+
+ /**
+ * Returns the euro value for a given yen amount.
+ * @param yen yen amount to be converted to euro.
+ */
+ public BigDecimal yenToEuro(BigDecimal yen) throws RemoteException;
+
+ public String myCallerPrincipal() throws RemoteException;
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/ejb/ConverterRemoteHome.java b/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/ejb/ConverterRemoteHome.java
new file mode 100644
index 0000000..9d9a0f2
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-mutual-ssl/ejb/ConverterRemoteHome.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2002, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1peqe.security.ssl.converter.ejb;
+
+import java.io.Serializable;
+import java.rmi.RemoteException;
+import javax.ejb.CreateException;
+import javax.ejb.EJBHome;
+
+/**
+ * Home interface for the <code>ConverterBean</code>. Clients generally use home interface
+ * to obtain references to the bean's remote interface, <code>Converter</code>.
+ *
+ * @see Converter
+ * @see ConverterBean
+ */
+public interface ConverterRemoteHome extends EJBHome {
+ /**
+ * Gets a reference to the remote interface of the <code>ConverterBean</code>.
+ * @exception throws CreateException and RemoteException.
+ *
+ */
+ ConverterRemote create() throws RemoteException, CreateException;
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/build.properties b/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/build.properties
new file mode 100644
index 0000000..8fc4e23
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/build.properties
@@ -0,0 +1,35 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="sec-ssl"/>
+<property name="appname" value="${module}-converter"/>
+
+<property name="test.client"
+ value="com.sun.s1peqe.security.ssl.converter.client.ConverterClient"/>
+
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="sun-application.xml" value="descriptor/sun-application.xml"/>
+<property name="ejb-jar.xml" value="descriptor/ejb-jar.xml"/>
+<property name="sun-ejb-jar.xml" value="descriptor/sun-ejb-jar.xml"/>
+<property name="application-client.xml"
+ value="descriptor/application-client.xml"/>
+<property name="sun-application-client.xml"
+ value="descriptor/sun-application-client.xml"/>
+
+<property name="app.type" value="application"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/build.xml b/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/build.xml
new file mode 100644
index 0000000..f8b8b6b
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/build.xml
@@ -0,0 +1,102 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../config/common.xml">
+<!ENTITY commonSecurity SYSTEM "file:./../common.xml">
+<!ENTITY testproperties SYSTEM "file:./build.properties">
+]>
+
+<project name="SSLconverterApp" default="usage" basedir=".">
+
+ &commonSetup;
+ &commonBuild;
+ &commonSecurity;
+ &testproperties;
+
+ <!-- cf config/common.xml -->
+ <target name="all" depends="build,deploy,run,undeploy"/>
+ <!-- run-test target added to have setup/unsetup commonly -->
+ <target name="run-test" depends="build,deploy,run,undeploy"/>
+
+ <target name="clean" depends="init-common">
+ <antcall target="clean-common"/>
+ </target>
+
+ <target name="compile" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="ejb"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="client"/>
+ </antcall>
+ </target>
+
+ <target name="build" depends="compile">
+ <antcall target="build-ear-common"/>
+ </target>
+
+ <target name="deploy" depends="init-common">
+ <antcall target="deploy-common"/>
+ </target>
+
+ <target name="run" depends="init-common">
+ <antcall target="runclient-local"/>
+ <antcall target="run-standalone-client"/>
+ </target>
+
+ <target name="runclient-local" depends="prepare-truststore-common">
+ <exec executable="${APPCLIENT}">
+ <env key="VMARGS" value=" -Djavax.net.ssl.trustStore=${build.base.dir}/cacerts.jks -Djavax.net.ssl.trustStorePassword=${ssl.password}"/>
+ <arg value="-client" />
+ <arg value="${assemble.dir}/${appname}AppClient.jar"/>
+ </exec>
+ </target>
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-common"/>
+ </target>
+
+ <!-- =============================================== -->
+ <!-- Target to run the standalone client without ACC -->
+ <!-- =============================================== -->
+ <target name="run-standalone-client" depends="prepare-truststore-common">
+ <property name="jndi.name" value="SSLconverter"/>
+ <property name="provider.url" value="iiop://${admin.host}:${orb.port}"/>
+ <property name="ctxfactory"
+ value="com.sun.enterprise.naming.SerialInitContextFactory"/>
+ <echo message="provider.url used is ${provider.url}"/>
+ <java classname="${test.client}"
+ classpath="${s1astest.classpath}:${env.S1AS_HOME}/lib/appserv-rt.jar:${assemble.dir}/${appname}AppClient.jar"
+ failonerror="true" fork="true">
+ <jvmarg value="-Dorg.omg.CORBA.ORBInitialHost=${admin.host}"/>
+ <jvmarg value="-Dorg.omg.CORBA.ORBInitialPort=${orb.port}"/>
+ <jvmarg value="-Djavax.net.ssl.trustStore=${build.base.dir}/cacerts.jks"/>
+ <jvmarg value="-Djavax.net.ssl.trustStorePassword=${ssl.password}"/>
+ <arg value="${provider.url}"/>
+ <arg value="${ctxfactory}"/>
+ <arg value="${jndi.name}"/>
+ </java>
+ </target>
+
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/client/ConverterClient.java b/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/client/ConverterClient.java
new file mode 100644
index 0000000..ddbc504
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/client/ConverterClient.java
@@ -0,0 +1,157 @@
+/*
+ * Copyright (c) 2002, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1peqe.security.ssl.converter.client;
+
+import java.util.Properties;
+import java.math.BigDecimal;
+import javax.naming.Context;
+import javax.naming.InitialContext;
+import javax.rmi.PortableRemoteObject;
+import com.sun.s1peqe.security.ssl.converter.ejb.*;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+/**
+ * A simple java client. This uses the services provided by the <code>ConverterBean</code> and
+ * converts 100 US dollars to Yen and 100 Yen to Euro.
+ * <p>In this regard, it does the following in order
+ * <ul>
+ * <li>Locates the home interface of the enterprise bean
+ * <li>Gets a reference to the remote interface
+ * <li>Invokes business methods
+ * </ul>
+ * <br>
+ * <b>Locating the home interface:</b>
+ * <blockquote><pre>
+ * Context initial = new InitialContext();
+ * Context myEnv = (Context)initial.lookup("java:comp/env");
+ * Object objref = myEnv.lookup("ejb/SimpleConverter");
+ * ConverterHome home = (ConverterHome)PortableRemoteObject.narrow(objref, ConverterHome.class);
+ * </pre></blockquote>
+ * <br>
+ * <b>Creating the remote interface:</b>
+ * <blockquote><pre>
+ * Converter currencyConverter = home.create();
+ * </pre></blockquote>
+ * <br>
+ * <b>Invoking business methods:</b>
+ * <blockquote><pre>
+ * BigDecimal param = new BigDecimal ("100.00");
+ * amount = currencyConverter.dollarToYen(param);
+ * amount = currencyConverter.yenToEuro(param);
+ * </pre></blockquote>
+ * <br>
+ * <b>Output:</b>
+ * <pre>
+ * 12160.00
+ * 0.77
+ * </pre>
+ *
+ *
+ */
+
+public class ConverterClient {
+
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+
+ ConverterClient() {
+ }
+
+ /**
+ * The main method of the client. This invokes the <code>ConverterBean</code> to use
+ * its services. It then asks the bean to convert 100 dollars to yen and
+ * 100 yen to euro. The results are printed at the terminal where the client is run.
+ * See <code>appclient</code> documentation in SunONE app server to run the clinet.
+ *
+ */
+ public static void main(String[] args) {
+ ConverterClient client = new ConverterClient();
+ client.run(args);
+ }
+
+ private void run(String[] args) {
+ String url = null;
+ String testId = null;
+ String jndiName = null;
+ Context context = null;
+ String ctxFactory = null;
+ java.lang.Object obj = null;
+ try {
+ stat.addDescription("Security::SSL One way ssl.");
+
+ if (args.length == 3) {
+ url = args[0];
+ ctxFactory = args[1];
+ jndiName = args[2];
+ }
+
+ if ( (url == null) || (ctxFactory == null) ) {
+ testId = "Sec::SSL_simple Converter Sample AppClient";
+ // Initialize the Context with default properties
+ context = new InitialContext();
+ System.out.println("One way SSL Test \n Default Context Initialized...");
+ // Create Home object
+ obj = context.lookup("java:comp/env/ejb/SSLSimpleConverter");
+ } else {
+ testId = "Sec::SSL_simple Standalone-Client";
+ Properties env = new Properties();
+ env.put("java.naming.provider.url", url);
+ env.put("java.naming.factory.initial", ctxFactory);
+ // Initialize the Context with JNDI specific properties
+ context = new InitialContext(env);
+ System.out.println("Context Initialized with " +
+ "URL: " + url + ", Factory: " + ctxFactory);
+ // Create Home object
+ obj = context.lookup(jndiName);
+ }
+ String mys = "ANONYMOUS";
+ System.out.println("Certname in appclication-client ->"+mys);
+ ConverterRemoteHome home =
+ (ConverterRemoteHome) PortableRemoteObject.narrow(obj,
+ ConverterRemoteHome.class);
+
+ ConverterRemote currencyConverter = home.create();
+
+
+ String s = currencyConverter.myCallerPrincipal();
+
+ System.out.println(" The caller principal received from ejb ->"+s);
+
+ if(!mys.equalsIgnoreCase(s)){
+ String error = "The caller principals dont match!! - Test Failed";
+ System.out.println(error);
+ throw new Exception(error);
+ }else{
+ System.out.println("One way SSL Authentication worked - calling other methods");
+ }
+ BigDecimal param = new BigDecimal ("100.00");
+ BigDecimal amount = currencyConverter.dollarToYen(param);
+ System.out.println("\n\n\n===========Beginning Simple Test=====\n\n");
+ System.out.println("$100 is : "+amount+"Yen");
+ amount = currencyConverter.yenToEuro(param);
+ System.out.println("Yen is :"+amount+"Euro");
+ stat.addStatus(testId, stat.PASS);
+ } catch (Exception ex) {
+ stat.addStatus(testId, stat.FAIL);
+ System.err.println("Caught an unexpected exception!");
+ ex.printStackTrace();
+ } finally {
+ stat.printSummary(testId);
+ }
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/client/MANIFEST.MF b/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/client/MANIFEST.MF
new file mode 100644
index 0000000..bf0333b
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/client/MANIFEST.MF
@@ -0,0 +1,4 @@
+Manifest-Version: 1.0
+Created-By: 1.4.0 (Sun Microsystems Inc.)
+Main-Class: com.sun.s1peqe.security.ssl.converter.client.ConverterClient
+
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/descriptor/application-client.xml b/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/descriptor/application-client.xml
new file mode 100644
index 0000000..f09191e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/descriptor/application-client.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE application-client PUBLIC '-//Sun Microsystems, Inc.//DTD J2EE Application Client 1.3//EN' 'http://java.sun.com/dtd/application-client_1_3.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application-client>
+ <display-name>sec-ssl-converterClient</display-name>
+ <ejb-ref>
+ <ejb-ref-name>ejb/SSLSimpleConverter</ejb-ref-name>
+ <ejb-ref-type>Session</ejb-ref-type>
+ <home>com.sun.s1peqe.security.ssl.converter.ejb.ConverterRemoteHome</home>
+ <remote>com.sun.s1peqe.security.ssl.converter.ejb.ConverterRemote</remote>
+ </ejb-ref>
+</application-client>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/descriptor/application.xml b/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/descriptor/application.xml
new file mode 100644
index 0000000..26b2189
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/descriptor/application.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE application PUBLIC '-//Sun Microsystems, Inc.//DTD J2EE Application 1.2//EN' 'http://java.sun.com/j2ee/dtds/application_1_2.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application>
+ <icon>
+ <small-icon></small-icon>
+ <large-icon></large-icon>
+ </icon>
+ <display-name>SSLConverterApp</display-name>
+ <module>
+ <java>sec-ssl-converter-client.jar</java>
+ </module>
+ <module>
+ <ejb>sec-ssl-converter-ejb.jar</ejb>
+ </module>
+</application>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/descriptor/ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/descriptor/ejb-jar.xml
new file mode 100644
index 0000000..d2e113e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/descriptor/ejb-jar.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 1.1//EN' 'http://java.sun.com/j2ee/dtds/ejb-jar_1_1.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<ejb-jar>
+ <enterprise-beans>
+ <session>
+ <display-name>SSLConverterApp</display-name>
+ <ejb-name>SSLTheConverter</ejb-name>
+ <home>com.sun.s1peqe.security.ssl.converter.ejb.ConverterRemoteHome</home>
+ <remote>com.sun.s1peqe.security.ssl.converter.ejb.ConverterRemote</remote>
+ <ejb-class>com.sun.s1peqe.security.ssl.converter.ejb.ConverterBean</ejb-class>
+ <session-type>Stateless</session-type>
+ <transaction-type>Bean</transaction-type>
+ </session>
+ </enterprise-beans>
+</ejb-jar>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/descriptor/sun-application-client.xml b/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/descriptor/sun-application-client.xml
new file mode 100644
index 0000000..fb42e00
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/descriptor/sun-application-client.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application-client PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 Application Client 1.3//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-application-client_1_3-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application-client>
+ <ejb-ref>
+ <ejb-ref-name>ejb/SSLSimpleConverter</ejb-ref-name>
+ <jndi-name>SSLconverter</jndi-name>
+ </ejb-ref>
+</sun-application-client>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/descriptor/sun-ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/descriptor/sun-ejb-jar.xml
new file mode 100644
index 0000000..17034ca
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/descriptor/sun-ejb-jar.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 EJB 2.0//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-ejb-jar_2_0-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-ejb-jar>
+ <enterprise-beans>
+ <unique-id>1</unique-id>
+ <ejb>
+ <ejb-name>SSLTheConverter</ejb-name>
+ <jndi-name>SSLconverter</jndi-name>
+ <ior-security-config>
+ <transport-config>
+ <integrity>required</integrity>
+ <confidentiality>required</confidentiality>
+ <establish-trust-in-target>supported</establish-trust-in-target>
+ <establish-trust-in-client>supported</establish-trust-in-client>
+ </transport-config>
+ <as-context>
+ <auth-method>username_password</auth-method>
+ <realm>default</realm>
+ <required>false</required>
+ </as-context>
+ <sas-context>
+ <caller-propagation>supported</caller-propagation>
+ </sas-context>
+ </ior-security-config>
+ </ejb>
+ </enterprise-beans>
+</sun-ejb-jar>
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/ejb/ConverterBean.java b/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/ejb/ConverterBean.java
new file mode 100644
index 0000000..9e2a374
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/ejb/ConverterBean.java
@@ -0,0 +1,92 @@
+/*
+ * Copyright (c) 2002, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1peqe.security.ssl.converter.ejb;
+
+import java.rmi.RemoteException;
+import javax.ejb.SessionBean;
+import javax.ejb.SessionContext;
+import java.math.*;
+
+/**
+ * A simple stateless bean for the Converter application. This bean implements all
+ * business method as declared by the remote interface, <code>Converter</code>.
+ *
+ * @see Converter
+ * @see ConverterHome
+ */
+public class ConverterBean implements SessionBean {
+
+ BigDecimal yenRate = new BigDecimal("121.6000");
+ BigDecimal euroRate = new BigDecimal("0.0077");
+ SessionContext mysc = null;
+
+ public String myCallerPrincipal(){
+ return mysc.getCallerPrincipal().toString();
+ }
+ /**
+ * Returns the yen value for a given dollar amount.
+ * @param dollars dollar amount to be converted to yen.
+ */
+ public BigDecimal dollarToYen(BigDecimal dollars) {
+ BigDecimal result = dollars.multiply(yenRate);
+ return result.setScale(2,BigDecimal.ROUND_UP);
+ }
+
+ /**
+ * Returns the euro value for a given yen amount.
+ * @param yen yen amount to be converted to euro.
+ */
+ public BigDecimal yenToEuro(BigDecimal yen) {
+ BigDecimal result = yen.multiply(euroRate);
+ return result.setScale(2,BigDecimal.ROUND_UP);
+ }
+
+ /**
+ * Required by EJB spec.
+ */
+ public ConverterBean() {}
+
+ /**
+ * Creates a bean. Required by EJB spec.
+ * @exception throws CreateException.
+ */
+ public void ejbCreate() {}
+
+ /**
+ * Removes the bean. Required by EJB spec.
+ */
+ public void ejbRemove() {}
+
+ /**
+ * Loads the state of the bean from secondary storage. Required by EJB spec.
+ */
+ public void ejbActivate() {}
+
+ /**
+ * Keeps the state of the bean to secondary storage. Required by EJB spec.
+ */
+ public void ejbPassivate() {}
+
+ /**
+ * Sets the session context. Required by EJB spec.
+ * @param ctx A SessionContext object.
+ */
+ public void setSessionContext(SessionContext sc) {
+ mysc = sc;
+ }
+
+} // ConverterBean
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/ejb/ConverterRemote.java b/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/ejb/ConverterRemote.java
new file mode 100644
index 0000000..ed4894a
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/ejb/ConverterRemote.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2002, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1peqe.security.ssl.converter.ejb;
+
+import javax.ejb.EJBObject;
+import java.rmi.RemoteException;
+import java.math.*;
+
+/**
+ * Remote interface for the <code>ConverterBean</code>. The remote interface, </code>Converter</code>
+ * defines all possible business methods for the bean. These are methods, going tobe invoked
+ * remotely by clients, once they have a reference to the remote interface.
+ *
+ * Clients generally take the help of JNDI to lookup the bean's home interface and
+ * then use the home interface to obtain references to the bean's remote interface.
+ *
+ * @see ConverterHome
+ * @see ConverterBean
+ */
+public interface ConverterRemote extends EJBObject {
+
+ /**
+ * Returns the yen value for a given dollar amount.
+ * @param dollars dollar amount to be converted to yen.
+ */
+ public BigDecimal dollarToYen(BigDecimal dollars) throws RemoteException;
+
+ /**
+ * Returns the euro value for a given yen amount.
+ * @param yen yen amount to be converted to euro.
+ */
+ public BigDecimal yenToEuro(BigDecimal yen) throws RemoteException;
+
+ public String myCallerPrincipal() throws RemoteException;
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/ejb/ConverterRemoteHome.java b/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/ejb/ConverterRemoteHome.java
new file mode 100644
index 0000000..9d9a0f2
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ejb-oneway-ssl/ejb/ConverterRemoteHome.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2002, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1peqe.security.ssl.converter.ejb;
+
+import java.io.Serializable;
+import java.rmi.RemoteException;
+import javax.ejb.CreateException;
+import javax.ejb.EJBHome;
+
+/**
+ * Home interface for the <code>ConverterBean</code>. Clients generally use home interface
+ * to obtain references to the bean's remote interface, <code>Converter</code>.
+ *
+ * @see Converter
+ * @see ConverterBean
+ */
+public interface ConverterRemoteHome extends EJBHome {
+ /**
+ * Gets a reference to the remote interface of the <code>ConverterBean</code>.
+ * @exception throws CreateException and RemoteException.
+ *
+ */
+ ConverterRemote create() throws RemoteException, CreateException;
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/httpMethod/build.properties b/appserver/tests/appserv-tests/devtests/security/httpMethod/build.properties
new file mode 100644
index 0000000..fb66f29
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/httpMethod/build.properties
@@ -0,0 +1,29 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security-httpMethod"/>
+<property name="appname" value="${module}" />
+<property name="app.type" value="application"/>
+<!--======= -->
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="sun-application.xml" value="descriptor/sun-application.xml"/>
+<property name="ejb-jar.xml" value="descriptor/ejb-jar.xml"/>
+<property name="sun-ejb-jar.xml" value="descriptor/sun-ejb-jar.xml"/>
+<property name="web.xml" value="descriptor/web.xml"/>
+<property name="sun-web.xml" value="descriptor/sun-web.xml"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/httpMethod/build.xml b/appserver/tests/appserv-tests/devtests/security/httpMethod/build.xml
new file mode 100644
index 0000000..09a9e31
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/httpMethod/build.xml
@@ -0,0 +1,193 @@
+<?xml version="1.0"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "file:./../../../config/run.xml">
+<!ENTITY commonSecurity SYSTEM "file:./../common.xml">
+<!ENTITY testProperties SYSTEM "./build.properties">
+]>
+
+
+<project name="security-httpMethod" basedir="." default="usage">
+
+ &commonSetup;
+ &commonBuild;
+ &commonRun;
+ &commonSecurity;
+ &testProperties;
+
+ <target name="all" depends="build, setup, deploy, run, undeploy, unsetup"/>
+ <target name="clean" depends="init-common">
+ <delete dir="${build.classes.dir}"/>
+ <delete dir="${assemble.dir}"/>
+ </target>
+
+ <target name="compile" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="web"/>
+ </antcall>
+ </target>
+
+ <target name="build" depends="compile">
+ <antcall target="webclient-war-common">
+ <param name="hasWebclient" value="yes" />
+ </antcall>
+ </target>
+
+ <target name="deploy" depends="init-common">
+ <antcall target="deploy-war-common">
+ <param name="contextroot" value="${appname}"/>
+ </antcall>
+ </target>
+
+ <target name="run" depends="init-common">
+ <antcall target="runweb">
+ <param name="servlet" value="TestServlet"/>
+ <param name="webuser" value="shingwai"/>
+ <param name="webpassword" value="shingwai"/>
+ <param name="httpMethod" value="FOO"/>
+ <param name="goldenfile" value="goldenfiles/foo.html"/>
+ <param name="testcaseid" value="user-auth-with-foo"/>
+ </antcall>
+ <antcall target="runweb">
+ <param name="servlet" value="TestServlet"/>
+ <param name="webuser" value="shingwai"/>
+ <param name="webpassword" value="shingwai"/>
+ <param name="httpMethod" value="GET"/>
+ <param name="goldenfile" value="goldenfiles/get.html"/>
+ <param name="testcaseid" value="user-auth-with-get"/>
+ </antcall>
+ <antcall target="runweb-403">
+ <param name="servlet" value="TestServlet"/>
+ <param name="webuser" value="swchan"/>
+ <param name="webpassword" value="swchan"/>
+ <param name="httpMethod" value="FOO"/>
+ <param name="testcaseid" value="user-with-no-authorization"/>
+ </antcall>
+ <antcall target="runweb">
+ <param name="servlet" value="TestServlet2"/>
+ <param name="webuser" value="shingwai"/>
+ <param name="webpassword" value="shingwai"/>
+ <param name="httpMethod" value="FOO"/>
+ <param name="goldenfile" value="goldenfiles/foo.html"/>
+ <param name="testcaseid" value="user-auth-with-foo2"/>
+ </antcall>
+ <antcall target="runweb-403">
+ <param name="servlet" value="TestServlet2"/>
+ <param name="webuser" value="swchan"/>
+ <param name="webpassword" value="swchan"/>
+ <param name="httpMethod" value="FOO"/>
+ <param name="testcaseid" value="user-with-no-authorization2"/>
+ </antcall>
+ </target>
+
+ <target name="runweb" depends="init-common">
+ <taskdef name="webtest" classname="${webtest.classname}" classpath="${webtest.classpath}" />
+ <webtest request="${httpMethod} /security-httpMethod/${servlet} HTTP/1.0"
+ debug="9"
+ host="${http.host}"
+ port="${http.port}"
+ authMethod="BASIC"
+ userName="${webuser}"
+ password="${webpassword}"
+ firstTask="true"
+ lastTest="true"
+ lastCase="true"
+ lastTask="true"
+ resultFileName="${webtest.report.dir}/security-gtest-results.xml"
+ testSession="security-httpMethod"
+ requestHeaders="Host:${http.host}:${http.port}"
+ goldenFile="${env.APS_HOME}/devtests/security/httpMethod/${goldenfile}"
+ testSuiteId="security-httpMethod"
+ testSuiteName="security-httpMethod"
+ testSuiteDescription="Security Test"
+ testId="security-httpMethod"
+ testName="security-httpMethod"
+ testDescription="Basic JSR 115 test for custom Http Method: ${testcaseid}"
+ testCaseId="${testcaseid}"
+ testCaseName="${testcaseid}"
+ testCaseDescription="Basic JSR 115 test for Http method"
+ testStrategy="Basic JSR 115 test for Http method"
+ />
+ </target>
+
+ <target name="runweb-403" depends="init-common">
+ <taskdef name="webtest" classname="${webtest.classname}" classpath="${webtest.classpath}" />
+ <webtest request="${httpMethod} /security-httpMethod/TestServlet HTTP/1.0"
+ debug="9"
+ host="${http.host}"
+ port="${http.port}"
+ authMethod="BASIC"
+ userName="${webuser}"
+ password="${webpassword}"
+ firstTask="true"
+ lastTest="true"
+ lastCase="true"
+ lastTask="true"
+ resultFileName="${webtest.report.dir}/security-gtest-results.xml"
+ testSession="security-httpMethod"
+ requestHeaders="Host:${http.host}:${http.port}"
+ returnCode="HTTP/1.1 403"
+ testSuiteId="security-httpMethod"
+ testSuiteName="security-httpMethod"
+ testSuiteDescription="Security Test"
+ testId="security-httpMethod"
+ testName="security-httpMethod"
+ testDescription="Basic JSR 115 test for custom Http Method: ${testcaseid}"
+ testCaseId="${testcaseid}"
+ testCaseName="${testcaseid}"
+ testCaseDescription="Basic JSR 115 negative test for Http method"
+ testStrategy="Basic JSR 115 negative test for Http method"
+ />
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-war-common"/>
+ </target>
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+
+ <target name="setup">
+ <antcall target="create-user-common">
+ <param name="user" value="shingwai"/>
+ <param name="password" value="shingwai"/>
+ <param name="groups" value="employee"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="swchan"/>
+ <param name="password" value="swchan"/>
+ <param name="groups" value="staff"/>
+ </antcall>
+ <!-- <antcall target="reconfig-common"/>-->
+ </target>
+
+ <target name="unsetup">
+ <!-- remove test users, just cleanup. -->
+ <antcall target="delete-user-common">
+ <param name="user" value="shingwai"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="swchan"/>
+ </antcall>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/httpMethod/descriptor/sun-web.xml b/appserver/tests/appserv-tests/devtests/security/httpMethod/descriptor/sun-web.xml
new file mode 100644
index 0000000..a034524
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/httpMethod/descriptor/sun-web.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 Servlet 2.3//EN' 'http://www.sun.com/software/sunone/appserver/dtds/ sun-web-app_2_3-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-web-app>
+ <security-role-mapping>
+ <role-name>employee</role-name>
+ <principal-name>shingwai</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>manager</role-name>
+ <principal-name>shingwai</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>employee</role-name>
+ <principal-name>swchan</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>staff</role-name>
+ <principal-name>swchan</principal-name>
+ </security-role-mapping>
+</sun-web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/httpMethod/descriptor/web.xml b/appserver/tests/appserv-tests/devtests/security/httpMethod/descriptor/web.xml
new file mode 100644
index 0000000..82a79d9
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/httpMethod/descriptor/web.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN' 'http://java.sun.com/j2ee/dtds/web-app_2_2.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app>
+ <display-name>security-httpMethod</display-name>
+ <distributable></distributable>
+ <servlet>
+ <servlet-name>TestServlet</servlet-name>
+ <servlet-class>com.sun.s1asdev.security.httpMethod.TestServlet</servlet-class>
+ </servlet>
+ <servlet>
+ <servlet-name>TestServlet2</servlet-name>
+ <servlet-class>com.sun.s1asdev.security.httpMethod.TestServlet</servlet-class>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>TestServlet</servlet-name>
+ <url-pattern>/TestServlet</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>TestServlet2</servlet-name>
+ <url-pattern>/TestServlet2</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>secure1</web-resource-name>
+ <url-pattern>/TestServlet</url-pattern>
+ <http-method>FOO</http-method>
+ <http-method>GET</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>manager</role-name>
+ </auth-constraint>
+ <user-data-constraint>
+ <transport-guarantee>NONE</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>secure2</web-resource-name>
+ <url-pattern>/TestServlet2</url-pattern>
+ <http-method>FOO</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>manager</role-name>
+ </auth-constraint>
+ <user-data-constraint>
+ <transport-guarantee>NONE</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>default</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>manager</role-name>
+ </security-role>
+</web-app>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/httpMethod/goldenfiles/foo.html b/appserver/tests/appserv-tests/devtests/security/httpMethod/goldenfiles/foo.html
new file mode 100644
index 0000000..bb2bfa1
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/httpMethod/goldenfiles/foo.html
@@ -0,0 +1 @@
+doFoo with shingwai
diff --git a/appserver/tests/appserv-tests/devtests/security/httpMethod/goldenfiles/get.html b/appserver/tests/appserv-tests/devtests/security/httpMethod/goldenfiles/get.html
new file mode 100644
index 0000000..78f0cca
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/httpMethod/goldenfiles/get.html
@@ -0,0 +1 @@
+doGet with shingwai
diff --git a/appserver/tests/appserv-tests/devtests/security/httpMethod/web/TestServlet.java b/appserver/tests/appserv-tests/devtests/security/httpMethod/web/TestServlet.java
new file mode 100644
index 0000000..7dff8f4
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/httpMethod/web/TestServlet.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.httpMethod;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import java.io.IOException;
+import java.io.PrintWriter;
+
+public class TestServlet extends HttpServlet {
+ public void service(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ String method = req.getMethod();
+ if (method.equals("FOO")) {
+ doFoo(req, resp);
+ } else {
+ super.service(req, resp);
+ }
+ }
+
+ public void doFoo(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ PrintWriter out = resp.getWriter();
+ out.println("doFoo with " + req.getUserPrincipal());
+ }
+
+ public void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ PrintWriter out = resp.getWriter();
+ out.println("doGet with " + req.getUserPrincipal());
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccApi/build.properties b/appserver/tests/appserv-tests/devtests/security/jaccApi/build.properties
new file mode 100644
index 0000000..34b4055
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccApi/build.properties
@@ -0,0 +1,20 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccApi/build.xml b/appserver/tests/appserv-tests/devtests/security/jaccApi/build.xml
new file mode 100644
index 0000000..4daaa88
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccApi/build.xml
@@ -0,0 +1,142 @@
+<?xml version="1.0"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "file:./../../../config/run.xml">
+<!ENTITY testProperties SYSTEM "./build.properties">
+]>
+
+<project name="jacc-api" basedir="." default="usage">
+
+ &commonSetup;
+ &commonBuild;
+ &commonRun;
+ &testProperties;
+
+ <property name="debug" value="false"/>
+
+ <target name="all" depends="build, run"/>
+
+ <target name="clean" depends="init-common">
+ <delete dir="${build.classes.dir}"/>
+ <delete dir="${assemble.dir}"/>
+ </target>
+
+ <target name="compile" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="src"/>
+ </antcall>
+ </target>
+
+ <target name="build" depends="compile"/>
+
+ <target name="run" depends="init-common">
+ <antcall target="run-test"/>
+ <antcall target="run-pcftests"/>
+ <antcall target="run-ejbtests"/>
+ <antcall target="run-urltests"/>
+ <antcall target="run-webtests"/>
+ <antcall target="run-prog-auth"/>
+ </target>
+
+ <target name="run-prog-auth">
+ <ant dir="prog-auth" target="all"/>
+ </target>
+ <target name="run-test" depends="init-common">
+ <java classname="javax.security.jacc.Test" fork="yes"
+ classpath="${s1astest.classpath}"/>
+ </target>
+
+ <target name="run-pcftests" depends="init-common">
+ <property name="ISPCF" value="-Djavax.security.jacc.PolicyConfigurationFactory.provider=com.sun.s1asdev.security.jaccapi.DummyPolicyConfigurationFactory"/>
+ <property name="NOTPCF" value="-Djavax.security.jacc.PolicyConfigurationFactory.provider=javax.security.jacc.PolicyContextException"/>
+ <property name="PFL" value="-Djava.security.policy=${basedir}/config/java.policy"/>
+ <property name="PFL2" value="-Djava.security.policy=${basedir}/config/java.policy2"/>
+
+ <java classname="javax.security.jacc.TestPCF" fork="yes"
+ classpath="${s1astest.classpath}">
+ <jvmarg value="-DAPS_HOME=${env.APS_HOME}"/>
+ <jvmarg value="${PFL2}"/>
+ <arg value="true"/>
+ <arg value="java.lang.ClassNotFoundException"/>
+ </java>
+
+ <java classname="javax.security.jacc.TestPCF" fork="yes"
+ classpath="${s1astest.classpath}">
+ <jvmarg value="-DAPS_HOME=${env.APS_HOME}"/>
+ <jvmarg value="${NOTPCF}"/>
+ <jvmarg value="${PFL2}"/>
+ <arg value="true"/>
+ <arg value="java.lang.ClassCastException"/>
+ </java>
+
+ <java classname="javax.security.jacc.TestPCF" fork="yes"
+ classpath="${s1astest.classpath}">
+ <jvmarg value="-DAPS_HOME=${env.APS_HOME}"/>
+ <jvmarg value="${ISPCF}"/>
+ <jvmarg value="${PFL2}"/>
+ <arg value="true"/>
+ <arg value="javax.security.jacc.PolicyContextException"/>
+ </java>
+
+ <java classname="javax.security.jacc.TestPCF" fork="yes"
+ classpath="${s1astest.classpath}">
+ <jvmarg value="-DAPS_HOME=${env.APS_HOME}"/>
+ <jvmarg value="${NOTPCF}"/>
+ <jvmarg value="${PFL}"/>
+ <arg value="false"/>
+ <arg value="java.lang.ClassCastException"/>
+ </java>
+
+ <java classname="javax.security.jacc.TestPCF" fork="yes"
+ classpath="${s1astest.classpath}">
+ <jvmarg value="-DAPS_HOME=${env.APS_HOME}"/>
+ <jvmarg value="${ISPCF}"/>
+ <jvmarg value="${PFL}"/>
+ <arg value="false"/>
+ </java>
+ </target>
+
+ <target name="run-ejbtests" depends="init-common">
+ <java classname="javax.security.jacc.TestEJBPerms" fork="yes"
+ classpath="${s1astest.classpath}">
+ <jvmarg value="-Ddebug=${debug}"/>
+ </java>
+ </target>
+
+ <target name="run-urltests" depends="init-common">
+ <java classname="javax.security.jacc.TestURLPattern" fork="yes"
+ classpath="${s1astest.classpath}"/>
+ <java classname="javax.security.jacc.TestURLPatternSpec" fork="yes"
+ classpath="${s1astest.classpath}"/>
+ </target>
+
+ <target name="run-webtests" depends="init-common">
+ <java classname="javax.security.jacc.TestWebPerms" fork="yes"
+ classpath="${s1astest.classpath}">
+ <jvmarg value="-Ddebug=${debug}"/>
+ </java>
+ </target>
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccApi/config/java.policy b/appserver/tests/appserv-tests/devtests/security/jaccApi/config/java.policy
new file mode 100644
index 0000000..577343e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccApi/config/java.policy
@@ -0,0 +1,61 @@
+
+// Standard extensions get all permissions by default
+
+grant codeBase "file:${java.home}/lib/ext/*" {
+ permission java.security.AllPermission;
+};
+
+// default permissions granted to all domains
+
+grant {
+ // Allows any thread to stop itself using the java.lang.Thread.stop()
+ // method that takes no argument.
+ // Note that this permission is granted by default only to remain
+ // backwards compatible.
+ // It is strongly recommended that you either remove this permission
+ // from this policy file or further restrict it to code sources
+ // that you specify, because Thread.stop() is potentially unsafe.
+ // See "http://java.sun.com/notes" for more information.
+ permission java.lang.RuntimePermission "stopThread";
+
+ // allows anyone to listen on un-privileged ports
+ permission java.net.SocketPermission "localhost:1024-", "listen";
+
+ // "standard" properies that can be read by anyone
+
+ permission java.util.PropertyPermission "java.version", "read";
+ permission java.util.PropertyPermission "java.vendor", "read";
+ permission java.util.PropertyPermission "java.vendor.url", "read";
+ permission java.util.PropertyPermission "java.class.version", "read";
+ permission java.util.PropertyPermission "os.name", "read";
+ permission java.util.PropertyPermission "os.version", "read";
+ permission java.util.PropertyPermission "os.arch", "read";
+ permission java.util.PropertyPermission "file.separator", "read";
+ permission java.util.PropertyPermission "path.separator", "read";
+ permission java.util.PropertyPermission "line.separator", "read";
+
+ permission java.util.PropertyPermission "java.specification.version", "read";
+ permission java.util.PropertyPermission "java.specification.vendor", "read";
+ permission java.util.PropertyPermission "java.specification.name", "read";
+
+ permission java.util.PropertyPermission "java.vm.specification.version", "read";
+ permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
+ permission java.util.PropertyPermission "java.vm.specification.name", "read";
+ permission java.util.PropertyPermission "java.vm.version", "read";
+ permission java.util.PropertyPermission "java.vm.vendor", "read";
+ permission java.util.PropertyPermission "java.vm.name", "read";
+
+ permission java.util.PropertyPermission "javax.security.jacc.PolicyConfigurationFactory.provider", "read";
+
+ permission java.security.SecurityPermission "setPolicy";
+};
+
+
+//XXX for SimpleReporterAdapter.printSummary()
+grant {
+ permission java.util.PropertyPermission "user.dir", "read";
+ permission java.io.FilePermission "${APS_HOME}/test_resultsValid.xml", "write";
+ permission java.io.FilePermission "${APS_HOME}/test_results.xml", "read,write";
+ permission java.io.FilePermission "RepRunConf.txt", "write";
+};
+
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccApi/config/java.policy2 b/appserver/tests/appserv-tests/devtests/security/jaccApi/config/java.policy2
new file mode 100644
index 0000000..ef35133
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccApi/config/java.policy2
@@ -0,0 +1,58 @@
+
+// Standard extensions get all permissions by default
+
+grant codeBase "file:${java.home}/lib/ext/*" {
+ permission java.security.AllPermission;
+};
+
+// default permissions granted to all domains
+
+grant {
+ // Allows any thread to stop itself using the java.lang.Thread.stop()
+ // method that takes no argument.
+ // Note that this permission is granted by default only to remain
+ // backwards compatible.
+ // It is strongly recommended that you either remove this permission
+ // from this policy file or further restrict it to code sources
+ // that you specify, because Thread.stop() is potentially unsafe.
+ // See "http://java.sun.com/notes" for more information.
+ permission java.lang.RuntimePermission "stopThread";
+
+ // allows anyone to listen on un-privileged ports
+ permission java.net.SocketPermission "localhost:1024-", "listen";
+
+ // "standard" properies that can be read by anyone
+
+ permission java.util.PropertyPermission "java.version", "read";
+ permission java.util.PropertyPermission "java.vendor", "read";
+ permission java.util.PropertyPermission "java.vendor.url", "read";
+ permission java.util.PropertyPermission "java.class.version", "read";
+ permission java.util.PropertyPermission "os.name", "read";
+ permission java.util.PropertyPermission "os.version", "read";
+ permission java.util.PropertyPermission "os.arch", "read";
+ permission java.util.PropertyPermission "file.separator", "read";
+ permission java.util.PropertyPermission "path.separator", "read";
+ permission java.util.PropertyPermission "line.separator", "read";
+
+ permission java.util.PropertyPermission "java.specification.version", "read";
+ permission java.util.PropertyPermission "java.specification.vendor", "read";
+ permission java.util.PropertyPermission "java.specification.name", "read";
+
+ permission java.util.PropertyPermission "java.vm.specification.version", "read";
+ permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
+ permission java.util.PropertyPermission "java.vm.specification.name", "read";
+ permission java.util.PropertyPermission "java.vm.version", "read";
+ permission java.util.PropertyPermission "java.vm.vendor", "read";
+ permission java.util.PropertyPermission "java.vm.name", "read";
+
+};
+
+
+//XXX for SimpleReporterAdapter.printSummary()
+grant {
+ permission java.util.PropertyPermission "user.dir", "read";
+ permission java.io.FilePermission "${APS_HOME}/test_resultsValid.xml", "write";
+ permission java.io.FilePermission "${APS_HOME}/test_results.xml", "read,write";
+ permission java.io.FilePermission "RepRunConf.txt", "write";
+};
+
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/build.xml b/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/build.xml
new file mode 100644
index 0000000..6fa3a38
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/build.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "file:./../../../../config/run.xml">
+<!ENTITY testProperties SYSTEM "./../build.properties">
+]>
+
+<project name="prog-auth" basedir="." default="usage" xmlns:artifact="antlib:org.apache.maven.artifact.ant">
+
+ &commonSetup;
+ &commonBuild;
+ &commonRun;
+ &testProperties;
+ <property environment="env"/>
+ <get src="http://central.maven.org/maven2/org/apache/maven/maven-ant-tasks/2.1.3/maven-ant-tasks-2.1.3.jar" dest="${env.APS_HOME}/lib/maven-ant-tasks-2.1.3.jar"/>
+ <path id="maven-ant-tasks.classpath" path="${env.APS_HOME}/lib/maven-ant-tasks-2.1.3.jar" />
+ <typedef resource="org/apache/maven/artifact/ant/antlib.xml"
+ uri="antlib:org.apache.maven.artifact.ant"
+ classpathref="maven-ant-tasks.classpath" />
+ <target name="all" depends="runMaven"/>
+ <target name="runMaven">
+ <artifact:mvn mavenHome="${env.M2_HOME}" fork="true">
+ <jvmarg value="-Dmaven.multiModuleProjectDirectory"/>
+ <jvmarg value="-Dmaven.javadoc.skip=true" />
+ <arg value="clean"/>
+ <arg value="verify"/>
+ </artifact:mvn>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/common/pom.xml b/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/common/pom.xml
new file mode 100644
index 0000000..87bfad3
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/common/pom.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.glassfish.jaccApi.test</groupId>
+ <artifactId>prog-auth</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>jaccApi-common</artifactId>
+
+ <packaging>jar</packaging>
+ <name>Java EE 7 Sample: jaccApi- common</name>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.jboss.arquillian.junit</groupId>
+ <artifactId>arquillian-junit-container</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.jsoup</groupId>
+ <artifactId>jsoup</artifactId>
+ <version>1.11.2</version>
+ </dependency>
+
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.12</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>net.sourceforge.htmlunit</groupId>
+ <artifactId>htmlunit</artifactId>
+ <version>2.29</version>
+ <scope>provided</scope>
+ </dependency>
+ </dependencies>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/common/src/main/java/org/glassfish/jaccApi/common/ArquillianBase.java b/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/common/src/main/java/org/glassfish/jaccApi/common/ArquillianBase.java
new file mode 100644
index 0000000..d9b7c7c
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/common/src/main/java/org/glassfish/jaccApi/common/ArquillianBase.java
@@ -0,0 +1,185 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.jaccApi.common;
+
+import static java.lang.Boolean.getBoolean;
+import static java.util.logging.Level.SEVERE;
+import static org.jboss.shrinkwrap.api.ShrinkWrap.create;
+import static org.jsoup.Jsoup.parse;
+import static org.jsoup.parser.Parser.xmlParser;
+
+import java.io.File;
+import java.io.IOException;
+import java.net.URL;
+import java.util.logging.Logger;
+
+import org.jboss.arquillian.test.api.ArquillianResource;
+import org.jboss.shrinkwrap.api.Archive;
+import org.jboss.shrinkwrap.api.spec.EnterpriseArchive;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.rules.TestWatcher;
+import org.junit.runner.Description;
+import static org.jboss.shrinkwrap.api.ShrinkWrap.create;
+
+import java.io.File;
+
+import org.jboss.shrinkwrap.api.importer.ZipImporter;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+
+import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
+import com.gargoylesoftware.htmlunit.WebClient;
+
+/**
+ *
+ *
+ */
+public class ArquillianBase {
+
+ private static final String WEBAPP_SRC = "src/main/webapp";
+ private static final Logger logger = Logger.getLogger(ArquillianBase.class.getName());
+
+ private WebClient webClient;
+ private String response;
+
+ @Rule
+ public TestWatcher ruleExample = new TestWatcher() {
+ @Override
+ protected void failed(Throwable e, Description description) {
+ super.failed(e, description);
+
+ logger.log(SEVERE,
+ "\n\nTest failed: " +
+ description.getClassName() + "." + description.getMethodName() +
+
+ "\nMessage: " + e.getMessage() +
+
+ "\nLast response: " +
+
+ "\n\n" + formatHTML(response) + "\n\n");
+
+ }
+ };
+
+ public static String formatHTML(String html) {
+ try {
+ return parse(html, "", xmlParser()).toString();
+ } catch (Exception e) {
+ return html;
+ }
+ }
+
+ public static Archive<?> defaultArchive() {
+ return tryWrapEAR(defaultWebArchive());
+ }
+
+ public static WebArchive defaultWebArchive() {
+ return
+ create(WebArchive.class, "test.war")
+ .addPackages(true, "org.javaee7.jaspic")
+ .deleteClass(ArquillianBase.class)
+ .addAsWebInfResource(resource("web.xml"))
+ .addAsWebInfResource(resource("jboss-web.xml"))
+ .addAsWebInfResource(resource("glassfish-web.xml"));
+ }
+
+ public static WebArchive mavenWar() {
+ return create(ZipImporter.class, System.getProperty("finalName") + ".war")
+ .importFrom(new File("target/" + System.getProperty("finalName") + ".war"))
+ .as(WebArchive.class);
+ }
+
+ public static Archive<?> tryWrapEAR(WebArchive webArchive) {
+ if (getBoolean("useEarForJaspic")) {
+ return
+ // EAR archive
+ create(EnterpriseArchive.class, "test.ear")
+
+ // Liberty needs to have the binding file in an ear.
+ // TODO: this is no longer the case and this code can be removed (-bnd.xml
+ // needs to be moved to correct place)
+ .addAsManifestResource(resource("ibm-application-bnd.xml"))
+
+ // Web module
+ // This is needed to prevent Arquillian generating an illegal application.xml
+ .addAsModule(
+ webArchive
+ );
+ } else {
+ return webArchive;
+ }
+ }
+
+ public static File resource(String name) {
+ return new File(WEBAPP_SRC + "/WEB-INF", name);
+ }
+
+ public static File web(String name) {
+ return new File(WEBAPP_SRC, name);
+ }
+
+ @ArquillianResource
+ private URL base;
+
+ @Before
+ public void setUp() {
+ webClient = new WebClient();
+ webClient.getOptions().setThrowExceptionOnFailingStatusCode(false);
+ }
+
+ @After
+ public void tearDown() {
+ webClient.getCookieManager().clearCookies();
+ webClient.close();
+ }
+
+
+
+ protected WebClient getWebClient() {
+ return webClient;
+ }
+
+ protected URL getBase() {
+ return base;
+ }
+
+ /**
+ * Gets content from the path that's relative to the base URL on which the Arquillian test
+ * archive is deployed.
+ *
+ * @param path the path relative to the URL on which the Arquillian test is deployed
+ * @return the raw content as a string as returned by the server
+ */
+ protected String getFromServerPath(final String path) {
+ response = null;
+ for (int i=0; i<=3; i++) {
+ try {
+ response = webClient.getPage(base + path).getWebResponse().getContentAsString();
+ if (!response.contains("The response wrapper must wrap the response obtained from getResponse()")) {
+ return response;
+ }
+ } catch (FailingHttpStatusCodeException | IOException e) {
+ throw new IllegalStateException(e);
+ }
+ }
+
+ return response;
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/common/src/main/java/org/glassfish/jaccApi/common/BaseServletContextListener.java b/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/common/src/main/java/org/glassfish/jaccApi/common/BaseServletContextListener.java
new file mode 100644
index 0000000..dc068e6
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/common/src/main/java/org/glassfish/jaccApi/common/BaseServletContextListener.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.jaccApi.common;
+
+import javax.servlet.ServletContextEvent;
+import javax.servlet.ServletContextListener;
+
+/**
+ *
+ */
+public class BaseServletContextListener implements ServletContextListener {
+
+ @Override
+ public void contextInitialized(ServletContextEvent arg0) {
+ // NOOP
+ }
+
+ @Override
+ public void contextDestroyed(ServletContextEvent arg0) {
+ // NOOP
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/common/src/main/java/org/glassfish/jaccApi/common/JaspicUtils.java b/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/common/src/main/java/org/glassfish/jaccApi/common/JaspicUtils.java
new file mode 100644
index 0000000..4761320
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/common/src/main/java/org/glassfish/jaccApi/common/JaspicUtils.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.jaccApi.common;
+
+import javax.security.auth.message.config.AuthConfigFactory;
+import javax.security.auth.message.module.ServerAuthModule;
+import javax.servlet.ServletContext;
+
+/**
+ *
+ *
+ */
+public final class JaspicUtils {
+
+ private JaspicUtils() {
+ }
+
+ /**
+ * Registers the given SAM using the standard JASPIC {@link AuthConfigFactory} but using a small set of wrappers that just
+ * pass the calls through to the SAM.
+ *
+ * @param serverAuthModule
+ */
+ public static void registerSAM(ServletContext context, ServerAuthModule serverAuthModule) {
+ AuthConfigFactory.getFactory().registerConfigProvider(new TestAuthConfigProvider(serverAuthModule), "HttpServlet",
+ getAppContextID(context), "Test authentication config provider");
+ }
+
+ public static String getAppContextID(ServletContext context) {
+ return context.getVirtualServerName() + " " + context.getContextPath();
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/common/src/main/java/org/glassfish/jaccApi/common/TestAuthConfigProvider.java b/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/common/src/main/java/org/glassfish/jaccApi/common/TestAuthConfigProvider.java
new file mode 100644
index 0000000..fe34d0c
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/common/src/main/java/org/glassfish/jaccApi/common/TestAuthConfigProvider.java
@@ -0,0 +1,106 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.jaccApi.common;
+
+import java.util.Map;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.config.AuthConfigFactory;
+import javax.security.auth.message.config.AuthConfigProvider;
+import javax.security.auth.message.config.ClientAuthConfig;
+import javax.security.auth.message.config.ServerAuthConfig;
+import javax.security.auth.message.config.ServerAuthContext;
+import javax.security.auth.message.module.ServerAuthModule;
+
+/**
+ * This class functions as a kind of factory-factory for {@link ServerAuthConfig} instances, which are by themselves factories
+ * for {@link ServerAuthContext} instances, which are delegates for the actual {@link ServerAuthModule} (SAM) that we're after.
+ *
+ */
+public class TestAuthConfigProvider implements AuthConfigProvider {
+
+ private static final String CALLBACK_HANDLER_PROPERTY_NAME = "authconfigprovider.client.callbackhandler";
+
+ private Map<String, String> providerProperties;
+ private ServerAuthModule serverAuthModule;
+
+ public TestAuthConfigProvider(ServerAuthModule serverAuthModule) {
+ this.serverAuthModule = serverAuthModule;
+ }
+
+ /**
+ * Constructor with signature and implementation that's required by API.
+ *
+ * @param properties
+ * @param factory
+ */
+ public TestAuthConfigProvider(Map<String, String> properties, AuthConfigFactory factory) {
+ this.providerProperties = properties;
+
+ // API requires self registration if factory is provided. Not clear
+ // where the "layer" (2nd parameter)
+ // and especially "appContext" (3rd parameter) values have to come from
+ // at this place.
+ if (factory != null) {
+ factory.registerConfigProvider(this, null, null, "Auto registration");
+ }
+ }
+
+ /**
+ * The actual factory method that creates the factory used to eventually obtain the delegate for a SAM.
+ */
+ @Override
+ public ServerAuthConfig getServerAuthConfig(String layer, String appContext, CallbackHandler handler) throws AuthException,
+ SecurityException {
+ return new TestServerAuthConfig(layer, appContext, handler == null ? createDefaultCallbackHandler() : handler,
+ providerProperties, serverAuthModule);
+ }
+
+ @Override
+ public ClientAuthConfig getClientAuthConfig(String layer, String appContext, CallbackHandler handler) throws AuthException,
+ SecurityException {
+ return null;
+ }
+
+ @Override
+ public void refresh() {
+ }
+
+ /**
+ * Creates a default callback handler via the system property "authconfigprovider.client.callbackhandler", as seemingly
+ * required by the API (API uses wording "may" create default handler). TODO: Isn't
+ * "authconfigprovider.client.callbackhandler" JBoss specific?
+ *
+ * @return
+ * @throws AuthException
+ */
+ private CallbackHandler createDefaultCallbackHandler() throws AuthException {
+ String callBackClassName = System.getProperty(CALLBACK_HANDLER_PROPERTY_NAME);
+
+ if (callBackClassName == null) {
+ throw new AuthException("No default handler set via system property: " + CALLBACK_HANDLER_PROPERTY_NAME);
+ }
+
+ try {
+ return (CallbackHandler) Thread.currentThread().getContextClassLoader().loadClass(callBackClassName).newInstance();
+ } catch (Exception e) {
+ throw new AuthException(e.getMessage());
+ }
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/common/src/main/java/org/glassfish/jaccApi/common/TestServerAuthConfig.java b/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/common/src/main/java/org/glassfish/jaccApi/common/TestServerAuthConfig.java
new file mode 100644
index 0000000..25f27bf
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/common/src/main/java/org/glassfish/jaccApi/common/TestServerAuthConfig.java
@@ -0,0 +1,94 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.jaccApi.common;
+
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.config.ServerAuthConfig;
+import javax.security.auth.message.config.ServerAuthContext;
+import javax.security.auth.message.module.ServerAuthModule;
+
+/**
+ * This class functions as a kind of factory for {@link ServerAuthContext} instances, which are delegates for the actual
+ * {@link ServerAuthModule} (SAM) that we're after.
+ *
+ */
+public class TestServerAuthConfig implements ServerAuthConfig {
+
+ private String layer;
+ private String appContext;
+ private CallbackHandler handler;
+ private Map<String, String> providerProperties;
+ private ServerAuthModule serverAuthModule;
+
+ public TestServerAuthConfig(String layer, String appContext, CallbackHandler handler,
+ Map<String, String> providerProperties, ServerAuthModule serverAuthModule) {
+ this.layer = layer;
+ this.appContext = appContext;
+ this.handler = handler;
+ this.providerProperties = providerProperties;
+ this.serverAuthModule = serverAuthModule;
+ }
+
+ @Override
+ public ServerAuthContext getAuthContext(String authContextID, Subject serviceSubject,
+ @SuppressWarnings("rawtypes") Map properties) throws AuthException {
+ return new TestServerAuthContext(handler, serverAuthModule);
+ }
+
+ // ### The methods below mostly just return what has been passed into the
+ // constructor.
+ // ### In practice they don't seem to be called
+
+ @Override
+ public String getMessageLayer() {
+ return layer;
+ }
+
+ /**
+ * It's not entirely clear what the difference is between the "application context identifier" (appContext) and the
+ * "authentication context identifier" (authContext). In early iterations of the specification, authContext was called
+ * "operation" and instead of the MessageInfo it was obtained by something called an "authParam".
+ */
+ @Override
+ public String getAuthContextID(MessageInfo messageInfo) {
+ return appContext;
+ }
+
+ @Override
+ public String getAppContext() {
+ return appContext;
+ }
+
+ @Override
+ public void refresh() {
+ }
+
+ @Override
+ public boolean isProtected() {
+ return false;
+ }
+
+ public Map<String, String> getProviderProperties() {
+ return providerProperties;
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/common/src/main/java/org/glassfish/jaccApi/common/TestServerAuthContext.java b/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/common/src/main/java/org/glassfish/jaccApi/common/TestServerAuthContext.java
new file mode 100644
index 0000000..6fc13d0
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/common/src/main/java/org/glassfish/jaccApi/common/TestServerAuthContext.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.jaccApi.common;
+
+import java.util.Collections;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.ServerAuth;
+import javax.security.auth.message.config.ServerAuthContext;
+import javax.security.auth.message.module.ServerAuthModule;
+
+/**
+ * The Server Authentication Context is an extra (required) indirection between the Application Server and the actual Server
+ * Authentication Module (SAM). This can be used to encapsulate any number of SAMs and either select one at run-time, invoke
+ * them all in order, etc.
+ * <p>
+ * Since this simple example only has a single SAM, we delegate directly to that one. Note that this {@link ServerAuthContext}
+ * and the {@link ServerAuthModule} (SAM) share a common base interface: {@link ServerAuth}.
+ *
+ */
+public class TestServerAuthContext implements ServerAuthContext {
+
+ private final ServerAuthModule serverAuthModule;
+
+ public TestServerAuthContext(CallbackHandler handler, ServerAuthModule serverAuthModule) throws AuthException {
+ this.serverAuthModule = serverAuthModule;
+ serverAuthModule.initialize(null, null, handler, Collections.<String, String> emptyMap());
+ }
+
+ @Override
+ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject)
+ throws AuthException {
+ return serverAuthModule.validateRequest(messageInfo, clientSubject, serviceSubject);
+ }
+
+ @Override
+ public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException {
+ return serverAuthModule.secureResponse(messageInfo, serviceSubject);
+ }
+
+ @Override
+ public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {
+ serverAuthModule.cleanSubject(messageInfo, subject);
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/pom.xml b/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/pom.xml
new file mode 100644
index 0000000..0af4a8a
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/pom.xml
@@ -0,0 +1,117 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.glassfish.jaccApi.test</groupId>
+ <artifactId>prog-auth</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ <packaging>pom</packaging>
+
+ <name>Programmatic authetication with JACC api</name>
+ <properties>
+ <glassfish.version>5.0</glassfish.version>
+ <maven.compiler.source>1.8</maven.compiler.source>
+ <maven.compiler.target>1.8</maven.compiler.target>
+ </properties>
+
+ <modules>
+ <module>common</module>
+ <module>programmatic-authentication</module>
+ </modules>
+ <dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>org.jboss.arquillian</groupId>
+ <artifactId>arquillian-bom</artifactId>
+ <version>1.3.0.Final</version>
+ <scope>import</scope>
+ <type>pom</type>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
+
+ <dependencies>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.12</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.arquillian.junit</groupId>
+ <artifactId>arquillian-junit-container</artifactId>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>net.sourceforge.htmlunit</groupId>
+ <artifactId>htmlunit</artifactId>
+ <version>2.29</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>javax</groupId>
+ <artifactId>javaee-api</artifactId>
+ <version>7.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.arquillian.container</groupId>
+ <artifactId>arquillian-glassfish-remote-3.1</artifactId>
+ <version>1.0.2</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>com.sun.ejte.ccl.reporter</groupId>
+ <artifactId>SimpleReporterAdapter</artifactId>
+ <version>1.0</version>
+ <scope>system</scope>
+ <systemPath>${APS_HOME}/lib/reporter.jar</systemPath>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-failsafe-plugin</artifactId>
+ <version>2.20</version>
+ <executions>
+ <execution>
+ <goals>
+ <goal>integration-test</goal>
+ <goal>verify</goal>
+ </goals>
+ </execution>
+ </executions>
+ <configuration>
+ <systemPropertyVariables>
+ <finalName>${project.build.finalName}</finalName>
+ </systemPropertyVariables>
+ <environmentVariables>
+ <GLASSFISH_HOME>${env.S1AS_HOME}/..</GLASSFISH_HOME>
+ </environmentVariables>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/programmatic-authentication/pom.xml b/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/programmatic-authentication/pom.xml
new file mode 100644
index 0000000..7c84584
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/programmatic-authentication/pom.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.glassfish.jaccApi.test</groupId>
+ <artifactId>prog-auth</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>programmatic-authentication-jacc-api</artifactId>
+ <packaging>war</packaging>
+
+ <name>Java EE 7 Sample: Programmatic-authentication with Jacc api</name>
+ <build>
+ <finalName>prog-auth</finalName>
+ </build>
+ <dependencies>
+ <dependency>
+ <groupId>org.glassfish.jaccApi.test</groupId>
+ <artifactId>jaccApi-common</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ </dependency>
+ </dependencies>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/programmatic-authentication/src/main/java/org/glassfish/jaccApi/programmaticauthentication/sam/SamAutoRegistrationListener.java b/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/programmatic-authentication/src/main/java/org/glassfish/jaccApi/programmaticauthentication/sam/SamAutoRegistrationListener.java
new file mode 100644
index 0000000..25f3b13
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/programmatic-authentication/src/main/java/org/glassfish/jaccApi/programmaticauthentication/sam/SamAutoRegistrationListener.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.jaccApi.programmaticauthentication.sam;
+
+import javax.servlet.ServletContextEvent;
+import javax.servlet.annotation.WebListener;
+
+import org.glassfish.jaccApi.common.BaseServletContextListener;
+import org.glassfish.jaccApi.common.JaspicUtils;
+
+/**
+ *
+ * @author Arjan Tijms
+ *
+ */
+@WebListener
+public class SamAutoRegistrationListener extends BaseServletContextListener {
+
+ @Override
+ public void contextInitialized(ServletContextEvent sce) {
+ JaspicUtils.registerSAM(sce.getServletContext(), new TestServerAuthModule());
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/programmatic-authentication/src/main/java/org/glassfish/jaccApi/programmaticauthentication/sam/TestServerAuthModule.java b/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/programmatic-authentication/src/main/java/org/glassfish/jaccApi/programmaticauthentication/sam/TestServerAuthModule.java
new file mode 100644
index 0000000..601e8bd
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/programmatic-authentication/src/main/java/org/glassfish/jaccApi/programmaticauthentication/sam/TestServerAuthModule.java
@@ -0,0 +1,111 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.jaccApi.programmaticauthentication.sam;
+
+import static javax.security.auth.message.AuthStatus.SEND_SUCCESS;
+import static javax.security.auth.message.AuthStatus.SUCCESS;
+
+import java.io.IOException;
+import java.security.Principal;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.MessagePolicy;
+import javax.security.auth.message.callback.CallerPrincipalCallback;
+import javax.security.auth.message.callback.GroupPrincipalCallback;
+import javax.security.auth.message.module.ServerAuthModule;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Very basic SAM that returns a single hardcoded user named "test" with role "architect" when the request *attribute*
+ * <code>doLogin</code> is present.
+ *
+ * @author Arjan Tijms
+ *
+ */
+public class TestServerAuthModule implements ServerAuthModule {
+
+ private CallbackHandler handler;
+ private Class<?>[] supportedMessageTypes = new Class[] { HttpServletRequest.class, HttpServletResponse.class };
+
+ @Override
+ public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy, CallbackHandler handler,
+ @SuppressWarnings("rawtypes") Map options) throws AuthException {
+ this.handler = handler;
+ }
+
+ @Override
+ public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject)
+ throws AuthException {
+
+ HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
+
+ Callback[] callbacks;
+
+ if (request.getAttribute("doLogin") != null) { // notice "getAttribute" here, this is set by the Servlet
+
+ // For the test perform a login by directly "returning" the details of the authenticated user.
+ // Normally credentials would be checked and the details fetched from some repository
+
+ callbacks = new Callback[] {
+ // The name of the authenticated user
+ new CallerPrincipalCallback(clientSubject, "test"),
+ // the roles of the authenticated user
+ new GroupPrincipalCallback(clientSubject, new String[] { "architect" })
+ };
+ } else {
+
+ // The JASPIC protocol for "do nothing"
+ callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) };
+ }
+
+ try {
+
+ // Communicate the details of the authenticated user to the container. In many
+ // cases the handler will just store the details and the container will actually handle
+ // the login after we return from this method.
+ handler.handle(callbacks);
+
+ } catch (IOException | UnsupportedCallbackException e) {
+ throw (AuthException) new AuthException().initCause(e);
+ }
+
+ return SUCCESS;
+ }
+
+ @Override
+ public Class<?>[] getSupportedMessageTypes() {
+ return supportedMessageTypes;
+ }
+
+ @Override
+ public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException {
+ return SEND_SUCCESS;
+ }
+
+ @Override
+ public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {
+
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/programmatic-authentication/src/main/java/org/glassfish/jaccApi/programmaticauthentication/servlet/AuthenticateServlet.java b/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/programmatic-authentication/src/main/java/org/glassfish/jaccApi/programmaticauthentication/servlet/AuthenticateServlet.java
new file mode 100644
index 0000000..34f20a4
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/programmatic-authentication/src/main/java/org/glassfish/jaccApi/programmaticauthentication/servlet/AuthenticateServlet.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.jaccApi.programmaticauthentication.servlet;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.security.auth.Subject;
+import javax.security.jacc.PolicyContext;
+import javax.security.jacc.PolicyContextException;
+import java.security.Principal;
+import java.util.stream.Collectors;
+import java.util.Set;
+
+@WebServlet(urlPatterns = "/public/authenticate")
+public class AuthenticateServlet extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ @Override
+ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+ response.getWriter().write("This is a public servlet \n");
+ request.setAttribute("doLogin",true);
+ boolean authenticateOutcome = request.authenticate(response);
+ String webName;
+ if (request.getUserPrincipal() != null) {
+ webName = request.getUserPrincipal().getName();
+ }
+ //get Subject via jacc api
+ try {
+ Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
+ if (subject != null) {
+ response.getWriter().write(subject.toString());
+ Set<Principal> principalsSet = subject.getPrincipals();
+// String princiaplsInSubject = "";
+ String princiaplsInSubject = principalsSet.stream()
+ .map(e -> e.getName())
+ .collect(Collectors.joining(", "));
+ response.getWriter().write("Principals: " + princiaplsInSubject);
+// response.getWriter().write("Principals in subject are :" + subject.getPrincipals().stream().map(Principal::getName()).collect(Collectors.join(",")));
+ }
+ }catch (PolicyContextException e){
+ response.getWriter().write("ERROR while getting Subject");
+ e.printStackTrace(response.getWriter());
+ }
+
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/programmatic-authentication/src/main/webapp/WEB-INF/glassfish-web.xml b/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/programmatic-authentication/src/main/webapp/WEB-INF/glassfish-web.xml
new file mode 100644
index 0000000..66f217f
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/programmatic-authentication/src/main/webapp/WEB-INF/glassfish-web.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<glassfish-web-app>
+
+ <security-role-mapping>
+ <role-name>architect</role-name>
+ <group-name>architect</group-name>
+ </security-role-mapping>
+
+ <parameter-encoding default-charset="UTF-8" />
+
+</glassfish-web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/programmatic-authentication/src/main/webapp/WEB-INF/web.xml b/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/programmatic-authentication/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 0000000..d96607f
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/programmatic-authentication/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Test</web-resource-name>
+ <url-pattern>/protected/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>architect</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <security-role>
+ <role-name>architect</role-name>
+ </security-role>
+
+</web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/programmatic-authentication/src/test/java/org/glassfish/jaccApi/programmaticauthentication/ProgrammaticAuthenticationIT.java b/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/programmatic-authentication/src/test/java/org/glassfish/jaccApi/programmaticauthentication/ProgrammaticAuthenticationIT.java
new file mode 100644
index 0000000..07f30aa
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccApi/prog-auth/programmatic-authentication/src/test/java/org/glassfish/jaccApi/programmaticauthentication/ProgrammaticAuthenticationIT.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.jaccApi.programmaticauthentication;
+
+import static org.junit.Assert.assertTrue;
+
+import java.io.IOException;
+
+import org.glassfish.jaccApi.common.ArquillianBase;
+import static org.glassfish.jaccApi.common.ArquillianBase.mavenWar;
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.shrinkwrap.api.Archive;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.xml.sax.SAXException;
+
+/**
+ * This tests that a call from a Servlet to HttpServletRequest#authenticate can result
+ * in a successful authentication.
+ *
+ *
+ */
+@RunWith(Arquillian.class)
+public class ProgrammaticAuthenticationIT extends ArquillianBase {
+
+ @Deployment(testable = false)
+ public static Archive<?> createDeployment() {
+ return mavenWar();
+ }
+
+
+ @Test
+ public void testSubjectPrincipals() throws IOException, SAXException {
+ String response = getFromServerPath("public/authenticate");
+ assertTrue("Should contain web user test and architect in subject principals", response.contains("Principals: test, architect"));
+ }
+
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccApi/src/DummyPolicyConfigurationFactory.java b/appserver/tests/appserv-tests/devtests/security/jaccApi/src/DummyPolicyConfigurationFactory.java
new file mode 100644
index 0000000..548d63d
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccApi/src/DummyPolicyConfigurationFactory.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.jaccapi;
+
+import javax.security.jacc.PolicyConfiguration;
+import javax.security.jacc.PolicyConfigurationFactory;
+import javax.security.jacc.PolicyContextException;
+
+public class DummyPolicyConfigurationFactory extends PolicyConfigurationFactory {
+ public PolicyConfiguration
+ getPolicyConfiguration(String contextID, boolean remove)
+ throws javax.security.jacc.PolicyContextException {
+ return null;
+ }
+
+ public boolean inService(String contextID)
+ throws javax.security.jacc.PolicyContextException {
+ return false;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccApi/src/Test.java b/appserver/tests/appserv-tests/devtests/security/jaccApi/src/Test.java
new file mode 100644
index 0000000..1f50770
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccApi/src/Test.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package javax.security.jacc;
+
+import javax.security.jacc.URLPattern;
+import javax.security.jacc.URLPatternSpec;
+import java.util.StringTokenizer;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+public class Test {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+ private static String testSuite = "Sec::JACC API test ";
+
+ public static void main ( String[] args ) {
+ stat.addDescription(testSuite);
+ String description = null;
+
+ description = testSuite + "test1";
+ String s = new String("/a/*:/a/b/joe.jsp:/a/b/c:/a/b/*");
+ URLPatternSpec ups = new URLPatternSpec(s);
+ System.out.println("s: " + s);
+ System.out.println("ups: " + ups);
+ if ("/a/*:/a/b/*".equals(ups.toString())) {
+ stat.addStatus(description, stat.PASS);
+ } else {
+ stat.addStatus(description, stat.FAIL);
+ }
+
+ description = testSuite + "test2";
+ s = new String("/:/a/b/joe.jsp:/a/b/c:/a/b/*:*.jsp:/a/*");
+ ups = new URLPatternSpec(s);
+ System.out.println("s: " + s);
+ System.out.println("ups: " + ups);
+ if ("/:*.jsp:/a/*".equals(ups.toString())) {
+ stat.addStatus(description, stat.PASS);
+ } else {
+ stat.addStatus(description, stat.FAIL);
+ }
+
+ stat.printSummary(testSuite);
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccApi/src/TestEJBPerms.java b/appserver/tests/appserv-tests/devtests/security/jaccApi/src/TestEJBPerms.java
new file mode 100644
index 0000000..2ae431d
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccApi/src/TestEJBPerms.java
@@ -0,0 +1,481 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package javax.security.jacc;
+
+import java.lang.reflect.*;
+import java.util.Enumeration;
+import java.security.*;
+import javax.security.jacc.EJBMethodPermission;
+import javax.security.jacc.EJBRoleRefPermission;
+
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.FileInputStream;
+import java.io.ObjectOutputStream;
+import java.io.FileOutputStream;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+public class TestEJBPerms {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+ private static String testSuite = "Sec::JACC API testEJBPerms ";
+ private static boolean isDebug = Boolean.getBoolean("debug");
+
+ private static void debug(String msg) {
+ if (isDebug) {
+ System.out.println(msg);
+ }
+ }
+
+ private static void testSerialization(Permission p1) {
+ String description = "TestSerialization:" + p1.getName() +
+ "," + p1.getActions();
+
+ boolean result = true;
+
+ Permission p2 = p1;
+ try {
+ FileOutputStream fout = new
+ FileOutputStream("serial-test-file.tmp");
+ ObjectOutputStream sout = new ObjectOutputStream(fout);
+ sout.writeObject(p1);
+ sout.flush();
+ sout.close();
+ fout.close();
+ } catch( Throwable t ) {
+ t.printStackTrace();
+ debug( "-- Serialization Test Failed(write)-" + p1.getName() + "," + p1.getActions());
+ }
+
+ try {
+ FileInputStream fin = new FileInputStream("serial-test-file.tmp");
+ ObjectInputStream sin = new ObjectInputStream(fin);
+ p2 = (Permission) sin.readObject();
+ sin.close();
+ fin.close();
+ } catch( Throwable t ) {
+ t.printStackTrace();
+ debug( "-- Serialization Test Failed(read)-" + p1.getName() + "," + p1.getActions());
+ result = false;
+ }
+
+ if (result == true) {
+ if (p2.equals(p1)) {
+ debug( "-- Serialization Test Succeeded -----------" + p2.getName() + "," + p2.getActions());
+ stat.addStatus(description, stat.PASS);
+ } else {
+ debug( "-- Serialization Test Failed-" + p1.getName() + "," + p1.getActions());
+ stat.addStatus(description, stat.FAIL);
+ }
+ } else {
+ debug( "-- Serialization Test Failed-" + p1.getName() + "," + p1.getActions());
+ stat.addStatus(description, stat.FAIL);
+ }
+ }
+
+ private static void doEJBMethodPermission( boolean expectedToSucceed,
+ String name, String actions) {
+ String description = "doEJBMethodPermission:" +
+ expectedToSucceed + "-" + name + "-" + actions;
+
+ boolean result = true;
+
+ EJBMethodPermission p1,p2;
+
+ try {
+ debug( "-- Construct Test --" + expectedToSucceed +
+ " " + name + " " + actions);
+
+ p1 = new EJBMethodPermission(name,actions);
+
+ if (expectedToSucceed) {
+
+ p2 = new EJBMethodPermission(p1.getName(),p1.getActions());
+ testSerialization(p2);
+
+ if (!p1.equals(p2)) {
+ result = false;
+ debug("p != p\n\t" + p1 + "\n\t" + p2);
+ }
+
+ if (!p1.implies(p2)) {
+ result = false;
+ debug("!p.implies(p)\n\t" + p1 + "\n\t" + p2);
+ }
+
+ } else {
+ debug("unexpected success\t" + p1);
+ result = false;
+ }
+
+ } catch( Throwable t ) {
+
+ if (expectedToSucceed) {
+ t.printStackTrace();
+ }
+
+ result = false;
+ }
+
+ if (result == expectedToSucceed) {
+ if (expectedToSucceed) {
+ debug( "-- Construct Test Succeeded -------------------------------------");
+ } else {
+ debug( "-- Construct Test Succeeded (negative)---------------------------");
+ }
+ stat.addStatus(description, stat.PASS);
+ } else {
+ debug( "-- Construct Test Failed ----------------------------------------");
+ stat.addStatus(description, stat.FAIL);
+ }
+ }
+
+ private static void doEJBMethodPermission( boolean expectedToSucceed,
+ String ejbName, String methodName, String methodInterface,
+ String[] methodParams) {
+ String description = "doEJBMethodPermissionWithParams:" +
+ expectedToSucceed + "-" + ejbName + "-" + methodName +
+ "-" + methodInterface + "-" + methodParams;
+
+ boolean result = true;
+
+ EJBMethodPermission p1,p2;
+
+ try {
+ debug( "-- Construct Test --");
+
+ p1 = new EJBMethodPermission(ejbName,methodName,methodInterface,
+ methodParams);
+
+ if (expectedToSucceed) {
+ p2 = new EJBMethodPermission(p1.getName(),p1.getActions());
+ testSerialization(p2);
+
+ if (!p1.equals(p2)) {
+ result = false;
+ debug("p != p\n\t" + p1 + "\n\t" + p2);
+ }
+
+ if (!p1.implies(p2)) {
+ result = false;
+ debug("!p.implies(p)\n\t" + p1 + "\n\t" + p2);
+ }
+
+ } else {
+ debug("unexpected success\t" + p1);
+ result = false;
+ }
+
+ } catch( Throwable t ) {
+
+ if (expectedToSucceed) {
+ t.printStackTrace();
+ }
+
+ result = false;
+ }
+ if (result == expectedToSucceed) {
+ if (expectedToSucceed) {
+ debug( "-- Construct Test Succeeded -------------------------------------");
+ } else {
+ debug( "-- Construct Test Succeeded (negative)---------------------------");
+ }
+ stat.addStatus(description, stat.PASS);
+ } else {
+ debug( "-- Construct Test Failed ----------------------------------------");
+ stat.addStatus(description, stat.FAIL);
+ }
+ }
+
+ private static void doEJBMethodPermission( boolean expectedToSucceed,
+ String ejbName, String methodInterface, Method method) {
+
+ String description = "doEJBMethodPermissionWithMethod:" +
+ expectedToSucceed + "-" + ejbName +
+ "-" + methodInterface + "-" + method;
+
+ boolean result = true;
+
+ EJBMethodPermission p1,p2;
+ String actions = null;
+
+ try {
+ debug( "-- Construct Test -----------------------------------------------");
+
+ p1 = new EJBMethodPermission(ejbName,methodInterface,method);
+
+ if (expectedToSucceed) {
+
+ p2 = new EJBMethodPermission(p1.getName(),p1.getActions());
+ actions = p1.getActions();
+ testSerialization(p2);
+
+ if (!p1.equals(p2)) {
+ result = false;
+ debug("p != p\n\t" + p1 + "\n\t" + p2);
+
+ }
+
+ if (!p1.implies(p2)) {
+ result = false;
+ debug("!p.implies(p)\n\t" + p1 + "\n\t" + p2);
+ }
+
+ } else {
+ debug("unexpected success\t" + p1);
+ result = false;
+ }
+
+ } catch( Throwable t ) {
+
+ if (expectedToSucceed) {
+ t.printStackTrace();
+ }
+
+ result = false;
+ }
+
+ if (result == expectedToSucceed) {
+ if (expectedToSucceed) {
+ debug( "-- Construct Test Succeeded -------------------------------------");
+ } else {
+ debug( "-- Construct Test Succeeded (negative)---------------------------");
+ }
+ stat.addStatus(description, stat.PASS);
+ } else {
+ debug( "-- Construct Test Failed ----------------------------------------");
+ stat.addStatus(description, stat.FAIL);
+ }
+ }
+
+ private static void doEJBRoleRefPermission( boolean expectedToSucceed,
+ String servletName, String roleRef) {
+ String description = "doEJBRoleRefPermission:" +
+ expectedToSucceed + "-" + servletName + "-" + roleRef;
+
+ boolean result = true;
+
+ EJBRoleRefPermission p1,p2;
+
+ p1 = null;
+
+ try {
+ debug( "-- Construct Test -----------------------------------------------");
+
+ p1 = new EJBRoleRefPermission(servletName,roleRef);
+
+ if (expectedToSucceed) {
+
+ p2 = new EJBRoleRefPermission(p1.getName(),p1.getActions());
+ testSerialization(p2);
+
+ if (!p1.equals(p2)) {
+ result = false;
+ debug("p != p\n\t" + p1 + "\n\t" + p2);
+
+ }
+
+ if (!p1.implies(p2)) {
+ result = false;
+ debug("!p.implies(p)\n\t" + p1 + "\n\t" + p2);
+ }
+
+ } else {
+ debug("unexpected success\t" + p1);
+ result = false;
+ }
+
+ } catch( Throwable t ) {
+
+ if (expectedToSucceed) {
+ t.printStackTrace();
+ }
+
+ result = false;
+ }
+
+ if (result == expectedToSucceed) {
+ if (expectedToSucceed) {
+ debug( "-- Construct Test Succeeded -------------------------------------" + p1.hashCode());
+ } else {
+ debug( "-- Construct Test Succeeded (negative)---------------------------");
+ }
+ stat.addStatus(description, stat.PASS);
+ } else {
+ debug( "-- Construct Test Failed ----------------------------------------");
+ stat.addStatus(description, stat.FAIL);
+ }
+ }
+
+ private static void doPermissionImplies ( boolean expectedResult,
+ Permission thisP, Permission p) {
+ //SEC is added there so that it will not cut off the
+ //first part with space, an issue in reporting tools
+ String description = "SEC doPermissionImplies:" +
+ expectedResult + "-" + thisP + "-" + p;
+
+ try {
+
+ debug( "-- Permission implies Test ----------------------------------------------");
+
+ if (thisP.implies(p) != expectedResult) {
+ debug(
+ (expectedResult ? "unexpected failure:" :"unexpected success:")
+ + p + (expectedResult ?" not implied by:":" implied by:") +
+ thisP);
+ debug( "-- Permission implies Test Failed ----------------------------------------");
+ stat.addStatus(description, stat.FAIL);
+ } else {
+ debug(p +
+ (expectedResult ? " implied by:":" not implied by:") + thisP);
+ debug( "-- Permission implies Test Succeeded -------------------------------------");
+ stat.addStatus(description, stat.PASS);
+ }
+ } catch( Throwable t ) {
+ debug("unexpected exception");
+ t.printStackTrace();
+ debug( "-- Permission implies Test Failed ----------------------------------------");
+ stat.addStatus(description, stat.FAIL);
+ }
+ }
+
+ public static void main ( String[] args ) {
+ stat.addDescription(testSuite);
+ String params1[] = { "java.lang.string" };
+ String params2[] = { "java.lang.string", "java.lang.int" };
+ String params3[] = { "java.lang.string", "java.lang.int," };
+
+ for (int i=0; i<100; i++) {
+ doEJBMethodPermission(false,"bankbean","withdraw,");
+ doEJBMethodPermission(false,"bankbean","withdraw,Home,java.lang.string,");
+ doEJBMethodPermission(true,"bankbean",null);
+ doEJBMethodPermission(true,"bankbean","withdraw");
+ doEJBMethodPermission(true,"bankbean","withdraw,Home");
+ doEJBMethodPermission(true,"bankbean","withdraw,Home,java.lang.string");
+ doEJBMethodPermission(true,"bankbean",",Home");
+
+ doEJBMethodPermission(true,"bankbean",",Home,java.lang.string");
+
+ doEJBMethodPermission(true,"bankbean","withdraw");
+ doEJBMethodPermission(true,"bankbean","withdraw,Home");
+ doEJBMethodPermission(true,"bankbean","withdraw,,java.lang.string");
+ doEJBMethodPermission(true,"bankbean","withdraw,,");
+ doEJBMethodPermission(false,"bankBean","withdraw","Home",params3);
+
+ doEJBMethodPermission(true,"bankBean","withdraw","Home",params1);
+ doEJBMethodPermission(true,"bankBean","withdraw","Home",params2);
+
+ doEJBMethodPermission(true,"bankBean","withdraw","Home",null);
+
+ doEJBMethodPermission(true,"bankBean",null,"Home",params1);
+
+ doEJBMethodPermission(true,"bankBean","withdraw",null,params2);
+
+ doEJBMethodPermission(true,"bankBean",null,null,null);
+
+ EJBMethodPermission a =
+ new EJBMethodPermission("bankBean","withdraw,Home,java.lang.string");
+ EJBMethodPermission b =
+ new EJBMethodPermission("myBean","withdraw,Home,java.lang.string");
+ EJBMethodPermission c =
+ new EJBMethodPermission("myBean",",Home,java.lang.string");
+ EJBMethodPermission d =
+ new EJBMethodPermission("myBean",",,java.lang.string");
+ EJBMethodPermission e =
+ new EJBMethodPermission("myBean","withdraw,,java.lang.string");
+ EJBMethodPermission f =
+ new EJBMethodPermission("myBean","withdraw,,java.lang.int");
+ EJBMethodPermission g =
+ new EJBMethodPermission("myBean","withdraw,Remote,");
+ EJBMethodPermission h =
+ new EJBMethodPermission("myBean","withdraw","Remote",new String[0]);
+ testSerialization(a);
+ testSerialization(b);
+ testSerialization(c);
+ testSerialization(d);
+ testSerialization(e);
+ testSerialization(f);
+ testSerialization(g);
+ testSerialization(h);
+
+ doPermissionImplies(false,a,b);
+ doPermissionImplies(false,b,a);
+ doPermissionImplies(false,c,a);
+ doPermissionImplies(false,d,a);
+ doPermissionImplies(false,e,a);
+ doPermissionImplies(false,f,a);
+ doPermissionImplies(false,f,b);
+ doPermissionImplies(false,c,d);
+ doPermissionImplies(false,e,d);
+ doPermissionImplies(true,c,b);
+ doPermissionImplies(true,d,b);
+ doPermissionImplies(true,e,b);
+ doPermissionImplies(true,d,c);
+ doPermissionImplies(true,g,h);
+ doPermissionImplies(true,h,g);
+
+ doEJBRoleRefPermission(true,"EJBName","customer");
+
+ EJBRoleRefPermission a1,a2,a3,a4;
+ a1 = new EJBRoleRefPermission("EJBName1","roleRef1");
+ a2 = new EJBRoleRefPermission("EJBName1","roleRef2");
+ a3 = new EJBRoleRefPermission("EJBName2","roleRef1");
+ a4 = new EJBRoleRefPermission("EJBName2","roleRef2");
+
+ testSerialization(a1);
+ testSerialization(a2);
+ testSerialization(a3);
+ testSerialization(a4);
+
+ doPermissionImplies(true,a1,a1);
+ doPermissionImplies(false,a1,a2);
+ doPermissionImplies(false,a1,a3);
+ doPermissionImplies(false,a1,a4);
+ doPermissionImplies(false,a2,a1);
+ doPermissionImplies(true,a2,a2);
+ doPermissionImplies(false,a2,a3);
+ doPermissionImplies(true,a3,a3);
+ doPermissionImplies(false,a3,a4);
+ doPermissionImplies(false,a4,a1);
+ doPermissionImplies(false,a4,a2);
+ doPermissionImplies(false,a4,a3);
+ doPermissionImplies(true,a4,a4);
+ }
+
+ Method m[] = TestEJBPerms.class.getMethods();
+ EJBMethodPermission p[] = new EJBMethodPermission[m.length];
+
+ for (int i=0; i< m.length; i++) {
+ doEJBMethodPermission( true, "TestEJBPerms","Home",m[i]);
+ p[i] = new EJBMethodPermission("testEJBPerms","Home",m[i]);
+ testSerialization(p[i]);
+ }
+
+ for (int i=0; i< m.length; i++) {
+ for (int j=0; j<m.length; j++) {
+ if (i == j) {
+ doPermissionImplies(true,p[i],p[j]);
+ } else {
+ doPermissionImplies(false,p[i],p[j]);
+ }
+ }
+ }
+
+ stat.printSummary();
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccApi/src/TestPCF.java b/appserver/tests/appserv-tests/devtests/security/jaccApi/src/TestPCF.java
new file mode 100644
index 0000000..680abb7
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccApi/src/TestPCF.java
@@ -0,0 +1,100 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package javax.security.jacc;
+
+import javax.security.jacc.PolicyConfigurationFactory;
+import javax.security.jacc.PolicyConfiguration;
+import javax.security.jacc.PolicyContextException;
+import java.security.AccessControlException;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+public class TestPCF {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+ private static String testSuite = "Sec::JACC API testPCF ";
+
+ public static void main ( String[] args ) {
+ stat.addDescription(testSuite);
+ String description = null;
+ boolean expectACException =
+ (args != null && args.length > 0) ?
+ Boolean.parseBoolean(args[0]) : true;
+ String expectedException =
+ (args != null && args.length > 1) ? args[1] : null;
+ System.out.println("expect AccessControlException: " + expectACException);
+ System.out.println("expected Exception: " + expectedException);
+
+ description = testSuite + "-" + expectACException + "-" +
+ expectedException + " without SecurityManager";
+ try {
+ PolicyConfigurationFactory f =
+ PolicyConfigurationFactory.getPolicyConfigurationFactory();
+ stat.addStatus(description, stat.PASS);
+ } catch(Exception ex) {
+ //It should be one of the following:
+ // java.lang.ClassNotFoundException
+ // java.lang.ClassCastException
+ // javax.security.jacc.PolicyContextException
+ if (ex.getClass().getName().equals(expectedException)) {
+ stat.addStatus(description, stat.PASS);
+ } else {
+ ex.printStackTrace();
+ stat.addStatus(description, stat.FAIL);
+ }
+ }
+
+ System.out.println( "--START SECURITY MANAGER -->>");
+ System.setSecurityManager(new SecurityManager());
+
+ description = testSuite + "-" + expectACException + "-" +
+ expectedException + " with SecurityManager";
+ try {
+ PolicyConfigurationFactory f =
+ PolicyConfigurationFactory.getPolicyConfigurationFactory();
+ stat.addStatus(description, stat.PASS);
+ } catch(AccessControlException ace) {
+ if (!expectACException) {
+ ace.printStackTrace();
+ }
+ stat.addStatus(description,
+ (expectACException) ? stat.PASS : stat.FAIL);
+ } catch(Exception ex) {
+ //It should be one of the following:
+ // java.lang.ClassNotFoundException
+ // javax.security.jacc.PolicyContextException
+ if (ex.getClass().getName().equals(expectedException)) {
+ stat.addStatus(description, stat.PASS);
+ } else {
+ ex.printStackTrace();
+ stat.addStatus(description, stat.FAIL);
+ }
+ }
+
+ stat.printSummary(testSuite);
+ }
+}
+
+
+
+
+
+
+
+
+
+
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccApi/src/TestURLPattern.java b/appserver/tests/appserv-tests/devtests/security/jaccApi/src/TestURLPattern.java
new file mode 100644
index 0000000..257a97e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccApi/src/TestURLPattern.java
@@ -0,0 +1,234 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package javax.security.jacc;
+
+import javax.security.jacc.URLPattern;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+public class TestURLPattern {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+ private static String testSuite = "Sec::JACC API testURLPattern ";
+
+ private static void test_patternType(String p, int expected) {
+ String description = "testPatternType:" + p;
+ URLPattern u = new URLPattern(p);
+ int result = u.patternType();
+ if (result == expected) {
+ System.out.println("patternType: " + expected + " " +
+ result + " succeded " + u);
+ stat.addStatus(description, stat.PASS);
+
+ } else {
+ System.out.println("patternType: " + expected + " " +
+ result + " failed " + u);
+ stat.addStatus(description, stat.FAIL);
+ }
+ }
+
+ private static void test_compareTo(String p1, int p1Type,
+ String p2, int p2Type) {
+ String description = "testCompareTo:" +
+ p1 + "-" + p1Type + "-" + p2 + "-" + p2Type;
+ URLPattern u1 = new URLPattern(p1);
+ URLPattern u2 = new URLPattern(p2);
+
+ int expected = p1Type - p2Type;
+ boolean unknown = false;
+ if (expected == 0 && p1.compareTo(p2) != 0) unknown = true;
+ expected = expected > 0 ? 1 : (expected < 0 ? -1 : 0);
+
+ int result = u1.compareTo(u2);
+ int inverse = u2.compareTo(u1);
+
+ if (result == inverse * -1) {
+ if (result == expected) {
+ System.out.println("compareTo(->): " + expected + " " +
+ result + " succeded " + u1 + "\t" + u2);
+ stat.addStatus(description, stat.PASS);
+ } else if (result != 0 && unknown) {
+ System.out.println("compareTo(->): !0 " +
+ result + " succeded " + u1 + "\t" + u2);
+ stat.addStatus(description, stat.PASS);
+ } else {
+ System.out.println("compareTo(->): " + expected + " " +
+ result + " failed " + u1 + "\t" + u2);
+ stat.addStatus(description, stat.FAIL);
+ }
+ } else {
+ System.out.println("compareTo(<-): " + expected * -1 + " " +
+ inverse + " failed " + u2 + "\t" + u1);
+ stat.addStatus(description, stat.FAIL);
+ }
+ }
+
+ private static boolean get_impliesExpected(
+ String p1, int p1Type, String p2, int p2Type) {
+ boolean expected = false;
+ switch(p1Type) {
+ case URLPattern.PT_EXACT:
+ if (p2Type == URLPattern.PT_EXACT && p1.equals(p2)) {
+ expected = true;
+ }
+ break;
+ case URLPattern.PT_DEFAULT:
+ expected = true;
+ break;
+ case URLPattern.PT_EXTENSION:
+ if (p2Type == URLPattern.PT_EXTENSION && p1.equals(p2)) {
+ expected = true;
+ } else if (p2Type == URLPattern.PT_EXACT &&
+ p2.endsWith(p1.substring(1))) {
+ expected = true;
+ }
+ break;
+ case URLPattern.PT_PREFIX:
+ if (p1.equals("/*")) {
+ expected = true;
+ } else if (p2.startsWith(p1.substring(0,p1.length()-2)) &&
+ (p2.length() == p1.length()-2 ||
+ p2.substring(p1.length()-2).startsWith("/"))) {
+ expected = true;
+ }
+ break;
+ }
+
+ return expected;
+ }
+
+ private static void test_implies(
+ String p1, int p1Type, String p2, int p2Type) {
+ String description = "testImplies:" +
+ p1 + "-" + p1Type + "-" + p2 + "-" + p2Type;
+ URLPattern u1 = new URLPattern(p1);
+ URLPattern u2 = new URLPattern(p2);
+
+ boolean expected = get_impliesExpected(p1,p1Type,p2,p2Type);
+ boolean expectedInverse = get_impliesExpected(p2,p2Type,p1,p1Type);
+
+ boolean result = u1.implies(u2);
+ boolean inverse = u2.implies(u1);
+
+ if (result == expected) {
+ System.out.println("implies(->): " + expected + " " + result +
+ " succeded " + u1 + "\t" + u2);
+ stat.addStatus(description, stat.PASS);
+ } else if (inverse != expectedInverse) {
+ System.out.println("implies(<-): " + expectedInverse + " " +
+ inverse + " failed " + u2 + "\t" + u1);
+ stat.addStatus(description, stat.FAIL);
+ } else {
+ System.out.println("implies(->): " + expected + " " + result +
+ " failed " + u1 + "\t" + u2);
+ stat.addStatus(description, stat.FAIL);
+ }
+ }
+
+
+ private static void test_equals(
+ String p1, int p1Type, String p2, int p2Type) {
+ String description = "testEquals:" +
+ p1 + "-" + p1Type + "-" + p2 + "-" + p2Type;
+ URLPattern u1 = new URLPattern(p1);
+ URLPattern u2 = new URLPattern(p2);
+
+ boolean expected = (p1Type == p2Type) ? p1.compareTo(p2) == 0 : false;
+
+ boolean result = u1.equals(u2);
+ boolean inverse = u2.equals(u1);
+
+ if (result == inverse) {
+ if (result == true && (!u1.implies(u2) || !u2.implies(u1))) {
+ System.out.println("equals(<->): " + expected + " " +
+ result + " failed " + u2 + "\t" + u1);
+ stat.addStatus(description, stat.FAIL);
+
+ } else if (result == expected) {
+ System.out.println("equals(-->): " + expected + " " +
+ result + " succeded " + u1 + "\t" + u2);
+ stat.addStatus(description, stat.PASS);
+
+ } else {
+ System.out.println("equals(-->): " + expected + " " +
+ result + " failed " + u1 + "\t" + u2);
+ stat.addStatus(description, stat.FAIL);
+ }
+ } else {
+ System.out.println("equals(<--): " + result + " " +
+ inverse + " failed " + u2 + "\t" + u1);
+ stat.addStatus(description, stat.FAIL);
+ }
+ }
+
+ public static void main ( String[] args ) {
+ stat.addDescription(testSuite);
+
+ String upArray[] = {
+ "/a/b/c.jsp",
+ "/a/c",
+ "/*",
+ "/a/*",
+ "/a/c/*",
+ "//*",
+ "*.jsp",
+ "*.asp",
+ "/"
+ /* COMMENTED OUT! ,"//" */
+ };
+
+ int upTypeArray[] = {
+ URLPattern.PT_EXACT,
+ URLPattern.PT_EXACT,
+ URLPattern.PT_PREFIX,
+ URLPattern.PT_PREFIX,
+ URLPattern.PT_PREFIX,
+ URLPattern.PT_PREFIX,
+ URLPattern.PT_EXTENSION,
+ URLPattern.PT_EXTENSION,
+ URLPattern.PT_DEFAULT
+ /* COMMENTED OUT! ,URLPattern.PT_DEFAULT */
+ };
+
+ for (int i=0; i<upArray.length; i++) {
+ test_patternType(upArray[i],upTypeArray[i]);
+ }
+
+ for (int i=0; i<upArray.length; i++) {
+ for (int j=0; j<upArray.length; j++) {
+ test_compareTo(upArray[i],upTypeArray[i],
+ upArray[j],upTypeArray[j]);
+ }
+ }
+
+ for (int i=0; i<upArray.length; i++) {
+ for (int j=0; j<upArray.length; j++) {
+ test_implies(upArray[i],upTypeArray[i],
+ upArray[j],upTypeArray[j]);
+ }
+ }
+
+ for (int i=0; i<upArray.length; i++) {
+ for (int j=0; j<upArray.length; j++) {
+ test_equals(upArray[i],upTypeArray[i],
+ upArray[j],upTypeArray[j]);
+ }
+ }
+
+ stat.printSummary(testSuite);
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccApi/src/TestURLPatternSpec.java b/appserver/tests/appserv-tests/devtests/security/jaccApi/src/TestURLPatternSpec.java
new file mode 100644
index 0000000..8f31695
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccApi/src/TestURLPatternSpec.java
@@ -0,0 +1,327 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package javax.security.jacc;
+
+import javax.security.jacc.URLPattern;
+import javax.security.jacc.URLPatternSpec;
+import java.util.StringTokenizer;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+public class TestURLPatternSpec {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+ private static String testSuite = "Sec::JACC API testURLPatternSpec ";
+
+ private static boolean test_constructor(
+ String p, boolean expectedToSucceed) {
+ boolean result = expectedToSucceed;
+
+ try {
+ URLPatternSpec u = new URLPatternSpec(p);
+
+ if (expectedToSucceed) {
+ System.out.println("constructor( ): " + expectedToSucceed +
+ " succeded " + u.toString());
+ } else {
+ System.out.println("constructor( ): " + expectedToSucceed +
+ " failed " + u.toString());
+ result = false;
+ }
+ } catch (Throwable t) {
+ if (!expectedToSucceed) {
+ System.out.println("constructor(e): " + expectedToSucceed +
+ " succeded " + p);
+ } else {
+ result = false;
+ System.out.println("constructor(e): " + expectedToSucceed +
+ " failed " + p);
+ t.printStackTrace();
+ }
+ }
+ return result;
+ }
+
+ private static void test_getURLPattern(String s) {
+ URLPatternSpec u = new URLPatternSpec(s);
+
+ String result = u.getURLPattern();
+
+ String expected = s;
+ int colon = s.indexOf(":");
+ if (colon > 0) {
+ expected = s.substring(0,colon);
+ }
+
+ if (result.equals(expected)) {
+ System.out.println("getURLPattern: succeded " + expected + " " +
+ result + " " + s);
+ } else {
+ System.out.println("getURLPattern: failed " + expected + " " +
+ result + " " + s);
+ }
+ }
+
+ private static void test_equals(
+ String p1, String p2, boolean expected) {
+
+ String description = "testEquals:" + p1 + "-" + p2 + "-" + expected;
+ URLPatternSpec u1 = new URLPatternSpec(p1);
+ URLPatternSpec u2 = new URLPatternSpec(p2);
+
+ boolean result = u1.equals(u2);
+ boolean inverse = u2.equals(u1);
+
+ if (result == inverse) {
+ if (result == true && (!u1.implies(u2) || !u2.implies(u1))) {
+ System.out.println("equals(<->): " + expected + " " +
+ result + " failed " +
+ "\t" + u1.implies(u2) + u2.implies(u1)+" "+
+ "\t" + u2 + "\t" + u1);
+ stat.addStatus(description, stat.FAIL);
+ } else if (result == expected) {
+ System.out.println("equals(-->): " + expected + " " +
+ result + " succeded " + u1 + "\t" + u2);
+ stat.addStatus(description, stat.PASS);
+ } else {
+ System.out.println("equals(-->): " + expected + " " +
+ result + " failed " + u1 + "\t" + u2);
+ stat.addStatus(description, stat.FAIL);
+ }
+ } else {
+ System.out.println("equals(<--): " + result + " " +
+ inverse + " failed " + u2 + "\t" + u1);
+ stat.addStatus(description, stat.FAIL);
+ }
+ }
+
+ private static void test_hashCode(String s1) {
+ String description = "testHashCode:" + s1;
+ URLPatternSpec u1 = new URLPatternSpec(s1);
+
+ int result = u1.hashCode();
+ int again = u1.hashCode();
+
+ StringBuffer s2;
+
+ int colon = s1.indexOf(":");
+
+ if (colon > 0) {
+ s2 = new StringBuffer(s1.substring(0,colon+1));
+
+ String list = s1.substring(colon);
+
+ StringTokenizer tokenizer = new StringTokenizer(list,":");
+
+ int count = tokenizer.countTokens();
+ String s2Array[] = new String[count];
+ for (int i=count; i>0; i--) {
+ s2Array[i-1] = tokenizer.nextToken();
+ }
+
+ for (int i=0; i<count; i++) {
+ if (i!=0) {
+ s2.append(":");
+ }
+ s2.append(s2Array[i]);
+ }
+ //include empty string if it is there
+ if (s1.startsWith(":") || s1.endsWith(":")) {
+ s2.append(":");
+ }
+ } else {
+ s2 = new StringBuffer(s1);
+ }
+
+ URLPatternSpec u2 = new URLPatternSpec(s2.toString());
+ int other = u2.hashCode();
+ if (result == again && result == other) {
+ System.out.println("hashCode: " + result + " " +
+ again + " " + other + " succeded " + s1 +
+ " " + u2.toString());
+ stat.addStatus(description, stat.PASS);
+ } else {
+ System.out.println("hashCode: " + result + " " +
+ again + " " + other + " failed " + s1 +
+ " " + u2.toString());
+ stat.addStatus(description, stat.FAIL);
+ }
+ }
+
+ private static void test_implies(String p1, String p2,
+ boolean expected, boolean expectedInverse) {
+ String description = "testImplies:" +
+ p1 + "-" + p2 + "-" + expected + "-" + expectedInverse;
+ URLPatternSpec u1 = new URLPatternSpec(p1);
+ URLPatternSpec u2 = new URLPatternSpec(p2);
+
+ boolean result = u1.implies(u2);
+ boolean inverse = u2.implies(u1);
+
+ if (result != expected) {
+ System.out.println("implies(->): " + expected + " " + result +
+ " succeded " + u1 + "\t" + u2);
+ stat.addStatus(description, stat.FAIL);
+ } else if (inverse != expectedInverse) {
+ System.out.println("implies(<-): " + expectedInverse + " " +
+ inverse + " failed " + u2 + "\t" + u1);
+ stat.addStatus(description, stat.FAIL);
+ } else {
+ System.out.println("implies(->): " + expected + " " + result +
+ " failed " + u1 + "\t" + u2);
+ stat.addStatus(description, stat.PASS);
+ }
+ }
+
+ public static void main ( String[] args ) {
+ stat.addDescription(testSuite);
+
+ String pArray[] = {
+ "/a/c",
+ "/a/b/c.jsp",
+ "/a/c/*",
+ "/a/*",
+ "/*",
+ /* COMMENTED OUT! "//*",*/
+ "*.jsp",
+ "*.asp",
+ "/",
+ /* COMMENTED OUT! ,"//" */
+ ""
+ };
+
+ int pTypeArray[] = {
+ URLPattern.PT_EXACT,
+ URLPattern.PT_EXACT,
+ URLPattern.PT_PREFIX,
+ URLPattern.PT_PREFIX,
+ URLPattern.PT_PREFIX,
+ /* COMMENTED OUT! URLPattern.PT_PREFIX, */
+ URLPattern.PT_EXTENSION,
+ URLPattern.PT_EXTENSION,
+ URLPattern.PT_DEFAULT,
+ /* COMMENTED OUT! ,URLPattern.PT_DEFAULT */
+ URLPattern.PT_EXACT
+ };
+
+ for (int i=0; i<pArray.length; i++) {
+
+ if (!test_constructor(pArray[i],true)) {
+ break;
+ }
+ StringBuffer s = new StringBuffer(pArray[i]);
+
+ test_getURLPattern(s.toString());
+ test_hashCode(s.toString());
+
+ URLPattern ui = new URLPattern(pArray[i]);
+
+ for (int j=0; j<pArray.length; j++) {
+
+ boolean result = false;
+
+ URLPattern uj = new URLPattern(pArray[j]);
+
+ if (j==i || uj.implies(ui)) {
+ result = test_constructor(s.toString() + ":" +
+ pArray[j],false);
+ } else {
+ switch(pTypeArray[i]) {
+ case URLPattern.PT_EXACT:
+ result = test_constructor(s.toString() + ":" +
+ pArray[j],false);
+ break;
+ case URLPattern.PT_DEFAULT:
+ result = test_constructor(s.toString() + ":" +
+ pArray[j],true);
+ break;
+ case URLPattern.PT_EXTENSION:
+ if (pTypeArray[j] == URLPattern.PT_PREFIX) {
+ result = test_constructor(s.toString() + ":" +
+ pArray[j],true);
+ } else if (pTypeArray[j] == URLPattern.PT_EXACT) {
+ if (pArray[j].endsWith(pArray[i].substring(1))) {
+ result = test_constructor(s.toString() + ":" +
+ pArray[j],true);
+ } else {
+ result = test_constructor(s.toString() + ":" +
+ pArray[j],false);
+ }
+ } else {
+ result = test_constructor(s.toString() + ":" +
+ pArray[j],false);
+ }
+ break;
+ case URLPattern.PT_PREFIX:
+ if (pTypeArray[j] == URLPattern.PT_EXACT ||
+ pTypeArray[j] == URLPattern.PT_PREFIX) {
+
+ if (ui.implies(uj)) {
+ result = test_constructor(s.toString() + ":" +
+ pArray[j],true);
+ } else {
+ result = test_constructor(s.toString() + ":" +
+ pArray[j],false);
+ }
+ } else {
+ result = test_constructor(s.toString() + ":" +
+ pArray[j],false);
+ }
+ break;
+ }
+ }
+
+ if (result) {
+
+ String old = s.toString();
+ s.append(":" + pArray[j]);
+ String New = s.toString();
+
+ test_getURLPattern(New);
+
+ test_hashCode(New);
+
+ test_equals(old,old,true);
+ test_equals(New,New,true);
+
+ URLPatternSpec os = new URLPatternSpec(old);
+ URLPatternSpec ns = new URLPatternSpec(New);
+
+ if (os.toString().equals(ns.toString())) {
+ test_equals(New,old,true);
+ test_implies(New,old,true,true);
+ }
+ else {
+ test_equals(New,old,false);
+ test_implies(New,old,false,true);
+ }
+ }
+ }
+ }
+ stat.printSummary(testSuite);
+ }
+}
+
+
+
+
+
+
+
+
+
+
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccApi/src/TestWebPerms.java b/appserver/tests/appserv-tests/devtests/security/jaccApi/src/TestWebPerms.java
new file mode 100644
index 0000000..e22ef78
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccApi/src/TestWebPerms.java
@@ -0,0 +1,658 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package javax.security.jacc;
+
+import java.lang.reflect.*;
+import java.util.Enumeration;
+import java.security.*;
+import javax.security.jacc.WebResourcePermission;
+import javax.security.jacc.WebUserDataPermission;
+import javax.security.jacc.WebRoleRefPermission;
+
+import javax.security.jacc.HttpMethodSpec;
+import javax.security.jacc.URLPattern;
+
+import javax.servlet.http.HttpServletRequest;
+
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.FileInputStream;
+import java.io.ObjectOutputStream;
+import java.io.FileOutputStream;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+public class TestWebPerms {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+ private static String testSuite = "Sec::JACC API testWebPerms ";
+ private static boolean isDebug = Boolean.getBoolean("debug");
+
+ private static void debug(String msg) {
+ if (isDebug) {
+ System.out.println(msg);
+ }
+ }
+
+ private static boolean testSerialization(Permission p1) {
+ String description = "testSerialization:" + p1;
+ boolean result = true;
+
+ Permission p2 = p1;
+ try {
+ FileOutputStream fout = new
+ FileOutputStream("serial-test-file.tmp");
+ ObjectOutputStream sout = new ObjectOutputStream(fout);
+ sout.writeObject(p1);
+ sout.flush();
+ sout.close();
+ fout.close();
+ } catch( Throwable t ) {
+ t.printStackTrace();
+ debug( "-- Serialization Test Failed(write)-" + p1.getName() + "," + p1.getActions())
+;
+ }
+
+ try {
+ FileInputStream fin = new FileInputStream("serial-test-file.tmp");
+ ObjectInputStream sin = new ObjectInputStream(fin);
+ p2 = (Permission) sin.readObject();
+ sin.close();
+ fin.close();
+ } catch( Throwable t ) {
+ t.printStackTrace();
+ debug( "-- Serialization Test Failed(read)-" + p1.getName() + "," + p1.getActions());
+ result = false;
+ }
+
+ if (result == true) {
+ if (p2.equals(p1)) {
+ debug( "-- Serialization Test Succeeded -----------" + p2.getName() + "," + p2.getActions());
+ } else {
+ debug( "-- Serialization Test Failed-" + p1.getName() + "," + p1.getActions());
+ }
+ } else {
+ debug( "-- Serialization Test Failed-" + p1.getName() + "," + p1.getActions());
+ }
+
+ return result;
+ }
+
+ private static void reportConstructResults(
+ boolean result, boolean expectedToSucceed,Permission p) {
+ if (result == expectedToSucceed) {
+ if (expectedToSucceed) {
+ debug( "-- Construct Test Succeeded -----------" + p.getName() + "," + p.getActions());
+ } else {
+ debug( "-- Construct Test Succeeded (negative)-" + p.getName() + "," + p.getActions());
+ }
+ } else {
+ debug( "-- Construct Test Failed -------------");
+ }
+ }
+
+ private static String makeWUDActions(String meth, String trans) {
+ return meth == null ? (trans == null ? null : trans) :
+ (trans == null ? meth : meth + trans);
+ }
+
+ private static boolean doWebResourcePermission( boolean expectedToSucceed,
+ String name, String actions) {
+ boolean result = true;
+
+ WebResourcePermission p1,p2;
+
+ p1 = null;
+ try {
+ debug( "-- Construct Test --" + expectedToSucceed + " " + name + " " + actions);
+
+ p1 = new WebResourcePermission(name,actions);
+
+ if (expectedToSucceed) {
+
+ p2 = new WebResourcePermission(p1.getName(),p1.getActions());
+
+ if (!p1.equals(p2)) {
+ result = false;
+ debug("p != p\n\t" + p1 + "\n\t" + p2);
+
+ }
+
+ if (!p1.implies(p2)) {
+ result = false;
+ debug("!p.implies(p)\n\t" + p1 + "\n\t" + p2);
+ }
+
+ } else {
+ debug("unexpected success\t" + p1);
+ result = false;
+ }
+
+ } catch( Throwable t ) {
+
+ if (expectedToSucceed) {
+ t.printStackTrace();
+ }
+
+ result = false;
+ }
+
+ reportConstructResults(result,expectedToSucceed,p1);
+ return result;
+ }
+
+ private static boolean doWebResourcePermission( boolean expectedToSucceed,
+ String URLPattern, String[] methods) {
+ boolean result = true;
+ WebResourcePermission p1,p2;
+ p1 = null;
+
+ try {
+ debug( "-- Construct Test --");
+ p1 = new WebResourcePermission(URLPattern,methods);
+ if (expectedToSucceed) {
+ p2 = new WebResourcePermission(p1.getName(),p1.getActions());
+ if (!p1.equals(p2)) {
+ result = false;
+ debug("p != p\n\t" + p1 + "\n\t" + p2);
+ }
+ if (!p1.implies(p2)) {
+ result = false;
+ debug("!p.implies(p)\n\t" + p1 + "\n\t" + p2);
+ }
+ } else {
+ debug("unexpected success\t" + p1);
+ result = false;
+ }
+ } catch( Throwable t ) {
+ if (expectedToSucceed) {
+ t.printStackTrace();
+ }
+ result = false;
+ }
+ reportConstructResults(result,expectedToSucceed,p1);
+ return result;
+ }
+
+ private static boolean doWebResourcePermission( boolean expectedToSucceed,
+ HttpServletRequest request) {
+ boolean result = true;
+
+ WebResourcePermission p1,p2;
+
+ p1 = null;
+
+ try {
+ debug( "-- Construct Test -----------------------------------------------");
+
+ p1 = new WebResourcePermission(request);
+
+ if (expectedToSucceed) {
+
+ p2 = new WebResourcePermission(p1.getName(),p1.getActions());
+
+ if (!p1.equals(p2)) {
+ result = false;
+ debug("p != p\n\t" + p1 + "\n\t" + p2);
+
+ }
+
+ if (!p1.implies(p2)) {
+ result = false;
+ debug("!p.implies(p)\n\t" + p1 + "\n\t" + p2);
+ }
+
+ } else {
+ debug("unexpected success\t" + p1);
+ result = false;
+ }
+
+ } catch( Throwable t ) {
+
+ if (expectedToSucceed) {
+ t.printStackTrace();
+ }
+
+ result = false;
+ }
+
+ reportConstructResults(result,expectedToSucceed,p1);
+ return result;
+ }
+
+
+ private static boolean doWebRoleRefPermission( boolean expectedToSucceed,
+ String servletName, String roleRef) {
+ boolean result = true;
+
+ WebRoleRefPermission p1,p2;
+
+ p1 = null;
+
+ try {
+ debug( "-- Construct Test -----------------------------------------------");
+
+ p1 = new WebRoleRefPermission(servletName,roleRef);
+
+ if (expectedToSucceed) {
+
+ p2 = new WebRoleRefPermission(p1.getName(),p1.getActions());
+
+ if (!p1.equals(p2)) {
+ result = false;
+ debug("p != p\n\t" + p1 + "\n\t" + p2);
+
+ }
+
+ if (!p1.implies(p2)) {
+ result = false;
+ debug("!p.implies(p)\n\t" + p1 + "\n\t" + p2);
+ }
+
+ } else {
+ debug("unexpected success\t" + p1);
+ result = false;
+ }
+
+ } catch( Throwable t ) {
+
+ if (expectedToSucceed) {
+ t.printStackTrace();
+ }
+
+ result = false;
+ }
+
+ reportConstructResults(result,expectedToSucceed,p1);
+ return result;
+ }
+
+ private static boolean doWebUserDataPermission( boolean expectedToSucceed,
+ String name, String actions) {
+ boolean result = true;
+
+ WebUserDataPermission p1,p2;
+
+ p1 = null;
+ try {
+ debug( "-- Construct Test --" + expectedToSucceed + " " + name + " " + actions);
+
+ p1 = new WebUserDataPermission(name,actions);
+
+ if (expectedToSucceed) {
+
+ p2 = new WebUserDataPermission(p1.getName(),p1.getActions());
+
+ if (!p1.equals(p2)) {
+ result = false;
+ debug("p != p\n\t" + p1 + "\n\t" + p2);
+
+ }
+
+ if (!p1.implies(p2)) {
+ result = false;
+ debug("!p.implies(p)\n\t" + p1 + "\n\t" + p2);
+ }
+
+ } else {
+ debug("unexpected success\t" + p1);
+ result = false;
+ }
+
+ } catch( Throwable t ) {
+
+ if (expectedToSucceed) {
+ t.printStackTrace();
+ }
+
+ result = false;
+ }
+
+ reportConstructResults(result,expectedToSucceed,p1);
+ return result;
+ }
+
+ private static boolean doWebUserDataPermission( boolean expectedToSucceed,
+ String URLPattern, String methods, String transportType) {
+ boolean result = true;
+ WebUserDataPermission p1,p2;
+ p1 = null;
+
+ try {
+ debug( "-- Construct Test --" + expectedToSucceed);
+ p1 = new WebUserDataPermission
+ (URLPattern,makeWUDActions(methods,transportType));
+
+ if (expectedToSucceed) {
+ p2 = new WebUserDataPermission(p1.getName(),p1.getActions());
+ if (!p1.equals(p2)) {
+ result = false;
+ debug("p != p\n\t" + p1 + "\n\t" + p2);
+ }
+ if (!p1.implies(p2)) {
+ result = false;
+ debug("!p.implies(p)\n\t" + p1 + "\n\t" + p2);
+ }
+ } else {
+ debug("unexpected success\t" + p1);
+ result = false;
+ }
+ } catch( Throwable t ) {
+ if (expectedToSucceed) {
+ t.printStackTrace();
+ }
+ result = false;
+ }
+ reportConstructResults(result,expectedToSucceed,p1);
+ return result;
+ }
+
+ private static String printP(Permission p) {
+ return p.getName() + "," + p.getActions();
+ }
+
+ private static boolean doPermissionImplies (boolean expectedResult,
+ Permission thisP, Permission p) {
+ boolean result = true;
+ String description = "doPermissionImplies:" +
+ expectedResult + "-" + thisP + "-" + p;
+ try {
+
+ debug( "-- Permission implies Test ----------------------------------------------");
+
+ if (thisP.implies(p) != expectedResult) {
+ debug(
+ (expectedResult ? "unexpected failure:" :"unexpected success:")
+ + printP(p) + (expectedResult ?" not implied by:":" implied by:") +
+ printP(thisP));
+ debug( "-- Permission implies Test failed(not implied)----------------------------");
+ result = false;
+ } else {
+ debug(printP(p) +
+ (expectedResult ? " implied by:":" not implied by:") +
+ printP(thisP));
+ debug( "-- Permission implies Test Succeeded -------------------------------------");
+ result = true;
+ }
+ } catch( Throwable t ) {
+ debug("unexpected exception");
+ t.printStackTrace();
+ debug( "-- Permission implies Test failed(exception)---------------------------------");
+ result = false;
+ }
+ return result;
+ }
+
+ private static boolean doHttpMethodSpecImplies ( boolean expectedResult,
+ HttpMethodSpec thisS, HttpMethodSpec thatS) {
+ boolean result = true;
+ String description = "doHttpMethodSpecImplies:" +
+ expectedResult + "-" + thisS + "-" + thatS;
+ try {
+
+ debug( "-- HttpMethodSpec implies Test ----------------------------------------------");
+ if (thisS.implies(thatS) != expectedResult) {
+ debug(
+ (expectedResult ? "unexpected failure:" :"unexpected success:")
+ + thatS + (expectedResult ?" not implied by:":" implied by:") + thisS);
+ debug( "-- HttpMethodSpec implies Test failed(not implied)----------------------------");
+ result = false;
+ } else {
+ debug(thatS +
+ (expectedResult ? " implied by:":" not implied by:") + thisS);
+ result = true;
+ }
+
+ if (!thisS.implies(thisS)) {
+ debug( "unexpected failure:"
+ + thisS + " not implied by: " + thisS);
+ debug( "-- HttpMethodSpec implies Test failed(not implied)----------------------------");
+ result = false;
+ }
+
+ if (!thatS.implies(thatS)) {
+ debug( "unexpected failure:"
+ + thatS + " not implied by: " + thatS);
+ debug( "-- HttpMethodSpec implies Test failed(not implied)----------------------------");
+ result = false;
+ }
+ } catch( Throwable t ) {
+ debug("unexpected exception");
+ t.printStackTrace();
+ debug( "-- HttpMethodSpec implies Test failed(exception)---------------------------------");
+ }
+ return result;
+ }
+
+ public static void main( String[] args ) {
+ boolean result = true;
+
+ String tArray[] = {
+ null,
+ ":NONE",
+ ":INTEGRAL",
+ ":CONFIDENTIAL"
+ };
+
+ String mArray[] = {
+ "GET",
+ "HEAD",
+ "OPTIONS",
+ "POST",
+ "PUT",
+ "TRACE",
+ "FLY",
+ "DELETE"
+ };
+
+ String msArray[] = new String[(1<<mArray.length)];
+ for (int i=0; i<msArray.length; i++) {
+ if (i==0) msArray[i] = null;
+ else {
+ StringBuffer s = null;
+ int bitValue = 1;
+ for (int j=0; j<mArray.length; j++) {
+ if ((i & bitValue) == bitValue) {
+ if (s == null) s = new StringBuffer(mArray[j]);
+ else s.append("," + mArray[j]);
+ }
+ bitValue = bitValue * 2;
+ }
+ msArray[i] = s.toString();
+ }
+ }
+
+ String pArray[] = {
+ "/a/c",
+ "/a/b/c.jsp",
+ "/a/c/*",
+ "/a/*",
+ "/*",
+ "*.jsp",
+ "*.asp",
+ "/"
+ };
+
+ String qpArray[] = {
+ "/a/c",
+ "/a/b/c.jsp",
+ "/a/c/*:/a/c",
+ "/a/*:/a/c:/a/b/c.jsp",
+ "/*:/a/c:/a/b/c.jsp:/a/c/*:/a/*",
+ "*.jsp:/a/c/*:/a/*:/a/b/c.jsp",
+ "*.asp:/a/c/*:/a/*",
+ "/:/a/c:/a/b/c.jsp:/a/c/*:/a/*:*.jsp:*.asp"
+ };
+
+ for (int i=0; i<msArray.length; i++) {
+
+ HttpMethodSpec s = HttpMethodSpec.getSpec(msArray[i]);
+
+ int hCode = s.hashCode();
+
+ String actions = s.getActions();
+
+ debug("input actions: " + msArray[i] +
+ " hashCode: " + hCode +
+ " actions:" + actions);
+ }
+
+ HttpMethodSpec h1 = HttpMethodSpec.getSpec((String) null);
+ HttpMethodSpec h2 = HttpMethodSpec.getSpec("!PUT,SWIM");
+ HttpMethodSpec h3 = HttpMethodSpec.getSpec("PUT");
+ HttpMethodSpec h4 = HttpMethodSpec.getSpec("SWIM");
+ HttpMethodSpec h5 = HttpMethodSpec.getSpec("!PUT");
+
+ result = result && doHttpMethodSpecImplies(true,h1,h1);
+ result = result && doHttpMethodSpecImplies(true,h1,h2);
+ result = result && doHttpMethodSpecImplies(true,h1,h3);
+ result = result && doHttpMethodSpecImplies(true,h1,h4);
+ result = result && doHttpMethodSpecImplies(true,h1,h5);
+
+ result = result && doHttpMethodSpecImplies(false,h2,h1);
+ result = result && doHttpMethodSpecImplies(true,h2,h2);
+ result = result && doHttpMethodSpecImplies(false,h2,h3);
+ result = result && doHttpMethodSpecImplies(false,h2,h4);
+ result = result && doHttpMethodSpecImplies(false,h2,h5);
+
+ result = result && doHttpMethodSpecImplies(false,h3,h1);
+ result = result && doHttpMethodSpecImplies(false,h3,h2);
+ result = result && doHttpMethodSpecImplies(true,h3,h3);
+ result = result && doHttpMethodSpecImplies(false,h3,h4);
+ result = result && doHttpMethodSpecImplies(false,h3,h5);
+
+ result = result && doHttpMethodSpecImplies(false,h4,h1);
+ result = result && doHttpMethodSpecImplies(false,h4,h2);
+ result = result && doHttpMethodSpecImplies(false,h4,h3);
+ result = result && doHttpMethodSpecImplies(true,h4,h4);
+ result = result && doHttpMethodSpecImplies(false,h4,h5);
+
+ result = result && doHttpMethodSpecImplies(false,h5,h1);
+ result = result && doHttpMethodSpecImplies(true,h5,h2);
+ result = result && doHttpMethodSpecImplies(false,h5,h3);
+ result = result && doHttpMethodSpecImplies(true,h5,h4);
+ result = result && doHttpMethodSpecImplies(true,h5,h5);
+
+ for (int i=0; i<pArray.length; i++) {
+ for (int j=0; j<msArray.length; j++) {
+
+ result = result && doWebResourcePermission(true,pArray[i],msArray[j]);
+
+ result = result && doPermissionImplies
+ (true,new WebResourcePermission(pArray[i],msArray[j]),
+ new WebResourcePermission(pArray[i],msArray[j]));
+
+ result = result && doWebResourcePermission(true,qpArray[i],msArray[j]);
+
+ result = result && doPermissionImplies
+ (true,new WebResourcePermission(qpArray[i],msArray[j]),
+ new WebResourcePermission(qpArray[i],msArray[j]));
+
+ result = result && doPermissionImplies
+ (true,new WebResourcePermission(pArray[i],msArray[j]),
+ new WebResourcePermission(qpArray[i],msArray[j]));
+
+ result = result && doPermissionImplies
+ (qpArray[i].equals(pArray[i]) ? true : false,
+ new WebResourcePermission(qpArray[i],msArray[j]),
+ new WebResourcePermission(pArray[i],msArray[j]));
+
+ result = result && testSerialization
+ (new WebResourcePermission(pArray[i],msArray[j]));
+ result = result && testSerialization
+ (new WebResourcePermission(qpArray[i],msArray[j]));
+
+ }
+ }
+
+ result = result && doWebRoleRefPermission(true,"servletName","customer");
+
+ WebRoleRefPermission a1,a2,a3,a4;
+ a1 = new WebRoleRefPermission("servletName1","roleRef1");
+ result = result && testSerialization(a1);
+ a2 = new WebRoleRefPermission("servletName1","roleRef2");
+ result = result && testSerialization(a2);
+ a3 = new WebRoleRefPermission("servletName2","roleRef1");
+ result = result && testSerialization(a3);
+ a4 = new WebRoleRefPermission("servletName2","roleRef2");
+ result = result && testSerialization(a4);
+
+ result = result && doPermissionImplies(true,a1,a1);
+ result = result && doPermissionImplies(false,a1,a2);
+ result = result && doPermissionImplies(false,a1,a3);
+ result = result && doPermissionImplies(false,a1,a4);
+ result = result && doPermissionImplies(false,a2,a1);
+ result = result && doPermissionImplies(true,a2,a2);
+ result = result && doPermissionImplies(false,a2,a3);
+ result = result && doPermissionImplies(true,a3,a3);
+ result = result && doPermissionImplies(false,a3,a4);
+ result = result && doPermissionImplies(false,a4,a1);
+ result = result && doPermissionImplies(false,a4,a2);
+ result = result && doPermissionImplies(false,a4,a3);
+ result = result && doPermissionImplies(true,a4,a4);
+
+ for (int i=0; i<pArray.length; i++) {
+ for (int j=0; j<msArray.length; j++) {
+ for (int k=0; k<tArray.length; k++) {
+ result = result && doWebUserDataPermission(true,pArray[i],msArray[j],tArray[k]);
+
+ result = result && doPermissionImplies
+ (true,
+ new WebUserDataPermission
+ (pArray[i],makeWUDActions(msArray[j],tArray[k])),
+ new WebUserDataPermission
+ (pArray[i],makeWUDActions(msArray[j],tArray[k])));
+
+ result = result && doWebUserDataPermission(true,qpArray[i],msArray[j],tArray[k]);
+
+ result = result && doPermissionImplies
+ (true,
+ new WebUserDataPermission
+ (qpArray[i],makeWUDActions(msArray[j],tArray[k])),
+ new WebUserDataPermission
+ (qpArray[i],makeWUDActions(msArray[j],tArray[k])));
+
+ result = result && doPermissionImplies
+ (true,
+ new WebUserDataPermission
+ (pArray[i],makeWUDActions(msArray[j],tArray[k])),
+ new WebUserDataPermission
+ (qpArray[i],makeWUDActions(msArray[j],tArray[k])));
+
+ result = result && doPermissionImplies
+ (qpArray[i].equals(pArray[i]) ? true : false,
+ new WebUserDataPermission
+ (qpArray[i],makeWUDActions(msArray[j],tArray[k])),
+ new WebUserDataPermission
+ (pArray[i],makeWUDActions(msArray[j],tArray[k])));
+
+ result = result && testSerialization
+ (new WebUserDataPermission
+ (pArray[i],makeWUDActions(msArray[j],tArray[k])));
+
+ result = result && testSerialization
+ (new WebUserDataPermission
+ (qpArray[i],makeWUDActions(msArray[j],tArray[k])));
+
+ }
+ }
+ }
+
+ stat.addStatus(testSuite, (result)? stat.PASS : stat.FAIL);
+ stat.printSummary();
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccmr8/build.properties b/appserver/tests/appserv-tests/devtests/security/jaccmr8/build.properties
new file mode 100644
index 0000000..09d16d6
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccmr8/build.properties
@@ -0,0 +1,28 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="jaccmr8"/>
+<property name="appname" value="${module}"/>
+<property name="assemble" value="${build.classes.dir}/archive"/>
+<property name="test.client" value="org.glassfish.jacc.test.mr8.Client"/>
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="glassfish-application.xml" value="descriptor/glassfish-application.xml"/>
+<property name="ejb-jar.xml" value="descriptor/ejb-jar.xml"/>
+<property name="web.xml" value="descriptor/web.xml"/>
+<property name="app.type" value="application"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccmr8/build.xml b/appserver/tests/appserv-tests/devtests/security/jaccmr8/build.xml
new file mode 100644
index 0000000..f615a0c
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccmr8/build.xml
@@ -0,0 +1,124 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+
+ Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!DOCTYPE project [
+<!ENTITY commonSetup SYSTEM "./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "./../../../config/common.xml">
+<!ENTITY commonSecurity SYSTEM "../common.xml">
+<!ENTITY testproperties SYSTEM "./build.properties">
+]>
+
+<project name="jaccmr8" default="usage" basedir=".">
+
+ &commonSetup;
+ &commonBuild;
+ &testproperties;
+ &commonSecurity;
+
+ <target name="all" depends="clean, setup, build, deploy, run, undeploy, unsetup"/>
+
+ <target name="setup" depends="init-common">
+ <antcall target="create-user-common">
+ <param name="user" value="jaccuser"/>
+ <param name="password" value="javaee"/>
+ <param name="groups" value="javaUsers"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="otheruser"/>
+ <param name="password" value="javaee"/>
+ <param name="groups" value="otherUsers"/>
+ </antcall>
+ </target>
+
+ <target name="run" depends="init-common">
+ <java classname="${test.client}" fork="yes"
+ classpath="${s1astest.classpath}">
+ <arg value="${http.host}"/>
+ <arg value="${http.port}"/>
+ <arg value="jaccuser"/>
+ <arg value="javaee"/>
+ <arg value="javaUsers"/>
+ <arg value="otheruser"/>
+ </java>
+ </target>
+
+ <target name="unsetup" depends="init-common">
+ <antcall target="delete-user-common">
+ <param name="user" value="jaccuser"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="otheruser"/>
+ </antcall>
+ </target>
+
+ <target name="clean" depends="init-common">
+ <antcall target="clean-common"/>
+ </target>
+
+ <target name="compile" depends="clean">
+ </target>
+
+ <target name="build" depends="compile">
+ <antcall target="compile-common">
+ <param name="src" value="web"/>
+ </antcall>
+
+ <antcall target="webclient-war-common">
+ <param name="hasWebclient" value="yes"/>
+ </antcall>
+
+ <antcall target="compile-common">
+ <param name="src" value="ejb"/>
+ </antcall>
+
+ <antcall target="ejb-jar-common">
+ <param name="ejbjar.classes" value="**/Hello**.class"/>
+ </antcall>
+
+ <mkdir dir="${build.classes.dir}/META-INF"/>
+ <copy file="${application.xml}" tofile="${build.classes.dir}/META-INF/application.xml" failonerror="false"/>
+ <copy file="${glassfish-application.xml}" tofile="${build.classes.dir}/META-INF/glassfish-application.xml" failonerror="false"/>
+ <jar jarfile="${assemble.dir}/${appname}App.ear">
+ <fileset dir="${assemble.dir}">
+ <include name="*.jar"/>
+ <include name="*.war"/>
+ </fileset>
+ <fileset dir="${build.classes.dir}">
+ <include name="META-INF/application.xml"/>
+ <include name="META-INF/glassfish-application.xml"/>
+ </fileset>
+ </jar>
+
+ <antcall target="compile-common">
+ <param name="src" value="client"/>
+ </antcall>
+ </target>
+
+ <target name="deploy" depends="init-common">
+ <antcall target="deploy-common"/>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-common"/>
+ </target>
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccmr8/client/Client.java b/appserver/tests/appserv-tests/devtests/security/jaccmr8/client/Client.java
new file mode 100644
index 0000000..4c2c257
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccmr8/client/Client.java
@@ -0,0 +1,506 @@
+/*
+ * Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.jacc.test.mr8;
+
+import java.net.*;
+import java.io.*;
+import java.util.Enumeration;
+import java.util.Hashtable;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+public class Client {
+ private static SimpleReporterAdapter stat = new SimpleReporterAdapter("appserv-tests");
+ private static String testSuite = "Security::JACCMR8";
+ private static String contextPath = "/jaccmr8";
+
+ private String host;
+ private String port;
+ private String username;
+ private String password;
+ private String rolename;
+ private String otheruser;
+ private String ejbmode = "None";
+
+ public static void main(String[] args) {
+ stat.addDescription(testSuite);
+ Client client = new Client(args);
+ client.doTests();
+ stat.printSummary();
+ }
+
+ public Client(String[] args) {
+ host = args[0];
+ port = args[1];
+ username = args[2];
+ password = args[3];
+ rolename = args[4];
+ otheruser = args[5];
+ System.out.println(" Host: " + host);
+ System.out.println(" Port: " + port);
+ System.out.println(" Username: " + username);
+ System.out.println(" Rolename: " + rolename);
+ System.out.println("Other User: " + otheruser);
+ }
+
+ public void doTests() {
+ // Use the stateful EJB inside the servlet
+ // The stateful EJB uses annotations to protect the EJB
+ ejbmode = "stateful";
+ testAnyAuthUser();
+ testAnyAuthUserOther();
+ testAnyAuthUserNone();
+ testDenyUncovered();
+ testDenyUncoveredOther();
+ testDenyUncoveredNone();
+ testStar();
+ testStarOther();
+ testStarNone();
+ testServlet();
+ testServletOther();
+ testServletNone();
+ testAuthUser();
+ testAuthUserOther();
+ testAuthUserNone();
+
+ // Use the stateless EJB inside the servlet
+ // The stateless EJB uses the deployment descriptor to protect the EJB
+ // Only repeat tests that actually can invoke the servlet
+ ejbmode = "stateless";
+ testAnyAuthUser();
+ testAnyAuthUserOther();
+ testStar();
+ testAuthUser();
+ testServlet();
+ testServletOther();
+ testServletNone();
+ }
+
+ public void testAnyAuthUser() {
+ String servlet = "/anyauthuser";
+ String description = servlet+"-"+username+"-"+ejbmode;
+ StringBuffer output = new StringBuffer();
+ boolean success = doIndividualTest(servlet, 200, username, ejbmode, output);
+ if (!success) {
+ stat.addStatus(description, stat.FAIL);
+ return;
+ }
+
+ // Check results in output
+ success = checkResults(output,true,true,true,true,true,true);
+ if (!success) {
+ System.out.println("Incorrect results:" + description);
+ stat.addStatus(description, stat.FAIL);
+ return;
+ }
+
+ stat.addStatus(description, stat.PASS);
+ }
+
+ public void testAnyAuthUserOther() {
+ String servlet = "/anyauthuser";
+ String description = servlet+"-"+otheruser+"-"+ejbmode;
+ StringBuffer output = new StringBuffer();
+ boolean success = doIndividualTest(servlet, 200, otheruser, ejbmode, output);
+ if (!success) {
+ stat.addStatus(description, stat.FAIL);
+ return;
+ }
+
+ // Check results in output
+ success = checkResults(output,false,true,true,false,false,true);
+ if (!success) {
+ System.out.println("Incorrect results:" + description);
+ stat.addStatus(description, stat.FAIL);
+ return;
+ }
+
+ stat.addStatus(description, stat.PASS);
+ }
+
+ public void testAnyAuthUserNone() {
+ String servlet = "/anyauthuser";
+ String description = servlet+"--"+ejbmode;
+ StringBuffer output = new StringBuffer();
+ boolean success = doIndividualTest(servlet, 401, null, ejbmode, output);
+ if (!success) {
+ stat.addStatus(description, stat.FAIL);
+ return;
+ }
+
+ // No results to check!
+ stat.addStatus(description, stat.PASS);
+ }
+
+ public void testAuthUser() {
+ String servlet = "/authuser";
+ String description = servlet+"-"+username+"-"+ejbmode;
+ StringBuffer output = new StringBuffer();
+ boolean success = doIndividualTest(servlet, 200, username, ejbmode, output);
+ if (!success) {
+ stat.addStatus(description, stat.FAIL);
+ return;
+ }
+
+ // Check results in output
+ success = checkResults(output,true,true,true,true,true,true);
+ if (!success) {
+ System.out.println("Incorrect results:" + description);
+ stat.addStatus(description, stat.FAIL);
+ return;
+ }
+
+ stat.addStatus(description, stat.PASS);
+ }
+
+ public void testAuthUserOther() {
+ String servlet = "/authuser";
+ String description = servlet+"-"+otheruser+"-"+ejbmode;
+ StringBuffer output = new StringBuffer();
+ boolean success = doIndividualTest(servlet, 403, otheruser, ejbmode, output);
+ if (!success) {
+ stat.addStatus(description, stat.FAIL);
+ return;
+ }
+
+ // No results to check!
+ stat.addStatus(description, stat.PASS);
+ }
+
+ public void testAuthUserNone() {
+ String servlet = "/authuser";
+ String description = servlet+"--"+ejbmode;
+ StringBuffer output = new StringBuffer();
+ boolean success = doIndividualTest(servlet, 401, null, ejbmode, output);
+ if (!success) {
+ stat.addStatus(description, stat.FAIL);
+ return;
+ }
+
+ // No results to check!
+ stat.addStatus(description, stat.PASS);
+ }
+
+ public void testStar() {
+ String servlet = "/star";
+ String description = servlet+"-"+username+"-"+ejbmode;
+ StringBuffer output = new StringBuffer();
+ boolean success = doIndividualTest(servlet, 200, username, ejbmode, output);
+ if (!success) {
+ stat.addStatus(description, stat.FAIL);
+ return;
+ }
+
+ // Check results in output
+ success = checkResults(output,true,true,true,true,true,true);
+ if (!success) {
+ System.out.println("Incorrect results:" + description);
+ stat.addStatus(description, stat.FAIL);
+ return;
+ }
+
+ stat.addStatus(description, stat.PASS);
+ }
+
+ public void testStarOther() {
+ String servlet = "/star";
+ String description = servlet+"-"+otheruser+"-"+ejbmode;
+ StringBuffer output = new StringBuffer();
+ boolean success = doIndividualTest(servlet, 403, otheruser, ejbmode, output);
+ if (!success) {
+ stat.addStatus(description, stat.FAIL);
+ return;
+ }
+
+ // No results to check!
+ stat.addStatus(description, stat.PASS);
+ }
+
+ public void testStarNone() {
+ String servlet = "/star";
+ String description = servlet+"--"+ejbmode;
+ StringBuffer output = new StringBuffer();
+ boolean success = doIndividualTest(servlet, 401, null, ejbmode, output);
+ if (!success) {
+ stat.addStatus(description, stat.FAIL);
+ return;
+ }
+
+ // No results to check!
+ stat.addStatus(description, stat.PASS);
+ }
+
+ public void testServlet() {
+ String servlet = "/servlet";
+ String description = servlet+"-"+username+"-"+ejbmode;
+ StringBuffer output = new StringBuffer();
+ boolean success = doIndividualTest(servlet, 200, username, ejbmode, output);
+ if (!success) {
+ stat.addStatus(description, stat.FAIL);
+ return;
+ }
+
+ // Check results in output
+ success = checkResults(output,false,false,false,false,false,false);
+ if (!success) {
+ System.out.println("Incorrect results:" + description);
+ stat.addStatus(description, stat.FAIL);
+ return;
+ }
+
+ stat.addStatus(description, stat.PASS);
+ }
+
+ public void testServletOther() {
+ String servlet = "/servlet";
+ String description = servlet+"-"+otheruser+"-"+ejbmode;
+ StringBuffer output = new StringBuffer();
+ boolean success = doIndividualTest(servlet, 200, otheruser, ejbmode, output);
+ if (!success) {
+ stat.addStatus(description, stat.FAIL);
+ return;
+ }
+
+ // Check results in output
+ success = checkResults(output,false,false,false,false,false,false);
+ if (!success) {
+ System.out.println("Incorrect results:" + description);
+ stat.addStatus(description, stat.FAIL);
+ return;
+ }
+
+ stat.addStatus(description, stat.PASS);
+ }
+
+ public void testServletNone() {
+ String servlet = "/servlet";
+ String description = servlet+"--"+ejbmode;
+ StringBuffer output = new StringBuffer();
+ boolean success = doIndividualTest(servlet, 200, null, ejbmode, output);
+ if (!success) {
+ stat.addStatus(description, stat.FAIL);
+ return;
+ }
+
+ // Check results in output
+ success = checkResults(output,false,false,false,false,false,false);
+ if (!success) {
+ System.out.println("Incorrect results:" + description);
+ stat.addStatus(description, stat.FAIL);
+ return;
+ }
+
+ stat.addStatus(description, stat.PASS);
+ }
+
+ public void testDenyUncovered() {
+ String servlet = "/denyuncoveredpost";
+ String description = servlet+"-"+username+"-"+ejbmode;
+ StringBuffer output = new StringBuffer();
+ boolean success = doIndividualTest(servlet, 403, username, ejbmode, output);
+ if (!success) {
+ stat.addStatus(description, stat.FAIL);
+ return;
+ }
+
+ // No results to check!
+ stat.addStatus(description, stat.PASS);
+ }
+
+ public void testDenyUncoveredOther() {
+ String servlet = "/denyuncoveredpost";
+ String description = servlet+"-"+otheruser+"-"+ejbmode;
+ StringBuffer output = new StringBuffer();
+ boolean success = doIndividualTest(servlet, 403, otheruser, ejbmode, output);
+ if (!success) {
+ stat.addStatus(description, stat.FAIL);
+ return;
+ }
+
+ // No results to check!
+ stat.addStatus(description, stat.PASS);
+ }
+
+ public void testDenyUncoveredNone() {
+ String servlet = "/denyuncoveredpost";
+ String description = servlet+"--"+ejbmode;
+ StringBuffer output = new StringBuffer();
+ boolean success = doIndividualTest(servlet, 403, null, ejbmode, output);
+ if (!success) {
+ stat.addStatus(description, stat.FAIL);
+ return;
+ }
+
+ // No results to check!
+ stat.addStatus(description, stat.PASS);
+ }
+
+ // Validate that all the passed in results are as expected
+ // If any value is not as expected the overall results are false
+ private boolean checkResults(StringBuffer results,
+ boolean EJBisCallerInRole, boolean EJBisUserInAnyAuthUserRole,
+ boolean EJBInvokeAnyAuthUser, boolean EJBInvokeAuthUser,
+ boolean WEBisUserInRole, boolean WEBisUserInAnyAuthUserRole) {
+ int index;
+ boolean result = true;
+
+ if (EJBisCallerInRole)
+ index = results.indexOf("EJB isCallerInRole: true");
+ else
+ index = results.indexOf("EJB isCallerInRole: false");
+ if (index == -1)
+ result = false;
+
+ if (!result) return result;
+
+ if (EJBisUserInAnyAuthUserRole)
+ index = results.indexOf("EJB isUserInAnyAuthUserRole: true");
+ else
+ index = results.indexOf("EJB isUserInAnyAuthUserRole: false");
+ if (index == -1)
+ result = false;
+
+ if (!result) return result;
+
+ if (WEBisUserInRole)
+ index = results.indexOf("WEB isUserInRole: true");
+ else
+ index = results.indexOf("WEB isUserInRole: false");
+ if (index == -1)
+ result = false;
+
+ if (!result) return result;
+
+ if (WEBisUserInAnyAuthUserRole)
+ index = results.indexOf("WEB isUserInAnyAuthUserRole: true");
+ else
+ index = results.indexOf("WEB isUserInAnyAuthUserRole: false");
+ if (index == -1)
+ result = false;
+
+ if (!result) return result;
+
+ index = results.indexOf("EJB Invoke AnyAuthUser: Yes");
+ if (EJBInvokeAnyAuthUser)
+ result = (index != -1);
+ else
+ result = (index == -1);
+
+ if (!result) return result;
+
+ index = results.indexOf("EJB Invoke AuthUser: Yes");
+ if (EJBInvokeAuthUser)
+ result = (index != -1);
+ else
+ result = (index == -1);
+
+ return result;
+ }
+
+ private boolean doIndividualTest(String servlet, int code, String user, String mode, StringBuffer output) {
+ boolean result = false;
+ try {
+ int rtncode;
+ String url = "http://" + host + ":" + port + contextPath + servlet;
+
+ Hashtable ht = new Hashtable();
+ ht.put("mode", URLEncoder.encode(mode,"UTF-8"));
+ ht.put("name", URLEncoder.encode(rolename,"UTF-8"));
+
+ System.out.println("\nInvoking servlet at " + url);
+ rtncode = invokeServlet(url, ht, user, output);
+ System.out.println("The servlet return code: " + rtncode);
+ if (rtncode != code) {
+ System.out.println("Incorrect return code, expecting: " + code);
+ }
+ else result = true;
+ } catch (Exception ex) {
+ System.out.println("Exception: " + ex.toString());
+ //ex.printStackTrace();
+ }
+ return result;
+ }
+
+ private int invokeServlet(String url, Hashtable contentHash, String user, StringBuffer output) throws Exception {
+ URL u = new URL(url);
+ HttpURLConnection c1 = (HttpURLConnection) u.openConnection();
+ c1.setAllowUserInteraction(true);
+ if ((user != null) && (user.length() > 0)) {
+ // Add BASIC header for authentication
+ String auth = user + ":" + password;
+ String authEncoded = new sun.misc.BASE64Encoder().encode(auth.getBytes());
+ c1.setRequestProperty("Authorization", "Basic " + authEncoded);
+ }
+ c1.setDoOutput(true);
+ c1.setUseCaches(false);
+
+ // get the output stream to POST to.
+ DataOutputStream out;
+ out = new DataOutputStream(c1.getOutputStream());
+ String content = "";
+
+ // Create a single String value to be POSTED from the parameters passed
+ // to us. This is done by making "name"="value" pairs for all the keys
+ // in the Hashtable passed to us.
+ Enumeration e = contentHash.keys();
+ boolean first = true;
+ while (e.hasMoreElements()) {
+ // For each key and value pair in the hashtable
+ Object key = e.nextElement();
+ Object value = contentHash.get(key);
+
+ // If this is not the first key-value pair in the hashtable,
+ // concantenate an "&" sign to the constructed String
+ if (!first)
+ content += "&";
+
+ // append to a single string. Encode the value portion
+ content += (String) key + "=" + URLEncoder.encode((String) value,"UTF-8");
+
+ first = false;
+ }
+
+ // Write out the bytes of the content string to the stream.
+ out.writeBytes(content);
+ out.flush();
+ out.close();
+
+ // Connect and get the response code and/or output to verify
+ c1.connect();
+ int code = c1.getResponseCode();
+ if (code == HttpURLConnection.HTTP_OK) {
+ InputStream is = null;
+ BufferedReader input = null;
+ String line = null;
+ try {
+ is = c1.getInputStream();
+ input = new BufferedReader(new InputStreamReader(is));
+ while ((line = input.readLine()) != null) {
+ output.append(line);
+ System.out.println(line);
+ }
+ }
+ finally {
+ try { if (is != null) is.close(); }
+ catch (Exception exc) {}
+ try { if (input != null) input.close(); }
+ catch (Exception exc) {}
+ }
+ }
+ return code;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccmr8/descriptor/application.xml b/appserver/tests/appserv-tests/devtests/security/jaccmr8/descriptor/application.xml
new file mode 100644
index 0000000..af59619
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccmr8/descriptor/application.xml
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="6"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/application_6.xsd">
+ <display-name>jaccmr8</display-name>
+ <module>
+ <ejb>jaccmr8-ejb.jar</ejb>
+ </module>
+ <module>
+ <web>
+ <web-uri>jaccmr8-web.war</web-uri>
+ <context-root>jaccmr8</context-root>
+ </web>
+ </module>
+</application>
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccmr8/descriptor/ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/jaccmr8/descriptor/ejb-jar.xml
new file mode 100644
index 0000000..cb63e52
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccmr8/descriptor/ejb-jar.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!--
+
+ Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<ejb-jar xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ metadata-complete="false" version="3.1"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_1.xsd">
+ <module-name>jaccmr8-ejb</module-name>
+ <enterprise-beans>
+ <!-- See EJB annotations
+ <session>
+ <display-name>HelloStatefulEJB</display-name>
+ <ejb-name>HelloStatefulEJB</ejb-name>
+ <business-local>org.glassfish.jacc.test.mr8.HelloStateful</business-local>
+ <ejb-class>org.glassfish.jacc.test.mr8.HelloStatefulEJB</ejb-class>
+ </session>
+ -->
+ <session>
+ <display-name>HelloEJB</display-name>
+ <ejb-name>HelloEJB</ejb-name>
+ <business-local>org.glassfish.jacc.test.mr8.Hello</business-local>
+ <ejb-class>org.glassfish.jacc.test.mr8.HelloEJB</ejb-class>
+ <!-- GLASSFISH-20036 fixes IllegalStateException when role-refs are not declared.
+ The @DeclareRoles annotation provides the linkage between roles silently.
+ <security-role-ref>
+ <role-name>javaUsers</role-name>
+ <role-link>javaUsers</role-link>
+ </security-role-ref>
+ -->
+ </session>
+ </enterprise-beans>
+ <assembly-descriptor>
+ <security-role>
+ <role-name>javaUsers</role-name>
+ </security-role>
+ <method-permission>
+ <role-name>javaUsers</role-name>
+ <method>
+ <ejb-name>HelloEJB</ejb-name>
+ <method-name>methodAuthUser</method-name>
+ </method>
+ </method-permission>
+ <method-permission>
+ <role-name>**</role-name>
+ <method>
+ <ejb-name>HelloEJB</ejb-name>
+ <method-name>methodAnyAuthUser</method-name>
+ </method>
+ </method-permission>
+ </assembly-descriptor>
+</ejb-jar>
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccmr8/descriptor/glassfish-application.xml b/appserver/tests/appserv-tests/devtests/security/jaccmr8/descriptor/glassfish-application.xml
new file mode 100644
index 0000000..07a875b
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccmr8/descriptor/glassfish-application.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!DOCTYPE glassfish-application PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Java EE Application 6.0//EN" "http://glassfish.org/dtds/glassfish-application_6_0-1.dtd">
+
+<glassfish-application>
+ <security-role-mapping>
+ <role-name>javaUsers</role-name>
+ <group-name>javaUsers</group-name>
+ </security-role-mapping>
+</glassfish-application>
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccmr8/descriptor/web.xml b/appserver/tests/appserv-tests/devtests/security/jaccmr8/descriptor/web.xml
new file mode 100644
index 0000000..0d1092f
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccmr8/descriptor/web.xml
@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee web-app_3_1.xsd" version="3.1">
+
+ <display-name>jaccmr8</display-name>
+ <distributable></distributable>
+
+ <!-- Protect HTTP methods that are not stated in the security constraints -->
+ <deny-uncovered-http-methods></deny-uncovered-http-methods>
+
+ <!-- See URL patterns on @WebServlet annotation
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>org.glassfish.jacc.test.mr8.Servlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/authuser</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/anyauthuser</url-pattern>
+ </servlet-mapping>
+ -->
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>authuser</web-resource-name>
+ <url-pattern>/authuser</url-pattern>
+ <http-method>GET</http-method>
+ <http-method>POST</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>javaUsers</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>anyauthuser</web-resource-name>
+ <url-pattern>/anyauthuser</url-pattern>
+ <http-method>GET</http-method>
+ <http-method>POST</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>**</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>star</web-resource-name>
+ <url-pattern>/star</url-pattern>
+ <http-method>GET</http-method>
+ <http-method>POST</http-method>
+ </web-resource-collection>
+ <!-- Will not include any authenticated user unless declared as security-role -->
+ <auth-constraint>
+ <role-name>*</role-name>
+ <role-name>**</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>denyuncoveredpost</web-resource-name>
+ <url-pattern>/denyuncoveredpost</url-pattern>
+ <http-method>GET</http-method>
+ </web-resource-collection>
+ </security-constraint>
+
+ <security-role>
+ <role-name>javaUsers</role-name>
+ </security-role>
+</web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccmr8/ejb/HelloEJB.java b/appserver/tests/appserv-tests/devtests/security/jaccmr8/ejb/HelloEJB.java
new file mode 100644
index 0000000..73a44d8
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccmr8/ejb/HelloEJB.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.jacc.test.mr8;
+
+import java.security.Principal;
+
+import javax.annotation.Resource;
+import javax.ejb.SessionContext;
+import javax.ejb.Stateless;
+
+@Stateless
+public class HelloEJB implements Hello {
+ @Resource
+ private SessionContext ctx;
+
+ public String hello(String name) {
+ System.out.println("In HelloEJB::hello('"+name+"')");
+ String principalName = "NONE";
+ String principalType = "UNKNOWN";
+ Principal p = ctx.getCallerPrincipal();
+ if (p != null) {
+ principalName = p.getName();
+ principalType = p.getClass().getName();
+ }
+ String result = principalName + " is " + principalType;
+ System.out.println("Caller Principal: " + result);
+ return result;
+ }
+
+ public boolean inRole(String roleName) {
+ System.out.println("In HelloEJB::inRole('"+roleName+"')");
+ //try {
+ boolean result = ctx.isCallerInRole(roleName);
+ System.out.println("In HelloEJB::inRole('"+roleName+"') - " + result);
+ return result;
+ //}
+ //catch (Exception exc) {
+ // System.out.println("In HelloEJB - Exception: " + exc.toString());
+ // exc.printStackTrace();
+ // return false;
+ //}
+ }
+
+ public void methodAuthUser() {
+ System.out.println("In HelloEJB::methodAuthUser()");
+ }
+
+ public void methodAnyAuthUser() {
+ System.out.println("In HelloEJB::methodAnyAuthUser()");
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccmr8/ejb/HelloStatefulEJB.java b/appserver/tests/appserv-tests/devtests/security/jaccmr8/ejb/HelloStatefulEJB.java
new file mode 100644
index 0000000..9f56cd2
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccmr8/ejb/HelloStatefulEJB.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.jacc.test.mr8;
+
+import java.security.Principal;
+
+import javax.annotation.PostConstruct;
+import javax.annotation.Resource;
+import javax.annotation.security.DeclareRoles;
+import javax.annotation.security.RolesAllowed;
+
+import javax.ejb.SessionContext;
+import javax.ejb.Stateful;
+
+@DeclareRoles({"javaUsers"})
+
+@Stateful
+public class HelloStatefulEJB implements HelloStateful {
+ @Resource
+ private SessionContext ctx;
+
+ @PostConstruct
+ public void postConstruction() {
+ System.out.println("In HelloStatefulEJB::postConstruction()");
+ }
+
+ public String hello(String name) {
+ System.out.println("In HelloStatefulEJB::hello('"+name+"')");
+ String principalName = "NONE";
+ String principalType = "UNKNOWN";
+ Principal p = ctx.getCallerPrincipal();
+ if (p != null) {
+ principalName = p.getName();
+ principalType = p.getClass().getName();
+ }
+ String result = principalName + " is " + principalType;
+ System.out.println("Caller Principal: " + result);
+ return result;
+ }
+
+ public boolean inRole(String roleName) {
+ System.out.println("In HelloStatefulEJB::inRole('"+roleName+"')");
+ //try {
+ boolean result = ctx.isCallerInRole(roleName);
+ System.out.println("In HelloStatefulEJB::inRole('"+roleName+"') - " + result);
+ return result;
+ //}
+ //catch (Exception exc) {
+ // System.out.println("In HelloStatefulEJB - Exception: " + exc.toString());
+ // exc.printStackTrace();
+ // return false;
+ //}
+ }
+
+ @RolesAllowed({"javaUsers"})
+ public void methodAuthUser() {
+ System.out.println("In HelloStatefulEJB::methodAuthUser()");
+ }
+
+ @RolesAllowed({"**"})
+ public void methodAnyAuthUser() {
+ System.out.println("In HelloStatefulEJB::methodAnyAuthUser()");
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccmr8/web/Hello.java b/appserver/tests/appserv-tests/devtests/security/jaccmr8/web/Hello.java
new file mode 100644
index 0000000..9f13269
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccmr8/web/Hello.java
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.jacc.test.mr8;
+
+public interface Hello {
+
+ public String hello(String name);
+
+ public boolean inRole(String roleName);
+
+ public void methodAuthUser();
+
+ public void methodAnyAuthUser();
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccmr8/web/HelloStateful.java b/appserver/tests/appserv-tests/devtests/security/jaccmr8/web/HelloStateful.java
new file mode 100644
index 0000000..fc78471
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccmr8/web/HelloStateful.java
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.jacc.test.mr8;
+
+public interface HelloStateful {
+
+ public String hello(String name);
+
+ public boolean inRole(String roleName);
+
+ public void methodAuthUser();
+
+ public void methodAnyAuthUser();
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jaccmr8/web/Servlet.java b/appserver/tests/appserv-tests/devtests/security/jaccmr8/web/Servlet.java
new file mode 100644
index 0000000..96cd75d
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jaccmr8/web/Servlet.java
@@ -0,0 +1,143 @@
+/*
+ * Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.jacc.test.mr8;
+
+import java.io.*;
+import javax.servlet.*;
+import javax.servlet.http.*;
+import javax.naming.*;
+import javax.ejb.EJB;
+import javax.ejb.EJBs;
+import java.net.URLEncoder;
+import java.net.URLDecoder;
+import java.security.Principal;
+
+import javax.servlet.annotation.WebServlet;
+
+@WebServlet(name = "Servlet", urlPatterns = {"/servlet","/authuser","/anyauthuser","/star","/denyuncoveredpost"})
+public class Servlet extends HttpServlet {
+
+ @EJB(beanName = "HelloEJB", beanInterface = Hello.class)
+ private Hello helloStateless;
+
+ @EJB(beanName = "HelloStatefulEJB", beanInterface = HelloStateful.class)
+ private HelloStateful helloStateful;
+
+ public void init(ServletConfig config) throws ServletException {
+ super.init(config);
+ System.out.println("In jaccmr8::Servlet... init()");
+ }
+
+ public void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+ resp.setContentType("text/html");
+ PrintWriter out = resp.getWriter();
+
+ String mode = req.getParameter("mode");
+ if (mode == null) mode = "stateful";
+ mode = URLDecoder.decode(mode,"UTF-8");
+ String name = req.getParameter("name");
+ if (name == null) name = "NotDeclared";
+ name = URLDecoder.decode(name,"UTF-8");
+
+ // EJB information
+ String callerPrincipal = "NONE";
+ boolean isInEJBRole = false;
+ boolean isAnyAuthUserEJB = false;
+ String invokeAnyAuthUser = "No";
+ String invokeAuthUser = "No";
+ if ("stateful".equals(mode)) {
+ System.out.println("Invoking Stateful EJB");
+ callerPrincipal = helloStateful.hello(name);
+ isAnyAuthUserEJB = helloStateful.inRole("**");
+ isInEJBRole = helloStateful.inRole(name);
+ try {
+ helloStateful.methodAnyAuthUser();
+ invokeAnyAuthUser = "Yes";
+ }
+ catch (Exception exc) {
+ System.out.println("FAILED invoke of methodAnyAuthUser()");
+ invokeAnyAuthUser = exc.toString();
+ }
+ try {
+ helloStateful.methodAuthUser();
+ invokeAuthUser = "Yes";
+ }
+ catch (Exception exc) {
+ System.out.println("FAILED invoke of methodAuthUser()");
+ invokeAuthUser = exc.toString();
+ }
+ System.out.println("Successfully invoked Stateful EJB");
+ } else if ("stateless".equals(mode)) {
+ System.out.println("Invoking Stateless EJB");
+ callerPrincipal = helloStateless.hello(name);
+ isAnyAuthUserEJB = helloStateless.inRole("**");
+ isInEJBRole = helloStateless.inRole(name);
+ try {
+ helloStateless.methodAnyAuthUser();
+ invokeAnyAuthUser = "Yes";
+ }
+ catch (Exception exc) {
+ System.out.println("FAILED invoke of methodAnyAuthUser()");
+ invokeAnyAuthUser = exc.toString();
+ }
+ try {
+ helloStateless.methodAuthUser();
+ invokeAuthUser = "Yes";
+ }
+ catch (Exception exc) {
+ System.out.println("FAILED invoke of methodAuthUser()");
+ invokeAuthUser = exc.toString();
+ }
+ System.out.println("Successfully invoked Stateless EJB");
+ } else {
+ System.out.println("Mode: " + mode);
+ }
+
+ // Servlet information
+ String principalName = "NONE";
+ String principalType = "UNKNOWN";
+ Principal p = req.getUserPrincipal();
+ if (p != null) {
+ principalName = p.getName();
+ principalType = p.getClass().getName();
+ }
+ String userPrincipal = principalName + " is " + principalType;
+ boolean isAnyAuthUserWeb = req.isUserInRole("**");
+ boolean isInWebRole = req.isUserInRole(name);
+
+ out.println("<HTML> <HEAD> <TITLE>Servlet Output</TITLE> </HEAD> <BODY>");
+ out.println("<CENTER>JACC MR8 Servlet</CENTER> <p> ");
+ out.println(" Request URL: " + req.getRequestURL() + "<br>");
+ out.println(" HTTP Method: " + req.getMethod() + "<br>");
+ out.println("Context Path: " + req.getContextPath() + "<br>");
+ out.println("Servlet Path: " + req.getServletPath() + "<br>");
+ out.println("<br> <CENTER>Results</CENTER> <p> ");
+ out.println("EJB Caller Principal: " + callerPrincipal + "<br>");
+ out.println("EJB isCallerInRole: " + isInEJBRole + "<br>");
+ out.println("EJB isUserInAnyAuthUserRole: " + isAnyAuthUserEJB + "<br>");
+ out.println("EJB Invoke AnyAuthUser: " + invokeAnyAuthUser + "<br>");
+ out.println("EJB Invoke AuthUser: " + invokeAuthUser + "<br>");
+ out.println("WEB User Principal: " + userPrincipal + "<br>");
+ out.println("WEB isUserInRole: " + isInWebRole + "<br>");
+ out.println("WEB isUserInAnyAuthUserRole: " + isAnyAuthUserWeb + "<br>");
+ out.println("</BODY> </HTML> ");
+ }
+
+ public void destroy() {
+ System.out.println("In jaccmr8::Servlet destroy");
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jdbcrealm/README b/appserver/tests/appserv-tests/devtests/security/jdbcrealm/README
new file mode 100644
index 0000000..2fa977d
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jdbcrealm/README
@@ -0,0 +1,6 @@
+- 2 main build targets all and all-oracle
+ all runs tests against derby database
+ all-oracle runs againsts oracle db
+- Eventually would like to link oracle tests to the target 'all' as well
+- change derby.db.name in config.properties so that all developers can run
+ the tests without impacting others
diff --git a/appserver/tests/appserv-tests/devtests/security/jdbcrealm/build.properties b/appserver/tests/appserv-tests/devtests/security/jdbcrealm/build.properties
new file mode 100644
index 0000000..1bda8d9
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jdbcrealm/build.properties
@@ -0,0 +1,31 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security"/>
+
+<property name="jdbc.realm.class" value="com.sun.enterprise.security.auth.realm.db.JDBCRealm"/>
+
+<property name="create.sql.file" value="./create-auth-schema.sql"/>
+<property name="delete.sql.file" value="./delete-auth-schema.sql"/>
+
+<property name="create.sql.file.oracle" value="./create-auth-schema-oracle.sql"/>
+<property name="delete.sql.file.oracle" value="./delete-auth-schema.sql"/>
+
+<property name="web.xml" value="web.xml"/>
+<property name="sun-web.xml" value="sun-web.xml"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/jdbcrealm/build.xml b/appserver/tests/appserv-tests/devtests/security/jdbcrealm/build.xml
new file mode 100644
index 0000000..0fa3b3c
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jdbcrealm/build.xml
@@ -0,0 +1,933 @@
+<?xml version="1.0"?>
+<!--
+
+ Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!DOCTYPE project [
+<!ENTITY commonSetup SYSTEM "./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "./../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "./../../../config/run.xml">
+<!ENTITY testProperties SYSTEM "./build.properties">
+<!ENTITY commonSecurity SYSTEM "./../common.xml">
+]>
+
+
+<project name="security-jdbcrealm" basedir="." default="usage">
+
+ &commonSetup;
+ &commonBuild;
+ &commonRun;
+ &commonSecurity;
+ &testProperties;
+
+ <property file="./config.properties"/>
+
+ <target name="all" depends="display-header">
+ <antcall target="setup"/>
+ <antcall target="build"/>
+ <antcall target="deploy"/>
+ <antcall target="run"/>
+ <antcall target="undeploy"/>
+ <antcall target="unsetup"/>
+ </target>
+
+ <target name="all-oracle" depends="display-header">
+ <antcall target="setup-oracle"/>
+ <antcall target="build"/>
+ <antcall target="deploy"/>
+ <antcall target="run"/>
+ <antcall target="undeploy"/>
+ <antcall target="unsetup-oracle"/>
+ </target>
+
+ <target name="display-header">
+ <echo message="-->Running ${ant.project.name} tests from ${basedir} ..."/>
+ </target>
+
+ <target name="setup" depends="init-common">
+ <antcall target="create-db-schema"/>
+ <antcall target="create-db-usrgrps"/>
+ <antcall target="modify-domain-xml"/>
+ </target>
+
+ <target name="unsetup" depends="init-common">
+ <antcall target="un-modify-domain-xml"/>
+ <antcall target="delete-db-schema"/>
+ </target>
+
+ <target name="setup-oracle" depends="init-common">
+ <antcall target="create-db-schema-oracle"/>
+ <antcall target="create-db-usrgrps-oracle"/>
+ <antcall target="modify-domain-xml-oracle"/>
+ </target>
+
+ <target name="unsetup-oracle" depends="init-common">
+ <antcall target="un-modify-domain-xml-oracle"/>
+ <antcall target="delete-db-schema-oracle"/>
+ </target>
+
+
+ <target name="create-db-schema-oracle" depends="init-common">
+ <echo message="Executing sql statement at ${basedir} from ${create.sql.file.oracle} for db.url ${oracle.db.url}"/>
+ <sql
+ driver="${oracle.db.driver}"
+ url="${oracle.db.url}"
+ userid="${oracle.db.user}"
+ password="${oracle.db.user}"
+ src="${create.sql.file.oracle}"
+ onerror="continue"
+ print="yes"
+ output="create-db-schema.out"
+ classpath="${env.APS_HOME}/lib/ojdbc14.jar:${s1astest.classpath}" />
+ </target>
+ <target name="delete-db-schema-oracle" depends="init-common">
+ <echo message="Executing sql statement at ${basedir} from ${delete.sql.file}"
+ level="verbose"/>
+ <sql
+ driver="${oracle.db.driver}"
+ url="${oracle.db.url}"
+ userid="${oracle.db.user}"
+ password="${oracle.db.user}"
+ src="${delete.sql.file}"
+ onerror="continue"
+ print="yes"
+ output="delete-db-schema.out"
+ classpath="${env.APS_HOME}/lib/ojdbc14.jar:${s1astest.classpath}" />
+ </target>
+
+ <target name="create-db-schema" depends="init-common">
+ <echo message="Executing sql statement at ${basedir} from ${create.sql.file} for db.url ${derby.db.url}"/>
+ <sql
+ driver="${derby.db.driver}"
+ url="${derby.db.url}"
+ userid="${derby.db.user}"
+ password="${derby.db.user}"
+ src="${create.sql.file}"
+ onerror="continue"
+ print="yes"
+ output="create-db-schema.out"
+ classpath="${s1astest.classpath}" />
+ </target>
+
+ <target name="delete-db-schema" depends="init-common">
+ <echo message="Executing sql statement at ${basedir} from ${delete.sql.file}"
+ level="verbose"/>
+ <sql
+ driver="${derby.db.driver}"
+ url="${derby.db.url}"
+ userid="${derby.db.user}"
+ password="${derby.db.user}"
+ src="${delete.sql.file}"
+ onerror="continue"
+ print="yes"
+ output="delete-db-schema.out"
+ classpath="${s1astest.classpath}" />
+ </target>
+
+ <target name="create-db-usrgrps" depends="init-common">
+ <antcall target="compile-common">
+ <param name="src" value="util"/>
+ </antcall>
+ <java classname="com.sun.devtests.security.jdbcrealm.PopulateDB" fork="true">
+ <classpath>
+ <pathelement path="${build.classes.dir}:${s1astest.classpath}"/>
+ </classpath>
+ <arg value="-url"/>
+ <arg value="${derby.db.url}"/>
+ <arg value="-dbDriver"/>
+ <arg value="${derby.db.driver}"/>
+ <arg value="-username"/>
+ <arg value="${derby.db.user}"/>
+ <arg value="-password"/>
+ <arg value="${derby.db.pass}"/>
+ </java>
+ </target>
+
+ <target name="create-db-usrgrps-oracle" depends="init-common">
+ <java classname="com.sun.devtests.security.jdbcrealm.PopulateDB" fork="true">
+ <classpath>
+ <pathelement path="${env.APS_HOME}/lib/ojdbc14.jar:${build.classes.dir}:${s1astest.classpath}"/>
+ </classpath>
+ <arg value="-url"/>
+ <arg value="${oracle.db.url}"/>
+ <arg value="-dbDriver"/>
+ <arg value="${oracle.db.driver}"/>
+ <arg value="-username"/>
+ <arg value="${oracle.db.user}"/>
+ <arg value="-password"/>
+ <arg value="${oracle.db.pass}"/>
+ <arg value="-verbose"/>
+ </java>
+ </target>
+
+ <target name="modify-domain-xml" depends="init-common">
+ <antcall target="create-jdbcrealm-connection-pool">
+ <param name="db.datasource.classname"
+ value="${derby.db.datasource.classname}"/>
+ <param name="db.port" value="${derby.db.port}"/>
+ <param name="db.host" value="${derby.db.host}"/>
+ <param name="db.name" value="${derby.db.name}"/>
+ <param name="db.poolname" value="${derby.db.poolname}"/>
+ <param name="db.connection-attributes"
+ value="connectionAttributes=;create\=true"/>
+ </antcall>
+ <antcall target="create-jdbcrealm-resource">
+ <param name="db.poolname" value="${derby.db.poolname}"/>
+ <param name="db.jndiname" value="${derby.db.jndiname}"/>
+ </antcall>
+ <antcall target="create-auth-jdbcrealm">
+ <param name="db.poolname" value="${derby.db.poolname}"/>
+ <param name="db.jndiname" value="${derby.db.jndiname}"/>
+ <param name="db.user" value="${derby.db.user}"/>
+ <param name="db.pass" value="${derby.db.pass}"/>
+ </antcall>
+ </target>
+
+ <target name="modify-domain-xml-oracle" depends="init-common">
+
+<!--
+ <antcall target="create-jdbcrealm-connection-pool">
+ <param name="db.datasource.classname"
+ value="${oracle.db.datasource.classname}"/>
+ <param name="db.port" value="${oracle.db.port}"/>
+ <param name="db.host" value="${oracle.db.host}"/>
+ <param name="db.name" value="${oracle.db.name}"/>
+ <param name="db.poolname" value="${oracle.db.poolname}"/>
+ <param name="db.connection-attributes" value=""/>
+ </antcall>
+-->
+ <exec executable="${ASADMIN}">
+ <arg line="create-jdbc-connection-pool"/>
+ <arg line="${as.props} --target=${appserver.instance.name}"/>
+ <arg line="--datasourceclassname com.sun.sql.jdbcx.oracle.OracleDataSource"/>
+ <arg line="--property"/>
+ <arg value="PortNumber=${oracle.db.port}:serverName=${oracle.db.host}:SID=${oracle.db.SID}"/>
+ <arg line="${oracle.db.poolname}"/>
+ </exec>
+
+ <antcall target="create-jdbcrealm-resource">
+ <param name="db.poolname" value="${oracle.db.poolname}"/>
+ <param name="db.jndiname" value="${oracle.db.jndiname}"/>
+ </antcall>
+
+ <antcall target="create-auth-jdbcrealm">
+ <param name="db.poolname" value="${oracle.db.poolname}"/>
+ <param name="db.jndiname" value="${oracle.db.jndiname}"/>
+ <param name="db.user" value="${oracle.db.user}"/>
+<!-- <param name="db.pass" value="${oracle.db.pass}"/> -->
+ <param name="db.pass" value="${oracle.db.alias-pass}"/>
+ </antcall>
+
+ </target>
+
+ <target name="un-modify-domain-xml" depends="init-common">
+ <antcall target="delete-auth-jdbcrealm"/>
+ <antcall target="delete-jdbcrealm-resource">
+ <param name="db.jndiname" value="${derby.db.jndiname}"/>
+ </antcall>
+ <antcall target="delete-jdbcrealm-connection-pool">
+ <param name="db.poolname" value="${derby.db.poolname}"/>
+ </antcall>
+ </target>
+
+ <target name="un-modify-domain-xml-oracle" depends="init-common">
+ <antcall target="delete-auth-jdbcrealm"/>
+ <antcall target="delete-jdbcrealm-resource">
+ <param name="db.jndiname" value="${oracle.db.jndiname}"/>
+ </antcall>
+ <antcall target="delete-jdbcrealm-connection-pool">
+ <param name="db.poolname" value="${oracle.db.poolname}"/>
+ </antcall>
+ </target>
+
+
+ <target name="create-jdbcrealm-resource" depends="init-common">
+ <exec executable="${ASADMIN}">
+ <arg line="create-jdbc-resource"/>
+ <arg line="${as.props} --target=${appserver.instance.name}"/>
+ <arg line="--connectionpoolid ${db.poolname}"/>
+ <arg line="${db.jndiname}"/>
+ </exec>
+ </target>
+
+ <target name="delete-jdbcrealm-resource" depends="init-common">
+ <exec executable="${ASADMIN}">
+ <arg line="delete-jdbc-resource"/>
+ <arg line="${as.props} --target=${appserver.instance.name}"/>
+ <arg line="${db.jndiname}"/>
+ </exec>
+ </target>
+
+ <target name="create-jdbcrealm-connection-pool" depends="init-common">
+ <exec executable="${ASADMIN}">
+ <arg line="create-jdbc-connection-pool"/>
+ <arg line="${as.props} --target=${appserver.instance.name}"/>
+ <arg line="--datasourceclassname ${db.datasource.classname}"/>
+ <arg line="--property"/>
+ <arg value="PortNumber=${db.port}:serverName=${db.host}:DatabaseName=${db.name}:${db.connection-attributes}"/>
+ <arg line="${db.poolname}"/>
+ </exec>
+ </target>
+
+ <target name="delete-jdbcrealm-connection-pool" depends="init-common">
+ <exec executable="${ASADMIN}">
+ <arg line="delete-jdbc-connection-pool"/>
+ <arg line="${as.props} --target=${appserver.instance.name}"/>
+ <arg line="${db.poolname}"/>
+ </exec>
+ </target>
+
+ <target name="create-auth-jdbcrealm" depends="init-common">
+
+ <antcall target="create-custom-auth-realm">
+ <param name="realmname" value="JDBCRealm_CLEAR"/>
+ <param name="realmclass" value="com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm"/>
+ <param name="realmproperties" value="datasource-jndi=${db.jndiname}:jaas-context=jdbcRealm:db-user=${db.user}:db-password=${db.pass}:user-name-column=USERNAME:password-column=PASSWORD:group-table=GROUP_TABLE:group-name-column=GROUPNAME:user-table=USER_TABLE:digest-algorithm=NONE"/>
+ </antcall>
+
+ <antcall target="create-custom-auth-realm">
+ <param name="realmname" value="JDBCRealm_CLEAR_BASE64"/>
+ <param name="realmclass" value="com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm"/>
+ <param name="realmproperties" value="datasource-jndi=${db.jndiname}:jaas-context=jdbcRealm:db-user=${db.user}:db-password=${db.pass}:user-name-column=USERNAME:password-column=PASSWORD:group-table=GROUP_TABLE:group-name-column=GROUPNAME:user-table=USER_TABLE_BASE64:digest-algorithm=NONE:encoding=BASE64"/>
+ </antcall>
+
+ <antcall target="create-custom-auth-realm">
+ <param name="realmname" value="JDBCRealm_CLEAR_HEX"/>
+ <param name="realmclass" value="com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm"/>
+ <param name="realmproperties" value="datasource-jndi=${db.jndiname}:jaas-context=jdbcRealm:db-user=${db.user}:db-password=${db.pass}:user-name-column=USERNAME:password-column=PASSWORD:group-table=GROUP_TABLE:group-name-column=GROUPNAME:user-table=USER_TABLE_HEX:digest-algorithm=NONE:encoding=HEX"/>
+ </antcall>
+
+
+
+
+ <antcall target="create-custom-auth-realm">
+ <param name="realmname" value="JDBCRealm_MD2_BASE64"/>
+ <param name="realmclass" value="com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm"/>
+ <param name="realmproperties" value="datasource-jndi=${db.jndiname}:jaas-context=jdbcRealm:db-user=${db.user}:db-password=${db.pass}:user-name-column=USERNAME:password-column=PASSWORD:group-table=GROUP_TABLE:group-name-column=GROUPNAME:user-table=USER_TABLE_MD2_BASE64:digest-algorithm=MD2:encoding=BASE64"/>
+ </antcall>
+
+ <antcall target="create-custom-auth-realm">
+ <param name="realmname" value="JDBCRealm_MD5_BASE64"/>
+ <param name="realmclass" value="com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm"/>
+ <param name="realmproperties" value="datasource-jndi=${db.jndiname}:jaas-context=jdbcRealm:db-user=${db.user}:db-password=${db.pass}:user-name-column=USERNAME:password-column=PASSWORD:group-table=GROUP_TABLE:group-name-column=GROUPNAME:user-table=USER_TABLE_MD5_BASE64:digest-algorithm=MD5:encoding=BASE64"/>
+ </antcall>
+
+ <antcall target="create-custom-auth-realm">
+ <param name="realmname" value="JDBCRealm_SHA_BASE64"/>
+ <param name="realmclass" value="com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm"/>
+ <param name="realmproperties" value="datasource-jndi=${db.jndiname}:jaas-context=jdbcRealm:db-user=${db.user}:db-password=${db.pass}:user-name-column=USERNAME:password-column=PASSWORD:group-table=GROUP_TABLE:group-name-column=GROUPNAME:user-table=USER_TABLE_SHA_BASE64:digest-algorithm=SHA:encoding=BASE64"/>
+ </antcall>
+
+ <antcall target="create-custom-auth-realm">
+ <param name="realmname" value="JDBCRealm_SHA256_BASE64"/>
+ <param name="realmclass" value="com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm"/>
+ <param name="realmproperties" value="datasource-jndi=${db.jndiname}:jaas-context=jdbcRealm:db-user=${db.user}:db-password=${db.pass}:user-name-column=USERNAME:password-column=PASSWORD:group-table=GROUP_TABLE:group-name-column=GROUPNAME:user-table=USER_TABLE_SHA256_BASE64:digest-algorithm=SHA-256:encoding=BASE64"/>
+ </antcall>
+
+ <antcall target="create-custom-auth-realm">
+ <param name="realmname" value="JDBCRealm_SHA384_BASE64"/>
+ <param name="realmclass" value="com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm"/>
+ <param name="realmproperties" value="datasource-jndi=${db.jndiname}:jaas-context=jdbcRealm:db-user=${db.user}:db-password=${db.pass}:user-name-column=USERNAME:password-column=PASSWORD:group-table=GROUP_TABLE:group-name-column=GROUPNAME:encoding=BASE64:user-table=USER_TABLE_SHA384_BASE64:digest-algorithm=SHA-384"/>
+ </antcall>
+
+ <antcall target="create-custom-auth-realm">
+ <param name="realmname" value="JDBCRealm_SHA512_BASE64"/>
+ <param name="realmclass" value="com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm"/>
+ <param name="realmproperties" value="datasource-jndi=${db.jndiname}:jaas-context=jdbcRealm:db-user=${db.user}:db-password=${db.pass}:user-name-column=USERNAME:password-column=PASSWORD:group-table=GROUP_TABLE:group-name-column=GROUPNAME:encoding=BASE64:user-table=USER_TABLE_SHA512_BASE64:digest-algorithm=SHA-512"/>
+ </antcall>
+
+
+
+
+ <antcall target="create-custom-auth-realm">
+ <param name="realmname" value="JDBCRealm_MD2_HEX"/>
+ <param name="realmclass" value="com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm"/>
+ <param name="realmproperties" value="datasource-jndi=${db.jndiname}:jaas-context=jdbcRealm:db-user=${db.user}:db-password=${db.pass}:user-name-column=USERNAME:password-column=PASSWORD:group-table=GROUP_TABLE:group-name-column=GROUPNAME:encoding=HEX:user-table=USER_TABLE_MD2_HEX:digest-algorithm=MD2"/>
+ </antcall>
+
+ <antcall target="create-custom-auth-realm">
+ <param name="realmname" value="JDBCRealm_MD5_HEX"/>
+ <param name="realmclass" value="com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm"/>
+ <param name="realmproperties" value="datasource-jndi=${db.jndiname}:jaas-context=jdbcRealm:db-user=${db.user}:db-password=${db.pass}:user-name-column=USERNAME:password-column=PASSWORD:group-table=GROUP_TABLE:group-name-column=GROUPNAME:encoding=HEX:user-table=USER_TABLE_MD5_HEX:digest-algorithm=MD5"/>
+ </antcall>
+
+ <antcall target="create-custom-auth-realm">
+ <param name="realmname" value="JDBCRealm_SHA_HEX"/>
+ <param name="realmclass" value="com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm"/>
+ <param name="realmproperties" value="datasource-jndi=${db.jndiname}:jaas-context=jdbcRealm:db-user=${db.user}:db-password=${db.pass}:user-name-column=USERNAME:password-column=PASSWORD:group-table=GROUP_TABLE:group-name-column=GROUPNAME:encoding=HEX:user-table=USER_TABLE_SHA_HEX:digest-algorithm=SHA"/>
+ </antcall>
+
+ <antcall target="create-custom-auth-realm">
+ <param name="realmname" value="JDBCRealm_SHA256_HEX"/>
+ <param name="realmclass" value="com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm"/>
+ <param name="realmproperties" value="datasource-jndi=${db.jndiname}:jaas-context=jdbcRealm:db-user=${db.user}:db-password=${db.pass}:user-name-column=USERNAME:password-column=PASSWORD:group-table=GROUP_TABLE:group-name-column=GROUPNAME:encoding=HEX:user-table=USER_TABLE_SHA256_HEX:digest-algorithm=SHA-256"/>
+ </antcall>
+
+ <antcall target="create-custom-auth-realm">
+ <param name="realmname" value="JDBCRealm_SHA384_HEX"/>
+ <param name="realmclass" value="com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm"/>
+ <param name="realmproperties" value="datasource-jndi=${db.jndiname}:jaas-context=jdbcRealm:db-user=${db.user}:db-password=${db.pass}:user-name-column=USERNAME:password-column=PASSWORD:group-table=GROUP_TABLE:group-name-column=GROUPNAME:encoding=HEX:user-table=USER_TABLE_SHA384_HEX:digest-algorithm=SHA-384"/>
+ </antcall>
+
+ <antcall target="create-custom-auth-realm">
+ <param name="realmname" value="JDBCRealm_SHA512_HEX"/>
+ <param name="realmclass" value="com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm"/>
+ <param name="realmproperties" value="datasource-jndi=${db.jndiname}:jaas-context=jdbcRealm:db-user=${db.user}:db-password=${db.pass}:user-name-column=USERNAME:password-column=PASSWORD:group-table=GROUP_TABLE:group-name-column=GROUPNAME:encoding=HEX:user-table=USER_TABLE_SHA512_HEX:digest-algorithm=SHA-512"/>
+ </antcall>
+
+ </target>
+
+ <target name="delete-auth-jdbcrealm" depends="init-common">
+
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-auth-realm" />
+ <param name="operand.props" value="JDBCRealm_CLEAR"/>
+ </antcall>
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-auth-realm" />
+ <param name="operand.props" value="JDBCRealm_CLEAR_BASE64"/>
+ </antcall>
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-auth-realm" />
+ <param name="operand.props" value="JDBCRealm_CLEAR_HEX"/>
+ </antcall>
+
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-auth-realm" />
+ <param name="operand.props" value="JDBCRealm_MD2_BASE64"/>
+ </antcall>
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-auth-realm" />
+ <param name="operand.props" value="JDBCRealm_MD5_BASE64"/>
+ </antcall>
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-auth-realm" />
+ <param name="operand.props" value="JDBCRealm_SHA_BASE64"/>
+ </antcall>
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-auth-realm" />
+ <param name="operand.props" value="JDBCRealm_SHA256_BASE64"/>
+ </antcall>
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-auth-realm" />
+ <param name="operand.props" value="JDBCRealm_SHA384_BASE64"/>
+ </antcall>
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-auth-realm" />
+ <param name="operand.props" value="JDBCRealm_SHA512_BASE64"/>
+ </antcall>
+
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-auth-realm" />
+ <param name="operand.props" value="JDBCRealm_MD2_HEX"/>
+ </antcall>
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-auth-realm" />
+ <param name="operand.props" value="JDBCRealm_MD5_HEX"/>
+ </antcall>
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-auth-realm" />
+ <param name="operand.props" value="JDBCRealm_SHA_HEX"/>
+ </antcall>
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-auth-realm" />
+ <param name="operand.props" value="JDBCRealm_SHA256_HEX"/>
+ </antcall>
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-auth-realm" />
+ <param name="operand.props" value="JDBCRealm_SHA384_HEX"/>
+ </antcall>
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-auth-realm" />
+ <param name="operand.props" value="JDBCRealm_SHA512_HEX"/>
+ </antcall>
+
+ </target>
+
+ <target name="create-custom-auth-realm" depends="init-common">
+ <echo message="Creating auth realm ${realmname} ..."/>
+ <exec executable="${ASADMIN}">
+ <arg line="create-auth-realm"/>
+ <arg line="${as.props} --target=${appserver.instance.name}"/>
+ <arg line="--classname ${realmclass}"/>
+ <arg line="--property"/>
+ <arg value="${realmproperties}"/>
+ <arg line="${realmname}"/>
+ </exec>
+ </target>
+
+ <target name="clean" depends="init-common">
+ <delete dir="${build.classes.dir}"/>
+ <delete dir="${assemble.dir}"/>
+ </target>
+
+ <target name="compile" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="client"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="web"/>
+ </antcall>
+ </target>
+
+ <target name="build" depends="compile">
+ <antcall target="custom-build">
+ <param name="jdbc.realm.name" value="JDBCRealm_CLEAR"/>
+ <param name="jdbc.realm.user" value="qwert"/>
+ <param name="appname" value="jdbc-realm-clear"/>
+ </antcall>
+ <antcall target="custom-build">
+ <param name="jdbc.realm.name" value="JDBCRealm_CLEAR_BASE64"/>
+ <param name="jdbc.realm.user" value="qwertBASE64"/>
+ <param name="appname" value="jdbc-realm-clear-base64"/>
+ </antcall>
+ <antcall target="custom-build">
+ <param name="jdbc.realm.name" value="JDBCRealm_CLEAR_HEX"/>
+ <param name="jdbc.realm.user" value="qwertHEX"/>
+ <param name="appname" value="jdbc-realm-clear-hex"/>
+ </antcall>
+
+ <antcall target="custom-build">
+ <param name="jdbc.realm.name" value="JDBCRealm_MD2_BASE64"/>
+ <param name="jdbc.realm.user" value="qwertMD2BASE64"/>
+ <param name="appname" value="jdbc-realm-md2-base64"/>
+ </antcall>
+ <antcall target="custom-build">
+ <param name="jdbc.realm.name" value="JDBCRealm_MD5_BASE64"/>
+ <param name="jdbc.realm.user" value="qwertMD5BASE64"/>
+ <param name="appname" value="jdbc-realm-md5-base64"/>
+ </antcall>
+ <antcall target="custom-build">
+ <param name="jdbc.realm.name" value="JDBCRealm_SHA_BASE64"/>
+ <param name="jdbc.realm.user" value="qwertSHABASE64"/>
+ <param name="appname" value="jdbc-realm-sha-base64"/>
+ </antcall>
+ <antcall target="custom-build">
+ <param name="jdbc.realm.name" value="JDBCRealm_SHA256_BASE64"/>
+ <param name="jdbc.realm.user" value="qwertSHA256BASE64"/>
+ <param name="appname" value="jdbc-realm-sha256-base64"/>
+ </antcall>
+ <antcall target="custom-build">
+ <param name="jdbc.realm.name" value="JDBCRealm_SHA384_BASE64"/>
+ <param name="jdbc.realm.user" value="qwertSHA384BASE64"/>
+ <param name="appname" value="jdbc-realm-sha384-base64"/>
+ </antcall>
+ <antcall target="custom-build">
+ <param name="jdbc.realm.name" value="JDBCRealm_SHA512_BASE64"/>
+ <param name="jdbc.realm.user" value="qwertSHA512BASE64"/>
+ <param name="appname" value="jdbc-realm-sha512-base64"/>
+ </antcall>
+
+
+ <antcall target="custom-build">
+ <param name="jdbc.realm.name" value="JDBCRealm_MD2_HEX"/>
+ <param name="jdbc.realm.user" value="qwertMD2HEX"/>
+ <param name="appname" value="jdbc-realm-md2-hex"/>
+ </antcall>
+ <antcall target="custom-build">
+ <param name="jdbc.realm.name" value="JDBCRealm_MD5_HEX"/>
+ <param name="jdbc.realm.user" value="qwertMD5HEX"/>
+ <param name="appname" value="jdbc-realm-md5-hex"/>
+ </antcall>
+ <antcall target="custom-build">
+ <param name="jdbc.realm.name" value="JDBCRealm_SHA_HEX"/>
+ <param name="jdbc.realm.user" value="qwertSHAHEX"/>
+ <param name="appname" value="jdbc-realm-sha-hex"/>
+ </antcall>
+ <antcall target="custom-build">
+ <param name="jdbc.realm.name" value="JDBCRealm_SHA256_HEX"/>
+ <param name="jdbc.realm.user" value="qwertSHA256HEX"/>
+ <param name="appname" value="jdbc-realm-sha256-hex"/>
+ </antcall>
+ <antcall target="custom-build">
+ <param name="jdbc.realm.name" value="JDBCRealm_SHA384_HEX"/>
+ <param name="jdbc.realm.user" value="qwertSHA384HEX"/>
+ <param name="appname" value="jdbc-realm-sha384-hex"/>
+ </antcall>
+ <antcall target="custom-build">
+ <param name="jdbc.realm.name" value="JDBCRealm_SHA512_HEX"/>
+ <param name="jdbc.realm.user" value="qwertSHA512HEX"/>
+ <param name="appname" value="jdbc-realm-sha512-hex"/>
+ </antcall>
+
+
+ </target>
+
+ <target name="deploy" depends="init-common">
+ <antcall target="deploy-war-common">
+ <param name="contextroot" value="jdbc-realm-clear"/>
+ <param name="appname" value="jdbc-realm-clear"/>
+ </antcall>
+ <antcall target="deploy-war-common">
+ <param name="contextroot" value="jdbc-realm-clear-base64"/>
+ <param name="appname" value="jdbc-realm-clear-base64"/>
+ </antcall>
+ <antcall target="deploy-war-common">
+ <param name="contextroot" value="jdbc-realm-clear-hex"/>
+ <param name="appname" value="jdbc-realm-clear-hex"/>
+ </antcall>
+
+ <antcall target="deploy-war-common">
+ <param name="contextroot" value="jdbc-realm-md2-base64"/>
+ <param name="appname" value="jdbc-realm-md2-base64"/>
+ </antcall>
+ <antcall target="deploy-war-common">
+ <param name="contextroot" value="jdbc-realm-md5-base64"/>
+ <param name="appname" value="jdbc-realm-md5-base64"/>
+ </antcall>
+ <antcall target="deploy-war-common">
+ <param name="contextroot" value="jdbc-realm-sha-base64"/>
+ <param name="appname" value="jdbc-realm-sha-base64"/>
+ </antcall>
+ <antcall target="deploy-war-common">
+ <param name="contextroot" value="jdbc-realm-sha256-base64"/>
+ <param name="appname" value="jdbc-realm-sha256-base64"/>
+ </antcall>
+ <antcall target="deploy-war-common">
+ <param name="contextroot" value="jdbc-realm-sha384-base64"/>
+ <param name="appname" value="jdbc-realm-sha384-base64"/>
+ </antcall>
+ <antcall target="deploy-war-common">
+ <param name="contextroot" value="jdbc-realm-sha512-base64"/>
+ <param name="appname" value="jdbc-realm-sha512-base64"/>
+ </antcall>
+
+ <antcall target="deploy-war-common">
+ <param name="contextroot" value="jdbc-realm-md2-hex"/>
+ <param name="appname" value="jdbc-realm-md2-hex"/>
+ </antcall>
+ <antcall target="deploy-war-common">
+ <param name="contextroot" value="jdbc-realm-md5-hex"/>
+ <param name="appname" value="jdbc-realm-md5-hex"/>
+ </antcall>
+ <antcall target="deploy-war-common">
+ <param name="contextroot" value="jdbc-realm-sha-hex"/>
+ <param name="appname" value="jdbc-realm-sha-hex"/>
+ </antcall>
+ <antcall target="deploy-war-common">
+ <param name="contextroot" value="jdbc-realm-sha256-hex"/>
+ <param name="appname" value="jdbc-realm-sha256-hex"/>
+ </antcall>
+ <antcall target="deploy-war-common">
+ <param name="contextroot" value="jdbc-realm-sha384-hex"/>
+ <param name="appname" value="jdbc-realm-sha384-hex"/>
+ </antcall>
+ <antcall target="deploy-war-common">
+ <param name="contextroot" value="jdbc-realm-sha512-hex"/>
+ <param name="appname" value="jdbc-realm-sha512-hex"/>
+ </antcall>
+
+ </target>
+
+ <target name="run" depends="init-common">
+ <antcall target="run-positive"/>
+ <antcall target="run-negative"/>
+ </target>
+
+ <target name="run-positive" depends="init-common">
+
+ <antcall target="custom-run">
+ <param name="jdbc.realm.pass" value="qwert"/>
+ <param name="jdbc.realm.user" value="qwert"/>
+ <param name="appname" value="jdbc-realm-clear"/>
+ </antcall>
+ <antcall target="custom-run">
+ <param name="jdbc.realm.pass" value="qwertBASE64"/>
+ <param name="jdbc.realm.user" value="qwertBASE64"/>
+ <param name="appname" value="jdbc-realm-clear-base64"/>
+ </antcall>
+ <antcall target="custom-run">
+ <param name="jdbc.realm.pass" value="qwertHEX"/>
+ <param name="jdbc.realm.user" value="qwertHEX"/>
+ <param name="appname" value="jdbc-realm-clear-hex"/>
+ </antcall>
+
+ <antcall target="custom-run">
+ <param name="jdbc.realm.pass" value="qwertMD2BASE64"/>
+ <param name="jdbc.realm.user" value="qwertMD2BASE64"/>
+ <param name="appname" value="jdbc-realm-md2-base64"/>
+ </antcall>
+ <antcall target="custom-run">
+ <param name="jdbc.realm.pass" value="qwertMD5BASE64"/>
+ <param name="jdbc.realm.user" value="qwertMD5BASE64"/>
+ <param name="appname" value="jdbc-realm-md5-base64"/>
+ </antcall>
+ <antcall target="custom-run">
+ <param name="jdbc.realm.pass" value="qwertSHABASE64"/>
+ <param name="jdbc.realm.user" value="qwertSHABASE64"/>
+ <param name="appname" value="jdbc-realm-sha-base64"/>
+ </antcall>
+ <antcall target="custom-run">
+ <param name="jdbc.realm.pass" value="qwertSHA256BASE64"/>
+ <param name="jdbc.realm.user" value="qwertSHA256BASE64"/>
+ <param name="appname" value="jdbc-realm-sha256-base64"/>
+ </antcall>
+ <antcall target="custom-run">
+ <param name="jdbc.realm.pass" value="qwertSHA384BASE64"/>
+ <param name="jdbc.realm.user" value="qwertSHA384BASE64"/>
+ <param name="appname" value="jdbc-realm-sha384-base64"/>
+ </antcall>
+ <antcall target="custom-run">
+ <param name="jdbc.realm.pass" value="qwertSHA512BASE64"/>
+ <param name="jdbc.realm.user" value="qwertSHA512BASE64"/>
+ <param name="appname" value="jdbc-realm-sha512-base64"/>
+ </antcall>
+
+ <antcall target="custom-run">
+ <param name="jdbc.realm.pass" value="qwertMD2HEX"/>
+ <param name="jdbc.realm.user" value="qwertMD2HEX"/>
+ <param name="appname" value="jdbc-realm-md2-hex"/>
+ </antcall>
+ <antcall target="custom-run">
+ <param name="jdbc.realm.pass" value="qwertMD5HEX"/>
+ <param name="jdbc.realm.user" value="qwertMD5HEX"/>
+ <param name="appname" value="jdbc-realm-md5-hex"/>
+ </antcall>
+ <antcall target="custom-run">
+ <param name="jdbc.realm.pass" value="qwertSHAHEX"/>
+ <param name="jdbc.realm.user" value="qwertSHAHEX"/>
+ <param name="appname" value="jdbc-realm-sha-hex"/>
+ </antcall>
+ <antcall target="custom-run">
+ <param name="jdbc.realm.pass" value="qwertSHA256HEX"/>
+ <param name="jdbc.realm.user" value="qwertSHA256HEX"/>
+ <param name="appname" value="jdbc-realm-sha256-hex"/>
+ </antcall>
+ <antcall target="custom-run">
+ <param name="jdbc.realm.pass" value="qwertSHA384HEX"/>
+ <param name="jdbc.realm.user" value="qwertSHA384HEX"/>
+ <param name="appname" value="jdbc-realm-sha384-hex"/>
+ </antcall>
+ <antcall target="custom-run">
+ <param name="jdbc.realm.pass" value="qwertSHA512HEX"/>
+ <param name="jdbc.realm.user" value="qwertSHA512HEX"/>
+ <param name="appname" value="jdbc-realm-sha512-hex"/>
+ </antcall>
+
+ </target>
+
+ <target name="run-negative" depends="init-common">
+
+ <antcall target="custom-neg-run">
+ <param name="jdbc.realm.pass" value="qwert"/>
+ <param name="jdbc.realm.user" value="qwerta"/>
+ <param name="appname" value="jdbc-realm-clear"/>
+ </antcall>
+ <antcall target="custom-neg-run">
+ <param name="jdbc.realm.pass" value="qwertBASE64"/>
+ <param name="jdbc.realm.user" value="qwertBASE64a"/>
+ <param name="appname" value="jdbc-realm-clear-base64"/>
+ </antcall>
+ <antcall target="custom-neg-run">
+ <param name="jdbc.realm.pass" value="qwertHEX"/>
+ <param name="jdbc.realm.user" value="qwertHEXa"/>
+ <param name="appname" value="jdbc-realm-clear-hex"/>
+ </antcall>
+
+ <antcall target="custom-neg-run">
+ <param name="jdbc.realm.pass" value="qwertMD2BASE64"/>
+ <param name="jdbc.realm.user" value="qwertMD2BASE64a"/>
+ <param name="appname" value="jdbc-realm-md2-base64"/>
+ </antcall>
+ <antcall target="custom-neg-run">
+ <param name="jdbc.realm.pass" value="qwertMD5BASE64"/>
+ <param name="jdbc.realm.user" value="qwertMD5BASE64a"/>
+ <param name="appname" value="jdbc-realm-md5-base64"/>
+ </antcall>
+ <antcall target="custom-neg-run">
+ <param name="jdbc.realm.pass" value="qwertSHABASE64"/>
+ <param name="jdbc.realm.user" value="qwertSHABASE64a"/>
+ <param name="appname" value="jdbc-realm-sha-base64"/>
+ </antcall>
+ <antcall target="custom-neg-run">
+ <param name="jdbc.realm.pass" value="qwertSHA256BASE64"/>
+ <param name="jdbc.realm.user" value="qwertSHA256BASE64a"/>
+ <param name="appname" value="jdbc-realm-sha256-base64"/>
+ </antcall>
+ <antcall target="custom-neg-run">
+ <param name="jdbc.realm.pass" value="qwertSHA384BASE64"/>
+ <param name="jdbc.realm.user" value="qwertSHA384BASE64a"/>
+ <param name="appname" value="jdbc-realm-sha384-base64"/>
+ </antcall>
+ <antcall target="custom-neg-run">
+ <param name="jdbc.realm.pass" value="qwertSHA512BASE64"/>
+ <param name="jdbc.realm.user" value="qwertSHA512BASE64a"/>
+ <param name="appname" value="jdbc-realm-sha512-base64"/>
+ </antcall>
+
+ <antcall target="custom-neg-run">
+ <param name="jdbc.realm.pass" value="qwertMD2HEX"/>
+ <param name="jdbc.realm.user" value="qwertMD2HEXa"/>
+ <param name="appname" value="jdbc-realm-md2-hex"/>
+ </antcall>
+ <antcall target="custom-neg-run">
+ <param name="jdbc.realm.pass" value="qwertMD5HEX"/>
+ <param name="jdbc.realm.user" value="qwertMD5HEXa"/>
+ <param name="appname" value="jdbc-realm-md5-hex"/>
+ </antcall>
+ <antcall target="custom-neg-run">
+ <param name="jdbc.realm.pass" value="qwertSHAHEX"/>
+ <param name="jdbc.realm.user" value="qwertSHAHEXa"/>
+ <param name="appname" value="jdbc-realm-sha-hex"/>
+ </antcall>
+ <antcall target="custom-neg-run">
+ <param name="jdbc.realm.pass" value="qwertSHA256HEX"/>
+ <param name="jdbc.realm.user" value="qwertSHA256HEXa"/>
+ <param name="appname" value="jdbc-realm-sha256-hex"/>
+ </antcall>
+ <antcall target="custom-neg-run">
+ <param name="jdbc.realm.pass" value="qwertSHA384HEX"/>
+ <param name="jdbc.realm.user" value="qwertSHA384HEXa"/>
+ <param name="appname" value="jdbc-realm-sha384-hex"/>
+ </antcall>
+ <antcall target="custom-neg-run">
+ <param name="jdbc.realm.pass" value="qwertSHA512HEX"/>
+ <param name="jdbc.realm.user" value="qwertSHA512HEXa"/>
+ <param name="appname" value="jdbc-realm-sha512-hex"/>
+ </antcall>
+
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-war-common">
+ <param name="appname" value="jdbc-realm-clear"/>
+ </antcall>
+ <antcall target="undeploy-war-common">
+ <param name="appname" value="jdbc-realm-clear-base64"/>
+ </antcall>
+ <antcall target="undeploy-war-common">
+ <param name="appname" value="jdbc-realm-clear-hex"/>
+ </antcall>
+
+ <antcall target="undeploy-war-common">
+ <param name="appname" value="jdbc-realm-md2-base64"/>
+ </antcall>
+ <antcall target="undeploy-war-common">
+ <param name="appname" value="jdbc-realm-md5-base64"/>
+ </antcall>
+ <antcall target="undeploy-war-common">
+ <param name="appname" value="jdbc-realm-sha-base64"/>
+ </antcall>
+ <antcall target="undeploy-war-common">
+ <param name="appname" value="jdbc-realm-sha256-base64"/>
+ </antcall>
+ <antcall target="undeploy-war-common">
+ <param name="appname" value="jdbc-realm-sha384-base64"/>
+ </antcall>
+ <antcall target="undeploy-war-common">
+ <param name="appname" value="jdbc-realm-sha512-base64"/>
+ </antcall>
+
+ <antcall target="undeploy-war-common">
+ <param name="appname" value="jdbc-realm-md2-hex"/>
+ </antcall>
+ <antcall target="undeploy-war-common">
+ <param name="appname" value="jdbc-realm-md5-hex"/>
+ </antcall>
+ <antcall target="undeploy-war-common">
+ <param name="appname" value="jdbc-realm-sha-hex"/>
+ </antcall>
+ <antcall target="undeploy-war-common">
+ <param name="appname" value="jdbc-realm-sha256-hex"/>
+ </antcall>
+ <antcall target="undeploy-war-common">
+ <param name="appname" value="jdbc-realm-sha384-hex"/>
+ </antcall>
+ <antcall target="undeploy-war-common">
+ <param name="appname" value="jdbc-realm-sha512-hex"/>
+ </antcall>
+
+ </target>
+
+ <target name="restart">
+ <antcall target="restart-server-instance-common"/>
+ </target>
+
+ <!-- variables needed by custom-build
+ 1. jdbc.realm.name
+ 2. jdbc.realm.user
+ 3. appname
+ -->
+ <target name="custom-build">
+ <echo message="web.xml is defined as ${web.xml}"/>
+
+ <copy file="web.xml.template" tofile="${web.xml}" overwrite="true" failonerror="false"/>
+ <replace file="${web.xml}" token="REALM_NAME_HERE" value="${jdbc.realm.name}"/>
+ <copy file="sun-web.xml.template" tofile="${sun-web.xml}" overwrite="true" failonerror="false"/>
+ <replace file="${sun-web.xml}" token="USER_ID_HERE" value="${jdbc.realm.user}"/>
+
+ <antcall target="webclient-war-common">
+ <param name="hasWebclient" value="true"/>
+ <param name="appname" value="${appname}"/>
+ </antcall>
+
+ <delete file="${web.xml}"/>
+ <delete file="${sun-web.xml}"/>
+
+ </target>
+
+ <!-- variables needed by custom-build
+ 1. jdbc.realm.pass
+ 2. jdbc.realm.user
+ 3. appname
+ -->
+ <target name="custom-neg-run" depends="init-common">
+
+ <echo message="Testing (NEGATIVE TEST) against URL http://${http.host}:${http.port}/${appname}/TestServlet using username/password ${jdbc.realm.user}/${jdbc.realm.pass}"/>
+
+ <java classname="HttpBasicAuthTest" fork="true">
+ <classpath>
+ <pathelement path="${build.classes.dir}:${s1astest.classpath}"/>
+ </classpath>
+ <arg value="-url"/>
+ <arg value="http://${http.host}:${http.port}/${appname}/TestServlet"/>
+ <arg value="-user"/>
+ <arg value="${jdbc.realm.user}"/>
+ <arg value="-pass"/>
+ <arg value="${jdbc.realm.pass}"/>
+ <arg value="-tc"/>
+ <arg value="10"/>
+ <arg value="-lc"/>
+ <arg value="10"/>
+ <arg value="-negative"/>
+ </java>
+ </target>
+
+
+ <target name="custom-run" depends="init-common">
+
+ <echo message="Testing against URL http://${http.host}:${http.port}/${appname}/TestServlet using username/password ${jdbc.realm.user}/${jdbc.realm.pass}"/>
+
+ <java classname="HttpBasicAuthTest" fork="true">
+ <classpath>
+ <pathelement path="${build.classes.dir}:${s1astest.classpath}"/>
+ </classpath>
+ <arg value="-url"/>
+ <arg value="http://${http.host}:${http.port}/${appname}/TestServlet"/>
+ <arg value="-user"/>
+ <arg value="${jdbc.realm.user}"/>
+ <arg value="-pass"/>
+ <arg value="${jdbc.realm.pass}"/>
+ <arg value="-tc"/>
+ <arg value="10"/>
+ <arg value="-lc"/>
+ <arg value="10"/>
+ </java>
+ </target>
+
+
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/jdbcrealm/client/HttpBasicAuthTest.java b/appserver/tests/appserv-tests/devtests/security/jdbcrealm/client/HttpBasicAuthTest.java
new file mode 100644
index 0000000..770ef79
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jdbcrealm/client/HttpBasicAuthTest.java
@@ -0,0 +1,228 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+import java.io.*;
+import java.net.*;
+import sun.misc.*;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+public class HttpBasicAuthTest implements Runnable {
+
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+
+ private boolean result = true;
+
+ private int suxesCount = 0;
+ private int failureCount = 0;
+ private int totalCount = 0;
+
+ private long minTime = Long.MAX_VALUE;
+ private long maxTime = 0;
+ private long avgTime = 0;
+ private double stdDev = 0;
+ private long totalTime = 0;
+ private long indiTimes[];
+ private int indiIndex = 0;
+
+ private String url;
+ private String username;
+ private String password;
+ private int threadCount;
+ private int loopCount;
+ private boolean positiveTest = true;
+
+ public HttpBasicAuthTest(String url, String username, String password,
+ int threadCount, int loopCount, boolean positiveTest) {
+
+ this.url = url;
+ this.username = username;
+ this.password = password;
+ this.threadCount = threadCount;
+ this.loopCount = loopCount;
+ this.positiveTest = positiveTest;
+ }
+
+ public void doTest() {
+
+ indiTimes = new long[threadCount*loopCount];
+ for(int i=0; i<indiTimes.length; i++) {
+ indiTimes[i] = 0;
+ }
+
+ Thread tarray[] = new Thread[threadCount];
+
+ for(int i=0; i<threadCount; i++)
+ tarray[i] = new Thread(this, "Http-request-thread-" + i);
+
+ for(int i=0; i<threadCount; i++)
+ tarray[i].start();
+
+ for(int i=0; i<threadCount; i++) {
+ try {
+ tarray[i].join();
+ } catch(Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ if( suxesCount != 0 )
+ avgTime = totalTime/suxesCount;
+
+ for(int i=0; i<indiIndex; i++) {
+ stdDev += (indiTimes[i]-avgTime)*(indiTimes[i]-avgTime);
+ }
+ if( indiIndex>1)
+ stdDev = stdDev/(indiIndex-1);
+
+ stdDev = Math.pow(stdDev, 0.5);
+
+ System.out.println("Total requests: " + (suxesCount+failureCount) +
+ ", success count: " + suxesCount +
+ ", failure count: " + failureCount);
+ System.out.println("Min/Max/Avg/StdDev: (milliseconds) " +
+ minTime + "/" +
+ maxTime + "/" + avgTime + "/" + stdDev);
+
+ stat.addDescription("JDBCRealm test for URL " + url);
+ String testId = "JDBCRealm test for URL " + url;
+ if( positiveTest) {
+ if( result ) {
+ stat.addStatus(testId, stat.PASS);
+ } else {
+ stat.addStatus(testId, stat.FAIL);
+ }
+ } else { // negative test
+ if( result ) {
+ stat.addStatus(testId, stat.FAIL);
+ } else {
+ stat.addStatus(testId, stat.PASS);
+ }
+ }
+ stat.printSummary(testId);
+ }
+
+ public void run() {
+ long st,et;
+
+ for(int i=0; i<loopCount; i++) {
+
+ try {
+ st = System.currentTimeMillis();
+ run0();
+ et = System.currentTimeMillis();
+ synchronized(this) {
+ suxesCount++;
+ long tt = et-st;
+
+ totalTime += tt;
+ indiTimes[indiIndex++] = tt;
+
+ if( tt > maxTime )
+ maxTime = tt;
+ if( tt < minTime )
+ minTime = tt;
+
+ }
+ } catch(Exception e) {
+ e.printStackTrace();
+ synchronized(this) {
+ failureCount++;
+ }
+
+ // test failed(well failed if its a postive test, this
+ // is expected if its a negative test)
+
+ result = false;
+ continue;
+ }
+
+ }
+ }
+
+ protected void run0() throws Exception {
+
+ System.out.println(Thread.currentThread().getName() +
+ " - running ...");
+ URL u = new URL(url);
+ URLConnection uconn = u.openConnection();
+
+ String up = username + ":" + password;
+ BASE64Encoder be = new BASE64Encoder();
+ up = new String(be.encode(up.getBytes()));
+
+ uconn.setRequestProperty("authorization", "Basic " + up);
+
+ BufferedReader reader = new BufferedReader(new InputStreamReader(
+ uconn.getInputStream()));
+ String lineread;
+ while((lineread=reader.readLine()) != null ) {
+ //System.out.println(Thread.currentThread() + " -- " + lineread);
+ }
+ }
+
+ public static final String URL_OPTION = "-url";
+ public static final String USER_OPTION = "-user";
+ public static final String PASS_OPTION = "-pass";
+ public static final String THREADS_OPTION = "-tc";
+ public static final String LOOP_OPTION = "-lc";
+ public static final String NEGATIVE_TEST_OPTION = "-negative";
+
+ public static void usage() {
+ System.out.println("usage: java HttpBasicAuthTest -url <url> -user <user> -pass <pass> -tc <thread-count> -lc <loop-count>");
+ }
+
+ public static void main(String[] args) {
+
+ String url = null;
+ String user = null;
+ String pass = null;
+ int tc=-1;
+ int lc=-1;
+ boolean positiveTest = true;
+
+ for(int i=0; i<args.length; i++) {
+ if( args[i].intern() == URL_OPTION.intern() ) {
+ url = args[++i];
+ } else if( args[i].intern() == USER_OPTION.intern() ) {
+ user = args[++i];
+ } else if( args[i].intern() == PASS_OPTION.intern() ) {
+ pass = args[++i];
+ } else if( args[i].intern() == THREADS_OPTION.intern() ) {
+ tc = Integer.parseInt(args[++i]);
+ } else if( args[i].intern() == LOOP_OPTION.intern() ) {
+ lc = Integer.parseInt(args[++i]);
+ } else if( args[i].intern() == NEGATIVE_TEST_OPTION.intern() ) {
+ positiveTest = false;
+ } else {
+ usage();
+ System.exit(1);
+ }
+ }
+
+ if( url == null || user == null || pass == null ||
+ tc==-1 || lc==-1 ) {
+ usage();
+ System.exit(1);
+ }
+
+ HttpBasicAuthTest test =
+ new HttpBasicAuthTest(url, user, pass, tc, lc, positiveTest);
+ test.doTest();
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jdbcrealm/config.properties b/appserver/tests/appserv-tests/devtests/security/jdbcrealm/config.properties
new file mode 100644
index 0000000..6f4cadc
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jdbcrealm/config.properties
@@ -0,0 +1,49 @@
+#
+# Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Eclipse Public License v. 2.0, which is available at
+# http://www.eclipse.org/legal/epl-2.0.
+#
+# This Source Code may also be made available under the following Secondary
+# Licenses when the conditions for such availability set forth in the
+# Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+# version 2 with the GNU Classpath Exception, which is available at
+# https://www.gnu.org/software/classpath/license.html.
+#
+# SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+#
+
+
+#db.name=your-unique-db-name-here
+derby.db.name=fancyDbName
+
+derby.db.poolname=MyWhirlPool
+derby.db.jndiname=jdbc/MyWhirlPool
+
+derby.db.port=1527
+derby.db.host=localhost
+
+derby.db.user=dbuser
+derby.db.pass=dbpass
+
+derby.db.driver=org.apache.derby.jdbc.ClientDriver
+derby.db.datasource.classname=org.apache.derby.jdbc.ClientDataSource
+derby.db.url=jdbc:derby://${derby.db.host}:${derby.db.port}/${derby.db.name};create=true;
+
+
+oracle.db.poolname=NatrajPool
+oracle.db.jndiname=jdbc/NatrajPool
+
+oracle.db.port=1521
+oracle.db.host=localhost
+oracle.db.SID=dbsmpl1
+oracle.db.name=dbsmpl1
+
+oracle.db.user=ashishs
+oracle.db.pass=ashishs
+oracle.db.alias-pass=${ALIAS\\=xyz}
+
+oracle.db.driver=oracle.jdbc.OracleDriver
+oracle.db.datasource.classname=oracle.jdbc.pool.OracleDataSource
+oracle.db.url=jdbc:oracle:thin:@${oracle.db.host}:${oracle.db.port}:${oracle.db.SID}
diff --git a/appserver/tests/appserv-tests/devtests/security/jdbcrealm/create-auth-schema-oracle.sql b/appserver/tests/appserv-tests/devtests/security/jdbcrealm/create-auth-schema-oracle.sql
new file mode 100644
index 0000000..2c3a42d
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jdbcrealm/create-auth-schema-oracle.sql
@@ -0,0 +1,84 @@
+CREATE TABLE USER_TABLE (
+ USERNAME VARCHAR (255) PRIMARY KEY NOT NULL,
+ PASSWORD VARCHAR (255)
+);
+
+CREATE TABLE USER_TABLE_BASE64 (
+ USERNAME VARCHAR (255) PRIMARY KEY NOT NULL,
+ PASSWORD VARCHAR (255)
+);
+
+CREATE TABLE USER_TABLE_HEX (
+ USERNAME VARCHAR (255) PRIMARY KEY NOT NULL,
+ PASSWORD VARCHAR (255)
+);
+
+
+
+CREATE TABLE USER_TABLE_MD2_BASE64 (
+ USERNAME VARCHAR (255) PRIMARY KEY NOT NULL,
+ PASSWORD VARCHAR (255)
+);
+
+CREATE TABLE USER_TABLE_MD5_BASE64 (
+ USERNAME VARCHAR (255) PRIMARY KEY NOT NULL,
+ PASSWORD VARCHAR (255)
+);
+
+CREATE TABLE USER_TABLE_SHA_BASE64 (
+ USERNAME VARCHAR (255) PRIMARY KEY NOT NULL,
+ PASSWORD VARCHAR (255)
+);
+
+CREATE TABLE USER_TABLE_SHA256_BASE64 (
+ USERNAME VARCHAR (255) PRIMARY KEY NOT NULL,
+ PASSWORD VARCHAR (255)
+);
+
+CREATE TABLE USER_TABLE_SHA384_BASE64 (
+ USERNAME VARCHAR (255) PRIMARY KEY NOT NULL,
+ PASSWORD VARCHAR (255)
+);
+CREATE TABLE USER_TABLE_SHA512_BASE64 (
+ USERNAME VARCHAR (255) PRIMARY KEY NOT NULL,
+ PASSWORD VARCHAR (255)
+);
+
+
+
+CREATE TABLE USER_TABLE_MD2_HEX (
+ USERNAME VARCHAR (255) PRIMARY KEY NOT NULL,
+ PASSWORD VARCHAR (255)
+);
+
+CREATE TABLE USER_TABLE_MD5_HEX (
+ USERNAME VARCHAR (255) PRIMARY KEY NOT NULL,
+ PASSWORD VARCHAR (255)
+);
+
+CREATE TABLE USER_TABLE_SHA_HEX (
+ USERNAME VARCHAR (255) PRIMARY KEY NOT NULL,
+ PASSWORD VARCHAR (255)
+);
+
+CREATE TABLE USER_TABLE_SHA256_HEX (
+ USERNAME VARCHAR (255) PRIMARY KEY NOT NULL,
+ PASSWORD VARCHAR (255)
+);
+
+CREATE TABLE USER_TABLE_SHA384_HEX (
+ USERNAME VARCHAR (255) PRIMARY KEY NOT NULL,
+ PASSWORD VARCHAR (255)
+);
+
+CREATE TABLE USER_TABLE_SHA512_HEX (
+ USERNAME VARCHAR (255) PRIMARY KEY NOT NULL,
+ PASSWORD VARCHAR (255)
+);
+
+
+
+CREATE TABLE GROUP_TABLE (
+ USERNAME VARCHAR (255) NOT NULL,
+ GROUPNAME VARCHAR (255)
+);
diff --git a/appserver/tests/appserv-tests/devtests/security/jdbcrealm/create-auth-schema.sql b/appserver/tests/appserv-tests/devtests/security/jdbcrealm/create-auth-schema.sql
new file mode 100644
index 0000000..2c3a42d
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jdbcrealm/create-auth-schema.sql
@@ -0,0 +1,84 @@
+CREATE TABLE USER_TABLE (
+ USERNAME VARCHAR (255) PRIMARY KEY NOT NULL,
+ PASSWORD VARCHAR (255)
+);
+
+CREATE TABLE USER_TABLE_BASE64 (
+ USERNAME VARCHAR (255) PRIMARY KEY NOT NULL,
+ PASSWORD VARCHAR (255)
+);
+
+CREATE TABLE USER_TABLE_HEX (
+ USERNAME VARCHAR (255) PRIMARY KEY NOT NULL,
+ PASSWORD VARCHAR (255)
+);
+
+
+
+CREATE TABLE USER_TABLE_MD2_BASE64 (
+ USERNAME VARCHAR (255) PRIMARY KEY NOT NULL,
+ PASSWORD VARCHAR (255)
+);
+
+CREATE TABLE USER_TABLE_MD5_BASE64 (
+ USERNAME VARCHAR (255) PRIMARY KEY NOT NULL,
+ PASSWORD VARCHAR (255)
+);
+
+CREATE TABLE USER_TABLE_SHA_BASE64 (
+ USERNAME VARCHAR (255) PRIMARY KEY NOT NULL,
+ PASSWORD VARCHAR (255)
+);
+
+CREATE TABLE USER_TABLE_SHA256_BASE64 (
+ USERNAME VARCHAR (255) PRIMARY KEY NOT NULL,
+ PASSWORD VARCHAR (255)
+);
+
+CREATE TABLE USER_TABLE_SHA384_BASE64 (
+ USERNAME VARCHAR (255) PRIMARY KEY NOT NULL,
+ PASSWORD VARCHAR (255)
+);
+CREATE TABLE USER_TABLE_SHA512_BASE64 (
+ USERNAME VARCHAR (255) PRIMARY KEY NOT NULL,
+ PASSWORD VARCHAR (255)
+);
+
+
+
+CREATE TABLE USER_TABLE_MD2_HEX (
+ USERNAME VARCHAR (255) PRIMARY KEY NOT NULL,
+ PASSWORD VARCHAR (255)
+);
+
+CREATE TABLE USER_TABLE_MD5_HEX (
+ USERNAME VARCHAR (255) PRIMARY KEY NOT NULL,
+ PASSWORD VARCHAR (255)
+);
+
+CREATE TABLE USER_TABLE_SHA_HEX (
+ USERNAME VARCHAR (255) PRIMARY KEY NOT NULL,
+ PASSWORD VARCHAR (255)
+);
+
+CREATE TABLE USER_TABLE_SHA256_HEX (
+ USERNAME VARCHAR (255) PRIMARY KEY NOT NULL,
+ PASSWORD VARCHAR (255)
+);
+
+CREATE TABLE USER_TABLE_SHA384_HEX (
+ USERNAME VARCHAR (255) PRIMARY KEY NOT NULL,
+ PASSWORD VARCHAR (255)
+);
+
+CREATE TABLE USER_TABLE_SHA512_HEX (
+ USERNAME VARCHAR (255) PRIMARY KEY NOT NULL,
+ PASSWORD VARCHAR (255)
+);
+
+
+
+CREATE TABLE GROUP_TABLE (
+ USERNAME VARCHAR (255) NOT NULL,
+ GROUPNAME VARCHAR (255)
+);
diff --git a/appserver/tests/appserv-tests/devtests/security/jdbcrealm/delete-auth-schema.sql b/appserver/tests/appserv-tests/devtests/security/jdbcrealm/delete-auth-schema.sql
new file mode 100644
index 0000000..1c6e89a
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jdbcrealm/delete-auth-schema.sql
@@ -0,0 +1,19 @@
+DROP TABLE USER_TABLE;
+DROP TABLE USER_TABLE_BASE64;
+DROP TABLE USER_TABLE_HEX;
+
+DROP TABLE USER_TABLE_MD2_BASE64;
+DROP TABLE USER_TABLE_MD5_BASE64;
+DROP TABLE USER_TABLE_SHA_BASE64;
+DROP TABLE USER_TABLE_SHA256_BASE64;
+DROP TABLE USER_TABLE_SHA384_BASE64;
+DROP TABLE USER_TABLE_SHA512_BASE64;
+
+DROP TABLE USER_TABLE_MD2_HEX;
+DROP TABLE USER_TABLE_MD5_HEX;
+DROP TABLE USER_TABLE_SHA_HEX;
+DROP TABLE USER_TABLE_SHA256_HEX;
+DROP TABLE USER_TABLE_SHA384_HEX;
+DROP TABLE USER_TABLE_SHA512_HEX;
+
+DROP TABLE GROUP_TABLE;
diff --git a/appserver/tests/appserv-tests/devtests/security/jdbcrealm/sun-web.xml.template b/appserver/tests/appserv-tests/devtests/security/jdbcrealm/sun-web.xml.template
new file mode 100644
index 0000000..4de3cd5
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jdbcrealm/sun-web.xml.template
@@ -0,0 +1,7 @@
+<!-- sun-web-app -->
+<sun-web-app>
+ <security-role-mapping>
+ <role-name>staff</role-name>
+ <principal-name>USER_ID_HERE</principal-name>
+ </security-role-mapping>
+</sun-web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/jdbcrealm/util/PopulateDB.java b/appserver/tests/appserv-tests/devtests/security/jdbcrealm/util/PopulateDB.java
new file mode 100644
index 0000000..f9b8098
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jdbcrealm/util/PopulateDB.java
@@ -0,0 +1,355 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.devtests.security.jdbcrealm;
+
+import java.sql.*;
+import java.security.*;
+
+import sun.misc.BASE64Encoder;
+
+public class PopulateDB {
+
+ // username/passwords
+ private static final String[][] users= { {"xyz", "xyz"},
+ {"abc", "abc"},
+ {"qwert", "qwert"},
+ {"testy", "testy"} };
+
+ private static final String[][] users_BASE64=
+ { {"qwertBASE64", "qwertBASE64"} };
+ private static final String[][] users_HEX=
+ { {"qwertHEX", "qwertHEX"} };
+
+ private static final String[][] users_MD2_BASE64=
+ { {"qwertMD2BASE64", "qwertMD2BASE64"} };
+ private static final String[][] users_MD5_BASE64=
+ { {"qwertMD5BASE64", "qwertMD5BASE64"} };
+ private static final String[][] users_SHA_BASE64=
+ { {"qwertSHABASE64", "qwertSHABASE64"} };
+ private static final String[][] users_SHA256_BASE64=
+ { {"qwertSHA256BASE64", "qwertSHA256BASE64"} };
+ private static final String[][] users_SHA384_BASE64=
+ { {"qwertSHA384BASE64", "qwertSHA384BASE64"} };
+ private static final String[][] users_SHA512_BASE64=
+ { {"qwertSHA512BASE64", "qwertSHA512BASE64"} };
+
+ private static final String[][] users_MD2_HEX=
+ { {"qwertMD2HEX", "qwertMD2HEX"} };
+ private static final String[][] users_MD5_HEX=
+ { {"qwertMD5HEX", "qwertMD5HEX"} };
+ private static final String[][] users_SHA_HEX=
+ { {"qwertSHAHEX", "qwertSHAHEX"} };
+ private static final String[][] users_SHA256_HEX=
+ { {"qwertSHA256HEX", "qwertSHA256HEX"} };
+ private static final String[][] users_SHA384_HEX=
+ { {"qwertSHA384HEX", "qwertSHA384HEX"} };
+ private static final String[][] users_SHA512_HEX=
+ { {"qwertSHA512HEX", "qwertSHA512HEX"} };
+
+ // username/groupname
+ private static final String[][] groups= { {"xyz", "staff"},
+ {"xyz", "employee"},
+ {"abc", "staff"},
+ {"abc", "employee"},
+ {"qwert", "staff"},
+ {"qwertBASE64", "staff"},
+ {"qwertHEX", "staff"},
+
+// {"qwertMD2BASE64", "staff"},
+// {"qwertMD5BASE64", "staff"},
+// {"qwertSHABASE64", "staff"},
+// {"qwertSHA256BASE64", "staff"},
+// {"qwertSHA384BASE64", "staff"},
+// {"qwertSHA512BASE64", "staff"},
+
+// {"qwertMD2HEX", "staff"},
+// {"qwertMD5HEX", "staff"},
+// {"qwertSHAHEX", "staff"},
+// {"qwertSHA256HEX", "staff"},
+// {"qwertSHA384HEX", "staff"},
+// {"qwertSHA512HEX", "staff"},
+
+ {"testy", "staff"} };
+
+ private static final String URL_OPTION = "-url";
+ private static final String VERBOSE_OPTION = "-verbose";
+ private static final String DB_DRIVER_OPTION = "-dbDriver";
+ private static final String USERNAME_OPTION = "-username";
+ private static final String PASSWORD_OPTION = "-password";
+
+ private static boolean verbose = false;
+
+ private static String INSERT_USER_STMT_CLEAR =
+ "insert into USER_TABLE values (?, ?)";
+ private static String INSERT_USER_STMT_BASE64 =
+ "insert into USER_TABLE_BASE64 values (?, ?)";
+ private static String INSERT_USER_STMT_HEX =
+ "insert into USER_TABLE_HEX values (?, ?)";
+
+ private static String INSERT_USER_STMT_MD2_BASE64 =
+ "insert into USER_TABLE_MD2_BASE64 values (?, ?)";
+ private static String INSERT_USER_STMT_MD5_BASE64 =
+ "insert into USER_TABLE_MD5_BASE64 values (?, ?)";
+ private static String INSERT_USER_STMT_SHA_BASE64 =
+ "insert into USER_TABLE_SHA_BASE64 values (?, ?)";
+ private static String INSERT_USER_STMT_SHA256_BASE64 =
+ "insert into USER_TABLE_SHA256_BASE64 values (?, ?)";
+ private static String INSERT_USER_STMT_SHA384_BASE64 =
+ "insert into USER_TABLE_SHA384_BASE64 values (?, ?)";
+ private static String INSERT_USER_STMT_SHA512_BASE64 =
+ "insert into USER_TABLE_SHA512_BASE64 values (?, ?)";
+
+ private static String INSERT_USER_STMT_MD2_HEX =
+ "insert into USER_TABLE_MD2_HEX values (?, ?)";
+ private static String INSERT_USER_STMT_MD5_HEX =
+ "insert into USER_TABLE_MD5_HEX values (?, ?)";
+ private static String INSERT_USER_STMT_SHA_HEX =
+ "insert into USER_TABLE_SHA_HEX values (?, ?)";
+ private static String INSERT_USER_STMT_SHA256_HEX =
+ "insert into USER_TABLE_SHA256_HEX values (?, ?)";
+ private static String INSERT_USER_STMT_SHA384_HEX =
+ "insert into USER_TABLE_SHA384_HEX values (?, ?)";
+ private static String INSERT_USER_STMT_SHA512_HEX =
+ "insert into USER_TABLE_SHA512_HEX values (?, ?)";
+
+ private static String INSERT_GROUP_STMT =
+ "insert into GROUP_TABLE values (?, ?)";
+
+ private static void verbose(String msg) {
+ if( verbose )
+ System.out.println(msg);
+ }
+
+ private static void usage() {
+ System.out.println("usage: java PopulateDB -url <url>");
+ }
+
+ public static void main(String[] args) throws Exception {
+
+ String dbURL = null;
+ String dbDriverClass = "org.apache.derby.jdbc.ClientDriver";
+ String username = null;
+ String password = null;
+
+ for(int i=0; i<args.length; i++) {
+ verbose("Arg[" + i + "] " +args[i]);
+ if( args[i].intern() == URL_OPTION.intern() ) {
+ dbURL = args[++i];
+ } else if( args[i].intern() == VERBOSE_OPTION.intern() ) {
+ verbose = true;
+ } else if( args[i].intern() == DB_DRIVER_OPTION.intern() ) {
+ dbDriverClass = args[++i];;
+ } else if( args[i].intern() == USERNAME_OPTION.intern() ) {
+ username = args[++i];
+ } else if( args[i].intern() == PASSWORD_OPTION.intern() ) {
+ password = args[++i];
+ } else {
+ usage();
+ System.exit(1);
+ }
+ }
+
+ if( dbURL == null ) {
+ usage();
+ System.exit(1);
+ }
+
+ verbose("db url: " + dbURL);
+ verbose("db driver: " + dbDriverClass);
+ verbose("db user: " + username);
+ verbose("db pass: " + password);
+
+ Class.forName(dbDriverClass);
+ Connection con = null;
+ if( username == null )
+ con = DriverManager.getConnection(dbURL);
+ else
+ con = DriverManager.getConnection(dbURL, username, password);
+
+ // populate the clear user table
+ PreparedStatement ps = con.prepareStatement(INSERT_USER_STMT_CLEAR);
+ for(int i=0; i<users.length; i++) {
+ ps.setString(1, users[i][0]);
+ ps.setString(2, users[i][1]);
+ ps.executeUpdate();
+ }
+ ps.close();
+
+ ps = con.prepareStatement(INSERT_USER_STMT_BASE64);
+ BASE64Encoder base64 = new BASE64Encoder();
+ for(int i=0; i<users_BASE64.length; i++) {
+ ps.setString(1, users_BASE64[i][0]);
+ ps.setString(2, new String(base64.encode(users_BASE64[i][1].getBytes())));
+ ps.executeUpdate();
+ }
+ ps.close();
+
+ ps = con.prepareStatement(INSERT_USER_STMT_HEX);
+ for(int i=0; i<users_HEX.length; i++) {
+ ps.setString(1, users_HEX[i][0]);
+ ps.setString(2, hexConvert(users_HEX[i][1].getBytes()));
+ ps.executeUpdate();
+ }
+ ps.close();
+
+ ps = con.prepareStatement(INSERT_USER_STMT_MD2_BASE64);
+ MessageDigest md2 = MessageDigest.getInstance("MD2");
+ for(int i=0; i<users_MD2_BASE64.length; i++) {
+ ps.setString(1, users_MD2_BASE64[i][0]);
+ ps.setString(2, base64.encode(md2.digest(users_MD2_BASE64[i][1].getBytes())));
+ ps.executeUpdate();
+ md2.reset();
+ }
+ ps.close();
+
+ ps = con.prepareStatement(INSERT_USER_STMT_MD5_BASE64);
+ MessageDigest md5 = MessageDigest.getInstance("MD5");
+ for(int i=0; i<users_MD5_BASE64.length; i++) {
+ ps.setString(1, users_MD5_BASE64[i][0]);
+ ps.setString(2, base64.encode(md5.digest(users_MD5_BASE64[i][1].getBytes())));
+ ps.executeUpdate();
+ md5.reset();
+ }
+ ps.close();
+
+ ps = con.prepareStatement(INSERT_USER_STMT_SHA_BASE64);
+ MessageDigest sha = MessageDigest.getInstance("SHA");
+ for(int i=0; i<users_SHA_BASE64.length; i++) {
+ ps.setString(1, users_SHA_BASE64[i][0]);
+ ps.setString(2, base64.encode(sha.digest(users_SHA_BASE64[i][1].getBytes())));
+ ps.executeUpdate();
+ sha.reset();
+ }
+ ps.close();
+
+ ps = con.prepareStatement(INSERT_USER_STMT_SHA256_BASE64);
+ MessageDigest sha256 = MessageDigest.getInstance("SHA-256");
+ for(int i=0; i<users_SHA256_BASE64.length; i++) {
+ ps.setString(1, users_SHA256_BASE64[i][0]);
+ ps.setString(2, base64.encode(sha256.digest(users_SHA256_BASE64[i][1].getBytes())));
+ ps.executeUpdate();
+ sha256.reset();
+ }
+ ps.close();
+
+ ps = con.prepareStatement(INSERT_USER_STMT_SHA384_BASE64);
+ MessageDigest sha384 = MessageDigest.getInstance("SHA-384");
+ for(int i=0; i<users_SHA384_BASE64.length; i++) {
+ ps.setString(1, users_SHA384_BASE64[i][0]);
+ ps.setString(2, base64.encode(sha384.digest(users_SHA384_BASE64[i][1].getBytes())));
+ ps.executeUpdate();
+ sha384.reset();
+ }
+ ps.close();
+
+ ps = con.prepareStatement(INSERT_USER_STMT_SHA512_BASE64);
+ MessageDigest sha512 = MessageDigest.getInstance("SHA-512");
+ for(int i=0; i<users_SHA512_BASE64.length; i++) {
+ ps.setString(1, users_SHA512_BASE64[i][0]);
+ ps.setString(2, base64.encode(sha512.digest(users_SHA512_BASE64[i][1].getBytes())));
+ ps.executeUpdate();
+ sha512.reset();
+ }
+ ps.close();
+
+ ps = con.prepareStatement(INSERT_USER_STMT_MD2_HEX);
+ for(int i=0; i<users_MD2_HEX.length; i++) {
+ ps.setString(1, users_MD2_HEX[i][0]);
+ ps.setString(2, hexConvert(md2.digest(users_MD2_HEX[i][1].getBytes())));
+ ps.executeUpdate();
+ md2.reset();
+ }
+ ps.close();
+
+ ps = con.prepareStatement(INSERT_USER_STMT_MD5_HEX);
+ for(int i=0; i<users_MD5_HEX.length; i++) {
+ ps.setString(1, users_MD5_HEX[i][0]);
+ ps.setString(2, hexConvert(md5.digest(users_MD5_HEX[i][1].getBytes())));
+ ps.executeUpdate();
+ md5.reset();
+ }
+ ps.close();
+
+ ps = con.prepareStatement(INSERT_USER_STMT_SHA_HEX);
+ for(int i=0; i<users_SHA_HEX.length; i++) {
+ ps.setString(1, users_SHA_HEX[i][0]);
+ ps.setString(2, hexConvert(sha.digest(users_SHA_HEX[i][1].getBytes())));
+ ps.executeUpdate();
+ sha.reset();
+ }
+ ps.close();
+
+ ps = con.prepareStatement(INSERT_USER_STMT_SHA256_HEX);
+ for(int i=0; i<users_SHA256_HEX.length; i++) {
+ ps.setString(1, users_SHA256_HEX[i][0]);
+ ps.setString(2, hexConvert(sha256.digest(users_SHA256_HEX[i][1].getBytes())));
+ ps.executeUpdate();
+ sha256.reset();
+ }
+ ps.close();
+
+ ps = con.prepareStatement(INSERT_USER_STMT_SHA384_HEX);
+ for(int i=0; i<users_SHA384_HEX.length; i++) {
+ ps.setString(1, users_SHA384_HEX[i][0]);
+ ps.setString(2, hexConvert(sha384.digest(users_SHA384_HEX[i][1].getBytes())));
+ ps.executeUpdate();
+ sha384.reset();
+ }
+ ps.close();
+
+ ps = con.prepareStatement(INSERT_USER_STMT_SHA512_HEX);
+ for(int i=0; i<users_SHA512_HEX.length; i++) {
+ ps.setString(1, users_SHA512_HEX[i][0]);
+ ps.setString(2, hexConvert(sha512.digest(users_SHA512_HEX[i][1].getBytes())));
+ ps.executeUpdate();
+ sha512.reset();
+ }
+ ps.close();
+
+ // populate the group table
+ ps = con.prepareStatement(INSERT_GROUP_STMT);
+ for(int i=0; i<groups.length; i++) {
+ ps.setString(1, groups[i][0]);
+ ps.setString(2, groups[i][1]);
+ ps.executeUpdate();
+ }
+ ps.close();
+ }
+
+ private static String hexConvert(byte bytes[]) {
+
+ StringBuffer sb = new StringBuffer(bytes.length * 2);
+ for (int i = 0; i < bytes.length; i++) {
+ sb.append(convertDigit((int) (bytes[i] >> 4)));
+ sb.append(convertDigit((int) (bytes[i] & 0x0f)));
+ }
+ return (sb.toString());
+
+ }
+
+ private static char convertDigit(int value) {
+
+ value &= 0x0f;
+ if (value >= 10)
+ return ((char) (value - 10 + 'a'));
+ else
+ return ((char) (value + '0'));
+
+ }
+
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jdbcrealm/web.xml.template b/appserver/tests/appserv-tests/devtests/security/jdbcrealm/web.xml.template
new file mode 100644
index 0000000..c996e2e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jdbcrealm/web.xml.template
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
+
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app>
+
+ <servlet>
+ <servlet-name>TestJSP</servlet-name>
+ <jsp-file>/TestJSP.jsp</jsp-file>
+ </servlet>
+
+ <servlet>
+ <servlet-name>TestServlet</servlet-name>
+ <servlet-class>com.sun.security.devtests.jdbcrealm.simpleweb.TestServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>TestJSP</servlet-name>
+ <url-pattern>/TestJSP</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>TestServlet</servlet-name>
+ <url-pattern>/TestServlet</url-pattern>
+ </servlet-mapping>
+
+ <session-config>
+ <session-timeout>
+ 30
+ </session-timeout>
+ </session-config>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>WR1</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>staff</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>REALM_NAME_HERE</realm-name>
+ </login-config>
+
+<!-- <security-role>
+ <description>NONE</description>
+ <role-name>Employee</role-name>
+ </security-role>
+ <security-role>
+ <role-name>Manager</role-name>
+ </security-role> -->
+
+ <security-role>
+ <description>Staff</description>
+ <role-name>staff</role-name>
+ </security-role>
+
+</web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/jdbcrealm/web/TestServlet.java b/appserver/tests/appserv-tests/devtests/security/jdbcrealm/web/TestServlet.java
new file mode 100644
index 0000000..633abb7
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jdbcrealm/web/TestServlet.java
@@ -0,0 +1,115 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.security.devtests.jdbcrealm.simpleweb;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.security.Principal;
+import java.util.Properties;
+
+
+public class TestServlet extends HttpServlet {
+
+ // Security role references.
+ private static final String emp_secrole_ref = "staff";
+ private static final String admin_secrole_ref = "ADMIN";
+ private static final String mgr_secrole_ref = "Manager";
+
+ String user="qwert";
+ Properties props=null;
+
+
+ public void doGet(HttpServletRequest request,HttpServletResponse response) throws ServletException, IOException
+ {
+ PrintWriter out= response.getWriter();
+ out.println("<br>Basic Authentication tests from Servlet: Test1,Test2,Test3 ");
+ out.println("<br>Authorization test from Servlet: Test4,Test5-> HttpServletRequest.isUserInRole() authorization from Servlet.");
+
+ test1(request, response, out);
+ test2(request, response, out);
+ test3(request, response, out);
+ test4(request, response, out);
+ test5(request, response, out);
+ }
+
+
+ //Tests begin
+ public void test1(HttpServletRequest request, HttpServletResponse response, PrintWriter out)
+ {
+ //Check the auth type - request.getAuthType()
+ out.println("<br><br>Test1. Postive check for the correct authentication type");
+ String authtype=request.getAuthType();
+ if ("BASIC".equalsIgnoreCase(authtype) ){
+ out.println("<br>request.getAuthType() test Passed.");
+ }else{
+ out.println("<br>request.getAuthType() test Failed!");
+ }
+ out.println("<br>Info:request.getAuthType() is= "+authtype);
+ }
+ //Test2
+ public void test2(HttpServletRequest request, HttpServletResponse response, PrintWriter out){
+ Principal ruser = request.getUserPrincipal();
+ out.println("<br><br>Test2. Positive check for the correct principal name");
+ if (ruser != null){
+ out.println("<br>request.getUserPrincipal() test Passed.");
+ }else{
+ out.println("<br>request.getUserPrincipal() test Failed!");
+ }
+ out.println("<br>Info:request.getUserPrincipal() is= "+((ruser!=null)?ruser.getName():"null"));
+
+ }
+ //Test3 - positive test for checking the user authentication
+ //Check the remote user request.getRemoteUser()- get null if not authenticated
+ public void test3(HttpServletRequest request, HttpServletResponse response, PrintWriter out){
+ out.println("<br><br>Test3. Positive check whether given user authenticated");
+ String username=request.getRemoteUser();
+ if (user.equals(username)){
+ out.println("<br>request.getRemoteUser() test Passed.");
+ }else{
+ out.println("<br>request.getRemoteUser() test Failed!");
+ }
+ out.println("<br>Info:request.getRemoteUser() is= "+username);
+ }
+ //Test4 - positive test for checking the user's proper role
+ public void test4(HttpServletRequest request, HttpServletResponse response, PrintWriter out){
+ out.println("<br><br>Test4.Positive check whether the user is in proper role");
+ boolean isInProperRole=request.isUserInRole(emp_secrole_ref);
+ if (isInProperRole){
+ out.println("<br>HttpServletRequest.isUserInRole() test Passed.");
+ }else{
+ out.println("<br>HttpServletRequest.isUserInRole() test Failed!");
+ }
+ out.println("<br>Info:request.isUserInRole(\""+emp_secrole_ref+"\") is= "+isInProperRole);
+ }
+
+ //Test5 - Negative test for checking the user's proper role
+ public void test5(HttpServletRequest request, HttpServletResponse response, PrintWriter out){
+ out.println("<br><br>Test5.Negative check whether the current user is any other other role");
+ boolean isNotInOtherRole=request.isUserInRole(mgr_secrole_ref);
+ if (!isNotInOtherRole){
+ out.println("<br>HttpServletRequest.isUserInRole() test Passed.");
+ }else{
+ out.println("<br>HttpServletRequest.isUserInRole() test Failed!");
+ }
+ out.println("<br>Info:request.isUserInRole(\""+mgr_secrole_ref+"\") is= "+isNotInOtherRole);
+ }
+}
+
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/build.xml b/appserver/tests/appserv-tests/devtests/security/jmac/build.xml
new file mode 100644
index 0000000..f8b6ea9
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/build.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+
+ Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!DOCTYPE project [
+<!ENTITY commonSetup SYSTEM "../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "../../../config/run.xml">
+<!ENTITY commonSecurity SYSTEM "../common.xml">
+]>
+
+
+<project name="wss" default="usage" basedir=".">
+ &commonSetup;
+ &commonBuild;
+ &commonSecurity;
+ &commonRun;
+
+ <target name="all">
+ <!-- Expected output doesn't match. This test used to pass in 5.0
+ <ant dir="httpServlet" target="all"/>
+ -->
+ <ant dir="https" target="all"/>
+ <ant dir="httpServletChallenge" target="all"/>
+ <ant dir="httpServletForm" target="all"/>
+
+ <ant dir="soap" target="all"/>
+ <ant dir="soapDefault" target="all"/>
+ <ant dir="soapEmbedded" target="all"/>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/httpServlet/build.properties b/appserver/tests/appserv-tests/devtests/security/jmac/httpServlet/build.properties
new file mode 100644
index 0000000..a1ec018
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/httpServlet/build.properties
@@ -0,0 +1,26 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security-jmac-httpservlet"/>
+<property name="appname" value="${module}"/>
+<property name="app.type" value="war"/>
+<property name="assemble" value="${build.classes.dir}/archive"/>
+<property name="web.xml" value="descriptor/web.xml"/>
+<property name="sun-web.xml" value="descriptor/sun-web.xml"/>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/httpServlet/build.xml b/appserver/tests/appserv-tests/devtests/security/jmac/httpServlet/build.xml
new file mode 100644
index 0000000..ed1f38e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/httpServlet/build.xml
@@ -0,0 +1,154 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "file:./../../../../config/run.xml">
+<!ENTITY commonSecurity SYSTEM "file:../../common.xml">
+<!ENTITY testproperties SYSTEM "file:./build.properties">
+]>
+
+<project name="security-jmac-httpservlet" default="usage" basedir=".">
+
+ &commonSetup;
+ &commonBuild;
+ &commonRun;
+ &testproperties;
+ &commonSecurity;
+
+ <target name="all" depends="clean, build, setup, deploy, run, undeploy, unsetup"/>
+
+ <target name="clean" depends="init-common">
+ <antcall target="clean-common"/>
+ </target>
+
+ <target name="setup" depends="init-common">
+ <!-- create auth realms -->
+ <antcall target="create-auth-filerealm">
+ <param name="file.realm.name" value="file123"/>
+ <param name="keyfile.path" value="${admin.domain.dir}/${admin.domain}/config/keyfile123"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="shingwai123"/>
+ <param name="password" value="me123"/>
+ <param name="groups" value="mygroup"/>
+ <param name="authrealmname" value="file123"/>
+ </antcall>
+
+ <copy file="${assemble.dir}/test-${appname}-provider.jar"
+ todir="${env.S1AS_HOME}/lib"/>
+
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="create-message-security-provider"/>
+ <param name="as.props" value="${as.props} --classname com.sun.s1asdev.security.jmac.httpservlet.HttpServletTestAuthModule --layer HttpServlet --providertype server --requestauthsource sender"/>
+ <param name="operand.props" value="httpServletTestAuthModule"/>
+ </antcall>
+
+ <!--antcall target="restart"/-->
+ </target>
+
+ <target name="unsetup" depends="init-common">
+ <antcall target="delete-user-common">
+ <param name="user" value="shingwai123"/>
+ <param name="authrealmname" value="file123"/>
+ </antcall>
+
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-message-security-provider"/>
+ <param name="as.props" value="${as.props} --layer HttpServlet"/>
+ <param name="operand.props" value="httpServletTestAuthModule"/>
+ </antcall>
+
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-auth-realm" />
+ <param name="operand.props" value="file123"/>
+ </antcall>
+
+ <!-- <antcall target="reconfig-common"/>-->
+
+ <!--antcall target="restart"/-->
+ <!-- may not be able to delete this file in PC environment -->
+ <delete file="${env.S1AS_HOME}/lib/test-${appname}-provider.jar" failonerror="false"/>
+ </target>
+
+ <target name="build" depends="init-common">
+ <antcall target="webclient-war-common">
+ <param name="hasWebclient" value="yes"/>
+ </antcall>
+
+ <antcall target="compile-common">
+ <param name="src" value="src"/>
+ </antcall>
+ <mkdir dir="${assemble.dir}"/>
+ <jar jarfile="${assemble.dir}/test-${appname}-provider.jar">
+ <fileset dir="${build.classes.dir}"/>
+ </jar>
+ </target>
+
+ <target name="deploy" depends="init-common">
+ <antcall target="deploy-war-libraries">
+ <param name="as.props" value="${as.props}"/>
+ <param name="libraries" value="${env.S1AS_HOME}/lib/test-${appname}-provider.jar"/>
+ <param name="contextroot" value="${appname}"/>
+ </antcall>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-war-common"/>
+ </target>
+
+ <target name="run" depends="init-common">
+ <taskdef name="webtest" classname="${webtest.classname}" classpath="${webtest.classpath}" />
+ <webtest request="GET /security-jmac-httpservlet/index.jsp HTTP/1.0"
+ debug="9"
+ host="${http.host}"
+ port="${http.port}"
+ authMethod="BASIC"
+ userName="shingwai123"
+ password="me123"
+ firstTask="true"
+ lastTest="true"
+ lastCase="true"
+ lastTask="true"
+ resultFileName="${webtest.report.dir}/security-gtest-results.xml"
+ testSession="security-jmac-httpservlet"
+ requestHeaders="Host:${http.host}:${http.port}"
+ goldenFile="${env.APS_HOME}/devtests/security/jmac/httpServlet/goldenfiles/output.html"
+ testSuiteId="security-jmac-httpservlet"
+ testSuiteName="security-jmac-httpservlet"
+ testSuiteDescription="Security Test"
+ testId="security-jmac-httpservlet"
+ testName="security-jmac-httpservlet"
+ testDescription="JSR 196 HttpServlet test: ${testcaseid}"
+ testCaseId="${testcaseid}"
+ testCaseName="${testcaseid}"
+ testCaseDescription="JSR 196 HttpServlet test"
+ testStrategy="JSR 196 HttpServlet test"
+ />
+ </target>
+
+ <target name="restart">
+ <antcall target="restart-server-instance-common"/>
+ </target>
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/httpServlet/descriptor/sun-web.xml b/appserver/tests/appserv-tests/devtests/security/jmac/httpServlet/descriptor/sun-web.xml
new file mode 100644
index 0000000..7b24d54
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/httpServlet/descriptor/sun-web.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 Servlet 2.3//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-web-app_2_3-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-web-app httpservlet-security-provider="httpServletTestAuthModule">
+ <security-role-mapping>
+ <role-name>myrole</role-name>
+ <group-name>mygroup</group-name>
+ </security-role-mapping>
+</sun-web-app>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/httpServlet/descriptor/web.xml b/appserver/tests/appserv-tests/devtests/security/jmac/httpServlet/descriptor/web.xml
new file mode 100644
index 0000000..a25495b
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/httpServlet/descriptor/web.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN' 'http://java.sun.com/j2ee/dtds/web-app_2_2.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app>
+ <display-name>HttpServlet Provider test</display-name>
+ <servlet>
+ <servlet-name>indexJsp</servlet-name>
+ <jsp-file>/index.jsp</jsp-file>
+ <load-on-startup>0</load-on-startup>
+ </servlet>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>MySecureBit</web-resource-name>
+ <url-pattern>/index.jsp</url-pattern>
+ <http-method>GET</http-method>
+ <http-method>POST</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>myrole</role-name>
+ </auth-constraint>
+ <user-data-constraint>
+ <transport-guarantee>NONE</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+ <login-config>
+ <realm-name>file123</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>myrole</role-name>
+ </security-role>
+
+</web-app>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/httpServlet/docroot/index.jsp b/appserver/tests/appserv-tests/devtests/security/jmac/httpServlet/docroot/index.jsp
new file mode 100644
index 0000000..ea8e942
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/httpServlet/docroot/index.jsp
@@ -0,0 +1,31 @@
+<%--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+--%>
+
+Hello World from 196 HttpServlet AuthModule Test!
+<hr>
+<%
+ try {
+ out.println("Hello, " + request.getUserPrincipal() +
+ " from " + request.getAttribute("MY_NAME"));
+ out.println("PC = " + request.getAttribute("PC"));
+ } catch(Throwable t) {
+ out.println("Something wrong: " + t);
+ t.printStackTrace();
+ }
+%>
+<hr>
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/httpServlet/goldenfiles/output.html b/appserver/tests/appserv-tests/devtests/security/jmac/httpServlet/goldenfiles/output.html
new file mode 100644
index 0000000..b5e3587
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/httpServlet/goldenfiles/output.html
@@ -0,0 +1,8 @@
+Hello World from 196 HttpServlet AuthModule Test!
+<hr>
+Hello, shingwai123 from com.sun.s1asdev.security.jmac.httpservlet.HttpServletTestAuthModule
+PC = security-jmac-httpservlet-web/security-jmac-httpservlet-web
+
+
+<hr>
+Adjusted count: 218
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/httpServlet/src/HttpServletTestAuthModule.java b/appserver/tests/appserv-tests/devtests/security/jmac/httpServlet/src/HttpServletTestAuthModule.java
new file mode 100644
index 0000000..9b93486
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/httpServlet/src/HttpServletTestAuthModule.java
@@ -0,0 +1,155 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.jmac.httpservlet;
+
+import java.io.PrintWriter;
+import java.util.Map;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.MessagePolicy;
+import javax.security.auth.message.callback.CallerPrincipalCallback;
+import javax.security.auth.message.callback.PasswordValidationCallback;
+import javax.security.auth.message.module.ServerAuthModule;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+
+import sun.misc.BASE64Decoder;
+
+public class HttpServletTestAuthModule implements ServerAuthModule {
+ private CallbackHandler handler = null;
+ private String pc = null;
+
+ public void initialize(MessagePolicy requestPolicy,
+ MessagePolicy responsePolicy,
+ CallbackHandler handler,
+ Map options)
+ throws AuthException {
+ this.handler = handler;
+ if (options != null) {
+ this.pc = (String)options.get("javax.security.jacc.PolicyContext");
+ }
+ }
+
+ public Class[] getSupportedMessageTypes() {
+ return new Class[] { HttpServletRequest.class, HttpServletResponse.class };
+ }
+
+ public AuthStatus validateRequest(MessageInfo messageInfo,
+ Subject clientSubject,
+ Subject serviceSubject) throws AuthException {
+
+ if (!isMandatory(messageInfo)) {
+ return AuthStatus.SUCCESS;
+ }
+
+ String username = null;
+ String password = null;
+ try {
+ HttpServletRequest request =
+ (HttpServletRequest)messageInfo.getRequestMessage();
+ HttpServletResponse response =
+ (HttpServletResponse)messageInfo.getResponseMessage();
+ String authorization = request.getHeader("authorization");
+ if (authorization != null &&
+ authorization.toLowerCase().startsWith("basic ")) {
+ authorization = authorization.substring(6).trim();
+ BASE64Decoder decoder = new BASE64Decoder();
+ byte[] bs = decoder.decodeBuffer(authorization);
+ String decodedString = new String(bs);
+ int ind = decodedString.indexOf(':');
+ if (ind > 0) {
+ username = decodedString.substring(0, ind);
+ password = decodedString.substring(ind + 1);
+ }
+ }
+
+ if (username == null || password == null) {
+ response.setHeader("WWW-Authenticate", "Basic realm=\"default\"");
+ response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+ System.out.println("login prompt for username/password");
+ return AuthStatus.SEND_CONTINUE;
+ }
+
+ char[] pwd = new char[password.length()];
+ password.getChars(0, password.length(), pwd, 0);
+ PasswordValidationCallback pwdCallback =
+ new PasswordValidationCallback(clientSubject, username, pwd);
+ CallerPrincipalCallback cpCallback =
+ new CallerPrincipalCallback(clientSubject, username);
+ System.out.println("Subject before invoking callbacks: " + clientSubject);
+ handler.handle(new Callback[] { pwdCallback, cpCallback });
+ System.out.println("Subject after invoking callbacks: " + clientSubject);
+
+ if (pwdCallback.getResult()) {
+ request.setAttribute("MY_NAME", getClass().getName());
+ request.setAttribute("PC", pc);
+ System.out.println("login success: " + username + ", " + password);
+ messageInfo.setResponseMessage(new MyHttpServletResponseWrapper(response));
+ return AuthStatus.SUCCESS;
+ } else {
+ System.out.println("login fails: " + username + ", " + password);
+ return AuthStatus.SEND_FAILURE;
+ }
+ } catch(Throwable t) {
+ System.out.println("login fails: " + username + ", " + password);
+ t.printStackTrace();
+ return AuthStatus.SEND_FAILURE;
+ }
+ }
+
+ public AuthStatus secureResponse(MessageInfo messageInfo,
+ Subject serviceSubject) throws AuthException {
+
+ if (!isMandatory(messageInfo)) {
+ return AuthStatus.SUCCESS;
+ }
+
+ try {
+ System.out.println("SR is called");
+ HttpServletRequest request =
+ (HttpServletRequest)messageInfo.getRequestMessage();
+ request.setAttribute("SR", "true");
+ MyHttpServletResponseWrapper response =
+ (MyHttpServletResponseWrapper)messageInfo.getResponseMessage();
+ int count = response.getAdjustedCount();
+ PrintWriter writer = response.getWriter();
+ writer.println("\nAdjusted count: " + count);
+ messageInfo.setResponseMessage(response.getResponse());
+ return AuthStatus.SUCCESS;
+ } catch(Throwable t) {
+ System.out.println("secureResponse fails: " + t);
+ return AuthStatus.FAILURE;
+ }
+ }
+
+ public void cleanSubject(MessageInfo messageInfo, Subject subject)
+ throws AuthException {
+ }
+
+ private boolean isMandatory(MessageInfo messageInfo) {
+ return Boolean.valueOf((String)messageInfo.getMap().get(
+ "javax.security.auth.message.MessagePolicy.isMandatory"));
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/httpServlet/src/MyHttpServletResponseWrapper.java b/appserver/tests/appserv-tests/devtests/security/jmac/httpServlet/src/MyHttpServletResponseWrapper.java
new file mode 100644
index 0000000..32b333f
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/httpServlet/src/MyHttpServletResponseWrapper.java
@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.jmac.httpservlet;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.io.Writer;
+
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpServletResponseWrapper;
+
+class MyHttpServletResponseWrapper extends HttpServletResponseWrapper {
+ private MyPrintWriter myPrintWriter = null;
+
+ MyHttpServletResponseWrapper(HttpServletResponse response) {
+ super(response);
+ try {
+ myPrintWriter = new MyPrintWriter(response.getWriter());
+ } catch(Exception ex) {
+ ex.printStackTrace();
+ throw new IllegalStateException(ex.toString());
+ }
+ }
+
+ public PrintWriter getWriter() throws IOException {
+ return myPrintWriter;
+ }
+
+ int getAdjustedCount() {
+ return myPrintWriter.getAdjustedCount();
+ }
+}
+
+class MyPrintWriter extends PrintWriter {
+ private int count = 0; // count up to '\r'
+
+ public MyPrintWriter(Writer writer) {
+ super(writer);
+ }
+
+ // our jsp writer only use write char[] off len
+ public void write(char[] cbuf, int off, int len) {
+ count += len - numOfCR(cbuf, off, len);
+ super.write(cbuf, off, len);
+ }
+
+ public int getAdjustedCount() {
+ return count;
+ }
+
+ private int numOfCR(char[] cbuf, int off, int len) {
+ int numCR = 0;
+ if (cbuf != null && off < cbuf.length) {
+ for (int i = off; i <= len -1 && i < cbuf.length; i++) {
+ if (cbuf[i] == '\r') {
+ numCR++;
+ }
+ }
+ }
+ return numCR;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/httpServletChallenge/build.properties b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletChallenge/build.properties
new file mode 100644
index 0000000..c3bd72a
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletChallenge/build.properties
@@ -0,0 +1,26 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security-jmac-httpservletchallenge"/>
+<property name="appname" value="${module}"/>
+<property name="app.type" value="war"/>
+<property name="assemble" value="${build.classes.dir}/archive"/>
+<property name="web.xml" value="descriptor/web.xml"/>
+<property name="sun-web.xml" value="descriptor/sun-web.xml"/>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/httpServletChallenge/build.xml b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletChallenge/build.xml
new file mode 100644
index 0000000..e15a1a9
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletChallenge/build.xml
@@ -0,0 +1,183 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../../config/common.xml">
+<!ENTITY commonSecurity SYSTEM "file:../../common.xml">
+<!ENTITY testproperties SYSTEM "file:./build.properties">
+]>
+
+<project name="security-jmac-httpservletchallenge" default="usage" basedir=".">
+
+ &commonSetup;
+ &commonBuild;
+ &testproperties;
+ &commonSecurity;
+
+ <target name="all" depends="clean, build, setup, deploy, run, undeploy, unsetup"/>
+
+ <target name="clean" depends="init-common">
+ <antcall target="clean-common"/>
+ </target>
+
+ <target name="setup" depends="init-common">
+ <!-- create auth realms -->
+ <antcall target="create-auth-filerealm">
+ <param name="file.realm.name" value="file123"/>
+ <param name="keyfile.path" value="${admin.domain.dir}/${admin.domain}/config/keyfile123"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="shingwai"/>
+ <param name="password" value="shingwai"/>
+ <param name="groups" value="mygroup"/>
+ <param name="authrealmname" value="file123"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="shingwai_2"/>
+ <param name="password" value="adminadmin"/>
+ <param name="groups" value="mygroup"/>
+ <param name="authrealmname" value="file123"/>
+ </antcall>
+
+ <copy file="${assemble.dir}/test-${appname}-provider.jar"
+ todir="${env.S1AS_HOME}/lib"/>
+
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="create-message-security-provider"/>
+ <param name="as.props" value="${as.props} --classname com.sun.s1asdev.security.jmac.httpservletchallenge.HttpServletChallengeTestAuthModule --layer HttpServlet --providertype server --requestauthsource sender"/>
+ <param name="operand.props" value="httpServletChallengeTestAuthModule"/>
+ </antcall>
+
+ </target>
+
+ <target name="unsetup" depends="init-common">
+ <antcall target="delete-user-common">
+ <param name="user" value="shingwai"/>
+ <param name="authrealmname" value="file123"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="shingwai_2"/>
+ <param name="authrealmname" value="file123"/>
+ </antcall>
+
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-message-security-provider"/>
+ <param name="as.props" value="${as.props} --layer HttpServlet"/>
+ <param name="operand.props" value="httpServletChallengeTestAuthModule"/>
+ </antcall>
+
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-auth-realm" />
+ <param name="operand.props" value="file123"/>
+ </antcall>
+
+ <!-- <antcall target="reconfig-common"/>-->
+
+ <!-- may not be able to delete this file in PC environment -->
+ <delete file="${env.S1AS_HOME}/lib/test-${appname}-provider.jar" failonerror="false"/>
+ </target>
+
+ <target name="build" depends="init-common">
+ <antcall target="webclient-war-common">
+ <param name="hasWebclient" value="yes"/>
+ </antcall>
+
+ <antcall target="compile-common">
+ <param name="src" value="src"/>
+ </antcall>
+ <mkdir dir="${assemble.dir}"/>
+ <jar jarfile="${assemble.dir}/test-${appname}-provider.jar">
+ <fileset dir="${build.classes.dir}"/>
+ </jar>
+ </target>
+
+ <target name="deploy" depends="init-common">
+ <antcall target="deploy-war-libraries">
+ <param name="as.props" value="${as.props}"/>
+ <param name="libraries" value="${env.S1AS_HOME}/lib/test-${appname}-provider.jar"/>
+ <param name="contextroot" value="${appname}"/>
+ </antcall>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-war-common"/>
+ </target>
+
+ <target name="run" depends="init-common">
+ <taskdef name="webtest" classname="${webtest.classname}" classpath="${webtest.classpath}" />
+ <webtest request="GET /security-jmac-httpservletchallenge/index.jsp HTTP/1.0"
+ debug="9"
+ host="${http.host}"
+ port="${http.port}"
+ authMethod="BASIC"
+ userName="shingwai"
+ password="shingwai"
+ firstTask="true"
+ lastTest="true"
+ lastCase="true"
+ lastTask="true"
+ resultFileName="${webtest.report.dir}/security-gtest-results.xml"
+ testSession="security-jmac-httpservletchallenge"
+ requestHeaders="Host:${http.host}:${http.port}"
+ returnCode="HTTP/1.1 401"
+ testSuiteId="security-jmac-httpservletchallenge"
+ testSuiteName="security-jmac-httpservletchallenge"
+ testSuiteDescription="Security Test"
+ testId="security-jmac-httpservletchallenge"
+ testName="security-jmac-httpservletchallenge"
+ testDescription="JSR 196 HttpServlet test: ${testcaseid}"
+ testCaseId="${testcaseid}"
+ testCaseName="${testcaseid}"
+ testCaseDescription="JSR 196 HttpServlet test"
+ testStrategy="JSR 196 HttpServlet test"
+ />
+
+ <webtest request="GET /security-jmac-httpservletchallenge/index.jsp HTTP/1.0"
+ debug="9"
+ host="${http.host}"
+ port="${http.port}"
+ authMethod="BASIC"
+ userName="shingwai"
+ password="adminadmin"
+ firstTask="true"
+ lastTest="true"
+ lastCase="true"
+ lastTask="true"
+ resultFileName="${webtest.report.dir}/security-gtest-results.xml"
+ testSession="security-jmac-httpservletchallenge"
+ requestHeaders="Host:${http.host}:${http.port}"
+ goldenFile="${env.APS_HOME}/devtests/security/jmac/httpServletChallenge/goldenfiles/output.html"
+ testSuiteId="security-jmac-httpservletchallenge"
+ testSuiteName="security-jmac-httpservletchallenge"
+ testSuiteDescription="Security Test"
+ testId="security-jmac-httpservletchallenge"
+ testName="security-jmac-httpservletchallenge"
+ testDescription="JSR 196 HttpServlet test: ${testcaseid}"
+ testCaseId="${testcaseid}"
+ testCaseName="${testcaseid}"
+ testCaseDescription="JSR 196 HttpServlet test"
+ testStrategy="JSR 196 HttpServlet test"
+ />
+ </target>
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/httpServletChallenge/descriptor/sun-web.xml b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletChallenge/descriptor/sun-web.xml
new file mode 100644
index 0000000..3542512
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletChallenge/descriptor/sun-web.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 Servlet 2.3//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-web-app_2_3-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-web-app httpservlet-security-provider="httpServletChallengeTestAuthModule">
+ <security-role-mapping>
+ <role-name>myrole</role-name>
+ <group-name>mygroup</group-name>
+ </security-role-mapping>
+</sun-web-app>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/httpServletChallenge/descriptor/web.xml b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletChallenge/descriptor/web.xml
new file mode 100644
index 0000000..5b187d8
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletChallenge/descriptor/web.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN' 'http://java.sun.com/j2ee/dtds/web-app_2_2.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app>
+ <display-name>HttpServletChallenge Provider test</display-name>
+ <servlet>
+ <servlet-name>indexJsp</servlet-name>
+ <jsp-file>/index.jsp</jsp-file>
+ <load-on-startup>0</load-on-startup>
+ </servlet>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>MySecureBit</web-resource-name>
+ <url-pattern>/index.jsp</url-pattern>
+ <http-method>GET</http-method>
+ <http-method>POST</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>myrole</role-name>
+ </auth-constraint>
+ <user-data-constraint>
+ <transport-guarantee>NONE</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+ <login-config>
+ <realm-name>file123</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>myrole</role-name>
+ </security-role>
+
+</web-app>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/httpServletChallenge/docroot/index.jsp b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletChallenge/docroot/index.jsp
new file mode 100644
index 0000000..0d89f6c
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletChallenge/docroot/index.jsp
@@ -0,0 +1,31 @@
+<%--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+--%>
+
+Hello World from 196 HttpServletChallenge AuthModule Test!
+<hr>
+<%
+ try {
+ out.println("Hello, " + request.getUserPrincipal() +
+ " from " + request.getAttribute("MY_NAME") +
+ " with authType " + request.getAuthType());
+ } catch(Exception ex) {
+ out.println("Something wrong: " + ex);
+ ex.printStackTrace();
+ }
+%>
+<hr>
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/httpServletChallenge/goldenfiles/output.html b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletChallenge/goldenfiles/output.html
new file mode 100644
index 0000000..8468ba3
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletChallenge/goldenfiles/output.html
@@ -0,0 +1,6 @@
+Hello World from 196 HttpServletChallenge AuthModule Test!
+<hr>
+Hello, shingwai from com.sun.s1asdev.security.jmac.httpservletchallenge.HttpServletChallengeTestAuthModule with authType MC
+
+
+<hr>
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/httpServletChallenge/src/HttpServletChallengeTestAuthModule.java b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletChallenge/src/HttpServletChallengeTestAuthModule.java
new file mode 100644
index 0000000..6f71e40
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletChallenge/src/HttpServletChallengeTestAuthModule.java
@@ -0,0 +1,153 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.jmac.httpservletchallenge;
+
+import java.util.Map;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.MessagePolicy;
+import javax.security.auth.message.callback.CallerPrincipalCallback;
+import javax.security.auth.message.callback.PasswordValidationCallback;
+import javax.security.auth.message.module.ServerAuthModule;
+
+import javax.servlet.http.HttpSession;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+
+import sun.misc.BASE64Decoder;
+
+public class HttpServletChallengeTestAuthModule implements ServerAuthModule {
+ private CallbackHandler handler = null;
+
+ public void initialize(MessagePolicy requestPolicy,
+ MessagePolicy responsePolicy,
+ CallbackHandler handler,
+ Map options)
+ throws AuthException {
+ this.handler = handler;
+ }
+
+ public Class[] getSupportedMessageTypes() {
+ return new Class[] { HttpServletRequest.class, HttpServletResponse.class };
+ }
+
+ public AuthStatus validateRequest(MessageInfo messageInfo,
+ Subject clientSubject,
+ Subject serviceSubject) throws AuthException {
+
+ if (!isMandatory(messageInfo)) {
+ return AuthStatus.SUCCESS;
+ }
+
+ String username = null;
+ String password = null;
+ try {
+
+ HttpServletRequest request =
+ (HttpServletRequest)messageInfo.getRequestMessage();
+ String authorization = request.getHeader("authorization");
+ if (authorization != null &&
+ authorization.toLowerCase().startsWith("basic ")) {
+ authorization = authorization.substring(6).trim();
+ BASE64Decoder decoder = new BASE64Decoder();
+ byte[] bs = decoder.decodeBuffer(authorization);
+ String decodedString = new String(bs);
+ int ind = decodedString.indexOf(':');
+ if (ind > 0) {
+ username = decodedString.substring(0, ind);
+ password = decodedString.substring(ind + 1);
+ }
+ }
+
+ HttpServletResponse response =
+ (HttpServletResponse)messageInfo.getResponseMessage();
+ if (username == null || password == null) {
+ response.setHeader("WWW-Authenticate", "Basic realm=\"default\"");
+ response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+ System.out.println("login prompt for username/password");
+ return AuthStatus.SEND_CONTINUE;
+ }
+
+ HttpSession session = request.getSession(false);
+ boolean secondPhase = (session != null &&
+ session.getValue("FIRST_DONE") != null);
+ String loginName = ((secondPhase)? username + "_2" : username);
+ char[] pwd = new char[password.length()];
+ password.getChars(0, password.length(), pwd, 0);
+ Callback[] callbacks;
+ PasswordValidationCallback pwdCallback =
+ new PasswordValidationCallback(clientSubject, loginName, pwd);
+ if (secondPhase) {
+ CallerPrincipalCallback cpCallback =
+ new CallerPrincipalCallback(clientSubject, username);
+ callbacks = new Callback[] { pwdCallback, cpCallback };
+ } else {
+ callbacks = new Callback[] { pwdCallback };
+ }
+ System.out.println("Subject before invoking callbacks: " + clientSubject);
+ handler.handle(callbacks);
+ System.out.println("Subject after invoking callbacks: " + clientSubject);
+
+ if (pwdCallback.getResult()) {
+ System.out.print("login success: " + username + ", " + password);
+ if (secondPhase) {
+ System.out.println(" for second level");
+ request.setAttribute("MY_NAME", getClass().getName());
+ messageInfo.getMap().put("javax.servlet.http.authType", "MC");
+ return AuthStatus.SUCCESS;
+ } else {
+ System.out.println(" for first level");
+ response.setHeader("WWW-Authenticate", "Basic realm=\"default\"");
+ if (session == null) {
+ session = request.getSession(true);
+ session.putValue("FIRST_DONE", Boolean.TRUE);
+ }
+ response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+ return AuthStatus.SEND_SUCCESS;
+ }
+ } else {
+ System.out.println("login fails: " + username + ", " + password);
+ return AuthStatus.SEND_FAILURE;
+ }
+ } catch(Throwable t) {
+ System.out.println("login fails: " + username + ", " + password);
+ t.printStackTrace();
+ return AuthStatus.SEND_FAILURE;
+ }
+ }
+
+ public AuthStatus secureResponse(MessageInfo messageInfo,
+ Subject serviceSubject) throws AuthException {
+ return AuthStatus.SUCCESS;
+ }
+
+ public void cleanSubject(MessageInfo messageInfo, Subject subject)
+ throws AuthException {
+ }
+
+ private boolean isMandatory(MessageInfo messageInfo) {
+ return Boolean.valueOf((String)messageInfo.getMap().get(
+ "javax.security.auth.message.MessagePolicy.isMandatory"));
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/httpServletForm/build.properties b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletForm/build.properties
new file mode 100644
index 0000000..1c8cf30
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletForm/build.properties
@@ -0,0 +1,25 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security-jmac-httpservletform"/>
+<property name="appname" value="${module}"/>
+<property name="app.type" value="war"/>
+<property name="assemble" value="${build.classes.dir}/archive"/>
+<property name="web.xml" value="descriptor/web.xml"/>
+<property name="sun-web.xml" value="descriptor/sun-web.xml"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/httpServletForm/build.xml b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletForm/build.xml
new file mode 100644
index 0000000..adc3307
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletForm/build.xml
@@ -0,0 +1,133 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../../config/common.xml">
+<!ENTITY commonSecurity SYSTEM "file:../../common.xml">
+<!ENTITY testproperties SYSTEM "file:./build.properties">
+]>
+
+<project name="security-jmac-httpservletform" default="usage" basedir=".">
+
+ &commonSetup;
+ &commonBuild;
+ &testproperties;
+ &commonSecurity;
+
+ <target name="all" depends="clean, build, setup, deploy, run, undeploy, unsetup"/>
+
+ <target name="clean" depends="init-common">
+ <antcall target="clean-common"/>
+ </target>
+
+ <target name="setup" depends="init-common">
+ <antcall target="create-user-common">
+ <param name="user" value="shingwai"/>
+ <param name="password" value="shingwai"/>
+ <param name="groups" value="mygroup"/>
+ </antcall>
+
+ <copy file="${assemble.dir}/test-${appname}-provider.jar"
+ todir="${env.S1AS_HOME}/lib"/>
+
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="create-message-security-provider"/>
+ <param name="as.props" value="${as.props} --classname com.sun.s1asdev.security.jmac.httpservletform.HttpServletFormTestAuthModule --layer HttpServlet --providertype server --requestauthsource sender"/>
+ <param name="operand.props" value="httpServletFormTestAuthModule"/>
+ </antcall>
+ </target>
+
+ <target name="unsetup" depends="init-common">
+ <antcall target="delete-user-common">
+ <param name="user" value="shingwai"/>
+ </antcall>
+
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-message-security-provider"/>
+ <param name="as.props" value="${as.props} --layer HttpServlet"/>
+ <param name="operand.props" value="httpServletFormTestAuthModule"/>
+ </antcall>
+
+ <!-- <antcall target="reconfig-common"/>-->
+
+ <!-- may not be able to delete this file in PC environment -->
+ <delete file="${env.S1AS_HOME}/lib/test-${appname}-provider.jar" failonerror="false"/>
+ </target>
+
+ <target name="build" depends="init-common">
+ <antcall target="webclient-war-common">
+ <param name="hasWebclient" value="yes"/>
+ </antcall>
+
+ <antcall target="compile-common">
+ <param name="src" value="src"/>
+ </antcall>
+ <mkdir dir="${assemble.dir}"/>
+ <jar jarfile="${assemble.dir}/test-${appname}-provider.jar">
+ <fileset dir="${build.classes.dir}"/>
+ </jar>
+ </target>
+
+ <target name="deploy" depends="init-common">
+ <antcall target="deploy-war-libraries">
+ <param name="as.props" value="${as.props}"/>
+ <param name="libraries" value="${env.S1AS_HOME}/lib/test-${appname}-provider.jar"/>
+ <param name="contextroot" value="${appname}"/>
+ </antcall>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-war-common"/>
+ </target>
+
+ <target name="run" depends="init-common">
+ <taskdef name="webtest" classname="${webtest.classname}" classpath="${webtest.classpath}" />
+ <webtest request="GET /security-jmac-httpservletform/index.jsp HTTP/1.0"
+ debug="9"
+ host="${http.host}"
+ port="${http.port}"
+ authMethod="FORM"
+ userName="shingwai"
+ password="shingwai"
+ firstTask="true"
+ lastTest="true"
+ lastCase="true"
+ lastTask="true"
+ resultFileName="${webtest.report.dir}/security-gtest-results.xml"
+ testSession="security-jmac-httpservletform"
+ requestHeaders="Host:${http.host}:${http.port}"
+ goldenFile="${env.APS_HOME}/devtests/security/jmac/httpServletForm/goldenfiles/output.html"
+ testSuiteId="security-jmac-httpservletform"
+ testSuiteName="security-jmac-httpservletform"
+ testSuiteDescription="Security Test"
+ testId="security-jmac-httpservletform"
+ testName="security-jmac-httpservletform"
+ testDescription="JSR 196 HttpServletForm test: ${testcaseid}"
+ testCaseId="${testcaseid}"
+ testCaseName="${testcaseid}"
+ testCaseDescription="JSR 196 HttpServletForm test"
+ testStrategy="JSR 196 HttpServletForm test"
+ />
+ </target>
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/httpServletForm/descriptor/sun-web.xml b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletForm/descriptor/sun-web.xml
new file mode 100644
index 0000000..cec57e0
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletForm/descriptor/sun-web.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 Servlet 2.3//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-web-app_2_3-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-web-app httpservlet-security-provider="httpServletFormTestAuthModule">
+ <security-role-mapping>
+ <role-name>myrole</role-name>
+ <group-name>mygroup</group-name>
+ </security-role-mapping>
+</sun-web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/httpServletForm/descriptor/web.xml b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletForm/descriptor/web.xml
new file mode 100644
index 0000000..5234346
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletForm/descriptor/web.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN' 'http://java.sun.com/j2ee/dtds/web-app_2_2.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app>
+ <display-name>HttpServletForm Provider test</display-name>
+ <servlet>
+ <servlet-name>indexJsp</servlet-name>
+ <jsp-file>/index.jsp</jsp-file>
+ <load-on-startup>0</load-on-startup>
+ </servlet>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>MySecureBit</web-resource-name>
+ <url-pattern>/index.jsp</url-pattern>
+ <http-method>GET</http-method>
+ <http-method>POST</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>myrole</role-name>
+ </auth-constraint>
+ <user-data-constraint>
+ <transport-guarantee>NONE</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+ <security-role>
+ <role-name>myrole</role-name>
+ </security-role>
+
+</web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/httpServletForm/docroot/error.html b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletForm/docroot/error.html
new file mode 100644
index 0000000..467a8f4
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletForm/docroot/error.html
@@ -0,0 +1,28 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<html>
+<head><title> A typical Error Page</title></head>
+<body>
+<h2>A simple Error Page</h2>
+<hr>
+You could not be authenticated with the information provided. <BR>
+Please check your Username and Password.
+<br>
+</body>
+</html>
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/httpServletForm/docroot/index.jsp b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletForm/docroot/index.jsp
new file mode 100644
index 0000000..a76b22d
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletForm/docroot/index.jsp
@@ -0,0 +1,31 @@
+<%--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+--%>
+
+Hello World from 196 HttpServletForm AuthModule Test!
+<hr>
+<%
+ try {
+ out.println("Hello, " + request.getUserPrincipal() +
+ " from " + request.getAttribute("MY_NAME"));
+ out.println("PC = " + request.getAttribute("PC"));
+ } catch(Throwable t) {
+ out.println("Something wrong: " + t);
+ t.printStackTrace();
+ }
+%>
+<hr>
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/httpServletForm/docroot/login.jsp b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletForm/docroot/login.jsp
new file mode 100644
index 0000000..a41780e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletForm/docroot/login.jsp
@@ -0,0 +1,36 @@
+<%--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+--%>
+
+<%@ page language="java"%>
+<html>
+<head><title>Login Page</title></head>
+<h2> Welcome </h2>
+<BR>
+Please login
+<BR>
+<HR>
+<FORM ACTION="j_security_check" METHOD=POST>
+<table border=0>
+<tr><td align="right">UserName:<td><INPUT TYPE="text" NAME="j_username" VALUE=""> <BR>
+<tr><td align="right">Password:<td><INPUT TYPE="password" NAME="j_password" VALUE=""> <BR>
+</table>
+<BR>
+<INPUT TYPE="submit" value="Login"> <INPUT TYPE="reset" value="Clear">
+
+</FORM>
+</html>
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/httpServletForm/goldenfiles/output.html b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletForm/goldenfiles/output.html
new file mode 100644
index 0000000..fd9a284
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletForm/goldenfiles/output.html
@@ -0,0 +1,7 @@
+Hello World from 196 HttpServletForm AuthModule Test!
+<hr>
+Hello, shingwai from com.sun.s1asdev.security.jmac.httpservletform.HttpServletFormTestAuthModule
+PC = security-jmac-httpservletform-web/security-jmac-httpservletform-web
+
+
+<hr>
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/httpServletForm/src/HttpServletFormTestAuthModule.java b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletForm/src/HttpServletFormTestAuthModule.java
new file mode 100644
index 0000000..7849c89
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletForm/src/HttpServletFormTestAuthModule.java
@@ -0,0 +1,174 @@
+/*
+ * Copyright (c) 2007, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.jmac.httpservletform;
+
+import java.util.Map;
+import java.security.Principal;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.MessagePolicy;
+import javax.security.auth.message.callback.CallerPrincipalCallback;
+import javax.security.auth.message.callback.PasswordValidationCallback;
+import javax.security.auth.message.module.ServerAuthModule;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.http.HttpSession;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+
+import sun.misc.BASE64Decoder;
+
+public class HttpServletFormTestAuthModule implements ServerAuthModule {
+ private static final String SAVED_REQUEST = "Saved_Request";
+ private static final String SAVED_SUBJECT = "Saved_Subject";
+ private CallbackHandler handler = null;
+ private String pc = null;
+
+ public void initialize(MessagePolicy requestPolicy,
+ MessagePolicy responsePolicy,
+ CallbackHandler handler,
+ Map options)
+ throws AuthException {
+ this.handler = handler;
+ if (options != null) {
+ this.pc = (String)options.get("javax.security.jacc.PolicyContext");
+ }
+ }
+
+ public Class[] getSupportedMessageTypes() {
+ return new Class[] { HttpServletRequest.class, HttpServletResponse.class };
+ }
+
+ public AuthStatus validateRequest(MessageInfo messageInfo,
+ Subject clientSubject,
+ Subject serviceSubject) throws AuthException {
+
+ String username = null;
+ String password = null;
+ HttpServletRequest request =
+ (HttpServletRequest)messageInfo.getRequestMessage();
+ HttpServletResponse response =
+ (HttpServletResponse)messageInfo.getResponseMessage();
+
+ if (!isMandatory(messageInfo) &&
+ !request.getRequestURI().endsWith("/j_security_check")) {
+ return AuthStatus.SUCCESS;
+ }
+
+ try {
+ HttpSession session = request.getSession(false);
+ if (session != null) {
+ Subject savedClientSubject =
+ (Subject)session.getValue(SAVED_SUBJECT);
+ if (savedClientSubject != null) {
+ System.out.println("already has saved subject");
+ // just copy principals for testing
+ clientSubject.getPrincipals().addAll(
+ savedClientSubject.getPrincipals());
+ request.setAttribute("MY_NAME", getClass().getName());
+ request.setAttribute("PC", pc);
+ return AuthStatus.SUCCESS;
+ }
+ }
+
+ username = request.getParameter("j_username");
+ password = request.getParameter("j_password");
+
+ if (username == null || password == null) {
+ System.out.println("forward to login form");
+ if (session == null) {
+ session = request.getSession(true);
+ }
+ session.putValue(SAVED_REQUEST, new SavedRequest(request));
+ RequestDispatcher rd = request.getRequestDispatcher("login.jsp");
+ rd.forward(request, response);
+ System.out.println("Form: SEND_CONTINUE");
+ return AuthStatus.SEND_CONTINUE;
+ }
+
+ char[] pwd = new char[password.length()];
+ password.getChars(0, password.length(), pwd, 0);
+ PasswordValidationCallback pwdCallback =
+ new PasswordValidationCallback(clientSubject, username, pwd);
+ CallerPrincipalCallback cpCallback =
+ new CallerPrincipalCallback(clientSubject, username);
+ System.out.println("Subject before invoking callbacks: " + clientSubject);
+ handler.handle(new Callback[] { pwdCallback, cpCallback });
+ System.out.println("Subject after invoking callbacks: " + clientSubject);
+
+ if (pwdCallback.getResult()) {
+ System.out.println("login success: " + username + ", " + password);
+ SavedRequest sreq = null;
+ if (session != null) {
+ sreq = (SavedRequest)session.getValue(SAVED_REQUEST);
+ // for testing only as Subject is not Serializable
+ session.putValue(SAVED_SUBJECT, clientSubject);
+ }
+ if (sreq != null) {
+ StringBuffer sb = new StringBuffer(sreq.getRequestURI());
+ if (sreq.getQueryString() != null) {
+ sb.append('?');
+ sb.append(sreq.getQueryString());
+ }
+ response.sendRedirect(
+ response.encodeRedirectURL(sb.toString()));
+ return AuthStatus.SEND_CONTINUE;
+ } else {
+ response.sendError(HttpServletResponse.SC_BAD_REQUEST);
+ return AuthStatus.SEND_FAILURE;
+ }
+ } else {
+ System.out.println("login fails: " + username + ", " + password);
+ RequestDispatcher rd = request.getRequestDispatcher("error.html");
+ rd.forward(request, response);
+ return AuthStatus.SEND_FAILURE;
+ }
+ } catch(Throwable t) {
+ System.out.println("login fails: " + username + ", " + password);
+ t.printStackTrace();
+ RequestDispatcher rd = request.getRequestDispatcher("error.html");
+ try {
+ rd.forward(request, response);
+ } catch(Exception ex) {
+ AuthException ae = new AuthException();
+ ae.initCause(ex);
+ throw ae;
+ }
+ return AuthStatus.SEND_FAILURE;
+ }
+ }
+
+ public AuthStatus secureResponse(MessageInfo messageInfo,
+ Subject serviceSubject) throws AuthException {
+ return AuthStatus.SUCCESS;
+ }
+
+ public void cleanSubject(MessageInfo messageInfo, Subject subject)
+ throws AuthException {
+ }
+
+
+ private boolean isMandatory(MessageInfo messageInfo) {
+ return Boolean.valueOf((String)messageInfo.getMap().get(
+ "javax.security.auth.message.MessagePolicy.isMandatory"));
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/httpServletForm/src/SavedRequest.java b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletForm/src/SavedRequest.java
new file mode 100644
index 0000000..829b6c1
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/httpServletForm/src/SavedRequest.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2007, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.jmac.httpservletform;
+
+import java.io.Serializable;
+import javax.servlet.http.HttpServletRequest;
+
+final class SavedRequest implements Serializable {
+ private String method = null;
+ private String requestURI = null;
+ private String queryString = null;
+
+ SavedRequest(HttpServletRequest hreq) {
+ method = hreq.getMethod();
+ requestURI = hreq.getRequestURI();
+ queryString = hreq.getQueryString();
+ }
+
+ String getMethod() {
+ return method;
+ }
+
+ void setMethod(String method) {
+ this.method = method;
+ }
+
+ String getRequestURI() {
+ return requestURI;
+ }
+
+ void setRequestURI(String requestURI) {
+ this.requestURI = requestURI;
+ }
+
+ String getQueryString() {
+ return queryString;
+ }
+
+ void setQueryString(String queryString) {
+ this.queryString = queryString;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/https/build.properties b/appserver/tests/appserv-tests/devtests/security/jmac/https/build.properties
new file mode 100644
index 0000000..1acbb53
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/https/build.properties
@@ -0,0 +1,26 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security-jmac-https"/>
+<property name="appname" value="${module}"/>
+<property name="app.type" value="war"/>
+<property name="assemble" value="${build.classes.dir}/archive"/>
+<property name="web.xml" value="descriptor/web.xml"/>
+<property name="sun-web.xml" value="descriptor/sun-web.xml"/>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/https/build.xml b/appserver/tests/appserv-tests/devtests/security/jmac/https/build.xml
new file mode 100644
index 0000000..50775c6
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/https/build.xml
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "file:./../../../../config/run.xml">
+<!ENTITY commonSecurity SYSTEM "file:../../common.xml">
+<!ENTITY testproperties SYSTEM "file:./build.properties">
+]>
+
+<project name="security-jmac-https" default="usage" basedir=".">
+
+ &commonSetup;
+ &commonBuild;
+ &commonRun;
+ &commonSecurity;
+ &testproperties;
+
+ <target name="all" depends="clean, build, setup, deploy, run, undeploy, unsetup"/>
+
+ <target name="clean" depends="init-common">
+ <antcall target="clean-common"/>
+ </target>
+
+ <target name="setup" depends="init-common,prepare-store-common">
+ <copy file="${assemble.dir}/test-${appname}-provider.jar"
+ todir="${env.S1AS_HOME}/lib"/>
+
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="create-message-security-provider"/>
+ <param name="as.props" value="${as.props} --classname com.sun.s1asdev.security.jmac.https.HttpsTestAuthModule --layer HttpServlet --providertype server --requestauthsource sender"/>
+ <param name="operand.props" value="httpsTestAuthModule"/>
+ </antcall>
+
+ <antcall target="restart"/>
+ </target>
+
+ <target name="unsetup" depends="init-common">
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-message-security-provider"/>
+ <param name="as.props" value="${as.props} --layer HttpServlet"/>
+ <param name="operand.props" value="httpsTestAuthModule"/>
+ </antcall>
+ <antcall target="remove-store-common"/>
+
+ <antcall target="restart"/>
+ <!-- may not be able to delete this file in PC environment -->
+ <delete file="${env.S1AS_HOME}/lib/test-${appname}-provider.jar" failonerror="false"/>
+ </target>
+
+ <target name="build" depends="init-common, init-security-util">
+ <antcall target="webclient-war-common">
+ <param name="hasWebclient" value="yes"/>
+ </antcall>
+
+ <antcall target="compile-common">
+ <param name="src" value="src"/>
+ </antcall>
+ <mkdir dir="${assemble.dir}"/>
+ <jar jarfile="${assemble.dir}/test-${appname}-provider.jar">
+ <fileset dir="${build.classes.dir}"/>
+ </jar>
+ </target>
+
+ <target name="deploy" depends="init-common">
+ <antcall target="deploy-war-libraries">
+ <param name="as.props" value="${as.props}"/>
+ <param name="libraries" value="${env.S1AS_HOME}/lib/test-${appname}-provider.jar"/>
+ <param name="contextroot" value="${appname}"/>
+ </antcall>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-war-common"/>
+ </target>
+
+ <target name="run" depends="init-common, init-security-util">
+ <java classname="com.sun.s1asdev.security.jmac.https.WebSSLClient" fork="true">
+ <!-- jvmarg value="-Djavax.net.debug=ssl,handshake,data,trustmanager"/-->
+ <jvmarg value="-Djavax.net.ssl.keyStore=${mykeystore.db.file}"/>
+ <jvmarg value="-Djavax.net.ssl.trustStore=${mytruststore.db.file}"/>
+ <jvmarg value="-Djavax.net.ssl.keyStorePassword=${ssl.password}"/>
+ <jvmarg value="-Djavax.net.ssl.trustStorePassword=${ssl.password}"/>
+ <jvmarg value="-Dsun.security.ssl.allowUnsafeRenegotiation=true"/>
+
+ <arg value="${s1asCN}"/>
+ <arg value="${https.port}"/>
+ <arg value="${appname}"/>
+ <classpath>
+ <pathelement location="${env.APS_HOME}/lib/reporter.jar"/>
+ <pathelement location="${build.classes.dir}"/>
+ </classpath>
+ </java>
+ </target>
+
+ <target name="restart">
+ <antcall target="restart-server-instance-common"/>
+ </target>
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/https/descriptor/sun-web.xml b/appserver/tests/appserv-tests/devtests/security/jmac/https/descriptor/sun-web.xml
new file mode 100644
index 0000000..d4e01e4
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/https/descriptor/sun-web.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 Servlet 2.3//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-web-app_2_3-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-web-app httpservlet-security-provider="httpsTestAuthModule">
+ <security-role-mapping>
+ <role-name>myrole</role-name>
+ <principal-name>CN=SSLTest, OU=Sun Java System Application Server, O=Sun Microsystems, L=Santa Clara, ST=California, C=US</principal-name>
+ </security-role-mapping>
+</sun-web-app>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/https/descriptor/web.xml b/appserver/tests/appserv-tests/devtests/security/jmac/https/descriptor/web.xml
new file mode 100644
index 0000000..df67824
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/https/descriptor/web.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN' 'http://java.sun.com/j2ee/dtds/web-app_2_2.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app>
+ <display-name>HttpServlet Provider test</display-name>
+ <servlet>
+ <servlet-name>indexJsp</servlet-name>
+ <jsp-file>/index.jsp</jsp-file>
+ <load-on-startup>0</load-on-startup>
+ </servlet>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>MySecureBit</web-resource-name>
+ <url-pattern>/index.jsp</url-pattern>
+ <http-method>GET</http-method>
+ <http-method>POST</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>myrole</role-name>
+ </auth-constraint>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>CLIENT-CERT</auth-method>
+ </login-config>
+
+ <security-role>
+ <role-name>myrole</role-name>
+ </security-role>
+
+</web-app>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/https/docroot/index.jsp b/appserver/tests/appserv-tests/devtests/security/jmac/https/docroot/index.jsp
new file mode 100644
index 0000000..be4b2d9
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/https/docroot/index.jsp
@@ -0,0 +1,30 @@
+<%--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+--%>
+
+Hello World from 196 HttpServlet AuthModule Test!
+<hr>
+<%
+ try {
+ out.println("Hello, " + request.getRemoteUser() +" from "
+ + request.getAttribute("MY_NAME"));
+ } catch(Exception ex) {
+ out.println("Something wrong: " + ex);
+ ex.printStackTrace();
+ }
+%>
+<hr>
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/https/src/HttpsTestAuthModule.java b/appserver/tests/appserv-tests/devtests/security/jmac/https/src/HttpsTestAuthModule.java
new file mode 100644
index 0000000..c4917c5
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/https/src/HttpsTestAuthModule.java
@@ -0,0 +1,107 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.jmac.https;
+
+import java.util.Map;
+import java.security.cert.X509Certificate;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.MessagePolicy;
+import javax.security.auth.message.callback.CallerPrincipalCallback;
+import javax.security.auth.message.module.ServerAuthModule;
+import javax.security.auth.x500.X500Principal;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+public class HttpsTestAuthModule implements ServerAuthModule {
+
+ private CallbackHandler handler = null;
+
+ public void initialize(MessagePolicy requestPolicy,
+ MessagePolicy responsePolicy,
+ CallbackHandler handler,
+ Map options)
+ throws AuthException {
+ this.handler = handler;
+ }
+
+ public Class[] getSupportedMessageTypes() {
+ return new Class[]{HttpServletRequest.class, HttpServletResponse.class};
+ }
+
+ public AuthStatus validateRequest(MessageInfo messageInfo,
+ Subject clientSubject,
+ Subject serviceSubject) throws AuthException {
+
+
+ if (!isMandatory(messageInfo)) {
+ return AuthStatus.SUCCESS;
+ }
+
+ X500Principal x500Principal = null;
+ try {
+ HttpServletRequest request =
+ (HttpServletRequest) messageInfo.getRequestMessage();
+ X509Certificate certs[] =
+ (X509Certificate[]) request.getAttribute(
+ "javax.servlet.request.X509Certificate");
+ if (certs == null || certs.length < 1) {
+ System.out.println("javax...certs is null or empty");
+ certs = (X509Certificate[]) request.getAttribute(
+ "org.apache.coyote.request.X509Certificate");
+ }
+ System.out.println("certs: " + certs);
+ if (certs != null && certs.length > 0) {
+ x500Principal = certs[0].getSubjectX500Principal();
+ System.out.println("X500Principal = " + x500Principal);
+ }
+
+ CallerPrincipalCallback cpCallback =
+ new CallerPrincipalCallback(clientSubject, x500Principal);
+ System.out.println("Subject before invoking callbacks: " + clientSubject);
+ handler.handle(new Callback[]{cpCallback});
+ System.out.println("Subject after invoking callbacks: " + clientSubject);
+
+ request.setAttribute("MY_NAME", getClass().getName());
+ System.out.println("login success: " + x500Principal);
+ return AuthStatus.SUCCESS;
+ } catch (Throwable t) {
+ System.out.println("login fails: " + x500Principal);
+ t.printStackTrace();
+ return AuthStatus.SEND_FAILURE;
+ }
+ }
+
+ public AuthStatus secureResponse(MessageInfo messageInfo,
+ Subject serviceSubject) throws AuthException {
+ return AuthStatus.SUCCESS;
+ }
+
+ public void cleanSubject(MessageInfo messageInfo, Subject subject)
+ throws AuthException {
+ }
+
+ private boolean isMandatory(MessageInfo messageInfo) {
+ return Boolean.valueOf((String) messageInfo.getMap().get(
+ "javax.security.auth.message.MessagePolicy.isMandatory"));
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/https/src/WebSSLClient.java b/appserver/tests/appserv-tests/devtests/security/jmac/https/src/WebSSLClient.java
new file mode 100644
index 0000000..6acacaf
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/https/src/WebSSLClient.java
@@ -0,0 +1,113 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.jmac.https;
+
+import java.io.*;
+import java.util.regex.Pattern;
+import java.net.*;
+import javax.net.ssl.*;
+import com.sun.ejte.ccl.reporter.*;
+
+public class WebSSLClient {
+
+ private static final String TEST_NAME = "security-jmac-https";
+ private static final String EXPECTED_RESPONSE_PATTERN = "Hello, CN=.* from com.sun.s1asdev.security.jmac.https.HttpsTestAuthModule";
+ private static SimpleReporterAdapter stat = new SimpleReporterAdapter("appserv-tests");
+
+ public static void main(String args[]) throws Exception {
+
+ String host = args[0];
+ String port = args[1];
+ String contextRoot = args[2];
+
+ System.out.println("host/port=" + host + "/" + port);
+
+ try {
+ stat.addDescription(TEST_NAME);
+ SSLSocketFactory ssf = (SSLSocketFactory) SSLSocketFactory.getDefault();
+ HttpsURLConnection connection = connect("https://" + host + ":"
+ + port + "/" + contextRoot
+ + "/index.jsp",
+ ssf);
+
+ parseResponse(connection);
+
+ } catch (Throwable t) {
+ stat.addStatus(TEST_NAME, stat.FAIL);
+ t.printStackTrace();
+ }
+ stat.printSummary(TEST_NAME);
+ }
+
+ private static void parseResponse(HttpsURLConnection connection)
+ throws Exception {
+
+ BufferedReader in = null;
+
+ try {
+ in = new BufferedReader(new InputStreamReader(
+ connection.getInputStream()));
+
+ String line = null;
+ String matched = null;
+ try {
+ Pattern p = Pattern.compile(EXPECTED_RESPONSE_PATTERN);
+ while ((line = in.readLine()) != null) {
+ if (p.matcher(line).matches()) {
+ stat.addStatus(TEST_NAME, stat.PASS);
+ matched = line;
+ }
+ System.out.println(line);
+ }
+ } catch (Exception ex) {
+ ex.printStackTrace();
+ }
+
+ if (matched == null) {
+ System.err.println("Wrong response. Expected Pattern: "
+ + EXPECTED_RESPONSE_PATTERN
+ + ", received: " + matched);
+ stat.addStatus(TEST_NAME, stat.FAIL);
+ }
+ } finally {
+ if (in != null) {
+ in.close();
+ }
+ }
+ }
+
+ private static HttpsURLConnection connect(String urlAddress,
+ SSLSocketFactory ssf)
+ throws Exception {
+
+ URL url = new URL(urlAddress);
+ HttpsURLConnection.setDefaultSSLSocketFactory(ssf);
+ HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
+
+ connection.setHostnameVerifier(
+ new HostnameVerifier() {
+
+ public boolean verify(String rserver, SSLSession sses) {
+ return true;
+ }
+ });
+
+ connection.setDoOutput(true);
+
+ return connection;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soap/authmodule/SOAPTestClientAuthModule.java b/appserver/tests/appserv-tests/devtests/security/jmac/soap/authmodule/SOAPTestClientAuthModule.java
new file mode 100644
index 0000000..955e2f7
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soap/authmodule/SOAPTestClientAuthModule.java
@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.jmac.soap;
+
+import java.util.Map;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.MessagePolicy;
+import javax.security.auth.message.module.ClientAuthModule;
+import javax.xml.namespace.QName;
+import javax.xml.soap.SOAPMessage;
+
+public class SOAPTestClientAuthModule implements ClientAuthModule {
+ private CallbackHandler handler = null;
+
+ public void initialize(MessagePolicy requestPolicy,
+ MessagePolicy responsePolicy,
+ CallbackHandler handler,
+ Map options)
+ throws AuthException {
+ this.handler = handler;
+ }
+
+ public Class[] getSupportedMessageTypes() {
+ return new Class[] { SOAPMessage.class };
+ }
+
+ public AuthStatus secureRequest(MessageInfo messageInfo,
+ Subject clientSubject) throws AuthException {
+ SOAPMessage reqMessage = (SOAPMessage)messageInfo.getRequestMessage();
+ QName serviceName = (QName)messageInfo.getMap().get(
+ javax.xml.ws.Endpoint.WSDL_SERVICE);
+ System.out.println("serviceName = " + serviceName);
+ if (serviceName == null) {
+ throw new AuthException("serviceName is null");
+ } else if (!(serviceName instanceof javax.xml.namespace.QName)) {
+ throw new AuthException("serviceName is not an instanceof javax.xml.namespace.QName");
+ }
+ try {
+ Util.prependSOAPMessage(reqMessage, "SecReq ");
+ } catch(Exception ex) {
+ AuthException aex = new AuthException();
+ aex.initCause(ex);
+ throw aex;
+ }
+ return AuthStatus.SUCCESS;
+ }
+
+ public AuthStatus validateResponse(MessageInfo messageInfo,
+ Subject clientSubject, Subject serviceSubject)
+ throws AuthException {
+ SOAPMessage respMessage = (SOAPMessage)messageInfo.getResponseMessage();
+ try {
+ String value = Util.getValue(respMessage);
+ if (value == null || !value.startsWith("SecResp ") ||
+ (value.indexOf("ValReq SecReq ") == -1)) {
+ return AuthStatus.FAILURE;
+ }
+ Util.prependSOAPMessage(respMessage, "ValResp ");
+ } catch(Exception ex) {
+ AuthException aex = new AuthException();
+ aex.initCause(ex);
+ throw aex;
+ }
+ return AuthStatus.SUCCESS;
+ }
+
+ public void cleanSubject(MessageInfo messageInfo, Subject subject)
+ throws AuthException {
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soap/authmodule/SOAPTestServerAuthModule.java b/appserver/tests/appserv-tests/devtests/security/jmac/soap/authmodule/SOAPTestServerAuthModule.java
new file mode 100644
index 0000000..dccc935
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soap/authmodule/SOAPTestServerAuthModule.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.jmac.soap;
+
+import java.util.Map;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.MessagePolicy;
+import javax.security.auth.message.module.ServerAuthModule;
+import javax.xml.soap.SOAPMessage;
+
+public class SOAPTestServerAuthModule implements ServerAuthModule {
+ private CallbackHandler handler = null;
+
+ public void initialize(MessagePolicy requestPolicy,
+ MessagePolicy responsePolicy,
+ CallbackHandler handler,
+ Map options)
+ throws AuthException {
+ this.handler = handler;
+ }
+
+ public Class[] getSupportedMessageTypes() {
+ return new Class[] { SOAPMessage.class };
+ }
+
+ public AuthStatus validateRequest(MessageInfo messageInfo,
+ Subject clientSubject,
+ Subject serviceSubject) throws AuthException {
+ SOAPMessage reqMessage = (SOAPMessage)messageInfo.getRequestMessage();
+ try {
+ String value = Util.getValue(reqMessage);
+ if (value == null || !value.startsWith("SecReq ")) {
+ return AuthStatus.FAILURE;
+ }
+ Util.prependSOAPMessage(reqMessage, "ValReq ");
+ } catch(Exception ex) {
+ AuthException aex = new AuthException();
+ aex.initCause(ex);
+ throw aex;
+ }
+ return AuthStatus.SUCCESS;
+ }
+
+ public AuthStatus secureResponse(MessageInfo messageInfo,
+ Subject serviceSubject) throws AuthException {
+ SOAPMessage respMessage = (SOAPMessage)messageInfo.getResponseMessage();
+ try {
+ Util.prependSOAPMessage(respMessage, "SecResp ");
+ } catch(Exception ex) {
+ AuthException aex = new AuthException();
+ aex.initCause(ex);
+ throw aex;
+ }
+ return AuthStatus.SUCCESS;
+ }
+
+ public void cleanSubject(MessageInfo messageInfo, Subject subject)
+ throws AuthException {
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soap/authmodule/Util.java b/appserver/tests/appserv-tests/devtests/security/jmac/soap/authmodule/Util.java
new file mode 100644
index 0000000..447da8e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soap/authmodule/Util.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.jmac.soap;
+
+import java.io.IOException;
+import javax.xml.soap.SOAPBody;
+import javax.xml.soap.SOAPElement;
+import javax.xml.soap.SOAPException;
+import javax.xml.soap.SOAPMessage;
+
+class Util {
+ static String getValue(SOAPMessage message) throws SOAPException {
+ SOAPBody body = message.getSOAPBody();
+ SOAPElement paramElement =
+ (SOAPElement)body.getFirstChild().getFirstChild();
+ return paramElement.getValue();
+ }
+
+ static void prependSOAPMessage(SOAPMessage message, String prefix)
+ throws IOException, SOAPException {
+ //message.writeTo(System.out); System.out.println();
+ SOAPBody body = message.getSOAPBody();
+ SOAPElement paramElement =
+ (SOAPElement)body.getFirstChild().getFirstChild();
+ paramElement.setValue(prefix + paramElement.getValue());
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soap/build.properties b/appserver/tests/appserv-tests/devtests/security/jmac/soap/build.properties
new file mode 100644
index 0000000..9f9636b
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soap/build.properties
@@ -0,0 +1,38 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security-jmac-soap"/>
+<property name="appname" value="${module}"/>
+<property name="assemble" value="${build.classes.dir}/archive"/>
+<property name="test.client"
+ value="com.sun.s1asdev.security.jmac.soap.client.Client"/>
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="sun-application.xml" value="descriptor/sun-application.xml"/>
+<property name="ejb-jar.xml" value="descriptor/ejb-jar.xml"/>
+<property name="sun-ejb-jar.xml" value="descriptor/sun-ejb-jar.xml"/>
+<property name="web.xml" value="descriptor/web.xml"/>
+<property name="sun-web.xml" value="descriptor/sun-web.xml"/>
+<property name="client-handler.xml" value="client/myhandler.xml"/>
+<property name="application-client.xml"
+ value="descriptor/application-client.xml"/>
+<property name="sun-application-client.xml"
+ value="descriptor/sun-application-client.xml"/>
+<property name="appclientjar.files" value="${build.classes.dir}"/>
+<property name="appclient.jar" value="${assemble.dir}/${appname}-client.jar"/>
+<property name="app.type" value="application"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soap/build.xml b/appserver/tests/appserv-tests/devtests/security/jmac/soap/build.xml
new file mode 100644
index 0000000..d6c4dac
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soap/build.xml
@@ -0,0 +1,222 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "file:./../../../../config/run.xml">
+<!ENTITY commonSecurity SYSTEM "file:../../common.xml">
+<!ENTITY testproperties SYSTEM "file:./build.properties">
+]>
+
+<project name="security-jmac-soap" default="usage" basedir=".">
+
+ &commonSetup;
+ &commonBuild;
+ &commonRun;
+ &testproperties;
+ &commonSecurity;
+
+ <target name="all" depends="clean, build-providers, setup, build-deploy, run, undeploy, unsetup"/>
+
+ <target name="clean" depends="init-common">
+ <antcall target="clean-common"/>
+ </target>
+
+ <target name="build-providers" depends="init-common">
+ <antcall target="compile-common">
+ <param name="src" value="authmodule"/>
+ <param name="build.classes.dir" value="${build.classes.dir}/authmodule"/>
+ </antcall>
+
+ <mkdir dir="${assemble.dir}"/>
+ <jar jarfile="${assemble.dir}/test-${appname}-provider.jar">
+ <fileset dir="${build.classes.dir}/authmodule"/>
+ </jar>
+ </target>
+
+ <target name="setup" depends="init-common">
+ <!-- exports certdb stuff and imports into keystore -->
+ <antcall target="prepare-store-nickname-common">
+ <param name="cert.nickname" value="s1as"/>
+ </antcall>
+
+ <copy file="${assemble.dir}/test-${appname}-provider.jar"
+ todir="${env.S1AS_HOME}/lib"/>
+
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="create-message-security-provider"/>
+ <param name="as.props" value="${as.props} --classname com.sun.s1asdev.security.jmac.soap.SOAPTestServerAuthModule --layer SOAP --providertype server --requestauthsource sender"/>
+ <param name="operand.props" value="SOAPTestServerAuthModule"/>
+ </antcall>
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="create-message-security-provider"/>
+ <param name="as.props" value="${as.props} --classname com.sun.s1asdev.security.jmac.soap.SOAPTestClientAuthModule --layer SOAP --providertype client --requestauthsource sender"/>
+ <param name="operand.props" value="SOAPTestClientAuthModule"/>
+ </antcall>
+
+ <!--antcall target="restart"/-->
+
+ <copy file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml"
+ tofile="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml.ORIG"/>
+ <replace file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml">
+ <replacetoken><![CDATA[</message-security-config>]]></replacetoken>
+ <replacevalue><![CDATA[<provider-config class-name="com.sun.s1asdev.security.jmac.soap.SOAPTestClientAuthModule" provider-id="SOAPTestClientAuthModule" provider-type="client">
+ <request-policy auth-source="sender"/>
+ </provider-config>
+ </message-security-config>]]></replacevalue>
+ </replace>
+ </target>
+
+ <target name="unsetup" depends="init-common">
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-message-security-provider"/>
+ <param name="as.props" value="${as.props} --layer SOAP"/>
+ <param name="operand.props" value="SOAPTestServerAuthModule"/>
+ </antcall>
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-message-security-provider"/>
+ <param name="as.props" value="${as.props} --layer SOAP"/>
+ <param name="operand.props" value="SOAPTestClientAuthModule"/>
+ </antcall>
+
+ <replace file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml">
+ <replacetoken><![CDATA[<provider-config class-name="com.sun.s1asdev.security.jmac.soap.SOAPTestClientAuthModule" provider-id="SOAPTestClientAuthModule" provider-type="client">
+ <request-policy auth-source="sender"/>
+ </provider-config>
+ </message-security-config>]]></replacetoken>
+ <replacevalue><![CDATA[</message-security-config>]]></replacevalue>
+ </replace>
+
+ <!-- may not be able to delete this file in PC environment -->
+ <delete file="${env.S1AS_HOME}/lib/test-${appname}-provider.jar" failonerror="false"/>
+ </target>
+
+ <target name="compile-server" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="ejbws"/>
+ <param name="build.classes.dir" value="${build.classes.dir}/ejbws"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="servletws"/>
+ <param name="build.classes.dir" value="${build.classes.dir}/servletws/WEB-INF/classes"/>
+ </antcall>
+ </target>
+
+ <target name="compile-client">
+ <mkdir dir="${build.classes.dir}/client"/>
+ <antcall target="wsimport">
+ <param name="wsimport.args"
+ value="-keep -d ${build.classes.dir}/client http://${http.host}:${http.port}/JmacSoapEjbService/HelloEjb?WSDL"/>
+ </antcall>
+ <antcall target="wsimport">
+ <param name="wsimport.args"
+ value="-keep -d ${build.classes.dir}/client http://${http.host}:${http.port}/security-jmac-soap-web/webservice/JmacSoapServletService/HelloServlet?WSDL"/>
+ </antcall>
+
+ <delete file="client/Client.java" failonerror="false"/>
+ <copy file="client/Client.java.template" tofile="client/Client.java"/>
+ <replace file="client/Client.java">
+ <replacefilter token="@HOST@" value="${http.host}"/>
+ <replacefilter token="@PORT@" value="${http.port}"/>
+ </replace>
+ <javac srcdir="client" destdir="${build.classes.dir}/client"
+ classpath="${env.APS_HOME}/lib/reporter.jar:${env.S1AS_HOME}/lib/j2ee.jar:${env.S1AS_HOME}/lib/webservices-rt.jar:${env.S1AS_HOME}/lib/webservices-tools.jar:${build.classes.dir}/client" debug="on" failonerror="true"/>
+ </target>
+
+ <target name="build-server" depends="compile-server">
+ <mkdir dir="${assemble.dir}"/>
+ <mkdir dir="${build.classes.dir}/META-INF"/>
+
+ <antcall target="package-ejbjar-common">
+ <param name="ejbjar.files" value="${build.classes.dir}/ejbws"/>
+ <param name="ejb.jar" value="${assemble.dir}/${appname}-ejb.jar"/>
+ <param name="ejbjar.classes" value="com/sun/**/*.class"/>
+ </antcall>
+
+ <copy file="${web.xml}" tofile="${build.classes.dir}/servletws/WEB-INF/web.xml" failonerror="true"/>
+ <copy file="${sun-web.xml}" tofile="${build.classes.dir}/servletws/WEB-INF/sun-web.xml" failonerror="true"/>
+ <jar destfile="${assemble.dir}/${appname}-web.war">
+ <fileset dir="${build.classes.dir}/servletws"/>
+ </jar>
+
+ <copy file="${sun-application.xml}" tofile="${build.classes.dir}/META-INF/sun-application.xml" failonerror="false"/>
+ <jar jarfile="${assemble.dir}/${appname}App.ear">
+ <fileset dir="${assemble.dir}">
+ <include name="*.jar"/>
+ <include name="*.war"/>
+ </fileset>
+ <fileset dir="${build.classes.dir}">
+ <include name="META-INF/sun-application.xml"/>
+ </fileset>
+ </jar>
+ </target>
+
+ <target name="build-client" depends="compile-client">
+ <mkdir dir="${assemble.dir}"/>
+
+ <unjar src="${env.APS_HOME}/lib/reporter.jar" dest="${build.classes.dir}/client"/>
+ <copy file="${client-handler.xml}" todir="${build.classes.dir}/client/com/sun/s1asdev/security/jmac/soap/client" failonerror="true"/>
+ <antcall target="package-appclientjar-common">
+ <param name="appclientjar.files"
+ value="${build.classes.dir}/client"/>
+ <param name="appclient.jar"
+ value="${assemble.dir}/${appname}-client.jar"/>
+ <param name="appclientjar.classes"
+ value="com/sun/**/*.class, com/sun/**/*.xml"/>
+ </antcall>
+ </target>
+
+ <target name="build-deploy" depends="init-common">
+ <antcall target="build-server"/>
+ <antcall target="deploy-common-libraries">
+ <param name="as.props" value="${as.props}"/>
+ <param name="libraries" value="${env.S1AS_HOME}/lib/test-${appname}-provider.jar"/>
+ </antcall>
+ <antcall target="build-client"/>
+ <antcall target="deploy-client-common"/>
+ </target>
+
+ <target name="run" depends="init-common">
+ <exec executable="${APPCLIENT}">
+ <env key="APPCPATH" value="${env.S1AS_HOME}/lib/test-${appname}-provider.jar"/>
+ <env key="VMARGS" value="-Djavax.net.ssl.keyStore=${mykeystore.db.file} -Djavax.net.ssl.trustStore=${mytruststore.db.file} -Djavax.net.ssl.keyStorePassword=${ssl.password} -Djavax.net.ssl.trustStorePassword=${ssl.password}"/>
+ <arg line="-client" />
+ <arg line="${assemble.dir}/${appname}-clientClient.jar"/>
+ <arg line="-texauth"/>
+ <arg line="-user" />
+ <arg line="javaee" />
+ <arg line="-password" />
+ <arg line="javaee" />
+ </exec>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-common"/>
+ <antcall target="undeploy-client-common"/>
+ </target>
+
+ <target name="restart">
+ <antcall target="restart-server-instance-common"/>
+ </target>
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soap/client/Client.java.template b/appserver/tests/appserv-tests/devtests/security/jmac/soap/client/Client.java.template
new file mode 100644
index 0000000..8d1d6f8
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soap/client/Client.java.template
@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.jmac.soap.client;
+
+import java.util.Map;
+
+import javax.jws.HandlerChain;
+import javax.xml.ws.WebServiceRef;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+import com.sun.s1asdev.security.jmac.soap.ejbws.HelloEjb;
+import com.sun.s1asdev.security.jmac.soap.ejbws.JmacSoapEjbService;
+import com.sun.s1asdev.security.jmac.soap.servletws.HelloServlet;
+import com.sun.s1asdev.security.jmac.soap.servletws.JmacSoapServletService;
+
+public class Client {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+ private static String testSuite = "Sec::Jmac SOAP test ";
+
+ @HandlerChain(file="myhandler.xml")
+ @WebServiceRef(wsdlLocation="http://@HOST@:@PORT@/JmacSoapEjbService/HelloEjb?WSDL")
+ private static JmacSoapEjbService ejbService;
+
+ @HandlerChain(file="myhandler.xml")
+ @WebServiceRef(wsdlLocation="http://@HOST@:@PORT@/security-jmac-soap-web/webservice/JmacSoapServletService/HelloServlet?WSDL")
+ private static JmacSoapServletService servletService;
+
+
+ public static void main(String[] args) {
+ stat.addDescription("security-jmac-soap");
+ String description = null;
+ try {
+ HelloEjb ejbPort = ejbService.getHelloEjbPort();
+
+ description = testSuite + " ejbws: hello";
+ String ejbMsg = ejbPort.hello("Sun");
+ System.out.println(ejbMsg);
+ if ("InboundHandler ValResp SecResp HelloEjb ValReq SecReq OutboundHandler Sun".equals(ejbMsg)) {
+ stat.addStatus(description, stat.PASS);
+ } else {
+ stat.addStatus(description, stat.FAIL);
+ }
+
+ HelloServlet servletPort = servletService.getHelloServletPort();
+ description = testSuite + " serlvetws: hello";
+ String servletMsg = servletPort.hello("Sun");
+ System.out.println(servletMsg);
+ if ("InboundHandler ValResp SecResp HelloServlet ValReq SecReq OutboundHandler Sun".equals(servletMsg)) {
+ stat.addStatus(description, stat.PASS);
+ } else {
+ stat.addStatus(description, stat.FAIL);
+ }
+ } catch(Exception ex) {
+ ex.printStackTrace();
+ stat.addStatus(description, stat.FAIL);
+ }
+
+ stat.printSummary("security-jmac-soap");
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soap/client/MANIFEST.MF b/appserver/tests/appserv-tests/devtests/security/jmac/soap/client/MANIFEST.MF
new file mode 100644
index 0000000..142b122
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soap/client/MANIFEST.MF
@@ -0,0 +1,2 @@
+Manifest-Version: 1.0
+Main-Class: com.sun.s1asdev.security.jmac.soap.client.Client
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soap/client/TestHandler.java b/appserver/tests/appserv-tests/devtests/security/jmac/soap/client/TestHandler.java
new file mode 100644
index 0000000..f566b46
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soap/client/TestHandler.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.jmac.soap.client;
+
+import java.util.Map;
+import java.util.Set;
+
+import javax.xml.namespace.QName;
+import javax.xml.ws.handler.MessageContext;
+import javax.xml.ws.handler.soap.SOAPHandler;
+import javax.xml.ws.handler.soap.SOAPMessageContext;
+import javax.xml.soap.*;
+
+public class TestHandler implements SOAPHandler<SOAPMessageContext> {
+
+ public Set<QName> getHeaders() {
+ return null;
+ }
+
+ public void init() {
+ }
+
+ public boolean handleMessage(SOAPMessageContext context) {
+ System.out.println("Calling client handler");
+ try {
+ boolean outbound = (Boolean)context.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
+ String prefix;
+ if (outbound) {
+ prefix = "OutboundHandler ";
+ System.out.println("Calling outbound client handler");
+ } else {
+ prefix = "InboundHandler ";
+ System.out.println("Calling inbound client handler");
+ }
+ SOAPMessage message = context.getMessage();
+ SOAPBody body = message.getSOAPBody();
+ SOAPElement paramElement =
+ (SOAPElement) body.getFirstChild().getFirstChild();
+ paramElement.setValue(prefix + paramElement.getValue());
+ } catch (SOAPException e) {
+ e.printStackTrace();
+ }
+ return true;
+ }
+
+ public boolean handleFault(SOAPMessageContext context) {
+ return true;
+ }
+
+ public void destroy() {
+ }
+
+ public void close(MessageContext context) {
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soap/client/myhandler.xml b/appserver/tests/appserv-tests/devtests/security/jmac/soap/client/myhandler.xml
new file mode 100644
index 0000000..878d992
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soap/client/myhandler.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<handler-chains xmlns:jws="http://java.sun.com/xml/ns/javaee">
+ <handler-chain>
+ <handler>
+ <handler-class>com.sun.s1asdev.security.jmac.soap.client.TestHandler</handler-class>
+ </handler>
+ </handler-chain>
+</handler-chains>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soap/descriptor/sun-application-client.xml b/appserver/tests/appserv-tests/devtests/security/jmac/soap/descriptor/sun-application-client.xml
new file mode 100644
index 0000000..1cf866a
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soap/descriptor/sun-application-client.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application-client PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 Application Client 1.4//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-application-client_1_4-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application-client>
+ <service-ref>
+ <service-ref-name>com.sun.s1asdev.security.jmac.soap.client.Client/ejbService</service-ref-name>
+ <port-info>
+ <wsdl-port>
+ <namespaceURI>http://ejbws.soap.jmac.security.s1asdev.sun.com</namespaceURI>
+ <localpart>HelloEjbPort</localpart>
+ </wsdl-port>
+ <message-security-binding auth-layer="SOAP"
+ provider-id="SOAPTestClientAuthModule">
+ <message-security>
+ <message/>
+ <request-protection auth-source="sender"/>
+ </message-security>
+ </message-security-binding>
+ </port-info>
+ </service-ref>
+
+ <service-ref>
+ <service-ref-name>com.sun.s1asdev.security.jmac.soap.client.Client/servletService</service-ref-name>
+ <port-info>
+ <wsdl-port>
+ <namespaceURI>http://servletws.soap.jmac.security.s1asdev.sun.com</namespaceURI>
+ <localpart>HelloServletPort</localpart>
+ </wsdl-port>
+ <message-security-binding auth-layer="SOAP"
+ provider-id="SOAPTestClientAuthModule">
+ <message-security>
+ <message/>
+ <request-protection auth-source="sender"/>
+ </message-security>
+ </message-security-binding>
+ </port-info>
+ </service-ref>
+</sun-application-client>
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soap/descriptor/sun-ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/jmac/soap/descriptor/sun-ejb-jar.xml
new file mode 100644
index 0000000..9374ccb
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soap/descriptor/sun-ejb-jar.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 EJB 2.1//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-ejb-jar_2_1-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-ejb-jar>
+ <enterprise-beans>
+ <ejb>
+ <ejb-name>HelloEjb</ejb-name>
+ <webservice-endpoint>
+ <port-component-name>HelloEjb</port-component-name>
+ <endpoint-address-uri>/JmacSoapEjbService/HelloEjb</endpoint-address-uri>
+ <message-security-binding auth-layer="SOAP"
+ provider-id="SOAPTestServerAuthModule">
+ <message-security>
+ <message/>
+ <request-protection auth-source="content"/>
+ <response-protection auth-source="content"/>
+ </message-security>
+ </message-security-binding>
+ </webservice-endpoint>
+ </ejb>
+ </enterprise-beans>
+</sun-ejb-jar>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soap/descriptor/sun-web.xml b/appserver/tests/appserv-tests/devtests/security/jmac/soap/descriptor/sun-web.xml
new file mode 100644
index 0000000..5f2352d
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soap/descriptor/sun-web.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 Servlet 2.4//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-web-app_2_4-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-web-app>
+ <servlet>
+ <servlet-name>HelloServlet</servlet-name>
+ <webservice-endpoint>
+ <port-component-name>HelloServlet</port-component-name>
+ <message-security-binding auth-layer="SOAP"
+ provider-id="SOAPTestServerAuthModule">
+ <message-security>
+ <message/>
+ <request-protection auth-source="content"/>
+ <response-protection auth-source="content"/>
+ </message-security>
+ </message-security-binding>
+ </webservice-endpoint>
+ </servlet>
+</sun-web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soap/descriptor/web.xml b/appserver/tests/appserv-tests/devtests/security/jmac/soap/descriptor/web.xml
new file mode 100644
index 0000000..01885bf
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soap/descriptor/web.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:j2ee="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2.5"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
+
+ <servlet>
+ <servlet-name>HelloServlet</servlet-name>
+ <servlet-class>com.sun.s1asdev.security.jmac.soap.servletws.HelloServlet</servlet-class>
+ <load-on-startup>0</load-on-startup>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>HelloServlet</servlet-name>
+ <url-pattern>/webservice/JmacSoapServletService/HelloServlet</url-pattern>
+ </servlet-mapping>
+</web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soap/ejbws/HelloEjb.java b/appserver/tests/appserv-tests/devtests/security/jmac/soap/ejbws/HelloEjb.java
new file mode 100644
index 0000000..ba7b517
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soap/ejbws/HelloEjb.java
@@ -0,0 +1,30 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.jmac.soap.ejbws;
+
+import javax.ejb.Stateless;
+import javax.jws.WebService;
+
+@Stateless
+@WebService(targetNamespace="http://ejbws.soap.jmac.security.s1asdev.sun.com", serviceName="JmacSoapEjbService")
+public class HelloEjb {
+ public String hello(String who) {
+ String message = "HelloEjb " + who;
+ System.out.println(message);
+ return message;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soap/servletws/HelloServlet.java b/appserver/tests/appserv-tests/devtests/security/jmac/soap/servletws/HelloServlet.java
new file mode 100644
index 0000000..6b60bd2
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soap/servletws/HelloServlet.java
@@ -0,0 +1,29 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.jmac.soap.servletws;
+
+import javax.jws.WebService;
+
+@WebService(targetNamespace="http://servletws.soap.jmac.security.s1asdev.sun.com", serviceName="JmacSoapServletService")
+public class HelloServlet {
+ public String hello(String who) {
+ String message = "HelloServlet " + who;
+ System.out.println(message);
+ return message;
+
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/authmodule/SOAPDefaultTestClientAuthModule.java b/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/authmodule/SOAPDefaultTestClientAuthModule.java
new file mode 100644
index 0000000..ac848cc
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/authmodule/SOAPDefaultTestClientAuthModule.java
@@ -0,0 +1,79 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.jmac.soapdefault;
+
+import java.util.Map;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.MessagePolicy;
+import javax.security.auth.message.module.ClientAuthModule;
+import javax.xml.soap.SOAPMessage;
+
+public class SOAPDefaultTestClientAuthModule implements ClientAuthModule {
+ private CallbackHandler handler = null;
+
+ public void initialize(MessagePolicy requestPolicy,
+ MessagePolicy responsePolicy,
+ CallbackHandler handler,
+ Map options)
+ throws AuthException {
+ this.handler = handler;
+ }
+
+ public Class[] getSupportedMessageTypes() {
+ return new Class[] { SOAPMessage.class };
+ }
+
+ public AuthStatus secureRequest(MessageInfo messageInfo,
+ Subject clientSubject) throws AuthException {
+ SOAPMessage reqMessage = (SOAPMessage)messageInfo.getRequestMessage();
+ try {
+ Util.prependSOAPMessage(reqMessage, "SecReq ");
+ } catch(Exception ex) {
+ AuthException aex = new AuthException();
+ aex.initCause(ex);
+ throw aex;
+ }
+ return AuthStatus.SUCCESS;
+ }
+
+ public AuthStatus validateResponse(MessageInfo messageInfo,
+ Subject clientSubject, Subject serviceSubject)
+ throws AuthException {
+ SOAPMessage respMessage = (SOAPMessage)messageInfo.getResponseMessage();
+ try {
+ String value = Util.getValue(respMessage);
+ if (value == null || !value.startsWith("SecResp ") ||
+ (value.indexOf("ValReq SecReq ") == -1)) {
+ return AuthStatus.FAILURE;
+ }
+ Util.prependSOAPMessage(respMessage, "ValResp ");
+ } catch(Exception ex) {
+ AuthException aex = new AuthException();
+ aex.initCause(ex);
+ throw aex;
+ }
+ return AuthStatus.SUCCESS;
+ }
+
+ public void cleanSubject(MessageInfo messageInfo, Subject subject)
+ throws AuthException {
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/authmodule/SOAPDefaultTestServerAuthModule.java b/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/authmodule/SOAPDefaultTestServerAuthModule.java
new file mode 100644
index 0000000..8e5b6c2
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/authmodule/SOAPDefaultTestServerAuthModule.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.jmac.soapdefault;
+
+import java.util.Map;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.MessagePolicy;
+import javax.security.auth.message.module.ServerAuthModule;
+import javax.xml.soap.SOAPMessage;
+
+public class SOAPDefaultTestServerAuthModule implements ServerAuthModule {
+ private CallbackHandler handler = null;
+
+ public void initialize(MessagePolicy requestPolicy,
+ MessagePolicy responsePolicy,
+ CallbackHandler handler,
+ Map options)
+ throws AuthException {
+ this.handler = handler;
+ }
+
+ public Class[] getSupportedMessageTypes() {
+ return new Class[] { SOAPMessage.class };
+ }
+
+ public AuthStatus validateRequest(MessageInfo messageInfo,
+ Subject clientSubject,
+ Subject serviceSubject) throws AuthException {
+ SOAPMessage reqMessage = (SOAPMessage)messageInfo.getRequestMessage();
+ try {
+ String value = Util.getValue(reqMessage);
+ if (value == null || !value.startsWith("SecReq ")) {
+ return AuthStatus.FAILURE;
+ }
+ Util.prependSOAPMessage(reqMessage, "ValReq ");
+ } catch(Exception ex) {
+ AuthException aex = new AuthException();
+ aex.initCause(ex);
+ throw aex;
+ }
+ return AuthStatus.SUCCESS;
+ }
+
+ public AuthStatus secureResponse(MessageInfo messageInfo,
+ Subject serviceSubject) throws AuthException {
+ SOAPMessage respMessage = (SOAPMessage)messageInfo.getResponseMessage();
+ try {
+ Util.prependSOAPMessage(respMessage, "SecResp ");
+ } catch(Exception ex) {
+ AuthException aex = new AuthException();
+ aex.initCause(ex);
+ throw aex;
+ }
+ return AuthStatus.SUCCESS;
+ }
+
+ public void cleanSubject(MessageInfo messageInfo, Subject subject)
+ throws AuthException {
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/authmodule/Util.java b/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/authmodule/Util.java
new file mode 100644
index 0000000..056dbab
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/authmodule/Util.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.jmac.soapdefault;
+
+import java.io.IOException;
+import javax.xml.soap.SOAPBody;
+import javax.xml.soap.SOAPElement;
+import javax.xml.soap.SOAPException;
+import javax.xml.soap.SOAPMessage;
+
+class Util {
+ static String getValue(SOAPMessage message) throws SOAPException {
+ SOAPBody body = message.getSOAPBody();
+ SOAPElement paramElement =
+ (SOAPElement)body.getFirstChild().getFirstChild();
+ return paramElement.getValue();
+ }
+
+ static void prependSOAPMessage(SOAPMessage message, String prefix)
+ throws IOException, SOAPException {
+ //message.writeTo(System.out); System.out.println();
+ SOAPBody body = message.getSOAPBody();
+ SOAPElement paramElement =
+ (SOAPElement)body.getFirstChild().getFirstChild();
+ paramElement.setValue(prefix + paramElement.getValue());
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/build.properties b/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/build.properties
new file mode 100644
index 0000000..b914506
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/build.properties
@@ -0,0 +1,35 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security-jmac-soapdefault"/>
+<property name="appname" value="${module}"/>
+<property name="assemble" value="${build.classes.dir}/archive"/>
+<property name="test.client"
+ value="com.sun.s1asdev.security.jmac.soapdefault.client.Client"/>
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="sun-application.xml" value="descriptor/sun-application.xml"/>
+<property name="ejb-jar.xml" value="descriptor/ejb-jar.xml"/>
+<property name="web.xml" value="descriptor/web.xml"/>
+<property name="application-client.xml"
+ value="descriptor/application-client.xml"/>
+<property name="sun-application-client.xml"
+ value="descriptor/sun-application-client.xml"/>
+<property name="appclientjar.files" value="${build.classes.dir}"/>
+<property name="appclient.jar" value="${assemble.dir}/${appname}-client.jar"/>
+<property name="app.type" value="application"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/build.xml b/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/build.xml
new file mode 100644
index 0000000..194dfb0
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/build.xml
@@ -0,0 +1,235 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "file:./../../../../config/run.xml">
+<!ENTITY commonSecurity SYSTEM "file:../../common.xml">
+<!ENTITY testproperties SYSTEM "file:./build.properties">
+]>
+
+<project name="security-jmac-soapdefault" default="usage" basedir=".">
+
+ &commonSetup;
+ &commonBuild;
+ &commonRun;
+ &testproperties;
+ &commonSecurity;
+
+ <target name="all" depends="clean, build-providers, setup, build-deploy, run, undeploy, unsetup"/>
+
+ <target name="clean" depends="init-common">
+ <antcall target="clean-common"/>
+ </target>
+
+ <target name="build-providers" depends="init-common">
+ <antcall target="compile-common">
+ <param name="src" value="authmodule"/>
+ <param name="build.classes.dir" value="${build.classes.dir}/authmodule"/>
+ </antcall>
+
+ <mkdir dir="${assemble.dir}"/>
+ <jar jarfile="${assemble.dir}/test-${appname}-provider.jar">
+ <fileset dir="${build.classes.dir}/authmodule"/>
+ </jar>
+ </target>
+
+ <target name="setup" depends="init-common">
+ <!-- exports certdb stuff and imports into keystore -->
+ <antcall target="prepare-store-nickname-common">
+ <param name="cert.nickname" value="s1as"/>
+ </antcall>
+
+ <copy file="${assemble.dir}/test-${appname}-provider.jar"
+ todir="${env.S1AS_HOME}/lib"/>
+
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="create-message-security-provider"/>
+ <param name="as.props" value="${as.props} --classname com.sun.s1asdev.security.jmac.soapdefault.SOAPDefaultTestServerAuthModule --layer SOAP --providertype server --requestauthsource sender"/>
+ <param name="operand.props" value="SOAPDefaultTestServerAuthModule"/>
+ </antcall>
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="create-message-security-provider"/>
+ <param name="as.props" value="${as.props} --classname com.sun.s1asdev.security.jmac.soapdefault.SOAPDefaultTestClientAuthModule --layer SOAP --providertype client --requestauthsource sender"/>
+ <param name="operand.props" value="SOAPDefaultTestClientAuthModule"/>
+ </antcall>
+
+ <antcall target="enable-wss-message-security-provider">
+ <param name="wss.server.provider.name" value="SOAPDefaultTestServerAuthModule"/>
+ <param name="wss.client.provider.name" value="SOAPDefaultTestClientAuthModule"/>
+ </antcall>
+
+ <!--antcall target="restart"/-->
+
+ <copy file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml"
+ tofile="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml.ORIG"/>
+ <replace file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml">
+ <replacetoken><![CDATA[</message-security-config>]]></replacetoken>
+ <replacevalue><![CDATA[<provider-config class-name="com.sun.s1asdev.security.jmac.soapdefault.SOAPDefaultTestClientAuthModule" provider-id="SOAPDefaultTestClientAuthModule" provider-type="client">
+ <request-policy auth-source="sender"/>
+ </provider-config>
+ </message-security-config>]]></replacevalue>
+ </replace>
+ <replace file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml">
+ <replacetoken><![CDATA[<message-security-config]]></replacetoken>
+ <replacevalue><![CDATA[<message-security-config default-client-provider="SOAPDefaultTestClientAuthModule"]]></replacevalue>
+ </replace>
+ </target>
+
+ <target name="unsetup" depends="init-common">
+ <replace file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml">
+ <replacetoken><![CDATA[<provider-config class-name="com.sun.s1asdev.security.jmac.soap.SOAPDefaultTestClientAuthModule" provider-id="SOAPDefaultTestClientAuthModule" provider-type="client">
+ <request-policy auth-source="sender"/>
+ </provider-config>
+ </message-security-config>]]></replacetoken>
+ <replacevalue><![CDATA[</message-security-config>]]></replacevalue>
+ </replace>
+ <replace file="${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml">
+ <replacetoken><![CDATA[<message-security-config default-client-provider="SOAPDefaultTestClientAuthModule"]]></replacetoken>
+ <replacevalue><![CDATA[<message-security-config]]></replacevalue>
+ </replace>
+
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-message-security-provider"/>
+ <param name="as.props" value="${as.props} --layer SOAP"/>
+ <param name="operand.props" value="SOAPDefaultTestServerAuthModule"/>
+ </antcall>
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-message-security-provider"/>
+ <param name="as.props" value="${as.props} --layer SOAP"/>
+ <param name="operand.props" value="SOAPDefaultTestClientAuthModule"/>
+ </antcall>
+
+ <antcall target="disable-wss-message-security-provider"/>
+
+ <!-- may not be able to delete this file in PC environment -->
+ <delete file="${env.S1AS_HOME}/lib/test-${appname}-provider.jar" failonerror="false"/>
+ </target>
+
+ <target name="compile-server" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="ejbws"/>
+ <param name="build.classes.dir" value="${build.classes.dir}/ejbws"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="servletws"/>
+ <param name="build.classes.dir" value="${build.classes.dir}/servletws/WEB-INF/classes"/>
+ </antcall>
+ </target>
+
+ <target name="compile-client">
+ <mkdir dir="${build.classes.dir}/client"/>
+ <antcall target="wsimport">
+ <param name="wsimport.args"
+ value="-keep -d ${build.classes.dir}/client http://${http.host}:${http.port}/JmacSoapDefaultEjbService/HelloEjb?WSDL"/>
+ </antcall>
+ <antcall target="wsimport">
+ <param name="wsimport.args"
+ value="-keep -d ${build.classes.dir}/client http://${http.host}:${http.port}/security-jmac-soapdefault-web/webservice/JmacSoapDefaultServletService/HelloServlet?WSDL"/>
+ </antcall>
+
+ <delete file="client/Client.java" failonerror="false"/>
+ <copy file="client/Client.java.template" tofile="client/Client.java"/>
+ <replace file="client/Client.java">
+ <replacefilter token="@HOST@" value="${http.host}"/>
+ <replacefilter token="@PORT@" value="${http.port}"/>
+ </replace>
+ <javac srcdir="client" destdir="${build.classes.dir}/client"
+ classpath="${env.APS_HOME}/lib/reporter.jar:${env.S1AS_HOME}/lib/j2ee.jar:${env.S1AS_HOME}/lib/webservices-rt.jar:${env.S1AS_HOME}/lib/webservices-tools.jar:${env.S1AS_HOME}/lib/appserv-ws.jar:${build.classes.dir}/client" debug="on" failonerror="true"/>
+ </target>
+
+ <target name="build-server" depends="compile-server">
+ <mkdir dir="${assemble.dir}"/>
+ <mkdir dir="${build.classes.dir}/META-INF"/>
+
+ <antcall target="package-ejbjar-common">
+ <param name="ejbjar.files" value="${build.classes.dir}/ejbws"/>
+ <param name="ejb.jar" value="${assemble.dir}/${appname}-ejb.jar"/>
+ <param name="ejbjar.classes" value="com/sun/**/*.class"/>
+ </antcall>
+
+ <copy file="${web.xml}" tofile="${build.classes.dir}/servletws/WEB-INF/web.xml" failonerror="true"/>
+ <jar destfile="${assemble.dir}/${appname}-web.war">
+ <fileset dir="${build.classes.dir}/servletws"/>
+ </jar>
+
+ <copy file="${sun-application.xml}" tofile="${build.classes.dir}/META-INF/sun-application.xml" failonerror="false"/>
+ <jar jarfile="${assemble.dir}/${appname}App.ear">
+ <fileset dir="${assemble.dir}">
+ <include name="*.jar"/>
+ <include name="*.war"/>
+ </fileset>
+ <fileset dir="${build.classes.dir}">
+ <include name="META-INF/sun-application.xml"/>
+ </fileset>
+ </jar>
+ </target>
+
+ <target name="build-client" depends="compile-client">
+ <mkdir dir="${assemble.dir}"/>
+
+ <unjar src="${env.APS_HOME}/lib/reporter.jar" dest="${build.classes.dir}/client"/>
+ <antcall target="package-appclientjar-common">
+ <param name="appclientjar.files"
+ value="${build.classes.dir}/client"/>
+ <param name="appclient.jar"
+ value="${assemble.dir}/${appname}-client.jar"/>
+ <param name="appclientjar.classes"
+ value="com/sun/**/*.class"/>
+ </antcall>
+ </target>
+
+ <target name="build-deploy" depends="init-common">
+ <antcall target="build-server"/>
+ <antcall target="deploy-common-libraries">
+ <param name="as.props" value="${as.props}"/>
+ <param name="libraries" value="${env.S1AS_HOME}/lib/test-${appname}-provider.jar"/>
+ </antcall>
+ <antcall target="build-client"/>
+ <antcall target="deploy-client-common"/>
+ </target>
+
+ <target name="run" depends="init-common">
+ <exec executable="${APPCLIENT}">
+ <env key="APPCPATH" value="${env.S1AS_HOME}/lib/test-${appname}-provider.jar"/>
+ <env key="VMARGS" value="-Djavax.net.ssl.keyStore=${mykeystore.db.file} -Djavax.net.ssl.trustStore=${mytruststore.db.file} -Djavax.net.ssl.keyStorePassword=${ssl.password} -Djavax.net.ssl.trustStorePassword=${ssl.password}"/>
+ <arg line="-client" />
+ <arg line="${assemble.dir}/${appname}-clientClient.jar"/>
+ <arg line="-texauth"/>
+ <arg line="-user" />
+ <arg line="javaee" />
+ <arg line="-password" />
+ <arg line="javaee" />
+ </exec>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-common"/>
+ <antcall target="undeploy-client-common"/>
+ </target>
+
+ <target name="restart">
+ <antcall target="restart-server-instance-common"/>
+ </target>
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/client/Client.java.template b/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/client/Client.java.template
new file mode 100644
index 0000000..8b6cfd7
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/client/Client.java.template
@@ -0,0 +1,73 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.jmac.soapdefault.client;
+
+import java.util.Map;
+
+import javax.xml.ws.WebServiceRef;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+import com.sun.s1asdev.security.jmac.soapdefault.ejbws.HelloEjb;
+import com.sun.s1asdev.security.jmac.soapdefault.ejbws.JmacSoapDefaultEjbService;
+import com.sun.s1asdev.security.jmac.soapdefault.servletws.HelloServlet;
+import com.sun.s1asdev.security.jmac.soapdefault.servletws.JmacSoapDefaultServletService;
+
+public class Client {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+ private static String testSuite = "Sec::Jmac SOAPDefault test ";
+
+ @WebServiceRef(wsdlLocation="http://@HOST@:@PORT@/JmacSoapDefaultEjbService/HelloEjb?WSDL")
+ private static JmacSoapDefaultEjbService ejbService;
+
+ @WebServiceRef(wsdlLocation="http://@HOST@:@PORT@/security-jmac-soapdefault-web/webservice/JmacSoapDefaultServletService/HelloServlet?WSDL")
+ private static JmacSoapDefaultServletService servletService;
+
+
+ public static void main(String[] args) {
+ stat.addDescription("security-jmac-soapdefault");
+ String description = null;
+ try {
+ HelloEjb ejbPort = ejbService.getHelloEjbPort();
+
+ description = testSuite + " ejbws: hello";
+ String ejbMsg = ejbPort.hello("Sun");
+ System.out.println(ejbMsg);
+ if ("ValResp SecResp HelloEjb ValReq SecReq Sun".equals(ejbMsg)) {
+ stat.addStatus(description, stat.PASS);
+ } else {
+ stat.addStatus(description, stat.FAIL);
+ }
+
+ HelloServlet servletPort = servletService.getHelloServletPort();
+ description = testSuite + " serlvetws: hello";
+ String servletMsg = servletPort.hello("Sun");
+ System.out.println(servletMsg);
+ if ("ValResp SecResp HelloServlet ValReq SecReq Sun".equals(servletMsg)) {
+ stat.addStatus(description, stat.PASS);
+ } else {
+ stat.addStatus(description, stat.FAIL);
+ }
+ } catch(Exception ex) {
+ ex.printStackTrace();
+ stat.addStatus(description, stat.FAIL);
+ }
+
+ stat.printSummary("security-jmac-soapdefault");
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/client/MANIFEST.MF b/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/client/MANIFEST.MF
new file mode 100644
index 0000000..fbaeb26
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/client/MANIFEST.MF
@@ -0,0 +1,2 @@
+Manifest-Version: 1.0
+Main-Class: com.sun.s1asdev.security.jmac.soapdefault.client.Client
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/descriptor/sun-application-client.xml b/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/descriptor/sun-application-client.xml
new file mode 100644
index 0000000..6cb438f
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/descriptor/sun-application-client.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application-client PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 Application Client 1.4//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-application-client_1_4-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application-client>
+ <service-ref>
+ <service-ref-name>com.sun.s1asdev.security.jmac.soapdefault.client.Client/ejbService</service-ref-name>
+ <port-info>
+ <wsdl-port>
+ <namespaceURI>http://ejbws.soapdefault.jmac.security.s1asdev.sun.com</namespaceURI>
+ <localpart>HelloEjbPort</localpart>
+ </wsdl-port>
+ <message-security-binding auth-layer="SOAP"
+ provider-id="SOAPTestClientAuthModule">
+ <message-security>
+ <message/>
+ <request-protection auth-source="sender"/>
+ </message-security>
+ </message-security-binding>
+ </port-info>
+ </service-ref>
+
+ <service-ref>
+ <service-ref-name>com.sun.s1asdev.security.jmac.soapdefault.client.Client/servletService</service-ref-name>
+ <port-info>
+ <wsdl-port>
+ <namespaceURI>http://servletws.soapdefault.jmac.security.s1asdev.sun.com</namespaceURI>
+ <localpart>HelloServletPort</localpart>
+ </wsdl-port>
+ <message-security-binding auth-layer="SOAP"
+ provider-id="SOAPTestClientAuthModule">
+ <message-security>
+ <message/>
+ <request-protection auth-source="sender"/>
+ </message-security>
+ </message-security-binding>
+ </port-info>
+ </service-ref>
+</sun-application-client>
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/descriptor/web.xml b/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/descriptor/web.xml
new file mode 100644
index 0000000..bf08c96
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/descriptor/web.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:j2ee="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2.5"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
+
+ <servlet>
+ <servlet-name>HelloServlet</servlet-name>
+ <servlet-class>com.sun.s1asdev.security.jmac.soapdefault.servletws.HelloServlet</servlet-class>
+ <load-on-startup>0</load-on-startup>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>HelloServlet</servlet-name>
+ <url-pattern>/webservice/JmacSoapDefaultServletService/HelloServlet</url-pattern>
+ </servlet-mapping>
+</web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/ejbws/HelloEjb.java b/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/ejbws/HelloEjb.java
new file mode 100644
index 0000000..2c14a4e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/ejbws/HelloEjb.java
@@ -0,0 +1,30 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.jmac.soapdefault.ejbws;
+
+import javax.ejb.Stateless;
+import javax.jws.WebService;
+
+@Stateless
+@WebService(targetNamespace="http://ejbws.soapdefault.jmac.security.s1asdev.sun.com", serviceName="JmacSoapDefaultEjbService")
+public class HelloEjb {
+ public String hello(String who) {
+ String message = "HelloEjb " + who;
+ System.out.println(message);
+ return message;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/servletws/HelloServlet.java b/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/servletws/HelloServlet.java
new file mode 100644
index 0000000..b5cc0b6
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soapDefault/servletws/HelloServlet.java
@@ -0,0 +1,29 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.jmac.soapdefault.servletws;
+
+import javax.jws.WebService;
+
+@WebService(targetNamespace="http://servletws.soapdefault.jmac.security.s1asdev.sun.com", serviceName="JmacSoapDefaultServletService")
+public class HelloServlet {
+ public String hello(String who) {
+ String message = "HelloServlet " + who;
+ System.out.println(message);
+ return message;
+
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/authmodule/SOAPEmbeddedTestClientAuthModule.java b/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/authmodule/SOAPEmbeddedTestClientAuthModule.java
new file mode 100644
index 0000000..d1deec0
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/authmodule/SOAPEmbeddedTestClientAuthModule.java
@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.jmac.soapembedded;
+
+import java.util.Map;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.MessagePolicy;
+import javax.security.auth.message.module.ClientAuthModule;
+import javax.xml.namespace.QName;
+import javax.xml.soap.SOAPMessage;
+
+public class SOAPEmbeddedTestClientAuthModule implements ClientAuthModule {
+ private CallbackHandler handler = null;
+
+ public void initialize(MessagePolicy requestPolicy,
+ MessagePolicy responsePolicy,
+ CallbackHandler handler,
+ Map options)
+ throws AuthException {
+ this.handler = handler;
+ }
+
+ public Class[] getSupportedMessageTypes() {
+ return new Class[] { SOAPMessage.class };
+ }
+
+ public AuthStatus secureRequest(MessageInfo messageInfo,
+ Subject clientSubject) throws AuthException {
+ SOAPMessage reqMessage = (SOAPMessage)messageInfo.getRequestMessage();
+ QName serviceName = (QName)messageInfo.getMap().get(
+ javax.xml.ws.Endpoint.WSDL_SERVICE);
+ System.out.println("serviceName = " + serviceName);
+ if (serviceName == null) {
+ throw new AuthException("serviceName is null");
+ } else if (!(serviceName instanceof javax.xml.namespace.QName)) {
+ throw new AuthException("serviceName is not an instanceof javax.xml.namespace.QName");
+ }
+ try {
+ Util.prependSOAPMessage(reqMessage, "SecReq ");
+ } catch(Exception ex) {
+ AuthException aex = new AuthException();
+ aex.initCause(ex);
+ throw aex;
+ }
+ return AuthStatus.SUCCESS;
+ }
+
+ public AuthStatus validateResponse(MessageInfo messageInfo,
+ Subject clientSubject, Subject serviceSubject)
+ throws AuthException {
+ SOAPMessage respMessage = (SOAPMessage)messageInfo.getResponseMessage();
+ try {
+ String value = Util.getValue(respMessage);
+ if (value == null || !value.startsWith("SecResp ") ||
+ (value.indexOf("ValReq SecReq ") == -1)) {
+ return AuthStatus.FAILURE;
+ }
+ Util.prependSOAPMessage(respMessage, "ValResp ");
+ } catch(Exception ex) {
+ AuthException aex = new AuthException();
+ aex.initCause(ex);
+ throw aex;
+ }
+ return AuthStatus.SUCCESS;
+ }
+
+ public void cleanSubject(MessageInfo messageInfo, Subject subject)
+ throws AuthException {
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/authmodule/SOAPEmbeddedTestServerAuthModule.java b/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/authmodule/SOAPEmbeddedTestServerAuthModule.java
new file mode 100644
index 0000000..578deff
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/authmodule/SOAPEmbeddedTestServerAuthModule.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.jmac.soapembedded;
+
+import java.util.Map;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.MessagePolicy;
+import javax.security.auth.message.module.ServerAuthModule;
+import javax.xml.soap.SOAPMessage;
+
+public class SOAPEmbeddedTestServerAuthModule implements ServerAuthModule {
+ private CallbackHandler handler = null;
+
+ public void initialize(MessagePolicy requestPolicy,
+ MessagePolicy responsePolicy,
+ CallbackHandler handler,
+ Map options)
+ throws AuthException {
+ this.handler = handler;
+ }
+
+ public Class[] getSupportedMessageTypes() {
+ return new Class[] { SOAPMessage.class };
+ }
+
+ public AuthStatus validateRequest(MessageInfo messageInfo,
+ Subject clientSubject,
+ Subject serviceSubject) throws AuthException {
+ SOAPMessage reqMessage = (SOAPMessage)messageInfo.getRequestMessage();
+ try {
+ String value = Util.getValue(reqMessage);
+ if (value == null || !value.startsWith("SecReq ")) {
+ return AuthStatus.FAILURE;
+ }
+ Util.prependSOAPMessage(reqMessage, "ValReq ");
+ } catch(Exception ex) {
+ AuthException aex = new AuthException();
+ aex.initCause(ex);
+ throw aex;
+ }
+ return AuthStatus.SUCCESS;
+ }
+
+ public AuthStatus secureResponse(MessageInfo messageInfo,
+ Subject serviceSubject) throws AuthException {
+ SOAPMessage respMessage = (SOAPMessage)messageInfo.getResponseMessage();
+ try {
+ Util.prependSOAPMessage(respMessage, "SecResp ");
+ } catch(Exception ex) {
+ AuthException aex = new AuthException();
+ aex.initCause(ex);
+ throw aex;
+ }
+ return AuthStatus.SUCCESS;
+ }
+
+ public void cleanSubject(MessageInfo messageInfo, Subject subject)
+ throws AuthException {
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/authmodule/Util.java b/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/authmodule/Util.java
new file mode 100644
index 0000000..89bea16
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/authmodule/Util.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.jmac.soapembedded;
+
+import java.io.IOException;
+import javax.xml.soap.SOAPBody;
+import javax.xml.soap.SOAPElement;
+import javax.xml.soap.SOAPException;
+import javax.xml.soap.SOAPMessage;
+
+class Util {
+ static String getValue(SOAPMessage message) throws SOAPException {
+ SOAPBody body = message.getSOAPBody();
+ SOAPElement paramElement =
+ (SOAPElement)body.getFirstChild().getFirstChild();
+ return paramElement.getValue();
+ }
+
+ static void prependSOAPMessage(SOAPMessage message, String prefix)
+ throws IOException, SOAPException {
+ //message.writeTo(System.out); System.out.println();
+ SOAPBody body = message.getSOAPBody();
+ SOAPElement paramElement =
+ (SOAPElement)body.getFirstChild().getFirstChild();
+ paramElement.setValue(prefix + paramElement.getValue());
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/build.properties b/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/build.properties
new file mode 100644
index 0000000..c8f074f
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/build.properties
@@ -0,0 +1,33 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security-jmac-soapembedded"/>
+<property name="appname" value="${module}"/>
+<property name="assemble" value="${build.classes.dir}/archive"/>
+<property name="test.client"
+ value="com.sun.s1asdev.security.jmac.soapembedded.client.Client"/>
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="sun-application.xml" value="descriptor/sun-application.xml"/>
+<property name="ejb-jar.xml" value="descriptor/ejb-jar.xml"/>
+<property name="sun-ejb-jar.xml" value="descriptor/sun-ejb-jar.xml"/>
+<property name="web.xml" value="descriptor/web.xml"/>
+<property name="sun-web.xml" value="descriptor/sun-web.xml"/>
+<property name="web2.xml" value="descriptor/web2.xml"/>
+<property name="sun-web2.xml" value="descriptor/sun-web2.xml"/>
+<property name="app.type" value="application"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/build.xml b/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/build.xml
new file mode 100644
index 0000000..6043e33
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/build.xml
@@ -0,0 +1,217 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../../config/common.xml">
+<!ENTITY commonSecurity SYSTEM "file:../../common.xml">
+<!ENTITY testproperties SYSTEM "file:./build.properties">
+]>
+
+<project name="security-jmac-soapembedded" default="usage" basedir=".">
+
+ &commonSetup;
+ &commonBuild;
+ &testproperties;
+ &commonSecurity;
+
+ <target name="all" depends="clean, build-providers, setup, build-deploy, run, undeploy, unsetup"/>
+
+ <target name="clean" depends="init-common">
+ <antcall target="clean-common"/>
+ </target>
+
+ <target name="build-providers" depends="init-common">
+ <antcall target="compile-common">
+ <param name="src" value="authmodule"/>
+ <param name="build.classes.dir" value="${build.classes.dir}/authmodule"/>
+ </antcall>
+
+ <mkdir dir="${assemble.dir}"/>
+ <jar jarfile="${assemble.dir}/test-${appname}-provider.jar">
+ <fileset dir="${build.classes.dir}/authmodule"/>
+ </jar>
+ </target>
+
+ <target name="setup" depends="init-common">
+ <!-- exports certdb stuff and imports into keystore -->
+ <antcall target="prepare-store-nickname-common">
+ <param name="cert.nickname" value="s1as"/>
+ </antcall>
+
+ <copy file="${assemble.dir}/test-${appname}-provider.jar"
+ todir="${env.S1AS_HOME}/lib"/>
+
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="create-message-security-provider"/>
+ <param name="as.props" value="${as.props} --classname com.sun.s1asdev.security.jmac.soapembedded.SOAPEmbeddedTestServerAuthModule --layer SOAP --providertype server --requestauthsource sender"/>
+ <param name="operand.props" value="SOAPEmbeddedTestServerAuthModule"/>
+ </antcall>
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="create-message-security-provider"/>
+ <param name="as.props" value="${as.props} --classname com.sun.s1asdev.security.jmac.soapembedded.SOAPEmbeddedTestClientAuthModule --layer SOAP --providertype client --requestauthsource sender"/>
+ <param name="operand.props" value="SOAPEmbeddedTestClientAuthModule"/>
+ </antcall>
+
+ </target>
+
+ <target name="unsetup" depends="init-common">
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-message-security-provider"/>
+ <param name="as.props" value="${as.props} --layer SOAP"/>
+ <param name="operand.props" value="SOAPEmbeddedTestServerAuthModule"/>
+ </antcall>
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-message-security-provider"/>
+ <param name="as.props" value="${as.props} --layer SOAP"/>
+ <param name="operand.props" value="SOAPEmbeddedTestClientAuthModule"/>
+ </antcall>
+
+ <!-- may not be able to delete this file in PC environment -->
+ <delete file="${env.S1AS_HOME}/lib/test-${appname}-provider.jar" failonerror="false"/>
+ </target>
+
+ <target name="compile-server" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="ejbws"/>
+ <param name="build.classes.dir" value="${build.classes.dir}/ejbws"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="servletws"/>
+ <param name="build.classes.dir" value="${build.classes.dir}/servletws/WEB-INF/classes"/>
+ </antcall>
+ </target>
+
+ <target name="compile-webclient">
+ <mkdir dir="${build.classes.dir}/webclient"/>
+ <antcall target="wsimport">
+ <param name="wsimport.args"
+ value="-keep -d ${build.classes.dir}/webclient http://${http.host}:${http.port}/JmacSoapEmbeddedEjbService/HelloEjb?WSDL"/>
+ </antcall>
+ <antcall target="wsimport">
+ <param name="wsimport.args"
+ value="-keep -d ${build.classes.dir}/webclient http://${http.host}:${http.port}/security-jmac-soapembedded-web/webservice/JmacSoapEmbeddedServletService/HelloServlet?WSDL"/>
+ </antcall>
+
+ <delete file="webclient/Servlet.java" failonerror="false"/>
+ <copy file="webclient/Servlet.java.template" tofile="webclient/Servlet.java"/>
+ <replace file="webclient/Servlet.java">
+ <replacefilter token="@HOST@" value="${http.host}"/>
+ <replacefilter token="@PORT@" value="${http.port}"/>
+ </replace>
+ <javac srcdir="webclient" destdir="${build.classes.dir}/webclient"
+ classpath="${env.APS_HOME}/lib/reporter.jar:${env.S1AS_HOME}/lib/javaee.jar:${env.S1AS_HOME}/lib/webservices-rt.jar:${env.S1AS_HOME}/lib/webservices-tools.jar:${build.classes.dir}/webclient:${env.S1AS_HOME}/modules/javax.servlet.jar" debug="on" failonerror="true"/>
+ </target>
+
+ <target name="build-server" depends="compile-server">
+ <mkdir dir="${assemble.dir}"/>
+ <mkdir dir="${build.classes.dir}/META-INF"/>
+
+ <antcall target="package-ejbjar-common">
+ <param name="ejbjar.files" value="${build.classes.dir}/ejbws"/>
+ <param name="ejb.jar" value="${assemble.dir}/${appname}-ejb.jar"/>
+ <param name="ejbjar.classes" value="com/sun/**/*.class"/>
+ </antcall>
+
+ <copy file="${web.xml}" tofile="${build.classes.dir}/servletws/WEB-INF/web.xml" failonerror="true"/>
+ <copy file="${sun-web.xml}" tofile="${build.classes.dir}/servletws/WEB-INF/sun-web.xml" failonerror="true"/>
+ <jar destfile="${assemble.dir}/${appname}-web.war">
+ <fileset dir="${build.classes.dir}/servletws"/>
+ </jar>
+
+ <copy file="${sun-application.xml}" tofile="${build.classes.dir}/META-INF/sun-application.xml" failonerror="false"/>
+ <jar jarfile="${assemble.dir}/${appname}App.ear">
+ <fileset dir="${assemble.dir}">
+ <include name="*.jar"/>
+ <include name="*.war"/>
+ </fileset>
+ <fileset dir="${build.classes.dir}">
+ <include name="META-INF/sun-application.xml"/>
+ </fileset>
+ </jar>
+ </target>
+
+ <target name="build-webclient" depends="compile-webclient">
+ <mkdir dir="${assemble.dir}"/>
+
+ <antcall target="package-war-common">
+ <param name="web.xml" value="${web2.xml}"/>
+ <param name="sun-web.xml" value="${sun-web2.xml}"/>
+ <param name="war.classes"
+ value="${build.classes.dir}/webclient"/>
+ <param name="war.file"
+ value="${assemble.dir}/${appname}-client-web.war"/>
+ </antcall>
+ </target>
+
+ <target name="build-deploy" depends="init-common">
+ <antcall target="build-server"/>
+ <antcall target="deploy-common-libraries">
+ <param name="as.props" value="${as.props}"/>
+ <param name="libraries" value="${env.S1AS_HOME}/lib/test-${appname}-provider.jar"/>
+ </antcall>
+ <antcall target="build-webclient"/>
+ <antcall target="deploy-war-libraries">
+ <param name="as.props" value="${as.props}"/>
+ <param name="libraries" value="${env.S1AS_HOME}/lib/test-${appname}-provider.jar"/>
+ <param name="appname" value="${appname}-client"/>
+ <param name="contextroot" value="${appname}-client-web"/>
+ </antcall>
+ </target>
+
+ <target name="run" depends="init-common">
+ <taskdef name="webtest" classname="${webtest.classname}" classpath="${webtest.classpath}" />
+ <webtest request="GET /security-jmac-soapembedded-client-web/webclient/Servlet HTTP/1.0"
+ debug="9"
+ host="${http.host}"
+ port="${http.port}"
+ firstTask="true"
+ lastTest="true"
+ lastCase="true"
+ lastTask="true"
+ resultFileName="${webtest.report.dir}/security-gtest-results.xml"
+ testSession="security-jmac-soapembedded"
+ requestHeaders="Host:${http.host}:${http.port}"
+ goldenFile="${env.APS_HOME}/devtests/security/jmac/soapEmbedded/goldenfiles/output.html"
+ testSuiteId="security-jmac-soapembedded"
+ testSuiteName="security-jmac-soapembedded"
+ testSuiteDescription="Security Test"
+ testId="security-jmac-soapembedded"
+ testName="security-jmac-soapembedded"
+ testDescription="JSR 196 SoapEmbedded test: ${testcaseid}"
+ testCaseId="${testcaseid}"
+ testCaseName="${testcaseid}"
+ testCaseDescription="JSR 196 SoapEmbedded test"
+ testStrategy="JSR 196 SoapEmbedded test"
+ />
+
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-common"/>
+ <antcall target="undeploy-war-common">
+ <param name="appname"
+ value="${appname}-client"/>
+ </antcall>
+ </target>
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/descriptor/sun-ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/descriptor/sun-ejb-jar.xml
new file mode 100644
index 0000000..b95223e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/descriptor/sun-ejb-jar.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 EJB 2.1//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-ejb-jar_2_1-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-ejb-jar>
+ <enterprise-beans>
+ <ejb>
+ <ejb-name>HelloEjb</ejb-name>
+ <webservice-endpoint>
+ <port-component-name>HelloEjb</port-component-name>
+ <endpoint-address-uri>/JmacSoapEmbeddedEjbService/HelloEjb</endpoint-address-uri>
+ <message-security-binding auth-layer="SOAP"
+ provider-id="SOAPEmbeddedTestServerAuthModule">
+ <message-security>
+ <message/>
+ <request-protection auth-source="content"/>
+ <response-protection auth-source="content"/>
+ </message-security>
+ </message-security-binding>
+ </webservice-endpoint>
+ </ejb>
+ </enterprise-beans>
+</sun-ejb-jar>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/descriptor/sun-web.xml b/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/descriptor/sun-web.xml
new file mode 100644
index 0000000..ecc2a6f
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/descriptor/sun-web.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 Servlet 2.4//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-web-app_2_4-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-web-app>
+ <servlet>
+ <servlet-name>HelloServlet</servlet-name>
+ <webservice-endpoint>
+ <port-component-name>HelloServlet</port-component-name>
+ <message-security-binding auth-layer="SOAP"
+ provider-id="SOAPEmbeddedTestServerAuthModule">
+ <message-security>
+ <message/>
+ <request-protection auth-source="content"/>
+ <response-protection auth-source="content"/>
+ </message-security>
+ </message-security-binding>
+ </webservice-endpoint>
+ </servlet>
+</sun-web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/descriptor/sun-web2.xml b/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/descriptor/sun-web2.xml
new file mode 100644
index 0000000..aca19c2
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/descriptor/sun-web2.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 Servlet 2.4//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-web-app_2_4-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-web-app>
+ <service-ref>
+ <service-ref-name>com.sun.s1asdev.security.jmac.soapembedded.webclient.Servlet/ejbService</service-ref-name>
+ <port-info>
+ <wsdl-port>
+ <namespaceURI>http://ejbws.soapembedded.jmac.security.s1asdev.sun.com</namespaceURI>
+ <localpart>HelloEjbPort</localpart>
+ </wsdl-port>
+ <message-security-binding auth-layer="SOAP"
+ provider-id="SOAPEmbeddedTestClientAuthModule">
+ <message-security>
+ <message/>
+ <request-protection auth-source="sender"/>
+ </message-security>
+ </message-security-binding>
+ </port-info>
+ </service-ref>
+
+ <service-ref>
+ <service-ref-name>com.sun.s1asdev.security.jmac.soapembedded.webclient.Servlet/servletService</service-ref-name>
+ <port-info>
+ <wsdl-port>
+ <namespaceURI>http://servletws.soapembedded.jmac.security.s1asdev.sun.com</namespaceURI>
+ <localpart>HelloServletPort</localpart>
+ </wsdl-port>
+ <message-security-binding auth-layer="SOAP"
+ provider-id="SOAPEmbeddedTestClientAuthModule">
+ <message-security>
+ <message/>
+ <request-protection auth-source="sender"/>
+ </message-security>
+ </message-security-binding>
+ </port-info>
+ </service-ref>
+</sun-web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/descriptor/web.xml b/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/descriptor/web.xml
new file mode 100644
index 0000000..2656f3e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/descriptor/web.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:j2ee="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2.5"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
+
+ <servlet>
+ <servlet-name>HelloServlet</servlet-name>
+ <servlet-class>com.sun.s1asdev.security.jmac.soapembedded.servletws.HelloServlet</servlet-class>
+ <load-on-startup>0</load-on-startup>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>HelloServlet</servlet-name>
+ <url-pattern>/webservice/JmacSoapEmbeddedServletService/HelloServlet</url-pattern>
+ </servlet-mapping>
+</web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/descriptor/web2.xml b/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/descriptor/web2.xml
new file mode 100644
index 0000000..5d54618
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/descriptor/web2.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:j2ee="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2.5"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
+
+ <servlet>
+ <servlet-name>Servlet</servlet-name>
+ <servlet-class>com.sun.s1asdev.security.jmac.soapembedded.webclient.Servlet</servlet-class>
+ <load-on-startup>0</load-on-startup>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>Servlet</servlet-name>
+ <url-pattern>/webclient/Servlet</url-pattern>
+ </servlet-mapping>
+</web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/ejbws/HelloEjb.java b/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/ejbws/HelloEjb.java
new file mode 100644
index 0000000..2748cb8
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/ejbws/HelloEjb.java
@@ -0,0 +1,30 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.jmac.soapembedded.ejbws;
+
+import javax.ejb.Stateless;
+import javax.jws.WebService;
+
+@Stateless
+@WebService(targetNamespace="http://ejbws.soapembedded.jmac.security.s1asdev.sun.com", serviceName="JmacSoapEmbeddedEjbService")
+public class HelloEjb {
+ public String hello(String who) {
+ String message = "HelloEjb " + who;
+ System.out.println(message);
+ return message;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/goldenfiles/output.html b/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/goldenfiles/output.html
new file mode 100644
index 0000000..388b888
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/goldenfiles/output.html
@@ -0,0 +1,5 @@
+ <HTML><HEAD><TITLE>Servlet Output</TTILE></HEAD><BODY>
+ ValResp SecResp HelloEjb ValReq SecReq Sun
+ <br>
+ ValResp SecResp HelloServlet ValReq SecReq Sun
+</BODY></HTML>
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/servletws/HelloServlet.java b/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/servletws/HelloServlet.java
new file mode 100644
index 0000000..70c4d2a
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/servletws/HelloServlet.java
@@ -0,0 +1,29 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.jmac.soapembedded.servletws;
+
+import javax.jws.WebService;
+
+@WebService(targetNamespace="http://servletws.soapembedded.jmac.security.s1asdev.sun.com", serviceName="JmacSoapEmbeddedServletService")
+public class HelloServlet {
+ public String hello(String who) {
+ String message = "HelloServlet " + who;
+ System.out.println(message);
+ return message;
+
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/webclient/Servlet.java.template b/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/webclient/Servlet.java.template
new file mode 100644
index 0000000..37c406a
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jmac/soapEmbedded/webclient/Servlet.java.template
@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 2002, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.jmac.soapembedded.webclient;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import javax.xml.ws.WebServiceRef;
+
+import com.sun.s1asdev.security.jmac.soapembedded.ejbws.HelloEjb;
+import com.sun.s1asdev.security.jmac.soapembedded.ejbws.JmacSoapEmbeddedEjbService;
+import com.sun.s1asdev.security.jmac.soapembedded.servletws.HelloServlet;
+import com.sun.s1asdev.security.jmac.soapembedded.servletws.JmacSoapEmbeddedServletService;
+
+public class Servlet extends HttpServlet {
+ @WebServiceRef(wsdlLocation="http://@HOST@:@PORT@/JmacSoapEmbeddedEjbService/HelloEjb?WSDL")
+ private JmacSoapEmbeddedEjbService ejbService;
+
+ @WebServiceRef(wsdlLocation="http://@HOST@:@PORT@/security-jmac-soapembedded-web/webservice/JmacSoapEmbeddedServletService/HelloServlet?WSDL")
+ private JmacSoapEmbeddedServletService servletService;
+
+ public void service(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ resp.setContentType("text/html");
+ PrintWriter out = resp.getWriter();
+
+ out.println("<HTML><HEAD><TITLE>Servlet Output</TTILE></HEAD><BODY>");
+ try {
+ HelloEjb ejbPort = ejbService.getHelloEjbPort();
+
+ String ejbMsg = ejbPort.hello("Sun");
+ out.println(ejbMsg);
+ out.println("<br>");
+
+ HelloServlet servletPort = servletService.getHelloServletPort();
+ String servletMsg = servletPort.hello("Sun");
+ out.println(servletMsg);
+ out.println("</BODY></HTML>");
+ } catch(Exception ex) {
+ out.println(ex.toString());
+ ex.printStackTrace();
+ }
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jsp2sful/build.properties b/appserver/tests/appserv-tests/devtests/security/jsp2sful/build.properties
new file mode 100644
index 0000000..eeca480
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jsp2sful/build.properties
@@ -0,0 +1,30 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="jsp2sful"/>
+<property name="appname" value="${module}" />
+<property name="app.type" value="application"/>
+<!--======= -->
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="sun-application.xml" value="descriptor/sun-application.xml"/>
+<property name="ejb-jar.xml" value="descriptor/ejb-jar.xml"/>
+<property name="sun-ejb-jar.xml" value="descriptor/sun-ejb-jar.xml"/>
+<property name="appname" value="statefulLoginBean"/>
+<property name="web.xml" value="descriptor/web.xml"/>
+<property name="sun-web.xml" value="descriptor/sun-web.xml"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/jsp2sful/build.xml b/appserver/tests/appserv-tests/devtests/security/jsp2sful/build.xml
new file mode 100644
index 0000000..99470ca
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jsp2sful/build.xml
@@ -0,0 +1,201 @@
+<?xml version="1.0"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "file:./../../../config/run.xml">
+<!ENTITY commonSecurity SYSTEM "file:./../common.xml">
+<!ENTITY testProperties SYSTEM "./build.properties">
+]>
+
+
+<project name="jsp2sful" basedir="." default="usage">
+
+ &commonSetup;
+ &commonBuild;
+ &commonRun;
+ &commonSecurity;
+ &testProperties;
+
+ <target name="all" depends="build, setup, deploy, run, undeploy, unsetup"/>
+ <target name="clean" depends="init-common">
+ <delete dir="${build.classes.dir}"/>
+ <delete dir="${assemble.dir}"/>
+ </target>
+
+ <target name="compile" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="profile"/>
+ </antcall>
+ </target>
+
+ <target name="build" depends="compile">
+ <antcall target="webclient-war-common">
+ <param name="hasWebclient" value="yes" />
+ </antcall>
+
+ <antcall target="ejb-jar-common" />
+ <antcall target="ear-common" />
+ </target>
+
+ <target name="deploy" depends="init-common">
+ <antcall target="deploy-common"/>
+ </target>
+
+ <target name="run" depends="init-common">
+ <antcall target="runweb">
+ <param name="webuser" value="shingwai"/>
+ <param name="webpassword" value="shingwai"/>
+ <param name="goldenfile" value="goldenfiles/AllAuth.html"/>
+ <param name="testcaseid" value="user-with-all-authorization"/>
+ </antcall>
+ <antcall target="runweb">
+ <param name="webuser" value="swchan"/>
+ <param name="webpassword" value="swchan"/>
+ <param name="goldenfile" value="goldenfiles/PartialEJBAuth.html"/>
+ <param name="testcaseid" value="user-with-partial-ejb-authorization"/>
+ </antcall>
+ <antcall target="runweb">
+ <param name="webuser" value="webuser"/>
+ <param name="webpassword" value="webuser"/>
+ <param name="goldenfile" value="goldenfiles/WebOnlyAuth.html"/>
+ <param name="testcaseid" value="user-with-web-authorization-only"/>
+ </antcall>
+ <antcall target="runweb-403">
+ <param name="webuser" value="noauthuser"/>
+ <param name="webpassword" value="noauthuser"/>
+ <param name="testcaseid" value="user-with-no-authorization"/>
+ </antcall>
+ <antcall target="runweb">
+ <param name="webuser" value="nosuchuser"/>
+ <param name="webpassword" value="nosuchuser"/>
+ <param name="goldenfile" value="docroot/error.html"/>
+ <param name="testcaseid" value="invalid-user"/>
+ </antcall>
+ </target>
+
+ <target name="runweb" depends="init-common">
+ <taskdef name="webtest" classname="${webtest.classname}" classpath="${webtest.classpath}" />
+ <webtest request="GET /jsp2sful/index.jsp HTTP/1.0"
+ debug="9"
+ host="${http.host}"
+ port="${http.port}"
+ authMethod="FORM"
+ userName="${webuser}"
+ password="${webpassword}"
+ firstTask="true"
+ lastTest="true"
+ lastCase="true"
+ lastTask="true"
+ resultFileName="${webtest.report.dir}/security-gtest-results.xml"
+ testSession="form-auth-web"
+ requestHeaders="Host:${http.host}:${http.port}"
+ goldenFile="${env.APS_HOME}/devtests/security/jsp2sful/${goldenfile}"
+ testSuiteId="form-auth-web"
+ testSuiteName="form-auth-jsp-web"
+ testSuiteDescription="Security Test"
+ testId="form-auth-jsp-web"
+ testName="form-auth-jsp-web"
+ testDescription="Form auth test from JSP to Stateful EJB: ${testcaseid}"
+ testCaseId="${testcaseid}"
+ testCaseName="${testcaseid}"
+ testCaseDescription="Form auth test from JSP to Stateful EJB"
+ testStrategy="Form auth tests, both positive and negative from JSP to Stateful EJB"
+ />
+ </target>
+
+ <target name="runweb-403" depends="init-common">
+ <taskdef name="webtest" classname="${webtest.classname}" classpath="${webtest.classpath}" />
+ <webtest request="GET /jsp2sful/index.jsp HTTP/1.0"
+ debug="9"
+ host="${http.host}"
+ port="${http.port}"
+ authMethod="FORM"
+ userName="${webuser}"
+ password="${webpassword}"
+ firstTask="true"
+ lastTest="true"
+ lastCase="true"
+ lastTask="true"
+ resultFileName="${webtest.report.dir}/security-gtest-results.xml"
+ testSession="form-auth-web"
+ requestHeaders="Host:${http.host}:${http.port}"
+ returnCode="HTTP/1.1 403"
+ testSuiteId="form-auth-web"
+ testSuiteName="form-auth-jsp-web"
+ testSuiteDescription="Security Test"
+ testId="form-auth-jsp-web"
+ testName="form-auth-jsp-web"
+ testDescription="Form auth test from JSP to Stateful EJB: ${testcaseid}"
+ testCaseId="${testcaseid}"
+ testCaseName="${testcaseid}"
+ testCaseDescription="Form auth test from JSP to Stateful EJB"
+ testStrategy="Form auth tests, both positive and negative from JSP to Stateful EJB"
+ />
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-common"/>
+ </target>
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+
+ <target name="setup">
+ <antcall target="create-user-common">
+ <param name="user" value="shingwai"/>
+ <param name="password" value="shingwai"/>
+ <param name="groups" value="employee"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="swchan"/>
+ <param name="password" value="swchan"/>
+ <param name="groups" value="staff"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="webuser"/>
+ <param name="password" value="webuser"/>
+ <param name="groups" value="employee"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="noauthuser"/>
+ <param name="password" value="noauthuser"/>
+ <param name="groups" value="employee"/>
+ </antcall>
+ <!-- <antcall target="reconfig-common"/>-->
+ </target>
+
+ <target name="unsetup">
+ <!-- remove test users, just cleanup. -->
+ <antcall target="delete-user-common">
+ <param name="user" value="shingwai"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="swchan"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="webuser"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="noauthuser"/>
+ </antcall>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/jsp2sful/descriptor/application.xml b/appserver/tests/appserv-tests/devtests/security/jsp2sful/descriptor/application.xml
new file mode 100644
index 0000000..22b95b0
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jsp2sful/descriptor/application.xml
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE application PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application 1.3//EN" "http://java.sun.com/dtd/application_1_3.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application>
+ <display-name>jsp2sful</display-name>
+ <module>
+ <ejb>jsp2sful-ejb.jar</ejb>
+ </module>
+ <module>
+ <web>
+ <web-uri>jsp2sful-web.war</web-uri>
+ <context-root>jsp2sful</context-root>
+ </web>
+ </module>
+</application>
diff --git a/appserver/tests/appserv-tests/devtests/security/jsp2sful/descriptor/ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/jsp2sful/descriptor/ejb-jar.xml
new file mode 100644
index 0000000..2c27b54
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jsp2sful/descriptor/ejb-jar.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 2.0//EN" "http://java.sun.com/dtd/ejb-jar_2_0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<ejb-jar>
+ <display-name>Ejb1</display-name>
+ <enterprise-beans>
+ <session>
+ <display-name>jsp2sful</display-name>
+ <ejb-name>jsp2sful</ejb-name>
+ <home>profile.ProfileInfoHome</home>
+ <remote>profile.ProfileInfoRemote</remote>
+ <ejb-class>profile.ProfileInfoBean</ejb-class>
+ <session-type>Stateful</session-type>
+ <transaction-type>Container</transaction-type>
+ <security-role-ref>
+ <role-name>EMP</role-name>
+ <role-link>employee</role-link>
+ </security-role-ref>
+ <security-role-ref>
+ <role-name>STAFF</role-name>
+ <role-link>staff</role-link>
+ </security-role-ref>
+ <security-role-ref>
+ <role-name>MGR</role-name>
+ <role-link>manager</role-link>
+ </security-role-ref>
+ <security-identity>
+ <use-caller-identity/>
+ </security-identity>
+ </session>
+ </enterprise-beans>
+ <assembly-descriptor>
+ <security-role>
+ <role-name>employee</role-name>
+ </security-role>
+ <security-role>
+ <role-name>staff</role-name>
+ </security-role>
+ <security-role>
+ <role-name>manager</role-name>
+ </security-role>
+ <method-permission>
+ <role-name>staff</role-name>
+ <role-name>manager</role-name>
+ <method>
+ <ejb-name>jsp2sful</ejb-name>
+ <method-intf>Remote</method-intf>
+ <method-name>getCallerInfo</method-name>
+ </method>
+ </method-permission>
+ <method-permission>
+ <role-name>manager</role-name>
+ <method>
+ <ejb-name>jsp2sful</ejb-name>
+ <method-intf>Remote</method-intf>
+ <method-name>getSecretInfo</method-name>
+ </method>
+ </method-permission>
+ </assembly-descriptor>
+</ejb-jar>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/jsp2sful/descriptor/sun-application.xml b/appserver/tests/appserv-tests/devtests/security/jsp2sful/descriptor/sun-application.xml
new file mode 100644
index 0000000..aa27559
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jsp2sful/descriptor/sun-application.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application PUBLIC "-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 J2EE Application 1.4//EN" "http://www.sun.com/software/sunone/appserver/dtds/sun-application_1_4-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application>
+ <unique-id>0</unique-id>
+ <security-role-mapping>
+ <role-name>Administrator</role-name>
+ <principal-name>harry</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>employee</role-name>
+ <principal-name>shingwai</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>manager</role-name>
+ <principal-name>shingwai</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>employee</role-name>
+ <principal-name>swchan</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>staff</role-name>
+ <principal-name>swchan</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>employee</role-name>
+ <principal-name>webuser</principal-name>
+ </security-role-mapping>
+</sun-application>
diff --git a/appserver/tests/appserv-tests/devtests/security/jsp2sful/descriptor/sun-ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/jsp2sful/descriptor/sun-ejb-jar.xml
new file mode 100644
index 0000000..71a14ff
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jsp2sful/descriptor/sun-ejb-jar.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 EJB 2.0//EN" "http://www.sun.com/software/sunone/appserver/dtds/sun-ejb-jar_2_0-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-ejb-jar>
+ <enterprise-beans>
+ <unique-id>0</unique-id>
+ <ejb>
+ <ejb-name>jsp2sful</ejb-name>
+ <jndi-name>jsp2sful</jndi-name>
+
+ <ior-security-config>
+ <transport-config>
+ <integrity>supported</integrity>
+ <confidentiality>supported</confidentiality>
+ <establish-trust-in-target>supported</establish-trust-in-target>
+ <establish-trust-in-client>supported</establish-trust-in-client>
+ </transport-config>
+ <as-context>
+ <auth-method>username_password</auth-method>
+ <realm>default</realm>
+ <required>false</required>
+ </as-context>
+ <sas-context>
+ <caller-propagation>supported</caller-propagation>
+ </sas-context>
+ </ior-security-config>
+ <gen-classes/>
+ </ejb>
+ </enterprise-beans>
+</sun-ejb-jar>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/jsp2sful/descriptor/sun-web.xml b/appserver/tests/appserv-tests/devtests/security/jsp2sful/descriptor/sun-web.xml
new file mode 100644
index 0000000..5a12be3
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jsp2sful/descriptor/sun-web.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 Servlet 2.3//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-web-app_2_3-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-web-app>
+ <session-config>
+ <session-manager/>
+ </session-config>
+
+ <ejb-ref>
+ <ejb-ref-name>jsp2sful</ejb-ref-name>
+ <jndi-name>jsp2sful</jndi-name>
+ </ejb-ref>
+ <class-loader delegate="true"/>
+ <jsp-config/>
+</sun-web-app>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/jsp2sful/descriptor/web.xml b/appserver/tests/appserv-tests/devtests/security/jsp2sful/descriptor/web.xml
new file mode 100644
index 0000000..30e2101
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jsp2sful/descriptor/web.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN' 'http://java.sun.com/j2ee/dtds/web-app_2_2.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app>
+ <display-name>jsp2sful</display-name>
+ <distributable></distributable>
+ <servlet>
+ <servlet-name>LoginJsp</servlet-name>
+ <jsp-file>/login.jsp</jsp-file>
+ <load-on-startup>0</load-on-startup>
+ </servlet>
+ <servlet>
+ <servlet-name>IndexJsp</servlet-name>
+ <jsp-file>/index.jsp</jsp-file>
+ <load-on-startup>0</load-on-startup>
+ <security-role-ref>
+ <role-name>EMP</role-name>
+ <role-link>employee</role-link>
+ </security-role-ref>
+ </servlet>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>MySecureBit</web-resource-name>
+ <url-pattern>/index.jsp</url-pattern>
+ <http-method>GET</http-method>
+ <http-method>POST</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>employee</role-name>
+ </auth-constraint>
+ <user-data-constraint>
+ <transport-guarantee>NONE</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>FORM</auth-method>
+ <realm-name>default</realm-name>
+ <form-login-config>
+ <form-login-page>/login.jsp</form-login-page>
+ <form-error-page>/error.html</form-error-page>
+ </form-login-config>
+ </login-config>
+
+ <security-role>
+ <role-name>employee</role-name>
+ </security-role>
+
+ <ejb-ref>
+ <ejb-ref-name>jsp2sful</ejb-ref-name>
+ <ejb-ref-type>Session</ejb-ref-type>
+ <home>profile.ProfileInfoHome</home>
+ <remote>profile.ProfileInfoRemote</remote>
+ </ejb-ref>
+</web-app>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/jsp2sful/docroot/error.html b/appserver/tests/appserv-tests/devtests/security/jsp2sful/docroot/error.html
new file mode 100644
index 0000000..467a8f4
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jsp2sful/docroot/error.html
@@ -0,0 +1,28 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<html>
+<head><title> A typical Error Page</title></head>
+<body>
+<h2>A simple Error Page</h2>
+<hr>
+You could not be authenticated with the information provided. <BR>
+Please check your Username and Password.
+<br>
+</body>
+</html>
diff --git a/appserver/tests/appserv-tests/devtests/security/jsp2sful/docroot/index.jsp b/appserver/tests/appserv-tests/devtests/security/jsp2sful/docroot/index.jsp
new file mode 100644
index 0000000..378197b
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jsp2sful/docroot/index.jsp
@@ -0,0 +1,62 @@
+<%--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+--%>
+
+<%@page language="java"%>
+<%@page contentType="text/html" import="java.util.Date"%>
+<%@page import="javax.naming.*"%>
+<%@page import="javax.rmi.*" %>
+<%@page import="java.rmi.*" %>
+<%@page import="profile.*" %>
+
+<html>
+<head><title>JSP Page Access Profile</title></head>
+<body>
+<%
+ out.println("The web user principal = "+request.getUserPrincipal() );
+ out.println();
+%>
+<H3> Calling the ProfileInfoBean </H3>
+<%
+ try{
+ InitialContext ic = new InitialContext();
+ java.lang.Object obj = ic.lookup("jsp2sful");
+ out.println("Looked up home!!");
+ ProfileInfoHome home = (ProfileInfoHome)PortableRemoteObject.narrow(
+ obj, ProfileInfoHome.class);
+ out.println("Narrowed home!!");
+ ProfileInfoRemote hr = home.create("a name");
+ out.println("Got the EJB!!");
+ out.println("<li>User profile: ");
+ try {
+ out.println(hr.getCallerInfo());
+ } catch(AccessException ex) {
+ out.println("CANNOT ACCESS getCallerInfo()");
+ }
+ out.println("<li>Secret info: ");
+ try {
+ out.println(hr.getSecretInfo());
+ } catch(AccessException ex) {
+ out.println("CANNOT ACCESS getSecretInfo()");
+ }
+ } catch(java.rmi.RemoteException e){
+ e.printStackTrace();
+ out.println(e.toString());
+ }
+%>
+</body>
+</html>
diff --git a/appserver/tests/appserv-tests/devtests/security/jsp2sful/docroot/login.jsp b/appserver/tests/appserv-tests/devtests/security/jsp2sful/docroot/login.jsp
new file mode 100644
index 0000000..a41780e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jsp2sful/docroot/login.jsp
@@ -0,0 +1,36 @@
+<%--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+--%>
+
+<%@ page language="java"%>
+<html>
+<head><title>Login Page</title></head>
+<h2> Welcome </h2>
+<BR>
+Please login
+<BR>
+<HR>
+<FORM ACTION="j_security_check" METHOD=POST>
+<table border=0>
+<tr><td align="right">UserName:<td><INPUT TYPE="text" NAME="j_username" VALUE=""> <BR>
+<tr><td align="right">Password:<td><INPUT TYPE="password" NAME="j_password" VALUE=""> <BR>
+</table>
+<BR>
+<INPUT TYPE="submit" value="Login"> <INPUT TYPE="reset" value="Clear">
+
+</FORM>
+</html>
diff --git a/appserver/tests/appserv-tests/devtests/security/jsp2sful/goldenfiles/AllAuth.html b/appserver/tests/appserv-tests/devtests/security/jsp2sful/goldenfiles/AllAuth.html
new file mode 100644
index 0000000..85872ff
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jsp2sful/goldenfiles/AllAuth.html
@@ -0,0 +1,17 @@
+<html>
+<head><title>JSP Page Access Profile</title></head>
+<body>
+The web user principal = shingwai
+
+
+<H3> Calling the ProfileInfoBean </H3>
+Looked up home!!
+Narrowed home!!
+Got the EJB!!
+<li>User profile:
+shingwai
+<li>Secret info:
+Keep It Secret!
+
+</body>
+</html>
diff --git a/appserver/tests/appserv-tests/devtests/security/jsp2sful/goldenfiles/PartialEJBAuth.html b/appserver/tests/appserv-tests/devtests/security/jsp2sful/goldenfiles/PartialEJBAuth.html
new file mode 100644
index 0000000..18cfd47
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jsp2sful/goldenfiles/PartialEJBAuth.html
@@ -0,0 +1,17 @@
+<html>
+<head><title>JSP Page Access Profile</title></head>
+<body>
+The web user principal = swchan
+
+
+<H3> Calling the ProfileInfoBean </H3>
+Looked up home!!
+Narrowed home!!
+Got the EJB!!
+<li>User profile:
+swchan
+<li>Secret info:
+CANNOT ACCESS getSecretInfo()
+
+</body>
+</html>
diff --git a/appserver/tests/appserv-tests/devtests/security/jsp2sful/goldenfiles/WebOnlyAuth.html b/appserver/tests/appserv-tests/devtests/security/jsp2sful/goldenfiles/WebOnlyAuth.html
new file mode 100644
index 0000000..516b2f3
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jsp2sful/goldenfiles/WebOnlyAuth.html
@@ -0,0 +1,17 @@
+<html>
+<head><title>JSP Page Access Profile</title></head>
+<body>
+The web user principal = webuser
+
+
+<H3> Calling the ProfileInfoBean </H3>
+Looked up home!!
+Narrowed home!!
+Got the EJB!!
+<li>User profile:
+CANNOT ACCESS getCallerInfo()
+<li>Secret info:
+CANNOT ACCESS getSecretInfo()
+
+</body>
+</html>
diff --git a/appserver/tests/appserv-tests/devtests/security/jsp2sful/profile/ProfileInfoBean.java b/appserver/tests/appserv-tests/devtests/security/jsp2sful/profile/ProfileInfoBean.java
new file mode 100644
index 0000000..1c3ac18
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jsp2sful/profile/ProfileInfoBean.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package profile;
+
+import javax.ejb.SessionContext;
+import javax.ejb.SessionBean;
+import java.util.Vector;
+import java.lang.String;
+import java.util.Iterator;
+import javax.ejb.EJBException;
+import java.rmi.RemoteException;
+/**
+ *
+ * @author hsingh
+ */
+
+public class ProfileInfoBean implements SessionBean {
+
+ private String name;
+
+ private SessionContext sc = null;
+
+ /** Creates a new instance of ProfieInfo */
+ public void ejbCreate(String name) {
+ this.name = name;
+ }
+
+ public String getCallerInfo() {
+ return sc.getCallerPrincipal().toString();
+ }
+
+ public String getSecretInfo() {
+ return "Keep It Secret!";
+ }
+
+ public void ejbActivate() {
+ System.out.println("In ShoppingCart ejbActivate");
+ }
+
+
+ public void ejbPassivate() {
+ System.out.println("In ShoppingCart ejbPassivate");
+ }
+
+
+ public void ejbRemove() {
+ System.out.println("In ShoppingCart ejbRemove");
+ }
+
+
+ public void setSessionContext(javax.ejb.SessionContext sessionContext) {
+ sc = sessionContext;
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jsp2sful/profile/ProfileInfoHome.java b/appserver/tests/appserv-tests/devtests/security/jsp2sful/profile/ProfileInfoHome.java
new file mode 100644
index 0000000..568ed0c
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jsp2sful/profile/ProfileInfoHome.java
@@ -0,0 +1,29 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package profile;
+
+import javax.ejb.EJBHome;
+/**
+ *
+ * @author swchan2
+ */
+public interface ProfileInfoHome extends EJBHome{
+
+ public ProfileInfoRemote create(String name)
+ throws java.rmi.RemoteException, javax.ejb.CreateException;
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/jsp2sful/profile/ProfileInfoRemote.java b/appserver/tests/appserv-tests/devtests/security/jsp2sful/profile/ProfileInfoRemote.java
new file mode 100644
index 0000000..31683e4
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/jsp2sful/profile/ProfileInfoRemote.java
@@ -0,0 +1,29 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package profile;
+
+import java.rmi.RemoteException;
+import javax.ejb.EJBObject;
+
+/**
+ * ProfileInfo Stateful Session Bean. Test JSR 115 authorization.
+ * @author swchan2
+ */
+public interface ProfileInfoRemote extends EJBObject {
+ public String getCallerInfo() throws RemoteException;
+ public String getSecretInfo() throws RemoteException;
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/ldap/README b/appserver/tests/appserv-tests/devtests/security/ldap/README
new file mode 100644
index 0000000..8caeaab
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ldap/README
@@ -0,0 +1,6 @@
+1. Modify the config.properties in this directory and set a unique value
+ for the property named 'unique-ldap-sub-context-id'
+2. For now the jar file - ldapjdk.jar is not checked in to the
+ appserv-tests/lib directory. The classes in this jar are used
+ to populate/unpopulate the LDAP server.
+3. Currently(5/3/06) the ldap over ssl tests work with PE only
diff --git a/appserver/tests/appserv-tests/devtests/security/ldap/build.properties b/appserver/tests/appserv-tests/devtests/security/ldap/build.properties
new file mode 100644
index 0000000..3379765
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ldap/build.properties
@@ -0,0 +1,35 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security"/>
+
+<property name="ldap.realm.name" value="ldaprealmname"/>
+<property name="ldap.realm.class" value="com.sun.enterprise.security.auth.realm.ldap.LDAPRealm"/>
+
+<property name="create.ldif.file" value="./../ldif/create_usrgrps.ldif"/>
+<property name="delete.ldif.file" value="./../ldif/delete_usrgrps.ldif"/>
+
+<property name="directory.server.url" value="ldap://localhost:1389"/>
+<property name="directory.server.url.ssl" value="ldaps://localhost:1636"/>
+
+<property name="directory.server.host" value="localhost"/>
+<property name="directory.server.port" value="1389"/>
+<property name="directory.server.basedn" value="dc=sfbay,dc=sun,dc=com"/>
+<property name="directory.manager.dn" value="cn=Directory Manager"/>
+<property name="directory.manager.passwd" value="dmanager"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/ldap/config.properties b/appserver/tests/appserv-tests/devtests/security/ldap/config.properties
new file mode 100644
index 0000000..2538331
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ldap/config.properties
@@ -0,0 +1,18 @@
+#
+# Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Eclipse Public License v. 2.0, which is available at
+# http://www.eclipse.org/legal/epl-2.0.
+#
+# This Source Code may also be made available under the following Secondary
+# Licenses when the conditions for such availability set forth in the
+# Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+# version 2 with the GNU Classpath Exception, which is available at
+# https://www.gnu.org/software/classpath/license.html.
+#
+# SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+#
+
+
+unique-ldap-sub-context-id=ashishssubcontext
diff --git a/appserver/tests/appserv-tests/devtests/security/ldap/ldif/create_usrgrps.ldif b/appserver/tests/appserv-tests/devtests/security/ldap/ldif/create_usrgrps.ldif
new file mode 100644
index 0000000..43d8a82
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ldap/ldif/create_usrgrps.ldif
@@ -0,0 +1,106 @@
+version: 1
+
+dn: dc=sfbay,dc=sun,dc=com
+changetype: add
+description: ldap test dn
+objectClass: domain
+objectClass: top
+dc: sfbay
+
+# entry-id: 1
+dn: dc=UNIQUE_SUB_CONTEXT,dc=sfbay,dc=sun,dc=com
+changetype: add
+objectClass: top
+objectClass: domain
+aci: (targetattr != "userPassword || passwordHistory") (version 3.0; acl "Anonymous access"; allow (read, search, compare)userdn = "ldap:///anyone";)
+aci: (targetattr != "nsroledn || aci || nsLookThroughLimit || nsSizeLimit || nsTimeLimit || nsIdleTimeout || passwordPolicySubentry || passwordExpirationTime || passwordExpWarned || passwordRetryCount || retryCountResetTime || accountUnlockTime || passwordHistory || passwordAllowChangeTime")(version 3.0; acl "Allow self entry modification except for nsroledn, aci, resource limitattributes, passwordPolicySubentry and password policy state attributes"; allow (write)userdn ="ldap:///self";)
+aci: (targetattr = "*")(version 3.0; acl "Configuration Administrator"; allow (all) userdn = "ldap:///uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot";)
+aci: (targetattr ="*")(version 3.0;acl "Configuration Administrators Group";allow (all) (groupdn = "ldap:///cn=Configuration Administrators, ou=Groups, ou=TopologyManagement, o=NetscapeRoot");)
+aci: (targetattr ="*")(version 3.0;acl "Directory Administrators Group";allow (all) (groupdn = "ldap:///cn=Directory Administrators, dc=sfbay,dc=sun,dc=com");)
+aci: (targetattr = "*")(version 3.0; acl "SIE Group"; allow (all)groupdn = "ldap:///cn=slapd-aryabhatt, cn=Sun ONE Directory Server, cn=Server Group, cn=aryabhatt.sfbay.sun.com, ou=sfbay.sun.com, o=NetscapeRoot";)
+
+# entry-id: 3
+dn: ou=Groups, dc=UNIQUE_SUB_CONTEXT,dc=sfbay,dc=sun,dc=com
+changetype: add
+objectClass: top
+objectClass: organizationalunit
+ou: Groups
+
+# entry-id: 4
+dn: ou=People, dc=UNIQUE_SUB_CONTEXT,dc=sfbay,dc=sun,dc=com
+changetype: add
+objectClass: top
+objectClass: organizationalunit
+ou: People
+aci: (targetattr ="userpassword || telephonenumber || facsimiletelephonenumber
+ ")(version 3.0;acl "Allow self entry modification";allow (write)(userdn = "l
+ dap:///self");)
+aci: (targetattr !="cn || sn || uid")(targetfilter ="(ou=Accounting)")(version
+ 3.0;acl "Accounting Managers Group Permissions";allow (write)(groupdn = "ld
+ ap:///cn=Accounting Managers,ou=groups,dc=UNIQUE_SUB_CONTEXT,dc=sfbay,dc=sun,dc=com");)
+aci: (targetattr !="cn || sn || uid")(targetfilter ="(ou=Human Resources)")(ve
+ rsion 3.0;acl "HR Group Permissions";allow (write)(groupdn = "ldap:///cn=HR
+ Managers,ou=groups,dc=UNIQUE_SUB_CONTEXT,dc=sfbay,dc=sun,dc=com");)
+aci: (targetattr !="cn ||sn || uid")(targetfilter ="(ou=Product Testing)")(ver
+ sion 3.0;acl "QA Group Permissions";allow (write)(groupdn = "ldap:///cn=QA M
+ anagers,ou=groups,dc=UNIQUE_SUB_CONTEXT,dc=sfbay,dc=sun,dc=com");)
+aci: (targetattr !="cn || sn || uid")(targetfilter ="(ou=Product Development)"
+ )(version 3.0;acl "Engineering Group Permissions";allow (write)(groupdn = "l
+ dap:///cn=PD Managers,ou=groups,dc=UNIQUE_SUB_CONTEXT,dc=sfbay,dc=sun,dc=com");)
+
+# entry-id: 10
+dn: uid=munta,ou=People, dc=UNIQUE_SUB_CONTEXT,dc=sfbay,dc=sun,dc=com
+changetype: add
+telephoneNumber: 408-276-4397
+mail: jagadesh.munta@sun.com
+uid: munta
+givenName: jagadesh
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+sn: munta
+cn: jagadesh munta
+userPassword: munta
+
+# entry-id: 11
+dn: uid=harpreet,ou=People, dc=UNIQUE_SUB_CONTEXT,dc=sfbay,dc=sun,dc=com
+changetype: add
+mail: harpreet.singh@sun.com
+uid: harpreet
+givenName: Harpreet
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+sn: Singh
+cn: Harpreet Singh
+userPassword: harpreet
+
+# entry-id: 14
+dn: uid=j2ee,ou=People, dc=UNIQUE_SUB_CONTEXT,dc=sfbay,dc=sun,dc=com
+changetype: add
+mail: jagadesh.munta@sun.com
+uid: j2ee
+givenName: j2ee
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+sn: test
+cn: j2ee test
+userPassword: j2ee
+
+# entry-id: 17
+dn: uid=javajoe,ou=People, dc=UNIQUE_SUB_CONTEXT,dc=sfbay,dc=sun,dc=com
+changetype: add
+uid: javajoe
+givenName: java
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetorgperson
+sn: joe
+cn: java joe
+userPassword: javajoe
+
diff --git a/appserver/tests/appserv-tests/devtests/security/ldap/ldif/delete_usrgrps.ldif b/appserver/tests/appserv-tests/devtests/security/ldap/ldif/delete_usrgrps.ldif
new file mode 100644
index 0000000..9297f19
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ldap/ldif/delete_usrgrps.ldif
@@ -0,0 +1,41 @@
+version: 1
+
+# entry-id: 10
+dn: uid=munta,ou=People, dc=UNIQUE_SUB_CONTEXT,dc=sfbay,dc=sun,dc=com
+changetype: delete
+
+# entry-id: 11
+dn: uid=harpreet,ou=People, dc=UNIQUE_SUB_CONTEXT,dc=sfbay,dc=sun,dc=com
+changetype: delete
+
+# entry-id: 14
+dn: uid=j2ee,ou=People, dc=UNIQUE_SUB_CONTEXT,dc=sfbay,dc=sun,dc=com
+changetype: delete
+
+# entry-id: 17
+dn: uid=javajoe,ou=People, dc=UNIQUE_SUB_CONTEXT,dc=sfbay,dc=sun,dc=com
+changetype: delete
+
+# entry-id: 4
+dn: ou=People, dc=UNIQUE_SUB_CONTEXT,dc=sfbay,dc=sun,dc=com
+changetype: delete
+
+# entry-id: 16
+#dn: cn=sqedynamicgroup,ou=Groups, dc=UNIQUE_SUB_CONTEXT,dc=sfbay,dc=sun,dc=com
+#changetype: delete
+
+
+# entry-id: 18
+#dn: cn=sqestaticgroup,ou=Groups, dc=UNIQUE_SUB_CONTEXT,dc=sfbay,dc=sun,dc=com
+#changetype: delete
+
+# entry-id: 3
+dn: ou=Groups, dc=UNIQUE_SUB_CONTEXT,dc=sfbay,dc=sun,dc=com
+changetype: delete
+
+# entry-id: 1
+dn: dc=UNIQUE_SUB_CONTEXT,dc=sfbay,dc=sun,dc=com
+changetype: delete
+
+dn: dc=sfbay,dc=sun,dc=com
+changetype: delete
diff --git a/appserver/tests/appserv-tests/devtests/security/ldap/opends/login.conf b/appserver/tests/appserv-tests/devtests/security/ldap/opends/login.conf
new file mode 100644
index 0000000..6809434
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ldap/opends/login.conf
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+fileRealm {
+ com.sun.enterprise.security.auth.login.FileLoginModule required;
+};
+
+ldapRealm {
+ org.glassfish.security.services.impl.LDAPLoginModule required;
+};
+
+solarisRealm {
+ com.sun.enterprise.security.auth.login.SolarisLoginModule required;
+};
+
+jdbcRealm {
+ com.sun.enterprise.security.ee.auth.login.JDBCLoginModule required;
+};
+jdbcDigestRealm {
+ com.sun.enterprise.security.ee.auth.login.JDBCDigestLoginModule required;
+};
+pamRealm {
+ com.sun.enterprise.security.ee.auth.login.PamLoginModule required;
+};
diff --git a/appserver/tests/appserv-tests/devtests/security/ldap/simpleweb/build.properties b/appserver/tests/appserv-tests/devtests/security/ldap/simpleweb/build.properties
new file mode 100644
index 0000000..91df096
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ldap/simpleweb/build.properties
@@ -0,0 +1,24 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="appname" value="simple-webapp"/>
+<property name="web.xml" value="descriptor/web.xml"/>
+<property name="sun-web.xml" value="descriptor/sun-web.xml"/>
+
+
diff --git a/appserver/tests/appserv-tests/devtests/security/ldap/simpleweb/build.xml b/appserver/tests/appserv-tests/devtests/security/ldap/simpleweb/build.xml
new file mode 100644
index 0000000..f107b6a
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ldap/simpleweb/build.xml
@@ -0,0 +1,287 @@
+<?xml version="1.0"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "file:./../../../../config/run.xml">
+<!ENTITY testProperties SYSTEM "./../build.properties">
+<!ENTITY testProperties2 SYSTEM "./build.properties">
+<!ENTITY commonSecurity SYSTEM "file:./../../common.xml">
+]>
+
+
+<project name="security-ldap-simple" basedir="." default="usage">
+
+ &commonSetup;
+ &commonBuild;
+ &commonRun;
+ &commonSecurity;
+ &testProperties;
+ &testProperties2;
+
+ <property file="../config.properties"/>
+
+<!--
+ <condition property="unique-sub-context-not-specified">
+ <equals arg1="${unique-ldap-sub-context-id}" arg2="not-yet-set"/>
+ </condition>
+-->
+
+ <target name="all" depends="display-header">
+ <antcall target="all-reg"/>
+ <antcall target="all-ssl"/>
+ </target>
+
+ <target name="all-reg" depends="init-common,env-check">
+ <antcall target="setup"/>
+ <antcall target="build"/>
+ <antcall target="deploy"/>
+ <antcall target="run"/>
+ <antcall target="undeploy"/>
+ <antcall target="unsetup"/>
+ </target>
+
+ <target name="all-ssl" depends="init-common,env-check">
+ <antcall target="setup-ssl"/>
+ <antcall target="build"/>
+ <antcall target="deploy"/>
+ <antcall target="run"/>
+ <antcall target="undeploy"/>
+ <antcall target="unsetup-ssl"/>
+ </target>
+
+ <target name="display-header">
+ <echo message="-->Running ${ant.project.name} tests from ${basedir} ..."/>
+ </target>
+
+ <target name="setup" depends="init-common">
+ <!-- create auth realms -->
+ <antcall target="create-auth-ldaprealm"/>
+ <antcall target="create-ldap-usrgrps"/>
+ </target>
+
+ <target name="clean" depends="init-common">
+ <delete dir="${build.classes.dir}"/>
+ <delete dir="${assemble.dir}"/>
+ </target>
+
+ <target name="compile" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="web"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="client"/>
+ </antcall>
+ </target>
+
+ <target name="build" depends="compile">
+ <antcall target="webclient-war-common">
+ <param name="hasWebclient" value="true"/>
+ </antcall>
+ </target>
+
+ <target name="deploy" depends="init-common">
+ <antcall target="deploy-war-common">
+ <param name="contextroot" value="${appname}"/>
+ </antcall>
+ </target>
+
+ <target name="run" depends="init-common">
+ <java classname="HttpBasicAuthTest" fork="true">
+ <classpath>
+ <pathelement path="${build.classes.dir}:${s1astest.classpath}"/>
+ </classpath>
+ <arg value="-url"/>
+ <arg value="http://${http.host}:${http.port}/${appname}/TestServlet"/>
+ <arg value="-user"/>
+ <arg value="munta"/>
+ <arg value="-pass"/>
+ <arg value="munta"/>
+ <arg value="-tc"/>
+ <arg value="10"/>
+ <arg value="-lc"/>
+ <arg value="10"/>
+ </java>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-war-common"/>
+ </target>
+
+ <target name="unsetup" depends="init-common">
+ <!-- delete auth realms -->
+ <antcall target="delete-auth-ldaprealm"/>
+ <antcall target="delete-ldap-usrgrps"/>
+ </target>
+
+ <target name="create-ldap-usrgrps" depends="init-common">
+
+ <copy file="${create.ldif.file}" tofile="temp.ldif" overwrite="true" failonerror="false"/>
+ <replace file="temp.ldif" token="UNIQUE_SUB_CONTEXT" value="${unique-ldap-sub-context-id}"/>
+ <echo message="Creating ldap test users and groups at ldap://${directory.server.host}:${directory.server.port}/?dc=${unique-ldap-sub-context-id},${directory.server.basedn}"/>
+ <antcall target="execute-ldap-ldif">
+ <param name="ldif.file.path" value="temp.ldif"/>
+ </antcall>
+ <echo message="deleting temp file..."/>
+ <delete file="temp.ldif"/>
+
+ </target>
+
+ <target name="delete-ldap-usrgrps" depends="init-common">
+ <copy file="${delete.ldif.file}" tofile="temp.ldif" overwrite="true" failonerror="false"/>
+ <replace file="temp.ldif" token="UNIQUE_SUB_CONTEXT" value="${unique-ldap-sub-context-id}"/>
+ <echo message="Deleting ldap test users and groups at ldap://${directory.server.host}:${directory.server.port}/?dc=${unique-ldap-sub-context-id},${directory.server.basedn}"/>
+ <antcall target="execute-ldap-ldif">
+ <param name="ldif.file.path" value="temp.ldif"/>
+ </antcall>
+ <echo message="deleting temp file..."/>
+ <delete file="temp.ldif"/>
+ </target>
+
+ <target name="restart">
+ <antcall target="restart-server-instance-common"/>
+ </target>
+
+
+<target name="execute-ldap-ldif" depends="init-common">
+ <java classname="LDAPModify" fork="true" failonerror="false">
+ <arg line="-h ${directory.server.host}"/>
+ <arg line="-p ${directory.server.port}"/>
+ <arg line="-D "${directory.manager.dn}""/>
+ <arg line="-w ${directory.manager.passwd}"/>
+ <arg line="-f ${ldif.file.path}"/>
+ <classpath>
+ <pathelement path="${env.APS_HOME}/lib/ldapjdk.jar"/>
+ </classpath>
+ </java>
+</target>
+
+<target name="create-auth-ldaprealm" depends="init-common">
+ <!-- workaround for handling the special character : in the admin command -->
+ <echo message="directory=${directory.server.url}" file="temp.txt"/>
+ <replace file="temp.txt" token=":" value="\\:"/>
+ <loadproperties srcFile="temp.txt"/>
+ <delete file="temp.txt"/>
+ <echo message="base-dn=${directory.server.basedn}" file="temp.txt"/>
+ <replace file="temp.txt" token="dc=" value="dc\\="/>
+ <loadproperties srcFile="temp.txt"/>
+ <delete file="temp.txt"/>
+ <echo message="url=${directory}"/>
+ <echo message="base-dn=${base-dn}"/>
+
+ <antcall target="create-auth-realm">
+ <param name="realmname" value="${ldap.realm.name}"/>
+ <param name="realmclass" value="${ldap.realm.class}"/>
+ <param name="realmproperties" value="--property directory=${directory}:base-dn=dc\=${unique-ldap-sub-context-id},${base-dn}:jaas-context=ldapRealm:com.sun.jndi.ldap.connect.pool=true:com.sun.jndi.ldap.connect.pool.maxsize=2"/>
+ </antcall>
+</target>
+
+<!-- delete auth ldap realm -->
+<target name="delete-auth-ldaprealm" depends="init-common">
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-auth-realm" />
+ <param name="operand.props" value="${ldap.realm.name}"/>
+ </antcall>
+</target>
+
+
+
+<target name="import-ldap-server-cert" depends="init-common">
+ <antcall target="import-ldap-server-cert-pe"/>
+ <antcall target="import-ldap-server-cert-ee"/>
+</target>
+
+<target name="delete-ldap-server-cert" depends="init-common">
+ <antcall target="delete-ldap-server-cert-pe"/>
+ <antcall target="delete-ldap-server-cert-ee"/>
+</target>
+
+<target name="import-ldap-server-cert-pe" unless="isNSS">
+ <antcall target="import-cert-jks">
+ <param name="cert.alias" value="ldapServerCert"/>
+ <param name="cert.file" value="../whirlTestCert.rfc"/>
+ <param name="keystore.file" value="${admin.domain.dir}/${admin.domain}/config/cacerts.jks"/>
+ </antcall>
+ <!--<antcall target="restart-server-instance-common"/>-->
+</target>
+<target name="delete-ldap-server-cert-pe" unless="isNSS">
+ <exec executable="${java.home}/bin/keytool" failonerror="true">
+ <arg line="-delete -alias ldapServerCert -storepass ${ssl.password} -keystore ${admin.domain.dir}/${admin.domain}/config/cacerts.jks"/>
+ </exec>
+ <!--<antcall target="restart-server-instance-common"/>-->
+</target>
+
+<target name="import-ldap-server-cert-ee" if="isNSS">
+ <echo message="${ssl.password}" file="passfile"/>
+ <exec executable="${env.S1AS_HOME}/lib/certutil">
+ <env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib"/>
+ <arg line="-A"/>
+ <arg line="-a"/>
+ <arg line="-n whirlTestCert"/>
+ <arg line="-t 'CTP,CTP,CTP'"/>
+ <arg line="-d ${admin.domain.dir}/${admin.domain}/config/"/>
+ <arg line="-f passfile"/>
+ <arg line="-i ../whirlTestCert.rfc"/>
+ </exec>
+</target>
+
+<target name="delete-ldap-server-cert-ee" if="isNSS">
+ <echo message="${ssl.password}" file="passfile"/>
+ <exec executable="${env.S1AS_HOME}/lib/certutil">
+ <env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib"/>
+ <arg line="-D"/>
+ <arg line="-n whirlTestCert"/>
+ <arg line="-d ${admin.domain.dir}/${admin.domain}/config/"/>
+ <arg line="-f passfile"/>
+ </exec>
+</target>
+
+<target name="create-auth-ldaprealm-ssl" depends="init-common">
+ <echo message="directory=${directory.server.url.ssl}" file="temp.txt"/>
+ <replace file="temp.txt" token=":" value="\\:"/>
+ <loadproperties srcFile="temp.txt"/>
+ <delete file="temp.txt"/>
+ <echo message="base-dn=${directory.server.basedn}" file="temp.txt"/>
+ <replace file="temp.txt" token="dc=" value="dc\\="/>
+ <loadproperties srcFile="temp.txt"/>
+ <delete file="temp.txt"/>
+ <echo message="url=${directory}"/>
+ <echo message="base-dn=${base-dn}"/>
+
+ <antcall target="create-auth-realm">
+ <param name="realmname" value="${ldap.realm.name}"/>
+ <param name="realmclass" value="${ldap.realm.class}"/>
+ <param name="realmproperties" value="--property directory=${directory}:base-dn=dc\=${unique-ldap-sub-context-id},${base-dn}:jaas-context=ldapRealm:com.sun.jndi.ldap.connect.pool=true:com.sun.jndi.ldap.connect.pool.maxsize=2"/>
+ </antcall>
+</target>
+
+ <target name="setup-ssl" depends="init-common,env-check">
+<!-- <antcall target="import-ldap-server-cert"/>-->
+ <antcall target="create-auth-ldaprealm-ssl"/>
+ <antcall target="create-ldap-usrgrps"/>
+ </target>
+ <target name="unsetup-ssl" depends="init-common,env-check">
+<!-- <antcall target="delete-ldap-server-cert"/>-->
+ <antcall target="delete-auth-ldaprealm"/>
+ <antcall target="delete-ldap-usrgrps"/>
+ </target>
+
+
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/ldap/simpleweb/client/HttpBasicAuthTest.java b/appserver/tests/appserv-tests/devtests/security/ldap/simpleweb/client/HttpBasicAuthTest.java
new file mode 100644
index 0000000..9d59dbb
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ldap/simpleweb/client/HttpBasicAuthTest.java
@@ -0,0 +1,210 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+import java.io.*;
+import java.net.*;
+import sun.misc.*;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+public class HttpBasicAuthTest implements Runnable {
+
+ private int suxesCount = 0;
+ private int failureCount = 0;
+ private boolean result = true;
+
+ private long minTime = Long.MAX_VALUE;
+ private long maxTime = 0;
+ private long avgTime;
+ private double stdDev = 0;
+ private long totalTime = 0;
+ private long indiTimes[];
+ private int indiIndex = 0;
+
+ private String url;
+ private String username;
+ private String password;
+ private int threadCount;
+ private int loopCount;
+
+ public HttpBasicAuthTest(String url, String username, String password,
+ int threadCount, int loopCount) {
+
+ this.url = url;
+ this.username = username;
+ this.password = password;
+ this.threadCount = threadCount;
+ this.loopCount = loopCount;
+ }
+
+ public void doTest() {
+
+ indiTimes = new long[threadCount*loopCount];
+ for(int i=0; i<indiTimes.length; i++) {
+ indiTimes[i] = 0;
+ }
+
+ Thread tarray[] = new Thread[threadCount];
+
+ for(int i=0; i<threadCount; i++)
+ tarray[i] = new Thread(this, "Http-request-thread-" + i);
+
+ for(int i=0; i<threadCount; i++)
+ tarray[i].start();
+
+ for(int i=0; i<threadCount; i++) {
+ try {
+ tarray[i].join();
+ } catch(Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ avgTime = totalTime/suxesCount;
+
+ for(int i=0; i<indiIndex; i++) {
+ stdDev += (indiTimes[i]-avgTime)*(indiTimes[i]-avgTime);
+ }
+ if( indiIndex>1)
+ stdDev = stdDev/(indiIndex-1);
+
+ stdDev = Math.pow(stdDev, 0.5);
+
+ System.out.println("Total requests: " + (suxesCount+failureCount) +
+ ", success count: " + suxesCount +
+ ", failure count: " + failureCount);
+ System.out.println("Min/Max/Avg/StdDev: (milliseconds) " +
+ minTime + "/" +
+ maxTime + "/" + avgTime + "/" + stdDev);
+
+ String testId = "Sec::LDAP BasicAuth";
+ stat.addDescription("Security::LDAP BasicAuth");
+ if (result) {
+ stat.addStatus(testId, stat.PASS);
+ } else {
+ stat.addStatus(testId, stat.FAIL);
+ }
+ stat.printSummary(testId);
+ }
+
+ public void run() {
+ long st,et;
+
+ for(int i=0; i<loopCount; i++) {
+
+ try {
+ st = System.currentTimeMillis();
+ run0();
+ et = System.currentTimeMillis();
+ synchronized(this) {
+
+ suxesCount++;
+ long tt = et-st;
+
+ totalTime += tt;
+ indiTimes[indiIndex++] = tt;
+
+ if( tt > maxTime )
+ maxTime = tt;
+ if( tt < minTime )
+ minTime = tt;
+
+ }
+ } catch(Exception e) {
+ e.printStackTrace();
+ synchronized(this) {
+ failureCount++;
+ }
+ result = false;
+ continue;
+ }
+
+ }
+ }
+
+ protected void run0() throws Exception {
+
+ System.out.println("running ...");
+ URL u = new URL(url);
+ URLConnection uconn = u.openConnection();
+
+ String up = username + ":" + password;
+ BASE64Encoder be = new BASE64Encoder();
+ up = new String(be.encode(up.getBytes()));
+
+ uconn.setRequestProperty("authorization", "Basic " + up);
+
+ BufferedReader reader = new BufferedReader(new InputStreamReader(
+ uconn.getInputStream()));
+ String lineread;
+ while((lineread=reader.readLine()) != null ) {
+ System.out.println(Thread.currentThread() + " -- " + lineread);
+ }
+ }
+
+
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+
+
+ public static final String URL_OPTION = "-url";
+ public static final String USER_OPTION = "-user";
+ public static final String PASS_OPTION = "-pass";
+ public static final String THREADS_OPTION = "-tc";
+ public static final String LOOP_OPTION = "-lc";
+
+ public static void usage() {
+ System.out.println("usage: java HttpBasicAuthTest -url <url> -user <user> -pass <pass> -tc <thread-count> -lc <loop-count>");
+ }
+
+ public static void main(String[] args) {
+
+ String url = null;
+ String user = null;
+ String pass = null;
+ int tc=-1;
+ int lc=-1;
+
+ for(int i=0; i<args.length; i++) {
+ if( args[i].intern() == URL_OPTION.intern() ) {
+ url = args[++i];
+ } else if( args[i].intern() == USER_OPTION.intern() ) {
+ user = args[++i];
+ } else if( args[i].intern() == PASS_OPTION.intern() ) {
+ pass = args[++i];
+ } else if( args[i].intern() == THREADS_OPTION.intern() ) {
+ tc = Integer.parseInt(args[++i]);
+ } else if( args[i].intern() == LOOP_OPTION.intern() ) {
+ lc = Integer.parseInt(args[++i]);
+ } else {
+ usage();
+ System.exit(1);
+ }
+ }
+
+ if( url == null || user == null || pass == null ||
+ tc==-1 || lc==-1 ) {
+ usage();
+ System.exit(1);
+ }
+
+ HttpBasicAuthTest test = new HttpBasicAuthTest(url, user, pass, tc, lc);
+ test.doTest();
+
+
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/ldap/simpleweb/descriptor/sun-web.xml b/appserver/tests/appserv-tests/devtests/security/ldap/simpleweb/descriptor/sun-web.xml
new file mode 100644
index 0000000..029d598
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ldap/simpleweb/descriptor/sun-web.xml
@@ -0,0 +1,30 @@
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!-- sun-web-app -->
+<sun-web-app>
+ <security-role-mapping>
+ <role-name>Employee</role-name>
+ <principal-name>munta</principal-name>
+ <principal-name>j2ee</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>Manager</role-name>
+ <principal-name>javajoe</principal-name>
+ </security-role-mapping>
+</sun-web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/ldap/simpleweb/descriptor/web.xml b/appserver/tests/appserv-tests/devtests/security/ldap/simpleweb/descriptor/web.xml
new file mode 100644
index 0000000..67ca849
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ldap/simpleweb/descriptor/web.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+
+<web-app>
+
+ <servlet>
+ <servlet-name>TestJSP</servlet-name>
+ <jsp-file>/TestJSP.jsp</jsp-file>
+ </servlet>
+
+ <servlet>
+ <servlet-name>TestServlet</servlet-name>
+ <servlet-class>com.sun.security.devtests.ldap.simple.TestServlet</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>TestJSP</servlet-name>
+ <url-pattern>/TestJSP</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>TestServlet</servlet-name>
+ <url-pattern>/TestServlet</url-pattern>
+ </servlet-mapping>
+
+ <session-config>
+ <session-timeout>
+ 30
+ </session-timeout>
+ </session-config>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>WR1</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>Employee</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>ldaprealmname</realm-name>
+ </login-config>
+
+ <security-role>
+ <description>NONE</description>
+ <role-name>Employee</role-name>
+ </security-role>
+ <security-role>
+ <role-name>Manager</role-name>
+ </security-role>
+
+</web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/ldap/simpleweb/web/TestJSP.jsp b/appserver/tests/appserv-tests/devtests/security/ldap/simpleweb/web/TestJSP.jsp
new file mode 100644
index 0000000..721854e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ldap/simpleweb/web/TestJSP.jsp
@@ -0,0 +1,112 @@
+<%--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+--%>
+
+<%@ page language="java" %>
+<%@ page import="javax.naming.*" %>
+<%@ page import="javax.rmi.*" %>
+<%@ page import="java.util.*" %>
+<%@ page import="java.sql.*" %>
+<%@ page import="javax.sql.*" %>
+
+<%!
+ // Security role references.
+ private static final String emp_secrole_ref = "Employee";
+ private static final String admin_secrole_ref = "ADMIN";
+ private static final String mgr_secrole_ref = "Manager";
+ private static final String user ="munta";
+%>
+
+<html>
+<head><title>Web Auth Test</title></head>
+<body>
+<br>Basic Authentication tests from JSP: Test1,Test2,Test3
+<br>Authorization test from JSP: Test4,Test5-> HttpServletRequest.isUserInRole() authorization from JSP.
+<hr>
+<%
+/*
+ Principal p = request.getUserPrincipal();
+ String username = p.getName();
+ out.println("<br>Test1");
+ if (p==null){
+ out.println("<br>Test1.Basic Auth from JSP test Failed!");
+ out.println("<br>Test2.HttpServletRequest.isUserInRole() test Failed!");
+ out.println("<br>INFO:Principal from basic auth JSP is null!");
+ }
+*/
+ //Check the auth type - request.getAuthType()
+ out.println("<br><br>Test1. Postive check for the correct authentication type");
+ String authtype=request.getAuthType();
+ if ("BASIC".equalsIgnoreCase(authtype) ){
+ out.println("<br>request.getAuthType() test Passed.");
+ }else{
+ out.println("<br>request.getAuthType() test Failed!");
+ }
+ out.println("<br>Info:request.getAuthType() is= "+authtype);
+
+ String username = request.getUserPrincipal().getName();
+ out.println("<br><br>Test2. Positive check for the correct principal name");
+ if (user.equals(username)){
+ out.println("<br>request.getUserPrincipal() test Passed.");
+ }else{
+ out.println("<br>request.getUserPrincipal() test Failed!");
+ }
+ out.println("<br>Info:request.getUserPrincipal() is= "+username);
+
+ //Check the remote user request.getRemoteUser()- get null if not authenticated
+ out.println("<br><br>Test3. Positive check whether given user authenticated");
+ username=request.getRemoteUser();
+ if (user.equals(username)){
+ out.println("<br>request.getRemoteUser() test Passed.");
+ }else{
+ out.println("<br>request.getRemoteUser() test Failed!");
+ }
+ out.println("<br>Info:request.getRemoteUser() is= "+username);
+
+
+ // ----Authorization tests ---
+ out.println("<br><br>Test4.Positive check whether the user is in proper role");
+ boolean isInProperRole=request.isUserInRole(emp_secrole_ref);
+ if (isInProperRole){
+ out.println("<br>HttpServletRequest.isUserInRole() test Passed.");
+ }else{
+ out.println("<br>HttpServletRequest.isUserInRole() test Failed!");
+ }
+ out.println("<br>Info:request.isUserInRole(\""+emp_secrole_ref+"\") is= "+isInProperRole);
+
+ out.println("<br><br>Test5.Negative check whether the current user is any other other role");
+ boolean isNotInOtherRole=request.isUserInRole(mgr_secrole_ref);
+ if (!isNotInOtherRole){
+ out.println("<br>HttpServletRequest.isUserInRole() test Passed.");
+ }else{
+ out.println("<br>HttpServletRequest.isUserInRole() test Failed!");
+ }
+ out.println("<br>Info:request.isUserInRole(\""+mgr_secrole_ref+"\") is= "+isNotInOtherRole);
+
+%>
+<%
+ // Invalidate the session to make the test as independent and always ask for login
+ try{
+ session.invalidate();
+ }catch(Exception ex){
+ ex.printStackTrace();
+ }
+%>
+
+
+</body>
+</html>
diff --git a/appserver/tests/appserv-tests/devtests/security/ldap/simpleweb/web/TestServlet.java b/appserver/tests/appserv-tests/devtests/security/ldap/simpleweb/web/TestServlet.java
new file mode 100644
index 0000000..b1223ca
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ldap/simpleweb/web/TestServlet.java
@@ -0,0 +1,116 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.security.devtests.ldap.simple;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpSession;
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.Properties;
+
+
+public class TestServlet extends HttpServlet
+{
+ // Security role references.
+ private static final String emp_secrole_ref = "Employee";
+ private static final String admin_secrole_ref = "ADMIN";
+ private static final String mgr_secrole_ref = "Manager";
+
+ String user="munta";
+ Properties props=null;
+
+
+
+ public void doGet(HttpServletRequest request,HttpServletResponse response) throws ServletException, IOException
+ {
+ PrintWriter out= response.getWriter();
+ out.println("<br>Basic Authentication tests from Servlet: Test1,Test2,Test3 ");
+ out.println("<br>Authorization test from Servlet: Test4,Test5-> HttpServletRequest.isUserInRole() authorization from Servlet.");
+
+ test1(request, response, out);
+ test2(request, response, out);
+ test3(request, response, out);
+ test4(request, response, out);
+ test5(request, response, out);
+ }
+
+
+ //Tests begin
+ public void test1(HttpServletRequest request, HttpServletResponse response, PrintWriter out)
+ {
+ //Check the auth type - request.getAuthType()
+ out.println("<br><br>Test1. Postive check for the correct authentication type");
+ String authtype=request.getAuthType();
+ if ("BASIC".equalsIgnoreCase(authtype) ){
+ out.println("<br>request.getAuthType() test Passed.");
+ }else{
+ out.println("<br>request.getAuthType() test Failed!");
+ }
+ out.println("<br>Info:request.getAuthType() is= "+authtype);
+ }
+ //Test2
+ public void test2(HttpServletRequest request, HttpServletResponse response, PrintWriter out){
+ String username = request.getUserPrincipal().getName();
+ out.println("<br><br>Test2. Positive check for the correct principal name");
+ if (user.equals(username)){
+ out.println("<br>request.getUserPrincipal() test Passed.");
+ }else{
+ out.println("<br>request.getUserPrincipal() test Failed!");
+ }
+ out.println("<br>Info:request.getUserPrincipal() is= "+username);
+
+ }
+ //Test3 - positive test for checking the user authentication
+ //Check the remote user request.getRemoteUser()- get null if not authenticated
+ public void test3(HttpServletRequest request, HttpServletResponse response, PrintWriter out){
+ out.println("<br><br>Test3. Positive check whether given user authenticated");
+ String username=request.getRemoteUser();
+ if (user.equals(username)){
+ out.println("<br>request.getRemoteUser() test Passed.");
+ }else{
+ out.println("<br>request.getRemoteUser() test Failed!");
+ }
+ out.println("<br>Info:request.getRemoteUser() is= "+username);
+ }
+ //Test4 - positive test for checking the user's proper role
+ public void test4(HttpServletRequest request, HttpServletResponse response, PrintWriter out){
+ out.println("<br><br>Test4.Positive check whether the user is in proper role");
+ boolean isInProperRole=request.isUserInRole(emp_secrole_ref);
+ if (isInProperRole){
+ out.println("<br>HttpServletRequest.isUserInRole() test Passed.");
+ }else{
+ out.println("<br>HttpServletRequest.isUserInRole() test Failed!");
+ }
+ out.println("<br>Info:request.isUserInRole(\""+emp_secrole_ref+"\") is= "+isInProperRole);
+ }
+
+ //Test5 - Negative test for checking the user's proper role
+ public void test5(HttpServletRequest request, HttpServletResponse response, PrintWriter out){
+ out.println("<br><br>Test5.Negative check whether the current user is any other other role");
+ boolean isNotInOtherRole=request.isUserInRole(mgr_secrole_ref);
+ if (!isNotInOtherRole){
+ out.println("<br>HttpServletRequest.isUserInRole() test Passed.");
+ }else{
+ out.println("<br>HttpServletRequest.isUserInRole() test Failed!");
+ }
+ out.println("<br>Info:request.isUserInRole(\""+mgr_secrole_ref+"\") is= "+isNotInOtherRole);
+ }
+}
+
diff --git a/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/README b/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/README
new file mode 100644
index 0000000..677d0d2
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/README
@@ -0,0 +1,13 @@
+The directory host, port and basedn can be changed by modifying the following
+properties:
+ directory.server.host
+ directory.server.port
+ directory.server.basedn
+in build.properties
+
+This test use a user name "j2ee/shingwai" with password "j2ee/shingwai".
+If a different user is used, then please modify it in
+shopping/RpaBean.java, descriptor/sun-application.xml and build.xml.
+If a different password is used, then please modify it in build.xml.
+
+For LDAP/SSL test, one need to import cert from LDAP server to our truststore.
diff --git a/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/build.properties b/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/build.properties
new file mode 100644
index 0000000..1b5be45
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/build.properties
@@ -0,0 +1,39 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security"/>
+<property name="app.type" value="application"/>
+<!--======= -->
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="sun-application.xml" value="descriptor/sun-application.xml"/>
+<property name="ejb-jar.xml" value="descriptor/ejb-jar.xml"/>
+<property name="sun-ejb-jar.xml" value="descriptor/sun-ejb-jar.xml"/>
+<property name="application-client.xml" value="descriptor/application-client.xml"/>
+<property name="sun-application-client.xml" value="descriptor/sun-application-client.xml"/>
+<property name="appname" value="rpaLoginBean"/>
+
+<property name="create.ldif.file" value="./ldif/create_usrgrps.ldif"/>
+<property name="delete.ldif.file" value="./ldif/delete_usrgrps.ldif"/>
+
+<property name="directory.server.host" value="localhost"/>
+<property name="directory.server.port" value="1389"/>
+<property name="directory.server.sslport" value="1636"/>
+<property name="directory.server.basedn" value="dc=sfbay,dc=sun,dc=com"/>
+<property name="directory.manager.dn" value="cn=Directory Manager"/>
+<property name="directory.manager.passwd" value="dmanager"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/build.xml b/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/build.xml
new file mode 100644
index 0000000..72ce8dd
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/build.xml
@@ -0,0 +1,186 @@
+<?xml version="1.0"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "file:./../../../config/run.xml">
+<!ENTITY testProperties SYSTEM "./build.properties">
+]>
+
+
+<project name="LDAPrealmperapp" basedir="." default="usage">
+
+ &commonSetup;
+ &commonBuild;
+ &commonRun;
+ &testProperties;
+
+ <target name="all">
+ <antcall target="build"/>
+ <antcall target="create-ldap-usrgrps" />
+ <antcall target="setup"/>
+ <antcall target="deploy"/>
+ <antcall target="run"/>
+ <antcall target="unsetup"/>
+ <antcall target="sslsetup"/>
+ <antcall target="run"/>
+ <antcall target="undeploy"/>
+ <antcall target="delete-ldap-usrgrps" />
+ <antcall target="sslunsetup"/>
+ </target>
+
+ <target name="plainldaprealm" depends="build, create-ldap-usrgrps, setup, deploy, run, undeploy, delete-ldap-usrgrps, unsetup"/>
+
+ <target name="sslldaprealm" depends="build, create-ldap-usrgrps, sslsetup, deploy, run, undeploy, delete-ldap-usrgrps, sslunsetup"/>
+
+ <target name="clean" depends="init-common">
+ <delete dir="${build.classes.dir}"/>
+ <delete dir="${assemble.dir}"/>
+ </target>
+
+ <target name="setup" depends="init-common">
+ <property name="directory.server.url" value="ldap://${directory.server.host}:${directory.server.port}"/>
+ <echo message="directory=${directory.server.url}" file="temp.txt"/>
+ <replace file="temp.txt" token=":" value="\\:"/>
+ <loadproperties srcFile="temp.txt"/>
+ <delete file="temp.txt"/>
+ <echo message="base-dn=${directory.server.basedn}" file="temp.txt"/>
+ <replace file="temp.txt" token="dc=" value="dc\\="/>
+ <loadproperties srcFile="temp.txt"/>
+ <delete file="temp.txt"/>
+ <echo message="url=${directory}"/>
+ <echo message="base-dn=${base-dn}"/>
+
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="create-auth-realm" />
+ <param name="operand.props" value="--classname com.sun.enterprise.security.auth.realm.ldap.LDAPRealm --property directory=${directory}:base-dn=${base-dn}:jaas-context=ldapRealm:com.sun.jndi.ldap.connect.pool.debug=fine:com.sun.jndi.ldap.connect.pool.maxsize=2 ldap"/>
+ </antcall>
+ </target>
+
+ <target name="sslsetup" depends="init-common">
+ <property name="directory.server.sslurl" value="ldaps://${directory.server.host}:${directory.server.sslport}"/>
+ <echo message="ssldirectory=${directory.server.sslurl}" file="temp.txt"/>
+ <replace file="temp.txt" token=":" value="\\:"/>
+ <loadproperties srcFile="temp.txt"/>
+ <delete file="temp.txt"/>
+ <echo message="base-dn=${directory.server.basedn}" file="temp.txt"/>
+ <replace file="temp.txt" token="dc=" value="dc\\="/>
+ <loadproperties srcFile="temp.txt"/>
+ <delete file="temp.txt"/>
+
+ <echo message="sslurl=${ssldirectory}"/>
+ <echo message="base-dn=${base-dn}"/>
+
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="create-auth-realm" />
+ <param name="operand.props" value="--classname com.sun.enterprise.security.auth.realm.ldap.LDAPRealm --property directory=${ssldirectory}:base-dn=${base-dn}:jaas-context=ldapRealm:com.sun.jndi.ldap.connect.pool.debug=fine:com.sun.jndi.ldap.connect.pool.maxsize=2 ldap"/>
+ </antcall>
+ </target>
+
+ <target name="compile" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="shopping"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="client"/>
+ </antcall>
+ </target>
+
+ <target name="build" depends="compile">
+ <antcall target="build-ear-common"/>
+ </target>
+
+ <target name="deploy" depends="init-common">
+ <antcall target="deploy-common"/>
+ </target>
+
+
+ <target name="run" depends="init-common">
+ <echo message="PASSWORD=j2ee/shingwai" file="${build.classes.dir}/passfile.txt" />
+ <exec executable="${APPCLIENT}">
+ <arg line="-client ${assemble.dir}/${appname}AppClient.jar"/>
+ <arg line="-textauth" />
+ <arg line="-user j2ee/shingwai"/>
+ <arg line="-passwordfile ${build.classes.dir}/passfile.txt"/>
+ </exec>
+ <delete file="${build.classes.dir}/passfile.txt" />
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-common"/>
+ </target>
+
+ <target name="unsetup" depends="init-common">
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-auth-realm" />
+ <param name="operand.props" value="ldap" />
+ </antcall>
+ </target>
+
+ <target name="sslunsetup" depends="init-common">
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-auth-realm" />
+ <param name="operand.props" value="ldap" />
+ </antcall>
+ </target>
+
+ <target name="create-ldap-usrgrps" depends="init-common">
+
+ <copy file="${create.ldif.file}" tofile="temp.ldif" overwrite="true" failonerror="false"/>
+ <echo message="Creating ldap test users and groups at ldap://${directory.server.host}:${directory.server.port}/?${directory.server.basedn}"/>
+ <antcall target="execute-ldap-ldif">
+ <param name="ldif.file.path" value="temp.ldif"/>
+ </antcall>
+ <echo message="deleting temp file..."/>
+ <delete file="temp.ldif"/>
+
+ </target>
+
+ <target name="delete-ldap-usrgrps" depends="init-common">
+ <copy file="${delete.ldif.file}" tofile="temp.ldif" overwrite="true" failonerror="false"/>
+ <echo message="Deleting ldap test users and groups at ldap://${directory.server.host}:${directory.server.port}/?${directory.server.basedn}"/>
+ <antcall target="execute-ldap-ldif">
+ <param name="ldif.file.path" value="temp.ldif"/>
+ </antcall>
+ <echo message="deleting temp file..."/>
+ <delete file="temp.ldif"/>
+ </target>
+
+ <target name="execute-ldap-ldif" depends="init-common">
+ <java classname="LDAPModify" fork="true" failonerror="false">
+ <arg line="-h ${directory.server.host}"/>
+ <arg line="-p ${directory.server.port}"/>
+ <arg line="-D "${directory.manager.dn}""/>
+ <arg line="-w ${directory.manager.passwd}"/>
+ <arg line="-f ${ldif.file.path}"/>
+ <classpath>
+ <pathelement path="${env.APS_HOME}/lib/ldapjdk.jar"/>
+ </classpath>
+ </java>
+ </target>
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+
+ <target name="restart">
+ <antcall target="restart-server-instance-common"/>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/client/MANIFEST.MF b/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/client/MANIFEST.MF
new file mode 100644
index 0000000..d6c7e78
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/client/MANIFEST.MF
@@ -0,0 +1,4 @@
+Manifest-Version: 1.0
+Created-By: Apache Ant 1.5
+Main-Class: shopping.RpaClient
+
diff --git a/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/client/RpaClient.java b/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/client/RpaClient.java
new file mode 100644
index 0000000..7e6002e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/client/RpaClient.java
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) 2002, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package shopping;
+
+import javax.naming.*;
+import javax.rmi.PortableRemoteObject;
+import com.sun.enterprise.security.LoginContext;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+public class RpaClient {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+
+ public static void main (String[] args) {
+
+ RpaClient client = new RpaClient(args);
+ client.doTest();
+ }
+
+ public RpaClient(String[] args) {
+ //super(args);
+ }
+
+ public String doTest() {
+
+ RpaRemote hr=null;
+ String res=null;
+ Context ic = null;
+ LoginContext lc=null;
+ RpaHome home=null;
+ String testId = "Sec:: LDAP realm";
+ try{
+ stat.addDescription("Security:: LDAP realm");
+ ic = new InitialContext();
+ // create EJB using factory from container
+ java.lang.Object objref = ic.lookup("rpaLoginBean");
+
+ System.err.println("Looked up home!!");
+
+ home = (RpaHome)PortableRemoteObject.narrow(
+ objref, RpaHome.class);
+ System.err.println("Narrowed home!!");
+
+ hr = home.create("LizHurley");
+ System.out.println("Got the EJB!!");
+
+ // invoke 3 overloaded methods on the EJB
+ System.out.println ("Calling authorized method - addItem");
+ hr.addItem("lipstick", 30);
+ hr.addItem("mascara", 40);
+ hr.addItem("lipstick2", 50);
+ hr.addItem("sandals", 200);
+ System.out.println(hr.getTotalCost());
+ hr.deleteItem("lipstick2");
+ java.lang.String[] shoppingList = hr.getItems();
+ System.out.println("Shopping list for LizHurley");
+ for (int i=0; i<shoppingList.length; i++){
+ System.out.println(shoppingList[i]);
+ }
+ System.out.println("Total Cost for Ms Hurley = "+
+ hr.getTotalCost());
+ stat.addStatus(testId, stat.PASS);
+ System.out.println("LDAP Realm:RpaLoginBean Test Passed");
+ } catch(Exception re){
+ re.printStackTrace();
+ stat.addStatus(testId, stat.FAIL);
+ System.out.println("LDAP Realm:RpaLoginBean Test Failed");
+ System.exit(-1);
+ } finally {
+ stat.printSummary();
+ }
+ return res;
+
+ }
+}
+
diff --git a/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/descriptor/application-client.xml b/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/descriptor/application-client.xml
new file mode 100644
index 0000000..2165e5a
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/descriptor/application-client.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE application-client PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application Client 1.3//EN" "http://java.sun.com/dtd/application-client_1_3.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application-client>
+ <display-name>rpaLoginBean-client</display-name>
+ <description>Stateful Login Bean checking j2eelogin.name and j2eelogin.password properties</description>
+ <ejb-ref>
+ <ejb-ref-name>ejb/rpaLoginBean</ejb-ref-name>
+ <ejb-ref-type>Session</ejb-ref-type>
+ <home>shopping.RpaHome</home>
+ <remote>shopping.RpaRemote</remote>
+ </ejb-ref>
+</application-client>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/descriptor/application.xml b/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/descriptor/application.xml
new file mode 100644
index 0000000..a736f97
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/descriptor/application.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE application PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application 1.3//EN" "http://java.sun.com/dtd/application_1_3.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application>
+ <display-name>rpaLoginBean</display-name>
+ <module>
+ <ejb>rpaLoginBean-ejb.jar</ejb>
+ </module>
+ <module>
+ <java>rpaLoginBean-client.jar</java>
+ </module>
+</application>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/descriptor/ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/descriptor/ejb-jar.xml
new file mode 100644
index 0000000..acfdabd
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/descriptor/ejb-jar.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 2.0//EN" "http://java.sun.com/dtd/ejb-jar_2_0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<ejb-jar>
+ <display-name>Ejb1</display-name>
+ <enterprise-beans>
+ <session>
+ <display-name>rpaLoginBean</display-name>
+ <ejb-name>rpaLoginBean</ejb-name>
+ <home>shopping.RpaHome</home>
+ <remote>shopping.RpaRemote</remote>
+ <ejb-class>shopping.RpaBean</ejb-class>
+ <session-type>Stateful</session-type>
+ <transaction-type>Container</transaction-type>
+ <security-role-ref>
+ <role-name>EMP</role-name>
+ <role-link>Employee</role-link>
+ </security-role-ref>
+ <security-role-ref>
+ <role-name>STAFF</role-name>
+ <role-link>Employee</role-link>
+ </security-role-ref>
+ <security-role-ref>
+ <role-name>ADMIN</role-name>
+ <role-link>Administrator</role-link>
+ </security-role-ref>
+ <security-role-ref>
+ <role-name>MGR</role-name>
+ <role-link>Manager</role-link>
+ </security-role-ref>
+ <security-identity>
+ <use-caller-identity/>
+ </security-identity>
+ </session>
+ </enterprise-beans>
+ <assembly-descriptor>
+ <security-role>
+ <role-name>Employee</role-name>
+ </security-role>
+ <security-role>
+ <role-name>Administrator</role-name>
+ </security-role>
+ <security-role>
+ <role-name>Manager</role-name>
+ </security-role>
+ </assembly-descriptor>
+</ejb-jar>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/descriptor/sun-application-client.xml b/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/descriptor/sun-application-client.xml
new file mode 100644
index 0000000..d22ee2b
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/descriptor/sun-application-client.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application-client PUBLIC "-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 Application Client 1.3//EN" "http://www.sun.com/software/sunone/appserver/dtds/sun-application-client_1_3-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application-client>
+<ejb-ref>
+<ejb-ref-name>ejb/rpaLoginBean</ejb-ref-name>
+<jndi-name>rpaLoginBean</jndi-name>
+</ejb-ref>
+</sun-application-client>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/descriptor/sun-application.xml b/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/descriptor/sun-application.xml
new file mode 100644
index 0000000..2c99149
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/descriptor/sun-application.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application PUBLIC "-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 J2EE Application 1.4//EN" "http://www.sun.com/software/sunone/appserver/dtds/sun-application_1_4-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application>
+ <unique-id>0</unique-id>
+ <security-role-mapping>
+ <role-name>Administrator</role-name>
+ <principal-name>harry</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>Employee</role-name>
+ <principal-name>j2ee/shingwai</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>Manager</role-name>
+ <principal-name>j2ee/shingwai</principal-name>
+ </security-role-mapping>
+ <realm>ldap</realm>
+</sun-application>
diff --git a/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/descriptor/sun-ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/descriptor/sun-ejb-jar.xml
new file mode 100644
index 0000000..0f6ddd4
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/descriptor/sun-ejb-jar.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 EJB 2.0//EN" "http://www.sun.com/software/sunone/appserver/dtds/sun-ejb-jar_2_0-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-ejb-jar>
+<enterprise-beans>
+<unique-id>0</unique-id>
+<ejb>
+<ejb-name>rpaLoginBean</ejb-name>
+<jndi-name>rpaLoginBean</jndi-name>
+<ior-security-config>
+<transport-config>
+<integrity>supported</integrity>
+<confidentiality>supported</confidentiality>
+<establish-trust-in-target>supported</establish-trust-in-target>
+<establish-trust-in-client>supported</establish-trust-in-client>
+</transport-config>
+<as-context>
+<auth-method>username_password</auth-method>
+<realm>ldap</realm>
+<required>true</required>
+</as-context>
+<sas-context>
+<caller-propagation>supported</caller-propagation>
+</sas-context>
+</ior-security-config>
+<gen-classes/>
+</ejb>
+</enterprise-beans>
+</sun-ejb-jar>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/ldif/create_usrgrps.ldif b/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/ldif/create_usrgrps.ldif
new file mode 100644
index 0000000..b03daef
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/ldif/create_usrgrps.ldif
@@ -0,0 +1,44 @@
+version: 1
+
+# root dn
+dn: dc=sfbay,dc=sun,dc=com
+changetype: add
+description: ldap test dn
+objectClass: domain
+objectClass: top
+dc: sfbay
+
+#User ou
+dn: ou=Users,dc=sfbay,dc=sun,dc=com
+changetype: add
+ou: Users
+description: Users List
+objectClass: organizationalUnit
+
+#Group ou
+dn: ou=Groups,dc=sfbay,dc=sun,dc=com
+changetype: add
+ou: Groups
+description: Group List
+objectClass: top
+objectClass: organizationalUnit
+
+#User
+dn: uid=j2ee/shingwai,ou=Users,dc=sfbay,dc=sun,dc=com
+changetype: add
+objectClass: person
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: top
+uid: j2ee/shingwai
+cn: j2ee/shingwai
+sn: j2ee/shingwai
+userPassword: j2ee/shingwai
+
+#Group
+dn: cn=Employee,ou=Groups,dc=sfbay,dc=sun,dc=com
+changetype: add
+objectClass: top
+objectClass: groupOfUniqueNames
+uniqueMember: uid=j2ee/shingwai,ou=Users,dc=sfbay,dc=sun,dc=com
+cn: Employee
diff --git a/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/ldif/delete_usrgrps.ldif b/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/ldif/delete_usrgrps.ldif
new file mode 100644
index 0000000..460d865
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/ldif/delete_usrgrps.ldif
@@ -0,0 +1,16 @@
+version: 1
+
+dn: cn=Employee,ou=Groups,dc=sfbay,dc=sun,dc=com
+changetype: delete
+
+dn: uid=j2ee/shingwai,ou=Users,dc=sfbay,dc=sun,dc=com
+changetype: delete
+
+dn: ou=Groups,dc=sfbay,dc=sun,dc=com
+changetype: delete
+
+dn: ou=Users,dc=sfbay,dc=sun,dc=com
+changetype: delete
+
+dn: dc=sfbay,dc=sun,dc=com
+changetype: delete
diff --git a/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/shopping/RpaBean.java b/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/shopping/RpaBean.java
new file mode 100644
index 0000000..9aac322
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/shopping/RpaBean.java
@@ -0,0 +1,127 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+/*
+ * ShoppingEJB.java
+ *
+ * Created on May 15, 2003, 5:16 PM
+ */
+
+package shopping;
+
+import javax.ejb.SessionContext;
+import javax.ejb.SessionBean;
+import javax.ejb.EJBException;
+import java.rmi.RemoteException;
+import java.util.ArrayList;
+import java.util.List;
+/**
+ *
+ * @author Harpreet
+ * @version
+ */
+
+public class RpaBean implements SessionBean {
+
+ private String shopper = "anonymous";
+ private String principal = "j2ee/shingwai";
+ private int totalPrice = 0;
+
+ private int totalItems = 0;
+
+ private List<String> items;
+
+ private List<Integer> itemPrice;
+
+ private SessionContext sc = null;
+
+ /** Creates a new instance of ShoppingEJB */
+ public void ejbCreate(String shopperName) {
+ shopper = shopperName;
+ items = new ArrayList<String>();
+ itemPrice = new ArrayList<Integer>();
+ }
+
+ public void addItem(String item, int price) throws EJBException,
+ RemoteException{
+ checkCallerPrincipal();
+ items.add(item);
+ itemPrice.add(Integer.valueOf(price));
+ totalItems++;
+ totalPrice += price;
+ System.out.println(" Shopping Cart: Shopper "+ shopper +" has bought "
+ + item +" for price ="+ price +" .Total Items = "+totalItems +
+ " .TotalPrice = " + totalPrice);
+ }
+
+ public void deleteItem(String item) throws EJBException,
+ RemoteException{
+ checkCallerPrincipal();
+ int index = items.indexOf(item);
+ items.remove(item);
+ Integer price = itemPrice.get(index);
+ System.out.println("Shopping Cart: Removing item "+ item +" @price "+
+ price.intValue());
+ totalPrice -= price.shortValue();
+ itemPrice.remove(index);
+ System.out.println(" Shopping Cart: Shopper "+ shopper +" .Total Items = "+totalItems +
+ " .TotalPrice = " + totalPrice);
+ }
+
+ public double getTotalCost() throws EJBException{
+ checkCallerPrincipal();
+ return totalPrice;
+ }
+
+ public String[] getItems() throws EJBException{
+ checkCallerPrincipal();
+ String[] itemNames = items.toArray(new String[0]);
+ return itemNames;
+ }
+
+ public void ejbActivate() {
+ System.out.println("In Rpa ejbActivate");
+ }
+
+
+ public void ejbPassivate() {
+ System.out.println("In Rpa ejbPassivate");
+ }
+
+
+ public void ejbRemove() {
+ System.out.println("In Rpa ejbRemove");
+ }
+
+
+ public void setSessionContext(javax.ejb.SessionContext sessionContext) {
+ sc = sessionContext;
+ }
+
+ private void checkCallerPrincipal() throws EJBException {
+ System.out.println("Caller Principal = "+sc.getCallerPrincipal() +
+ " comparing with " + principal);
+
+ if (!sc.isCallerInRole("STAFF") || !sc.isCallerInRole("MGR") ||
+ sc.isCallerInRole("ADMIN")) {
+ throw new EJBException("Principal should be a Employee, MGR and not ADMIN.");
+ }
+ if (!sc.getCallerPrincipal().getName().equals(principal)) {
+ throw new EJBException("Wrong Principal. Principal should be = "
+ + principal);
+ }
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/shopping/RpaHome.java b/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/shopping/RpaHome.java
new file mode 100644
index 0000000..73cf369
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/shopping/RpaHome.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+/*
+ * RpaHome.java
+ *
+ * Created on May 15, 2003, 5:21 PM
+ */
+
+package shopping;
+import javax.ejb.EJBHome;
+/**
+ *
+ * @author Harpreet Singh
+ */
+public interface RpaHome extends EJBHome{
+
+ public RpaRemote create(java.lang.String shopperName)
+ throws java.rmi.RemoteException, javax.ejb.CreateException;
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/shopping/RpaRemote.java b/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/shopping/RpaRemote.java
new file mode 100644
index 0000000..d5b1bb9
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/ldapRealmPerApp/shopping/RpaRemote.java
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+/*
+ * Rpa.java
+ *
+ * Created on May 15, 2003, 5:09 PM
+ */
+
+package shopping;
+import javax.ejb.EJBObject;
+/**
+ * Shopping Cart Stateful Session Bean. Just tests -Dj2eelogin.name
+ * -Dj2eelogin.password system properties.
+ * @author hsingh
+ */
+public interface RpaRemote extends EJBObject {
+
+ public void addItem(java.lang.String item, int price) throws java.rmi.RemoteException;
+
+ public void deleteItem(java.lang.String item) throws java.rmi.RemoteException;
+
+ public double getTotalCost() throws java.rmi.RemoteException;
+
+ public java.lang.String[] getItems() throws java.rmi.RemoteException;
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/mdb/build.properties b/appserver/tests/appserv-tests/devtests/security/mdb/build.properties
new file mode 100644
index 0000000..f22642f
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/mdb/build.properties
@@ -0,0 +1,35 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security-mdb"/>
+<property name="appname" value="${module}"/>
+<property name="assemble" value="${build.classes.dir}/archive"/>
+<property name="test.client"
+ value="Client"/>
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="sun-application.xml" value="descriptor/sun-application.xml"/>
+<property name="ejb-jar.xml" value="descriptor/ejb-jar.xml"/>
+<property name="sun-ejb-jar.xml" value="descriptor/sun-ejb-jar.xml"/>
+<property name="application-client.xml"
+ value="descriptor/application-client.xml"/>
+<property name="sun-application-client.xml"
+ value="descriptor/sun-application-client.xml"/>
+<property name="appclientjar.files" value="${build.classes.dir}"/>
+<property name="appclient.jar" value="${assemble.dir}/${appname}-client.jar"/>
+<property name="app.type" value="application"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/mdb/build.xml b/appserver/tests/appserv-tests/devtests/security/mdb/build.xml
new file mode 100644
index 0000000..97bee71
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/mdb/build.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../config/common.xml">
+<!ENTITY testproperties SYSTEM "file:./build.properties">
+]>
+
+<project name="ejb-ejb30-hello-mdbApp" default="usage" basedir=".">
+
+ &commonSetup;
+ &commonBuild;
+ &testproperties;
+
+ <target name="all" depends="clean,build,create-resources,deploy,run,undeploy,delete-resources"/>
+
+ <target name="clean" depends="init-common">
+ <antcall target="clean-common"/>
+ </target>
+
+ <target name="compile" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="ejb"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="client"/>
+ </antcall>
+ </target>
+
+ <target name="build" depends="compile">
+ <antcall target="build-ear-common">
+ <param name="ejbjar.classes"
+ value="**/*Bean*.class,**/*Hello*" />
+ <param name="appclientjar.classes"
+ value="**/*Client*.class" />
+ </antcall>
+ </target>
+
+ <target name="deploy"
+ depends="init-common">
+ <antcall target="deploy-common"/>
+ </target>
+
+ <target name="create-resources" depends="init-common">
+ <antcall target="asadmin-batch-common">
+ <param name="asadmin.file" value="create_resources.asadmin"/>
+ </antcall>
+ </target>
+
+ <target name="delete-resources" depends="init-common">
+ <antcall target="asadmin-batch-common">
+ <param name="asadmin.file" value="delete_resources.asadmin"/>
+ </antcall>
+ </target>
+
+ <target name="run" depends="init-common">
+ <antcall target="runclient-common">
+ <param name="appclient.application.args" value="1"/>
+ </antcall>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-common"/>
+ </target>
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ <echo>
+ ant create-resources Create all destinations and connection factories
+ ant delete-resources Delete all destinations and connection factories
+ </echo>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/mdb/client/Client.java b/appserver/tests/appserv-tests/devtests/security/mdb/client/Client.java
new file mode 100644
index 0000000..59b0111
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/mdb/client/Client.java
@@ -0,0 +1,143 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.mdb.client;
+
+import java.io.*;
+import java.util.*;
+import javax.ejb.EJBHome;
+import javax.jms.*;
+import javax.annotation.Resource;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+public class Client {
+
+ // in milli-seconds
+ private static long TIMEOUT = 90000;
+
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+
+ public static void main (String[] args) {
+ Client client = new Client(args);
+
+ stat.addDescription("security-mdb");
+ client.doTest();
+ stat.printSummary("security-mdbID");
+ System.exit(0);
+ }
+
+
+ @Resource(name="FooCF", mappedName="jms/security_mdb_QCF")
+ private static QueueConnectionFactory queueConFactory;
+
+ @Resource(name="MsgBeanQueue", mappedName="jms/security_mdb_InQueue")
+ private static javax.jms.Queue msgBeanQueue;
+
+// @Resource(name="ClientQueue", mappedName="foo")
+// private static javax.jms.Queue clientQueue;
+@Resource(name="ClientQueue", mappedName="jms/security_mdb_OutQueue")
+private static javax.jms.Queue clientQueue;
+
+
+ private QueueConnection queueCon;
+ private QueueSession queueSession;
+ private QueueSender queueSender;
+ private QueueReceiver queueReceiver;
+
+
+ private int numMessages = 2;
+ public Client(String[] args) {
+
+ if( args.length == 1 ) {
+ numMessages = new Integer(args[0]).intValue();
+ }
+ }
+
+ public void doTest() {
+ try {
+ setup();
+ doTest(numMessages);
+ stat.addStatus("cmt main", stat.PASS);
+ } catch(Throwable t) {
+ stat.addStatus("cmt main", stat.FAIL);
+ t.printStackTrace();
+ } finally {
+ cleanup();
+ }
+ }
+
+ public void setup() throws Exception {
+
+ queueCon = queueConFactory.createQueueConnection();
+
+ queueSession = queueCon.createQueueSession
+ (false, Session.AUTO_ACKNOWLEDGE);
+
+ // Producer will be specified when actual msg is sent.
+ queueSender = queueSession.createSender(null);
+
+ queueReceiver = queueSession.createReceiver(clientQueue);
+
+ queueCon.start();
+
+ }
+
+ public void cleanup() {
+ try {
+ if( queueCon != null ) {
+ queueCon.close();
+ }
+ } catch(Throwable t) {
+ t.printStackTrace();
+ }
+ }
+
+ public void sendMsgs(javax.jms.Queue queue, Message msg, int num)
+ throws JMSException {
+ for(int i = 0; i < num; i++) {
+ System.out.println("Sending message " + i + " to " + queue +
+ " at time " + System.currentTimeMillis());
+ queueSender.send(queue, msg);
+ System.out.println("Sent message " + i + " to " + queue +
+ " at time " + System.currentTimeMillis());
+ }
+ }
+
+ public void doTest(int num)
+ throws Exception {
+
+ Destination dest = msgBeanQueue;
+
+ Message message = queueSession.createTextMessage("foo");
+
+ message.setBooleanProperty("flag", true);
+ message.setIntProperty("num", 2);
+ sendMsgs((javax.jms.Queue) dest, message, num);
+
+/* System.out.println("Waiting for queue message");
+ Message recvdmessage = queueReceiver.receive(TIMEOUT);
+ if( recvdmessage != null ) {
+ System.out.println("Received message : " +
+ ((TextMessage)recvdmessage).getText());
+ } else {
+ System.out.println("timeout after " + TIMEOUT + " seconds");
+ throw new JMSException("timeout" + TIMEOUT + " seconds");
+ }*/
+ }
+}
+
diff --git a/appserver/tests/appserv-tests/devtests/security/mdb/client/MANIFEST.MF b/appserver/tests/appserv-tests/devtests/security/mdb/client/MANIFEST.MF
new file mode 100644
index 0000000..294bb1e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/mdb/client/MANIFEST.MF
@@ -0,0 +1,4 @@
+Manifest-Version: 1.0
+Created-By: 1.4.0-beta3 (Sun Microsystems Inc.)
+Main-Class: com.sun.s1asdev.security.mdb.client.Client
+Class-Path: reporter.jar
diff --git a/appserver/tests/appserv-tests/devtests/security/mdb/create_resources.asadmin b/appserver/tests/appserv-tests/devtests/security/mdb/create_resources.asadmin
new file mode 100644
index 0000000..c2f199c
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/mdb/create_resources.asadmin
@@ -0,0 +1,11 @@
+create-jms-resource --restype javax.jms.QueueConnectionFactory jms/security_mdb_QCF
+
+
+create-jmsdest --desttype queue security_mdb_InQueue
+create-jms-resource --restype javax.jms.Queue --property imqDestinationName=security_mdb__mdb_InQueue jms/security_mdb_InQueue
+
+
+create-jmsdest --desttype queue security_mdb_OutQueue
+create-jms-resource --restype javax.jms.Queue --property imqDestinationName=security_mdb_OutQueue jms/security_mdb_OutQueue
+
+quit
diff --git a/appserver/tests/appserv-tests/devtests/security/mdb/delete_resources.asadmin b/appserver/tests/appserv-tests/devtests/security/mdb/delete_resources.asadmin
new file mode 100644
index 0000000..0c43fc3
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/mdb/delete_resources.asadmin
@@ -0,0 +1,9 @@
+delete-jms-resource jms/security_mdb_QCF
+
+delete-jms-resource jms/security_mdb_InQueue
+delete-jmsdest --desttype queue security_mdb_InQueue
+
+delete-jms-resource jms/security_mdb_OutQueue
+delete-jmsdest --desttype queue security_mdb_OutQueue
+
+quit
diff --git a/appserver/tests/appserv-tests/devtests/security/mdb/descriptor/application.xml b/appserver/tests/appserv-tests/devtests/security/mdb/descriptor/application.xml
new file mode 100644
index 0000000..879d661
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/mdb/descriptor/application.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="5" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/application_5.xsd">
+ <display-name>security-mdbApp</display-name>
+ <module>
+ <ejb>security-mdb-ejb.jar</ejb>
+ </module>
+ <module>
+ <java>security-mdb-client.jar</java>
+ </module>
+</application>
diff --git a/appserver/tests/appserv-tests/devtests/security/mdb/descriptor/sun-application-client.xml b/appserver/tests/appserv-tests/devtests/security/mdb/descriptor/sun-application-client.xml
new file mode 100644
index 0000000..5120dcf
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/mdb/descriptor/sun-application-client.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application-client PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Application Client 5.0//EN" "http://www.sun.com/software/appserver/dtds/sun-application-client_5_0-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application-client>
+ <message-destination-ref>
+ <message-destination-ref-name>ClientQueue</message-destination-ref-name>
+ <jndi-name>jms/security_mdb_OutQueue</jndi-name>
+ </message-destination-ref>
+</sun-application-client>
diff --git a/appserver/tests/appserv-tests/devtests/security/mdb/descriptor/sun-application.xml b/appserver/tests/appserv-tests/devtests/security/mdb/descriptor/sun-application.xml
new file mode 100644
index 0000000..43fbb58
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/mdb/descriptor/sun-application.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application PUBLIC "-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 J2EE Application 1.4//EN" "http://www.sun.com/software/sunone/appserver/dtds/sun-application_1_4-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application>
+ <unique-id>0</unique-id>
+ <security-role-mapping>
+ <role-name>javaee</role-name>
+ <principal-name>javaee</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>ejbuser</role-name>
+ <principal-name>ejbuser</principal-name>
+ </security-role-mapping>
+</sun-application>
diff --git a/appserver/tests/appserv-tests/devtests/security/mdb/ejb/Hello1.java b/appserver/tests/appserv-tests/devtests/security/mdb/ejb/Hello1.java
new file mode 100644
index 0000000..876f0ab
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/mdb/ejb/Hello1.java
@@ -0,0 +1,23 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.mdb;
+
+public interface Hello1 {
+
+ public void hello(String s);
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/mdb/ejb/Hello2.java b/appserver/tests/appserv-tests/devtests/security/mdb/ejb/Hello2.java
new file mode 100644
index 0000000..b9e14c4
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/mdb/ejb/Hello2.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.mdb;
+
+public interface Hello2 extends java.io.Serializable {
+
+ public void hello(String s);
+
+ public void removeMethod();
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/mdb/ejb/HelloStateful.java b/appserver/tests/appserv-tests/devtests/security/mdb/ejb/HelloStateful.java
new file mode 100644
index 0000000..f20c25d
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/mdb/ejb/HelloStateful.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.mdb;
+
+import javax.annotation.security.RolesAllowed;
+
+import javax.ejb.Stateful;
+import javax.ejb.Remove;
+import javax.annotation.PreDestroy;
+
+// Hello1 interface is not annotated with @Local. If the
+// bean only implements one interface it is assumed to be
+// a local business interface.
+@Stateful(description="my stateful bean description")
+public class HelloStateful implements Hello2 {
+
+ private String msg;
+
+ @RolesAllowed("ejbuser")
+ public void hello(String s) {
+ msg = s;
+ System.out.println("HelloStateful: " + s);
+ }
+
+ @Remove public void removeMethod() {
+ System.out.println("Business method marked with @Remove called in " +
+ msg);
+ }
+ @PreDestroy public void myPreDestroyMethod() {
+ System.out.println("PRE-DESTROY callback received in " + msg);
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/mdb/ejb/HelloStateless.java b/appserver/tests/appserv-tests/devtests/security/mdb/ejb/HelloStateless.java
new file mode 100644
index 0000000..2ff7d02
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/mdb/ejb/HelloStateless.java
@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.mdb;
+
+import javax.annotation.security.RolesAllowed;
+import javax.ejb.Stateless;
+
+// Hello1 interface is not annotated with @Local. If the
+// bean only implements one interface it is assumed to be
+// a local business interface.
+@Stateless(description="my stateless bean description")
+public class HelloStateless implements Hello1 {
+
+ @RolesAllowed("javaee")
+ public void hello(String s) {
+ System.out.println("HelloStateless: " + s);
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/mdb/ejb/MessageBean.java b/appserver/tests/appserv-tests/devtests/security/mdb/ejb/MessageBean.java
new file mode 100644
index 0000000..c71d098
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/mdb/ejb/MessageBean.java
@@ -0,0 +1,102 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.mdb;
+
+import javax.ejb.AccessLocalException;
+import javax.ejb.MessageDriven;
+import javax.ejb.EJBException;
+import javax.ejb.NoSuchEJBException;
+import javax.ejb.EJB;
+import javax.ejb.TransactionManagement;
+import javax.ejb.TransactionManagementType;
+import javax.ejb.ActivationConfigProperty;
+
+import javax.jms.MessageListener;
+import javax.jms.Message;
+import javax.jms.Queue;
+import javax.jms.QueueConnectionFactory;
+import javax.jms.QueueConnection;
+import javax.jms.QueueSession;
+import javax.jms.QueueSender;
+import javax.jms.TextMessage;
+import javax.jms.Session;
+
+import javax.annotation.Resource;
+import javax.annotation.security.RunAs;
+
+@TransactionManagement(TransactionManagementType.BEAN)
+@MessageDriven(mappedName="jms/security_mdb_InQueue", description="mymessagedriven bean description")
+@RunAs("javaee")
+
+ public class MessageBean implements MessageListener {
+
+ @EJB private Hello1 hello1;
+ @EJB private Hello2 hello2;
+
+ @Resource(name="jms/MyQueueConnectionFactory",
+ mappedName="jms/security_mdb_QCF")
+ QueueConnectionFactory qcFactory;
+
+ @Resource(mappedName="jms/security_mdb_OutQueue") Queue clientQueue;
+
+ public void onMessage(Message message) {
+ System.out.println("Got message!!!");
+
+ QueueConnection connection = null;
+ try {
+
+ System.out.println("Calling hello1 stateless bean");
+ hello1.hello("local ejb3.0 stateless");
+
+ try {
+ System.out.println("Calling hello2 stateful bean");
+ hello2.hello("local ejb3.0 stateful");
+ throw new IllegalStateException("Illegal Access of hello2");
+ } catch(AccessLocalException ex) {
+ System.out.println("Expected Exception: " + ex);
+ }
+
+ hello2.removeMethod();
+
+ connection = qcFactory.createQueueConnection();
+ QueueSession session = connection.createQueueSession(false,
+ Session.AUTO_ACKNOWLEDGE);
+ QueueSender sender = session.createSender(clientQueue);
+ connection.start();
+
+ TextMessage tmessage = session.createTextMessage();
+ tmessage.setText("mdb() invoked");
+ System.out.println("Sending message");
+ sender.send(tmessage);
+ System.out.println("message sent");
+ connection.close();
+
+ } catch(Exception e) {
+ e.printStackTrace();
+ } finally {
+ try {
+ if(connection != null) {
+ connection.close();
+ }
+ } catch(Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/build.properties b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/build.properties
new file mode 100644
index 0000000..c5f46a4
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/build.properties
@@ -0,0 +1,42 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security-multirolemapping"/>
+<property name="appname" value="${module}"/>
+<property name="assemble" value="${build.classes.dir}/archive"/>
+<!--
+<property name="test.client"
+ value="com.sun.s1asdev.security.anyone.client.Client"/>
+-->
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="sun-application.xml" value="descriptor/sun-application.xml"/>
+<property name="ejb-jar1.xml" value="descriptor/ejb-jar1.xml"/>
+<property name="sun-ejb-jar1.xml" value="descriptor/sun-ejb-jar1.xml"/>
+<property name="ejb-jar2.xml" value="descriptor/ejb-jar2.xml"/>
+<property name="sun-ejb-jar2.xml" value="descriptor/sun-ejb-jar2.xml"/>
+<property name="web.xml" value="descriptor/web.xml"/>
+<!--
+<property name="application-client.xml"
+ value="descriptor/application-client.xml"/>
+<property name="sun-application-client.xml"
+ value="descriptor/sun-application-client.xml"/>
+<property name="appclientjar.files" value="${build.classes.dir}"/>
+<property name="appclient.jar" value="${assemble.dir}/${appname}-client.jar"/>
+-->
+<property name="app.type" value="application"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/build.xml b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/build.xml
new file mode 100644
index 0000000..debf6cf
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/build.xml
@@ -0,0 +1,576 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../config/common.xml">
+<!ENTITY commonSecurity SYSTEM "file:../common.xml">
+<!ENTITY testproperties SYSTEM "file:./build.properties">
+]>
+
+<project name="security-multirolemapping" default="usage" basedir=".">
+
+ &commonSetup;
+ &commonBuild;
+ &testproperties;
+ &commonSecurity;
+
+ <target name="all" depends="clean, setup, build, deploy, run, undeploy, unsetup"/>
+
+ <target name="clean" depends="init-common">
+ <antcall target="clean-common"/>
+ </target>
+
+ <target name="setup" depends="init-common">
+ <!-- see readme for list of how all the users are used -->
+ <antcall target="create-user-common">
+ <param name="user" value="r1p1"/>
+ <param name="password" value="javaee"/>
+ <param name="groups" value="abc"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="r1p2"/>
+ <param name="password" value="javaee"/>
+ <param name="groups" value="abc"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="r1p3"/>
+ <param name="password" value="javaee"/>
+ <param name="groups" value="abc"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="r1g1user"/>
+ <param name="password" value="javaee"/>
+ <param name="groups" value="r1g1"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="r2p1"/>
+ <param name="password" value="javaee"/>
+ <param name="groups" value="abc"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="r2p2"/>
+ <param name="password" value="javaee"/>
+ <param name="groups" value="abc"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="r2g1user"/>
+ <param name="password" value="javaee"/>
+ <param name="groups" value="r2g1"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="r2g2user"/>
+ <param name="password" value="javaee"/>
+ <param name="groups" value="r2g2"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="r2g3user"/>
+ <param name="password" value="javaee"/>
+ <param name="groups" value="r2g3"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="r3p1"/>
+ <param name="password" value="javaee"/>
+ <param name="groups" value="abc"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="r3p2"/>
+ <param name="password" value="javaee"/>
+ <param name="groups" value="abc"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="r3g1user"/>
+ <param name="password" value="javaee"/>
+ <param name="groups" value="r3g1"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="r4p1"/>
+ <param name="password" value="javaee"/>
+ <param name="groups" value="abc"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="r4g1user"/>
+ <param name="password" value="javaee"/>
+ <param name="groups" value="r4g1"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="r5p1"/>
+ <param name="password" value="javaee"/>
+ <param name="groups" value="abc"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="r5p2"/>
+ <param name="password" value="javaee"/>
+ <param name="groups" value="abc"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="r5g1user"/>
+ <param name="password" value="javaee"/>
+ <param name="groups" value="r5g1"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="r6p1"/>
+ <param name="password" value="javaee"/>
+ <param name="groups" value="abc"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="r6p2"/>
+ <param name="password" value="javaee"/>
+ <param name="groups" value="abc"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="r6g1user"/>
+ <param name="password" value="javaee"/>
+ <param name="groups" value="r6g1"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="r7p1"/>
+ <param name="password" value="javaee"/>
+ <param name="groups" value="abc"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="r7p2"/>
+ <param name="password" value="javaee"/>
+ <param name="groups" value="abc"/>
+ </antcall>
+
+ <!-- <antcall target="reconfig-common"/>-->
+ </target>
+
+ <target name="unsetup" depends="init-common">
+ <antcall target="delete-user-common">
+ <param name="user" value="r1p1"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="r1p2"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="r1p3"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="r1g1user"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="r2p1"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="r2p2"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="r2g1user"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="r2g2user"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="r2g3user"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="r3p1"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="r3p2"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="r3g1user"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="r4p1"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="r4g1user"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="r5p1"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="r5p2"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="r5g1user"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="r6p1"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="r6p2"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="r6g1user"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="r7p1"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="r7p2"/>
+ </antcall>
+ </target>
+
+ <target name="compile" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="ejb1"/>
+ <param name="build.classes.dir" value="${build.classes.dir}/nonweb1"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="ejb2"/>
+ <param name="build.classes.dir" value="${build.classes.dir}/nonweb2"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="web"/>
+ <param name="build.classes.dir" value="${build.classes.dir}/web"/>
+ <!-- overriding classpath to include classes from ejb modules -->
+ <param name="s1astest.classpath"
+ value="${s1astest.classpath}:${build.classes.dir}/nonweb1:${build.classes.dir}/nonweb2"/>
+ </antcall>
+ <!-- Am leaving in the commented appclient fragments to add
+ an appclient test later. -->
+ <!--
+ <antcall target="compile-common">
+ <param name="src" value="client"/>
+ <param name="build.classes.dir" value="${build.classes.dir}/nonweb"/>
+ </antcall>
+ -->
+ </target>
+
+ <target name="build" depends="compile">
+ <mkdir dir="${assemble.dir}"/>
+ <mkdir dir="${build.classes.dir}/META-INF"/>
+
+ <antcall target="package-ejbjar-common">
+ <param name="ejbjar.files" value="${build.classes.dir}/nonweb1"/>
+ <param name="ejb.jar" value="${assemble.dir}/${appname}1-ejb.jar"/>
+ <param name="ejbjar.classes" value="com/sun/**/ejb1/*.class"/>
+ <param name="sun-ejb-jar.xml" value="${sun-ejb-jar1.xml}"/>
+ </antcall>
+ <antcall target="package-ejbjar-common">
+ <param name="ejbjar.files" value="${build.classes.dir}/nonweb2"/>
+ <param name="ejb.jar" value="${assemble.dir}/${appname}2-ejb.jar"/>
+ <param name="ejbjar.classes" value="com/sun/**/ejb2/*.class"/>
+ <param name="sun-ejb-jar.xml" value="${sun-ejb-jar2.xml}"/>
+ </antcall>
+ <antcall target="package-war-common">
+ <param name="war.classes" value="${build.classes.dir}/web"/>
+ <param name="war.file" value="${assemble.dir}/${appname}-web.war"/>
+ <param name="sun-web.xml" value="descriptor/sun-web.xml"/>
+ </antcall>
+
+ <!--
+ <antcall target="package-appclientjar-common">
+ <param name="appclientjar.files" value="${build.classes.dir}/nonweb"/>
+ <param name="appclient.jar"
+ value="${assemble.dir}/${appname}-client.jar"/>
+ <param name="appclientjar.classes"
+ value="com/sun/**/client/*.class,com/sun/**/ejb/Hello.class"/>
+ </antcall>
+ -->
+
+ <copy file="${application.xml}" tofile="${build.classes.dir}/META-INF/application.xml" failonerror="false"/>
+ <copy file="${sun-application.xml}" tofile="${build.classes.dir}/META-INF/sun-application.xml" failonerror="false"/>
+ <jar jarfile="${assemble.dir}/${appname}App.ear">
+ <fileset dir="${assemble.dir}">
+ <include name="*.jar"/>
+ <include name="*.war"/>
+ </fileset>
+ <fileset dir="${build.classes.dir}">
+ <include name="META-INF/application.xml"/>
+ <include name="META-INF/sun-application.xml"/>
+ </fileset>
+ <fileset dir="${env.APS_HOME}/lib" includes="reporter.jar"/>
+ </jar>
+
+ <copy file="${sun-application.xml}" tofile="${build.classes.dir}/META-INF/sun-application.xml" failonerror="false"/>
+ <jar jarfile="${assemble.dir}/${appname}App.ear">
+ <fileset dir="${assemble.dir}">
+ <include name="*.jar"/>
+ <include name="*.war"/>
+ </fileset>
+ <fileset dir="${build.classes.dir}">
+ <include name="META-INF/sun-application.xml"/>
+ </fileset>
+ </jar>
+ </target>
+
+ <target name="deploy" depends="init-common">
+ <antcall target="deploy-common"/>
+ </target>
+
+ <!-- see readme for explanation of test cases -->
+ <target name="run" depends="init-common">
+ <!--
+ <exec executable="${APPCLIENT}">
+ <arg line="-client" />
+ <arg line="${assemble.dir}/${appname}AppClient.jar"/>
+ <arg line="-textauth"/>
+ <arg line="-user"/>
+ <arg line="javaee"/>
+ <arg line="-password"/>
+ <arg line="javaee"/>
+ <arg line="${http.host} ${http.port}"/>
+ </exec>
+ -->
+
+ <antcall target="runweb">
+ <param name="servlet" value="role1"/>
+ <param name="webuser" value="r1p1"/>
+ <param name="webpassword" value="javaee"/>
+ <param name="httpMethod" value="GET"/>
+ <param name="goldenfile" value="goldenfiles/role1.html"/>
+ <param name="testcaseid" value="user-auth-r1p1"/>
+ </antcall>
+ <antcall target="runweb">
+ <param name="servlet" value="role1"/>
+ <param name="webuser" value="r1p2"/>
+ <param name="webpassword" value="javaee"/>
+ <param name="httpMethod" value="GET"/>
+ <param name="goldenfile" value="goldenfiles/role1.html"/>
+ <param name="testcaseid" value="user-auth-r1p2"/>
+ </antcall>
+ <antcall target="runweb-403">
+ <param name="servlet" value="role1"/>
+ <param name="webuser" value="r1p3"/>
+ <param name="webpassword" value="javaee"/>
+ <param name="httpMethod" value="GET"/>
+ <param name="testcaseid" value="user-auth-r1p3-fail"/>
+ </antcall>
+ <antcall target="runweb-403">
+ <param name="servlet" value="role1"/>
+ <param name="webuser" value="r2p1"/>
+ <param name="webpassword" value="javaee"/>
+ <param name="httpMethod" value="GET"/>
+ <param name="testcaseid" value="user-auth-r2p1-fail"/>
+ </antcall>
+ <antcall target="runweb-403">
+ <param name="servlet" value="role1"/>
+ <param name="webuser" value="r1g1user"/>
+ <param name="webpassword" value="javaee"/>
+ <param name="httpMethod" value="GET"/>
+ <param name="testcaseid" value="user-auth-r1g1user-fail"/>
+ </antcall>
+ <antcall target="runweb">
+ <param name="servlet" value="role2"/>
+ <param name="webuser" value="r2p1"/>
+ <param name="webpassword" value="javaee"/>
+ <param name="httpMethod" value="GET"/>
+ <param name="goldenfile" value="goldenfiles/role2.html"/>
+ <param name="testcaseid" value="user-auth-r2p1"/>
+ </antcall>
+ <antcall target="runweb">
+ <param name="servlet" value="role2"/>
+ <param name="webuser" value="r2g1user"/>
+ <param name="webpassword" value="javaee"/>
+ <param name="httpMethod" value="GET"/>
+ <param name="goldenfile" value="goldenfiles/role2.html"/>
+ <param name="testcaseid" value="user-auth-r2g1user"/>
+ </antcall>
+ <antcall target="runweb">
+ <param name="servlet" value="role2"/>
+ <param name="webuser" value="r2g2user"/>
+ <param name="webpassword" value="javaee"/>
+ <param name="httpMethod" value="GET"/>
+ <param name="goldenfile" value="goldenfiles/role2.html"/>
+ <param name="testcaseid" value="user-auth-r2g2user"/>
+ </antcall>
+ <antcall target="runweb-403">
+ <param name="servlet" value="role2"/>
+ <param name="webuser" value="r2p2"/>
+ <param name="webpassword" value="javaee"/>
+ <param name="httpMethod" value="GET"/>
+ <param name="testcaseid" value="user-auth-r2p2-fail"/>
+ </antcall>
+ <antcall target="runweb-403">
+ <param name="servlet" value="role2"/>
+ <param name="webuser" value="r2g3user"/>
+ <param name="webpassword" value="javaee"/>
+ <param name="httpMethod" value="GET"/>
+ <param name="testcaseid" value="user-auth-r2g3user-fail"/>
+ </antcall>
+ <antcall target="runweb-403">
+ <param name="servlet" value="role2"/>
+ <param name="webuser" value="r1p1"/>
+ <param name="webpassword" value="javaee"/>
+ <param name="httpMethod" value="GET"/>
+ <param name="testcaseid" value="user-auth-r1p1-fail"/>
+ </antcall>
+ <antcall target="runweb">
+ <param name="servlet" value="role3"/>
+ <param name="webuser" value="r3p1"/>
+ <param name="webpassword" value="javaee"/>
+ <param name="httpMethod" value="GET"/>
+ <param name="goldenfile" value="goldenfiles/role3.html"/>
+ <param name="testcaseid" value="user-auth-r3p1"/>
+ </antcall>
+ <antcall target="runweb">
+ <param name="servlet" value="role3"/>
+ <param name="webuser" value="r3g1user"/>
+ <param name="webpassword" value="javaee"/>
+ <param name="httpMethod" value="GET"/>
+ <param name="goldenfile" value="goldenfiles/role3.html"/>
+ <param name="testcaseid" value="user-auth-r3g1user"/>
+ </antcall>
+ <antcall target="runweb-403">
+ <param name="servlet" value="role3"/>
+ <param name="webuser" value="r3p2"/>
+ <param name="webpassword" value="javaee"/>
+ <param name="httpMethod" value="GET"/>
+ <param name="testcaseid" value="user-auth-r3p2-fail"/>
+ </antcall>
+ <antcall target="runweb">
+ <param name="servlet" value="role4"/>
+ <param name="webuser" value="r4p1"/>
+ <param name="webpassword" value="javaee"/>
+ <param name="httpMethod" value="GET"/>
+ <param name="goldenfile" value="goldenfiles/role4.html"/>
+ <param name="testcaseid" value="user-auth-r4p1"/>
+ </antcall>
+ <antcall target="runweb">
+ <param name="servlet" value="role4"/>
+ <param name="webuser" value="r4g1user"/>
+ <param name="webpassword" value="javaee"/>
+ <param name="httpMethod" value="GET"/>
+ <param name="goldenfile" value="goldenfiles/role4.html"/>
+ <param name="testcaseid" value="user-auth-r4g1user"/>
+ </antcall>
+ <antcall target="runweb-403">
+ <param name="servlet" value="role5"/>
+ <param name="webuser" value="r5p1"/>
+ <param name="webpassword" value="javaee"/>
+ <param name="httpMethod" value="GET"/>
+ <param name="testcaseid" value="user-auth-r5p1-fail"/>
+ </antcall>
+ <antcall target="runweb-403">
+ <param name="servlet" value="role5"/>
+ <param name="webuser" value="r5p2"/>
+ <param name="webpassword" value="javaee"/>
+ <param name="httpMethod" value="GET"/>
+ <param name="testcaseid" value="user-auth-r5p2-fail"/>
+ </antcall>
+ <antcall target="runweb-403">
+ <param name="servlet" value="role5"/>
+ <param name="webuser" value="r5g1user"/>
+ <param name="webpassword" value="javaee"/>
+ <param name="httpMethod" value="GET"/>
+ <param name="testcaseid" value="user-auth-r5g1user-fail"/>
+ </antcall>
+ <antcall target="runweb-403">
+ <param name="servlet" value="role6"/>
+ <param name="webuser" value="r6p1"/>
+ <param name="webpassword" value="javaee"/>
+ <param name="httpMethod" value="GET"/>
+ <param name="testcaseid" value="user-auth-r6p1-fail"/>
+ </antcall>
+ <antcall target="runweb-403">
+ <param name="servlet" value="role6"/>
+ <param name="webuser" value="r6p2"/>
+ <param name="webpassword" value="javaee"/>
+ <param name="httpMethod" value="GET"/>
+ <param name="testcaseid" value="user-auth-r6p2-fail"/>
+ </antcall>
+ <antcall target="runweb-403">
+ <param name="servlet" value="role6"/>
+ <param name="webuser" value="r6g1user"/>
+ <param name="webpassword" value="javaee"/>
+ <param name="httpMethod" value="GET"/>
+ <param name="testcaseid" value="user-auth-r6g1user-fail"/>
+ </antcall>
+ <antcall target="runweb">
+ <param name="servlet" value="role7"/>
+ <param name="webuser" value="r7p1"/>
+ <param name="webpassword" value="javaee"/>
+ <param name="httpMethod" value="GET"/>
+ <param name="goldenfile" value="goldenfiles/role7.html"/>
+ <param name="testcaseid" value="user-auth-r7p1"/>
+ </antcall>
+ <antcall target="runweb">
+ <param name="servlet" value="role7"/>
+ <param name="webuser" value="r7p2"/>
+ <param name="webpassword" value="javaee"/>
+ <param name="httpMethod" value="GET"/>
+ <param name="goldenfile" value="goldenfiles/role7.html"/>
+ <param name="testcaseid" value="user-auth-r7p2"/>
+ </antcall>
+ </target>
+
+ <target name="runweb" depends="init-common">
+ <taskdef name="webtest" classname="${webtest.classname}"
+ classpath="${webtest.classpath}" />
+ <webtest request="${httpMethod} /security-multirolemapping/${servlet} HTTP/1.0"
+ debug="9"
+ host="${http.host}"
+ port="${http.port}"
+ authMethod="BASIC"
+ userName="${webuser}"
+ password="${webpassword}"
+ firstTask="true"
+ lastTest="true"
+ lastCase="true"
+ lastTask="true"
+ resultFileName="${webtest.report.dir}/security-gtest-results.xml"
+ testSession="security-multirolemapping"
+ requestHeaders="Host:${http.host}:${http.port}"
+ goldenFile="${env.APS_HOME}/devtests/security/multiRoleMapping/${goldenfile}"
+ testSuiteId="security-multirolemapping"
+ testSuiteName="security-multirolemapping"
+ testSuiteDescription="Security Test"
+ testId="security-multirolemapping"
+ testName="security-multirolemapping"
+ testDescription="Testing role mapping: ${testcaseid}"
+ testCaseId="${testcaseid}"
+ testCaseName="${testcaseid}"
+ testCaseDescription="Testing role mapping"
+ testStrategy="Testing role mapping"/>
+ </target>
+
+ <target name="runweb-403" depends="init-common">
+ <taskdef name="webtest" classname="${webtest.classname}"
+ classpath="${webtest.classpath}" />
+ <webtest request="${httpMethod} /security-multirolemapping/${servlet} HTTP/1.0"
+ debug="9"
+ host="${http.host}"
+ port="${http.port}"
+ authMethod="BASIC"
+ userName="${webuser}"
+ password="${webpassword}"
+ firstTask="true"
+ lastTest="true"
+ lastCase="true"
+ lastTask="true"
+ resultFileName="${webtest.report.dir}/security-gtest-results.xml"
+ testSession="security-multirolemapping"
+ requestHeaders="Host:${http.host}:${http.port}"
+ returnCode="HTTP/1.1 403"
+ testSuiteId="security-multirolemapping"
+ testSuiteName="security-multirolemapping"
+ testSuiteDescription="Security Test"
+ testId="security-multirolemapping"
+ testName="security-multirolemapping"
+ testDescription="Testing mapping disabled: ${testcaseid}"
+ testCaseId="${testcaseid}"
+ testCaseName="${testcaseid}"
+ testCaseDescription="Testing mapping disabled"
+ testStrategy="Testing mapping disabled"/>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-common"/>
+ </target>
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/descriptor/application.xml b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/descriptor/application.xml
new file mode 100644
index 0000000..2892af9
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/descriptor/application.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application version="5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/application_5.xsd">
+ <display-name>security-multirolemapping</display-name>
+ <module>
+ <web>
+ <web-uri>security-multirolemapping-web.war</web-uri>
+ <context-root>/security-multirolemapping</context-root>
+ </web>
+ </module>
+ <module>
+ <ejb>security-multirolemapping1-ejb.jar</ejb>
+ </module>
+ <module>
+ <ejb>security-multirolemapping2-ejb.jar</ejb>
+ </module>
+</application>
diff --git a/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/descriptor/sun-application.xml b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/descriptor/sun-application.xml
new file mode 100644
index 0000000..d63bb93
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/descriptor/sun-application.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Java EE Application 5.0//EN" "http://www.sun.com/software/appserver/dtds/sun-application_5_0-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application>
+
+ <!-- See readme for an explanation of all the
+ security role mappings in this file and
+ the ejb and web module files. -->
+ <security-role-mapping>
+ <role-name>role1</role-name>
+ <principal-name>r1p1</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>role1</role-name>
+ <principal-name>r1p2</principal-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>role2</role-name>
+ <principal-name>r2p1</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>role2</role-name>
+ <group-name>r2g1</group-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>role2</role-name>
+ <group-name>r2g2</group-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>role3</role-name>
+ <principal-name>r3p1</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>role3</role-name>
+ <group-name>r3g1</group-name>
+ </security-role-mapping>
+
+</sun-application>
diff --git a/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/descriptor/sun-ejb-jar1.xml b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/descriptor/sun-ejb-jar1.xml
new file mode 100644
index 0000000..84dbee8
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/descriptor/sun-ejb-jar1.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 EJB 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-ejb-jar_3_0-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-ejb-jar>
+ <enterprise-beans>
+ <ejb>
+ <ejb-name>MessageBean1</ejb-name>
+ </ejb>
+ </enterprise-beans>
+
+ <security-role-mapping>
+ <role-name>role1</role-name>
+ <principal-name>r1p1</principal-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>role2</role-name>
+ <principal-name>r2p2</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>role2</role-name>
+ <group-name>r2g3</group-name>
+ </security-role-mapping>
+
+ <!-- no mapping for role 3 -->
+
+ <security-role-mapping>
+ <role-name>role4</role-name>
+ <principal-name>r4p1</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>role4</role-name>
+ <group-name>r4g1</group-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>role5</role-name>
+ <principal-name>r5p1</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>role5</role-name>
+ <group-name>r5g1</group-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>role6</role-name>
+ <principal-name>r6p1</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>role6</role-name>
+ <principal-name>r6p2</principal-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>role7</role-name>
+ <principal-name>r7p1</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>role7</role-name>
+ <principal-name>r7p2</principal-name>
+ </security-role-mapping>
+</sun-ejb-jar>
diff --git a/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/descriptor/sun-ejb-jar2.xml b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/descriptor/sun-ejb-jar2.xml
new file mode 100644
index 0000000..69dc32a
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/descriptor/sun-ejb-jar2.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 EJB 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-ejb-jar_3_0-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-ejb-jar>
+ <enterprise-beans>
+ <ejb>
+ <ejb-name>MessageBean2</ejb-name>
+ </ejb>
+ </enterprise-beans>
+
+ <security-role-mapping>
+ <role-name>role1</role-name>
+ <principal-name>r1p1</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>role1</role-name>
+ <principal-name>r1p2</principal-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>role2</role-name>
+ <group-name>r2g1</group-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>role2</role-name>
+ <group-name>r2g2</group-name>
+ </security-role-mapping>
+
+ <!-- no mapping for role 3 -->
+
+ <security-role-mapping>
+ <role-name>role4</role-name>
+ <principal-name>r4p1</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>role4</role-name>
+ <group-name>r4g1</group-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>role5</role-name>
+ <principal-name>r5p1</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>role5</role-name>
+ <principal-name>r5p2</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>role5</role-name>
+ <group-name>r5g1</group-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>role6</role-name>
+ <principal-name>r6p1</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>role6</role-name>
+ <group-name>r6g1</group-name>
+ </security-role-mapping>
+
+ <!-- no mapping for role 7 -->
+
+</sun-ejb-jar>
diff --git a/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/descriptor/sun-web.xml b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/descriptor/sun-web.xml
new file mode 100644
index 0000000..629ac28
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/descriptor/sun-web.xml
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Servlet 2.5//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-web-app error-url="">
+ <context-root>/security-multirolemapping</context-root>
+ <class-loader delegate="true"/>
+ <jsp-config>
+ <property name="classdebuginfo" value="true">
+ <description>Enable debug info compilation in the generated servlet class</description>
+ </property>
+ <property name="mappedfile" value="true">
+ <description>Maintain a one-to-one correspondence between static content and the generated servlet class' java code</description>
+ </property>
+ </jsp-config>
+
+ <security-role-mapping>
+ <role-name>role1</role-name>
+ <principal-name>r1p1</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>role1</role-name>
+ <principal-name>r1p2</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>role1</role-name>
+ <principal-name>r1p3</principal-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>role2</role-name>
+ <principal-name>r2p2</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>role2</role-name>
+ <group-name>r2g1</group-name>
+ </security-role-mapping>
+
+ <!-- no mapping for role 3 -->
+
+ <security-role-mapping>
+ <role-name>role4</role-name>
+ <principal-name>r4p1</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>role4</role-name>
+ <group-name>r4g1</group-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>role5</role-name>
+ <principal-name>r5p1</principal-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>role6</role-name>
+ <principal-name>r6p1</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>role6</role-name>
+ <group-name>r6g1</group-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>role7</role-name>
+ <principal-name>r7p1</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>role7</role-name>
+ <principal-name>r7p2</principal-name>
+ </security-role-mapping>
+
+</sun-web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/descriptor/web.xml b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/descriptor/web.xml
new file mode 100644
index 0000000..4a72ee2
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/descriptor/web.xml
@@ -0,0 +1,154 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
+ <servlet>
+ <servlet-name>WebTest</servlet-name>
+ <servlet-class>com.sun.s1asdev.security.multiRoleMapping.web.WebTest</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>WebTest</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+ <session-config>
+
+ <session-timeout>
+ 30
+ </session-timeout>
+ </session-config>
+
+ <security-constraint>
+ <display-name>constraint-role1</display-name>
+ <web-resource-collection>
+ <web-resource-name>WebTestServlet</web-resource-name>
+ <description/>
+ <url-pattern>/role1</url-pattern>
+ <http-method>GET</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <description/>
+ <role-name>role1</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <security-constraint>
+ <display-name>constraint-role2</display-name>
+ <web-resource-collection>
+ <web-resource-name>WebTestServlet</web-resource-name>
+ <description/>
+ <url-pattern>/role2</url-pattern>
+ <http-method>GET</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <description/>
+ <role-name>role2</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <security-constraint>
+ <display-name>constraint-role3</display-name>
+ <web-resource-collection>
+ <web-resource-name>WebTestServlet</web-resource-name>
+ <description/>
+ <url-pattern>/role3</url-pattern>
+ <http-method>GET</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <description/>
+ <role-name>role3</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <security-constraint>
+ <display-name>constraint-role4</display-name>
+ <web-resource-collection>
+ <web-resource-name>WebTestServlet</web-resource-name>
+ <description/>
+ <url-pattern>/role4</url-pattern>
+ <http-method>GET</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <description/>
+ <role-name>role4</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <security-constraint>
+ <display-name>constraint-role5</display-name>
+ <web-resource-collection>
+ <web-resource-name>WebTestServlet</web-resource-name>
+ <description/>
+ <url-pattern>/role5</url-pattern>
+ <http-method>GET</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <description/>
+ <role-name>role5</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <security-constraint>
+ <display-name>constraint-role6</display-name>
+ <web-resource-collection>
+ <web-resource-name>WebTestServlet</web-resource-name>
+ <description/>
+ <url-pattern>/role6</url-pattern>
+ <http-method>GET</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <description/>
+ <role-name>role6</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <security-constraint>
+ <display-name>constraint-role7</display-name>
+ <web-resource-collection>
+ <web-resource-name>WebTestServlet</web-resource-name>
+ <description/>
+ <url-pattern>/role7</url-pattern>
+ <http-method>GET</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <description/>
+ <role-name>role7</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ </login-config>
+
+ <security-role>
+ <role-name>role1</role-name>
+ </security-role>
+ <security-role>
+ <role-name>role2</role-name>
+ </security-role>
+ <security-role>
+ <role-name>role3</role-name>
+ </security-role>
+ <security-role>
+ <role-name>role4</role-name>
+ </security-role>
+ <security-role>
+ <role-name>role5</role-name>
+ </security-role>
+ <security-role>
+ <role-name>role6</role-name>
+ </security-role>
+ <security-role>
+ <role-name>role7</role-name>
+ </security-role>
+</web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/ejb1/MessageBean1.java b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/ejb1/MessageBean1.java
new file mode 100644
index 0000000..7d268a4
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/ejb1/MessageBean1.java
@@ -0,0 +1,32 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.simpleMultiRoleMapping.ejb1;
+
+import javax.annotation.security.RolesAllowed;
+import javax.ejb.Local;
+import javax.ejb.Stateless;
+
+@Stateless
+@Local({MessageLocal1.class})
+public class MessageBean1 implements MessageLocal1 {
+
+ //@RolesAllowed("ejbrole")
+ public String getMessage() {
+ return "Hello from ejb";
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/ejb1/MessageLocal1.java b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/ejb1/MessageLocal1.java
new file mode 100644
index 0000000..d885246
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/ejb1/MessageLocal1.java
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.simpleMultiRoleMapping.ejb1;
+
+import javax.ejb.Local;
+
+/**
+ * This is the business interface for Message enterprise bean.
+ */
+@Local
+public interface MessageLocal1 {
+ String getMessage();
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/ejb2/MessageBean2.java b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/ejb2/MessageBean2.java
new file mode 100644
index 0000000..70931a9
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/ejb2/MessageBean2.java
@@ -0,0 +1,32 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.simpleMultiRoleMapping.ejb2;
+
+import javax.annotation.security.RolesAllowed;
+import javax.ejb.Local;
+import javax.ejb.Stateless;
+
+@Stateless
+@Local({MessageLocal2.class})
+public class MessageBean2 implements MessageLocal2 {
+
+ //@RolesAllowed("ejbrole")
+ public String getMessage() {
+ return "Hello from ejb";
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/ejb2/MessageLocal2.java b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/ejb2/MessageLocal2.java
new file mode 100644
index 0000000..4a2c5f4
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/ejb2/MessageLocal2.java
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.simpleMultiRoleMapping.ejb2;
+
+import javax.ejb.Local;
+
+/**
+ * This is the business interface for Message enterprise bean.
+ */
+@Local
+public interface MessageLocal2 {
+ String getMessage();
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/goldenfiles/role1.html b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/goldenfiles/role1.html
new file mode 100644
index 0000000..0fe25f1
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/goldenfiles/role1.html
@@ -0,0 +1 @@
+Hello role1
diff --git a/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/goldenfiles/role2.html b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/goldenfiles/role2.html
new file mode 100644
index 0000000..40ff4be
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/goldenfiles/role2.html
@@ -0,0 +1 @@
+Hello role2
diff --git a/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/goldenfiles/role3.html b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/goldenfiles/role3.html
new file mode 100644
index 0000000..d91894f
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/goldenfiles/role3.html
@@ -0,0 +1 @@
+Hello role3
diff --git a/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/goldenfiles/role4.html b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/goldenfiles/role4.html
new file mode 100644
index 0000000..cd017f7
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/goldenfiles/role4.html
@@ -0,0 +1 @@
+Hello role4
diff --git a/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/goldenfiles/role7.html b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/goldenfiles/role7.html
new file mode 100644
index 0000000..951e053
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/goldenfiles/role7.html
@@ -0,0 +1 @@
+Hello role7
diff --git a/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/readme b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/readme
new file mode 100644
index 0000000..5133e3d
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/readme
@@ -0,0 +1,93 @@
+This unit test is for conflict detection and resolution among role
+mapping files. See https://glassfish.dev.java.net/issues/show_bug.cgi?id=2475.
+
+The application has a top-level mapping file and three submodules
+with their own mapping files. One module is a web module (used to
+receive client requests) and the other two are ejb modules. The ejb
+modules are only called indirectly in the initial version, but are
+needed to have more role mapping files. The tests need to test
+conflicts between mappings both submodule vs submodule and submodule
+vs top level. Conflicts are either extra mappings or fewer mappings
+to a role, and are tested with groups and principals.
+
+The tests are done by accessing the web module with addresses:
+ http://host:port/multiRoleMapping/role1
+ http://host:port/multiRoleMapping/role2
+ http://host:port/multiRoleMapping/role3
+...etc., where only a user in role1 can access the role1 url, role2 can
+access ther role2 url, etc.
+
+Using rX for roles, pX for principals, and gX for groups (a user in rXgY
+is "rXgYuser")), the mappings are below. The uses of the roles:
+
+ r1: Test that top level overrides others with principals.
+ r2: Test that top level overrides others with principals and groups.
+ r3: Test that top level is used. No mappings in submodules.
+ r4: Test that role is mapped properly when the same in all submodules.
+ r5: Test conflict with different number of mappings.
+ r6: Test conflict with different mappings, same number.
+ r7: Test no conflict when one submodule doesn't map.
+
+The top level mapping includes:
+ r1: r1p1, r1p2
+ r2: r2p1, r2g1, r2g2
+ r3: r3p1, r3g1 (not included in submodules)
+
+Module1 (ejb1):
+ r1: r1p1 (valid, but fewer than in top level)
+ r2: r2p2, r2g3 (principal and group that will not be mapped)
+ r3: (none)
+ r4: r4p1, r4g1
+ r5: r5p1, r5g1
+ r6: r6p1, r6p2
+ r7: r7p1, r7p2
+
+Module2 (ejb2):
+ r1: r1p1, r1p2 (same as top level)
+ r2: r2g1, r2g2 (both valid, but fewer than top level)
+ r3: (none)
+ r4: r4p1, r4g1
+ r5: r5p1, r5p2, r5g1 (r5p2 is extra)
+ r6: r6p1, r6g1
+ r7: (none -- absence of mapping is NOT a conflict)
+
+Module3 (web):
+ r1: r1p1, r1p2, r1p3 (r1p3 will not be mapped)
+ r2: r2p2, r2g1 (both valid, but fewer than top level)
+ r3: (none)
+ r4: r4p1, r4g1
+ r5: r5p1 (one fewer)
+ r6: r6p1, r6g1
+ r7: r7p1, r7p2
+
+Since the top-level mapping overrides other mappings, mapped and unmapped
+(for negative test) users for roles 1 through 3 are:
+
+ r1 mapped: r1p1, r1p2
+ r1 not mapped: r1p3, r2p1, r1g1user
+
+ r2 mapped: r2p1, r2g1user, r2g2user
+ r2 not mapped: r2p2, r2g3user, r1p1
+
+ r3 mapped: r3p1, r3g1
+ r3 not mapped: r3p2 (not much tested here since no conflict)
+
+For conflicts that do not involve the top-level file, the role is
+not mapped at all. Role 4 is mapped the same in all modules, so
+it is the only one mapped at all. The roles:
+
+ r4 mapped: r4p1, r4g1user
+ r5 tested: r5p1, r5p2, r5g1user
+ r6 tested: r6p1, r6p2, r6g1user
+ r7 mapped: r7p1, r7p2
+
+So, total set of users/groups to add to realm (rXpY is in 'dummy'
+group, rXgYuser is in 'rXgY' group):
+ r1p1, r1p2, r1p3, r1g1user
+ r2p1, r2p2, r2g1user, r2g2user, r2g3user
+ r3p1, r3p2, r3g1user
+ r4p1, r4g1user
+ r5p1, r5p2, r5g1user
+ r6p1, r6g1user
+ r7p1, r7p2
+
\ No newline at end of file
diff --git a/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/web/WebTest.java b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/web/WebTest.java
new file mode 100644
index 0000000..7b331b2
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/multiRoleMapping/web/WebTest.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.multiRoleMapping.web;
+
+import java.io.*;
+import java.net.*;
+
+import javax.servlet.*;
+import javax.servlet.http.*;
+
+public class WebTest extends HttpServlet {
+
+ protected void doGet(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+
+ response.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = response.getWriter();
+
+ // check roles 1 through 7
+ boolean found = false;
+ for (int i=0; i<8; i++) {
+ if (request.isUserInRole("role" + i)) {
+ found = true;
+ out.println("Hello role" + i);
+ }
+ }
+ if (!found) {
+ out.println("User '" + request.getRemoteUser() +
+ "' is not in expected role. Something's messed up.");
+ }
+ out.close();
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/build.properties b/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/build.properties
new file mode 100644
index 0000000..e638c4d
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/build.properties
@@ -0,0 +1,29 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security"/>
+<property name="app.type" value="application"/>
+<!--======= -->
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="sun-application.xml" value="descriptor/sun-application.xml"/>
+<property name="ejb-jar.xml" value="descriptor/ejb-jar.xml"/>
+<property name="sun-ejb-jar.xml" value="descriptor/sun-ejb-jar.xml"/>
+<property name="application-client.xml" value="descriptor/application-client.xml"/>
+<property name="sun-application-client.xml" value="descriptor/sun-application-client.xml"/>
+<property name="appname" value="negativeRPALoginBean"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/build.xml b/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/build.xml
new file mode 100644
index 0000000..398b889
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/build.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "file:./../../../config/run.xml">
+<!ENTITY testProperties SYSTEM "./build.properties">
+<!ENTITY commonSecurity SYSTEM "file:./../common.xml">
+]>
+
+
+<project name="negativeRealmPerApp" basedir="." default="usage">
+
+ &commonSetup;
+ &commonBuild;
+ &commonRun;
+ &testProperties;
+ &commonSecurity;
+
+ <target name="all" depends="build, deploy,run, undeploy"/>
+ <target name="clean" depends="init-common">
+ <delete dir="${build.classes.dir}"/>
+ <delete dir="${assemble.dir}"/>
+ </target>
+
+ <target name="compile" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="shopping"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="client"/>
+ </antcall>
+ </target>
+
+ <target name="build" depends="compile">
+<!-- <property name="ejbjar.classes" value="**/*Home*.class,**/*Bean*.class,**/*Data*.class,*.dbschema"/>
+-->
+ <antcall target="build-ear-common"/>
+ </target>
+
+ <target name="deploy" depends="init-common">
+ <antcall target="deploy-common"/>
+ </target>
+
+
+ <target name="run" depends="init-common">
+ <exec executable="${APPCLIENT}">
+ <arg line="-client" />
+ <arg line="${assemble.dir}/${appname}AppClient.jar"/>
+ <arg line="-textauth" />
+ <arg line="-user j2ee" />
+ <arg line="-password j2ee" />
+ <env key="VMARGS" value="-Dj2eelogin.name=j2ee -Dj2eelogin.password=j2ee" />
+ </exec>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-common"/>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/client/MANIFEST.MF b/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/client/MANIFEST.MF
new file mode 100644
index 0000000..5610a62
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/client/MANIFEST.MF
@@ -0,0 +1,4 @@
+Manifest-Version: 1.0
+Created-By: Apache Ant 1.5
+Main-Class: shopping.NegativeRPAClient
+
diff --git a/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/client/NegativeRPAClient.java b/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/client/NegativeRPAClient.java
new file mode 100644
index 0000000..3e2dca5
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/client/NegativeRPAClient.java
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 2002, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package shopping;
+
+import java.io.*;
+import java.util.*;
+import javax.ejb.EJBHome;
+import javax.naming.*;
+import javax.rmi.PortableRemoteObject;
+import org.omg.CORBA.ORB;
+import com.sun.enterprise.security.LoginContext;
+//import com.sun.enterprise.security.auth.login.common.LoginException;
+import java.rmi.RemoteException;
+import java.security.*;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+
+public class NegativeRPAClient {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+
+ public static void main (String[] args) {
+
+ NegativeRPAClient client = new NegativeRPAClient(args);
+ client.doTest();
+ }
+
+ public NegativeRPAClient(String[] args) {
+ //super(args);
+ }
+
+ public String doTest() {
+
+ NegativeRPARemote hr=null;
+ String res=null;
+ Context ic = null;
+ LoginContext lc=null;
+ NegativeRPAHome home=null;
+ String testId = "Sec::NegativeTest-Realm per app";
+ try{
+ stat.addDescription("Security::NegativeTest - Realm per app");
+ ic = new InitialContext();
+ // create EJB using factory from container
+ java.lang.Object objref = ic.lookup("negativeRPALoginBean");
+
+ System.err.println("Looked up home!!");
+
+ home = (NegativeRPAHome)PortableRemoteObject.narrow(
+ objref, NegativeRPAHome.class);
+ System.err.println("Narrowed home!!");
+
+ hr = home.create("LizHurley");
+ System.out.println("Got the EJB!!");
+ System.out.println ("Calling authorized method - addItem");
+ hr.addItem("lipstick", 30);
+ System.out.println("NegativeRPA:StatefulLoginBean Test Failed");
+ res = "FAIL";
+ }catch (Exception ex) {
+ // should get a login exception
+ //ex.printStackTrace();
+ if(ex instanceof java.rmi.AccessException){
+ System.out.println(" Got java.rmi.AccessException !! ");
+ System.out.println("NegativeRPA:StatefulLoginBean Test Passed: Exception expected");
+ res="PASS";
+ stat.addStatus(testId, stat.PASS);
+
+ } else {
+ System.out.println("NegativeRPA:StatefulLoginBean Test Failed");
+ res = "FAIL";
+ stat.addStatus(testId, stat.FAIL);
+ }
+ } finally {
+ stat.printSummary();
+ }
+
+ return res;
+
+ }
+
+
+ public final static String helloStr = "Hello NegativeRPA!!!";
+}
+
diff --git a/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/descriptor/application-client.xml b/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/descriptor/application-client.xml
new file mode 100644
index 0000000..9656667
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/descriptor/application-client.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE application-client PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application Client 1.3//EN" "http://java.sun.com/dtd/application-client_1_3.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application-client>
+ <display-name>negativeRPALoginBean-client</display-name>
+ <description>Stateful Login Bean checking j2eelogin.name and j2eelogin.password properties</description>
+ <ejb-ref>
+ <ejb-ref-name>ejb/negativeRPALoginBean</ejb-ref-name>
+ <ejb-ref-type>Session</ejb-ref-type>
+ <home>shopping.NegativeRPAHome</home>
+ <remote>shopping.NegativeRPARemote</remote>
+ </ejb-ref>
+</application-client>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/descriptor/application.xml b/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/descriptor/application.xml
new file mode 100644
index 0000000..6578ba6
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/descriptor/application.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE application PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application 1.3//EN" "http://java.sun.com/dtd/application_1_3.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application>
+ <display-name>negativeRPALoginBean</display-name>
+ <module>
+ <ejb>negativeRPALoginBean-ejb.jar</ejb>
+ </module>
+ <module>
+ <java>negativeRPALoginBean-client.jar</java>
+ </module>
+</application>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/descriptor/ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/descriptor/ejb-jar.xml
new file mode 100644
index 0000000..63d9ffc
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/descriptor/ejb-jar.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 2.0//EN" "http://java.sun.com/dtd/ejb-jar_2_0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<ejb-jar>
+ <display-name>Ejb1</display-name>
+ <enterprise-beans>
+ <session>
+ <display-name>negativeRPALoginBean</display-name>
+ <ejb-name>negativeRPALoginBean</ejb-name>
+ <home>shopping.NegativeRPAHome</home>
+ <remote>shopping.NegativeRPARemote</remote>
+ <ejb-class>shopping.NegativeRPABean</ejb-class>
+ <session-type>Stateful</session-type>
+ <transaction-type>Container</transaction-type>
+ <security-role-ref>
+ <role-name>EMP</role-name>
+ <role-link>Employee</role-link>
+ </security-role-ref>
+ <security-role-ref>
+ <role-name>STAFF</role-name>
+ <role-link>Employee</role-link>
+ </security-role-ref>
+ <security-identity>
+ <use-caller-identity/>
+ </security-identity>
+ </session>
+ </enterprise-beans>
+ <assembly-descriptor>
+ <security-role>
+ <role-name>Employee</role-name>
+ </security-role>
+ </assembly-descriptor>
+</ejb-jar>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/descriptor/sun-application-client.xml b/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/descriptor/sun-application-client.xml
new file mode 100644
index 0000000..5d273a9
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/descriptor/sun-application-client.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application-client PUBLIC "-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 Application Client 1.3//EN" "http://www.sun.com/software/sunone/appserver/dtds/sun-application-client_1_3-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application-client>
+<ejb-ref>
+<ejb-ref-name>ejb/negativeRPALoginBean</ejb-ref-name>
+<jndi-name>negativeRPALoginBean</jndi-name>
+</ejb-ref>
+</sun-application-client>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/descriptor/sun-application.xml b/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/descriptor/sun-application.xml
new file mode 100644
index 0000000..781c5b1
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/descriptor/sun-application.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application PUBLIC "-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 J2EE Application 1.4//EN" "http://www.sun.com/software/sunone/appserver/dtds/sun-application_1_4-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application>
+ <unique-id>0</unique-id>
+ <security-role-mapping>
+ <role-name>Administrator</role-name>
+ <principal-name>harry</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>Employee</role-name>
+ <principal-name>harpreet</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>Manager</role-name>
+ <principal-name>harpreet</principal-name>
+ </security-role-mapping>
+ <realm>unavailable</realm>
+</sun-application>
diff --git a/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/descriptor/sun-ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/descriptor/sun-ejb-jar.xml
new file mode 100644
index 0000000..8160e7e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/descriptor/sun-ejb-jar.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 EJB 2.0//EN" "http://www.sun.com/software/sunone/appserver/dtds/sun-ejb-jar_2_0-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-ejb-jar>
+<enterprise-beans>
+<unique-id>0</unique-id>
+<ejb>
+<ejb-name>negativeRPALoginBean</ejb-name>
+<jndi-name>negativeRPALoginBean</jndi-name>
+<ior-security-config>
+<transport-config>
+<integrity>supported</integrity>
+<confidentiality>supported</confidentiality>
+<establish-trust-in-target>supported</establish-trust-in-target>
+<establish-trust-in-client>supported</establish-trust-in-client>
+</transport-config>
+<as-context>
+<auth-method>username_password</auth-method>
+<realm>default</realm>
+<required>true</required>
+</as-context>
+<sas-context>
+<caller-propagation>supported</caller-propagation>
+</sas-context>
+</ior-security-config>
+<gen-classes/>
+</ejb>
+</enterprise-beans>
+</sun-ejb-jar>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/shopping/NegativeRPABean.java b/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/shopping/NegativeRPABean.java
new file mode 100644
index 0000000..d126ae5
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/shopping/NegativeRPABean.java
@@ -0,0 +1,100 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+/*
+ * ShoppingEJB.java
+ *
+ * Created on May 15, 2003, 5:16 PM
+ */
+
+package shopping;
+
+import java.rmi.RemoteException;
+import java.util.Iterator;
+import java.util.Vector;
+import javax.ejb.EJBException;
+import javax.ejb.SessionBean;
+import javax.ejb.SessionContext;
+
+/**
+ *
+ * @author Harpreet Singh
+ */
+
+public class NegativeRPABean implements SessionBean {
+
+ private String shopper = "anonymous";
+ private String principal = "j2ee";
+ private int totalPrice = 0;
+
+ private int totalItems = 0;
+
+ private Vector items;
+
+ private Vector itemPrice;
+
+ private SessionContext sc = null;
+
+ /** Creates a new instance of ShoppingEJB */
+ public void ejbCreate(String shopperName) {
+ shopper = shopperName;
+ items = new Vector();
+ itemPrice = new Vector();
+ }
+
+ public void addItem(java.lang.String item, int price) throws EJBException,
+ RemoteException{
+ // this method should be uncallable.
+ throw new EJBException("Method should be uncallable ");
+ }
+
+ public void deleteItem(java.lang.String item) throws EJBException,
+ RemoteException{
+ // this method should be uncallable.
+ throw new EJBException("Method should be uncallable ");
+
+ }
+
+ public double getTotalCost() throws EJBException{
+ // this method should be uncallable.
+ throw new EJBException("Method should be uncallable ");
+ }
+
+ public String[] getItems() throws EJBException{
+ // this method should be uncallable.
+ throw new EJBException("Method should be uncallable ");
+ }
+
+ public void ejbActivate() {
+ System.out.println("In ShoppingCart ejbActivate");
+ }
+
+
+ public void ejbPassivate() {
+ System.out.println("In ShoppingCart ejbPassivate");
+ }
+
+
+ public void ejbRemove() {
+ System.out.println("In ShoppingCart ejbRemove");
+ }
+
+
+ public void setSessionContext(SessionContext sessionContext) {
+ sc = sessionContext;
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/shopping/NegativeRPAHome.java b/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/shopping/NegativeRPAHome.java
new file mode 100644
index 0000000..aaa89cc
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/shopping/NegativeRPAHome.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+/*
+ * NegativeRPAHome.java
+ *
+ */
+
+package shopping;
+import javax.ejb.EJBHome;
+import shopping.NegativeRPARemote;
+/**
+ *
+ * @author Harpreet Singh
+ * @version
+ */
+public interface NegativeRPAHome extends EJBHome{
+
+ public NegativeRPARemote create(java.lang.String shopperName)
+ throws java.rmi.RemoteException, javax.ejb.CreateException;
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/shopping/NegativeRPARemote.java b/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/shopping/NegativeRPARemote.java
new file mode 100644
index 0000000..c65f0fe
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/negativeRealmPerApp/shopping/NegativeRPARemote.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+/*
+ * NegativeRPARemote.java
+ *
+ * Created on May 15, 2003, 5:09 PM
+ */
+
+package shopping;
+import javax.ejb.EJBObject;
+/**
+ * Negative RealmPerAPP Stateful Session Bean.
+ * Tries to log into a non existent realm
+ * All methods should be uncallableN
+ * @author Harpreet Singh
+ */
+public interface NegativeRPARemote extends EJBObject {
+
+ public void addItem(java.lang.String item, int price) throws java.rmi.RemoteException;
+
+ public void deleteItem(java.lang.String item) throws java.rmi.RemoteException;
+
+ public double getTotalCost() throws java.rmi.RemoteException;
+
+ public java.lang.String[] getItems() throws java.rmi.RemoteException;
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/pamrealm/README b/appserver/tests/appserv-tests/devtests/security/pamrealm/README
new file mode 100644
index 0000000..711b5a2
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/pamrealm/README
@@ -0,0 +1,15 @@
+This test is used to verify the PamRealm. When a webapplication is configured using this realm,
+the Unix username and password are authenticated. The role should be mapped to a Unix user/group in the sun-web.xml
+
+The test client uses httpclient for simulating a Httprequest and basic auth challenge.
+
+It is important to note that Glassfish must be run as root if Unix realm is used.
+If a non-root user is used for running Glassfish, then then user must be able to access /etc/shadow file (must belong to the shadow nix group)
+
+The default setting assumes that there is a Unix login - unixuser
+with password 'password'.
+If such a user does not exist, please create the user using the Unix command - 'useradd -p password unixuser' or the GUI, as applicable.
+
+If a different Unix user/password is used for testing, please modify build.properties and sun-web.xml to reflect the unix username.
+
+Note: The newly added user must have the sudoers privilege to get the test working.
diff --git a/appserver/tests/appserv-tests/devtests/security/pamrealm/build.properties b/appserver/tests/appserv-tests/devtests/security/pamrealm/build.properties
new file mode 100644
index 0000000..19a9b1d
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/pamrealm/build.properties
@@ -0,0 +1,31 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="sec"/>
+<property name="app.type" value="web"/>
+<property name="contextroot" value="pamrealmsimpleweb"/>
+
+<!--======= -->
+<property name="web.xml" value="descriptor/web.xml"/>
+<property name="sun-web.xml" value="descriptor/sun-web.xml"/>
+<property name="appname" value="pamrealmweb"/>
+<property name="host" value="localhost"/>
+<property name="port" value="8080"/>
+<property name="username" value="unixuser"/>
+<property name="password" value="password"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/pamrealm/build.xml b/appserver/tests/appserv-tests/devtests/security/pamrealm/build.xml
new file mode 100644
index 0000000..8e26e7e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/pamrealm/build.xml
@@ -0,0 +1,126 @@
+<?xml version="1.0"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "file:./../../../config/run.xml">
+<!ENTITY testProperties SYSTEM "./build.properties">
+]>
+
+
+<project name="pamrealm" basedir="." default="usage">
+
+ &commonSetup;
+ &commonBuild;
+ &commonRun;
+ &testProperties;
+
+ <path id="pamclient.class.path">
+ <pathelement location="lib/commons-httpclient-3.1.jar"/>
+ <pathelement path="${s1astest.classpath}"/>
+ </path>
+
+
+ <target name="all" depends="build, setup, deploy, run, undeploy, unsetup"/>
+ <target name="clean" depends="init-common">
+ <delete dir="${build.classes.dir}"/>
+ <delete dir="${assemble.dir}"/>
+ </target>
+
+ <target name="compile-pam" depends="init-common">
+ <mkdir dir="${build.classes.dir}"/>
+ <echo message="Compiling test source files"
+ level="verbose"/>
+ <mkdir dir="${src}"/>
+ <javac srcdir="${src}"
+ destdir="${build.classes.dir}"
+ debug="on"
+ failonerror="true">
+ <classpath refid="pamclient.class.path"/>
+ </javac>
+ </target>
+
+
+ <target name="compile" depends="clean">
+ <antcall target="compile-pam">
+ <param name="src" value="client/src"/>
+ </antcall>
+ </target>
+
+ <target name="build" depends="compile">
+ <antcall target="webclient-war-common">
+ <param name="hasWebclient" value="true"/>
+ </antcall>
+ </target>
+
+ <target name="setup" depends="init-common">
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="create-auth-realm" />
+ <param name="operand.props" value="--classname com.sun.enterprise.security.auth.realm.pam.PamRealm --property jaas-context=pamRealm pam"/>
+ </antcall>
+ </target>
+
+ <target name="deploy" depends="init-common">
+ <antcall target="deploy-war-common">
+ <param name="env.REGULAR" value="true"/>
+ </antcall>
+ </target>
+
+ <target name="run" depends="init-common">
+ <java classname="com.sun.pamrealm.test.PamBasicAuthTest">
+ <classpath>
+ <pathelement location="lib/commons-httpclient-3.1.jar"/>
+ <pathelement location="lib/commons-logging-1.1.1.jar"/>
+ <pathelement location="lib/commons-codec-1.4.jar"/>
+ <pathelement path="${s1astest.classpath}"/>
+ <!-- <pathelement location="${assemble.dir}/*.war"/>-->
+ </classpath>
+ <arg value="${host}"/>
+ <arg value="${port}"/>
+ <arg value="${username}"/>
+ <arg value="${password}"/>
+
+ </java>
+
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-war-common">
+ <param name="env.REGULAR" value="true"/>
+ </antcall>
+ </target>
+
+ <target name="unsetup" depends="init-common">
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-auth-realm" />
+ <param name="operand.props" value="pam" />
+ </antcall>
+ <!-- <antcall target="reconfig-common"/>-->
+ </target>
+
+ <target name="usage">
+ <antcall target="undeploy-war-common"/>
+
+ </target>
+
+ <target name="restart">
+ <antcall target="restart-server-instance-common"/>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/pamrealm/client/src/com/sun/pamrealm/test/PamBasicAuthTest.java b/appserver/tests/appserv-tests/devtests/security/pamrealm/client/src/com/sun/pamrealm/test/PamBasicAuthTest.java
new file mode 100644
index 0000000..d2af0a2
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/pamrealm/client/src/com/sun/pamrealm/test/PamBasicAuthTest.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.pamrealm.test;
+
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.UsernamePasswordCredentials;
+import org.apache.commons.httpclient.methods.GetMethod;
+import org.apache.commons.httpclient.auth.AuthScope;
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+public class PamBasicAuthTest {
+
+ public static final int DEFAULT_HTTP_PORT = 8080;
+ public static final String DEFAULT_HOST = "localhost";
+ public static final String CONTEXT_ROOT = "pamrealmsimpleweb";
+ public static final String testId = "SEC: PamRealm";
+ public static final String EXPECTED_RESPONSE = "This is a protected page";
+
+ public static void main(String args[]) {
+ SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+
+ // The stat reporter writes out the test info and results
+ // into the top-level quicklook directory during a run.
+
+ stat.addDescription("PamRealm Web Authentication Test");
+
+ HttpClient client = new HttpClient();
+
+ String host = args[0];
+
+ if (host == null) {
+ host = DEFAULT_HOST;
+ }
+
+ String strPort = args[1];
+
+ Integer port;
+ try {
+ port = Integer.valueOf(strPort);
+ } catch (Exception e) {
+ port = DEFAULT_HTTP_PORT;
+ }
+
+ String userName = args[2];//username
+ String password = args[3];//password
+
+ client.getState().setCredentials(new AuthScope(host, port, "pam"), new UsernamePasswordCredentials(userName, password));
+
+ String url = "http://" + host + ":" + port + "/" + CONTEXT_ROOT;
+
+ GetMethod get = new GetMethod(url);
+ get.setDoAuthentication(true);
+ String response = "";
+ try {
+ int status = client.executeMethod(get);
+ response = get.getResponseBodyAsString();
+ System.out.println("Obtained response.." + response);
+ } catch (Exception ex) {
+ ex.printStackTrace();
+ stat.addStatus(testId, stat.FAIL);
+ }
+ if (response.trim().equals(EXPECTED_RESPONSE.trim())) {
+ stat.addStatus(testId, stat.PASS);
+ System.out.println("PASS");
+ } else {
+ stat.addStatus(testId, stat.FAIL);
+ System.out.println("FAIL");
+
+ }
+ stat.printSummary();
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/pamrealm/descriptor/sun-web.xml b/appserver/tests/appserv-tests/devtests/security/pamrealm/descriptor/sun-web.xml
new file mode 100644
index 0000000..7b50055
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/pamrealm/descriptor/sun-web.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Servlet 2.5//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-web-app>
+ <context-root>/pamtest</context-root>
+ <security-role-mapping>
+ <role-name>tester</role-name>
+ <principal-name>unixuser</principal-name>
+ </security-role-mapping>
+</sun-web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/pamrealm/descriptor/web.xml b/appserver/tests/appserv-tests/devtests/security/pamrealm/descriptor/web.xml
new file mode 100644
index 0000000..38780bf
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/pamrealm/descriptor/web.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
+
+ <welcome-file-list>
+ <welcome-file>index.jsp</welcome-file>
+ </welcome-file-list>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>test</web-resource-name>
+ <description/>
+ <url-pattern>/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <description/>
+ <role-name>tester</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>pam</realm-name>
+ </login-config>
+ <security-role>
+ <description/>
+ <role-name>tester</role-name>
+ </security-role>
+ </web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/pamrealm/docroot/index.jsp b/appserver/tests/appserv-tests/devtests/security/pamrealm/docroot/index.jsp
new file mode 100644
index 0000000..222539a
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/pamrealm/docroot/index.jsp
@@ -0,0 +1,19 @@
+<%--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+--%>
+
+This is a protected page
diff --git a/appserver/tests/appserv-tests/devtests/security/pamrealm/lib/commons-codec-1.4.jar b/appserver/tests/appserv-tests/devtests/security/pamrealm/lib/commons-codec-1.4.jar
new file mode 100644
index 0000000..458d432
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/pamrealm/lib/commons-codec-1.4.jar
Binary files differ
diff --git a/appserver/tests/appserv-tests/devtests/security/pamrealm/lib/commons-httpclient-3.1.jar b/appserver/tests/appserv-tests/devtests/security/pamrealm/lib/commons-httpclient-3.1.jar
new file mode 100644
index 0000000..7c59774
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/pamrealm/lib/commons-httpclient-3.1.jar
Binary files differ
diff --git a/appserver/tests/appserv-tests/devtests/security/pamrealm/lib/commons-logging-1.1.1.jar b/appserver/tests/appserv-tests/devtests/security/pamrealm/lib/commons-logging-1.1.1.jar
new file mode 100644
index 0000000..8758a96
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/pamrealm/lib/commons-logging-1.1.1.jar
Binary files differ
diff --git a/appserver/tests/appserv-tests/devtests/security/pamrealm/web/index.jsp b/appserver/tests/appserv-tests/devtests/security/pamrealm/web/index.jsp
new file mode 100644
index 0000000..7bd5dfc
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/pamrealm/web/index.jsp
@@ -0,0 +1,21 @@
+<%--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+--%>
+
+<html>
+ This is a protected page
+</html>
diff --git a/appserver/tests/appserv-tests/devtests/security/plogin/build.properties b/appserver/tests/appserv-tests/devtests/security/plogin/build.properties
new file mode 100644
index 0000000..2d280c9
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/plogin/build.properties
@@ -0,0 +1,22 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security"/>
+<property name="sub-module" value="${module}-plogin"/>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/plogin/build.xml b/appserver/tests/appserv-tests/devtests/security/plogin/build.xml
new file mode 100644
index 0000000..e9dd4a7
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/plogin/build.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../config/common.xml">
+<!ENTITY reporting SYSTEM "file:./../report.xml">
+<!ENTITY run SYSTEM "file:./../../../config/run.xml">
+]>
+
+<project name="plogin" default="usage" basedir=".">
+
+ &commonSetup;
+ &commonBuild;
+ &reporting;
+ &run;
+
+ <target name="all">
+ <ant dir="standalone" target="all"/>
+ </target>
+
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/plogin/standalone/build.properties b/appserver/tests/appserv-tests/devtests/security/plogin/standalone/build.properties
new file mode 100644
index 0000000..d4da528
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/plogin/standalone/build.properties
@@ -0,0 +1,31 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security"/>
+<property name="sub-module" value="${module}-plogin-standalone"/>
+<property name="appname" value="${sub-module}"/>
+
+<property name="assemble" value="${build.classes.dir}/archive"/>
+
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="sun-application.xml" value="descriptor/sun-application.xml"/>
+
+<property name="ejb-jar.xml" value="descriptor/ejb-jar.xml"/>
+<property name="sun-ejb-jar.xml" value="descriptor/sun-ejb-jar.xml"/>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/plogin/standalone/build.xml b/appserver/tests/appserv-tests/devtests/security/plogin/standalone/build.xml
new file mode 100644
index 0000000..f1c2f92
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/plogin/standalone/build.xml
@@ -0,0 +1,174 @@
+<?xml version="1.0"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "file:./../../../../config/run.xml">
+<!ENTITY testProperties SYSTEM "./build.properties">
+<!ENTITY commonSecurity SYSTEM "file:./../../common.xml">
+]>
+
+
+<project name="plogin-standalone" basedir="." default="usage">
+
+ &commonSetup;
+ &commonBuild;
+ &commonRun;
+ &testProperties;
+ &commonSecurity;
+
+ <target name="usage">
+ <echo>
+ Usage:
+ ant all (Executes all standalone programmatic login tests)
+ </echo>
+ </target>
+
+ <target name="all" depends="build, setup, deploy,run, undeploy, unsetup">
+ </target>
+
+ <target name="clean" depends="init-common">
+ <antcall target="clean-common"/>
+ </target>
+
+ <target name="compile" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="ejb"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="client"/>
+ </antcall>
+ </target>
+
+ <target name="build" depends="compile">
+ <antcall target="build-ear-common"/>
+ </target>
+
+ <target name="deploy" depends="init-common">
+ <antcall target="deploy-common"/>
+ </target>
+
+ <target name="run" depends="init-common">
+ <antcall target="run-standalone-client"/>
+ </target>
+
+ <target name="echo" depends="init-common">
+ <echo message="as.props = ${as.props}"/>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-common"/>
+ </target>
+
+ <target name="setup" depends="init-common">
+ <antcall target="create-auth-filerealm">
+ <param name="file.realm.name" value="file2"/>
+ <param name="keyfile.path" value="${admin.domain.dir}/${admin.domain}/config/keyfile2"/>
+ </antcall>
+ <!--<antcall target="reconfig-common"/>-->
+
+ <antcall target="create-user-common">
+ <param name="user" value="chief"/>
+ <param name="password" value="chief"/>
+ <param name="groups" value="boss"/>
+ <param name="authrealmname" value="file2"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="testy"/>
+ <param name="password" value="testy"/>
+ <param name="groups" value="employee"/>
+ <param name="authrealmname" value="file2"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="testy2"/>
+ <param name="password" value="testy2"/>
+ <param name="groups" value="employee"/>
+ <param name="authrealmname" value="file2"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="testy3"/>
+ <param name="password" value="testy3"/>
+ <param name="groups" value="employee"/>
+ <param name="authrealmname" value="file2"/>
+ </antcall>
+ </target>
+
+ <target name="unsetup" depends="init-common">
+ <antcall target="delete-user-common">
+ <param name="user" value="chief"/>
+ <param name="authrealmname" value="file2"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="testy"/>
+ <param name="authrealmname" value="file2"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="testy2"/>
+ <param name="authrealmname" value="file2"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="testy3"/>
+ <param name="authrealmname" value="file2"/>
+ </antcall>
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-auth-realm" />
+ <param name="operand.props" value="file2"/>
+ </antcall>
+ </target>
+
+ <target name="run-standalone-client" depends="init-common">
+ <antcall target="run-standalone-client-per-thread"/>
+ <antcall target="run-standalone-client-per-process"/>
+ </target>
+
+ <target name="run-standalone-client-per-thread" depends="init-common">
+
+ <echo message="Running standalone client per-thread ..."/>
+
+ <java classname="PLoginTest"
+ classpath="${admin.domain.dir}/../lib/appserv-rt.jar:${s1astest.classpath}:${assemble.dir}/${appname}AppClient.jar" fork="true">
+ <jvmarg value="-Djava.security.auth.login.config=${admin.domain.dir}/../lib/appclient/appclientlogin.conf"/>
+ <jvmarg value="-Dorg.omg.CORBA.ORBInitialHost=${admin.host}"/>
+ <jvmarg value="-Dorg.omg.CORBA.ORBInitialPort=${orb.port}"/>
+ <jvmarg value="-Dcom.sun.appserv.iiopclient.perthreadauth=true"/>
+
+ <arg value="1"/>
+ <arg value="100"/>
+ </java>
+ </target>
+
+ <target name="run-standalone-client-per-process" depends="init-common">
+
+ <echo message="Running standalone client per-process ..."/>
+
+ <java classname="PLoginTest"
+ classpath="${admin.domain.dir}/../lib/appserv-rt.jar:${s1astest.classpath}:${assemble.dir}/${appname}AppClient.jar" fork="true">
+ <jvmarg value="-Djava.security.auth.login.config=${admin.domain.dir}/../lib/appclient/appclientlogin.conf"/>
+ <jvmarg value="-Dorg.omg.CORBA.ORBInitialHost=${admin.host}"/>
+ <jvmarg value="-Dorg.omg.CORBA.ORBInitialPort=${orb.port}"/>
+
+ <arg value="1"/>
+ <arg value="100"/>
+
+ </java>
+ </target>
+
+
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/plogin/standalone/client/MANIFEST.MF b/appserver/tests/appserv-tests/devtests/security/plogin/standalone/client/MANIFEST.MF
new file mode 100644
index 0000000..7af180f
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/plogin/standalone/client/MANIFEST.MF
@@ -0,0 +1,4 @@
+Manifest-Version: 1.0
+Created-By: 1.4.0 (Sun Microsystems Inc.)
+
+
diff --git a/appserver/tests/appserv-tests/devtests/security/plogin/standalone/client/PLoginTest.java b/appserver/tests/appserv-tests/devtests/security/plogin/standalone/client/PLoginTest.java
new file mode 100644
index 0000000..8f4b792
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/plogin/standalone/client/PLoginTest.java
@@ -0,0 +1,340 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+import com.sun.appserv.security.ProgrammaticLogin;
+import javax.naming.InitialContext;
+import javax.rmi.PortableRemoteObject;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+import java.util.Random;
+import java.util.Set;
+import java.util.HashSet;
+
+abstract class MyThreadBase extends Thread {
+
+ public static int LOOP_COUNT = 100;
+
+ private static Random random = new Random();
+
+ protected String username = null;
+ protected String password = null;
+
+ private String ejbLookupName = null;
+ private int counter = 0;
+ private boolean passFail = false;
+
+ protected MySession1Remote my1r = null;
+
+ public MyThreadBase(String username, String password,
+ String ejbLookupName, String threadName) {
+
+ super(threadName);
+
+ this.username = username;
+ this.password = password;
+ this.ejbLookupName = ejbLookupName;
+ }
+
+ public boolean passOrFail() {
+ return passFail;
+ }
+
+ public void run() {
+
+ try {
+ run0();
+ // test passed
+ passFail = true;
+ } catch(Exception e) {
+ // test failed
+ passFail = false;
+ //System.out.println("Thread died: " + Thread.currentThread().getName());
+ e.printStackTrace();
+ }
+
+ }
+
+ private void run0() throws Exception {
+
+ counter=0;
+ while(counter++<LOOP_COUNT) {
+
+ doLogin();
+
+ try {
+ // Give time for other thread to foul up the login of this thread
+ Thread.sleep(100);
+ } catch(Exception e) {
+ }
+
+ InitialContext ctx = new InitialContext();
+
+ Object o = ctx.lookup(ejbLookupName);
+
+ MySession1RemoteHome my1rh = (MySession1RemoteHome)
+ PortableRemoteObject.narrow(o, MySession1RemoteHome.class);
+
+ my1r = my1rh.create();
+ String retval = doBusiness();
+
+ System.out.println(Thread.currentThread().getName() + " - " + retval);
+ System.out.flush();
+
+ doLogout();
+
+ try {
+ // Give time for other thread to
+ Thread.sleep(random.nextInt(100));
+ } catch(Exception e) {
+ }
+ }
+ }
+
+ public abstract String doBusiness() throws Exception ;
+ protected abstract void doLogin();
+ protected abstract void doLogout();
+}
+
+
+abstract class LoginBusinessCallerBase extends MyThreadBase {
+
+ ProgrammaticLogin login = null;
+
+ public LoginBusinessCallerBase(String username, String password,
+ String ejbLookupName, String threadName) {
+ super(username, password, ejbLookupName, threadName);
+ }
+
+ protected void doLogin() {
+ login = new ProgrammaticLogin();
+ login.login(username,password);
+ }
+
+ protected void doLogout() {
+ login.logout();
+ }
+}
+
+abstract class NoLoginBusinessCallerBase extends MyThreadBase {
+
+ public NoLoginBusinessCallerBase(String username, String password,
+ String ejbLookupName, String threadName) {
+ super(username, password, ejbLookupName, threadName);
+ }
+
+ protected void doLogin() {
+ //nop
+ }
+
+ protected void doLogout() {
+ //nop
+ }
+}
+
+class LoginBusinessCaller extends LoginBusinessCallerBase {
+
+ public LoginBusinessCaller(String username, String password,
+ String ejbLookupName, String threadName) {
+ super(username, password, ejbLookupName, threadName);
+ }
+
+ public String doBusiness() throws Exception {
+ return my1r.businessMethod("0th dude");
+ }
+}
+
+class LoginBusinessCaller2 extends LoginBusinessCallerBase {
+
+ public LoginBusinessCaller2(String username, String password,
+ String ejbLookupName, String threadName) {
+ super(username, password, ejbLookupName, threadName);
+ }
+
+ public String doBusiness() throws Exception {
+ return my1r.businessMethod2("2nd dudess");
+ }
+}
+
+class LoginBusinessCaller3 extends LoginBusinessCallerBase {
+
+ public LoginBusinessCaller3(String username, String password,
+ String ejbLookupName, String threadName) {
+ super(username, password, ejbLookupName, threadName);
+ }
+
+ public String doBusiness() throws Exception {
+ return my1r.businessMethod3("3rd fellow");
+ }
+}
+
+class NoLoginBusinessCaller extends NoLoginBusinessCallerBase {
+
+ public NoLoginBusinessCaller(String username, String password,
+ String ejbLookupName, String threadName) {
+ super(username, password, ejbLookupName, threadName);
+ }
+
+ public String doBusiness() throws Exception {
+ return my1r.businessMethod("0th dude");
+ }
+}
+
+class NoLoginBusinessCaller2 extends NoLoginBusinessCallerBase {
+
+ public NoLoginBusinessCaller2(String username, String password,
+ String ejbLookupName, String threadName) {
+ super(username, password, ejbLookupName, threadName);
+ }
+
+ public String doBusiness() throws Exception {
+ return my1r.businessMethod2("2nd dudess");
+ }
+}
+
+class NoLoginBusinessCaller3 extends NoLoginBusinessCallerBase {
+
+ public NoLoginBusinessCaller3(String username, String password,
+ String ejbLookupName, String threadName) {
+ super(username, password, ejbLookupName, threadName);
+ }
+
+ public String doBusiness() throws Exception {
+ return my1r.businessMethod3("3rd fella");
+ }
+}
+
+public class PLoginTest {
+
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+
+ public static void main(String[] args) throws Exception {
+
+ Boolean b = Boolean.getBoolean("com.sun.appserv.iiopclient.perthreadauth");
+ int numThreads = Integer.valueOf(args[0]);
+ MyThreadBase.LOOP_COUNT = Integer.valueOf(args[1]);
+
+ if( b )
+ perThreadTest(numThreads);
+ else
+ perProcessTest(numThreads);
+ }
+
+ private static void perThreadTest(int numThreads) throws Exception {
+
+ Set<MyThreadBase> threadSet = new HashSet<MyThreadBase>();
+
+ for(int i=0; i<numThreads; i++) {
+
+ LoginBusinessCaller t1 =
+ new LoginBusinessCaller("testy", "testy", "ejb/MySession1Bean",
+ "THREAD-"+"1-"+i);
+ LoginBusinessCaller2 t2 =
+ new LoginBusinessCaller2("testy2", "testy2", "ejb/MySession1Bean",
+ "THREAD-"+"2-"+i);
+ LoginBusinessCaller3 t3 =
+ new LoginBusinessCaller3("testy3", "testy3", "ejb/MySession1Bean",
+ "THREAD-"+"3-"+i);
+
+ threadSet.add(t1);
+ threadSet.add(t2);
+ threadSet.add(t3);
+
+ t2.start();
+ t1.start();
+ t3.start();
+
+ }
+
+ System.out.println("Number of threads started: " + threadSet.size());
+
+ for(MyThreadBase t : threadSet ) {
+ t.join();
+ }
+
+ boolean result = true;
+ for(MyThreadBase t : threadSet ) {
+ result = result && t.passOrFail();
+ if( ! result )
+ break;
+ }
+
+ stat.addDescription("Programmatic Login per thread test");
+ String testId = "Plogin per thread test";
+ if( result ) {
+ stat.addStatus(testId, stat.PASS);
+ } else {
+ stat.addStatus(testId, stat.FAIL);
+ }
+ stat.printSummary(testId);
+
+ }
+
+ private static void perProcessTest(int numThreads) throws Exception {
+
+ Set<MyThreadBase> threadSet = new HashSet<MyThreadBase>();
+
+ ProgrammaticLogin login = new ProgrammaticLogin();
+ login.login("chief", "chief");
+
+ for(int i=0; i<numThreads; i++) {
+
+ NoLoginBusinessCaller t1 =
+ new NoLoginBusinessCaller("testy", "testy", "ejb/MySession1Bean",
+ "THREAD-"+"1-"+i);
+ NoLoginBusinessCaller2 t2 =
+ new NoLoginBusinessCaller2("testy2", "testy2", "ejb/MySession1Bean",
+ "THREAD-"+"2-"+i);
+ NoLoginBusinessCaller3 t3 =
+ new NoLoginBusinessCaller3("testy3", "testy3", "ejb/MySession1Bean",
+ "THREAD-"+"3-"+i);
+
+ threadSet.add(t1);
+ threadSet.add(t2);
+ threadSet.add(t3);
+
+ t2.start();
+ t1.start();
+ t3.start();
+
+ }
+
+ for(MyThreadBase t : threadSet ) {
+ t.join();
+ }
+
+ boolean result = true;
+ for(MyThreadBase t : threadSet ) {
+ result = result && t.passOrFail();
+ if( ! result )
+ break;
+ }
+
+ stat.addDescription("Programmatic Login per process test");
+
+ String testId = "Plogin per process test";
+ if( result ) {
+ stat.addStatus(testId, stat.PASS);
+ } else {
+ stat.addStatus(testId, stat.FAIL);
+ }
+ stat.printSummary(testId);
+
+ }
+
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/plogin/standalone/descriptor/application.xml b/appserver/tests/appserv-tests/devtests/security/plogin/standalone/descriptor/application.xml
new file mode 100644
index 0000000..8c16529
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/plogin/standalone/descriptor/application.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application version="1.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/application_1_4.xsd">
+ <display-name>security-plogin-ejb-app</display-name>
+ <module>
+ <ejb>security-plogin-standalone-ejb.jar</ejb>
+ </module>
+</application>
diff --git a/appserver/tests/appserv-tests/devtests/security/plogin/standalone/descriptor/ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/plogin/standalone/descriptor/ejb-jar.xml
new file mode 100644
index 0000000..9d6f9a1
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/plogin/standalone/descriptor/ejb-jar.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<ejb-jar version="2.1" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd">
+ <display-name>MyEntApp1-EJBModule</display-name>
+ <enterprise-beans>
+ <session>
+ <display-name>MySession1SB</display-name>
+ <ejb-name>MySession1Bean</ejb-name>
+ <home>MySession1RemoteHome</home>
+ <remote>MySession1Remote</remote>
+ <ejb-class>MySession1Bean</ejb-class>
+ <session-type>Stateless</session-type>
+ <transaction-type>Container</transaction-type>
+ </session>
+ </enterprise-beans>
+ <assembly-descriptor>
+
+
+ <security-role>
+ <role-name>staff</role-name>
+ </security-role>
+ <security-role>
+ <role-name>staff2</role-name>
+ </security-role>
+ <security-role>
+ <role-name>staff3</role-name>
+ </security-role>
+
+ <method-permission>
+ <description>method authorized to only staff role</description>
+ <role-name>staff</role-name>
+ <method>
+ <ejb-name>MySession1Bean</ejb-name>
+ <method-name>businessMethod</method-name>
+ </method>
+ </method-permission>
+
+
+ <method-permission>
+ <description>method authorized to only staff2 role</description>
+ <role-name>staff2</role-name>
+ <method>
+ <ejb-name>MySession1Bean</ejb-name>
+ <method-name>businessMethod2</method-name>
+ </method>
+ </method-permission>
+
+ <method-permission>
+ <description>method authorized to only staff3 role</description>
+ <role-name>staff3</role-name>
+ <method>
+ <ejb-name>MySession1Bean</ejb-name>
+ <method-name>businessMethod3</method-name>
+ </method>
+ </method-permission>
+
+ <container-transaction>
+ <method>
+ <ejb-name>MySession1Bean</ejb-name>
+ <method-name>*</method-name>
+ </method>
+ <trans-attribute>Required</trans-attribute>
+ </container-transaction>
+ </assembly-descriptor>
+ </ejb-jar>
diff --git a/appserver/tests/appserv-tests/devtests/security/plogin/standalone/descriptor/sun-application.xml b/appserver/tests/appserv-tests/devtests/security/plogin/standalone/descriptor/sun-application.xml
new file mode 100644
index 0000000..3c7306b
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/plogin/standalone/descriptor/sun-application.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 8.0 J2EE Application 1.4//EN" "http://www.sun.com/software/appserver/dtds/sun-application_1_4-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application>
+
+ <security-role-mapping>
+ <role-name>staff</role-name>
+ <principal-name>chief</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>staff2</role-name>
+ <principal-name>chief</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>staff3</role-name>
+ <principal-name>chief</principal-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>staff</role-name>
+ <principal-name>testy</principal-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>staff2</role-name>
+ <principal-name>testy2</principal-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>staff3</role-name>
+ <principal-name>testy3</principal-name>
+ </security-role-mapping>
+
+ <realm>file2</realm>
+
+</sun-application>
diff --git a/appserver/tests/appserv-tests/devtests/security/plogin/standalone/descriptor/sun-ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/plogin/standalone/descriptor/sun-ejb-jar.xml
new file mode 100644
index 0000000..2eff2df
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/plogin/standalone/descriptor/sun-ejb-jar.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 8.1 EJB 2.1//EN" "http://www.sun.com/software/appserver/dtds/sun-ejb-jar_2_1-1.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-ejb-jar>
+
+ <security-role-mapping>
+ <role-name>staff</role-name>
+ <principal-name>chief</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>staff2</role-name>
+ <principal-name>chief</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>staff3</role-name>
+ <principal-name>chief</principal-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>staff</role-name>
+ <principal-name>testy</principal-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>staff2</role-name>
+ <principal-name>testy2</principal-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>staff3</role-name>
+ <principal-name>testy3</principal-name>
+ </security-role-mapping>
+
+
+ <enterprise-beans>
+ <ejb>
+ <ejb-name>MySession1Bean</ejb-name>
+ <jndi-name>ejb/MySession1Bean</jndi-name>
+ <ior-security-config>
+ <transport-config>
+ <integrity>supported</integrity>
+ <confidentiality>supported</confidentiality>
+ <establish-trust-in-target>supported</establish-trust-in-target>
+ <establish-trust-in-client>supported</establish-trust-in-client>
+ </transport-config>
+ <as-context>
+ <auth-method>username_password</auth-method>
+ <realm>file2</realm>
+ <required>true</required>
+ </as-context>
+ <sas-context>
+ <caller-propagation>supported</caller-propagation>
+ </sas-context>
+ </ior-security-config>
+ </ejb>
+ </enterprise-beans>
+</sun-ejb-jar>
diff --git a/appserver/tests/appserv-tests/devtests/security/plogin/standalone/ejb/MySession1Bean.java b/appserver/tests/appserv-tests/devtests/security/plogin/standalone/ejb/MySession1Bean.java
new file mode 100644
index 0000000..b614211
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/plogin/standalone/ejb/MySession1Bean.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+import javax.ejb.*;
+
+/**
+ * This is the bean class for the MySession1Bean enterprise bean.
+ */
+public class MySession1Bean implements SessionBean, MySession1RemoteBusiness {
+ private SessionContext context;
+
+ /**
+ * @see javax.ejb.SessionBean#setSessionContext(javax.ejb.SessionContext)
+ */
+ public void setSessionContext(SessionContext aContext) {
+ context = aContext;
+ }
+
+ /**
+ * @see javax.ejb.SessionBean#ejbActivate()
+ */
+ public void ejbActivate() {
+
+ }
+
+ /**
+ * @see javax.ejb.SessionBean#ejbPassivate()
+ */
+ public void ejbPassivate() {
+
+ }
+
+ /**
+ * @see javax.ejb.SessionBean#ejbRemove()
+ */
+ public void ejbRemove() {
+
+ }
+ // </editor-fold>
+
+ /**
+ * See section 7.10.3 of the EJB 2.0 specification
+ * See section 7.11.3 of the EJB 2.1 specification
+ */
+ public void ejbCreate() {
+ // TODO implement ejbCreate if necessary, acquire resources
+ // This method has access to the JNDI context so resource aquisition
+ // spanning all methods can be performed here such as home interfaces
+ // and data sources.
+ }
+
+
+
+ public String businessMethod(String name) {
+ return "hello " + name;
+ }
+
+ public String businessMethod2(String name) {
+ return "hey " + name;
+ }
+
+ public String businessMethod3(String name) {
+ return "howdy "+name;
+ }
+
+
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/plogin/standalone/ejb/MySession1Remote.java b/appserver/tests/appserv-tests/devtests/security/plogin/standalone/ejb/MySession1Remote.java
new file mode 100644
index 0000000..57f82ec
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/plogin/standalone/ejb/MySession1Remote.java
@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+import javax.ejb.EJBObject;
+
+
+/**
+ * This is the remote interface for MySession1 enterprise bean.
+ */
+public interface MySession1Remote extends EJBObject, MySession1RemoteBusiness {
+
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/plogin/standalone/ejb/MySession1RemoteBusiness.java b/appserver/tests/appserv-tests/devtests/security/plogin/standalone/ejb/MySession1RemoteBusiness.java
new file mode 100644
index 0000000..bdc4e71
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/plogin/standalone/ejb/MySession1RemoteBusiness.java
@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+/**
+ * This is the business interface for MySession1 enterprise bean.
+ */
+public interface MySession1RemoteBusiness {
+ String businessMethod(String name) throws java.rmi.RemoteException;
+
+ String businessMethod2(String name) throws java.rmi.RemoteException;
+
+ String businessMethod3(String name) throws java.rmi.RemoteException;
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/plogin/standalone/ejb/MySession1RemoteHome.java b/appserver/tests/appserv-tests/devtests/security/plogin/standalone/ejb/MySession1RemoteHome.java
new file mode 100644
index 0000000..daada77
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/plogin/standalone/ejb/MySession1RemoteHome.java
@@ -0,0 +1,30 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+import java.rmi.RemoteException;
+import javax.ejb.CreateException;
+import javax.ejb.EJBHome;
+
+
+/**
+ * This is the home interface for MySession1 enterprise bean.
+ */
+public interface MySession1RemoteHome extends EJBHome {
+
+ MySession1Remote create() throws CreateException, RemoteException;
+
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/realmPerApp/build.properties b/appserver/tests/appserv-tests/devtests/security/realmPerApp/build.properties
new file mode 100644
index 0000000..a1835d4
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/realmPerApp/build.properties
@@ -0,0 +1,29 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security"/>
+<property name="app.type" value="application"/>
+<!--======= -->
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="sun-application.xml" value="descriptor/sun-application.xml"/>
+<property name="ejb-jar.xml" value="descriptor/ejb-jar.xml"/>
+<property name="sun-ejb-jar.xml" value="descriptor/sun-ejb-jar.xml"/>
+<property name="application-client.xml" value="descriptor/application-client.xml"/>
+<property name="sun-application-client.xml" value="descriptor/sun-application-client.xml"/>
+<property name="appname" value="rpaLoginBean"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/realmPerApp/build.xml b/appserver/tests/appserv-tests/devtests/security/realmPerApp/build.xml
new file mode 100644
index 0000000..66d615a
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/realmPerApp/build.xml
@@ -0,0 +1,121 @@
+<?xml version="1.0"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "file:./../../../config/run.xml">
+<!ENTITY testProperties SYSTEM "./build.properties">
+<!ENTITY commonSecurity SYSTEM "file:./../common.xml">
+]>
+
+
+<project name="realmperapp" basedir="." default="usage">
+
+ &commonSetup;
+ &commonBuild;
+ &commonRun;
+ &testProperties;
+ &commonSecurity;
+
+ <target name="all" depends="build, setup, deploy,run, undeploy, unsetup"/>
+
+ <target name="setup" depends="init-common">
+ <!-- create auth realms -->
+ <antcall target="create-auth-filerealm">
+ <param name="file.realm.name" value="file2"/>
+ <param name="keyfile.path" value="${admin.domain.dir}/${admin.domain}/config/keyfile2"/>
+ </antcall>
+ <!-- <antcall target="reconfig-common"/>-->
+
+ <antcall target="create-user-common">
+ <param name="user" value="harpreet"/>
+ <param name="password" value="harpreet"/>
+ <param name="groups" value="employee"/>
+ <param name="authrealmname" value="file2"/>
+ </antcall>
+ </target>
+
+ <target name="unsetup" depends="init-common">
+ <antcall target="delete-user-common">
+ <param name="user" value="harpreet"/>
+ <param name="authrealmname" value="file2"/>
+ </antcall>
+
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-auth-realm" />
+ <param name="operand.props" value="file2"/>
+ </antcall>
+
+ <!-- <antcall target="reconfig-common"/>-->
+ </target>
+
+ <target name="clean" depends="init-common">
+ <delete dir="${build.classes.dir}"/>
+ <delete dir="${assemble.dir}"/>
+ </target>
+
+ <target name="compile" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="shopping"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="client"/>
+ </antcall>
+ </target>
+
+ <target name="build" depends="compile">
+<!-- <property name="ejbjar.classes" value="**/*Home*.class,**/*Bean*.class,**/*Data*.class,*.dbschema"/>
+-->
+ <antcall target="build-ear-common"/>
+ </target>
+
+ <target name="deploy" depends="init-common">
+ <antcall target="deploy-common"/>
+ </target>
+
+ <target name="run" depends="init-common">
+ <antcall target="runpwd"/>
+ <antcall target="runpwdfile"/>
+ </target>
+
+ <target name="runpwd" depends="init-common">
+ <exec executable="${APPCLIENT}">
+ <arg line="-client" />
+ <arg line="${assemble.dir}/${appname}AppClient.jar"/>
+ <arg line="-textauth" />
+ <arg line="-user harpreet" />
+ <arg line="-password harpreet" />
+ </exec>
+ </target>
+
+ <target name="runpwdfile" depends="init-common">
+ <exec executable="${APPCLIENT}">
+ <arg line="-client" />
+ <arg line="${assemble.dir}/${appname}AppClient.jar"/>
+ <arg line="-textauth" />
+ <arg line="-user harpreet" />
+ <arg line="-passwordfile pwdfile" />
+ </exec>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-common"/>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/realmPerApp/client/MANIFEST.MF b/appserver/tests/appserv-tests/devtests/security/realmPerApp/client/MANIFEST.MF
new file mode 100644
index 0000000..d6c7e78
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/realmPerApp/client/MANIFEST.MF
@@ -0,0 +1,4 @@
+Manifest-Version: 1.0
+Created-By: Apache Ant 1.5
+Main-Class: shopping.RpaClient
+
diff --git a/appserver/tests/appserv-tests/devtests/security/realmPerApp/client/RpaClient.java b/appserver/tests/appserv-tests/devtests/security/realmPerApp/client/RpaClient.java
new file mode 100644
index 0000000..ce7a95d
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/realmPerApp/client/RpaClient.java
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 2002, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package shopping;
+
+import java.io.*;
+import java.util.*;
+import javax.ejb.EJBHome;
+import javax.naming.*;
+import javax.rmi.PortableRemoteObject;
+import org.omg.CORBA.ORB;
+import com.sun.enterprise.security.LoginContext;
+//import com.sun.enterprise.security.auth.login.common.LoginException;
+import java.rmi.RemoteException;
+import java.security.*;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+public class RpaClient {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+
+ public static void main (String[] args) {
+
+ RpaClient client = new RpaClient(args);
+ client.doTest();
+ }
+
+ public RpaClient(String[] args) {
+ //super(args);
+ }
+
+ public String doTest() {
+
+ RpaRemote hr=null;
+ String res=null;
+ Context ic = null;
+ LoginContext lc=null;
+ RpaHome home=null;
+ String testId = "Sec::Realm per app";
+ try{
+ stat.addDescription("Security::Realm per app");
+ ic = new InitialContext();
+ // create EJB using factory from container
+ java.lang.Object objref = ic.lookup("rpaLoginBean");
+
+ System.err.println("Looked up home!!");
+
+ home = (RpaHome)PortableRemoteObject.narrow(
+ objref, RpaHome.class);
+ System.err.println("Narrowed home!!");
+
+ hr = home.create("LizHurley");
+ System.out.println("Got the EJB!!");
+
+ // invoke 3 overloaded methods on the EJB
+ System.out.println ("Calling authorized method - addItem");
+ hr.addItem("lipstick", 30);
+ hr.addItem("mascara", 40);
+ hr.addItem("lipstick2", 50);
+ hr.addItem("sandals", 200);
+ System.out.println(hr.getTotalCost());
+ hr.deleteItem("lipstick2");
+ java.lang.String[] shoppingList = hr.getItems();
+ System.out.println("Shopping list for LizHurley");
+ for (int i=0; i<shoppingList.length; i++){
+ System.out.println(shoppingList[i]);
+ }
+ System.out.println("Total Cost for Ms Hurley = "+
+ hr.getTotalCost());
+ stat.addStatus(testId, stat.PASS);
+ System.out.println("RealmPerApp:RpaLoginBean Test Passed");
+ } catch(Exception re){
+ re.printStackTrace();
+ stat.addStatus(testId, stat.FAIL);
+ System.out.println("RealmPerApp:RpaLoginBean Test Failed");
+ System.exit(-1);
+ } finally {
+ stat.printSummary();
+ }
+ return res;
+
+ }
+}
+
diff --git a/appserver/tests/appserv-tests/devtests/security/realmPerApp/descriptor/application-client.xml b/appserver/tests/appserv-tests/devtests/security/realmPerApp/descriptor/application-client.xml
new file mode 100644
index 0000000..2165e5a
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/realmPerApp/descriptor/application-client.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE application-client PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application Client 1.3//EN" "http://java.sun.com/dtd/application-client_1_3.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application-client>
+ <display-name>rpaLoginBean-client</display-name>
+ <description>Stateful Login Bean checking j2eelogin.name and j2eelogin.password properties</description>
+ <ejb-ref>
+ <ejb-ref-name>ejb/rpaLoginBean</ejb-ref-name>
+ <ejb-ref-type>Session</ejb-ref-type>
+ <home>shopping.RpaHome</home>
+ <remote>shopping.RpaRemote</remote>
+ </ejb-ref>
+</application-client>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/realmPerApp/descriptor/application.xml b/appserver/tests/appserv-tests/devtests/security/realmPerApp/descriptor/application.xml
new file mode 100644
index 0000000..a736f97
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/realmPerApp/descriptor/application.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE application PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application 1.3//EN" "http://java.sun.com/dtd/application_1_3.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application>
+ <display-name>rpaLoginBean</display-name>
+ <module>
+ <ejb>rpaLoginBean-ejb.jar</ejb>
+ </module>
+ <module>
+ <java>rpaLoginBean-client.jar</java>
+ </module>
+</application>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/realmPerApp/descriptor/ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/realmPerApp/descriptor/ejb-jar.xml
new file mode 100644
index 0000000..1461e61
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/realmPerApp/descriptor/ejb-jar.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 2.0//EN" "http://java.sun.com/dtd/ejb-jar_2_0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<ejb-jar>
+ <display-name>Ejb1</display-name>
+ <enterprise-beans>
+ <session>
+ <display-name>rpaLoginBean</display-name>
+ <ejb-name>rpaLoginBean</ejb-name>
+ <home>shopping.RpaHome</home>
+ <remote>shopping.RpaRemote</remote>
+ <ejb-class>shopping.RpaBean</ejb-class>
+ <session-type>Stateful</session-type>
+ <transaction-type>Container</transaction-type>
+ <security-role-ref>
+ <role-name>EMP</role-name>
+ <role-link>Employee</role-link>
+ </security-role-ref>
+ <security-role-ref>
+ <role-name>STAFF</role-name>
+ <role-link>Employee</role-link>
+ </security-role-ref>
+ <security-identity>
+ <use-caller-identity/>
+ </security-identity>
+ </session>
+ </enterprise-beans>
+ <assembly-descriptor>
+ <security-role>
+ <role-name>Employee</role-name>
+ </security-role>
+ </assembly-descriptor>
+</ejb-jar>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/realmPerApp/descriptor/sun-application-client.xml b/appserver/tests/appserv-tests/devtests/security/realmPerApp/descriptor/sun-application-client.xml
new file mode 100644
index 0000000..d22ee2b
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/realmPerApp/descriptor/sun-application-client.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application-client PUBLIC "-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 Application Client 1.3//EN" "http://www.sun.com/software/sunone/appserver/dtds/sun-application-client_1_3-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application-client>
+<ejb-ref>
+<ejb-ref-name>ejb/rpaLoginBean</ejb-ref-name>
+<jndi-name>rpaLoginBean</jndi-name>
+</ejb-ref>
+</sun-application-client>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/realmPerApp/descriptor/sun-application.xml b/appserver/tests/appserv-tests/devtests/security/realmPerApp/descriptor/sun-application.xml
new file mode 100644
index 0000000..d2b230f
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/realmPerApp/descriptor/sun-application.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application PUBLIC "-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 J2EE Application 1.4//EN" "http://www.sun.com/software/sunone/appserver/dtds/sun-application_1_4-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application>
+ <unique-id>0</unique-id>
+ <security-role-mapping>
+ <role-name>Administrator</role-name>
+ <principal-name>harry</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>Employee</role-name>
+ <principal-name>harpreet</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>Manager</role-name>
+ <principal-name>harpreet</principal-name>
+ </security-role-mapping>
+ <realm>file2</realm>
+</sun-application>
diff --git a/appserver/tests/appserv-tests/devtests/security/realmPerApp/descriptor/sun-ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/realmPerApp/descriptor/sun-ejb-jar.xml
new file mode 100644
index 0000000..21e6b48
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/realmPerApp/descriptor/sun-ejb-jar.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 EJB 2.0//EN" "http://www.sun.com/software/sunone/appserver/dtds/sun-ejb-jar_2_0-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-ejb-jar>
+<enterprise-beans>
+<unique-id>0</unique-id>
+<ejb>
+<ejb-name>rpaLoginBean</ejb-name>
+<jndi-name>rpaLoginBean</jndi-name>
+<ior-security-config>
+<transport-config>
+<integrity>supported</integrity>
+<confidentiality>supported</confidentiality>
+<establish-trust-in-target>supported</establish-trust-in-target>
+<establish-trust-in-client>supported</establish-trust-in-client>
+</transport-config>
+<as-context>
+<auth-method>username_password</auth-method>
+<realm>file2</realm>
+<required>true</required>
+</as-context>
+<sas-context>
+<caller-propagation>supported</caller-propagation>
+</sas-context>
+</ior-security-config>
+<gen-classes/>
+</ejb>
+</enterprise-beans>
+</sun-ejb-jar>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/realmPerApp/pwdfile b/appserver/tests/appserv-tests/devtests/security/realmPerApp/pwdfile
new file mode 100644
index 0000000..9746ce8
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/realmPerApp/pwdfile
@@ -0,0 +1 @@
+PASSWORD=harpreet
diff --git a/appserver/tests/appserv-tests/devtests/security/realmPerApp/shopping/RpaBean.java b/appserver/tests/appserv-tests/devtests/security/realmPerApp/shopping/RpaBean.java
new file mode 100644
index 0000000..fc2064f
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/realmPerApp/shopping/RpaBean.java
@@ -0,0 +1,131 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+/*
+ * ShoppingEJB.java
+ *
+ * Created on May 15, 2003, 5:16 PM
+ */
+
+package shopping;
+
+import javax.ejb.SessionContext;
+import javax.ejb.SessionBean;
+import java.util.Vector;
+import java.lang.String;
+import java.util.Iterator;
+import javax.ejb.EJBException;
+import java.rmi.RemoteException;
+/**
+ *
+ * @author Harpreet
+ * @version
+ */
+
+public class RpaBean implements SessionBean {
+
+ private String shopper = "anonymous";
+ private String principal = "harpreet";
+ private int totalPrice = 0;
+
+ private int totalItems = 0;
+
+ private Vector items;
+
+ private Vector itemPrice;
+
+ private SessionContext sc = null;
+
+ /** Creates a new instance of ShoppingEJB */
+ public void ejbCreate(String shopperName) {
+ shopper = shopperName;
+ items = new Vector();
+ itemPrice = new Vector();
+ }
+
+ public void addItem(java.lang.String item, int price) throws EJBException,
+ RemoteException{
+ checkCallerPrincipal();
+ items.add(item);
+ itemPrice.add(new Integer(price));
+ totalItems++;
+ totalPrice += price;
+ System.out.println(" Shopping Cart: Shopper "+ shopper +" has bought "
+ + item +" for price ="+ price +" .Total Items = "+totalItems +
+ " .TotalPrice = " + totalPrice);
+ }
+
+ public void deleteItem(java.lang.String item) throws EJBException,
+ RemoteException{
+ checkCallerPrincipal();
+ int index = items.indexOf(item);
+ items.remove(item);
+ Integer price = (Integer) itemPrice.get(index);
+ System.out.println("Shopping Cart: Removing item "+ item +" @price "+
+ price.intValue());
+ totalPrice -= price.shortValue();
+ itemPrice.remove(index);
+ System.out.println(" Shopping Cart: Shopper "+ shopper +" .Total Items = "+totalItems +
+ " .TotalPrice = " + totalPrice);
+ }
+
+ public double getTotalCost() throws EJBException{
+ checkCallerPrincipal();
+ return totalPrice;
+ }
+
+ public String[] getItems() throws EJBException{
+ checkCallerPrincipal();
+
+ Iterator it = items.iterator();
+ int sz = items.size();
+ String[] itemNames = new String[sz];
+ for(int i=0; it.hasNext();){
+ itemNames[i++] = new String( (String)it.next());
+ }
+ return itemNames;
+ }
+
+ public void ejbActivate() {
+ System.out.println("In Rpa ejbActivate");
+ }
+
+
+ public void ejbPassivate() {
+ System.out.println("In Rpa ejbPassivate");
+ }
+
+
+ public void ejbRemove() {
+ System.out.println("In Rpa ejbRemove");
+ }
+
+
+ public void setSessionContext(javax.ejb.SessionContext sessionContext) {
+ sc = sessionContext;
+ }
+
+ private void checkCallerPrincipal() throws EJBException {
+ System.out.println("Caller Princial = " + sc.getCallerPrincipal() +
+ " comparing against " + principal);
+
+ if (!sc.getCallerPrincipal().getName().equals(principal)) {
+ throw new EJBException("Wrong Principal. Principal should be = "
+ + principal);
+ }
+
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/realmPerApp/shopping/RpaHome.java b/appserver/tests/appserv-tests/devtests/security/realmPerApp/shopping/RpaHome.java
new file mode 100644
index 0000000..e52095e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/realmPerApp/shopping/RpaHome.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+/*
+ * RpaHome.java
+ *
+ * Created on May 15, 2003, 5:21 PM
+ */
+
+package shopping;
+import javax.ejb.EJBHome;
+import shopping.RpaRemote;
+/**
+ *
+ * @author Harpreet Singh
+ */
+public interface RpaHome extends EJBHome{
+
+ public RpaRemote create(java.lang.String shopperName)
+ throws java.rmi.RemoteException, javax.ejb.CreateException;
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/realmPerApp/shopping/RpaRemote.java b/appserver/tests/appserv-tests/devtests/security/realmPerApp/shopping/RpaRemote.java
new file mode 100644
index 0000000..d5b1bb9
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/realmPerApp/shopping/RpaRemote.java
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+/*
+ * Rpa.java
+ *
+ * Created on May 15, 2003, 5:09 PM
+ */
+
+package shopping;
+import javax.ejb.EJBObject;
+/**
+ * Shopping Cart Stateful Session Bean. Just tests -Dj2eelogin.name
+ * -Dj2eelogin.password system properties.
+ * @author hsingh
+ */
+public interface RpaRemote extends EJBObject {
+
+ public void addItem(java.lang.String item, int price) throws java.rmi.RemoteException;
+
+ public void deleteItem(java.lang.String item) throws java.rmi.RemoteException;
+
+ public double getTotalCost() throws java.rmi.RemoteException;
+
+ public java.lang.String[] getItems() throws java.rmi.RemoteException;
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/report.xml b/appserver/tests/appserv-tests/devtests/security/report.xml
new file mode 100644
index 0000000..65a32ae
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/report.xml
@@ -0,0 +1,40 @@
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<property name="stylesheet" value="${env.APS_HOME}/config/j2eeReporter.xsl" />
+<property name="xmlfile" value="${env.APS_HOME}/test_resultsValid.xml" />
+<property name="htmlfile" value="${env.APS_HOME}/test_results.html" />
+
+<target name="report">
+<echo message="Comparing results with expected results"/>
+
+
+ <xslt style="${stylesheet}"
+ in="${xmlfile}" out="${htmlfile}"
+ basedir="." destdir="." />
+ <antcall target="report-sh"/>
+ <!--
+ <ant dir="${env.APS_HOME}/util/filediff" target="modifyReport"/>
+ -->
+</target>
+
+<target name="report-sh">
+ <exec executable="sh">
+ <arg value="./resultCount.sh"/>
+ </exec>
+</target>
diff --git a/appserver/tests/appserv-tests/devtests/security/resultCount.sh b/appserver/tests/appserv-tests/devtests/security/resultCount.sh
new file mode 100755
index 0000000..fad2d3c
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/resultCount.sh
@@ -0,0 +1,58 @@
+#!/bin/sh
+#
+# Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Eclipse Public License v. 2.0, which is available at
+# http://www.eclipse.org/legal/epl-2.0.
+#
+# This Source Code may also be made available under the following Secondary
+# Licenses when the conditions for such availability set forth in the
+# Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+# version 2 with the GNU Classpath Exception, which is available at
+# https://www.gnu.org/software/classpath/license.html.
+#
+# SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+#
+
+
+
+FILES="$APS_HOME/test_resultsValid.xml $APS_HOME/security-gtest-results.xml"
+
+TOTAL=799
+PASSED=0
+FAILED=0
+for i in $FILES
+do
+ echo "input file=$i"
+ P=`grep "\"pass\"" $i | wc -l`
+ F=`grep "\"fail\"" $i | wc -l`
+ PASSED=`expr $PASSED + $P`
+ FAILED=`expr $FAILED + $F`
+done
+TOTAL_RUN=`expr $PASSED + $FAILED `
+DNR=`expr $TOTAL - $TOTAL_RUN `
+
+echo ""
+echo "************************"
+echo "PASSED= $PASSED"
+echo "------------ ========="
+echo "FAILED= $FAILED"
+echo "------------ ========="
+echo "DID NOT RUN= $DNR"
+echo "------------ ========="
+echo "Total Expected=$TOTAL"
+echo "************************"
+echo ""
+
+echo "************************">$APS_HOME/devtests/security/count.txt;
+date>>$APS_HOME/devtests/security/count.txt;
+echo "-----------------------">>$APS_HOME/devtests/security/count.txt;
+echo "PASSED= $PASSED">>$APS_HOME/devtests/security/count.txt;
+echo "------------ =========">>$APS_HOME/devtests/security/count.txt;
+echo "FAILED= $FAILED">>$APS_HOME/devtests/security/count.txt;
+echo "------------ =========">>$APS_HOME/devtests/security/count.txt;
+echo "DID NOT RUN= $DNR">>$APS_HOME/devtests/security/count.txt;
+echo "------------ =========">>$APS_HOME/devtests/security/count.txt;
+echo "Total Expected=$TOTAL">>$APS_HOME/devtests/security/count.txt;
+echo "************************">>$APS_HOME/devtests/security/count.txt;
diff --git a/appserver/tests/appserv-tests/devtests/security/run_test.sh b/appserver/tests/appserv-tests/devtests/security/run_test.sh
new file mode 100755
index 0000000..3fbb1f0
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/run_test.sh
@@ -0,0 +1,94 @@
+#!/bin/bash
+#
+# Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Eclipse Public License v. 2.0, which is available at
+# http://www.eclipse.org/legal/epl-2.0.
+#
+# This Source Code may also be made available under the following Secondary
+# Licenses when the conditions for such availability set forth in the
+# Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+# version 2 with the GNU Classpath Exception, which is available at
+# https://www.gnu.org/software/classpath/license.html.
+#
+# SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+#
+
+test_run(){
+
+ $S1AS_HOME/bin/asadmin start-database
+ $S1AS_HOME/bin/asadmin start-domain
+ pushd $APS_HOME/devtests/security
+ rm count.txt || true
+ PROXY_HOST=`echo ${http_proxy} | cut -d':' -f2 | ${SED} 's/\/\///g'`
+ PROXY_PORT=`echo ${http_proxy} | cut -d':' -f3 | ${SED} 's/\///g'`
+ ANT_OPTS="${ANT_OPTS} \
+ -Dhttp.proxyHost=${PROXY_HOST} \
+ -Dhttp.proxyPort=${PROXY_PORT} \
+ -Dhttp.noProxyHosts='127.0.0.1|localhost|*.oracle.com' \
+ -Dhttps.proxyHost=${PROXY_HOST} \
+ -Dhttps.proxyPort=${PROXY_PORT} \
+ -Dhttps.noProxyHosts='127.0.0.1|localhost|*.oracle.com'"
+ export ANT_OPTS
+ echo "ANT_OPTS=${ANT_OPTS}"
+ ant $TARGET |tee $TEST_RUN_LOG
+ unset ANT_OPTS
+
+ $S1AS_HOME/bin/asadmin stop-domain
+ $S1AS_HOME/bin/asadmin stop-database
+
+ egrep 'FAILED= *0' count.txt
+ egrep 'DID NOT RUN= *0' count.txt
+ popd
+}
+get_test_target(){
+ case $1 in
+ security_all )
+ TARGET=all
+ export TARGET;;
+ esac
+
+}
+
+merge_result_files(){
+ cat $APS_HOME/test_resultsValid.xml $APS_HOME/security-gtest-results.xml > $APS_HOME/temp.xml
+ mv $APS_HOME/temp.xml $APS_HOME/test_resultsValid.xml
+}
+
+run_test_id(){
+ source `dirname $0`/../../../common_test.sh
+ kill_process
+ delete_gf
+ download_test_resources glassfish.zip tests-maven-repo.zip version-info.txt
+ unzip_test_resources $WORKSPACE/bundles/glassfish.zip "$WORKSPACE/bundles/tests-maven-repo.zip -d $WORKSPACE/repository"
+ cd `dirname $0`
+ test_init
+ get_test_target $1
+ test_run
+ merge_result_files
+ check_successful_run
+ generate_junit_report $1
+ change_junit_report_class_names
+}
+post_test_run(){
+ copy_test_artifects
+ upload_test_results
+ delete_bundle
+ cd -
+}
+
+list_test_ids(){
+ echo security_all
+}
+
+OPT=$1
+TEST_ID=$2
+
+case $OPT in
+ list_test_ids )
+ list_test_ids;;
+ run_test_id )
+ trap post_test_run EXIT
+ run_test_id $TEST_ID ;;
+esac
diff --git a/appserver/tests/appserv-tests/devtests/security/sameEjbName/build.properties b/appserver/tests/appserv-tests/devtests/security/sameEjbName/build.properties
new file mode 100644
index 0000000..9ccfc32
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/sameEjbName/build.properties
@@ -0,0 +1,36 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security-sameEjbName"/>
+<property name="appname" value="${module}"/>
+<property name="assemble" value="${build.classes.dir}/archive"/>
+<property name="test.client"
+ value="com.sun.s1asdev.security.sameEjbName.client.Client"/>
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="sun-application.xml" value="descriptor/sun-application.xml"/>
+<property name="ejb-jar.xml" value="descriptor/ejb-jar.xml"/>
+<property name="sun-ejb-jar.xml" value="descriptor/sun-ejb-jar.xml"/>
+<property name="sun-ejb-jar2.xml" value="descriptor/sun-ejb-jar2.xml"/>
+<property name="application-client.xml"
+ value="descriptor/application-client.xml"/>
+<property name="sun-application-client.xml"
+ value="descriptor/sun-application-client.xml"/>
+<property name="appclientjar.files" value="${build.classes.dir}"/>
+<property name="appclient.jar" value="${assemble.dir}/${appname}-client.jar"/>
+<property name="app.type" value="application"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/sameEjbName/build.xml b/appserver/tests/appserv-tests/devtests/security/sameEjbName/build.xml
new file mode 100644
index 0000000..da64673
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/sameEjbName/build.xml
@@ -0,0 +1,127 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../config/common.xml">
+<!ENTITY commonSecurity SYSTEM "file:../common.xml">
+<!ENTITY testproperties SYSTEM "file:./build.properties">
+]>
+
+<project name="security-sameEjbName" default="usage" basedir=".">
+
+ &commonSetup;
+ &commonBuild;
+ &testproperties;
+ &commonSecurity;
+
+ <target name="all" depends="clean, setup, build, deploy, run, undeploy, unsetup"/>
+
+ <target name="clean" depends="init-common">
+ <antcall target="clean-common"/>
+ </target>
+
+ <target name="setup" depends="init-common">
+ <antcall target="create-user-common">
+ <param name="user" value="javaee"/>
+ <param name="password" value="javaee"/>
+ <param name="groups" value="javaee"/>
+ </antcall>
+ </target>
+
+ <target name="unsetup" depends="init-common">
+ <antcall target="delete-user-common">
+ <param name="user" value="javaee"/>
+ </antcall>
+ </target>
+
+ <target name="compile" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="ejb"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="ejb2"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="client"/>
+ </antcall>
+ </target>
+
+ <target name="build" depends="compile">
+ <mkdir dir="${assemble.dir}"/>
+ <mkdir dir="${build.classes.dir}/META-INF"/>
+
+ <antcall target="package-ejbjar-common">
+ <param name="ejbjar.files" value="${build.classes.dir}"/>
+ <param name="ejb.jar" value="${assemble.dir}/${appname}-ejb.jar"/>
+ <param name="ejbjar.classes" value="com/sun/**/ejb/*.class"/>
+ <param name="sun-ejb-jar.xml" value="${sun-ejb-jar.xml}"/>
+ </antcall>
+ <antcall target="package-ejbjar-common">
+ <param name="ejbjar.files" value="${build.classes.dir}"/>
+ <param name="ejb.jar" value="${assemble.dir}/${appname}-ejb2.jar"/>
+ <param name="ejbjar.classes" value="com/sun/**/ejb2/*.class"/>
+ <param name="sun-ejb-jar.xml" value="${sun-ejb-jar2.xml}"/>
+ </antcall>
+
+ <antcall target="package-appclientjar-common">
+ <param name="appclientjar.files" value="${build.classes.dir}"/>
+ <param name="appclient.jar"
+ value="${assemble.dir}/${appname}-client.jar"/>
+ <param name="appclientjar.classes"
+ value="com/sun/**/client/*.class,com/sun/**/ejb/Hello.class,com/sun/**/ejb2/Hello.class"/>
+ </antcall>
+
+ <copy file="${sun-application.xml}" tofile="${build.classes.dir}/META-INF/sun-application.xml" failonerror="false"/>
+ <jar jarfile="${assemble.dir}/${appname}App.ear">
+ <fileset dir="${assemble.dir}">
+ <include name="*.jar"/>
+ <include name="*.war"/>
+ </fileset>
+ <fileset dir="${build.classes.dir}">
+ <include name="META-INF/sun-application.xml"/>
+ </fileset>
+ <fileset dir="${env.APS_HOME}" includes="lib/reporter.jar"/>
+ </jar>
+ </target>
+
+ <target name="deploy" depends="init-common">
+ <antcall target="deploy-common"/>
+ </target>
+
+ <target name="run" depends="init-common">
+ <exec executable="${APPCLIENT}">
+ <arg line="-client" />
+ <arg line="${assemble.dir}/${appname}AppClient.jar"/>
+ <arg line="-texauth"/>
+ <arg line="-user" />
+ <arg line="javaee" />
+ <arg line="-password" />
+ <arg line="javaee" />
+ </exec>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-common"/>
+ </target>
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/sameEjbName/client/Client.java b/appserver/tests/appserv-tests/devtests/security/sameEjbName/client/Client.java
new file mode 100644
index 0000000..51ae847
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/sameEjbName/client/Client.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 2005, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.sameEjbName.client;
+
+import javax.ejb.EJB;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+public class Client {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+ private static String testSuite = "Sec::SameEjbName test ";
+ private static @EJB com.sun.s1asdev.security.sameEjbName.ejb.Hello hello1;
+ private static @EJB com.sun.s1asdev.security.sameEjbName.ejb2.Hello hello2;
+
+ public static void main(String[] args) {
+ stat.addDescription("security-sameEjbName");
+ String description = null;
+ try {
+ description = testSuite + " ejb1: rolesAllowed1";
+ hello1.rolesAllowed1("Sun");
+ stat.addStatus(description, stat.PASS);
+
+ try {
+ description = testSuite + " ejb1: rolesAllowed2";
+ hello1.rolesAllowed2("Sun");
+ stat.addStatus(description, stat.FAIL);
+ } catch(Exception e) {
+ System.out.println("Expected failure: " + e);
+ stat.addStatus(description, stat.PASS);
+ }
+
+ try {
+ description = testSuite + " ejb2: rolesAllowed1";
+ hello2.rolesAllowed1("Java");
+ stat.addStatus(description, stat.FAIL);
+ } catch(Exception e) {
+ System.out.println("Expected failure: " + e);
+ stat.addStatus(description, stat.PASS);
+ }
+
+ description = testSuite + " ejb2: rolesAllowed2";
+ hello2.rolesAllowed2("Java");
+ stat.addStatus(description, stat.PASS);
+ } catch(Exception ex) {
+ ex.printStackTrace();
+ stat.addStatus(description, stat.FAIL);
+ }
+
+ stat.printSummary("security-sameEjbName");
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/sameEjbName/client/MANIFEST.MF b/appserver/tests/appserv-tests/devtests/security/sameEjbName/client/MANIFEST.MF
new file mode 100644
index 0000000..9914ab7
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/sameEjbName/client/MANIFEST.MF
@@ -0,0 +1,2 @@
+Manifest-Version: 1.0
+Main-Class: com.sun.s1asdev.security.sameEjbName.client.Client
diff --git a/appserver/tests/appserv-tests/devtests/security/sameEjbName/descriptor/sun-application.xml b/appserver/tests/appserv-tests/devtests/security/sameEjbName/descriptor/sun-application.xml
new file mode 100644
index 0000000..43fbb58
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/sameEjbName/descriptor/sun-application.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application PUBLIC "-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 J2EE Application 1.4//EN" "http://www.sun.com/software/sunone/appserver/dtds/sun-application_1_4-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application>
+ <unique-id>0</unique-id>
+ <security-role-mapping>
+ <role-name>javaee</role-name>
+ <principal-name>javaee</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>ejbuser</role-name>
+ <principal-name>ejbuser</principal-name>
+ </security-role-mapping>
+</sun-application>
diff --git a/appserver/tests/appserv-tests/devtests/security/sameEjbName/ejb/Hello.java b/appserver/tests/appserv-tests/devtests/security/sameEjbName/ejb/Hello.java
new file mode 100644
index 0000000..1ebae36
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/sameEjbName/ejb/Hello.java
@@ -0,0 +1,23 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.sameEjbName.ejb;
+
+public interface Hello {
+ public String rolesAllowed1(String who);
+
+ public String rolesAllowed2(String who);
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/sameEjbName/ejb/HelloEjb.java b/appserver/tests/appserv-tests/devtests/security/sameEjbName/ejb/HelloEjb.java
new file mode 100644
index 0000000..7556d94
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/sameEjbName/ejb/HelloEjb.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.sameEjbName.ejb;
+
+import javax.annotation.security.RolesAllowed;
+import javax.ejb.Remote;
+import javax.ejb.Stateless;
+
+@Stateless
+@Remote({Hello.class})
+public class HelloEjb implements Hello {
+ @RolesAllowed(value={"javaee"})
+ public String rolesAllowed1(String who) {
+ return "Hello rolesAllowed1, " + who;
+ }
+
+ @RolesAllowed(value={"ejbuser"})
+ public String rolesAllowed2(String who) {
+ return "Hello rolesAllowed2, " + who;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/sameEjbName/ejb2/Hello.java b/appserver/tests/appserv-tests/devtests/security/sameEjbName/ejb2/Hello.java
new file mode 100644
index 0000000..20284fe
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/sameEjbName/ejb2/Hello.java
@@ -0,0 +1,23 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.sameEjbName.ejb2;
+
+public interface Hello {
+ public String rolesAllowed1(String who);
+
+ public String rolesAllowed2(String who);
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/sameEjbName/ejb2/HelloEjb.java b/appserver/tests/appserv-tests/devtests/security/sameEjbName/ejb2/HelloEjb.java
new file mode 100644
index 0000000..8468680
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/sameEjbName/ejb2/HelloEjb.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.sameEjbName.ejb2;
+
+import javax.annotation.security.RolesAllowed;
+import javax.ejb.Remote;
+import javax.ejb.Stateless;
+
+@Stateless
+@Remote({Hello.class})
+public class HelloEjb implements Hello {
+ @RolesAllowed(value={"ejbuser"})
+ public String rolesAllowed1(String who) {
+ return "Hello2 rolesAllowed1, " + who;
+ }
+
+ @RolesAllowed(value={"javaee"})
+ public String rolesAllowed2(String who) {
+ return "Hello2 rolesAllowed2, " + who;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/sful/README b/appserver/tests/appserv-tests/devtests/security/sful/README
new file mode 100644
index 0000000..74f9b62
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/sful/README
@@ -0,0 +1 @@
+For this test comment out the j2ee, j2ee line in sun-acc.xml
diff --git a/appserver/tests/appserv-tests/devtests/security/sful/build.properties b/appserver/tests/appserv-tests/devtests/security/sful/build.properties
new file mode 100644
index 0000000..d8d1034
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/sful/build.properties
@@ -0,0 +1,29 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security"/>
+<property name="app.type" value="application"/>
+<!--======= -->
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="sun-application.xml" value="descriptor/sun-application.xml"/>
+<property name="ejb-jar.xml" value="descriptor/ejb-jar.xml"/>
+<property name="sun-ejb-jar.xml" value="descriptor/sun-ejb-jar.xml"/>
+<property name="application-client.xml" value="descriptor/application-client.xml"/>
+<property name="sun-application-client.xml" value="descriptor/sun-application-client.xml"/>
+<property name="appname" value="statefulLoginBean"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/sful/build.xml b/appserver/tests/appserv-tests/devtests/security/sful/build.xml
new file mode 100644
index 0000000..299db65
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/sful/build.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "file:./../../../config/run.xml">
+<!ENTITY testProperties SYSTEM "./build.properties">
+<!ENTITY commonSecurity SYSTEM "file:./../common.xml">
+]>
+
+
+<project name="methodperms" basedir="." default="usage">
+
+ &commonSetup;
+ &commonBuild;
+ &commonRun;
+ &testProperties;
+ &commonSecurity;
+
+ <target name="all" depends="build, create-user, deploy, run, undeploy, delete-user"/>
+
+ <target name="clean" depends="init-common">
+ <delete dir="${build.classes.dir}"/>
+ <delete dir="${assemble.dir}"/>
+ </target>
+
+ <target name="compile" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="shopping"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="client"/>
+ </antcall>
+ </target>
+
+ <target name="build" depends="compile">
+<!-- <property name="ejbjar.classes" value="**/*Home*.class,**/*Bean*.class,**/*Data*.class,*.dbschema"/>
+-->
+ <antcall target="build-ear-common"/>
+ </target>
+
+ <target name="deploy" depends="init-common">
+ <antcall target="deploy-common"/>
+ </target>
+
+
+ <target name="run" depends="init-common">
+ <exec executable="${APPCLIENT}">
+ <arg line="-client" />
+ <arg line="${assemble.dir}/${appname}AppClient.jar"/>
+ <arg line="-textauth" />
+ <arg line="-user harpreet" />
+ <arg line="-password harpreet" />
+ </exec>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-common"/>
+ </target>
+
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/sful/client/MANIFEST.MF b/appserver/tests/appserv-tests/devtests/security/sful/client/MANIFEST.MF
new file mode 100644
index 0000000..f1819bf
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/sful/client/MANIFEST.MF
@@ -0,0 +1,4 @@
+Manifest-Version: 1.0
+Created-By: Apache Ant 1.5
+Main-Class: shopping.ShoppingCartClient
+
diff --git a/appserver/tests/appserv-tests/devtests/security/sful/client/ShoppingCartClient.java b/appserver/tests/appserv-tests/devtests/security/sful/client/ShoppingCartClient.java
new file mode 100644
index 0000000..6576ac1
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/sful/client/ShoppingCartClient.java
@@ -0,0 +1,116 @@
+/*
+ * Copyright (c) 2002, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package shopping;
+
+import java.io.*;
+import java.util.*;
+import javax.ejb.EJBHome;
+import javax.naming.*;
+import javax.rmi.PortableRemoteObject;
+import org.omg.CORBA.ORB;
+import com.sun.enterprise.security.LoginContext;
+//import com.sun.enterprise.security.auth.login.common.LoginException;
+import java.rmi.RemoteException;
+import java.security.*;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+public class ShoppingCartClient {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+
+ public static void main (String[] args) {
+
+ ShoppingCartClient client = new ShoppingCartClient(args);
+ client.doTest();
+ }
+
+ public ShoppingCartClient(String[] args) {
+ //super(args);
+ }
+
+ public String doTest() {
+
+ ShoppingCartRemote hr=null;
+ String res=null;
+ Context ic = null;
+ LoginContext lc=null;
+ ShoppingCartHome home=null;
+ String testId = "Sec::Stateful Login Bean";
+ try {
+ stat.addDescription("Security::Statefule Login Bean");
+ ic = new InitialContext();
+ // create EJB using factory from container
+ java.lang.Object objref = ic.lookup("statefulLoginBean");
+
+ System.err.println("Looked up home!!");
+
+ home = (ShoppingCartHome)PortableRemoteObject.narrow(
+ objref, ShoppingCartHome.class);
+ System.err.println("Narrowed home!!");
+
+ hr = home.create("LizHurley");
+ System.out.println("Got the EJB!!");
+
+ // invoke 3 overloaded methods on the EJB
+ System.out.println ("Calling authorized method - addItem");
+ hr.addItem("lipstick", 30);
+ hr.addItem("mascara", 40);
+ hr.addItem("lipstick2", 50);
+ hr.addItem("sandals", 200);
+ System.out.println(hr.getTotalCost());
+ hr.deleteItem("lipstick2");
+ java.lang.String[] shoppingList = hr.getItems();
+ System.out.println("Shopping list for LizHurley");
+ for (int i=0; i<shoppingList.length; i++){
+ System.out.println(shoppingList[i]);
+ }
+ System.out.println("Total Cost for Ms Hurley = "+
+ hr.getTotalCost());
+
+ boolean canSaveQuote;
+ try {
+ hr.saveAsQuote();
+ canSaveQuote = true;
+ } catch(Exception ex) {
+ canSaveQuote = false;
+ }
+
+ if (canSaveQuote) {
+ stat.addStatus(testId, stat.FAIL);
+ System.out.println("RealmPerApp:RpaLoginBean Test Failed");
+ } else {
+ stat.addStatus(testId, stat.PASS);
+ System.out.println("RealmPerApp:RpaLoginBean Test Passed");
+ }
+ } catch(Exception re){
+ re.printStackTrace();
+ stat.addStatus(testId, stat.FAIL);
+ System.out.println("Shopping Cart:StatefulLoginBean Test Failed");
+ System.exit(-1);
+ } finally {
+ stat.printSummary();
+ }
+ System.out.println("ShoppingCart:StatefulLoginBean Test Passed");
+ return res;
+
+ }
+
+
+ public final static String helloStr = "Hello ShoppingCart!!!";
+}
+
diff --git a/appserver/tests/appserv-tests/devtests/security/sful/descriptor/application-client.xml b/appserver/tests/appserv-tests/devtests/security/sful/descriptor/application-client.xml
new file mode 100644
index 0000000..6d98720
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/sful/descriptor/application-client.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE application-client PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application Client 1.3//EN" "http://java.sun.com/dtd/application-client_1_3.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application-client>
+ <display-name>statefulLoginBean-client</display-name>
+ <description>Stateful Login Bean checking j2eelogin.name and j2eelogin.password properties</description>
+ <ejb-ref>
+ <ejb-ref-name>ejb/statefulLoginBean</ejb-ref-name>
+ <ejb-ref-type>Session</ejb-ref-type>
+ <home>shopping.ShoppingCartHome</home>
+ <remote>shopping.ShoppingCartRemote</remote>
+ </ejb-ref>
+</application-client>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/sful/descriptor/application.xml b/appserver/tests/appserv-tests/devtests/security/sful/descriptor/application.xml
new file mode 100644
index 0000000..253dac4
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/sful/descriptor/application.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE application PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application 1.3//EN" "http://java.sun.com/dtd/application_1_3.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application>
+ <display-name>statefulLoginBean</display-name>
+ <module>
+ <ejb>statefulLoginBean-ejb.jar</ejb>
+ </module>
+ <module>
+ <java>statefulLoginBean-client.jar</java>
+ </module>
+</application>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/sful/descriptor/ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/sful/descriptor/ejb-jar.xml
new file mode 100644
index 0000000..9baaff7
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/sful/descriptor/ejb-jar.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 2.0//EN" "http://java.sun.com/dtd/ejb-jar_2_0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<ejb-jar>
+ <display-name>Ejb1</display-name>
+ <enterprise-beans>
+ <session>
+ <display-name>statefulLoginBean</display-name>
+ <ejb-name>statefulLoginBean</ejb-name>
+ <home>shopping.ShoppingCartHome</home>
+ <remote>shopping.ShoppingCartRemote</remote>
+ <ejb-class>shopping.ShoppingCartBean</ejb-class>
+ <session-type>Stateful</session-type>
+ <transaction-type>Container</transaction-type>
+ <security-role-ref>
+ <role-name>EMP</role-name>
+ <role-link>Employee</role-link>
+ </security-role-ref>
+ <security-role-ref>
+ <role-name>STAFF</role-name>
+ <role-link>Employee</role-link>
+ </security-role-ref>
+ <security-identity>
+ <use-caller-identity/>
+ </security-identity>
+ </session>
+ </enterprise-beans>
+ <assembly-descriptor>
+ <security-role>
+ <role-name>Administrator</role-name>
+ </security-role>
+ <security-role>
+ <role-name>Employee</role-name>
+ </security-role>
+ <method-permission>
+ <role-name>Employee</role-name>
+ <method>
+ <ejb-name>statefulLoginBean</ejb-name>
+ <method-intf>Remote</method-intf>
+ <method-name>addItem</method-name>
+ </method>
+ <method>
+ <ejb-name>statefulLoginBean</ejb-name>
+ <method-intf>Remote</method-intf>
+ <method-name>deleteItem</method-name>
+ </method>
+ <method>
+ <ejb-name>statefulLoginBean</ejb-name>
+ <method-intf>Remote</method-intf>
+ <method-name>getTotalCost</method-name>
+ </method>
+ <method>
+ <ejb-name>statefulLoginBean</ejb-name>
+ <method-intf>Remote</method-intf>
+ <method-name>getItems</method-name>
+ </method>
+ </method-permission>
+ <method-permission>
+ <role-name>Administrator</role-name>
+ <method>
+ <ejb-name>statefulLoginBean</ejb-name>
+ <method-intf>Remote</method-intf>
+ <method-name>saveAsQuote</method-name>
+ </method>
+ </method-permission>
+ </assembly-descriptor>
+</ejb-jar>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/sful/descriptor/sun-application-client.xml b/appserver/tests/appserv-tests/devtests/security/sful/descriptor/sun-application-client.xml
new file mode 100644
index 0000000..03ce95d
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/sful/descriptor/sun-application-client.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application-client PUBLIC "-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 Application Client 1.3//EN" "http://www.sun.com/software/sunone/appserver/dtds/sun-application-client_1_3-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application-client>
+<ejb-ref>
+<ejb-ref-name>ejb/statefulLoginBean</ejb-ref-name>
+<jndi-name>statefulLoginBean</jndi-name>
+</ejb-ref>
+</sun-application-client>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/sful/descriptor/sun-application.xml b/appserver/tests/appserv-tests/devtests/security/sful/descriptor/sun-application.xml
new file mode 100644
index 0000000..fea23ff
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/sful/descriptor/sun-application.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application PUBLIC "-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 J2EE Application 1.4//EN" "http://www.sun.com/software/sunone/appserver/dtds/sun-application_1_4-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application>
+ <unique-id>0</unique-id>
+ <security-role-mapping>
+ <role-name>Administrator</role-name>
+ <principal-name>shingwai</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>Employee</role-name>
+ <group-name>employee</group-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>Manager</role-name>
+ <principal-name>ronald</principal-name>
+ </security-role-mapping>
+</sun-application>
diff --git a/appserver/tests/appserv-tests/devtests/security/sful/descriptor/sun-ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/sful/descriptor/sun-ejb-jar.xml
new file mode 100644
index 0000000..0094fa5
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/sful/descriptor/sun-ejb-jar.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 EJB 2.0//EN" "http://www.sun.com/software/sunone/appserver/dtds/sun-ejb-jar_2_0-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-ejb-jar>
+<enterprise-beans>
+<unique-id>0</unique-id>
+<ejb>
+<ejb-name>statefulLoginBean</ejb-name>
+<jndi-name>statefulLoginBean</jndi-name>
+<ior-security-config>
+<transport-config>
+<integrity>supported</integrity>
+<confidentiality>supported</confidentiality>
+<establish-trust-in-target>supported</establish-trust-in-target>
+<establish-trust-in-client>supported</establish-trust-in-client>
+</transport-config>
+<as-context>
+<auth-method>username_password</auth-method>
+<realm>default</realm>
+<required>true</required>
+</as-context>
+<sas-context>
+<caller-propagation>supported</caller-propagation>
+</sas-context>
+</ior-security-config>
+<gen-classes/>
+</ejb>
+</enterprise-beans>
+</sun-ejb-jar>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/sful/shopping/ShoppingCartBean.java b/appserver/tests/appserv-tests/devtests/security/sful/shopping/ShoppingCartBean.java
new file mode 100644
index 0000000..d7d63b6
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/sful/shopping/ShoppingCartBean.java
@@ -0,0 +1,126 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+/*
+ * ShoppingEJB.java
+ *
+ * Created on May 15, 2003, 5:16 PM
+ */
+
+package shopping;
+
+import javax.ejb.SessionContext;
+import javax.ejb.SessionBean;
+import java.util.Vector;
+import java.lang.String;
+import java.util.Iterator;
+import javax.ejb.EJBException;
+import java.rmi.RemoteException;
+/**
+ *
+ * @author hsingh
+ */
+
+public class ShoppingCartBean implements SessionBean {
+
+ private String shopper = "anonymous";
+ private String principal = "harpreet";
+ private int totalPrice = 0;
+
+ private int totalItems = 0;
+
+ private Vector items;
+
+ private Vector itemPrice;
+
+ private SessionContext sc = null;
+
+ /** Creates a new instance of ShoppingEJB */
+ public void ejbCreate(String shopperName) {
+ shopper = shopperName;
+ items = new Vector();
+ itemPrice = new Vector();
+ }
+
+ public void addItem(java.lang.String item, int price) throws EJBException,
+ RemoteException{
+ items.add(item);
+ itemPrice.add(new Integer(price));
+ totalItems++;
+ totalPrice += price;
+ System.out.println(" Shopping Cart: Shopper "+ shopper +" has bought "
+ + item +" for price ="+ price +" .Total Items = "+totalItems +
+ " .TotalPrice = " + totalPrice);
+
+ System.out.println("Caller Principal = "+sc.getCallerPrincipal());
+ }
+
+ public void deleteItem(java.lang.String item) throws EJBException,
+ RemoteException{
+ int index = items.indexOf(item);
+ items.remove(item);
+ Integer price = (Integer) itemPrice.get(index);
+ System.out.println("Shopping Cart: Removing item "+ item +" @price "+
+ price.intValue());
+ totalPrice -= price.shortValue();
+ itemPrice.remove(index);
+ System.out.println(" Shopping Cart: Shopper "+ shopper +" .Total Items = "+totalItems +
+ " .TotalPrice = " + totalPrice);
+ System.out.println("Caller Principal = "+sc.getCallerPrincipal());
+ }
+
+ public double getTotalCost() throws EJBException{
+ System.out.println("Caller Princial = "+sc.getCallerPrincipal());
+
+ return totalPrice;
+ }
+
+ public String[] getItems() throws EJBException{
+ System.out.println("Caller Principal = "+sc.getCallerPrincipal());
+
+ Iterator it = items.iterator();
+ int sz = items.size();
+ String[] itemNames = new String[sz];
+ for(int i=0; it.hasNext();){
+ itemNames[i++] = new String( (String)it.next());
+ }
+ return itemNames;
+ }
+
+ public void saveAsQuote() {
+ System.out.println("Caller Principal = "+sc.getCallerPrincipal());
+ }
+
+ public void ejbActivate() {
+ System.out.println("In ShoppingCart ejbActivate");
+ }
+
+
+ public void ejbPassivate() {
+ System.out.println("In ShoppingCart ejbPassivate");
+ }
+
+
+ public void ejbRemove() {
+ System.out.println("In ShoppingCart ejbRemove");
+ }
+
+
+ public void setSessionContext(javax.ejb.SessionContext sessionContext) {
+ sc = sessionContext;
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/sful/shopping/ShoppingCartHome.java b/appserver/tests/appserv-tests/devtests/security/sful/shopping/ShoppingCartHome.java
new file mode 100644
index 0000000..90baa62
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/sful/shopping/ShoppingCartHome.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+/*
+ * ShoppingCartHome.java
+ *
+ * Created on May 15, 2003, 5:21 PM
+ */
+
+package shopping;
+import javax.ejb.EJBHome;
+import shopping.ShoppingCartRemote;
+/**
+ *
+ * @author hsingh
+ */
+public interface ShoppingCartHome extends EJBHome{
+
+ public ShoppingCartRemote create(java.lang.String shopperName)
+ throws java.rmi.RemoteException, javax.ejb.CreateException;
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/sful/shopping/ShoppingCartRemote.java b/appserver/tests/appserv-tests/devtests/security/sful/shopping/ShoppingCartRemote.java
new file mode 100644
index 0000000..98f39c5
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/sful/shopping/ShoppingCartRemote.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+/*
+ * ShoppingCart.java
+ *
+ * Created on May 15, 2003, 5:09 PM
+ */
+
+package shopping;
+import javax.ejb.EJBObject;
+/**
+ * Shopping Cart Stateful Session Bean. Just tests -Dj2eelogin.name
+ * -Dj2eelogin.password system properties.
+ * @author hsingh
+ */
+public interface ShoppingCartRemote extends EJBObject {
+
+ public void addItem(java.lang.String item, int price) throws java.rmi.RemoteException;
+
+ public void deleteItem(java.lang.String item) throws java.rmi.RemoteException;
+
+ public double getTotalCost() throws java.rmi.RemoteException;
+
+ public java.lang.String[] getItems() throws java.rmi.RemoteException;
+ public void saveAsQuote() throws java.rmi.RemoteException;
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/simple-perf/Readme.txt b/appserver/tests/appserv-tests/devtests/security/simple-perf/Readme.txt
new file mode 100644
index 0000000..22d9ef0
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/simple-perf/Readme.txt
@@ -0,0 +1,3 @@
+A simple performance test - no security turned on.
+Change the sun-ejb-jar.xml to turn on the required security elements.
+Change the value of times in sun-application-client.xml to run the method number of "times"
diff --git a/appserver/tests/appserv-tests/devtests/security/simple-perf/build.properties b/appserver/tests/appserv-tests/devtests/security/simple-perf/build.properties
new file mode 100644
index 0000000..afbee49
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/simple-perf/build.properties
@@ -0,0 +1,52 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="sec-ssl"/>
+<property name="appname" value="${module}-converter"/>
+
+<property name="assemble"
+ value="${build.classes.dir}/archive"/>
+<property name="appclientjar.files" value="${build.classes.dir}"/>
+<property name="appclient.jar"
+ value="${assemble.dir}/${appname}-client.jar"/>
+
+<property name="test.client"
+ value="com.sun.s1peqe.security.ssl.converter.client.ConverterClient"/>
+
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="sun-application.xml" value="descriptor/sun-application.xml"/>
+<property name="ejb-jar.xml" value="descriptor/ejb-jar.xml"/>
+<property name="sun-ejb-jar.xml" value="descriptor/sun-ejb-jar.xml"/>
+<property name="application-client.xml"
+ value="descriptor/application-client.xml"/>
+<property name="sun-application-client.xml"
+ value="descriptor/sun-application-client.xml"/>
+
+<property name="app.type" value="application"/>
+
+<!-- ============================================================ -->
+<!-- Standalone Client specific properties which run without ACC -->
+<!-- ============================================================ -->
+<!--
+<property name="jndi.name" value="SSLconverter"/>
+<property name="provider.url" value="iiop://localhost:${orb.port}"/>
+<property name="ctxfactory" value="com.sun.enterprise.naming.SerialInitContextFactory"/>
+<property name="ctxfactory" value="com.sun.jndi.cosnaming.CNCtxFactory"/>
+-->
+
diff --git a/appserver/tests/appserv-tests/devtests/security/simple-perf/build.xml b/appserver/tests/appserv-tests/devtests/security/simple-perf/build.xml
new file mode 100644
index 0000000..e36aaff
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/simple-perf/build.xml
@@ -0,0 +1,107 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../config/common.xml">
+<!ENTITY testproperties SYSTEM "file:./build.properties">
+]>
+
+<project name="simple-perf" default="usage" basedir=".">
+
+ &commonSetup;
+ &commonBuild;
+ &testproperties;
+
+
+ <target name="all" depends="build,deploy,run,undeploy"/>
+ <!-- run-test target added to have setup/unsetup commonly -->
+ <target name="run-test" depends="build,deploy,run,undeploy"/>
+
+ <target name="clean" depends="init-common">
+ <antcall target="clean-common"/>
+ </target>
+
+ <target name="compile" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="ejb"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="client"/>
+ </antcall>
+ </target>
+
+ <target name="build" depends="compile">
+ <antcall target="build-ear-common"/>
+ </target>
+
+ <target name="deploy" depends="init-common">
+ <antcall target="deploy-common"/>
+ </target>
+
+ <target name="run" depends="init-common">
+ <antcall target="runclient-local"/>
+ <antcall target="run-standalone-client"/>
+ </target>
+
+ <target name="runclient-local" depends="init-common">
+ <exec executable="${APPCLIENT}">
+ <env key="VMARGS" value=" -Djavax.net.ssl.keyStore=${admin.domain.dir}/${admin.domain}/config/keystore.jks -Djavax.net.ssl.trustStore=${admin.domain.dir}/${admin.domain}/config/cacerts.jks" />
+ <arg value="-client" />
+ <arg value="${assemble.dir}/${appname}AppClient.jar"/>
+ <!-- dummy user added as appclient throwing login window -->
+ <arg value="-textauth"/>
+ <arg value="-user"/>
+ <arg value="temp"/>
+ <arg value="-password"/>
+ <arg value="temp"/>
+ </exec>
+ </target>
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-common"/>
+ </target>
+
+ <!-- =============================================== -->
+ <!-- Target to run the standalone client without ACC -->
+ <!-- =============================================== -->
+ <target name="run-standalone-client" depends="init-common">
+ <property name="jndi.name" value="SSLconverter"/>
+ <property name="provider.url" value="iiop://${admin.host}:${orb.port}"/>
+ <property name="ctxfactory"
+ value="com.sun.enterprise.naming.SerialInitContextFactory"/>
+ <echo message="provider.url used is ${provider.url}"/>
+ <java classname="${test.client}"
+ classpath="${s1astest.classpath}:${assemble.dir}/${appname}AppClient.jar"
+ failonerror="true" fork="true">
+ <jvmarg value="-Dorg.omg.CORBA.ORBInitialHost=${admin.host}"/>
+ <jvmarg value="-Dorg.omg.CORBA.ORBInitialPort=${orb.port}"/>
+ <jvmarg value="-Djavax.net.ssl.keyStore=${admin.domain.dir}/${admin.domain}/config/keystore.jks"/>
+ <jvmarg value="-Djavax.net.ssl.trustStore=${admin.domain.dir}/${admin.domain}/config/cacerts.jks"/>
+ <jvmarg value="-Dcom.sun.CORBA.connection.ORBSocketFactoryClass=com.sun.enterprise.iiop.IIOPSSLSocketFactory"/>
+ <arg value="${provider.url}"/>
+ <arg value="${ctxfactory}"/>
+ <arg value="${jndi.name}"/>
+ </java>
+ </target>
+
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/simple-perf/client/ConverterClient.java b/appserver/tests/appserv-tests/devtests/security/simple-perf/client/ConverterClient.java
new file mode 100644
index 0000000..20864e9
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/simple-perf/client/ConverterClient.java
@@ -0,0 +1,161 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1peqe.security.ssl.converter.client;
+
+import java.util.Properties;
+import java.math.BigDecimal;
+import javax.naming.Context;
+import javax.naming.InitialContext;
+import javax.rmi.PortableRemoteObject;
+import com.sun.s1peqe.security.ssl.converter.ejb.*;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+/**
+ * A simple java client. This uses the services provided by the <code>ConverterBean</code> and
+ * converts 100 US dollars to Yen and 100 Yen to Euro.
+ * <p>In this regard, it does the following in order
+ * <ul>
+ * <li>Locates the home interface of the enterprise bean
+ * <li>Gets a reference to the remote interface
+ * <li>Invokes business methods
+ * </ul>
+ * <br>
+ * <b>Locating the home interface:</b>
+ * <blockquote><pre>
+ * Context initial = new InitialContext();
+ * Context myEnv = (Context)initial.lookup("java:comp/env");
+ * Object objref = myEnv.lookup("ejb/SimpleConverter");
+ * ConverterHome home = (ConverterHome)PortableRemoteObject.narrow(objref, ConverterHome.class);
+ * </pre></blockquote>
+ * <br>
+ * <b>Creating the remote interface:</b>
+ * <blockquote><pre>
+ * Converter currencyConverter = home.create();
+ * </pre></blockquote>
+ * <br>
+ * <b>Invoking business methods:</b>
+ * <blockquote><pre>
+ * BigDecimal param = new BigDecimal ("100.00");
+ * amount = currencyConverter.dollarToYen(param);
+ * amount = currencyConverter.yenToEuro(param);
+ * </pre></blockquote>
+ * <br>
+ * <b>Output:</b>
+ * <pre>
+ * 12160.00
+ * 0.77
+ * </pre>
+ *
+ *
+ */
+
+public class ConverterClient {
+
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+
+ ConverterClient() {
+ }
+
+ /**
+ * The main method of the client. This invokes the <code>ConverterBean</code> to use
+ * its services. It then asks the bean to convert 100 dollars to yen and
+ * 100 yen to euro. The results are printed at the terminal where the client is run.
+ * See <code>appclient</code> documentation in SunONE app server to run the clinet.
+ *
+ */
+ public static void main(String[] args) {
+ ConverterClient client = new ConverterClient();
+ client.run(args);
+ }
+
+ private void run(String[] args) {
+ String url = null;
+ String testId = null;
+ String jndiName = null;
+ Context context = null;
+ String ctxFactory = null;
+ java.lang.Object obj = null;
+ try {
+ stat.addDescription("Security::SSL One way ssl.");
+
+ if (args.length == 3) {
+ url = args[0];
+ ctxFactory = args[1];
+ jndiName = args[2];
+ }
+
+ if ( (url == null) || (ctxFactory == null) ) {
+ testId = "Sec::Simple Perf Converter Sample AppClient";
+ // Initialize the Context with default properties
+ context = new InitialContext();
+ System.out.println("Simple Perf Test \n Default Context Initialized...");
+ // Create Home object
+ obj = context.lookup("java:comp/env/ejb/SSLSimpleConverter");
+ } else {
+ testId = "Sec::Perf Standalone-Client";
+ Properties env = new Properties();
+ env.put("java.naming.provider.url", url);
+ env.put("java.naming.factory.initial", ctxFactory);
+ // Initialize the Context with JNDI specific properties
+ context = new InitialContext(env);
+ System.out.println("Context Initialized with " +
+ "URL: " + url + ", Factory: " + ctxFactory);
+ // Create Home object
+ obj = context.lookup(jndiName);
+ }
+ String mytimes = "5000";//(String)context.lookup("java:comp/env/times");
+ System.out.println("No of times the test is run ->"+mytimes);
+ ConverterRemoteHome home =
+ (ConverterRemoteHome) PortableRemoteObject.narrow(obj,
+ ConverterRemoteHome.class);
+
+ ConverterRemote currencyConverter = home.create();
+
+ System.out.println("\n\n\n===========Beginning Simple Test=====\n\n");
+
+ BigDecimal param = new BigDecimal ("100.00");
+ int times = 1;
+ try{
+ times = Integer.parseInt(mytimes);
+ } catch(java.lang.NumberFormatException ne){
+ System.out.println("Times in descriptor declared incorrectly");
+ }
+ BigDecimal amount = new BigDecimal(1);
+ BigDecimal amount2 = new BigDecimal(1);
+ long starttime = System.currentTimeMillis();
+
+ for(int i = 0; i<times; i++){
+ amount = currencyConverter.dollarToYen(param);
+ amount2 = currencyConverter.yenToEuro(param);
+ }
+ long endtime = System.currentTimeMillis();
+ double avg = (endtime-starttime)/(2.0*times);
+ System.out.println("$100 is : "+amount+"Yen");
+ System.out.println("Yen is :"+amount2+"Euro");
+ System.out.println("Average time to run 1 method = "+ avg);
+ stat.addStatus(testId, stat.PASS);
+ } catch (Exception ex) {
+ stat.addStatus(testId, stat.FAIL);
+ System.err.println("Caught an unexpected exception!");
+ ex.printStackTrace();
+ } finally {
+ stat.printSummary(testId);
+ }
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/simple-perf/client/MANIFEST.MF b/appserver/tests/appserv-tests/devtests/security/simple-perf/client/MANIFEST.MF
new file mode 100644
index 0000000..bf0333b
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/simple-perf/client/MANIFEST.MF
@@ -0,0 +1,4 @@
+Manifest-Version: 1.0
+Created-By: 1.4.0 (Sun Microsystems Inc.)
+Main-Class: com.sun.s1peqe.security.ssl.converter.client.ConverterClient
+
diff --git a/appserver/tests/appserv-tests/devtests/security/simple-perf/descriptor/application-client.xml b/appserver/tests/appserv-tests/devtests/security/simple-perf/descriptor/application-client.xml
new file mode 100644
index 0000000..c07685e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/simple-perf/descriptor/application-client.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE application-client PUBLIC '-//Sun Microsystems, Inc.//DTD J2EE Application Client 1.3//EN' 'http://java.sun.com/dtd/application-client_1_3.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application-client>
+ <display-name>sec-ssl-converterClient</display-name>
+ <env-entry>
+ <env-entry-name>times</env-entry-name>
+ <env-entry-type>java.lang.String</env-entry-type>
+ <env-entry-value>5000</env-entry-value>
+ </env-entry>
+ <ejb-ref>
+ <ejb-ref-name>ejb/SSLSimpleConverter</ejb-ref-name>
+ <ejb-ref-type>Session</ejb-ref-type>
+ <home>com.sun.s1peqe.security.ssl.converter.ejb.ConverterRemoteHome</home>
+ <remote>com.sun.s1peqe.security.ssl.converter.ejb.ConverterRemote</remote>
+ </ejb-ref>
+</application-client>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/simple-perf/descriptor/application.xml b/appserver/tests/appserv-tests/devtests/security/simple-perf/descriptor/application.xml
new file mode 100644
index 0000000..26b2189
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/simple-perf/descriptor/application.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE application PUBLIC '-//Sun Microsystems, Inc.//DTD J2EE Application 1.2//EN' 'http://java.sun.com/j2ee/dtds/application_1_2.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application>
+ <icon>
+ <small-icon></small-icon>
+ <large-icon></large-icon>
+ </icon>
+ <display-name>SSLConverterApp</display-name>
+ <module>
+ <java>sec-ssl-converter-client.jar</java>
+ </module>
+ <module>
+ <ejb>sec-ssl-converter-ejb.jar</ejb>
+ </module>
+</application>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/simple-perf/descriptor/ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/simple-perf/descriptor/ejb-jar.xml
new file mode 100644
index 0000000..d2e113e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/simple-perf/descriptor/ejb-jar.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 1.1//EN' 'http://java.sun.com/j2ee/dtds/ejb-jar_1_1.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<ejb-jar>
+ <enterprise-beans>
+ <session>
+ <display-name>SSLConverterApp</display-name>
+ <ejb-name>SSLTheConverter</ejb-name>
+ <home>com.sun.s1peqe.security.ssl.converter.ejb.ConverterRemoteHome</home>
+ <remote>com.sun.s1peqe.security.ssl.converter.ejb.ConverterRemote</remote>
+ <ejb-class>com.sun.s1peqe.security.ssl.converter.ejb.ConverterBean</ejb-class>
+ <session-type>Stateless</session-type>
+ <transaction-type>Bean</transaction-type>
+ </session>
+ </enterprise-beans>
+</ejb-jar>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/simple-perf/descriptor/sun-application-client.xml b/appserver/tests/appserv-tests/devtests/security/simple-perf/descriptor/sun-application-client.xml
new file mode 100644
index 0000000..fb42e00
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/simple-perf/descriptor/sun-application-client.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application-client PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 Application Client 1.3//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-application-client_1_3-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application-client>
+ <ejb-ref>
+ <ejb-ref-name>ejb/SSLSimpleConverter</ejb-ref-name>
+ <jndi-name>SSLconverter</jndi-name>
+ </ejb-ref>
+</sun-application-client>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/simple-perf/descriptor/sun-ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/simple-perf/descriptor/sun-ejb-jar.xml
new file mode 100644
index 0000000..5b1f915
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/simple-perf/descriptor/sun-ejb-jar.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 EJB 2.0//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-ejb-jar_2_0-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-ejb-jar>
+ <enterprise-beans>
+ <unique-id>1</unique-id>
+ <ejb>
+ <ejb-name>SSLTheConverter</ejb-name>
+ <jndi-name>SSLconverter</jndi-name>
+ <ior-security-config>
+ <transport-config>
+ <integrity>none</integrity>
+ <confidentiality>none</confidentiality>
+ <establish-trust-in-target>none</establish-trust-in-target>
+ <establish-trust-in-client>none</establish-trust-in-client>
+ </transport-config>
+ <as-context>
+ <auth-method>username_password</auth-method>
+ <realm>default</realm>
+ <required>false</required>
+ </as-context>
+ <sas-context>
+ <caller-propagation>none</caller-propagation>
+ </sas-context>
+ </ior-security-config>
+ </ejb>
+ </enterprise-beans>
+</sun-ejb-jar>
diff --git a/appserver/tests/appserv-tests/devtests/security/simple-perf/ejb/ConverterBean.java b/appserver/tests/appserv-tests/devtests/security/simple-perf/ejb/ConverterBean.java
new file mode 100644
index 0000000..3435f84
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/simple-perf/ejb/ConverterBean.java
@@ -0,0 +1,92 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1peqe.security.ssl.converter.ejb;
+
+import java.rmi.RemoteException;
+import javax.ejb.SessionBean;
+import javax.ejb.SessionContext;
+import java.math.*;
+
+/**
+ * A simple stateless bean for the Converter application. This bean implements all
+ * business method as declared by the remote interface, <code>Converter</code>.
+ *
+ * @see Converter
+ * @see ConverterHome
+ */
+public class ConverterBean implements SessionBean {
+
+ BigDecimal yenRate = new BigDecimal("121.6000");
+ BigDecimal euroRate = new BigDecimal("0.0077");
+ SessionContext mysc = null;
+
+ public String myCallerPrincipal(){
+ return mysc.getCallerPrincipal().toString();
+ }
+ /**
+ * Returns the yen value for a given dollar amount.
+ * @param dollars dollar amount to be converted to yen.
+ */
+ public BigDecimal dollarToYen(BigDecimal dollars) {
+ BigDecimal result = dollars.multiply(yenRate);
+ return result.setScale(2,BigDecimal.ROUND_UP);
+ }
+
+ /**
+ * Returns the euro value for a given yen amount.
+ * @param yen yen amount to be converted to euro.
+ */
+ public BigDecimal yenToEuro(BigDecimal yen) {
+ BigDecimal result = yen.multiply(euroRate);
+ return result.setScale(2,BigDecimal.ROUND_UP);
+ }
+
+ /**
+ * Required by EJB spec.
+ */
+ public ConverterBean() {}
+
+ /**
+ * Creates a bean. Required by EJB spec.
+ * @exception throws CreateException.
+ */
+ public void ejbCreate() {}
+
+ /**
+ * Removes the bean. Required by EJB spec.
+ */
+ public void ejbRemove() {}
+
+ /**
+ * Loads the state of the bean from secondary storage. Required by EJB spec.
+ */
+ public void ejbActivate() {}
+
+ /**
+ * Keeps the state of the bean to secondary storage. Required by EJB spec.
+ */
+ public void ejbPassivate() {}
+
+ /**
+ * Sets the session context. Required by EJB spec.
+ * @param ctx A SessionContext object.
+ */
+ public void setSessionContext(SessionContext sc) {
+ mysc = sc;
+ }
+
+} // ConverterBean
diff --git a/appserver/tests/appserv-tests/devtests/security/simple-perf/ejb/ConverterRemote.java b/appserver/tests/appserv-tests/devtests/security/simple-perf/ejb/ConverterRemote.java
new file mode 100644
index 0000000..65a717d
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/simple-perf/ejb/ConverterRemote.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1peqe.security.ssl.converter.ejb;
+
+import javax.ejb.EJBObject;
+import java.rmi.RemoteException;
+import java.math.*;
+
+/**
+ * Remote interface for the <code>ConverterBean</code>. The remote interface, </code>Converter</code>
+ * defines all possible business methods for the bean. These are methods, going tobe invoked
+ * remotely by clients, once they have a reference to the remote interface.
+ *
+ * Clients generally take the help of JNDI to lookup the bean's home interface and
+ * then use the home interface to obtain references to the bean's remote interface.
+ *
+ * @see ConverterHome
+ * @see ConverterBean
+ */
+public interface ConverterRemote extends EJBObject {
+
+ /**
+ * Returns the yen value for a given dollar amount.
+ * @param dollars dollar amount to be converted to yen.
+ */
+ public BigDecimal dollarToYen(BigDecimal dollars) throws RemoteException;
+
+ /**
+ * Returns the euro value for a given yen amount.
+ * @param yen yen amount to be converted to euro.
+ */
+ public BigDecimal yenToEuro(BigDecimal yen) throws RemoteException;
+
+ public String myCallerPrincipal() throws RemoteException;
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/simple-perf/ejb/ConverterRemoteHome.java b/appserver/tests/appserv-tests/devtests/security/simple-perf/ejb/ConverterRemoteHome.java
new file mode 100644
index 0000000..57b5a98
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/simple-perf/ejb/ConverterRemoteHome.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1peqe.security.ssl.converter.ejb;
+
+import java.io.Serializable;
+import java.rmi.RemoteException;
+import javax.ejb.CreateException;
+import javax.ejb.EJBHome;
+
+/**
+ * Home interface for the <code>ConverterBean</code>. Clients generally use home interface
+ * to obtain references to the bean's remote interface, <code>Converter</code>.
+ *
+ * @see Converter
+ * @see ConverterBean
+ */
+public interface ConverterRemoteHome extends EJBHome {
+ /**
+ * Gets a reference to the remote interface of the <code>ConverterBean</code>.
+ * @exception throws CreateException and RemoteException.
+ *
+ */
+ ConverterRemote create() throws RemoteException, CreateException;
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/build.properties b/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/build.properties
new file mode 100644
index 0000000..961d93a
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/build.properties
@@ -0,0 +1,40 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security-multimapping"/>
+<property name="appname" value="${module}"/>
+<property name="assemble" value="${build.classes.dir}/archive"/>
+<!--
+<property name="test.client"
+ value="com.sun.s1asdev.security.anyone.client.Client"/>
+-->
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="sun-application.xml" value="descriptor/sun-application.xml"/>
+<property name="ejb-jar.xml" value="descriptor/ejb-jar.xml"/>
+<property name="sun-ejb-jar.xml" value="descriptor/sun-ejb-jar.xml"/>
+<property name="web.xml" value="descriptor/web.xml"/>
+<!--
+<property name="application-client.xml"
+ value="descriptor/application-client.xml"/>
+<property name="sun-application-client.xml"
+ value="descriptor/sun-application-client.xml"/>
+<property name="appclientjar.files" value="${build.classes.dir}"/>
+<property name="appclient.jar" value="${assemble.dir}/${appname}-client.jar"/>
+-->
+<property name="app.type" value="application"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/build.xml b/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/build.xml
new file mode 100644
index 0000000..60eb22b
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/build.xml
@@ -0,0 +1,209 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../config/common.xml">
+<!ENTITY commonSecurity SYSTEM "file:../common.xml">
+<!ENTITY testproperties SYSTEM "file:./build.properties">
+]>
+
+<project name="security-multimapping" default="usage" basedir=".">
+
+ &commonSetup;
+ &commonBuild;
+ &testproperties;
+ &commonSecurity;
+
+ <target name="all" depends="clean, setup, build, deploy, run, undeploy, unsetup"/>
+
+ <target name="clean" depends="init-common">
+ <antcall target="clean-common"/>
+ </target>
+
+ <target name="setup" depends="init-common">
+ <antcall target="create-user-common">
+ <param name="user" value="webuser"/>
+ <param name="password" value="ww"/>
+ <param name="groups" value="webusers"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="bobby"/>
+ <param name="password" value="bb"/>
+ <param name="groups" value="dummygroup"/>
+ </antcall>
+ <!-- <antcall target="reconfig-common"/>-->
+ </target>
+
+ <target name="unsetup" depends="init-common">
+ <antcall target="delete-user-common">
+ <param name="user" value="webuser"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="bobby"/>
+ </antcall>
+ </target>
+
+ <target name="compile" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="ejb"/>
+ <param name="build.classes.dir" value="${build.classes.dir}/nonweb"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="web"/>
+ <param name="build.classes.dir" value="${build.classes.dir}/web"/>
+ <!-- overriding classpath to include classes from ejb module-->
+ <param name="s1astest.classpath"
+ value="${s1astest.classpath}:${build.classes.dir}/nonweb"/>
+ </antcall>
+ <!-- Am leaving in the commented appclient fragments to add
+ an appclient test later. -->
+ <!--
+ <antcall target="compile-common">
+ <param name="src" value="client"/>
+ <param name="build.classes.dir" value="${build.classes.dir}/nonweb"/>
+ </antcall>
+ -->
+ </target>
+
+ <target name="build" depends="compile">
+ <mkdir dir="${assemble.dir}"/>
+ <mkdir dir="${build.classes.dir}/META-INF"/>
+
+ <antcall target="package-ejbjar-common">
+ <param name="ejbjar.files" value="${build.classes.dir}/nonweb"/>
+ <param name="ejb.jar" value="${assemble.dir}/${appname}-ejb.jar"/>
+ <param name="ejbjar.classes" value="com/sun/**/ejb/*.class"/>
+ <param name="sun-ejb-jar.xml" value="${sun-ejb-jar.xml}"/>
+ </antcall>
+ <antcall target="package-war-common">
+ <param name="war.classes" value="${build.classes.dir}/web"/>
+ <param name="war.file" value="${assemble.dir}/${appname}-web.war"/>
+ <param name="sun-web.xml" value="descriptor/sun-web.xml"/>
+ </antcall>
+
+ <!--
+ <antcall target="package-appclientjar-common">
+ <param name="appclientjar.files" value="${build.classes.dir}/nonweb"/>
+ <param name="appclient.jar"
+ value="${assemble.dir}/${appname}-client.jar"/>
+ <param name="appclientjar.classes"
+ value="com/sun/**/client/*.class,com/sun/**/ejb/Hello.class"/>
+ </antcall>
+ -->
+
+ <copy file="${application.xml}" tofile="${build.classes.dir}/META-INF/application.xml" failonerror="false"/>
+ <copy file="${sun-application.xml}" tofile="${build.classes.dir}/META-INF/sun-application.xml" failonerror="false"/>
+ <jar jarfile="${assemble.dir}/${appname}App.ear">
+ <fileset dir="${assemble.dir}">
+ <include name="*.jar"/>
+ <include name="*.war"/>
+ </fileset>
+ <fileset dir="${build.classes.dir}">
+ <include name="META-INF/application.xml"/>
+ <include name="META-INF/sun-application.xml"/>
+ </fileset>
+ <fileset dir="${env.APS_HOME}/lib" includes="reporter.jar"/>
+ </jar>
+
+ <copy file="${sun-application.xml}" tofile="${build.classes.dir}/META-INF/sun-application.xml" failonerror="false"/>
+ <jar jarfile="${assemble.dir}/${appname}App.ear">
+ <fileset dir="${assemble.dir}">
+ <include name="*.jar"/>
+ <include name="*.war"/>
+ </fileset>
+ <fileset dir="${build.classes.dir}">
+ <include name="META-INF/sun-application.xml"/>
+ </fileset>
+ </jar>
+ </target>
+
+ <target name="deploy" depends="init-common">
+ <antcall target="deploy-common"/>
+ </target>
+
+ <target name="run" depends="init-common">
+ <!--
+ <exec executable="${APPCLIENT}">
+ <arg line="-client" />
+ <arg line="${assemble.dir}/${appname}AppClient.jar"/>
+ <arg line="-textauth"/>
+ <arg line="-user"/>
+ <arg line="javaee"/>
+ <arg line="-password"/>
+ <arg line="javaee"/>
+ <arg line="${http.host} ${http.port}"/>
+ </exec>
+ -->
+ <antcall target="runweb">
+ <param name="servlet" value="web"/>
+ <param name="webuser" value="webuser"/>
+ <param name="webpassword" value="ww"/>
+ <param name="httpMethod" value="GET"/>
+ <param name="goldenfile" value="goldenfiles/web.html"/>
+ <param name="testcaseid" value="user-auth-webrole"/>
+ </antcall>
+ <antcall target="runweb">
+ <param name="servlet" value="ejb"/>
+ <param name="webuser" value="bobby"/>
+ <param name="webpassword" value="bb"/>
+ <param name="httpMethod" value="GET"/>
+ <param name="goldenfile" value="goldenfiles/ejb.html"/>
+ <param name="testcaseid" value="user-auth-ejbrole"/>
+ </antcall>
+ </target>
+
+ <target name="runweb" depends="init-common">
+ <taskdef name="webtest" classname="${webtest.classname}"
+ classpath="${webtest.classpath}" />
+ <webtest request="${httpMethod} /security-multimapping/${servlet} HTTP/1.0"
+ debug="9"
+ host="${http.host}"
+ port="${http.port}"
+ authMethod="BASIC"
+ userName="${webuser}"
+ password="${webpassword}"
+ firstTask="true"
+ lastTest="true"
+ lastCase="true"
+ lastTask="true"
+ resultFileName="${webtest.report.dir}/security-gtest-results.xml"
+ testSession="security-multimapping"
+ requestHeaders="Host:${http.host}:${http.port}"
+ goldenFile="${env.APS_HOME}/devtests/security/simpleMultiRoleMapping/${goldenfile}"
+ testSuiteId="security-multimapping"
+ testSuiteName="security-multimapping"
+ testSuiteDescription="Security Test"
+ testId="security-multimapping"
+ testName="security-multimapping"
+ testDescription="Testing role mapping: ${testcaseid}"
+ testCaseId="${testcaseid}"
+ testCaseName="${testcaseid}"
+ testCaseDescription="Testing role mapping"
+ testStrategy="Testing role mapping"/>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-common"/>
+ </target>
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/descriptor/application.xml b/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/descriptor/application.xml
new file mode 100644
index 0000000..2ddbe7a
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/descriptor/application.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application version="5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/application_5.xsd">
+ <display-name>security-multimapping</display-name>
+ <module>
+ <web>
+ <web-uri>security-multimapping-web.war</web-uri>
+ <context-root>/security-multimapping</context-root>
+ </web>
+ </module>
+ <module>
+ <ejb>security-multimapping-ejb.jar</ejb>
+ </module>
+</application>
diff --git a/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/descriptor/sun-application.xml b/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/descriptor/sun-application.xml
new file mode 100644
index 0000000..36d626f
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/descriptor/sun-application.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Java EE Application 5.0//EN" "http://www.sun.com/software/appserver/dtds/sun-application_5_0-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application>
+ <!-- security role mapping in submodules -->
+</sun-application>
diff --git a/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/descriptor/sun-ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/descriptor/sun-ejb-jar.xml
new file mode 100644
index 0000000..40e3dec
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/descriptor/sun-ejb-jar.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 EJB 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-ejb-jar_3_0-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-ejb-jar>
+ <enterprise-beans>
+ <ejb>
+ <ejb-name>MessageBean</ejb-name>
+ </ejb>
+ </enterprise-beans>
+
+ <security-role-mapping>
+ <role-name>ejbrole</role-name>
+ <principal-name>bobby</principal-name>
+ </security-role-mapping>
+
+</sun-ejb-jar>
diff --git a/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/descriptor/sun-web.xml b/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/descriptor/sun-web.xml
new file mode 100644
index 0000000..83ac31b
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/descriptor/sun-web.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Servlet 2.5//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-web-app error-url="">
+ <context-root>/security-multimapping</context-root>
+ <class-loader delegate="true"/>
+ <jsp-config>
+ <property name="classdebuginfo" value="true">
+ <description>Enable debug info compilation in the generated servlet class</description>
+ </property>
+ <property name="mappedfile" value="true">
+ <description>Maintain a one-to-one correspondence between static content and the generated servlet class' java code</description>
+ </property>
+ </jsp-config>
+
+ <security-role-mapping>
+ <role-name>webrole</role-name>
+ <group-name>webusers</group-name>
+ </security-role-mapping>
+
+</sun-web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/descriptor/web.xml b/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/descriptor/web.xml
new file mode 100644
index 0000000..1a8f3ea
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/descriptor/web.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
+ <servlet>
+ <servlet-name>WebTest</servlet-name>
+ <servlet-class>com.sun.s1asdev.security.simpleMultiRoleMapping.web.WebTest</servlet-class>
+ </servlet>
+ <servlet>
+ <servlet-name>EjbTest</servlet-name>
+ <servlet-class>com.sun.s1asdev.security.simpleMultiRoleMapping.web.EjbTest</servlet-class>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>WebTest</servlet-name>
+ <url-pattern>/web</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>EjbTest</servlet-name>
+ <url-pattern>/ejb</url-pattern>
+ </servlet-mapping>
+ <session-config>
+ <session-timeout>
+ 30
+ </session-timeout>
+ </session-config>
+ <welcome-file-list>
+ <welcome-file>
+ index.jsp
+ </welcome-file>
+ </welcome-file-list>
+ <security-constraint>
+ <display-name>web-constraint</display-name>
+ <web-resource-collection>
+ <web-resource-name>WebTestServlet</web-resource-name>
+ <description/>
+ <url-pattern>/web</url-pattern>
+ <http-method>GET</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <description>Only webrole can access web test</description>
+ <role-name>webrole</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <security-constraint>
+ <display-name>ejb-constraint</display-name>
+ <web-resource-collection>
+ <web-resource-name>EJBTestServlet</web-resource-name>
+ <description/>
+ <url-pattern>/ejb</url-pattern>
+ <http-method>GET</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <description>Only ejbrole can access ejb test</description>
+ <role-name>ejbrole</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ </login-config>
+ <security-role>
+ <role-name>webrole</role-name>
+ </security-role>
+ <security-role>
+ <role-name>ejbrole</role-name>
+ </security-role>
+</web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/ejb/MessageBean.java b/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/ejb/MessageBean.java
new file mode 100644
index 0000000..bf1d04f
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/ejb/MessageBean.java
@@ -0,0 +1,32 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.simpleMultiRoleMapping.ejb;
+
+import javax.annotation.security.RolesAllowed;
+import javax.ejb.Local;
+import javax.ejb.Stateless;
+
+@Stateless
+@Local({MessageLocal.class})
+public class MessageBean implements MessageLocal {
+
+ @RolesAllowed("ejbrole")
+ public String getMessage() {
+ return "Hello from ejb";
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/ejb/MessageLocal.java b/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/ejb/MessageLocal.java
new file mode 100644
index 0000000..2823923
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/ejb/MessageLocal.java
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.simpleMultiRoleMapping.ejb;
+
+import javax.ejb.Local;
+
+/**
+ * This is the business interface for Message enterprise bean.
+ */
+@Local
+public interface MessageLocal {
+ String getMessage();
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/goldenfiles/ejb.html b/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/goldenfiles/ejb.html
new file mode 100644
index 0000000..3e42a4a
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/goldenfiles/ejb.html
@@ -0,0 +1,8 @@
+<html>
+<head>
+<title>Servlet WebTest</title>
+</head>
+<body>
+<h2>Hello from ejb</h2>
+</body>
+</html>
diff --git a/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/goldenfiles/web.html b/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/goldenfiles/web.html
new file mode 100644
index 0000000..5f8059a
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/goldenfiles/web.html
@@ -0,0 +1,8 @@
+<html>
+<head>
+<title>Servlet WebTest</title>
+</head>
+<body>
+<h2>Ok</h2>
+</body>
+</html>
diff --git a/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/readme b/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/readme
new file mode 100644
index 0000000..0b72955
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/readme
@@ -0,0 +1,6 @@
+This is a unit test for https://glassfish.dev.java.net/issues/show_bug.cgi?id=2475.
+The goal is to make sure that lower-level mapping files are read, not
+to test for role conflicts in the files.
+
+The ejb module is only used indirectly. Mostly it's there to provide
+a second module so that more than one mapping file is tested.
diff --git a/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/web/EjbTest.java b/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/web/EjbTest.java
new file mode 100644
index 0000000..37269f5
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/web/EjbTest.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.simpleMultiRoleMapping.web;
+
+import com.sun.s1asdev.security.simpleMultiRoleMapping.ejb.MessageLocal;
+import java.io.*;
+import java.net.*;
+import javax.ejb.EJB;
+
+import javax.servlet.*;
+import javax.servlet.http.*;
+
+public class EjbTest extends HttpServlet {
+
+ @EJB
+ private MessageLocal messageBean;
+
+ protected void doGet(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+
+ response.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = response.getWriter();
+ out.println("<html>");
+ out.println("<head>");
+ out.println("<title>Servlet WebTest</title>");
+ out.println("</head>");
+ out.println("<body>");
+ out.println("<h2>" + messageBean.getMessage() + "</h2>");
+ out.println("</body>");
+ out.println("</html>");
+ out.close();
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/web/WebTest.java b/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/web/WebTest.java
new file mode 100644
index 0000000..c533e3f
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/simpleMultiRoleMapping/web/WebTest.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.simpleMultiRoleMapping.web;
+
+import java.io.*;
+import java.net.*;
+
+import javax.servlet.*;
+import javax.servlet.http.*;
+
+public class WebTest extends HttpServlet {
+
+ protected void doGet(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+
+ response.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = response.getWriter();
+ out.println("<html>");
+ out.println("<head>");
+ out.println("<title>Servlet WebTest</title>");
+ out.println("</head>");
+ out.println("<body>");
+ out.println("<h2>Ok</h2>");
+ out.println("</body>");
+ out.println("</html>");
+ out.close();
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/solarisRealm/README b/appserver/tests/appserv-tests/devtests/security/solarisRealm/README
new file mode 100644
index 0000000..b70b912
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/solarisRealm/README
@@ -0,0 +1,9 @@
+It is important to note that S1AS must be run as root if Solaris realm is used.
+
+The default setting assumes that there is a Solaris login guest
+with password guest123.
+
+If a different Solaris password is used for testing, please modify build.xml.
+
+If a different Solaris user/password is used for testing, then please modify
+descriptor/sun-application.xml and build.xml.
diff --git a/appserver/tests/appserv-tests/devtests/security/solarisRealm/build.properties b/appserver/tests/appserv-tests/devtests/security/solarisRealm/build.properties
new file mode 100644
index 0000000..a1835d4
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/solarisRealm/build.properties
@@ -0,0 +1,29 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security"/>
+<property name="app.type" value="application"/>
+<!--======= -->
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="sun-application.xml" value="descriptor/sun-application.xml"/>
+<property name="ejb-jar.xml" value="descriptor/ejb-jar.xml"/>
+<property name="sun-ejb-jar.xml" value="descriptor/sun-ejb-jar.xml"/>
+<property name="application-client.xml" value="descriptor/application-client.xml"/>
+<property name="sun-application-client.xml" value="descriptor/sun-application-client.xml"/>
+<property name="appname" value="rpaLoginBean"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/solarisRealm/build.xml b/appserver/tests/appserv-tests/devtests/security/solarisRealm/build.xml
new file mode 100644
index 0000000..71f07b4
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/solarisRealm/build.xml
@@ -0,0 +1,97 @@
+<?xml version="1.0"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "file:./../../../config/run.xml">
+<!ENTITY testProperties SYSTEM "./build.properties">
+]>
+
+
+<project name="solarisrealm" basedir="." default="usage">
+
+ &commonSetup;
+ &commonBuild;
+ &commonRun;
+ &testProperties;
+
+ <target name="all" depends="build, setup, deploy, run, undeploy, unsetup"/>
+ <target name="clean" depends="init-common">
+ <delete dir="${build.classes.dir}"/>
+ <delete dir="${assemble.dir}"/>
+ </target>
+
+ <target name="compile" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="shopping"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="client"/>
+ </antcall>
+ </target>
+
+ <target name="build" depends="compile">
+<!-- <property name="ejbjar.classes" value="**/*Home*.class,**/*Bean*.class,**/*Data*.class,*.dbschema"/>
+-->
+ <antcall target="build-ear-common"/>
+ </target>
+
+ <target name="setup" depends="init-common">
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="create-auth-realm" />
+ <param name="operand.props" value="--classname com.sun.enterprise.security.auth.realm.solaris.SolarisRealm --property jaas-context=solarisRealm solaris"/>
+ </antcall>
+ <!-- <antcall target="reconfig-common"/>-->
+ </target>
+
+ <target name="deploy" depends="init-common">
+ <antcall target="deploy-common"/>
+ </target>
+
+ <target name="run" depends="init-common">
+ <exec executable="${APPCLIENT}">
+ <arg line="-client"/>
+ <arg line="${assemble.dir}/${appname}AppClient.jar"/>
+ <arg line="-textauth" />
+ <arg line="-user guest"/>
+ <arg line="-password guest123"/>
+ </exec>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-common"/>
+ </target>
+
+ <target name="unsetup" depends="init-common">
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-auth-realm" />
+ <param name="operand.props" value="solaris" />
+ </antcall>
+ <!-- <antcall target="reconfig-common"/>-->
+ </target>
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+
+ <target name="restart">
+ <antcall target="restart-server-instance-common"/>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/solarisRealm/client/MANIFEST.MF b/appserver/tests/appserv-tests/devtests/security/solarisRealm/client/MANIFEST.MF
new file mode 100644
index 0000000..d6c7e78
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/solarisRealm/client/MANIFEST.MF
@@ -0,0 +1,4 @@
+Manifest-Version: 1.0
+Created-By: Apache Ant 1.5
+Main-Class: shopping.RpaClient
+
diff --git a/appserver/tests/appserv-tests/devtests/security/solarisRealm/client/RpaClient.java b/appserver/tests/appserv-tests/devtests/security/solarisRealm/client/RpaClient.java
new file mode 100644
index 0000000..7d2831b
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/solarisRealm/client/RpaClient.java
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 2002, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package shopping;
+
+import java.io.*;
+import java.util.*;
+import javax.ejb.EJBHome;
+import javax.naming.*;
+import javax.rmi.PortableRemoteObject;
+import org.omg.CORBA.ORB;
+import com.sun.enterprise.security.LoginContext;
+//import com.sun.enterprise.security.LoginException;
+import java.rmi.RemoteException;
+import java.security.*;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+public class RpaClient {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+
+ public static void main (String[] args) {
+
+ RpaClient client = new RpaClient(args);
+ client.doTest();
+ }
+
+ public RpaClient(String[] args) {
+ //super(args);
+ }
+
+ public String doTest() {
+
+ RpaRemote hr=null;
+ String res=null;
+ Context ic = null;
+ LoginContext lc=null;
+ RpaHome home=null;
+ String testId = "Sec::Solaris Realm";
+ try{
+ stat.addDescription("Security::Solaris Realm");
+ ic = new InitialContext();
+ // create EJB using factory from container
+ java.lang.Object objref = ic.lookup("rpaLoginBean");
+
+ System.err.println("Looked up home!!");
+
+ home = (RpaHome)PortableRemoteObject.narrow(
+ objref, RpaHome.class);
+ System.err.println("Narrowed home!!");
+
+ hr = home.create("LizHurley");
+ System.out.println("Got the EJB!!");
+
+ // invoke 3 overloaded methods on the EJB
+ System.out.println ("Calling authorized method - addItem");
+ hr.addItem("lipstick", 30);
+ hr.addItem("mascara", 40);
+ hr.addItem("lipstick2", 50);
+ hr.addItem("sandals", 200);
+ System.out.println(hr.getTotalCost());
+ hr.deleteItem("lipstick2");
+ java.lang.String[] shoppingList = hr.getItems();
+ System.out.println("Shopping list for LizHurley");
+ for (int i=0; i<shoppingList.length; i++){
+ System.out.println(shoppingList[i]);
+ }
+ System.out.println("Total Cost for Ms Hurley = "+
+ hr.getTotalCost());
+ stat.addStatus(testId, stat.PASS);
+ System.out.println("SolarisRealm:RpaLoginBean Test Passed");
+ } catch(Exception re){
+ re.printStackTrace();
+ stat.addStatus(testId, stat.FAIL);
+ System.out.println("SolarisRealm:RpaLoginBean Test Failed");
+ System.exit(-1);
+ } finally {
+ stat.printSummary();
+ }
+ return res;
+
+ }
+}
+
diff --git a/appserver/tests/appserv-tests/devtests/security/solarisRealm/descriptor/application-client.xml b/appserver/tests/appserv-tests/devtests/security/solarisRealm/descriptor/application-client.xml
new file mode 100644
index 0000000..2165e5a
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/solarisRealm/descriptor/application-client.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE application-client PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application Client 1.3//EN" "http://java.sun.com/dtd/application-client_1_3.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application-client>
+ <display-name>rpaLoginBean-client</display-name>
+ <description>Stateful Login Bean checking j2eelogin.name and j2eelogin.password properties</description>
+ <ejb-ref>
+ <ejb-ref-name>ejb/rpaLoginBean</ejb-ref-name>
+ <ejb-ref-type>Session</ejb-ref-type>
+ <home>shopping.RpaHome</home>
+ <remote>shopping.RpaRemote</remote>
+ </ejb-ref>
+</application-client>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/solarisRealm/descriptor/application.xml b/appserver/tests/appserv-tests/devtests/security/solarisRealm/descriptor/application.xml
new file mode 100644
index 0000000..a736f97
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/solarisRealm/descriptor/application.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE application PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application 1.3//EN" "http://java.sun.com/dtd/application_1_3.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application>
+ <display-name>rpaLoginBean</display-name>
+ <module>
+ <ejb>rpaLoginBean-ejb.jar</ejb>
+ </module>
+ <module>
+ <java>rpaLoginBean-client.jar</java>
+ </module>
+</application>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/solarisRealm/descriptor/ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/solarisRealm/descriptor/ejb-jar.xml
new file mode 100644
index 0000000..1461e61
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/solarisRealm/descriptor/ejb-jar.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 2.0//EN" "http://java.sun.com/dtd/ejb-jar_2_0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<ejb-jar>
+ <display-name>Ejb1</display-name>
+ <enterprise-beans>
+ <session>
+ <display-name>rpaLoginBean</display-name>
+ <ejb-name>rpaLoginBean</ejb-name>
+ <home>shopping.RpaHome</home>
+ <remote>shopping.RpaRemote</remote>
+ <ejb-class>shopping.RpaBean</ejb-class>
+ <session-type>Stateful</session-type>
+ <transaction-type>Container</transaction-type>
+ <security-role-ref>
+ <role-name>EMP</role-name>
+ <role-link>Employee</role-link>
+ </security-role-ref>
+ <security-role-ref>
+ <role-name>STAFF</role-name>
+ <role-link>Employee</role-link>
+ </security-role-ref>
+ <security-identity>
+ <use-caller-identity/>
+ </security-identity>
+ </session>
+ </enterprise-beans>
+ <assembly-descriptor>
+ <security-role>
+ <role-name>Employee</role-name>
+ </security-role>
+ </assembly-descriptor>
+</ejb-jar>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/solarisRealm/descriptor/sun-application-client.xml b/appserver/tests/appserv-tests/devtests/security/solarisRealm/descriptor/sun-application-client.xml
new file mode 100644
index 0000000..d22ee2b
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/solarisRealm/descriptor/sun-application-client.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application-client PUBLIC "-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 Application Client 1.3//EN" "http://www.sun.com/software/sunone/appserver/dtds/sun-application-client_1_3-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application-client>
+<ejb-ref>
+<ejb-ref-name>ejb/rpaLoginBean</ejb-ref-name>
+<jndi-name>rpaLoginBean</jndi-name>
+</ejb-ref>
+</sun-application-client>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/solarisRealm/descriptor/sun-application.xml b/appserver/tests/appserv-tests/devtests/security/solarisRealm/descriptor/sun-application.xml
new file mode 100644
index 0000000..f836d91
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/solarisRealm/descriptor/sun-application.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application PUBLIC "-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 J2EE Application 1.4//EN" "http://www.sun.com/software/sunone/appserver/dtds/sun-application_1_4-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application>
+ <unique-id>0</unique-id>
+ <security-role-mapping>
+ <role-name>Administrator</role-name>
+ <principal-name>shingwai</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>Employee</role-name>
+ <principal-name>guest</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>Manager</role-name>
+ <principal-name>guest</principal-name>
+ </security-role-mapping>
+ <realm>solaris</realm>
+</sun-application>
diff --git a/appserver/tests/appserv-tests/devtests/security/solarisRealm/descriptor/sun-ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/solarisRealm/descriptor/sun-ejb-jar.xml
new file mode 100644
index 0000000..dd0a6e8
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/solarisRealm/descriptor/sun-ejb-jar.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 EJB 2.0//EN" "http://www.sun.com/software/sunone/appserver/dtds/sun-ejb-jar_2_0-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-ejb-jar>
+<enterprise-beans>
+<unique-id>0</unique-id>
+<ejb>
+<ejb-name>rpaLoginBean</ejb-name>
+<jndi-name>rpaLoginBean</jndi-name>
+<ior-security-config>
+<transport-config>
+<integrity>supported</integrity>
+<confidentiality>supported</confidentiality>
+<establish-trust-in-target>supported</establish-trust-in-target>
+<establish-trust-in-client>supported</establish-trust-in-client>
+</transport-config>
+<as-context>
+<auth-method>username_password</auth-method>
+<realm>solaris</realm>
+<required>true</required>
+</as-context>
+<sas-context>
+<caller-propagation>supported</caller-propagation>
+</sas-context>
+</ior-security-config>
+<gen-classes/>
+</ejb>
+</enterprise-beans>
+</sun-ejb-jar>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/solarisRealm/shopping/RpaBean.java b/appserver/tests/appserv-tests/devtests/security/solarisRealm/shopping/RpaBean.java
new file mode 100644
index 0000000..cec09e4
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/solarisRealm/shopping/RpaBean.java
@@ -0,0 +1,122 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+/*
+ * ShoppingEJB.java
+ *
+ * Created on May 15, 2003, 5:16 PM
+ */
+
+package shopping;
+
+import javax.ejb.SessionContext;
+import javax.ejb.SessionBean;
+import java.util.Vector;
+import java.lang.String;
+import java.util.Iterator;
+import javax.ejb.EJBException;
+import java.rmi.RemoteException;
+/**
+ *
+ * @author Harpreet
+ * @version
+ */
+
+public class RpaBean implements SessionBean {
+
+ private String shopper = "anonymous";
+ private int totalPrice = 0;
+
+ private int totalItems = 0;
+
+ private Vector items;
+
+ private Vector itemPrice;
+
+ private SessionContext sc = null;
+
+ /** Creates a new instance of ShoppingEJB */
+ public void ejbCreate(String shopperName) {
+ shopper = shopperName;
+ items = new Vector();
+ itemPrice = new Vector();
+ }
+
+ public void addItem(java.lang.String item, int price) throws EJBException,
+ RemoteException{
+ items.add(item);
+ itemPrice.add(new Integer(price));
+ totalItems++;
+ totalPrice += price;
+ System.out.println(" Shopping Cart: Shopper "+ shopper +" has bought "
+ + item +" for price ="+ price +" .Total Items = "+totalItems +
+ " .TotalPrice = " + totalPrice);
+
+ System.out.println("Caller Princial = "+sc.getCallerPrincipal());
+ }
+
+ public void deleteItem(java.lang.String item) throws EJBException,
+ RemoteException{
+ int index = items.indexOf(item);
+ items.remove(item);
+ Integer price = (Integer) itemPrice.get(index);
+ System.out.println("Shopping Cart: Removing item "+ item +" @price "+
+ price.intValue());
+ totalPrice -= price.shortValue();
+ itemPrice.remove(index);
+ System.out.println(" Shopping Cart: Shopper "+ shopper +" .Total Items = "+totalItems +
+ " .TotalPrice = " + totalPrice);
+ System.out.println("Caller Princial = "+sc.getCallerPrincipal());
+ }
+
+ public double getTotalCost() throws EJBException{
+ System.out.println("Caller Princial = "+sc.getCallerPrincipal());
+
+ return totalPrice;
+ }
+
+ public String[] getItems() throws EJBException{
+ System.out.println("Caller Princial = "+sc.getCallerPrincipal());
+
+ Iterator it = items.iterator();
+ int sz = items.size();
+ String[] itemNames = new String[sz];
+ for(int i=0; it.hasNext();){
+ itemNames[i++] = new String( (String)it.next());
+ }
+ return itemNames;
+ }
+
+ public void ejbActivate() {
+ System.out.println("In Rpa ejbActivate");
+ }
+
+
+ public void ejbPassivate() {
+ System.out.println("In Rpa ejbPassivate");
+ }
+
+
+ public void ejbRemove() {
+ System.out.println("In Rpa ejbRemove");
+ }
+
+
+ public void setSessionContext(javax.ejb.SessionContext sessionContext) {
+ sc = sessionContext;
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/solarisRealm/shopping/RpaHome.java b/appserver/tests/appserv-tests/devtests/security/solarisRealm/shopping/RpaHome.java
new file mode 100644
index 0000000..e52095e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/solarisRealm/shopping/RpaHome.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+/*
+ * RpaHome.java
+ *
+ * Created on May 15, 2003, 5:21 PM
+ */
+
+package shopping;
+import javax.ejb.EJBHome;
+import shopping.RpaRemote;
+/**
+ *
+ * @author Harpreet Singh
+ */
+public interface RpaHome extends EJBHome{
+
+ public RpaRemote create(java.lang.String shopperName)
+ throws java.rmi.RemoteException, javax.ejb.CreateException;
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/solarisRealm/shopping/RpaRemote.java b/appserver/tests/appserv-tests/devtests/security/solarisRealm/shopping/RpaRemote.java
new file mode 100644
index 0000000..d5b1bb9
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/solarisRealm/shopping/RpaRemote.java
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+/*
+ * Rpa.java
+ *
+ * Created on May 15, 2003, 5:09 PM
+ */
+
+package shopping;
+import javax.ejb.EJBObject;
+/**
+ * Shopping Cart Stateful Session Bean. Just tests -Dj2eelogin.name
+ * -Dj2eelogin.password system properties.
+ * @author hsingh
+ */
+public interface RpaRemote extends EJBObject {
+
+ public void addItem(java.lang.String item, int price) throws java.rmi.RemoteException;
+
+ public void deleteItem(java.lang.String item) throws java.rmi.RemoteException;
+
+ public double getTotalCost() throws java.rmi.RemoteException;
+
+ public java.lang.String[] getItems() throws java.rmi.RemoteException;
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/README.md b/appserver/tests/appserv-tests/devtests/security/soteria/README.md
new file mode 100644
index 0000000..2e4cccd
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/README.md
@@ -0,0 +1,25 @@
+This is integration devtests for JSR 375 RI(soteria).
+The sample apps are taken from [Soteria](https://github.com/eclipse-ee4j/soteria) repository.
+Follow the below instructions to run the tests.
+1. set APS_HOME to appserv-tests dir.
+2. set M2_HOME to maven Home.
+3. set S1AS_HOME to glassfish installation. The S1AS_HOME should contain glassfish directory.
+4. $S1AS_HOME/bin/asadmin start-domain
+5. Run mvn clean verify
+6. $S1AS_HOME/bin/asadmin stop-domain
+
+Known Issue:
+1.Aruillian gf container:
+------------
+Jun 05, 2017 3:50:22 PM org.jboss.arquillian.container.glassfish.clientutils.GlassFishClientUtil getResponseMap
+SEVERE: exit_code: FAILURE, message: An error occurred while processing the request. Please see the server logs for details. [status: SERVER_ERROR reason: Service Unavailable]
+[ERROR] Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 6.173 s <<< FAILURE! - in org.glassfish.soteria.test.AppMemBasicIT
+[ERROR] org.glassfish.soteria.test.AppMemBasicIT Time elapsed: 6.165 s <<< ERROR!
+com.sun.jersey.api.container.ContainerException: exit_code: FAILURE, message: An error occurred while processing the request. Please see the server logs for details. [status: SERVER_ERROR reason: Service Unavailable]
+
+Jun 05, 2017 3:50:22 PM org.jboss.arquillian.container.glassfish.managed_3_1.GlassFishServerControl$1 run
+WARNING: Forcing container shutdown
+Stopping container using command: [java, -jar, /media/sameerpandit/WLS/javaEE/tt/glassfish5/glassfish/../glassfish/modules/admin-cli.jar, stop-domain, -t]
+------------
+
+Resolve this by running the test with a fresh $S1AS_HOME.
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/README.md b/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/README.md
new file mode 100644
index 0000000..4e9d394
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/README.md
@@ -0,0 +1,5 @@
+### app-bundled-ham-basic-login-config-form
+
+**If an application bundles its own `HttpAuthenticationMechanism`, then for authentication, the container will rely on the bundled mechanism and will ignore the `login-config` element in deployment descriptor of the application.
+
+In this sample app, the `BASIC` authentication mechanism defined in `HttpAuthenticationMechanism` takes precedencce over `FORM` authentication present in `login-config`.
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/pom.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/pom.xml
new file mode 100644
index 0000000..d7daa8f
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/pom.xml
@@ -0,0 +1,47 @@
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>soteria</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>app-bundled-ham-basic-login-config-form</artifactId>
+ <packaging>war</packaging>
+
+ <build>
+ <finalName>app-bundled-ham-basic-login-config-form</finalName>
+ </build>
+
+ <properties>
+ <failOnMissingWebXml>false</failOnMissingWebXml>
+ </properties>
+ <dependencies>
+ <dependency>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>common</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/src/main/java/org/glassfish/soteria/test/BasicAuthenticationServlet.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/src/main/java/org/glassfish/soteria/test/BasicAuthenticationServlet.java
new file mode 100644
index 0000000..b2548ee
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/src/main/java/org/glassfish/soteria/test/BasicAuthenticationServlet.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import java.io.IOException;
+
+import javax.inject.Inject;
+import javax.security.enterprise.SecurityContext;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.HttpConstraint;
+import javax.servlet.annotation.ServletSecurity;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@WebServlet(urlPatterns = "/basicAuthenticationServlet")
+@ServletSecurity(@HttpConstraint(rolesAllowed = "foo"))
+
+public class BasicAuthenticationServlet extends HttpServlet {
+
+ @Override
+ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+ response.getWriter().write("Authentication Mechanism:" + response.getHeader("Authentication Mechanism") +"\n");
+
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java
new file mode 100644
index 0000000..47a3baf
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import javax.enterprise.context.RequestScoped;
+import javax.inject.Inject;
+import javax.security.enterprise.AuthenticationException;
+import javax.security.enterprise.AuthenticationStatus;
+import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
+import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
+import javax.security.enterprise.credential.UsernamePasswordCredential;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.IdentityStoreHandler;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import static javax.security.enterprise.identitystore.CredentialValidationResult.Status.VALID;
+
+@RequestScoped
+public class TestAuthenticationMechanism implements HttpAuthenticationMechanism {
+
+ @Inject
+ private IdentityStoreHandler identityStoreHandler;
+
+ @Override
+ public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
+
+ // Get the (caller) name and password from the request
+ // NOTE: This is for the smallest possible example only. In practice
+ // putting the password in a request query parameter is highly
+ // insecure
+ String name = request.getParameter("name");
+ String password = request.getParameter("password");
+
+ if (name != null && password != null) {
+
+ // Delegate the {credentials in -> identity data out} function to
+ // the Identity Store
+ CredentialValidationResult result = identityStoreHandler.validate(
+ new UsernamePasswordCredential(name, password));
+
+ if (result.getStatus() == VALID) {
+ // Communicate the details of the authenticated user to the
+ // container. In many cases the underlying handler will just store the details
+ // and the container will actually handle the login after we return from
+ // this method.
+ response.addHeader("Authentication Mechanism", "TestAuthenticationMechanism");
+ return httpMessageContext.notifyContainerAboutLogin(
+ result.getCallerPrincipal(), result.getCallerGroups());
+ } else {
+ return httpMessageContext.responseUnauthorized();
+ }
+ }
+
+ return httpMessageContext.doNothing();
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/src/main/java/org/glassfish/soteria/test/TestIdentityStore.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/src/main/java/org/glassfish/soteria/test/TestIdentityStore.java
new file mode 100644
index 0000000..874747e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/src/main/java/org/glassfish/soteria/test/TestIdentityStore.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static java.util.Arrays.asList;
+import static javax.security.enterprise.identitystore.CredentialValidationResult.INVALID_RESULT;
+
+import java.util.HashSet;
+
+import javax.enterprise.context.RequestScoped;
+import javax.security.enterprise.credential.UsernamePasswordCredential;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.IdentityStore;
+
+@RequestScoped
+public class TestIdentityStore implements IdentityStore {
+
+ public CredentialValidationResult validate(UsernamePasswordCredential usernamePasswordCredential) {
+
+ if (usernamePasswordCredential.compareTo("reza", "secret1")) {
+ return new CredentialValidationResult("reza", new HashSet<>(asList("foo", "bar")));
+ }
+
+ return INVALID_RESULT;
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/src/main/webapp/WEB-INF/beans.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/src/main/webapp/WEB-INF/beans.xml
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/src/main/webapp/WEB-INF/beans.xml
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/src/main/webapp/WEB-INF/web.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 0000000..2dee08d
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,52 @@
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
+ version="3.1">
+
+ <servlet>
+ <display-name>index</display-name>
+ <servlet-name>index</servlet-name>
+ <jsp-file>/index.jsp</jsp-file>
+ </servlet>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>FORM Based Authentication Servlet</web-resource-name>
+ <url-pattern>/</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>foo</role-name>
+ </auth-constraint>
+ <user-data-constraint>
+ <transport-guarantee>NONE</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>FORM</auth-method>
+ <realm-name>file</realm-name>
+ <form-login-config>
+ <form-login-page>/loginform.jsp</form-login-page>
+ <form-error-page>/loginerror.jsp</form-error-page>
+ </form-login-config>
+ </login-config>
+</web-app>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/src/main/webapp/index.jsp b/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/src/main/webapp/index.jsp
new file mode 100644
index 0000000..afdc05b
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/src/main/webapp/index.jsp
@@ -0,0 +1,33 @@
+<%--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+--%>
+
+<%@page contentType="text/html" pageEncoding="UTF-8"%>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+ <title>Form-based Security - Success</title>
+ </head>
+ <body>
+ <h1>Form-based Security - Success</h1>
+
+ If you reached this page that means form-based security credentials are correctly configured.
+ </body>
+</html>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/src/main/webapp/loginerror.jsp b/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/src/main/webapp/loginerror.jsp
new file mode 100644
index 0000000..63b43e4
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/src/main/webapp/loginerror.jsp
@@ -0,0 +1,38 @@
+<%--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+--%>
+
+<%@page contentType="text/html" pageEncoding="UTF-8"%>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+ <title>Form-Based Login Error Page</title>
+ </head>
+ <body>
+ <h1>Login Error Page</h1>
+
+ <h2>Invalid user name or password.</h2>
+
+ <p>Please specify a valid user/password combination</p>
+
+ Click here to <a href="loginform.jsp">Try Again</a></p>
+
+ </body>
+</html>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/src/main/webapp/loginform.jsp b/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/src/main/webapp/loginform.jsp
new file mode 100644
index 0000000..71bc4fe
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/src/main/webapp/loginform.jsp
@@ -0,0 +1,39 @@
+<%--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+--%>
+
+<%@page contentType="text/html" pageEncoding="UTF-8"%>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+ <title>Form-Based Login Page</title>
+ </head>
+ <body>
+ <h1>Form-Based Login Page</h1>
+
+ <form method="POST" action="j_security_check">
+ Username: <input type="text" name="j_username"> <p/>
+ Password: <input type="password" name="j_password" autocomplete="off"> <p/>
+ <input type="submit" value="Submit" name="submitButton">
+ <input type="reset" value="Reset">
+ </form>
+
+ </body>
+</html>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/src/test/java/org/glassfish/soteria/test/AppBundledHAMPrecendenceOverLoginConfigInWebXmlIT.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/src/test/java/org/glassfish/soteria/test/AppBundledHAMPrecendenceOverLoginConfigInWebXmlIT.java
new file mode 100644
index 0000000..a9dd417
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-bundled-ham-basic-login-config-form/src/test/java/org/glassfish/soteria/test/AppBundledHAMPrecendenceOverLoginConfigInWebXmlIT.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static org.glassfish.soteria.test.Assert.*;
+import static org.glassfish.soteria.test.ShrinkWrap.mavenWar;
+
+import org.glassfish.soteria.test.ArquillianBase;
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.shrinkwrap.api.Archive;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import org.junit.Rule;
+import org.junit.AfterClass;
+import org.junit.rules.TestWatcher;
+
+import com.gargoylesoftware.htmlunit.DefaultCredentialsProvider;
+import com.gargoylesoftware.htmlunit.WebResponse;
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+@RunWith(Arquillian.class)
+public class AppBundledHAMPrecendenceOverLoginConfigInWebXmlIT extends ArquillianBase {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+ @Rule
+ public TestWatcher reportWatcher=new ReportWatcher(stat, "Security::soteria::AppBundledHAMPrecendenceOverLoginConfigInWebXml");
+
+ @AfterClass
+ public static void printSummary(){
+ stat.printSummary();
+ }
+
+ @Deployment(testable = false)
+ public static Archive<?> createDeployment() {
+ return mavenWar();
+ }
+
+ @Test
+ public void testHAMPrecedenceOverLoginConfig() {
+
+ assertBundledHAMPrecedenceOverLoginConfig(
+ responseFromServer("/basicAuthenticationServlet?name=reza&password=secret1"));
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-caller-principal/README.md b/appserver/tests/appserv-tests/devtests/security/soteria/app-caller-principal/README.md
new file mode 100644
index 0000000..0bb7d10
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-caller-principal/README.md
@@ -0,0 +1,12 @@
+
+### app-container-application-principal-getname
+
+**From JSR 375 Specification**
+
+> **1.2.2. Caller Principal Types**
+
+> When both a container caller principal and an application caller principal are present, the value obtained by calling getName() on both principals MUST be the same.
+
+In this test, application provides its own caller principal,
+and hence, subject contains two such principals, one
+representing the container and other one representing the application itself.
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-caller-principal/pom.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-caller-principal/pom.xml
new file mode 100644
index 0000000..55ac721
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-caller-principal/pom.xml
@@ -0,0 +1,47 @@
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>soteria</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>app-caller-principal</artifactId>
+ <packaging>war</packaging>
+
+ <build>
+ <finalName>app-caller-principal</finalName>
+ </build>
+
+ <properties>
+ <failOnMissingWebXml>false</failOnMissingWebXml>
+ </properties>
+ <dependencies>
+ <dependency>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>common</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-caller-principal/src/main/java/org/glassfish/soteria/test/AppPrincipal.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-caller-principal/src/main/java/org/glassfish/soteria/test/AppPrincipal.java
new file mode 100644
index 0000000..f52f925
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-caller-principal/src/main/java/org/glassfish/soteria/test/AppPrincipal.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import java.security.Principal;
+
+/**
+ * Created by vinay on 7/8/17.
+ */
+public class AppPrincipal implements Principal {
+ String name;
+
+ public AppPrincipal(String name){
+ this.name = name;
+ }
+
+ @Override
+ public String getName() {
+ return name;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-caller-principal/src/main/java/org/glassfish/soteria/test/CallerSubjectServlet.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-caller-principal/src/main/java/org/glassfish/soteria/test/CallerSubjectServlet.java
new file mode 100644
index 0000000..cc87399
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-caller-principal/src/main/java/org/glassfish/soteria/test/CallerSubjectServlet.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import java.io.IOException;
+
+import javax.inject.Inject;
+import javax.security.enterprise.SecurityContext;
+import javax.security.enterprise.CallerPrincipal;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.HttpConstraint;
+import javax.servlet.annotation.ServletSecurity;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.security.Principal;
+import java.util.Optional;
+import java.util.Set;
+
+/**
+ * The Servlet which validates if for the authenticated user, both
+ * container and caller principals are present in the subject
+ * representing the caller.
+ */
+@WebServlet("/callerSubjectServlet")
+@ServletSecurity(@HttpConstraint(rolesAllowed = "foo"))
+public class CallerSubjectServlet extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ @Inject
+ private SecurityContext securityContext;
+
+ @Override
+ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+ String containerCallerPrincipalName = null;
+ String appPrincipalName = null;
+ String callerPrincipalFromSecurityContextName = null;
+ boolean isUserInRole = securityContext.isCallerInRole("foo");
+ int callerPrincipalCount = 0;
+
+ Principal containerCallerPrincipal = securityContext.getCallerPrincipal();
+ containerCallerPrincipalName = containerCallerPrincipal.getName();
+
+ Set<Principal> principals = securityContext.getPrincipalsByType(java.security.Principal.class);
+
+ Optional<Principal> appCallerPrincipalOptional = principals.stream().filter((p) -> p.getClass().getName() == AppPrincipal.class.getName())
+ .findAny();
+ Principal appPrincipal = null;
+ if (appCallerPrincipalOptional.isPresent()) {
+ callerPrincipalCount++;
+ appPrincipal = appCallerPrincipalOptional.get();
+ appPrincipalName = appPrincipal.getName();
+ }
+
+ Optional<Principal> containerCallerPrincipalOptional = principals.stream().filter((p) -> p.getClass().getName() == CallerPrincipal
+ .class.getName())
+ .findAny();
+ Principal callerPrincipalFromSecurityContext = null;
+ if (containerCallerPrincipalOptional.isPresent()) {
+ callerPrincipalCount++;
+ callerPrincipalFromSecurityContext = containerCallerPrincipalOptional.get();
+ callerPrincipalFromSecurityContextName = callerPrincipalFromSecurityContext.getName();
+ }
+
+ if (!containerCallerPrincipalName.isEmpty() && !appPrincipalName.isEmpty() && containerCallerPrincipalName.equals
+ (appPrincipalName) && isUserInRole & callerPrincipalCount == 1) {
+ response.getWriter().write(String.format("Container caller principal and application caller principal both are " +
+ "represented by same principal for user %s and is in role %s", containerCallerPrincipal.getName(), "foo"));
+ } else {
+ response.getWriter().write(String.format("Both %s and %s principal types are available wherein only principal of " +
+ "type %s was expected for user %s and is in role %s",AppPrincipal.class.getName(), CallerPrincipal.class
+ .getName(), AppPrincipal.class.getName(), containerCallerPrincipal.getName(),
+ "foo"));
+ }
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-caller-principal/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-caller-principal/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java
new file mode 100644
index 0000000..c9357ce
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-caller-principal/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static javax.security.enterprise.identitystore.CredentialValidationResult.Status.VALID;
+
+import javax.enterprise.context.RequestScoped;
+import javax.inject.Inject;
+import javax.security.enterprise.AuthenticationStatus;
+import javax.security.enterprise.AuthenticationException;
+import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
+import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.IdentityStoreHandler;
+import javax.security.enterprise.credential.UsernamePasswordCredential;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+
+
+
+@RequestScoped
+public class TestAuthenticationMechanism implements HttpAuthenticationMechanism {
+
+ @Inject
+ private IdentityStoreHandler identityStoreHandler;
+
+ @Override
+ public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
+
+ // Get the (caller) name and password from the request
+ // NOTE: This is for the smallest possible example only. In practice
+ // putting the password in a request query parameter is highly
+ // insecure
+ String name = request.getParameter("name");
+ String password = request.getParameter("password");
+
+ if (name != null && password != null) {
+
+ // Delegate the {credentials in -> identity data out} function to
+ // the Identity Store
+ CredentialValidationResult result = identityStoreHandler.validate(
+ new UsernamePasswordCredential(name, password));
+
+ if (result.getStatus() == VALID) {
+ // In this case , application chooses to provide its own caller principal
+ return httpMessageContext.notifyContainerAboutLogin(
+ new AppPrincipal(name), result.getCallerGroups());
+
+ } else {
+ return httpMessageContext.responseUnauthorized();
+ }
+ }
+
+ return httpMessageContext.doNothing();
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-caller-principal/src/main/java/org/glassfish/soteria/test/TestIdentityStore.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-caller-principal/src/main/java/org/glassfish/soteria/test/TestIdentityStore.java
new file mode 100644
index 0000000..0200b04
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-caller-principal/src/main/java/org/glassfish/soteria/test/TestIdentityStore.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static java.util.Arrays.asList;
+import static javax.security.enterprise.identitystore.CredentialValidationResult.INVALID_RESULT;
+
+import java.util.HashSet;
+
+import javax.enterprise.context.RequestScoped;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.IdentityStore;
+import javax.security.enterprise.credential.UsernamePasswordCredential;
+
+@RequestScoped
+public class TestIdentityStore implements IdentityStore {
+
+ public CredentialValidationResult validate(UsernamePasswordCredential usernamePasswordCredential) {
+
+ if (usernamePasswordCredential.compareTo("reza", "secret1")) {
+ return new CredentialValidationResult("reza", new HashSet<>(asList("foo", "bar")));
+ }
+
+ return INVALID_RESULT;
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-caller-principal/src/main/webapp/WEB-INF/beans.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-caller-principal/src/main/webapp/WEB-INF/beans.xml
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-caller-principal/src/main/webapp/WEB-INF/beans.xml
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-caller-principal/src/main/webapp/WEB-INF/web.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-caller-principal/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 0000000..09fffb4
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-caller-principal/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app
+ xmlns="http://xmlns.jcp.org/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
+ version="3.1"
+>
+
+ <!-- Security constraints and roles. -->
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>User pages</web-resource-name>
+ <url-pattern>/protectedServlet</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>foo</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+
+ <security-role>
+ <role-name>foo</role-name>
+ </security-role>
+
+</web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-caller-principal/src/test/java/org/glassfish/soteria/test/AppCallerPrincipalIT.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-caller-principal/src/test/java/org/glassfish/soteria/test/AppCallerPrincipalIT.java
new file mode 100644
index 0000000..2ff7f05
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-caller-principal/src/test/java/org/glassfish/soteria/test/AppCallerPrincipalIT.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static org.glassfish.soteria.test.Assert.*;
+import static org.glassfish.soteria.test.ShrinkWrap.mavenWar;
+
+import org.glassfish.soteria.test.ArquillianBase;
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.shrinkwrap.api.Archive;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import org.junit.Rule;
+import org.junit.AfterClass;
+import org.junit.rules.TestWatcher;
+
+import com.gargoylesoftware.htmlunit.DefaultCredentialsProvider;
+import com.gargoylesoftware.htmlunit.WebResponse;
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+@RunWith(Arquillian.class)
+public class AppCallerPrincipalIT extends ArquillianBase {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+ @Rule
+ public TestWatcher reportWatcher=new ReportWatcher(stat, "Security::soteria::AppCallerPrincipal");
+
+ @AfterClass
+ public static void printSummary(){
+ stat.printSummary();
+ }
+
+ @Deployment(testable = false)
+ public static Archive<?> createDeployment() {
+ return mavenWar();
+ }
+
+ @Test
+ public void testCallerSubjectPrincipals() {
+ assertApplicationPrincipalAndContainerPrincipalName(
+ responseFromServer("/callerSubjectServlet?name=reza&password=secret1"));
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/pom.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/pom.xml
new file mode 100644
index 0000000..ee7c587
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/pom.xml
@@ -0,0 +1,51 @@
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>soteria</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>app-custom-identity-store-handler</artifactId>
+ <packaging>war</packaging>
+
+ <build>
+ <finalName>app-custom-identity-store-handler</finalName>
+ </build>
+
+ <properties>
+ <failOnMissingWebXml>false</failOnMissingWebXml>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>common</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>com.unboundid</groupId>
+ <artifactId>unboundid-ldapsdk</artifactId>
+ </dependency>
+ </dependencies>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/main/java/org/glassfish/soteria/test/BlackListedIdentityStore.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/main/java/org/glassfish/soteria/test/BlackListedIdentityStore.java
new file mode 100644
index 0000000..750480e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/main/java/org/glassfish/soteria/test/BlackListedIdentityStore.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static javax.security.enterprise.identitystore.CredentialValidationResult.INVALID_RESULT;
+import static javax.security.enterprise.identitystore.CredentialValidationResult.NOT_VALIDATED_RESULT;
+import static javax.security.enterprise.identitystore.IdentityStore.ValidationType.VALIDATE;
+import static org.glassfish.soteria.Utils.unmodifiableSet;
+
+import java.util.Set;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.security.enterprise.credential.Credential;
+import javax.security.enterprise.credential.UsernamePasswordCredential;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.IdentityStore;
+
+/**
+ *
+ */
+@ApplicationScoped
+public class BlackListedIdentityStore implements IdentityStore {
+
+ @Override
+ public CredentialValidationResult validate(Credential credential) {
+ CredentialValidationResult result = NOT_VALIDATED_RESULT;
+ if (credential instanceof UsernamePasswordCredential) {
+ UsernamePasswordCredential usernamePassword = (UsernamePasswordCredential) credential;
+
+ if ("rudy".equals(usernamePassword.getCaller())) {
+
+ result = INVALID_RESULT;
+ }
+ }
+ return result;
+ }
+
+ @Override
+ public int priority() {
+ return 1000;
+ }
+
+ @Override
+ public Set<ValidationType> validationTypes() {
+ return unmodifiableSet(VALIDATE);
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/main/java/org/glassfish/soteria/test/ConfigBean.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/main/java/org/glassfish/soteria/test/ConfigBean.java
new file mode 100644
index 0000000..3b84e9f
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/main/java/org/glassfish/soteria/test/ConfigBean.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import javax.security.enterprise.identitystore.IdentityStore.ValidationType;
+import static javax.security.enterprise.identitystore.IdentityStore.ValidationType.PROVIDE_GROUPS;
+import static javax.security.enterprise.identitystore.IdentityStore.ValidationType.VALIDATE;
+
+import javax.security.enterprise.identitystore.LdapIdentityStoreDefinition.LdapSearchScope;
+import static javax.security.enterprise.identitystore.LdapIdentityStoreDefinition.LdapSearchScope.ONE_LEVEL;
+import static javax.security.enterprise.identitystore.LdapIdentityStoreDefinition.LdapSearchScope.SUBTREE;
+
+import javax.enterprise.context.RequestScoped;
+import javax.inject.Named;
+
+@RequestScoped
+@Named
+public class ConfigBean {
+ private int priority300=300;
+ private int priority100=100;
+ private ValidationType[] useforBoth = {ValidationType.VALIDATE, ValidationType.PROVIDE_GROUPS};
+ private ValidationType[] useforValidate = {ValidationType.VALIDATE};
+ private ValidationType[] useforProvideGroup = {ValidationType.PROVIDE_GROUPS};
+ private LdapSearchScope searchScopeOneLevel = ONE_LEVEL;
+ private LdapSearchScope searchScopeSubTree = SUBTREE;
+
+ public int getPriority300(){
+ return priority300;
+ }
+
+ public int getPriority100(){
+ return priority100;
+ }
+
+ public ValidationType[] getUseforBoth(){
+ return useforBoth;
+ }
+
+ public ValidationType[] getUseforValidate(){
+ return useforValidate;
+ }
+
+ public ValidationType[] getUseforProvideGroup(){
+ return useforProvideGroup;
+ }
+
+ public LdapSearchScope getSearchScopeOneLevel(){
+ return ONE_LEVEL;
+ }
+
+ public LdapSearchScope getSearchScopeSubTree(){
+ return SUBTREE;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/main/java/org/glassfish/soteria/test/CustomIdentityStoreHandler.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/main/java/org/glassfish/soteria/test/CustomIdentityStoreHandler.java
new file mode 100644
index 0000000..fb6ef9c
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/main/java/org/glassfish/soteria/test/CustomIdentityStoreHandler.java
@@ -0,0 +1,121 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import javax.annotation.PostConstruct;
+import javax.annotation.Priority;
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.inject.Alternative;
+import javax.security.enterprise.CallerPrincipal;
+import javax.security.enterprise.credential.Credential;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.IdentityStore;
+import javax.security.enterprise.identitystore.IdentityStoreHandler;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import static java.util.Comparator.comparing;
+import static java.util.stream.Collectors.toList;
+import static javax.interceptor.Interceptor.Priority.APPLICATION;
+import static javax.security.enterprise.identitystore.CredentialValidationResult.INVALID_RESULT;
+import static javax.security.enterprise.identitystore.CredentialValidationResult.Status.VALID;
+import static javax.security.enterprise.identitystore.IdentityStore.ValidationType.PROVIDE_GROUPS;
+import static javax.security.enterprise.identitystore.IdentityStore.ValidationType.VALIDATE;
+import static org.glassfish.soteria.cdi.CdiUtils.getBeanReferencesByType;
+
+/**
+ *
+ */
+@Alternative
+@Priority(APPLICATION)
+@ApplicationScoped
+public class CustomIdentityStoreHandler implements IdentityStoreHandler {
+
+ private List<IdentityStore> validatingIdentityStores;
+ private List<IdentityStore> groupProvidingIdentityStores;
+
+ @PostConstruct
+ public void init() {
+ List<IdentityStore> identityStores = getBeanReferencesByType(IdentityStore.class, false);
+
+ validatingIdentityStores = identityStores.stream()
+ .filter(i -> i.validationTypes().contains(VALIDATE))
+ .sorted(comparing(IdentityStore::priority))
+ .collect(toList());
+
+ groupProvidingIdentityStores = identityStores.stream()
+ .filter(i -> i.validationTypes().contains(PROVIDE_GROUPS))
+ .sorted(comparing(IdentityStore::priority))
+ .collect(toList());
+ }
+
+ @Override
+ public CredentialValidationResult validate(Credential credential) {
+ CredentialValidationResult validationResult = null;
+ IdentityStore identityStore = null;
+
+ // Check all stores and stop when one marks it as invalid.
+ for (IdentityStore authenticationIdentityStore : validatingIdentityStores) {
+ CredentialValidationResult temp = authenticationIdentityStore.validate(credential);
+ switch (temp.getStatus()) {
+
+ case NOT_VALIDATED:
+ // Don't do anything
+ break;
+ case INVALID:
+ validationResult = temp;
+ break;
+ case VALID:
+ validationResult = temp;
+ identityStore = authenticationIdentityStore;
+ break;
+ default:
+ throw new IllegalArgumentException("Value not supported " + temp.getStatus());
+ }
+ if (validationResult != null && validationResult.getStatus() == CredentialValidationResult.Status.INVALID) {
+ break;
+ }
+ }
+
+ if (validationResult == null) {
+ // No authentication store at all
+ return INVALID_RESULT;
+ }
+
+ if (validationResult.getStatus() != VALID) {
+ // No store validated (authenticated), no need to continue
+ return validationResult;
+ }
+
+ CallerPrincipal callerPrincipal = validationResult.getCallerPrincipal();
+
+ Set<String> groups = new HashSet<>();
+ if (identityStore.validationTypes().contains(PROVIDE_GROUPS)) {
+ groups.addAll(validationResult.getCallerGroups());
+ }
+
+ // Ask all stores that were configured for authorization to get the groups for the
+ // authenticated caller
+ for (IdentityStore authorizationIdentityStore : groupProvidingIdentityStores) {
+ groups.addAll(authorizationIdentityStore.getCallerGroups(validationResult));
+ }
+
+ return new CredentialValidationResult(callerPrincipal, groups);
+
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/main/java/org/glassfish/soteria/test/GroupProviderIdentityStore.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/main/java/org/glassfish/soteria/test/GroupProviderIdentityStore.java
new file mode 100644
index 0000000..afb15f8
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/main/java/org/glassfish/soteria/test/GroupProviderIdentityStore.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static java.util.Arrays.asList;
+import static java.util.Collections.emptySet;
+import static javax.security.enterprise.identitystore.IdentityStore.ValidationType.PROVIDE_GROUPS;
+import static org.glassfish.soteria.Utils.unmodifiableSet;
+
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+import javax.annotation.PostConstruct;
+import javax.enterprise.context.ApplicationScoped;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.IdentityStore;
+import javax.security.enterprise.identitystore.LdapIdentityStoreDefinition;
+import javax.security.enterprise.identitystore.LdapIdentityStoreDefinition.LdapSearchScope;
+import javax.security.enterprise.identitystore.IdentityStore.ValidationType;
+import static javax.security.enterprise.identitystore.LdapIdentityStoreDefinition.LdapSearchScope.SUBTREE;
+import static javax.security.enterprise.identitystore.IdentityStore.ValidationType.VALIDATE;
+
+/**
+ *
+ */
+@LdapIdentityStoreDefinition(
+ url = "ldap://localhost:33389/",
+ callerBaseDn = "ou=caller,dc=jsr375,dc=net",
+ callerSearchScope = LdapSearchScope.SUBTREE,
+ groupSearchBase = "ou=group,dc=jsr375,dc=net",
+ useForExpression = "#{'VALIDATE'}",
+ groupSearchScopeExpression = "${configBean.searchScopeOneLevel}"
+)
+@ApplicationScoped
+public class GroupProviderIdentityStore implements IdentityStore {
+
+ private Map<String, Set<String>> groupsPerCaller;
+
+ @PostConstruct
+ public void init() {
+ groupsPerCaller = new HashMap<>();
+
+ groupsPerCaller.put("rudy", new HashSet<>(asList("foo", "bar")));
+ groupsPerCaller.put("will", new HashSet<>(asList("foo", "bar", "baz")));
+ groupsPerCaller.put("arjan", new HashSet<>(asList("foo", "baz")));
+ groupsPerCaller.put("reza", new HashSet<>(asList("baz")));
+
+ }
+
+ @Override
+ public Set<String> getCallerGroups(CredentialValidationResult validationResult) {
+ Set<String> result = groupsPerCaller.get(validationResult.getCallerPrincipal().getName());
+ if (result == null) {
+ result = emptySet();
+ }
+
+ return result;
+ }
+
+ @Override
+ public Set<ValidationType> validationTypes() {
+ return unmodifiableSet(PROVIDE_GROUPS);
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/main/java/org/glassfish/soteria/test/LdapSetup.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/main/java/org/glassfish/soteria/test/LdapSetup.java
new file mode 100644
index 0000000..0f3f0a4
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/main/java/org/glassfish/soteria/test/LdapSetup.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import com.unboundid.ldap.listener.InMemoryDirectoryServer;
+import com.unboundid.ldap.listener.InMemoryDirectoryServerConfig;
+import com.unboundid.ldap.listener.InMemoryListenerConfig;
+import com.unboundid.ldap.sdk.LDAPException;
+import com.unboundid.ldif.LDIFReader;
+
+import javax.annotation.PostConstruct;
+import javax.annotation.PreDestroy;
+import javax.ejb.Singleton;
+import javax.ejb.Startup;
+
+/**
+ * Starts up the embedded Unboundid LDAP server on port 33389 and loads a test directory
+ * into it containing the same caller- and roles names as the Database and Embedded idenity
+ * stores are using.
+ *
+ * @author Arjan Tijms
+ *
+ */
+@Startup
+@Singleton
+public class LdapSetup {
+
+ private InMemoryDirectoryServer directoryServer;
+
+ @PostConstruct
+ public void init() {
+ try {
+ InMemoryDirectoryServerConfig config = new InMemoryDirectoryServerConfig("dc=net");
+ config.setListenerConfigs(
+ new InMemoryListenerConfig("myListener", null, 33389, null, null, null));
+
+ directoryServer = new InMemoryDirectoryServer(config);
+
+ directoryServer.importFromLDIF(true,
+ new LDIFReader(this.getClass().getResourceAsStream("/test.ldif")));
+
+ directoryServer.startListening();
+ } catch (LDAPException e) {
+ throw new IllegalStateException(e);
+ }
+ }
+
+ @PreDestroy
+ public void destroy() {
+ directoryServer.shutDown(true);
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/main/java/org/glassfish/soteria/test/Servlet.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/main/java/org/glassfish/soteria/test/Servlet.java
new file mode 100644
index 0000000..23e09c7
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/main/java/org/glassfish/soteria/test/Servlet.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import java.io.IOException;
+
+import javax.annotation.security.DeclareRoles;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Test Servlet that prints out the name of the authenticated caller and whether
+ * this caller is in any of the roles {foo, bar, kaz}
+ */
+
+@DeclareRoles({"foo", "bar", "baz"})
+@WebServlet("/servlet")
+public class Servlet extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ @Override
+ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+ response.getWriter().write("This is a servlet \n");
+
+ String webName = null;
+ if (request.getUserPrincipal() != null) {
+ webName = request.getUserPrincipal().getName();
+ }
+
+ response.getWriter().write("web username: " + webName + "\n");
+
+ response.getWriter().write("web user has role \"foo\": " + request.isUserInRole("foo") + "\n");
+ response.getWriter().write("web user has role \"bar\": " + request.isUserInRole("bar") + "\n");
+ response.getWriter().write("web user has role \"baz\": " + request.isUserInRole("baz") + "\n");
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java
new file mode 100644
index 0000000..fa570fe
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.inject.Inject;
+import javax.security.enterprise.AuthenticationException;
+import javax.security.enterprise.AuthenticationStatus;
+import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
+import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
+import javax.security.enterprise.credential.Password;
+import javax.security.enterprise.credential.UsernamePasswordCredential;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.IdentityStoreHandler;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import static javax.security.enterprise.identitystore.CredentialValidationResult.Status.VALID;
+
+@ApplicationScoped
+public class TestAuthenticationMechanism implements HttpAuthenticationMechanism {
+
+ @Inject
+ private IdentityStoreHandler identityStoreHandler;
+
+ @Override
+ public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
+
+ if (request.getParameter("name") != null && request.getParameter("password") != null) {
+
+ // Get the (caller) name and password from the request
+ // NOTE: This is for the smallest possible example only. In practice
+ // putting the password in a request query parameter is highly
+ // insecure
+ String name = request.getParameter("name");
+ Password password = new Password(request.getParameter("password"));
+
+ // Delegate the {credentials in -> identity data out} function to
+ // the Identity Store
+ CredentialValidationResult result = identityStoreHandler.validate(
+ new UsernamePasswordCredential(name, password));
+
+ if (result.getStatus() == VALID) {
+ // Communicate the details of the authenticated user to the
+ // container. In many cases the underlying handler will just store the details
+ // and the container will actually handle the login after we return from
+ // this method.
+ return httpMessageContext.notifyContainerAboutLogin(
+ result.getCallerPrincipal(), result.getCallerGroups());
+ }
+
+ return httpMessageContext.responseUnauthorized();
+ }
+
+ return httpMessageContext.doNothing();
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/main/resources/test.ldif b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/main/resources/test.ldif
new file mode 100644
index 0000000..a0a630c
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/main/resources/test.ldif
@@ -0,0 +1,79 @@
+dn: dc=net
+objectclass: top
+objectclass: dcObject
+objectclass: organization
+dc: net
+o: net
+
+dn: dc=jsr375,dc=net
+objectclass: top
+objectclass: dcObject
+objectclass: organization
+dc: jsr375
+o: jsr375
+
+dn: ou=caller,dc=jsr375,dc=net
+objectclass: top
+objectclass: organizationalUnit
+ou: caller
+
+dn: uid=rudy,ou=caller,dc=jsr375,dc=net
+objectclass: top
+objectclass: uidObject
+objectclass: person
+uid: rudy
+cn: Rudy De Busscher
+sn: Rudy
+userPassword: pw
+
+dn: uid=reza,ou=caller,dc=jsr375,dc=net
+objectclass: top
+objectclass: uidObject
+objectclass: person
+uid: reza
+cn: Reza Rahman
+sn: Reza
+userPassword: secret1
+
+dn: uid=alex,ou=caller,dc=jsr375,dc=net
+objectclass: top
+objectclass: uidObject
+objectclass: person
+uid: alex
+cn: Alex Kosowski
+sn: Alex
+userPassword: secret2
+
+dn: uid=arjan,ou=caller,dc=jsr375,dc=net
+objectclass: top
+objectclass: uidObject
+objectclass: person
+uid: arjan
+cn: Arjan Tijms
+sn: Arjan
+userPassword: secret3
+
+dn: ou=group,dc=jsr375,dc=net
+objectclass: top
+objectclass: organizationalUnit
+ou: group
+
+dn: cn=foo,ou=group,dc=jsr375,dc=net
+objectclass: top
+objectclass: groupOfNames
+cn: foo
+member: uid=reza,ou=caller,dc=jsr375,dc=net
+member: uid=arjan,ou=caller,dc=jsr375,dc=net
+
+dn: cn=bar,ou=group,dc=jsr375,dc=net
+objectclass: top
+objectclass: groupOfNames
+cn: bar
+member: uid=reza,ou=caller,dc=jsr375,dc=net
+
+dn: cn=kaz,ou=group,dc=jsr375,dc=net
+objectclass: top
+objectclass: groupOfNames
+cn: kaz
+member: uid=alex,ou=caller,dc=jsr375,dc=net
+
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/main/webapp/WEB-INF/beans.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/main/webapp/WEB-INF/beans.xml
new file mode 100644
index 0000000..c7b9713
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/main/webapp/WEB-INF/beans.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<beans xmlns="http://xmlns.jcp.org/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/beans_1_1.xsd"
+ version="1.1" bean-discovery-mode="annotated">
+
+ <alternatives>
+ <class>org.glassfish.soteria.test.CustomIdentityStoreHandler</class>
+ </alternatives>
+</beans>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/main/webapp/WEB-INF/glassfish-web.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/main/webapp/WEB-INF/glassfish-web.xml
new file mode 100644
index 0000000..cdaf949
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/main/webapp/WEB-INF/glassfish-web.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<glassfish-web-app>
+
+ <security-role-mapping>
+ <role-name>foo</role-name>
+ <group-name>foo</group-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>bar</role-name>
+ <group-name>bar</group-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>kaz</role-name>
+ <group-name>kaz</group-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>baz</role-name>
+ <group-name>baz</group-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>group1</role-name>
+ <group-name>group1</group-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>group2</role-name>
+ <group-name>group2</group-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>group3</role-name>
+ <group-name>group3</group-name>
+ </security-role-mapping>
+
+ <parameter-encoding default-charset="UTF-8" />
+
+</glassfish-web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/test/java/org/glassfish/soteria/test/AppCustomIdentityStoreHandlerIT.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/test/java/org/glassfish/soteria/test/AppCustomIdentityStoreHandlerIT.java
new file mode 100644
index 0000000..9c987dc
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-identity-store-handler/src/test/java/org/glassfish/soteria/test/AppCustomIdentityStoreHandlerIT.java
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static org.glassfish.soteria.test.Assert.assertAuthenticated;
+import static org.glassfish.soteria.test.Assert.assertDefaultNotAuthenticated;
+import static org.glassfish.soteria.test.Assert.assertNotAuthenticated;
+import static org.glassfish.soteria.test.ShrinkWrap.mavenWar;
+
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.shrinkwrap.api.Archive;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+import org.junit.Rule;
+import org.junit.AfterClass;
+import org.junit.rules.TestWatcher;
+
+
+@RunWith(Arquillian.class)
+public class AppCustomIdentityStoreHandlerIT extends ArquillianBase {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+ @Rule
+ public TestWatcher reportWatcher=new ReportWatcher(stat, "Security::soteria::AppCustomIdentityStoreHandler");
+
+ @AfterClass
+ public static void printSummary(){
+ stat.printSummary();
+ }
+
+ @Deployment(testable = false)
+ public static Archive<?> createDeployment() {
+ return mavenWar();
+ }
+
+ @Test
+ public void testAuthenticated() {
+ assertAuthenticated(
+ "web", "reza",
+ readFromServer("/servlet?name=reza&password=secret1"),
+ // Only groups from the
+ "baz");
+ }
+
+ @Test
+ public void testBlacklisted() {
+ assertNotAuthenticated(
+ "web", "rudy",
+ readFromServer("/servlet?name=rudy&password=pw"),
+ "foo", "bar");
+ }
+
+ @Test
+ public void testNotAuthenticated() {
+ assertDefaultNotAuthenticated(
+ readFromServer("/servlet"));
+ }
+
+ @Test
+ public void testNotAuthenticatedWrongName() {
+ assertNotAuthenticated(
+ "web", "reza",
+ readFromServer("/servlet?name=romo&password=secret1"),
+ "foo", "bar", "baz");
+ }
+
+ @Test
+ public void testNotAuthenticatedWrongPassword() {
+ assertNotAuthenticated(
+ "web", "reza",
+ readFromServer("/servlet?name=reza&password=wrongpassword"),
+ "foo", "bar", "baz");
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-rememberme/pom.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-rememberme/pom.xml
new file mode 100644
index 0000000..a581b20
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-rememberme/pom.xml
@@ -0,0 +1,47 @@
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>soteria</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>app-custom-rememberme</artifactId>
+ <packaging>war</packaging>
+
+ <build>
+ <finalName>app-custom-rememberme</finalName>
+ </build>
+
+ <properties>
+ <failOnMissingWebXml>false</failOnMissingWebXml>
+ </properties>
+ <dependencies>
+ <dependency>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>common</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-rememberme/src/main/java/org/glassfish/soteria/test/RememberMeConfigBean.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-rememberme/src/main/java/org/glassfish/soteria/test/RememberMeConfigBean.java
new file mode 100644
index 0000000..cb01396
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-rememberme/src/main/java/org/glassfish/soteria/test/RememberMeConfigBean.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+
+import javax.enterprise.context.RequestScoped;
+import javax.inject.Named;
+
+@RequestScoped
+@Named
+public class RememberMeConfigBean {
+
+ private int maxAgeSeconds = 500;
+ private String cookieName = "GLASSFISHCOOKIE";
+ private boolean secureOnly = false;
+ private boolean httpOnly = true;
+
+ public int getMaxAgeSeconds() {
+ return maxAgeSeconds;
+ }
+
+ public String getCookieName() {
+ return cookieName;
+ }
+
+ public boolean isSecureOnly() {
+ return secureOnly;
+ }
+
+ public boolean isHttpOnly() {
+ return httpOnly;
+ }
+}
+
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-rememberme/src/main/java/org/glassfish/soteria/test/Servlet.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-rememberme/src/main/java/org/glassfish/soteria/test/Servlet.java
new file mode 100644
index 0000000..8380bbf
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-rememberme/src/main/java/org/glassfish/soteria/test/Servlet.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import java.io.IOException;
+
+import javax.annotation.security.DeclareRoles;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Test Servlet that prints out the name of the authenticated caller and whether
+ * this caller is in any of the roles {foo, bar, kaz}
+ *
+ *
+ */
+@DeclareRoles({ "foo", "bar", "kaz" })
+@WebServlet("/servlet")
+public class Servlet extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ @Override
+ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+ if (request.getParameter("logout") != null) {
+ request.logout(); // slightly ill-defined, but only for current request
+ request.getSession().invalidate();
+ }
+
+ response.getWriter().write("This is a servlet \n");
+
+ String webName = null;
+ if (request.getUserPrincipal() != null) {
+ webName = request.getUserPrincipal().getName();
+ }
+
+ response.getWriter().write("web username: " + webName + "\n");
+
+ response.getWriter().write("web user has role \"foo\": " + request.isUserInRole("foo") + "\n");
+ response.getWriter().write("web user has role \"bar\": " + request.isUserInRole("bar") + "\n");
+ response.getWriter().write("web user has role \"kaz\": " + request.isUserInRole("kaz") + "\n");
+
+ String mechanismCalled = (String) request.getAttribute("authentication-mechanism-called");
+
+ response.getWriter().write("\nauthentication mechanism called: " + (mechanismCalled != null? mechanismCalled : false) + "\n");
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-rememberme/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-rememberme/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java
new file mode 100644
index 0000000..0effcca
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-rememberme/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java
@@ -0,0 +1,100 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+
+import javax.enterprise.context.RequestScoped;
+import javax.inject.Inject;
+import javax.security.enterprise.AuthenticationException;
+import javax.security.enterprise.AuthenticationStatus;
+import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
+import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
+import javax.security.enterprise.authentication.mechanism.http.RememberMe;
+import javax.security.enterprise.credential.Password;
+import javax.security.enterprise.credential.UsernamePasswordCredential;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.IdentityStoreHandler;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import static javax.security.enterprise.identitystore.CredentialValidationResult.Status.VALID;
+
+@RememberMe(
+ cookieName = "#{self.rememberMeConfigBean.getCookieName()}",
+ cookieMaxAgeSecondsExpression = "#{self.rememberMeConfigBean.maxAgeSeconds}",
+ cookieSecureOnlyExpression = "#{self.rememberMeConfigBean.isSecureOnly()}",
+ cookieHttpOnlyExpression = "#{self.rememberMeConfigBean.httpOnly}",
+ isRememberMeExpression ="#{self.isRememberMe(httpMessageContext)}"
+)
+@RequestScoped
+public class TestAuthenticationMechanism implements HttpAuthenticationMechanism {
+
+ public RememberMeConfigBean getRememberMeConfigBean() {
+ return rememberMeConfigBean;
+ }
+
+ @Inject
+ private RememberMeConfigBean rememberMeConfigBean;
+
+ @Inject
+ private IdentityStoreHandler identityStoreHandler;
+
+ @Override
+ public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
+
+ request.setAttribute("authentication-mechanism-called", "true");
+
+ if (request.getParameter("name") != null && request.getParameter("password") != null) {
+
+ // Get the (caller) name and password from the request
+ // NOTE: This is for the smallest possible example only. In practice
+ // putting the password in a request query parameter is highly
+ // insecure
+ String name = request.getParameter("name");
+ Password password = new Password(request.getParameter("password"));
+
+ // Delegate the {credentials in -> identity data out} function to
+ // the Identity Store
+ CredentialValidationResult result = identityStoreHandler.validate(
+ new UsernamePasswordCredential(name, password));
+
+ if (result.getStatus() == VALID) {
+ // Communicate the details of the authenticated user to the
+ // container. In many cases the underlying handler will just store the details
+ // and the container will actually handle the login after we return from
+ // this method.
+ return httpMessageContext.notifyContainerAboutLogin(
+ result.getCallerPrincipal(), result.getCallerGroups());
+ } else {
+ return httpMessageContext.responseUnauthorized();
+ }
+ }
+
+ return httpMessageContext.doNothing();
+ }
+
+ public Boolean isRememberMe(HttpMessageContext httpMessageContext) {
+ return httpMessageContext.getRequest().getParameter("rememberme") != null;
+ }
+
+ // Workaround for possible CDI bug; at least in Weld 2.3.2 default methods don't seem to be intercepted
+ @Override
+ public void cleanSubject(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) {
+ HttpAuthenticationMechanism.super.cleanSubject(request, response, httpMessageContext);
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-rememberme/src/main/java/org/glassfish/soteria/test/TestIdentityStore.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-rememberme/src/main/java/org/glassfish/soteria/test/TestIdentityStore.java
new file mode 100644
index 0000000..6453d36
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-rememberme/src/main/java/org/glassfish/soteria/test/TestIdentityStore.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static java.util.Arrays.asList;
+import static javax.security.enterprise.identitystore.CredentialValidationResult.INVALID_RESULT;
+import static javax.security.enterprise.identitystore.CredentialValidationResult.NOT_VALIDATED_RESULT;
+
+import java.util.HashSet;
+
+import javax.enterprise.context.RequestScoped;
+import javax.security.enterprise.credential.Credential;
+import javax.security.enterprise.credential.UsernamePasswordCredential;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.IdentityStore;
+
+@RequestScoped
+public class TestIdentityStore implements IdentityStore {
+
+ @Override
+ public CredentialValidationResult validate(Credential credential) {
+ if (credential instanceof UsernamePasswordCredential) {
+ return validate((UsernamePasswordCredential) credential);
+ }
+
+ return NOT_VALIDATED_RESULT;
+ }
+
+ public CredentialValidationResult validate(UsernamePasswordCredential usernamePasswordCredential) {
+
+ if (usernamePasswordCredential.getCaller().equals("reza") &&
+ usernamePasswordCredential.getPassword().compareTo("secret1")) {
+
+ return new CredentialValidationResult("reza", new HashSet<>(asList("foo", "bar")));
+ }
+
+ return INVALID_RESULT;
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-rememberme/src/main/java/org/glassfish/soteria/test/TestRememberMeIdentityStore.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-rememberme/src/main/java/org/glassfish/soteria/test/TestRememberMeIdentityStore.java
new file mode 100644
index 0000000..c210891
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-rememberme/src/main/java/org/glassfish/soteria/test/TestRememberMeIdentityStore.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+
+import java.util.Map;
+import java.util.Set;
+import java.util.UUID;
+import java.util.concurrent.ConcurrentHashMap;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.security.enterprise.CallerPrincipal;
+import javax.security.enterprise.credential.RememberMeCredential;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.RememberMeIdentityStore;
+
+import static javax.security.enterprise.identitystore.CredentialValidationResult.INVALID_RESULT;
+
+@ApplicationScoped
+public class TestRememberMeIdentityStore implements RememberMeIdentityStore {
+
+ private final Map<String, CredentialValidationResult> identities = new ConcurrentHashMap<>();
+
+ @Override
+ public CredentialValidationResult validate(RememberMeCredential credential) {
+ if (identities.containsKey(credential.getToken())) {
+ return identities.get(credential.getToken());
+ }
+
+ return INVALID_RESULT;
+ }
+
+ @Override
+ public String generateLoginToken(CallerPrincipal callerPrincipal, Set<String> groups) {
+ String token = UUID.randomUUID().toString();
+
+ // NOTE: FOR EXAMPLE ONLY. AS TOKENKEY WOULD EFFECTIVELY BECOME THE REPLACEMENT PASSWORD
+ // IT SHOULD NORMALLY NOT BE STORED DIRECTLY BUT EG USING STRONG HASHING
+ identities.put(token, new CredentialValidationResult(callerPrincipal, groups));
+
+ return token;
+ }
+
+ @Override
+ public void removeLoginToken(String token) {
+ identities.remove(token);
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-rememberme/src/main/webapp/WEB-INF/beans.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-rememberme/src/main/webapp/WEB-INF/beans.xml
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-rememberme/src/main/webapp/WEB-INF/beans.xml
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-rememberme/src/main/webapp/WEB-INF/glassfish-web.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-rememberme/src/main/webapp/WEB-INF/glassfish-web.xml
new file mode 100644
index 0000000..6937244
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-rememberme/src/main/webapp/WEB-INF/glassfish-web.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<glassfish-web-app>
+
+ <security-role-mapping>
+ <role-name>foo</role-name>
+ <group-name>foo</group-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>bar</role-name>
+ <group-name>bar</group-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>kaz</role-name>
+ <group-name>kaz</group-name>
+ </security-role-mapping>
+
+ <parameter-encoding default-charset="UTF-8" />
+
+</glassfish-web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-rememberme/src/test/java/org/glassfish/soteria/test/AppCustomRememberMeIT.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-rememberme/src/test/java/org/glassfish/soteria/test/AppCustomRememberMeIT.java
new file mode 100644
index 0000000..a38747e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-rememberme/src/test/java/org/glassfish/soteria/test/AppCustomRememberMeIT.java
@@ -0,0 +1,195 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.assertFalse;
+import org.glassfish.soteria.test.ArquillianBase;
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.shrinkwrap.api.Archive;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+import org.junit.Rule;
+import org.junit.AfterClass;
+import org.junit.rules.TestWatcher;
+
+import com.gargoylesoftware.htmlunit.util.Cookie;
+
+import static org.glassfish.soteria.test.Assert.assertDefaultAuthenticated;
+import static org.glassfish.soteria.test.Assert.assertDefaultNotAuthenticated;
+import static org.glassfish.soteria.test.ShrinkWrap.mavenWar;
+
+@RunWith(Arquillian.class)
+public class AppCustomRememberMeIT extends ArquillianBase {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+ @Rule
+ public TestWatcher reportWatcher=new ReportWatcher(stat, "Security::soteria::AppCustomRememberMe");
+
+ @AfterClass
+ public static void printSummary(){
+ stat.printSummary();
+ }
+
+ @Deployment(testable = false)
+ public static Archive<?> createDeployment() {
+ return mavenWar();
+ }
+
+
+ @Test
+ public void testHttpOnlyIsTrue() {
+ readFromServer("/servlet?name=reza&password=secret1&rememberme=true");
+
+ assertTrue(getWebClient().getCookieManager().getCookie("GLASSFISHCOOKIE").isHttpOnly());
+ }
+
+ @Test
+ public void testSecureOnlyIsFalse() {
+ readFromServer("/servlet?name=reza&password=secret1&rememberme=true");
+
+ assertFalse(getWebClient().getCookieManager().getCookie("GLASSFISHCOOKIE").isSecure());
+ }
+
+ @Test
+ public void testAuthenticated() {
+ assertDefaultAuthenticated(
+ readFromServer("/servlet?name=reza&password=secret1"));
+ }
+
+ @Test
+ public void testNotAuthenticated() {
+ assertDefaultNotAuthenticated(
+ readFromServer("/servlet"));
+ }
+
+ @Test
+ public void testNotAuthenticatedWrongName() {
+ assertDefaultNotAuthenticated(
+ readFromServer("/servlet?name=romo&password=secret1"));
+ }
+
+ @Test
+ public void testNotAuthenticatedWrongPassword() {
+ assertDefaultNotAuthenticated(
+ readFromServer("/servlet?name=reza&password=wrongpassword"));
+ }
+
+ @Test
+ public void testAuthenticatedRememberMe() {
+
+ // 1. Initially request page when we're not authenticated
+
+ assertDefaultNotAuthenticated(
+ readFromServer("/servlet"));
+
+
+ // 2. Authenticate without remember me
+
+ String response = readFromServer("/servlet?name=reza&password=secret1");
+
+ assertDefaultAuthenticated(
+ response);
+
+ // For the initial authentication, the mechanism should be called
+
+ assertTrue(
+ "Authentication mechanism should have been called, but wasn't",
+ response.contains("authentication mechanism called: true"));
+
+
+ // 3. Request same page again within same http session, without remember me
+ // specified should NOT be authenticated
+
+ response = readFromServer("/servlet");
+
+ assertDefaultNotAuthenticated(
+ response);
+
+
+ // 4. Authenticate with remember me
+
+ response = readFromServer("/servlet?name=reza&password=secret1&rememberme=true");
+
+ assertDefaultAuthenticated(
+ response);
+
+ // For the initial authentication, the mechanism should be called again
+
+ assertTrue(
+ "Authentication mechanism should have been called, but wasn't",
+ response.contains("authentication mechanism called: true"));
+
+
+ // 5. Request same page again within same http session, with remember me
+ // specified should be authenticated
+
+ response = readFromServer("/servlet");
+
+ assertDefaultAuthenticated(
+ response);
+
+ // For the subsequent authentication, the mechanism should not be called again
+ // (the remember me interceptor takes care of this)
+
+ assertTrue(
+ "Authentication mechanism should not have been called, but was",
+ response.contains("authentication mechanism called: false"));
+
+
+ // 6. "Expire" the session by removing all cookies except the
+ // remember me cookie
+
+ for (Cookie cookie : getWebClient().getCookieManager().getCookies()) {
+ if (!"GLASSFISHCOOKIE".equals(cookie.getName())) {
+ getWebClient().getCookieManager().removeCookie(cookie);
+ }
+ }
+
+ // Request same page again
+
+ response = readFromServer("/servlet");
+
+ // Should still be authenticated
+
+ assertDefaultAuthenticated(
+ response);
+
+ // For the subsequent authentication, the mechanism should not be called again
+ // (the remember me interceptor takes care of this)
+
+ assertTrue(
+ "Authentication mechanism should not have been called, but was",
+ response.contains("authentication mechanism called: false"));
+
+
+ // 7. Logout. Should not be authenticated anymore
+
+ assertDefaultNotAuthenticated(
+ readFromServer("/servlet?logout=true"));
+
+
+ // 8. Request same page again, should still not be authenticated
+
+ assertDefaultNotAuthenticated(
+ readFromServer("/servlet"));
+
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-session/pom.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-session/pom.xml
new file mode 100644
index 0000000..c52b425
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-session/pom.xml
@@ -0,0 +1,47 @@
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>soteria</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>app-custom-session</artifactId>
+ <packaging>war</packaging>
+
+ <build>
+ <finalName>app-custom-session</finalName>
+ </build>
+
+ <properties>
+ <failOnMissingWebXml>false</failOnMissingWebXml>
+ </properties>
+ <dependencies>
+ <dependency>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>common</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-session/src/main/java/org/glassfish/soteria/test/Servlet.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-session/src/main/java/org/glassfish/soteria/test/Servlet.java
new file mode 100644
index 0000000..8380bbf
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-session/src/main/java/org/glassfish/soteria/test/Servlet.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import java.io.IOException;
+
+import javax.annotation.security.DeclareRoles;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Test Servlet that prints out the name of the authenticated caller and whether
+ * this caller is in any of the roles {foo, bar, kaz}
+ *
+ *
+ */
+@DeclareRoles({ "foo", "bar", "kaz" })
+@WebServlet("/servlet")
+public class Servlet extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ @Override
+ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+ if (request.getParameter("logout") != null) {
+ request.logout(); // slightly ill-defined, but only for current request
+ request.getSession().invalidate();
+ }
+
+ response.getWriter().write("This is a servlet \n");
+
+ String webName = null;
+ if (request.getUserPrincipal() != null) {
+ webName = request.getUserPrincipal().getName();
+ }
+
+ response.getWriter().write("web username: " + webName + "\n");
+
+ response.getWriter().write("web user has role \"foo\": " + request.isUserInRole("foo") + "\n");
+ response.getWriter().write("web user has role \"bar\": " + request.isUserInRole("bar") + "\n");
+ response.getWriter().write("web user has role \"kaz\": " + request.isUserInRole("kaz") + "\n");
+
+ String mechanismCalled = (String) request.getAttribute("authentication-mechanism-called");
+
+ response.getWriter().write("\nauthentication mechanism called: " + (mechanismCalled != null? mechanismCalled : false) + "\n");
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-session/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-session/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java
new file mode 100644
index 0000000..673b083
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-session/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+
+import javax.enterprise.context.RequestScoped;
+import javax.inject.Inject;
+import javax.security.enterprise.AuthenticationException;
+import javax.security.enterprise.AuthenticationStatus;
+import javax.security.enterprise.authentication.mechanism.http.AutoApplySession;
+import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
+import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
+import javax.security.enterprise.credential.Password;
+import javax.security.enterprise.credential.UsernamePasswordCredential;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.IdentityStoreHandler;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import static javax.security.enterprise.identitystore.CredentialValidationResult.Status.VALID;
+
+@RequestScoped
+@AutoApplySession
+public class TestAuthenticationMechanism implements HttpAuthenticationMechanism {
+
+ @Inject
+ private IdentityStoreHandler identityStoreHandler;
+
+ @Override
+ public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
+
+ request.setAttribute("authentication-mechanism-called", "true");
+
+ if (request.getParameter("name") != null && request.getParameter("password") != null) {
+
+ // Get the (caller) name and password from the request
+ // NOTE: This is for the smallest possible example only. In practice
+ // putting the password in a request query parameter is highly
+ // insecure
+ String name = request.getParameter("name");
+ Password password = new Password(request.getParameter("password"));
+
+ // Delegate the {credentials in -> identity data out} function to
+ // the Identity Store
+ CredentialValidationResult result = identityStoreHandler.validate(
+ new UsernamePasswordCredential(name, password));
+
+ if (result.getStatus() == VALID) {
+ // Communicate the details of the authenticated user to the
+ // container. In many cases the underlying handler will just store the details
+ // and the container will actually handle the login after we return from
+ // this method.
+ return httpMessageContext.notifyContainerAboutLogin(
+ result.getCallerPrincipal(), result.getCallerGroups());
+ } else {
+ return httpMessageContext.responseUnauthorized();
+ }
+ }
+
+ return httpMessageContext.doNothing();
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-session/src/main/java/org/glassfish/soteria/test/TestIdentityStore.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-session/src/main/java/org/glassfish/soteria/test/TestIdentityStore.java
new file mode 100644
index 0000000..af07d7a
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-session/src/main/java/org/glassfish/soteria/test/TestIdentityStore.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static java.util.Arrays.asList;
+import static javax.security.enterprise.identitystore.CredentialValidationResult.INVALID_RESULT;
+import static javax.security.enterprise.identitystore.CredentialValidationResult.NOT_VALIDATED_RESULT;
+
+import java.util.HashSet;
+
+import javax.enterprise.context.RequestScoped;
+import javax.security.enterprise.credential.Credential;
+import javax.security.enterprise.credential.UsernamePasswordCredential;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.IdentityStore;
+
+@RequestScoped
+public class TestIdentityStore implements IdentityStore {
+
+ @Override
+ public CredentialValidationResult validate(Credential credential) {
+ if (credential instanceof UsernamePasswordCredential) {
+ return validate((UsernamePasswordCredential) credential);
+ }
+
+ return NOT_VALIDATED_RESULT;
+ }
+
+ public CredentialValidationResult validate(UsernamePasswordCredential usernamePasswordCredential) {
+
+ if (usernamePasswordCredential.compareTo("reza", "secret1")) {
+ return new CredentialValidationResult("reza", new HashSet<>(asList("foo", "bar")));
+ }
+
+ return INVALID_RESULT;
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-session/src/main/webapp/WEB-INF/beans.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-session/src/main/webapp/WEB-INF/beans.xml
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-session/src/main/webapp/WEB-INF/beans.xml
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-session/src/main/webapp/WEB-INF/glassfish-web.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-session/src/main/webapp/WEB-INF/glassfish-web.xml
new file mode 100644
index 0000000..6937244
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-session/src/main/webapp/WEB-INF/glassfish-web.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<glassfish-web-app>
+
+ <security-role-mapping>
+ <role-name>foo</role-name>
+ <group-name>foo</group-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>bar</role-name>
+ <group-name>bar</group-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>kaz</role-name>
+ <group-name>kaz</group-name>
+ </security-role-mapping>
+
+ <parameter-encoding default-charset="UTF-8" />
+
+</glassfish-web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-session/src/test/java/org/glassfish/soteria/test/AppCustomSessionIT.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-session/src/test/java/org/glassfish/soteria/test/AppCustomSessionIT.java
new file mode 100644
index 0000000..568de30
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom-session/src/test/java/org/glassfish/soteria/test/AppCustomSessionIT.java
@@ -0,0 +1,132 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static org.glassfish.soteria.test.Assert.assertDefaultAuthenticated;
+import static org.glassfish.soteria.test.Assert.assertDefaultNotAuthenticated;
+import static org.glassfish.soteria.test.ShrinkWrap.mavenWar;
+import static org.junit.Assert.assertTrue;
+
+import org.glassfish.soteria.test.ArquillianBase;
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.shrinkwrap.api.Archive;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import org.junit.Rule;
+import org.junit.AfterClass;
+import org.junit.rules.TestWatcher;
+
+import com.gargoylesoftware.htmlunit.DefaultCredentialsProvider;
+import com.gargoylesoftware.htmlunit.WebResponse;
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+@RunWith(Arquillian.class)
+public class AppCustomSessionIT extends ArquillianBase {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+ @Rule
+ public TestWatcher reportWatcher=new ReportWatcher(stat, "Security::soteria::AppCustomSession");
+
+ @AfterClass
+ public static void printSummary(){
+ stat.printSummary();
+ }
+
+ @Deployment(testable = false)
+ public static Archive<?> createDeployment() {
+ return mavenWar();
+ }
+
+ @Test
+ public void testAuthenticated() {
+ assertDefaultAuthenticated(
+ readFromServer("/servlet?name=reza&password=secret1"));
+ }
+
+ @Test
+ public void testNotAuthenticated() {
+ assertDefaultNotAuthenticated(
+ readFromServer("/servlet"));
+ }
+
+ @Test
+ public void testNotAuthenticatedWrongName() {
+ assertDefaultNotAuthenticated(
+ readFromServer("/servlet?name=romo&password=secret1"));
+ }
+
+ @Test
+ public void testNotAuthenticatedWrongPassword() {
+ assertDefaultNotAuthenticated(
+ readFromServer("/servlet?name=reza&password=wrongpassword"));
+ }
+
+ @Test
+ public void testAuthenticatedSession() {
+
+ // 1. Initially request page when we're not authenticated
+
+ assertDefaultNotAuthenticated(
+ readFromServer("/servlet"));
+
+
+ // 2. Authenticate
+
+ String response = readFromServer("/servlet?name=reza&password=secret1");
+
+ assertDefaultAuthenticated(
+ response);
+
+ // For the initial authentication, the mechanism should be called
+
+ assertTrue(
+ "Authentication mechanism should have been called, but wasn't",
+ response.contains("authentication mechanism called: true"));
+
+
+ // 3. Request same page again within same http session, should still
+ // be authenticated
+
+ response = readFromServer("/servlet");
+
+ assertDefaultAuthenticated(
+ response);
+
+ // For the subsequent authentication, the mechanism should NOT be called
+ // (the session interceptor takes care of authentication now)
+
+ assertTrue(
+ "Authentication mechanism should have been called, but wasn't",
+ response.contains("authentication mechanism called: false"));
+
+
+ // 4. Logout. Should not be authenticated anymore
+
+ assertDefaultNotAuthenticated(
+ readFromServer("/servlet?logout=true"));
+
+
+ // 5. Request same page again, should still not be authenticated
+
+ assertDefaultNotAuthenticated(
+ readFromServer("/servlet"));
+
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom/pom.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom/pom.xml
new file mode 100644
index 0000000..2103a8d
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom/pom.xml
@@ -0,0 +1,47 @@
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>soteria</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>app-custom</artifactId>
+ <packaging>war</packaging>
+
+ <build>
+ <finalName>app-custom</finalName>
+ </build>
+
+ <properties>
+ <failOnMissingWebXml>false</failOnMissingWebXml>
+ </properties>
+ <dependencies>
+ <dependency>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>common</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom/src/main/java/org/glassfish/soteria/test/ProtectedServlet.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom/src/main/java/org/glassfish/soteria/test/ProtectedServlet.java
new file mode 100644
index 0000000..f7bfe5d
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom/src/main/java/org/glassfish/soteria/test/ProtectedServlet.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import java.io.IOException;
+
+import javax.inject.Inject;
+import javax.security.enterprise.SecurityContext;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.HttpConstraint;
+import javax.servlet.annotation.ServletSecurity;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Test Servlet that prints out the name of the authenticated caller and whether
+ * this caller is in any of the roles {foo, bar, kaz}
+ *
+ *
+ */
+@WebServlet("/protectedServlet")
+@ServletSecurity(@HttpConstraint(rolesAllowed = "foo"))
+public class ProtectedServlet extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ @Inject
+ private SecurityContext securityContext;
+
+ @Override
+ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+ response.getWriter().write("This is a servlet \n");
+
+ String webName = null;
+ if (request.getUserPrincipal() != null) {
+ webName = request.getUserPrincipal().getName();
+ }
+
+ response.getWriter().write("web username: " + webName + "\n");
+
+ response.getWriter().write("web user has role \"foo\": " + request.isUserInRole("foo") + "\n");
+ response.getWriter().write("web user has role \"bar\": " + request.isUserInRole("bar") + "\n");
+ response.getWriter().write("web user has role \"kaz\": " + request.isUserInRole("kaz") + "\n");
+
+ String contextName = null;
+ if (securityContext.getCallerPrincipal() != null) {
+ contextName = securityContext.getCallerPrincipal().getName();
+ }
+
+ response.getWriter().write("context username: " + contextName + "\n");
+
+ response.getWriter().write("context user has role \"foo\": " + securityContext.isCallerInRole("foo") + "\n");
+ response.getWriter().write("context user has role \"bar\": " + securityContext.isCallerInRole("bar") + "\n");
+ response.getWriter().write("context user has role \"kaz\": " + securityContext.isCallerInRole("kaz") + "\n");
+
+ response.getWriter().write("has access " + securityContext.hasAccessToWebResource("/servlets"));
+
+
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom/src/main/java/org/glassfish/soteria/test/Servlet.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom/src/main/java/org/glassfish/soteria/test/Servlet.java
new file mode 100644
index 0000000..375f477
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom/src/main/java/org/glassfish/soteria/test/Servlet.java
@@ -0,0 +1,79 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import java.io.IOException;
+
+import javax.annotation.security.DeclareRoles;
+import javax.inject.Inject;
+import javax.security.enterprise.SecurityContext;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.glassfish.soteria.SecurityContextImpl;
+
+/**
+ * Test Servlet that prints out the name of the authenticated caller and whether
+ * this caller is in any of the roles {foo, bar, kaz}
+ *
+ *
+ */
+@DeclareRoles({ "foo", "bar", "kaz" })
+@WebServlet("/servlet")
+public class Servlet extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ @Inject
+ private SecurityContext securityContext;
+
+ @Override
+ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+ response.getWriter().write("This is a servlet \n");
+
+ String webName = null;
+ if (request.getUserPrincipal() != null) {
+ webName = request.getUserPrincipal().getName();
+ }
+
+ response.getWriter().write("web username: " + webName + "\n");
+
+ response.getWriter().write("web user has role \"foo\": " + request.isUserInRole("foo") + "\n");
+ response.getWriter().write("web user has role \"bar\": " + request.isUserInRole("bar") + "\n");
+ response.getWriter().write("web user has role \"kaz\": " + request.isUserInRole("kaz") + "\n");
+
+ String contextName = null;
+ if (securityContext.getCallerPrincipal() != null) {
+ contextName = securityContext.getCallerPrincipal().getName();
+ }
+
+ response.getWriter().write("context username: " + contextName + "\n");
+
+ response.getWriter().write("context user has role \"foo\": " + securityContext.isCallerInRole("foo") + "\n");
+ response.getWriter().write("context user has role \"bar\": " + securityContext.isCallerInRole("bar") + "\n");
+ response.getWriter().write("context user has role \"kaz\": " + securityContext.isCallerInRole("kaz") + "\n");
+
+ response.getWriter().write("has access " + securityContext.hasAccessToWebResource("/protectedServlet") + "\n");
+
+ response.getWriter().write("All declared roles of user " + ((SecurityContextImpl)securityContext).getAllDeclaredCallerRoles() + "\n");
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java
new file mode 100644
index 0000000..cae948f
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static javax.security.enterprise.identitystore.CredentialValidationResult.Status.VALID;
+
+import javax.enterprise.context.RequestScoped;
+import javax.inject.Inject;
+import javax.security.enterprise.AuthenticationStatus;
+import javax.security.enterprise.AuthenticationException;
+import javax.security.auth.message.AuthException;
+import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
+import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.IdentityStoreHandler;
+import javax.security.enterprise.credential.UsernamePasswordCredential;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@RequestScoped
+public class TestAuthenticationMechanism implements HttpAuthenticationMechanism {
+
+ @Inject
+ private IdentityStoreHandler identityStoreHandler;
+
+ @Override
+ public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
+
+ // Get the (caller) name and password from the request
+ // NOTE: This is for the smallest possible example only. In practice
+ // putting the password in a request query parameter is highly
+ // insecure
+ String name = request.getParameter("name");
+ String password = request.getParameter("password");
+
+ if (name != null && password != null) {
+
+ // Delegate the {credentials in -> identity data out} function to
+ // the Identity Store
+ CredentialValidationResult result = identityStoreHandler.validate(
+ new UsernamePasswordCredential(name, password));
+
+ if (result.getStatus() == VALID) {
+ // Communicate the details of the authenticated user to the
+ // container. In many cases the underlying handler will just store the details
+ // and the container will actually handle the login after we return from
+ // this method.
+ return httpMessageContext.notifyContainerAboutLogin(
+ result.getCallerPrincipal(), result.getCallerGroups());
+ } else {
+ return httpMessageContext.responseUnauthorized();
+ }
+ }
+
+ return httpMessageContext.doNothing();
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom/src/main/java/org/glassfish/soteria/test/TestIdentityStore.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom/src/main/java/org/glassfish/soteria/test/TestIdentityStore.java
new file mode 100644
index 0000000..0200b04
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom/src/main/java/org/glassfish/soteria/test/TestIdentityStore.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static java.util.Arrays.asList;
+import static javax.security.enterprise.identitystore.CredentialValidationResult.INVALID_RESULT;
+
+import java.util.HashSet;
+
+import javax.enterprise.context.RequestScoped;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.IdentityStore;
+import javax.security.enterprise.credential.UsernamePasswordCredential;
+
+@RequestScoped
+public class TestIdentityStore implements IdentityStore {
+
+ public CredentialValidationResult validate(UsernamePasswordCredential usernamePasswordCredential) {
+
+ if (usernamePasswordCredential.compareTo("reza", "secret1")) {
+ return new CredentialValidationResult("reza", new HashSet<>(asList("foo", "bar")));
+ }
+
+ return INVALID_RESULT;
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom/src/main/webapp/WEB-INF/beans.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom/src/main/webapp/WEB-INF/beans.xml
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom/src/main/webapp/WEB-INF/beans.xml
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom/src/main/webapp/WEB-INF/web.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 0000000..09fffb4
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app
+ xmlns="http://xmlns.jcp.org/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
+ version="3.1"
+>
+
+ <!-- Security constraints and roles. -->
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>User pages</web-resource-name>
+ <url-pattern>/protectedServlet</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>foo</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+
+ <security-role>
+ <role-name>foo</role-name>
+ </security-role>
+
+</web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-custom/src/test/java/org/glassfish/soteria/test/AppCustomIT.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom/src/test/java/org/glassfish/soteria/test/AppCustomIT.java
new file mode 100644
index 0000000..f48f1b8
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-custom/src/test/java/org/glassfish/soteria/test/AppCustomIT.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static org.glassfish.soteria.test.Assert.*;
+import static org.glassfish.soteria.test.ShrinkWrap.mavenWar;
+
+import org.glassfish.soteria.test.ArquillianBase;
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.shrinkwrap.api.Archive;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import org.junit.Rule;
+import org.junit.AfterClass;
+import org.junit.rules.TestWatcher;
+
+import com.gargoylesoftware.htmlunit.DefaultCredentialsProvider;
+import com.gargoylesoftware.htmlunit.WebResponse;
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+@RunWith(Arquillian.class)
+public class AppCustomIT extends ArquillianBase {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+ @Rule
+ public TestWatcher reportWatcher=new ReportWatcher(stat, "Security::soteria::AppCustom");
+
+ @AfterClass
+ public static void printSummary(){
+ stat.printSummary();
+ }
+
+ @Deployment(testable = false)
+ public static Archive<?> createDeployment() {
+ return mavenWar();
+ }
+
+ @Test
+ public void testAuthenticated() {
+ assertDefaultAuthenticated(
+ responseFromServer("/servlet?name=reza&password=secret1"));
+ }
+
+ @Test
+ public void testNotAuthenticated() {
+ assertDefaultNotAuthenticatedUnprotected(
+ responseFromServer("/servlet"));
+ }
+
+ @Test
+ public void testNotAuthenticatedWrongName() {
+ assertDefaultNotAuthenticated(
+ responseFromServer("/servlet?name=romo&password=secret1"));
+ }
+
+ @Test
+ public void testNotAuthenticatedWrongPassword() {
+ assertDefaultNotAuthenticated(
+ responseFromServer("/servlet?name=reza&password=wrongpassword"));
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-db/pom.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-db/pom.xml
new file mode 100644
index 0000000..e577135
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-db/pom.xml
@@ -0,0 +1,48 @@
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>soteria</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>app-db</artifactId>
+ <packaging>war</packaging>
+
+ <build>
+ <finalName>app-db</finalName>
+ </build>
+
+ <properties>
+ <failOnMissingWebXml>false</failOnMissingWebXml>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>common</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-db/src/main/java/org/glassfish/soteria/test/ApplicationConfig.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-db/src/main/java/org/glassfish/soteria/test/ApplicationConfig.java
new file mode 100644
index 0000000..86d37da
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-db/src/main/java/org/glassfish/soteria/test/ApplicationConfig.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.inject.Named;
+import javax.security.enterprise.identitystore.DatabaseIdentityStoreDefinition;
+
+@DatabaseIdentityStoreDefinition(
+ dataSourceLookup="${'jdbc/__default'}",
+ callerQuery="#{'select password from caller where name = ?'}",
+ groupsQuery="select group_name from caller_groups where caller_name = ?",
+ hashAlgorithm = PlaintextPasswordHash.class,
+ hashAlgorithmParameters = {
+ "foo=bar",
+ "kax=zak",
+ "foox=${'iop'}",
+ "${applicationConfig.dyna}"
+
+ } // just for test / example
+)
+@ApplicationScoped
+@Named
+public class ApplicationConfig {
+
+ public String[] getDyna() {
+ return new String[] {"dyn=1","dyna=2","dynam=3"};
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-db/src/main/java/org/glassfish/soteria/test/DatabaseSetup.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-db/src/main/java/org/glassfish/soteria/test/DatabaseSetup.java
new file mode 100644
index 0000000..fe26b36
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-db/src/main/java/org/glassfish/soteria/test/DatabaseSetup.java
@@ -0,0 +1,79 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.SQLException;
+
+import javax.annotation.PostConstruct;
+import javax.annotation.PreDestroy;
+import javax.annotation.Resource;
+import javax.annotation.sql.DataSourceDefinition;
+import javax.ejb.Singleton;
+import javax.ejb.Startup;
+import javax.sql.DataSource;
+
+@Singleton
+@Startup
+public class DatabaseSetup {
+
+ @Resource(lookup="java:comp/DefaultDataSource")
+ private DataSource dataSource;
+
+ @PostConstruct
+ public void init() {
+
+ executeUpdate(dataSource, "CREATE TABLE caller(name VARCHAR(64) PRIMARY KEY, password VARCHAR(64))");
+ executeUpdate(dataSource, "CREATE TABLE caller_groups(caller_name VARCHAR(64), group_name VARCHAR(64))");
+
+ executeUpdate(dataSource, "INSERT INTO caller VALUES('reza', 'secret1')");
+ executeUpdate(dataSource, "INSERT INTO caller VALUES('alex', 'secret2')");
+ executeUpdate(dataSource, "INSERT INTO caller VALUES('arjan', 'secret2')");
+ executeUpdate(dataSource, "INSERT INTO caller VALUES('werner', 'secret2')");
+
+ executeUpdate(dataSource, "INSERT INTO caller_groups VALUES('reza', 'foo')");
+ executeUpdate(dataSource, "INSERT INTO caller_groups VALUES('reza', 'bar')");
+
+ executeUpdate(dataSource, "INSERT INTO caller_groups VALUES('alex', 'foo')");
+ executeUpdate(dataSource, "INSERT INTO caller_groups VALUES('alex', 'bar')");
+
+ executeUpdate(dataSource, "INSERT INTO caller_groups VALUES('arjan', 'foo')");
+ executeUpdate(dataSource, "INSERT INTO caller_groups VALUES('werner', 'foo')");
+ }
+
+ @PreDestroy
+ public void destroy() {
+ try {
+ executeUpdate(dataSource, "DROP TABLE caller");
+ executeUpdate(dataSource, "DROP TABLE caller_groups");
+ } catch (Exception e) {
+ // silently ignore, concerns in-memory database
+ }
+ }
+
+ private void executeUpdate(DataSource dataSource, String query) {
+ try (Connection connection = dataSource.getConnection()) {
+ try (PreparedStatement statement = connection.prepareStatement(query)) {
+ statement.executeUpdate();
+ }
+ } catch (SQLException e) {
+ throw new IllegalStateException(e);
+ }
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-db/src/main/java/org/glassfish/soteria/test/PlaintextPasswordHash.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-db/src/main/java/org/glassfish/soteria/test/PlaintextPasswordHash.java
new file mode 100644
index 0000000..58c9b00
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-db/src/main/java/org/glassfish/soteria/test/PlaintextPasswordHash.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+import java.util.Map;
+
+import javax.enterprise.context.Dependent;
+import javax.security.enterprise.identitystore.PasswordHash;
+
+@Dependent
+public class PlaintextPasswordHash implements PasswordHash {
+
+ @Override
+ public void initialize(Map<String, String> parameters) {
+
+ }
+
+ @Override
+ public String generate(char[] password) {
+ return new String(password);
+ }
+
+ @Override
+ public boolean verify(char[] password, String hashedPassword) {
+ //don't bother with constant time comparison; more portable
+ //this way, and algorithm will be used only for testing.
+ return (password != null && password.length > 0 &&
+ hashedPassword != null && hashedPassword.length() > 0 &&
+ hashedPassword.equals(new String(password)));
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-db/src/main/java/org/glassfish/soteria/test/Servlet.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-db/src/main/java/org/glassfish/soteria/test/Servlet.java
new file mode 100644
index 0000000..76fab1d
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-db/src/main/java/org/glassfish/soteria/test/Servlet.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import java.io.IOException;
+
+import javax.annotation.security.DeclareRoles;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Test Servlet that prints out the name of the authenticated caller and whether
+ * this caller is in any of the roles {foo, bar, kaz}
+ *
+ *
+ */
+@DeclareRoles({ "foo", "bar", "kaz" })
+@WebServlet("/servlet")
+public class Servlet extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ @Override
+ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+ response.getWriter().write("This is a servlet \n");
+
+ String webName = null;
+ if (request.getUserPrincipal() != null) {
+ webName = request.getUserPrincipal().getName();
+ }
+
+ response.getWriter().write("web username: " + webName + "\n");
+
+ response.getWriter().write("web user has role \"foo\": " + request.isUserInRole("foo") + "\n");
+ response.getWriter().write("web user has role \"bar\": " + request.isUserInRole("bar") + "\n");
+ response.getWriter().write("web user has role \"kaz\": " + request.isUserInRole("kaz") + "\n");
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-db/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-db/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java
new file mode 100644
index 0000000..f8e3c1b
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-db/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+
+import javax.enterprise.context.RequestScoped;
+import javax.inject.Inject;
+import javax.security.enterprise.AuthenticationException;
+import javax.security.enterprise.AuthenticationStatus;
+import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
+import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
+import javax.security.enterprise.credential.Password;
+import javax.security.enterprise.credential.UsernamePasswordCredential;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.IdentityStoreHandler;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import static javax.security.enterprise.identitystore.CredentialValidationResult.Status.VALID;
+
+@RequestScoped
+public class TestAuthenticationMechanism implements HttpAuthenticationMechanism {
+
+ @Inject
+ private IdentityStoreHandler identityStoreHandler;
+
+ @Override
+ public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
+
+ if (request.getParameter("name") != null && request.getParameter("password") != null) {
+
+ // Get the (caller) name and password from the request
+ // NOTE: This is for the smallest possible example only. In practice
+ // putting the password in a request query parameter is highly
+ // insecure
+ String name = request.getParameter("name");
+ Password password = new Password(request.getParameter("password"));
+
+ // Delegate the {credentials in -> identity data out} function to
+ // the Identity Store
+ CredentialValidationResult result = identityStoreHandler.validate(
+ new UsernamePasswordCredential(name, password));
+
+ if (result.getStatus() == VALID) {
+ // Communicate the details of the authenticated user to the
+ // container. In many cases the underlying handler will just store the details
+ // and the container will actually handle the login after we return from
+ // this method.
+ return httpMessageContext.notifyContainerAboutLogin(
+ result.getCallerPrincipal(), result.getCallerGroups());
+ } else {
+ return httpMessageContext.responseUnauthorized();
+ }
+ }
+
+ return httpMessageContext.doNothing();
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-db/src/main/webapp/WEB-INF/beans.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-db/src/main/webapp/WEB-INF/beans.xml
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-db/src/main/webapp/WEB-INF/beans.xml
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-db/src/main/webapp/WEB-INF/glassfish-web.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-db/src/main/webapp/WEB-INF/glassfish-web.xml
new file mode 100644
index 0000000..6937244
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-db/src/main/webapp/WEB-INF/glassfish-web.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<glassfish-web-app>
+
+ <security-role-mapping>
+ <role-name>foo</role-name>
+ <group-name>foo</group-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>bar</role-name>
+ <group-name>bar</group-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>kaz</role-name>
+ <group-name>kaz</group-name>
+ </security-role-mapping>
+
+ <parameter-encoding default-charset="UTF-8" />
+
+</glassfish-web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-db/src/test/java/org/glassfish/soteria/test/AppDBIT.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-db/src/test/java/org/glassfish/soteria/test/AppDBIT.java
new file mode 100644
index 0000000..6f0b657
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-db/src/test/java/org/glassfish/soteria/test/AppDBIT.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static java.lang.System.getProperty;
+import static org.glassfish.soteria.test.Assert.assertDefaultAuthenticated;
+import static org.glassfish.soteria.test.Assert.assertDefaultNotAuthenticated;
+import static org.glassfish.soteria.test.ShrinkWrap.mavenWar;
+import static org.junit.Assume.assumeFalse;
+
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.shrinkwrap.api.Archive;
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.asset.EmptyAsset;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+import org.junit.Rule;
+import org.junit.AfterClass;
+import org.junit.rules.TestWatcher;
+
+
+@RunWith(Arquillian.class)
+public class AppDBIT extends ArquillianBase {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+ @Rule
+ public TestWatcher reportWatcher=new ReportWatcher(stat, "Security::soteria::AppDB");
+
+ @AfterClass
+ public static void printSummary(){
+ stat.printSummary();
+ }
+
+
+ @Deployment(testable = false)
+ public static Archive<?> createDeployment() {
+ return mavenWar();
+ }
+
+ @Test
+ public void testAuthenticated() {
+ assertDefaultAuthenticated(
+ readFromServer("/servlet?name=reza&password=secret1"));
+ }
+
+ @Test
+ public void testNotAuthenticated() {
+ assertDefaultNotAuthenticated(
+ readFromServer("/servlet"));
+ }
+
+ @Test
+ public void testNotAuthenticatedWrongName() {
+ assertDefaultNotAuthenticated(
+ readFromServer("/servlet?name=romo&password=secret1"));
+ }
+
+ @Test
+ public void testNotAuthenticatedWrongPassword() {
+ assertDefaultNotAuthenticated(
+ readFromServer("/servlet?name=reza&password=wrongpassword"));
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-double-ham/pom.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-double-ham/pom.xml
new file mode 100644
index 0000000..d11f118
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-double-ham/pom.xml
@@ -0,0 +1,48 @@
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>soteria</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>app-double-ham</artifactId>
+ <packaging>war</packaging>
+
+ <build>
+ <finalName>app-double-ham</finalName>
+ </build>
+
+ <properties>
+ <failOnMissingWebXml>false</failOnMissingWebXml>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>common</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-double-ham/src/main/java/org/glassfish/soteria/test/ProtectedServlet.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-double-ham/src/main/java/org/glassfish/soteria/test/ProtectedServlet.java
new file mode 100644
index 0000000..03c87ad
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-double-ham/src/main/java/org/glassfish/soteria/test/ProtectedServlet.java
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import java.io.IOException;
+
+import javax.inject.Inject;
+import javax.security.enterprise.SecurityContext;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.HttpConstraint;
+import javax.servlet.annotation.ServletSecurity;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition;
+
+
+/**
+ * Test Servlet that prints out the name of the authenticated caller and whether
+ * this caller is in any of the roles {foo, bar, kaz}
+ *
+ *
+ */
+
+@BasicAuthenticationMechanismDefinition(
+ realmName="test realm"
+)
+@WebServlet("/protectedServlet")
+@ServletSecurity(@HttpConstraint(rolesAllowed = "foo"))
+public class ProtectedServlet extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ @Inject
+ private SecurityContext securityContext;
+
+ @Override
+ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+ response.getWriter().write("This is a servlet \n");
+
+ String webName = null;
+ if (request.getUserPrincipal() != null) {
+ webName = request.getUserPrincipal().getName();
+ }
+
+ response.getWriter().write("web username: " + webName + "\n");
+
+ response.getWriter().write("web user has role \"foo\": " + request.isUserInRole("foo") + "\n");
+ response.getWriter().write("web user has role \"bar\": " + request.isUserInRole("bar") + "\n");
+ response.getWriter().write("web user has role \"kaz\": " + request.isUserInRole("kaz") + "\n");
+
+ String contextName = null;
+ if (securityContext.getCallerPrincipal() != null) {
+ contextName = securityContext.getCallerPrincipal().getName();
+ }
+
+ response.getWriter().write("context username: " + contextName + "\n");
+
+ response.getWriter().write("context user has role \"foo\": " + securityContext.isCallerInRole("foo") + "\n");
+ response.getWriter().write("context user has role \"bar\": " + securityContext.isCallerInRole("bar") + "\n");
+ response.getWriter().write("context user has role \"kaz\": " + securityContext.isCallerInRole("kaz") + "\n");
+
+ response.getWriter().write("has access " + securityContext.hasAccessToWebResource("/servlets"));
+
+
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-double-ham/src/main/java/org/glassfish/soteria/test/Servlet.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-double-ham/src/main/java/org/glassfish/soteria/test/Servlet.java
new file mode 100644
index 0000000..7315af4
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-double-ham/src/main/java/org/glassfish/soteria/test/Servlet.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import java.io.IOException;
+
+import javax.annotation.security.DeclareRoles;
+import javax.inject.Inject;
+import javax.security.enterprise.SecurityContext;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition;
+import org.glassfish.soteria.SecurityContextImpl;
+
+/**
+ * Test Servlet that prints out the name of the authenticated caller and whether
+ * this caller is in any of the roles {foo, bar, kaz}
+ *
+ *
+ */
+@BasicAuthenticationMechanismDefinition(
+ realmName="test realm"
+)
+@DeclareRoles({ "foo", "bar", "kaz" })
+@WebServlet("/servlet")
+public class Servlet extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ @Inject
+ private SecurityContext securityContext;
+
+ @Override
+ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+ response.getWriter().write("This is a servlet \n");
+
+ String webName = null;
+ if (request.getUserPrincipal() != null) {
+ webName = request.getUserPrincipal().getName();
+ }
+
+ response.getWriter().write("web username: " + webName + "\n");
+
+ response.getWriter().write("web user has role \"foo\": " + request.isUserInRole("foo") + "\n");
+ response.getWriter().write("web user has role \"bar\": " + request.isUserInRole("bar") + "\n");
+ response.getWriter().write("web user has role \"kaz\": " + request.isUserInRole("kaz") + "\n");
+
+ String contextName = null;
+ if (securityContext.getCallerPrincipal() != null) {
+ contextName = securityContext.getCallerPrincipal().getName();
+ }
+
+ response.getWriter().write("context username: " + contextName + "\n");
+
+ response.getWriter().write("context user has role \"foo\": " + securityContext.isCallerInRole("foo") + "\n");
+ response.getWriter().write("context user has role \"bar\": " + securityContext.isCallerInRole("bar") + "\n");
+ response.getWriter().write("context user has role \"kaz\": " + securityContext.isCallerInRole("kaz") + "\n");
+
+ response.getWriter().write("has access " + securityContext.hasAccessToWebResource("/protectedServlet") + "\n");
+
+ response.getWriter().write("All declared roles of user " + ((SecurityContextImpl)securityContext).getAllDeclaredCallerRoles() + "\n");
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-double-ham/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-double-ham/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java
new file mode 100644
index 0000000..74998f8
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-double-ham/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static javax.security.enterprise.identitystore.CredentialValidationResult.Status.VALID;
+
+import javax.enterprise.context.RequestScoped;
+import javax.inject.Inject;
+import javax.security.enterprise.AuthenticationStatus;
+import javax.security.enterprise.AuthenticationException;
+import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
+import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.IdentityStoreHandler;
+import javax.security.enterprise.credential.UsernamePasswordCredential;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@RequestScoped
+public class TestAuthenticationMechanism implements HttpAuthenticationMechanism {
+
+ @Inject
+ private IdentityStoreHandler identityStoreHandler;
+
+ @Override
+ public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
+
+ // Get the (caller) name and password from the request
+ // NOTE: This is for the smallest possible example only. In practice
+ // putting the password in a request query parameter is highly
+ // insecure
+ String name = request.getParameter("name");
+ String password = request.getParameter("password");
+
+ if (name != null && password != null) {
+
+ // Delegate the {credentials in -> identity data out} function to
+ // the Identity Store
+ CredentialValidationResult result = identityStoreHandler.validate(
+ new UsernamePasswordCredential(name, password));
+
+ if (result.getStatus() == VALID) {
+ // Communicate the details of the authenticated user to the
+ // container. In many cases the underlying handler will just store the details
+ // and the container will actually handle the login after we return from
+ // this method.
+ return httpMessageContext.notifyContainerAboutLogin(
+ result.getCallerPrincipal(), result.getCallerGroups());
+ } else {
+ return httpMessageContext.responseUnauthorized();
+ }
+ }
+
+ return httpMessageContext.doNothing();
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-double-ham/src/main/java/org/glassfish/soteria/test/TestIdentityStore.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-double-ham/src/main/java/org/glassfish/soteria/test/TestIdentityStore.java
new file mode 100644
index 0000000..0200b04
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-double-ham/src/main/java/org/glassfish/soteria/test/TestIdentityStore.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static java.util.Arrays.asList;
+import static javax.security.enterprise.identitystore.CredentialValidationResult.INVALID_RESULT;
+
+import java.util.HashSet;
+
+import javax.enterprise.context.RequestScoped;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.IdentityStore;
+import javax.security.enterprise.credential.UsernamePasswordCredential;
+
+@RequestScoped
+public class TestIdentityStore implements IdentityStore {
+
+ public CredentialValidationResult validate(UsernamePasswordCredential usernamePasswordCredential) {
+
+ if (usernamePasswordCredential.compareTo("reza", "secret1")) {
+ return new CredentialValidationResult("reza", new HashSet<>(asList("foo", "bar")));
+ }
+
+ return INVALID_RESULT;
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-double-ham/src/main/webapp/WEB-INF/beans.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-double-ham/src/main/webapp/WEB-INF/beans.xml
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-double-ham/src/main/webapp/WEB-INF/beans.xml
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-double-ham/src/main/webapp/WEB-INF/web.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-double-ham/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 0000000..09fffb4
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-double-ham/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app
+ xmlns="http://xmlns.jcp.org/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
+ version="3.1"
+>
+
+ <!-- Security constraints and roles. -->
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>User pages</web-resource-name>
+ <url-pattern>/protectedServlet</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>foo</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+
+ <security-role>
+ <role-name>foo</role-name>
+ </security-role>
+
+</web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-double-ham/src/test/java/org/glassfish/soteria/test/AppDoubleHAMIT.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-double-ham/src/test/java/org/glassfish/soteria/test/AppDoubleHAMIT.java
new file mode 100644
index 0000000..701d407
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-double-ham/src/test/java/org/glassfish/soteria/test/AppDoubleHAMIT.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static org.glassfish.soteria.test.Assert.*;
+import static org.glassfish.soteria.test.ShrinkWrap.mavenWar;
+
+import org.glassfish.soteria.test.ArquillianBase;
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.shrinkwrap.api.Archive;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import org.junit.Rule;
+import org.junit.AfterClass;
+import org.junit.rules.TestWatcher;
+
+import com.gargoylesoftware.htmlunit.DefaultCredentialsProvider;
+import com.gargoylesoftware.htmlunit.WebResponse;
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+@RunWith(Arquillian.class)
+public class AppDoubleHAMIT extends ArquillianBase {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+ @Rule
+ public TestWatcher reportWatcher=new ReportWatcher(stat, "Security::soteria::AppDoubleHam");
+
+ @AfterClass
+ public static void printSummary(){
+ stat.printSummary();
+ }
+
+ @Deployment(testable = false)
+ public static Archive<?> createDeployment() {
+ return mavenWar();
+ }
+
+ @Test
+ public void testBasicHAM() {
+
+ DefaultCredentialsProvider credentialsProvider = new DefaultCredentialsProvider();
+ credentialsProvider.addCredentials("reza", "secret1");
+
+ getWebClient().setCredentialsProvider(credentialsProvider);
+
+ assertNotAuthenticatedError(
+ responseFromServer("/servlet"));
+ }
+
+ @Test
+ public void testCustomHam() {
+ assertNotAuthenticatedError(
+ responseFromServer("/servlet?name=reza&password=secret1"));
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-ham-ordering/pom.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-ham-ordering/pom.xml
new file mode 100644
index 0000000..b91075d
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-ham-ordering/pom.xml
@@ -0,0 +1,47 @@
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>soteria</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>app-ham-ordering</artifactId>
+ <packaging>war</packaging>
+
+ <build>
+ <finalName>app-ham-ordering</finalName>
+ </build>
+
+ <properties>
+ <failOnMissingWebXml>false</failOnMissingWebXml>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>common</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-ham-ordering/src/main/java/org/glassfish/soteria/test/Servlet.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-ham-ordering/src/main/java/org/glassfish/soteria/test/Servlet.java
new file mode 100644
index 0000000..e9d952e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-ham-ordering/src/main/java/org/glassfish/soteria/test/Servlet.java
@@ -0,0 +1,104 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import java.io.IOException;
+
+import javax.annotation.security.DeclareRoles;
+import javax.inject.Inject;
+import javax.security.enterprise.SecurityContext;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.glassfish.soteria.SecurityContextImpl;
+import java.util.stream.*;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Arrays;
+/**
+ * Test Servlet that prints out the name of the authenticated caller and whether
+ * this caller is in any of the roles {foo, bar, kaz}
+ *
+ *
+ */
+@DeclareRoles({ "foo", "bar", "kaz" })
+@WebServlet("/servlet")
+public class Servlet extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ @Inject
+ private SecurityContext securityContext;
+
+ private void tagHttpRequest(HttpServletRequest request,String methodName){
+
+ if(request.getAttribute("methodInvList") == null){
+ List<String> invList= new ArrayList<>();
+ invList.add(methodName);
+ request.setAttribute("methodInvList", invList.stream().collect(Collectors.joining(",")));
+ }else{
+ String invListStr = (String)request.getAttribute("methodInvList");
+ List<String> invList = new ArrayList(Arrays.asList(invListStr.split(",")));
+ invList.add(methodName);
+ request.setAttribute("methodInvList", invList.stream().collect(Collectors.joining(",")));
+ }
+ }
+
+ @Override
+ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+
+ tagHttpRequest(request,"doGet");
+ response.getWriter().write("This is a servlet \n");
+
+ String webName = null;
+ if (request.getUserPrincipal() != null) {
+ webName = request.getUserPrincipal().getName();
+ }
+
+ response.getWriter().write("web username: " + webName + "\n");
+
+ response.getWriter().write("web user has role \"foo\": " + request.isUserInRole("foo") + "\n");
+ response.getWriter().write("web user has role \"bar\": " + request.isUserInRole("bar") + "\n");
+ response.getWriter().write("web user has role \"kaz\": " + request.isUserInRole("kaz") + "\n");
+
+ String contextName = null;
+ if (securityContext.getCallerPrincipal() != null) {
+ contextName = securityContext.getCallerPrincipal().getName();
+ }
+
+ response.getWriter().write("context username: " + contextName + "\n");
+
+
+ response.getWriter().write("context user has role \"foo\": " + securityContext.isCallerInRole("foo") + "\n");
+ response.getWriter().write("context user has role \"bar\": " + securityContext.isCallerInRole("bar") + "\n");
+ response.getWriter().write("context user has role \"kaz\": " + securityContext.isCallerInRole("kaz") + "\n");
+
+ response.getWriter().write("has access " + securityContext.hasAccessToWebResource("/protectedServlet") + "\n");
+
+ response.getWriter().write("All declared roles of user " + ((SecurityContextImpl)securityContext).getAllDeclaredCallerRoles() + "\n");
+ String invListStr = (String)request.getAttribute("methodInvList");
+ response.getWriter().write("OrderingList: " + invListStr);
+ boolean doLogout = Boolean.parseBoolean(request.getParameter("doLogout"));
+ if(doLogout)
+ request.logout();
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-ham-ordering/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-ham-ordering/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java
new file mode 100644
index 0000000..b615cda
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-ham-ordering/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java
@@ -0,0 +1,111 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static javax.security.enterprise.identitystore.CredentialValidationResult.Status.VALID;
+import java.io.IOException;
+import javax.enterprise.context.RequestScoped;
+import javax.inject.Inject;
+import javax.security.enterprise.AuthenticationStatus;
+import javax.security.enterprise.AuthenticationException;
+import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
+import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.IdentityStoreHandler;
+import javax.security.enterprise.credential.UsernamePasswordCredential;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.stream.*;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Arrays;
+import static javax.security.enterprise.AuthenticationStatus.*;
+
+@RequestScoped
+public class TestAuthenticationMechanism implements HttpAuthenticationMechanism {
+
+ @Inject
+ private IdentityStoreHandler identityStoreHandler;
+
+ @Override
+ public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
+
+ // Get the (caller) name and password from the request
+ // NOTE: This is for the smallest possible example only. In practice
+ // putting the password in a request query parameter is highly
+ // insecure
+ String name = request.getParameter("name");
+ String password = request.getParameter("password");
+ tagHttpRequest(request,"validateRequest");
+ if (name != null && password != null) {
+
+ // Delegate the {credentials in -> identity data out} function to
+ // the Identity Store
+ CredentialValidationResult result = identityStoreHandler.validate(
+ new UsernamePasswordCredential(name, password));
+
+ if (result.getStatus() == VALID) {
+ // Communicate the details of the authenticated user to the
+ // container. In many cases the underlying handler will just store the details
+ // and the container will actually handle the login after we return from
+ // this method.
+ return httpMessageContext.notifyContainerAboutLogin(
+ result.getCallerPrincipal(), result.getCallerGroups());
+ } else {
+ return httpMessageContext.responseUnauthorized();
+ }
+ }
+
+ return httpMessageContext.doNothing();
+ }
+
+ @Override
+ public AuthenticationStatus secureResponse(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
+ try {
+ response.getWriter().write(",secureResponse");
+ }catch (IOException e){
+ e.printStackTrace();
+ }
+ tagHttpRequest(request,"secureResponse");
+ return SUCCESS;
+ }
+
+ @Override
+ public void cleanSubject(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) {
+ try {
+ response.getWriter().write(",cleanSubject");
+ }catch (IOException e){
+ e.printStackTrace();
+ }
+ tagHttpRequest(request,"cleanSubject");
+ }
+
+ private void tagHttpRequest(HttpServletRequest request,String methodName){
+
+ if(request.getAttribute("methodInvList") == null){
+ List<String> invList= new ArrayList<>();
+ invList.add(methodName);
+ request.setAttribute("methodInvList", invList.stream().collect(Collectors.joining(",")));
+ }else{
+ String invListStr = (String)request.getAttribute("methodInvList");
+ List<String> invList = new ArrayList(Arrays.asList(invListStr.split(",")));
+ invList.add(methodName);
+ request.setAttribute("methodInvList", invList.stream().collect(Collectors.joining(",")));
+ }
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-ham-ordering/src/main/java/org/glassfish/soteria/test/TestIdentityStore.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-ham-ordering/src/main/java/org/glassfish/soteria/test/TestIdentityStore.java
new file mode 100644
index 0000000..0200b04
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-ham-ordering/src/main/java/org/glassfish/soteria/test/TestIdentityStore.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static java.util.Arrays.asList;
+import static javax.security.enterprise.identitystore.CredentialValidationResult.INVALID_RESULT;
+
+import java.util.HashSet;
+
+import javax.enterprise.context.RequestScoped;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.IdentityStore;
+import javax.security.enterprise.credential.UsernamePasswordCredential;
+
+@RequestScoped
+public class TestIdentityStore implements IdentityStore {
+
+ public CredentialValidationResult validate(UsernamePasswordCredential usernamePasswordCredential) {
+
+ if (usernamePasswordCredential.compareTo("reza", "secret1")) {
+ return new CredentialValidationResult("reza", new HashSet<>(asList("foo", "bar")));
+ }
+
+ return INVALID_RESULT;
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-ham-ordering/src/main/webapp/WEB-INF/beans.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-ham-ordering/src/main/webapp/WEB-INF/beans.xml
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-ham-ordering/src/main/webapp/WEB-INF/beans.xml
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-ham-ordering/src/main/webapp/WEB-INF/web.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-ham-ordering/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 0000000..09fffb4
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-ham-ordering/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app
+ xmlns="http://xmlns.jcp.org/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
+ version="3.1"
+>
+
+ <!-- Security constraints and roles. -->
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>User pages</web-resource-name>
+ <url-pattern>/protectedServlet</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>foo</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+
+ <security-role>
+ <role-name>foo</role-name>
+ </security-role>
+
+</web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-ham-ordering/src/test/java/org/glassfish/soteria/test/AppHAMOrderingIT.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-ham-ordering/src/test/java/org/glassfish/soteria/test/AppHAMOrderingIT.java
new file mode 100644
index 0000000..566f6c8
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-ham-ordering/src/test/java/org/glassfish/soteria/test/AppHAMOrderingIT.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static org.glassfish.soteria.test.Assert.*;
+import static org.glassfish.soteria.test.ShrinkWrap.mavenWar;
+import static org.junit.Assert.assertTrue;
+import org.glassfish.soteria.test.ArquillianBase;
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.shrinkwrap.api.Archive;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import org.junit.Rule;
+import org.junit.AfterClass;
+import org.junit.rules.TestWatcher;
+
+import com.gargoylesoftware.htmlunit.DefaultCredentialsProvider;
+import com.gargoylesoftware.htmlunit.WebResponse;
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+@RunWith(Arquillian.class)
+public class AppHAMOrderingIT extends ArquillianBase {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+ @Rule
+ public TestWatcher reportWatcher=new ReportWatcher(stat, "Security::soteria::AppHamOrdering");
+
+ @AfterClass
+ public static void printSummary(){
+ stat.printSummary();
+ }
+
+ @Deployment(testable = false)
+ public static Archive<?> createDeployment() {
+ return mavenWar();
+ }
+
+ @Test
+ public void testAuthenticatedValidateRequestAndSecureResponse() {
+ WebResponse response = responseFromServer("/servlet?name=reza&password=secret1");
+ assertDefaultAuthenticated(response);
+ assertTrue("Response did not contain correct ordering of validateRequest,secureResponse",
+ response.getContentAsString().contains("OrderingList: validateRequest,doGet,secureResponse"));
+ }
+
+ @Test
+ public void testAuthenticatedcleanSubject() {
+ WebResponse response = responseFromServer("/servlet?name=reza&password=secret1&doLogout=True");
+ assertDefaultAuthenticated(response);
+ assertTrue("Response did not correct ordering of validateRequest,secureResponse,cleanSubject",
+ response.getContentAsString().contains("OrderingList: validateRequest,doGet,cleanSubject,secureResponse"));
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-basic/pom.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-basic/pom.xml
new file mode 100644
index 0000000..0cd61a8
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-basic/pom.xml
@@ -0,0 +1,49 @@
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>soteria</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>app-mem-basic</artifactId>
+ <packaging>war</packaging>
+
+ <build>
+ <finalName>app-mem-basic</finalName>
+ </build>
+
+ <properties>
+ <failOnMissingWebXml>false</failOnMissingWebXml>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>common</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-basic/src/main/java/test/Servlet.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-basic/src/main/java/test/Servlet.java
new file mode 100644
index 0000000..da5e974
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-basic/src/main/java/test/Servlet.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package test;
+
+import java.io.IOException;
+
+import javax.annotation.security.DeclareRoles;
+import javax.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition;
+import org.glassfish.soteria.identitystores.annotation.Credentials;
+import org.glassfish.soteria.identitystores.annotation.EmbeddedIdentityStoreDefinition;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.HttpConstraint;
+import javax.servlet.annotation.ServletSecurity;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Test Servlet that prints out the name of the authenticated caller and whether
+ * this caller is in any of the roles {foo, bar, kaz}
+ */
+@BasicAuthenticationMechanismDefinition(
+ realmName="test realm"
+)
+
+@EmbeddedIdentityStoreDefinition({
+ @Credentials(callerName = "reza", password = "secret1", groups = { "foo", "bar" }),
+ @Credentials(callerName = "alex", password = "secret2", groups = { "foo", "kaz" }),
+ @Credentials(callerName = "arjan", password = "secret3", groups = { "foo" }) }
+)
+
+@WebServlet("/servlet")
+@DeclareRoles({ "foo", "bar", "kaz" })
+@ServletSecurity(@HttpConstraint(rolesAllowed = "foo"))
+public class Servlet extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ @Override
+ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+ response.getWriter().write("This is a servlet \n");
+
+ String webName = null;
+ if (request.getUserPrincipal() != null) {
+ webName = request.getUserPrincipal().getName();
+ }
+
+ response.getWriter().write("web username: " + webName + "\n");
+
+ response.getWriter().write("web user has role \"foo\": " + request.isUserInRole("foo") + "\n");
+ response.getWriter().write("web user has role \"bar\": " + request.isUserInRole("bar") + "\n");
+ response.getWriter().write("web user has role \"kaz\": " + request.isUserInRole("kaz") + "\n");
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-basic/src/main/webapp/WEB-INF/beans.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-basic/src/main/webapp/WEB-INF/beans.xml
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-basic/src/main/webapp/WEB-INF/beans.xml
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-basic/src/test/java/org/glassfish/soteria/test/AppMemBasicIT.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-basic/src/test/java/org/glassfish/soteria/test/AppMemBasicIT.java
new file mode 100644
index 0000000..6b07971
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-basic/src/test/java/org/glassfish/soteria/test/AppMemBasicIT.java
@@ -0,0 +1,123 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static org.glassfish.soteria.test.Assert.assertDefaultAuthenticated;
+import static org.glassfish.soteria.test.Assert.assertDefaultNotAuthenticated;
+import static org.glassfish.soteria.test.ShrinkWrap.mavenWar;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.shrinkwrap.api.Archive;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.Rule;
+import org.junit.AfterClass;
+import org.junit.rules.TestWatcher;
+
+import com.gargoylesoftware.htmlunit.DefaultCredentialsProvider;
+import com.gargoylesoftware.htmlunit.WebResponse;
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+@RunWith(Arquillian.class)
+public class AppMemBasicIT extends ArquillianBase {
+
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+ @Rule
+ public TestWatcher reportWatcher=new ReportWatcher(stat, "Security::soteria::AppMemBasic");
+
+ @AfterClass
+ public static void printSummary(){
+ stat.printSummary();
+ }
+
+ @Deployment(testable = false)
+ public static Archive<?> createDeployment() {
+ return mavenWar();
+ }
+
+ @Test
+ public void testAuthenticated() {
+
+ DefaultCredentialsProvider credentialsProvider = new DefaultCredentialsProvider();
+ credentialsProvider.addCredentials("reza", "secret1");
+
+ getWebClient().setCredentialsProvider(credentialsProvider);
+
+ assertDefaultAuthenticated(
+ readFromServer("/servlet"));
+ }
+
+ @Test
+ public void testNotAuthenticated() {
+
+ WebResponse response = responseFromServer("/servlet");
+
+ assertEquals(401, response.getStatusCode());
+
+ assertTrue(
+ "Response did not contain the \"WWW-Authenticate\" header, but should have",
+ response.getResponseHeaderValue("WWW-Authenticate") != null);
+
+ assertDefaultNotAuthenticated(
+ response.getContentAsString());
+ }
+
+ @Test
+ public void testNotAuthenticatedWrongName() {
+
+ DefaultCredentialsProvider credentialsProvider = new DefaultCredentialsProvider();
+ credentialsProvider.addCredentials("romo", "secret1");
+
+ getWebClient().setCredentialsProvider(credentialsProvider);
+
+ WebResponse response = responseFromServer("/servlet");
+
+ assertEquals(401, response.getStatusCode());
+
+ assertTrue(
+ "Response did not contain the \"WWW-Authenticate\" header, but should have",
+ response.getResponseHeaderValue("WWW-Authenticate") != null);
+
+ assertDefaultNotAuthenticated(
+ response.getContentAsString());
+ }
+
+ @Test
+ public void testNotAuthenticatedWrongPassword() {
+
+ DefaultCredentialsProvider credentialsProvider = new DefaultCredentialsProvider();
+ credentialsProvider.addCredentials("reza", "wrongpassword");
+
+ getWebClient().setCredentialsProvider(credentialsProvider);
+
+ WebResponse response = responseFromServer("/servlet");
+
+ assertEquals(401, response.getStatusCode());
+
+ assertTrue(
+ "Response did not contain the \"WWW-Authenticate\" header, but should have",
+ response.getResponseHeaderValue("WWW-Authenticate") != null);
+
+ assertDefaultNotAuthenticated(
+ response.getContentAsString());
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-form/pom.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-form/pom.xml
new file mode 100644
index 0000000..66fcf94
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-form/pom.xml
@@ -0,0 +1,48 @@
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>soteria</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>app-mem-form</artifactId>
+ <packaging>war</packaging>
+
+ <build>
+ <finalName>app-mem-form</finalName>
+ </build>
+
+ <properties>
+ <failOnMissingWebXml>false</failOnMissingWebXml>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>common</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-form/src/main/java/org/glassfish/soteria/test/ApplicationConfig.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-form/src/main/java/org/glassfish/soteria/test/ApplicationConfig.java
new file mode 100644
index 0000000..36b4ce8
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-form/src/main/java/org/glassfish/soteria/test/ApplicationConfig.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.inject.Named;
+
+
+@ApplicationScoped
+@Named("appConfig")
+public class ApplicationConfig {
+ public String getLoginPage(){
+ return login_page;
+ }
+ private String login_page = "/login-servlet";
+ private String error_page = "/login-error-servlet";
+
+ public String getErrorPage() {
+ return error_page;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-form/src/main/java/org/glassfish/soteria/test/LoginErrorServlet.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-form/src/main/java/org/glassfish/soteria/test/LoginErrorServlet.java
new file mode 100644
index 0000000..5396621
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-form/src/main/java/org/glassfish/soteria/test/LoginErrorServlet.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Servlet that is invoked when the caller did not authenticate correctly
+ *
+ *
+ */
+@WebServlet({"/login-error-servlet"})
+public class LoginErrorServlet extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ @Override
+ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+ response.getWriter().write(
+ // Just as example for the mechanism, not likely to be used
+ // in practice like this
+ "<html><body> Login failed! \n" +
+ "<a href=\"login-servlet\">Try again</a>" +
+ "</body></html>");
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-form/src/main/java/org/glassfish/soteria/test/LoginServlet.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-form/src/main/java/org/glassfish/soteria/test/LoginServlet.java
new file mode 100644
index 0000000..fca85ee
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-form/src/main/java/org/glassfish/soteria/test/LoginServlet.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Servlet that is invoked when it's determined that the caller needs to authenticate/login.
+ *
+ */
+@WebServlet({"/login-servlet"})
+public class LoginServlet extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ @Override
+ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+ response.getWriter().write(
+ "<html><body> Login to continue \n" +
+ "<form method=\"POST\" action=\"j_security_check\">" +
+ "<p><strong>Username </strong>" +
+ "<input type=\"text\" name=\"j_username\">" +
+
+ "<p><strong>Password </strong>" +
+ "<input type=\"password\" name=\"j_password\">" +
+ "<p>" +
+ "<input type=\"submit\" value=\"Submit\">" +
+ "</form>" +
+ "</body></html>");
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-form/src/main/java/org/glassfish/soteria/test/Servlet.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-form/src/main/java/org/glassfish/soteria/test/Servlet.java
new file mode 100644
index 0000000..bf186f6
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-form/src/main/java/org/glassfish/soteria/test/Servlet.java
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import java.io.IOException;
+
+import javax.annotation.security.DeclareRoles;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.HttpConstraint;
+import javax.servlet.annotation.ServletSecurity;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.security.enterprise.authentication.mechanism.http.*;
+
+/**
+ * Test Servlet that prints out the name of the authenticated caller and whether
+ * this caller is in any of the roles {foo, bar, kaz}
+ */
+
+@FormAuthenticationMechanismDefinition(
+ loginToContinue = @LoginToContinue(
+ loginPage="${appConfig.getLoginPage()}",
+ errorPage="#{appConfig.getErrorPage()}"
+ )
+)
+@WebServlet("/servlet")
+@DeclareRoles({ "foo", "bar", "kaz" })
+@ServletSecurity(@HttpConstraint(rolesAllowed = "foo"))
+public class Servlet extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ @Override
+ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+ String webName = null;
+ if (request.getUserPrincipal() != null) {
+ webName = request.getUserPrincipal().getName();
+ }
+
+ response.getWriter().write(
+ "<html><body> This is a servlet <br><br>\n" +
+
+ "web username: " + webName + "<br><br>\n" +
+
+ "web user has role \"foo\": " + request.isUserInRole("foo") + "<br>\n" +
+ "web user has role \"bar\": " + request.isUserInRole("bar") + "<br>\n" +
+ "web user has role \"kaz\": " + request.isUserInRole("kaz") + "<br><br>\n" +
+
+
+ "<form method=\"POST\">" +
+ "<input type=\"hidden\" name=\"logout\" value=\"true\" >" +
+ "<input type=\"submit\" value=\"Logout\">" +
+ "</form>" +
+ "</body></html>");
+ }
+
+ @Override
+ public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+ if ("true".equals(request.getParameter("logout"))) {
+ request.logout();
+ request.getSession().invalidate();
+ }
+
+ doGet(request, response);
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-form/src/main/java/org/glassfish/soteria/test/TestIdentityStore.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-form/src/main/java/org/glassfish/soteria/test/TestIdentityStore.java
new file mode 100644
index 0000000..96b943c
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-form/src/main/java/org/glassfish/soteria/test/TestIdentityStore.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static java.util.Arrays.asList;
+import static javax.security.enterprise.identitystore.CredentialValidationResult.INVALID_RESULT;
+
+import java.util.HashSet;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.security.enterprise.credential.UsernamePasswordCredential;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.IdentityStore;
+
+@ApplicationScoped
+public class TestIdentityStore implements IdentityStore {
+
+ public CredentialValidationResult validate(UsernamePasswordCredential usernamePasswordCredential) {
+
+ if (usernamePasswordCredential.compareTo("reza", "secret1")) {
+ return new CredentialValidationResult("reza", new HashSet<>(asList("foo", "bar")));
+ }
+
+ return INVALID_RESULT;
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-form/src/main/webapp/WEB-INF/beans.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-form/src/main/webapp/WEB-INF/beans.xml
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-form/src/main/webapp/WEB-INF/beans.xml
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-form/src/test/java/org/glassfish/soteria/test/AppMemFormIT.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-form/src/test/java/org/glassfish/soteria/test/AppMemFormIT.java
new file mode 100644
index 0000000..3641671
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-mem-form/src/test/java/org/glassfish/soteria/test/AppMemFormIT.java
@@ -0,0 +1,258 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static org.glassfish.soteria.test.Assert.assertDefaultAuthenticated;
+import static org.glassfish.soteria.test.Assert.assertDefaultNotAuthenticated;
+import static org.glassfish.soteria.test.ShrinkWrap.mavenWar;
+import static org.junit.Assert.assertTrue;
+
+import java.io.IOException;
+
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.shrinkwrap.api.Archive;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import com.gargoylesoftware.htmlunit.html.HtmlForm;
+import com.gargoylesoftware.htmlunit.html.HtmlPage;
+
+
+@RunWith(Arquillian.class)
+public class AppMemFormIT extends ArquillianBase {
+
+ @Deployment(testable = false)
+ public static Archive<?> createDeployment() {
+ return mavenWar();
+ }
+
+ @Test
+ public void testAuthenticated() throws IOException {
+
+
+ // 1. Initially request protected page when we're not authenticated
+
+ HtmlPage loginPage = pageFromServer("/servlet");
+
+
+ // 2. Server should forward to login page
+
+ assertTrue(
+ "The login page should have been displayed, but was not",
+ loginPage.getWebResponse().getContentAsString().contains("Login to continue")
+ );
+
+
+ // 3. Submit the form on the login page with the correct credentials
+
+ HtmlForm form = loginPage.getForms().get(0);
+
+ form.getInputByName("j_username")
+ .setValueAttribute("reza");
+
+ form.getInputByName("j_password")
+ .setValueAttribute("secret1");
+
+ HtmlPage page = form.getInputByValue("Submit")
+ .click();
+
+ // Has to be authenticted now
+ assertDefaultAuthenticated(
+ page.getWebResponse()
+ .getContentAsString());
+
+
+ // 4. Request page again. FORM is stateful (http session bound) so
+ // still has to be authenticated.
+
+ page = pageFromServer("/servlet");
+
+ System.out.println("+++++++++++STEP 4 +++++++++++++ (before assertDefaultAuthenticated) \n\n\n\n" + page.getWebResponse()
+ .getContentAsString());
+
+ assertDefaultAuthenticated(
+ page.getWebResponse()
+ .getContentAsString());
+
+
+ // 5. Logout
+
+ System.out.println("*** STEP 5 ***** (before get logout) " + page.asXml());
+
+ page = page.getForms()
+ .get(0)
+ .getInputByValue("Logout")
+ .click();
+
+ // Has to be logged out now (page will still be rendered, but with
+ // web username null and no roles.
+
+ assertDefaultNotAuthenticated(
+ page.getWebResponse()
+ .getContentAsString());
+
+
+
+ // 6. Request page again. Should still be logged out
+ // (and will display login to continue again now)
+
+ assertDefaultNotAuthenticated(
+ readFromServer("/servlet"));
+
+ }
+
+ @Test
+ public void testNotAuthenticatedWrongName() throws IOException {
+
+ // 1. Initially request protected page when we're not authenticated
+
+ HtmlPage loginPage = pageFromServer("/servlet");
+
+
+ // 2. Server should forward to login page
+
+ assertTrue(
+ "The login page should have been displayed, but was not",
+ loginPage.getWebResponse().getContentAsString().contains("Login to continue")
+ );
+
+
+ // 3. Submit the form on the login page with the correct credentials
+
+ HtmlForm form = loginPage.getForms().get(0);
+
+ form.getInputByName("j_username")
+ .setValueAttribute("romo");
+
+ form.getInputByName("j_password")
+ .setValueAttribute("secret1");
+
+ HtmlPage page = form.getInputByValue("Submit")
+ .click();
+
+ assertTrue(
+ "The error page should have been displayed, but was not",
+ page.getWebResponse().getContentAsString().contains("Login failed!")
+ );
+
+ // Should not be authenticted now
+ assertDefaultNotAuthenticated(
+ page.getWebResponse()
+ .getContentAsString());
+
+ }
+
+ @Test
+ public void testNotAuthenticatedWrongPassword() throws IOException {
+
+ // 1. Initially request protected page when we're not authenticated
+
+ HtmlPage loginPage = pageFromServer("/servlet");
+
+
+ // 2. Server should forward to login page
+
+ assertTrue(
+ "The login page should have been displayed, but was not",
+ loginPage.getWebResponse().getContentAsString().contains("Login to continue")
+ );
+
+
+ // 3. Submit the form on the login page with the *wrong* credentials
+
+ HtmlForm form = loginPage.getForms().get(0);
+
+ form.getInputByName("j_username")
+ .setValueAttribute("reza");
+
+ form.getInputByName("j_password")
+ .setValueAttribute("wrongpassword");
+
+ HtmlPage page = form.getInputByValue("Submit")
+ .click();
+
+ assertTrue(
+ "The error page should have been displayed, but was not",
+ page.getWebResponse().getContentAsString().contains("Login failed!")
+ );
+
+ // Should not be authenticted now
+ assertDefaultNotAuthenticated(
+ page.getWebResponse()
+ .getContentAsString());
+
+ }
+
+ @Test
+ public void testNotAuthenticatedInitiallyWrongNameThenCorrect() throws IOException {
+
+ // 1. Initially request protected page when we're not authenticated
+
+ HtmlPage loginPage = pageFromServer("/servlet");
+
+
+ // 2. Server should forward to login page
+
+ assertTrue(
+ "The login page should have been displayed, but was not",
+ loginPage.getWebResponse().getContentAsString().contains("Login to continue")
+ );
+
+
+ // 3. Submit the form on the login page with the correct credentials
+
+ HtmlForm form = loginPage.getForms().get(0);
+
+ form.getInputByName("j_username")
+ .setValueAttribute("romo");
+
+ form.getInputByName("j_password")
+ .setValueAttribute("secret1");
+
+ HtmlPage errorPage = form.getInputByValue("Submit")
+ .click();
+
+ // Should not be authenticted now
+ assertDefaultNotAuthenticated(
+ errorPage.getWebResponse()
+ .getContentAsString());
+
+
+ // 4. Request login page directly, and now submit with the correct credentials
+ // (note that the initial target URL of /servlet should still be remembered)
+
+ loginPage = pageFromServer("/login-servlet");
+
+ form = loginPage.getForms().get(0);
+
+ form.getInputByName("j_username")
+ .setValueAttribute("reza");
+
+ form.getInputByName("j_password")
+ .setValueAttribute("secret1");
+
+ HtmlPage page = form.getInputByValue("Submit")
+ .click();
+
+ // Has to be authenticted now
+ assertDefaultAuthenticated(
+ page.getWebResponse()
+ .getContentAsString());
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store-backup/pom.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store-backup/pom.xml
new file mode 100644
index 0000000..41289ff
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store-backup/pom.xml
@@ -0,0 +1,48 @@
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>soteria</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>app-multiple-store-backup</artifactId>
+ <packaging>war</packaging>
+
+ <build>
+ <finalName>app-multiple-store-backup</finalName>
+ </build>
+
+ <properties>
+ <failOnMissingWebXml>false</failOnMissingWebXml>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>common</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store-backup/src/main/java/org/glassfish/soteria/test/Servlet.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store-backup/src/main/java/org/glassfish/soteria/test/Servlet.java
new file mode 100644
index 0000000..1f39e80
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store-backup/src/main/java/org/glassfish/soteria/test/Servlet.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import java.io.IOException;
+
+import javax.annotation.security.DeclareRoles;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Test Servlet that prints out the name of the authenticated caller and whether
+ * this caller is in any of the roles {foo, bar, kaz}
+ */
+@DeclareRoles({ "foo", "bar", "kaz" })
+@WebServlet("/servlet")
+public class Servlet extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ @Override
+ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+ response.getWriter().write("This is a servlet \n");
+
+ String webName = null;
+ if (request.getUserPrincipal() != null) {
+ webName = request.getUserPrincipal().getName();
+ }
+
+ response.getWriter().write("web username: " + webName + "\n");
+
+ response.getWriter().write("web user has role \"foo\": " + request.isUserInRole("foo") + "\n");
+ response.getWriter().write("web user has role \"bar\": " + request.isUserInRole("bar") + "\n");
+ response.getWriter().write("web user has role \"kaz\": " + request.isUserInRole("kaz") + "\n");
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store-backup/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store-backup/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java
new file mode 100644
index 0000000..010114c
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store-backup/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static javax.security.enterprise.identitystore.CredentialValidationResult.Status.VALID;
+import static org.glassfish.soteria.Utils.notNull;
+
+import javax.enterprise.context.RequestScoped;
+import javax.inject.Inject;
+import javax.security.enterprise.AuthenticationException;
+import javax.security.enterprise.AuthenticationStatus;
+import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
+import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
+import javax.security.enterprise.credential.Password;
+import javax.security.enterprise.credential.UsernamePasswordCredential;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.IdentityStoreHandler;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@RequestScoped
+public class TestAuthenticationMechanism implements HttpAuthenticationMechanism {
+
+ @Inject
+ private IdentityStoreHandler identityStoreHandler;
+
+ @Override
+ public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
+
+ if (notNull(request.getParameter("name"), request.getParameter("password"))) {
+
+ // Get the (caller) name and password from the request
+ // NOTE: This is for the smallest possible example only. In practice
+ // putting the password in a request query parameter is highly
+ // insecure
+ String name = request.getParameter("name");
+ Password password = new Password(request.getParameter("password"));
+
+ // Delegate the {credentials in -> identity data out} function to
+ // the Identity Store
+ CredentialValidationResult result = identityStoreHandler.validate(
+ new UsernamePasswordCredential(name, password));
+
+ if (result.getStatus() == VALID) {
+ // Communicate the details of the authenticated user to the
+ // container. In many cases the underlying handler will just store the details
+ // and the container will actually handle the login after we return from
+ // this method.
+ return httpMessageContext.notifyContainerAboutLogin(
+ result.getCallerPrincipal(), result.getCallerGroups());
+ }
+
+ return httpMessageContext.responseUnauthorized();
+ }
+
+ return httpMessageContext.doNothing();
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store-backup/src/main/java/org/glassfish/soteria/test/TestBackupIdentityStore.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store-backup/src/main/java/org/glassfish/soteria/test/TestBackupIdentityStore.java
new file mode 100644
index 0000000..bd37a01
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store-backup/src/main/java/org/glassfish/soteria/test/TestBackupIdentityStore.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static java.util.Arrays.asList;
+import static javax.security.enterprise.identitystore.CredentialValidationResult.INVALID_RESULT;
+import static javax.security.enterprise.identitystore.CredentialValidationResult.NOT_VALIDATED_RESULT;
+
+import java.util.HashSet;
+
+import javax.enterprise.context.RequestScoped;
+import javax.security.enterprise.credential.Credential;
+import javax.security.enterprise.credential.UsernamePasswordCredential;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.IdentityStore;
+
+@RequestScoped
+public class TestBackupIdentityStore implements IdentityStore {
+
+ @Override
+ public CredentialValidationResult validate(Credential credential) {
+ if (credential instanceof UsernamePasswordCredential) {
+ return validate((UsernamePasswordCredential) credential);
+ }
+
+ return NOT_VALIDATED_RESULT;
+ }
+
+ public CredentialValidationResult validate(UsernamePasswordCredential usernamePasswordCredential) {
+
+ if (usernamePasswordCredential.getCaller().equals("reza") &&
+ usernamePasswordCredential.getPassword().compareTo("secret2")) {
+
+ return new CredentialValidationResult("reza", new HashSet<>(asList("foo", "bar")));
+ }
+
+ if (usernamePasswordCredential.getCaller().equals("alex") &&
+ usernamePasswordCredential.getPassword().compareTo("verysecret")) {
+
+ return new CredentialValidationResult("alex", new HashSet<>(asList("foo", "bar")));
+ }
+
+ return INVALID_RESULT;
+ }
+
+ public int priority() {
+ return 20;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store-backup/src/main/java/org/glassfish/soteria/test/TestIdentityStore.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store-backup/src/main/java/org/glassfish/soteria/test/TestIdentityStore.java
new file mode 100644
index 0000000..c442d7c
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store-backup/src/main/java/org/glassfish/soteria/test/TestIdentityStore.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static java.util.Arrays.asList;
+import static javax.security.enterprise.identitystore.CredentialValidationResult.INVALID_RESULT;
+import static javax.security.enterprise.identitystore.CredentialValidationResult.NOT_VALIDATED_RESULT;
+
+import java.util.HashSet;
+
+import javax.enterprise.context.RequestScoped;
+import javax.security.enterprise.credential.Credential;
+import javax.security.enterprise.credential.UsernamePasswordCredential;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.IdentityStore;
+
+@RequestScoped
+public class TestIdentityStore implements IdentityStore {
+
+ @Override
+ public CredentialValidationResult validate(Credential credential) {
+ if (credential instanceof UsernamePasswordCredential) {
+ return validate((UsernamePasswordCredential) credential);
+ }
+
+ return NOT_VALIDATED_RESULT;
+ }
+
+ public CredentialValidationResult validate(UsernamePasswordCredential usernamePasswordCredential) {
+
+ if (usernamePasswordCredential.getCaller().equals("reza") &&
+ usernamePasswordCredential.getPassword().compareTo("secret1")) {
+
+ return new CredentialValidationResult("reza", new HashSet<>(asList("foo", "bar")));
+ }
+
+ return INVALID_RESULT;
+ }
+
+ public int priority() {
+ return 10;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store-backup/src/main/webapp/WEB-INF/beans.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store-backup/src/main/webapp/WEB-INF/beans.xml
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store-backup/src/main/webapp/WEB-INF/beans.xml
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store-backup/src/main/webapp/WEB-INF/glassfish-web.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store-backup/src/main/webapp/WEB-INF/glassfish-web.xml
new file mode 100644
index 0000000..6937244
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store-backup/src/main/webapp/WEB-INF/glassfish-web.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<glassfish-web-app>
+
+ <security-role-mapping>
+ <role-name>foo</role-name>
+ <group-name>foo</group-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>bar</role-name>
+ <group-name>bar</group-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>kaz</role-name>
+ <group-name>kaz</group-name>
+ </security-role-mapping>
+
+ <parameter-encoding default-charset="UTF-8" />
+
+</glassfish-web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store-backup/src/test/java/org/glassfish/soteria/test/AppMultipleStoreBackupIT.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store-backup/src/test/java/org/glassfish/soteria/test/AppMultipleStoreBackupIT.java
new file mode 100644
index 0000000..d9c48d7
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store-backup/src/test/java/org/glassfish/soteria/test/AppMultipleStoreBackupIT.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static org.glassfish.soteria.test.Assert.assertDefaultAuthenticated;
+import static org.glassfish.soteria.test.Assert.assertDefaultNotAuthenticated;
+import static org.glassfish.soteria.test.ShrinkWrap.mavenWar;
+
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.shrinkwrap.api.Archive;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+import org.junit.Rule;
+import org.junit.AfterClass;
+import org.junit.rules.TestWatcher;
+
+@RunWith(Arquillian.class)
+public class AppMultipleStoreBackupIT extends ArquillianBase {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+ @Rule
+ public TestWatcher reportWatcher=new ReportWatcher(stat, "Security::soteria::AppMultipleStoreBackup");
+
+ @AfterClass
+ public static void printSummary(){
+ stat.printSummary();
+ }
+
+ @Deployment(testable = false)
+ public static Archive<?> createDeployment() {
+ return mavenWar();
+ }
+
+ @Test
+ public void testAuthenticated() {
+ assertDefaultAuthenticated(
+ readFromServer("/servlet?name=reza&password=secret1"));
+ }
+
+ @Test
+ public void testAuthenticatedBackupPassword() {
+ // This will first try the initial store which will fail, then
+ // tries the second store, which should succeeded. The user
+ // is present in both stores but with different passwords.
+ assertDefaultAuthenticated(
+ readFromServer("/servlet?name=reza&password=secret2"));
+ }
+
+ @Test
+ public void testAuthenticatedBackupUser() {
+ // This will first try the initial store which will fail, then
+ // tries the second store, which should succeeded. The user
+ // is only present in the second store.
+ Assert.assertAuthenticated(
+ "web", "alex",
+ readFromServer("/servlet?name=alex&password=verysecret"));
+ }
+
+ @Test
+ public void testNotAuthenticated() {
+ assertDefaultNotAuthenticated(
+ readFromServer("/servlet"));
+ }
+
+ @Test
+ public void testNotAuthenticatedWrongName() {
+ assertDefaultNotAuthenticated(
+ readFromServer("/servlet?name=romo&password=secret1"));
+ }
+
+ @Test
+ public void testNotAuthenticatedWrongPassword() {
+ assertDefaultNotAuthenticated(
+ readFromServer("/servlet?name=reza&password=wrongpassword"));
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store/pom.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store/pom.xml
new file mode 100644
index 0000000..e89c91b
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store/pom.xml
@@ -0,0 +1,47 @@
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>soteria</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>app-multiple-store</artifactId>
+ <packaging>war</packaging>
+
+ <build>
+ <finalName>app-multiple-store</finalName>
+ </build>
+
+ <properties>
+ <failOnMissingWebXml>false</failOnMissingWebXml>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>common</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store/src/main/java/org/glassfish/soteria/test/AuthenticationIdentityStore.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store/src/main/java/org/glassfish/soteria/test/AuthenticationIdentityStore.java
new file mode 100644
index 0000000..c7a3acc
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store/src/main/java/org/glassfish/soteria/test/AuthenticationIdentityStore.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static java.util.Arrays.asList;
+import static javax.security.enterprise.identitystore.CredentialValidationResult.INVALID_RESULT;
+import static javax.security.enterprise.identitystore.CredentialValidationResult.NOT_VALIDATED_RESULT;
+import static javax.security.enterprise.identitystore.IdentityStore.ValidationType.VALIDATE;
+
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+import javax.annotation.PostConstruct;
+import javax.enterprise.context.RequestScoped;
+import javax.security.enterprise.credential.Credential;
+import javax.security.enterprise.credential.UsernamePasswordCredential;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.IdentityStore;
+
+/**
+ *
+ */
+@RequestScoped
+public class AuthenticationIdentityStore implements IdentityStore {
+
+ private Map<String, String> callerToPassword;
+
+ @PostConstruct
+ public void init() {
+ callerToPassword = new HashMap<>();
+ callerToPassword.put("reza", "secret1");
+ callerToPassword.put("alex", "secret2");
+ callerToPassword.put("arjan", "secret3");
+ }
+
+ @Override
+ public CredentialValidationResult validate(Credential credential) {
+ CredentialValidationResult result;
+
+ if (credential instanceof UsernamePasswordCredential) {
+ UsernamePasswordCredential usernamePassword = (UsernamePasswordCredential) credential;
+ String expectedPW = callerToPassword.get(usernamePassword.getCaller());
+ // We don't allow empty passwords :)
+ if (expectedPW != null && expectedPW.equals(usernamePassword.getPasswordAsString())) {
+ result = new CredentialValidationResult(usernamePassword.getCaller());
+ } else {
+ result = INVALID_RESULT;
+ }
+ } else {
+ result = NOT_VALIDATED_RESULT;
+ }
+
+ return result;
+ }
+
+ @Override
+ public Set<ValidationType> validationTypes() {
+ return new HashSet<>(asList(VALIDATE));
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store/src/main/java/org/glassfish/soteria/test/AuthorizationIdentityStore.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store/src/main/java/org/glassfish/soteria/test/AuthorizationIdentityStore.java
new file mode 100644
index 0000000..4d167a5
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store/src/main/java/org/glassfish/soteria/test/AuthorizationIdentityStore.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static java.util.Arrays.asList;
+import static javax.security.enterprise.identitystore.IdentityStore.ValidationType.PROVIDE_GROUPS;
+
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+import javax.annotation.PostConstruct;
+import javax.enterprise.context.RequestScoped;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.IdentityStore;
+
+/**
+ *
+ */
+@RequestScoped
+public class AuthorizationIdentityStore implements IdentityStore {
+
+ private Map<String, Set<String>> authorization;
+
+ @PostConstruct
+ public void init() {
+ authorization = new HashMap<>();
+
+ authorization.put("reza", new HashSet<>(asList("foo", "bar")));
+ authorization.put("alex", new HashSet<>(asList("foo", "foo", "kaz")));
+ authorization.put("arjan", new HashSet<>(asList("foo", "foo")));
+
+ }
+
+ @Override
+ public Set<String> getCallerGroups(CredentialValidationResult validationResult) {
+ return authorization.get(validationResult.getCallerPrincipal().getName());
+ }
+
+ @Override
+ public Set<ValidationType> validationTypes() {
+ return new HashSet<>(asList(PROVIDE_GROUPS));
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store/src/main/java/org/glassfish/soteria/test/Servlet.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store/src/main/java/org/glassfish/soteria/test/Servlet.java
new file mode 100644
index 0000000..1f39e80
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store/src/main/java/org/glassfish/soteria/test/Servlet.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import java.io.IOException;
+
+import javax.annotation.security.DeclareRoles;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Test Servlet that prints out the name of the authenticated caller and whether
+ * this caller is in any of the roles {foo, bar, kaz}
+ */
+@DeclareRoles({ "foo", "bar", "kaz" })
+@WebServlet("/servlet")
+public class Servlet extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ @Override
+ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+ response.getWriter().write("This is a servlet \n");
+
+ String webName = null;
+ if (request.getUserPrincipal() != null) {
+ webName = request.getUserPrincipal().getName();
+ }
+
+ response.getWriter().write("web username: " + webName + "\n");
+
+ response.getWriter().write("web user has role \"foo\": " + request.isUserInRole("foo") + "\n");
+ response.getWriter().write("web user has role \"bar\": " + request.isUserInRole("bar") + "\n");
+ response.getWriter().write("web user has role \"kaz\": " + request.isUserInRole("kaz") + "\n");
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java
new file mode 100644
index 0000000..87a57f6
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java
@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static javax.security.enterprise.identitystore.CredentialValidationResult.Status.VALID;
+import static org.glassfish.soteria.Utils.notNull;
+
+import javax.enterprise.context.RequestScoped;
+import javax.inject.Inject;
+import javax.security.enterprise.AuthenticationException;
+import javax.security.enterprise.AuthenticationStatus;
+import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
+import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
+import javax.security.enterprise.credential.Password;
+import javax.security.enterprise.credential.UsernamePasswordCredential;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.IdentityStoreHandler;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@RequestScoped
+public class TestAuthenticationMechanism implements HttpAuthenticationMechanism {
+
+ @Inject
+ private IdentityStoreHandler identityStoreHandler;
+
+ @Override
+ public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
+
+ if (notNull(request.getParameter("name"), request.getParameter("password"))) {
+
+ // Get the (caller) name and password from the request
+ // NOTE: This is for the smallest possible example only. In practice
+ // putting the password in a request query parameter is highly
+ // insecure
+ String name = request.getParameter("name");
+ Password password = new Password(request.getParameter("password"));
+
+ // Delegate the {credentials in -> identity data out} function to
+ // the Identity Store
+ CredentialValidationResult result = identityStoreHandler.validate(
+ new UsernamePasswordCredential(name, password));
+
+ if (result.getStatus() == VALID) {
+ // Communicate the details of the authenticated user to the
+ // container. In many cases the underlying handler will just store the details
+ // and the container will actually handle the login after we return from
+ // this method.
+ return httpMessageContext.notifyContainerAboutLogin(
+ result.getCallerPrincipal(), result.getCallerGroups());
+ }
+
+ return httpMessageContext.responseUnauthorized();
+
+ }
+
+ return httpMessageContext.doNothing();
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store/src/main/webapp/WEB-INF/beans.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store/src/main/webapp/WEB-INF/beans.xml
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store/src/main/webapp/WEB-INF/beans.xml
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store/src/main/webapp/WEB-INF/glassfish-web.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store/src/main/webapp/WEB-INF/glassfish-web.xml
new file mode 100644
index 0000000..6937244
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store/src/main/webapp/WEB-INF/glassfish-web.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<glassfish-web-app>
+
+ <security-role-mapping>
+ <role-name>foo</role-name>
+ <group-name>foo</group-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>bar</role-name>
+ <group-name>bar</group-name>
+ </security-role-mapping>
+
+ <security-role-mapping>
+ <role-name>kaz</role-name>
+ <group-name>kaz</group-name>
+ </security-role-mapping>
+
+ <parameter-encoding default-charset="UTF-8" />
+
+</glassfish-web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store/src/test/java/org/glassfish/soteria/test/AppMultipleStoreIT.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store/src/test/java/org/glassfish/soteria/test/AppMultipleStoreIT.java
new file mode 100644
index 0000000..120633c
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-multiple-store/src/test/java/org/glassfish/soteria/test/AppMultipleStoreIT.java
@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.shrinkwrap.api.Archive;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+import org.junit.Rule;
+import org.junit.AfterClass;
+import org.junit.rules.TestWatcher;
+
+import static org.glassfish.soteria.test.Assert.assertDefaultAuthenticated;
+import static org.glassfish.soteria.test.Assert.assertDefaultNotAuthenticated;
+import static org.glassfish.soteria.test.ShrinkWrap.mavenWar;
+
+@RunWith(Arquillian.class)
+public class AppMultipleStoreIT extends ArquillianBase {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+ @Rule
+ public TestWatcher reportWatcher=new ReportWatcher(stat, "Security::soteria::AppMultipleStore");
+
+ @AfterClass
+ public static void printSummary(){
+ stat.printSummary();
+ }
+
+ @Deployment(testable = false)
+ public static Archive<?> createDeployment() {
+ return mavenWar();
+ }
+
+ @Test
+ public void testAuthenticated() {
+ assertDefaultAuthenticated(
+ readFromServer("/servlet?name=reza&password=secret1"));
+ }
+
+ @Test
+ public void testNotAuthenticated() {
+ assertDefaultNotAuthenticated(
+ readFromServer("/servlet"));
+ }
+
+ @Test
+ public void testNotAuthenticatedWrongName() {
+ assertDefaultNotAuthenticated(
+ readFromServer("/servlet?name=romo&password=secret1"));
+ }
+
+ @Test
+ public void testNotAuthenticatedWrongPassword() {
+ assertDefaultNotAuthenticated(
+ readFromServer("/servlet?name=reza&password=wrongpassword"));
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-no-application-caller-principal/README.md b/appserver/tests/appserv-tests/devtests/security/soteria/app-no-application-caller-principal/README.md
new file mode 100644
index 0000000..fea016a
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-no-application-caller-principal/README.md
@@ -0,0 +1,10 @@
+
+### app-no-application-caller-principal
+
+**From JSR 375 Specification**
+
+> **1.2.2. Caller Principal Types**
+
+> When no specific application caller principal is supplied during authentication, the caller’s identity should be represented by a single principal, the container’s caller principal.
+
+In this test, no application caller principal is provided when container gets notified about login inside `TestAuthenticationMechanism`.
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-no-application-caller-principal/pom.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-no-application-caller-principal/pom.xml
new file mode 100644
index 0000000..c43ab37
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-no-application-caller-principal/pom.xml
@@ -0,0 +1,47 @@
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>soteria</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>app-no-application-caller-principal</artifactId>
+ <packaging>war</packaging>
+
+ <build>
+ <finalName>app-no-application-caller-principal</finalName>
+ </build>
+
+ <properties>
+ <failOnMissingWebXml>false</failOnMissingWebXml>
+ </properties>
+ <dependencies>
+ <dependency>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>common</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-no-application-caller-principal/src/main/java/org/glassfish/soteria/test/AppPrincipal.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-no-application-caller-principal/src/main/java/org/glassfish/soteria/test/AppPrincipal.java
new file mode 100644
index 0000000..8735509
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-no-application-caller-principal/src/main/java/org/glassfish/soteria/test/AppPrincipal.java
@@ -0,0 +1,32 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import java.security.Principal;
+
+public class AppPrincipal implements Principal {
+ String name;
+
+ public AppPrincipal(String name){
+ this.name = name;
+ }
+
+ @Override
+ public String getName() {
+ return name;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-no-application-caller-principal/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-no-application-caller-principal/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java
new file mode 100644
index 0000000..ffcbffa
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-no-application-caller-principal/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static javax.security.enterprise.identitystore.CredentialValidationResult.Status.VALID;
+
+import javax.enterprise.context.RequestScoped;
+import javax.inject.Inject;
+import javax.security.enterprise.AuthenticationStatus;
+import javax.security.enterprise.AuthenticationException;
+import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
+import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.IdentityStoreHandler;
+import javax.security.enterprise.credential.UsernamePasswordCredential;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@RequestScoped
+public class TestAuthenticationMechanism implements HttpAuthenticationMechanism {
+
+ @Inject
+ private IdentityStoreHandler identityStoreHandler;
+
+ @Override
+ public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
+
+ // Get the (caller) name and password from the request
+ // NOTE: This is for the smallest possible example only. In practice
+ // putting the password in a request query parameter is highly
+ // insecure
+ String name = request.getParameter("name");
+ String password = request.getParameter("password");
+
+ if (name != null && password != null) {
+
+ // Delegate the {credentials in -> identity data out} function to
+ // the Identity Store
+ CredentialValidationResult result = identityStoreHandler.validate(
+ new UsernamePasswordCredential(name, password));
+
+ if (result.getStatus() == VALID) {
+ return httpMessageContext.notifyContainerAboutLogin(result);
+
+ } else {
+ return httpMessageContext.responseUnauthorized();
+ }
+ }
+
+ return httpMessageContext.doNothing();
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-no-application-caller-principal/src/main/java/org/glassfish/soteria/test/TestIdentityStore.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-no-application-caller-principal/src/main/java/org/glassfish/soteria/test/TestIdentityStore.java
new file mode 100644
index 0000000..0200b04
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-no-application-caller-principal/src/main/java/org/glassfish/soteria/test/TestIdentityStore.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static java.util.Arrays.asList;
+import static javax.security.enterprise.identitystore.CredentialValidationResult.INVALID_RESULT;
+
+import java.util.HashSet;
+
+import javax.enterprise.context.RequestScoped;
+import javax.security.enterprise.identitystore.CredentialValidationResult;
+import javax.security.enterprise.identitystore.IdentityStore;
+import javax.security.enterprise.credential.UsernamePasswordCredential;
+
+@RequestScoped
+public class TestIdentityStore implements IdentityStore {
+
+ public CredentialValidationResult validate(UsernamePasswordCredential usernamePasswordCredential) {
+
+ if (usernamePasswordCredential.compareTo("reza", "secret1")) {
+ return new CredentialValidationResult("reza", new HashSet<>(asList("foo", "bar")));
+ }
+
+ return INVALID_RESULT;
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-no-application-caller-principal/src/main/java/org/glassfish/soteria/test/ValidateAvailablePrincipalServlet.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-no-application-caller-principal/src/main/java/org/glassfish/soteria/test/ValidateAvailablePrincipalServlet.java
new file mode 100644
index 0000000..85195d1
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-no-application-caller-principal/src/main/java/org/glassfish/soteria/test/ValidateAvailablePrincipalServlet.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import java.io.IOException;
+
+import javax.inject.Inject;
+import javax.security.enterprise.SecurityContext;
+import javax.security.enterprise.CallerPrincipal;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.HttpConstraint;
+import javax.servlet.annotation.ServletSecurity;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.security.Principal;
+import java.util.Optional;
+import java.util.Set;
+
+/**
+ * The Servlet which validates if for the authenticated user, both
+ * container and caller principals are present in the subject
+ * representing the caller.
+ */
+@WebServlet("/valildateAvailablePrincipalServlet")
+@ServletSecurity(@HttpConstraint(rolesAllowed = "foo"))
+public class ValidateAvailablePrincipalServlet extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ @Inject
+ private SecurityContext securityContext;
+
+ @Override
+ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+ boolean isUserInRole = securityContext.isCallerInRole("foo");
+ boolean hasContainerCallerPrincipal = false;
+ boolean hasApplicationCallerPrincipal = false;
+
+ Principal containerCallerPrincipal = securityContext.getCallerPrincipal();
+
+ if (containerCallerPrincipal instanceof javax.security.enterprise.CallerPrincipal) {
+ hasContainerCallerPrincipal = true;
+ }
+
+ Set<Principal> principals = securityContext.getPrincipalsByType(java.security.Principal.class);
+
+ Optional<Principal> principalOptional = principals.stream().filter((p) -> p.getClass().getName() == CallerPrincipal.class
+ .getName())
+ .findAny();
+ if (principalOptional.isPresent()) {
+ Principal applicationPrincipal = principalOptional.get();
+ if(applicationPrincipal.equals(containerCallerPrincipal)) {
+ response.getWriter().write("containerPrincipal:" + containerCallerPrincipal + "\n");
+ response.getWriter().write("appPrincipal:" + applicationPrincipal + "\n");
+ hasApplicationCallerPrincipal = true;
+ response.getWriter().write("hasApplicationCallerPrincipal:" + hasApplicationCallerPrincipal + "\n");
+ }
+ }
+ if (!hasApplicationCallerPrincipal && hasContainerCallerPrincipal && isUserInRole) {
+ response.getWriter().write(String.format("Container caller principal and application caller principal must have " +
+ "been one and the same but are not for user %s in role " +
+ "%s",
+ containerCallerPrincipal.getName(), "foo"));
+ } else {
+ response.getWriter().write(String.format("Both container caller principal and application caller principals are one" +
+ " and the same for user %s in role %s",
+ containerCallerPrincipal.getName(), "foo"));
+ }
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-no-application-caller-principal/src/main/webapp/WEB-INF/beans.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-no-application-caller-principal/src/main/webapp/WEB-INF/beans.xml
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-no-application-caller-principal/src/main/webapp/WEB-INF/beans.xml
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-no-application-caller-principal/src/main/webapp/WEB-INF/web.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-no-application-caller-principal/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 0000000..a0d96d0
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-no-application-caller-principal/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app
+ xmlns="http://xmlns.jcp.org/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
+ version="3.1">
+
+ <!-- Security constraints and roles. -->
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>User pages</web-resource-name>
+ <url-pattern>/protectedServlet</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>foo</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+
+ <security-role>
+ <role-name>foo</role-name>
+ </security-role>
+
+</web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-no-application-caller-principal/src/test/java/org/glassfish/soteria/test/ValidateAvailablePrincipalIT.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-no-application-caller-principal/src/test/java/org/glassfish/soteria/test/ValidateAvailablePrincipalIT.java
new file mode 100644
index 0000000..d7ff081
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-no-application-caller-principal/src/test/java/org/glassfish/soteria/test/ValidateAvailablePrincipalIT.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static org.glassfish.soteria.test.Assert.*;
+import static org.glassfish.soteria.test.ShrinkWrap.mavenWar;
+
+import org.glassfish.soteria.test.ArquillianBase;
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.shrinkwrap.api.Archive;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import org.junit.Rule;
+import org.junit.AfterClass;
+import org.junit.rules.TestWatcher;
+
+import com.gargoylesoftware.htmlunit.DefaultCredentialsProvider;
+import com.gargoylesoftware.htmlunit.WebResponse;
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+@RunWith(Arquillian.class)
+public class ValidateAvailablePrincipalIT extends ArquillianBase {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+ @Rule
+ public TestWatcher reportWatcher=new ReportWatcher(stat, "Security::soteria::ValidateAvailablePrincipalIT");
+
+ @AfterClass
+ public static void printSummary(){
+ stat.printSummary();
+ }
+
+ @Deployment(testable = false)
+ public static Archive<?> createDeployment() {
+ return mavenWar();
+ }
+
+ @Test
+ public void testCallerSubjectPrincipals() {
+ assertBothContainerAndApplicationPrincipalsAreSame(
+ responseFromServer("/valildateAvailablePrincipalServlet?name=reza&password=secret1"));
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-no-role-mapping/pom.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-no-role-mapping/pom.xml
new file mode 100644
index 0000000..ea6f5a3
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-no-role-mapping/pom.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>soteria</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>app-no-role-mapping</artifactId>
+ <packaging>war</packaging>
+
+ <build>
+ <finalName>app-no-role-mapping</finalName>
+ </build>
+
+ <properties>
+ <failOnMissingWebXml>false</failOnMissingWebXml>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>common</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-no-role-mapping/src/main/java/test/Servlet.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-no-role-mapping/src/main/java/test/Servlet.java
new file mode 100644
index 0000000..45d3779
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-no-role-mapping/src/main/java/test/Servlet.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package test;
+
+import java.io.IOException;
+
+import javax.annotation.security.DeclareRoles;
+import javax.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition;
+import org.glassfish.soteria.identitystores.annotation.Credentials;
+import org.glassfish.soteria.identitystores.annotation.EmbeddedIdentityStoreDefinition;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.HttpConstraint;
+import javax.servlet.annotation.ServletSecurity;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Test Servlet that prints out the name of the authenticated caller and whether
+ * this caller is in any of the roles {foo, bar, kaz}
+ */
+@BasicAuthenticationMechanismDefinition(
+ realmName="test realm"
+)
+
+@EmbeddedIdentityStoreDefinition({
+ @Credentials(callerName = "reza", password = "secret1", groups = { "foo", "bar" }),
+ @Credentials(callerName = "alex", password = "secret2", groups = { "foo", "kaz" }),
+ @Credentials(callerName = "arjan", password = "secret3", groups = { "foo" }) ,
+ @Credentials(callerName = "sameer", password = "pandit", groups = { "bar" })}
+)
+
+@WebServlet("/servlet")
+@DeclareRoles({ "foo", "bar", "kaz" })
+@ServletSecurity(@HttpConstraint(rolesAllowed = "foo"))
+public class Servlet extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ @Override
+ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+ response.getWriter().write("This is a servlet \n");
+
+ String webName = null;
+ if (request.getUserPrincipal() != null) {
+ webName = request.getUserPrincipal().getName();
+ }
+
+ response.getWriter().write("web username: " + webName + "\n");
+
+ response.getWriter().write("web user has role \"foo\": " + request.isUserInRole("foo") + "\n");
+ response.getWriter().write("web user has role \"bar\": " + request.isUserInRole("bar") + "\n");
+ response.getWriter().write("web user has role \"kaz\": " + request.isUserInRole("kaz") + "\n");
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-no-role-mapping/src/main/webapp/WEB-INF/beans.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-no-role-mapping/src/main/webapp/WEB-INF/beans.xml
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-no-role-mapping/src/main/webapp/WEB-INF/beans.xml
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-no-role-mapping/src/test/java/org/glassfish/soteria/test/AppMemBasicIT.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-no-role-mapping/src/test/java/org/glassfish/soteria/test/AppMemBasicIT.java
new file mode 100644
index 0000000..a332c11
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-no-role-mapping/src/test/java/org/glassfish/soteria/test/AppMemBasicIT.java
@@ -0,0 +1,139 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static org.glassfish.soteria.test.Assert.assertDefaultAuthenticated;
+import static org.glassfish.soteria.test.Assert.assertDefaultNotAuthenticated;
+import static org.glassfish.soteria.test.ShrinkWrap.mavenWar;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.shrinkwrap.api.Archive;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.Rule;
+import org.junit.AfterClass;
+import org.junit.rules.TestWatcher;
+
+import com.gargoylesoftware.htmlunit.DefaultCredentialsProvider;
+import com.gargoylesoftware.htmlunit.WebResponse;
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+@RunWith(Arquillian.class)
+public class AppMemBasicIT extends ArquillianBase {
+
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+ @Rule
+ public TestWatcher reportWatcher=new ReportWatcher(stat, "Security::soteria::AppNoRoleMapping");
+
+ @AfterClass
+ public static void printSummary(){
+ stat.printSummary();
+ }
+
+ @Deployment(testable = false)
+ public static Archive<?> createDeployment() {
+ return mavenWar();
+ }
+
+ @Test
+ public void testAuthenticated() {
+
+ DefaultCredentialsProvider credentialsProvider = new DefaultCredentialsProvider();
+ credentialsProvider.addCredentials("reza", "secret1");
+
+ getWebClient().setCredentialsProvider(credentialsProvider);
+
+ assertDefaultAuthenticated(
+ readFromServer("/servlet"));
+ }
+
+ @Test
+ public void testNotAuthenticated() {
+
+ WebResponse response = responseFromServer("/servlet");
+
+ assertEquals(401, response.getStatusCode());
+
+ assertTrue(
+ "Response did not contain the \"WWW-Authenticate\" header, but should have",
+ response.getResponseHeaderValue("WWW-Authenticate") != null);
+
+ assertDefaultNotAuthenticated(
+ response.getContentAsString());
+ }
+
+ @Test
+ public void testNotAuthenticatedWrongName() {
+
+ DefaultCredentialsProvider credentialsProvider = new DefaultCredentialsProvider();
+ credentialsProvider.addCredentials("romo", "secret1");
+
+ getWebClient().setCredentialsProvider(credentialsProvider);
+
+ WebResponse response = responseFromServer("/servlet");
+
+ assertEquals(401, response.getStatusCode());
+
+ assertTrue(
+ "Response did not contain the \"WWW-Authenticate\" header, but should have",
+ response.getResponseHeaderValue("WWW-Authenticate") != null);
+
+ assertDefaultNotAuthenticated(
+ response.getContentAsString());
+ }
+
+ @Test
+ public void testNotAuthenticatedWrongPassword() {
+
+ DefaultCredentialsProvider credentialsProvider = new DefaultCredentialsProvider();
+ credentialsProvider.addCredentials("reza", "wrongpassword");
+
+ getWebClient().setCredentialsProvider(credentialsProvider);
+
+ WebResponse response = responseFromServer("/servlet");
+
+ assertEquals(401, response.getStatusCode());
+
+ assertTrue(
+ "Response did not contain the \"WWW-Authenticate\" header, but should have",
+ response.getResponseHeaderValue("WWW-Authenticate") != null);
+
+ assertDefaultNotAuthenticated(
+ response.getContentAsString());
+ }
+
+ @Test
+ public void testNotAuthenticatedNotAllowedRole() {
+
+ DefaultCredentialsProvider credentialsProvider = new DefaultCredentialsProvider();
+ credentialsProvider.addCredentials("sameer", "pandit");
+
+ getWebClient().setCredentialsProvider(credentialsProvider);
+
+ WebResponse response = responseFromServer("/servlet");
+
+ assertEquals(403, response.getStatusCode());
+
+ assertDefaultNotAuthenticated(
+ response.getContentAsString());
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth-ejb/pom.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth-ejb/pom.xml
new file mode 100644
index 0000000..d6f150f
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth-ejb/pom.xml
@@ -0,0 +1,49 @@
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>soteria</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>app-securitycontext-auth-ejb</artifactId>
+ <packaging>war</packaging>
+
+ <build>
+ <finalName>app-securitycontext-auth-ejb</finalName>
+ </build>
+
+ <properties>
+ <failOnMissingWebXml>false</failOnMissingWebXml>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>common</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth-ejb/src/main/java/org/glassfish/soteria/test/ProtectedServlet.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth-ejb/src/main/java/org/glassfish/soteria/test/ProtectedServlet.java
new file mode 100644
index 0000000..75d32d5
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth-ejb/src/main/java/org/glassfish/soteria/test/ProtectedServlet.java
@@ -0,0 +1,104 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import org.glassfish.soteria.SecurityContextImpl;
+import javax.security.enterprise.SecurityContext;
+import javax.servlet.annotation.ServletSecurity;
+import javax.servlet.annotation.HttpConstraint;
+import javax.annotation.security.DeclareRoles;
+import javax.inject.Inject;
+import javax.security.enterprise.AuthenticationStatus;
+import javax.security.enterprise.SecurityContext;
+import javax.security.enterprise.credential.CallerOnlyCredential;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.Set;
+
+import static javax.security.enterprise.authentication.mechanism.http.AuthenticationParameters.withParams;
+import static org.glassfish.soteria.Utils.notNull;
+
+/**
+ * Test Servlet that prints out the name of the authenticated caller and whether
+ * this caller is in any of the roles {foo, bar, kaz}
+ */
+@DeclareRoles({"foo", "bar", "kaz"})
+@WebServlet("/protectedServlet")
+@ServletSecurity(@HttpConstraint(rolesAllowed = "foo"))
+public class ProtectedServlet extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ @Inject
+ private SecurityContext securityContext;
+
+ @Override
+ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+ response.getWriter().write("This is a servlet \n");
+
+ String name = request.getParameter("name");
+
+ if (notNull(name)) {
+
+ AuthenticationStatus status = securityContext.authenticate(
+ request, response,
+ withParams()
+ .credential(
+ new CallerOnlyCredential(name)));
+
+ response.getWriter().write("Authenticated with status: " + status.name() + "\n");
+ }
+
+ String webName = null;
+ if (request.getUserPrincipal() != null) {
+ webName = request.getUserPrincipal().getName();
+ }
+
+ response.getWriter().write("web username: " + webName + "\n");
+
+ response.getWriter().write("web user has role \"foo\": " + request.isUserInRole("foo") + "\n");
+ response.getWriter().write("web user has role \"bar\": " + request.isUserInRole("bar") + "\n");
+ response.getWriter().write("web user has role \"kaz\": " + request.isUserInRole("kaz") + "\n");
+
+ String contextName = null;
+ if (securityContext.getCallerPrincipal() != null) {
+ contextName = securityContext.getCallerPrincipal().getName();
+ }
+
+ response.getWriter().write("context username: " + contextName + "\n");
+
+ response.getWriter().write("context user has role \"foo\": " + securityContext.isCallerInRole("foo") + "\n");
+ response.getWriter().write("context user has role \"bar\": " + securityContext.isCallerInRole("bar") + "\n");
+ response.getWriter().write("context user has role \"kaz\": " + securityContext.isCallerInRole("kaz") + "\n");
+
+ response.getWriter().write("has access to /protectedServlet: " + securityContext.hasAccessToWebResource("/protectedServlet") + "\n");
+
+ Set<String> roles = ((SecurityContextImpl) securityContext).getAllDeclaredCallerRoles();
+
+ response.getWriter().write("All declared roles of user " + roles + "\n");
+
+ response.getWriter().write("all roles has role \"foo\": " + roles.contains("foo") + "\n");
+ response.getWriter().write("all roles has role \"bar\": " + roles.contains("bar") + "\n");
+ response.getWriter().write("all roles has role \"kaz\": " + roles.contains("kaz") + "\n");
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth-ejb/src/main/java/org/glassfish/soteria/test/Servlet.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth-ejb/src/main/java/org/glassfish/soteria/test/Servlet.java
new file mode 100644
index 0000000..e1c2e2b
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth-ejb/src/main/java/org/glassfish/soteria/test/Servlet.java
@@ -0,0 +1,151 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import org.glassfish.soteria.SecurityContextImpl;
+
+import javax.annotation.security.DeclareRoles;
+import javax.ejb.EJB;
+import javax.security.enterprise.AuthenticationStatus;
+import javax.security.enterprise.SecurityContext;
+import javax.security.enterprise.credential.CallerOnlyCredential;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.Set;
+import javax.inject.Inject;
+
+import static javax.security.enterprise.authentication.mechanism.http.AuthenticationParameters.withParams;
+import static org.glassfish.soteria.Utils.notNull;
+
+/**
+ * Test Servlet that prints out the name of the authenticated caller and whether
+ * this caller is in any of the roles {foo, bar, kaz}
+ */
+@DeclareRoles({"foo", "bar", "kaz"})
+@WebServlet("/servlet")
+public class Servlet extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ @EJB
+ private TestEJB bean;
+ @Inject
+ private SecurityContext securityContext;
+
+ /**
+ * Processes requests for both HTTP <code>GET</code> and <code>POST</code>
+ * methods.
+ *
+ * @param request servlet request
+ * @param response servlet response
+ * @throws ServletException if a servlet-specific error occurs
+ * @throws IOException if an I/O error occurs
+ */
+ protected void processRequest(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
+ response.setContentType("text/html;charset=UTF-8");
+ response.getWriter().write("This is a servlet \n");
+ String name = request.getParameter("name");
+
+ if (notNull(name)) {
+
+ AuthenticationStatus status = securityContext.authenticate(
+ request, response,
+ withParams()
+ .credential(
+ new CallerOnlyCredential(name)));
+
+ response.getWriter().write("Authenticated with status: " + status.name() + "\n");
+ }
+
+ String ejbName = null;
+ if (bean.getUserPrincipalFromEJBContext() != null) {
+ ejbName = bean.getUserPrincipalFromEJBContext().getName();
+ }
+
+ response.getWriter().write("ejb username: " + ejbName + "\n");
+
+ response.getWriter().write("ejb user has role \"foo\": " + bean.isCallerInRoleFromEJBContext("foo") + "\n");
+ response.getWriter().write("ejb user has role \"bar\": " + bean.isCallerInRoleFromEJBContext("bar") + "\n");
+ response.getWriter().write("ejb user has role \"kaz\": " + bean.isCallerInRoleFromEJBContext("kaz") + "\n");
+
+ String contextName = null;
+ if (bean.getUserPrincipalFromSecContext() != null) {
+ contextName = bean.getUserPrincipalFromSecContext().getName();
+ }
+
+ response.getWriter().write("context username: " + contextName + "\n");
+
+ response.getWriter().write("context user has role \"foo\": " + bean.isCallerInRoleFromSecContext("foo") + "\n");
+ response.getWriter().write("context user has role \"bar\": " + bean.isCallerInRoleFromSecContext("bar") + "\n");
+ response.getWriter().write("context user has role \"kaz\": " + bean.isCallerInRoleFromSecContext("kaz") + "\n");
+
+ response.getWriter().write("web user has access to /protectedServlet: " + securityContext.hasAccessToWebResource("/protectedServlet") + "\n");
+
+ Set<String> roles = bean.getAllDeclaredCallerRoles();
+
+ response.getWriter().write("All declared roles of user " + roles + "\n");
+
+ response.getWriter().write("all roles has role \"foo\": " + roles.contains("foo") + "\n");
+ response.getWriter().write("all roles has role \"bar\": " + roles.contains("bar") + "\n");
+ response.getWriter().write("all roles has role \"kaz\": " + roles.contains("kaz") + "\n");
+ }
+
+
+ /**
+ * Handles the HTTP <code>GET</code> method.
+ *
+ * @param request servlet request
+ * @param response servlet response
+ * @throws ServletException if a servlet-specific error occurs
+ * @throws IOException if an I/O error occurs
+ */
+ @Override
+ protected void doGet(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
+ processRequest(request, response);
+ }
+
+ /**
+ * Handles the HTTP <code>POST</code> method.
+ *
+ * @param request servlet request
+ * @param response servlet response
+ * @throws ServletException if a servlet-specific error occurs
+ * @throws IOException if an I/O error occurs
+ */
+ @Override
+ protected void doPost(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
+ processRequest(request, response);
+ }
+
+ /**
+ * Returns a short description of the servlet.
+ *
+ * @return a String containing servlet description
+ */
+ @Override
+ public String getServletInfo() {
+ return "Short description";
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth-ejb/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth-ejb/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java
new file mode 100644
index 0000000..fbea70c
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth-ejb/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static java.util.Arrays.asList;
+import static javax.security.enterprise.AuthenticationStatus.SEND_FAILURE;
+
+import java.util.HashSet;
+
+import javax.enterprise.context.RequestScoped;
+import javax.security.enterprise.AuthenticationStatus;
+import javax.security.enterprise.AuthenticationException;
+import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
+import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
+import javax.security.enterprise.credential.CallerOnlyCredential;
+import javax.security.enterprise.credential.Credential;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@RequestScoped
+public class TestAuthenticationMechanism implements HttpAuthenticationMechanism {
+
+ @Override
+ public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
+
+ if (httpMessageContext.isAuthenticationRequest()) {
+
+ Credential credential = httpMessageContext.getAuthParameters().getCredential();
+ if (!(credential instanceof CallerOnlyCredential)) {
+ throw new IllegalStateException("This authentication mechanism requires a programmatically provided CallerOnlyCredential");
+ }
+
+ CallerOnlyCredential callerOnlyCredential = (CallerOnlyCredential) credential;
+
+ if ("reza".equals(callerOnlyCredential.getCaller())) {
+ return httpMessageContext.notifyContainerAboutLogin("reza", new HashSet<>(asList("foo", "bar")));
+ }
+
+ if ("rezax".equals(callerOnlyCredential.getCaller())) {
+ throw new AuthenticationException();
+ }
+
+ return SEND_FAILURE;
+
+ }
+
+ return httpMessageContext.doNothing();
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth-ejb/src/main/java/org/glassfish/soteria/test/TestEJB.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth-ejb/src/main/java/org/glassfish/soteria/test/TestEJB.java
new file mode 100644
index 0000000..63c56b1
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth-ejb/src/main/java/org/glassfish/soteria/test/TestEJB.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import javax.ejb.Stateless;
+import javax.inject.Inject;
+import javax.annotation.security.DeclareRoles;
+import javax.annotation.security.PermitAll;
+import javax.annotation.Resource;
+import javax.ejb.EJBContext;
+import javax.annotation.security.RolesAllowed;
+import org.glassfish.soteria.SecurityContextImpl;
+import javax.security.enterprise.SecurityContext;
+import java.security.Principal;
+import java.util.Set;
+@Stateless
+@DeclareRoles({ "foo" , "bar", "kaz"})
+public class TestEJB {
+
+ @Inject
+ private SecurityContext securityContext;
+
+ @Resource
+ private EJBContext ejbContext;
+
+ public Principal getUserPrincipalFromEJBContext() {
+ try {
+ return ejbContext.getCallerPrincipal();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ return null;
+ }
+
+ public boolean isCallerInRoleFromEJBContext(String role) {
+ try {
+ return ejbContext.isCallerInRole(role);
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ return false;
+ }
+
+
+ public Principal getUserPrincipalFromSecContext() {
+ return securityContext.getCallerPrincipal();
+ }
+
+ public boolean isCallerInRoleFromSecContext(String role) {
+ return securityContext.isCallerInRole(role);
+ }
+
+ public Set<String> getAllDeclaredCallerRoles() {
+ return ((SecurityContextImpl)securityContext).getAllDeclaredCallerRoles();
+ }
+
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth-ejb/src/main/webapp/WEB-INF/beans.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth-ejb/src/main/webapp/WEB-INF/beans.xml
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth-ejb/src/main/webapp/WEB-INF/beans.xml
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth-ejb/src/test/java/org/glassfish/soteria/test/AppSecurityContextAuthIT.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth-ejb/src/test/java/org/glassfish/soteria/test/AppSecurityContextAuthIT.java
new file mode 100644
index 0000000..46cca2a
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth-ejb/src/test/java/org/glassfish/soteria/test/AppSecurityContextAuthIT.java
@@ -0,0 +1,132 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static org.glassfish.soteria.test.Assert.assertDefaultAuthenticated;
+import static org.glassfish.soteria.test.Assert.assertDefaultNotAuthenticated;
+import static org.glassfish.soteria.test.ShrinkWrap.mavenWar;
+import static org.junit.Assert.assertTrue;
+
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.shrinkwrap.api.Archive;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+import org.junit.Rule;
+import org.junit.AfterClass;
+import org.junit.rules.TestWatcher;
+
+
+@RunWith(Arquillian.class)
+public class AppSecurityContextAuthIT extends ArquillianBase {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+ @Rule
+ public TestWatcher reportWatcher=new ReportWatcher(stat, "Security::soteria::AppSecurityContextEJB");
+
+ @AfterClass
+ public static void printSummary(){
+ stat.printSummary();
+ }
+
+ @Deployment(testable = false)
+ public static Archive<?> createDeployment() {
+ return mavenWar();
+ }
+
+ @Test
+ public void testAuthenticatedStatus() {
+ assertTrue(
+ readFromServer("/servlet?name=reza")
+ .contains("Authenticated with status: SUCCESS"));
+ }
+
+ /**
+ * The name "rezax" will cause the custom authentication provider
+ * to throw an auth exception, which should ultimately result in
+ * a SEND_FAILURE outcome from SecurityContext.authenticate.
+ */
+ @Test
+ public void testAuthenticatedStatusException() {
+ assertTrue(
+ readFromServer("/servlet?name=rezax")
+ .contains("Authenticated with status: SEND_FAILURE"));
+ }
+
+ /**
+ * The name "unknown" will cause the custom authentication provider
+ * to return SEND_FAILURE, which should ultimately result in
+ * a SEND_FAILURE outcome from SecurityContext.authenticate as well.
+ */
+ @Test
+ public void testAuthenticatedStatusFail() {
+ assertTrue(
+ readFromServer("/servlet?name=unknown")
+ .contains("Authenticated with status: SEND_FAILURE"));
+ }
+
+ @Test
+ public void testAuthenticated() {
+ Assert.assertAuthenticated(
+ "ejb",
+ "reza",
+ readFromServer("/servlet?name=reza"));
+ }
+
+ @Test
+ public void testContextAuthenticated() {
+ Assert.assertAuthenticated(
+ "context",
+ "reza",
+ readFromServer("/servlet?name=reza"));
+ }
+
+ @Test
+ public void testContextIsCallerInRole(){
+ Assert.assertAuthenticated(
+ "context",
+ "reza",
+ readFromServer("/servlet?name=reza"), "foo", "bar");
+ }
+
+ @Test
+ public void testContextAllCallers(){
+ Assert.assertAuthenticatedRoles(
+ "all roles",
+ readFromServer("/servlet?name=reza"), "foo", "bar");
+ }
+
+ @Test
+ public void testContextHasAccessToResource(){
+ Assert.assertHasAccessToResource(
+ "web",
+ "reza",
+ "/protectedServlet",
+ readFromServer("/servlet?name=reza"));
+ }
+
+ @Test
+ public void testNotAuthenticated() {
+ assertDefaultNotAuthenticated(
+ readFromServer("/servlet"));
+ }
+
+
+
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth/pom.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth/pom.xml
new file mode 100644
index 0000000..245dc3f
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth/pom.xml
@@ -0,0 +1,49 @@
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>soteria</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>app-securitycontext-auth</artifactId>
+ <packaging>war</packaging>
+
+ <build>
+ <finalName>app-securitycontext-auth</finalName>
+ </build>
+
+ <properties>
+ <failOnMissingWebXml>false</failOnMissingWebXml>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>common</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth/src/main/java/org/glassfish/soteria/test/ProtectedServlet.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth/src/main/java/org/glassfish/soteria/test/ProtectedServlet.java
new file mode 100644
index 0000000..75d32d5
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth/src/main/java/org/glassfish/soteria/test/ProtectedServlet.java
@@ -0,0 +1,104 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import org.glassfish.soteria.SecurityContextImpl;
+import javax.security.enterprise.SecurityContext;
+import javax.servlet.annotation.ServletSecurity;
+import javax.servlet.annotation.HttpConstraint;
+import javax.annotation.security.DeclareRoles;
+import javax.inject.Inject;
+import javax.security.enterprise.AuthenticationStatus;
+import javax.security.enterprise.SecurityContext;
+import javax.security.enterprise.credential.CallerOnlyCredential;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.Set;
+
+import static javax.security.enterprise.authentication.mechanism.http.AuthenticationParameters.withParams;
+import static org.glassfish.soteria.Utils.notNull;
+
+/**
+ * Test Servlet that prints out the name of the authenticated caller and whether
+ * this caller is in any of the roles {foo, bar, kaz}
+ */
+@DeclareRoles({"foo", "bar", "kaz"})
+@WebServlet("/protectedServlet")
+@ServletSecurity(@HttpConstraint(rolesAllowed = "foo"))
+public class ProtectedServlet extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ @Inject
+ private SecurityContext securityContext;
+
+ @Override
+ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+ response.getWriter().write("This is a servlet \n");
+
+ String name = request.getParameter("name");
+
+ if (notNull(name)) {
+
+ AuthenticationStatus status = securityContext.authenticate(
+ request, response,
+ withParams()
+ .credential(
+ new CallerOnlyCredential(name)));
+
+ response.getWriter().write("Authenticated with status: " + status.name() + "\n");
+ }
+
+ String webName = null;
+ if (request.getUserPrincipal() != null) {
+ webName = request.getUserPrincipal().getName();
+ }
+
+ response.getWriter().write("web username: " + webName + "\n");
+
+ response.getWriter().write("web user has role \"foo\": " + request.isUserInRole("foo") + "\n");
+ response.getWriter().write("web user has role \"bar\": " + request.isUserInRole("bar") + "\n");
+ response.getWriter().write("web user has role \"kaz\": " + request.isUserInRole("kaz") + "\n");
+
+ String contextName = null;
+ if (securityContext.getCallerPrincipal() != null) {
+ contextName = securityContext.getCallerPrincipal().getName();
+ }
+
+ response.getWriter().write("context username: " + contextName + "\n");
+
+ response.getWriter().write("context user has role \"foo\": " + securityContext.isCallerInRole("foo") + "\n");
+ response.getWriter().write("context user has role \"bar\": " + securityContext.isCallerInRole("bar") + "\n");
+ response.getWriter().write("context user has role \"kaz\": " + securityContext.isCallerInRole("kaz") + "\n");
+
+ response.getWriter().write("has access to /protectedServlet: " + securityContext.hasAccessToWebResource("/protectedServlet") + "\n");
+
+ Set<String> roles = ((SecurityContextImpl) securityContext).getAllDeclaredCallerRoles();
+
+ response.getWriter().write("All declared roles of user " + roles + "\n");
+
+ response.getWriter().write("all roles has role \"foo\": " + roles.contains("foo") + "\n");
+ response.getWriter().write("all roles has role \"bar\": " + roles.contains("bar") + "\n");
+ response.getWriter().write("all roles has role \"kaz\": " + roles.contains("kaz") + "\n");
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth/src/main/java/org/glassfish/soteria/test/Servlet.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth/src/main/java/org/glassfish/soteria/test/Servlet.java
new file mode 100644
index 0000000..a9b516d
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth/src/main/java/org/glassfish/soteria/test/Servlet.java
@@ -0,0 +1,101 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import org.glassfish.soteria.SecurityContextImpl;
+
+import javax.annotation.security.DeclareRoles;
+import javax.inject.Inject;
+import javax.security.enterprise.AuthenticationStatus;
+import javax.security.enterprise.SecurityContext;
+import javax.security.enterprise.credential.CallerOnlyCredential;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.Set;
+
+import static javax.security.enterprise.authentication.mechanism.http.AuthenticationParameters.withParams;
+import static org.glassfish.soteria.Utils.notNull;
+
+/**
+ * Test Servlet that prints out the name of the authenticated caller and whether
+ * this caller is in any of the roles {foo, bar, kaz}
+ */
+@DeclareRoles({"foo", "bar", "kaz"})
+@WebServlet("/servlet")
+public class Servlet extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ @Inject
+ private SecurityContext securityContext;
+
+ @Override
+ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+ response.getWriter().write("This is a servlet \n");
+
+ String name = request.getParameter("name");
+
+ if (notNull(name)) {
+
+ AuthenticationStatus status = securityContext.authenticate(
+ request, response,
+ withParams()
+ .credential(
+ new CallerOnlyCredential(name)));
+
+ response.getWriter().write("Authenticated with status: " + status.name() + "\n");
+ }
+
+ String webName = null;
+ if (request.getUserPrincipal() != null) {
+ webName = request.getUserPrincipal().getName();
+ }
+
+ response.getWriter().write("web username: " + webName + "\n");
+
+ response.getWriter().write("web user has role \"foo\": " + request.isUserInRole("foo") + "\n");
+ response.getWriter().write("web user has role \"bar\": " + request.isUserInRole("bar") + "\n");
+ response.getWriter().write("web user has role \"kaz\": " + request.isUserInRole("kaz") + "\n");
+
+ String contextName = null;
+ if (securityContext.getCallerPrincipal() != null) {
+ contextName = securityContext.getCallerPrincipal().getName();
+ }
+
+ response.getWriter().write("context username: " + contextName + "\n");
+
+ response.getWriter().write("context user has role \"foo\": " + securityContext.isCallerInRole("foo") + "\n");
+ response.getWriter().write("context user has role \"bar\": " + securityContext.isCallerInRole("bar") + "\n");
+ response.getWriter().write("context user has role \"kaz\": " + securityContext.isCallerInRole("kaz") + "\n");
+
+ response.getWriter().write("web user has access to /protectedServlet: " + securityContext.hasAccessToWebResource("/protectedServlet") + "\n");
+
+ Set<String> roles = ((SecurityContextImpl) securityContext).getAllDeclaredCallerRoles();
+
+ response.getWriter().write("All declared roles of user " + roles + "\n");
+
+ response.getWriter().write("all roles has role \"foo\": " + roles.contains("foo") + "\n");
+ response.getWriter().write("all roles has role \"bar\": " + roles.contains("bar") + "\n");
+ response.getWriter().write("all roles has role \"kaz\": " + roles.contains("kaz") + "\n");
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java
new file mode 100644
index 0000000..fbea70c
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth/src/main/java/org/glassfish/soteria/test/TestAuthenticationMechanism.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static java.util.Arrays.asList;
+import static javax.security.enterprise.AuthenticationStatus.SEND_FAILURE;
+
+import java.util.HashSet;
+
+import javax.enterprise.context.RequestScoped;
+import javax.security.enterprise.AuthenticationStatus;
+import javax.security.enterprise.AuthenticationException;
+import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
+import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
+import javax.security.enterprise.credential.CallerOnlyCredential;
+import javax.security.enterprise.credential.Credential;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@RequestScoped
+public class TestAuthenticationMechanism implements HttpAuthenticationMechanism {
+
+ @Override
+ public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response, HttpMessageContext httpMessageContext) throws AuthenticationException {
+
+ if (httpMessageContext.isAuthenticationRequest()) {
+
+ Credential credential = httpMessageContext.getAuthParameters().getCredential();
+ if (!(credential instanceof CallerOnlyCredential)) {
+ throw new IllegalStateException("This authentication mechanism requires a programmatically provided CallerOnlyCredential");
+ }
+
+ CallerOnlyCredential callerOnlyCredential = (CallerOnlyCredential) credential;
+
+ if ("reza".equals(callerOnlyCredential.getCaller())) {
+ return httpMessageContext.notifyContainerAboutLogin("reza", new HashSet<>(asList("foo", "bar")));
+ }
+
+ if ("rezax".equals(callerOnlyCredential.getCaller())) {
+ throw new AuthenticationException();
+ }
+
+ return SEND_FAILURE;
+
+ }
+
+ return httpMessageContext.doNothing();
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth/src/main/webapp/WEB-INF/beans.xml b/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth/src/main/webapp/WEB-INF/beans.xml
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth/src/main/webapp/WEB-INF/beans.xml
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth/src/test/java/org/glassfish/soteria/test/AppSecurityContextAuthIT.java b/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth/src/test/java/org/glassfish/soteria/test/AppSecurityContextAuthIT.java
new file mode 100644
index 0000000..22abeca
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/app-securitycontext-auth/src/test/java/org/glassfish/soteria/test/AppSecurityContextAuthIT.java
@@ -0,0 +1,131 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static org.glassfish.soteria.test.Assert.assertDefaultAuthenticated;
+import static org.glassfish.soteria.test.Assert.assertDefaultNotAuthenticated;
+import static org.glassfish.soteria.test.ShrinkWrap.mavenWar;
+import static org.junit.Assert.assertTrue;
+
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.shrinkwrap.api.Archive;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+import org.junit.Rule;
+import org.junit.AfterClass;
+import org.junit.rules.TestWatcher;
+
+
+@RunWith(Arquillian.class)
+public class AppSecurityContextAuthIT extends ArquillianBase {
+
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+ @Rule
+ public TestWatcher reportWatcher=new ReportWatcher(stat, "Security::soteria::AppSecurityContextServlet");
+
+ @AfterClass
+ public static void printSummary(){
+ stat.printSummary();
+ }
+
+ @Deployment(testable = false)
+ public static Archive<?> createDeployment() {
+ return mavenWar();
+ }
+
+ @Test
+ public void testAuthenticated() {
+ assertDefaultAuthenticated(
+ readFromServer("/servlet?name=reza"));
+ }
+
+ @Test
+ public void testAuthenticatedStatus() {
+ assertTrue(
+ readFromServer("/servlet?name=reza")
+ .contains("Authenticated with status: SUCCESS"));
+ }
+
+ /**
+ * The name "rezax" will cause the custom authentication provider
+ * to throw an auth exception, which should ultimately result in
+ * a SEND_FAILURE outcome from SecurityContext.authenticate.
+ */
+ @Test
+ public void testAuthenticatedStatusException() {
+ assertTrue(
+ readFromServer("/servlet?name=rezax")
+ .contains("Authenticated with status: SEND_FAILURE"));
+ }
+
+ /**
+ * The name "unknown" will cause the custom authentication provider
+ * to return SEND_FAILURE, which should ultimately result in
+ * a SEND_FAILURE outcome from SecurityContext.authenticate as well.
+ */
+ @Test
+ public void testAuthenticatedStatusFail() {
+ assertTrue(
+ readFromServer("/servlet?name=unknown")
+ .contains("Authenticated with status: SEND_FAILURE"));
+ }
+
+ @Test
+ public void testContextAuthenticated() {
+ Assert.assertAuthenticated(
+ "context",
+ "reza",
+ readFromServer("/servlet?name=reza"));
+ }
+
+ @Test
+ public void testContextIsCallerInRole(){
+ Assert.assertAuthenticated(
+ "context",
+ "reza",
+ readFromServer("/servlet?name=reza"), "foo", "bar");
+ }
+
+ @Test
+ public void testContextAllCallers(){
+ Assert.assertAuthenticatedRoles(
+ "all roles",
+ readFromServer("/servlet?name=reza"), "foo", "bar");
+ }
+
+ @Test
+ public void testContextHasAccessToResource(){
+ Assert.assertHasAccessToResource(
+ "web",
+ "reza",
+ "/protectedServlet",
+ readFromServer("/servlet?name=reza"));
+ }
+
+ @Test
+ public void testNotAuthenticated() {
+ assertDefaultNotAuthenticated(
+ readFromServer("/servlet"));
+ }
+
+
+
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/build.properties b/appserver/tests/appserv-tests/devtests/security/soteria/build.properties
new file mode 100644
index 0000000..4c5eca5
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/build.properties
@@ -0,0 +1,22 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security"/>
+<property name="sub-module" value="${module}-soteria"/>
+<property name="appname" value="${sub-module}"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/build.xml b/appserver/tests/appserv-tests/devtests/security/soteria/build.xml
new file mode 100644
index 0000000..52accfe
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/build.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "./../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "./../../../config/run.xml">
+<!ENTITY testProperties SYSTEM "./build.properties">
+<!ENTITY commonSecurity SYSTEM "./../common.xml">
+]>
+
+
+<project name="jsr375R" basedir="." default="usage" xmlns:artifact="antlib:org.apache.maven.artifact.ant">
+
+ &commonSetup;
+ &commonBuild;
+ &commonRun;
+ &testProperties;
+ &commonSecurity;
+ <property environment="env"/>
+ <get src="http://central.maven.org/maven2/org/apache/maven/maven-ant-tasks/2.1.3/maven-ant-tasks-2.1.3.jar" dest="${env.APS_HOME}/lib/maven-ant-tasks-2.1.3.jar"/>
+ <path id="maven-ant-tasks.classpath" path="${env.APS_HOME}/lib/maven-ant-tasks-2.1.3.jar" />
+ <typedef resource="org/apache/maven/artifact/ant/antlib.xml"
+ uri="antlib:org.apache.maven.artifact.ant"
+ classpathref="maven-ant-tasks.classpath" />
+ <target name="all" depends="runMaven"/>
+ <target name="runMaven">
+ <artifact:mvn mavenHome="${env.M2_HOME}" fork="true">
+ <jvmarg value="-Dmaven.multiModuleProjectDirectory"/>
+ <jvmarg value="-Dmaven.javadoc.skip=true" />
+ <arg value="clean"/>
+ <arg value="verify"/>
+ </artifact:mvn>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/common/pom.xml b/appserver/tests/appserv-tests/devtests/security/soteria/common/pom.xml
new file mode 100644
index 0000000..6333fa4
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/common/pom.xml
@@ -0,0 +1,50 @@
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>soteria</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>common</artifactId>
+
+ <packaging>jar</packaging>
+
+ <dependencies>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.12</version>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.arquillian.junit</groupId>
+ <artifactId>arquillian-junit-container</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>net.sourceforge.htmlunit</groupId>
+ <artifactId>htmlunit</artifactId>
+ <version>2.29</version>
+ </dependency>
+ </dependencies>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/common/src/main/java/org/glassfish/soteria/test/ArquillianBase.java b/appserver/tests/appserv-tests/devtests/security/soteria/common/src/main/java/org/glassfish/soteria/test/ArquillianBase.java
new file mode 100644
index 0000000..6c02bb6
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/common/src/main/java/org/glassfish/soteria/test/ArquillianBase.java
@@ -0,0 +1,147 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static java.util.logging.Level.SEVERE;
+import static org.apache.http.HttpStatus.SC_MULTIPLE_CHOICES;
+import static org.apache.http.HttpStatus.SC_OK;
+
+import java.io.IOException;
+import java.net.URL;
+import java.util.logging.Logger;
+
+import org.jboss.arquillian.test.api.ArquillianResource;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.rules.TestWatcher;
+import org.junit.runner.Description;
+
+import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
+import com.gargoylesoftware.htmlunit.Page;
+import com.gargoylesoftware.htmlunit.WebClient;
+import com.gargoylesoftware.htmlunit.WebResponse;
+
+public class ArquillianBase {
+
+ private static final Logger logger = Logger.getLogger(ArquillianBase.class.getName());
+
+ private WebClient webClient;
+ private String response;
+
+ @ArquillianResource
+ private URL base;
+
+ @Rule
+ public TestWatcher ruleExample = new TestWatcher() {
+ @Override
+ protected void failed(Throwable e, Description description) {
+ super.failed(e, description);
+
+ logger.log(SEVERE,
+ "\n\nTest failed: " +
+ description.getClassName() + "." + description.getMethodName() +
+
+ "\nMessage: " + e.getMessage() +
+
+ "\nLast response: " +
+
+ "\n\n" + response + "\n\n");
+
+ }
+ };
+
+ @Before
+ public void setUp() {
+ response = null;
+ webClient = new WebClient() {
+
+ private static final long serialVersionUID = 1L;
+
+ @Override
+ public void printContentIfNecessary(WebResponse webResponse) {
+ int statusCode = webResponse.getStatusCode();
+ if (getOptions().getPrintContentOnFailingStatusCode() && !(statusCode >= SC_OK && statusCode < SC_MULTIPLE_CHOICES)) {
+ logger.log(SEVERE, webResponse.getWebRequest().getUrl().toExternalForm());
+ }
+ super.printContentIfNecessary(webResponse);
+ }
+ };
+ webClient.getOptions().setThrowExceptionOnFailingStatusCode(false);
+ }
+
+ @After
+ public void tearDown() {
+ webClient.getCookieManager().clearCookies();
+ webClient.close();
+ }
+
+ protected String readFromServer(String path) {
+ response = "";
+ WebResponse localResponse = responseFromServer(path);
+ if (localResponse != null) {
+ response = localResponse.getContentAsString();
+ }
+
+ return response;
+ }
+
+ protected WebResponse responseFromServer(String path) {
+
+ WebResponse webResponse = null;
+
+ Page page = pageFromServer(path);
+ if (page != null) {
+ webResponse = page.getWebResponse();
+ if (webResponse != null) {
+ response = webResponse.getContentAsString();
+ }
+ }
+
+ return webResponse;
+ }
+
+ protected <P extends Page> P pageFromServer(String path) {
+
+ if (base.toString().endsWith("/") && path.startsWith("/")) {
+ path = path.substring(1);
+ }
+
+ try {
+ response = "";
+
+ P page = webClient.getPage(base + path);
+
+ if (page != null) {
+ WebResponse localResponse = page.getWebResponse();
+ if (localResponse != null) {
+ response = localResponse.getContentAsString();
+ }
+ }
+
+ return page;
+
+ } catch (FailingHttpStatusCodeException | IOException e) {
+ throw new IllegalStateException(e);
+ }
+ }
+
+ protected WebClient getWebClient() {
+ return webClient;
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/common/src/main/java/org/glassfish/soteria/test/Assert.java b/appserver/tests/appserv-tests/devtests/security/soteria/common/src/main/java/org/glassfish/soteria/test/Assert.java
new file mode 100644
index 0000000..12e6eb4
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/common/src/main/java/org/glassfish/soteria/test/Assert.java
@@ -0,0 +1,184 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import java.util.ArrayList;
+import java.util.List;
+import com.gargoylesoftware.htmlunit.WebResponse;
+
+public final class Assert {
+
+ public static void assertDefaultAuthenticated(String response) {
+ assertAuthenticated("web", "reza", response, "foo", "bar");
+ }
+
+ public static void assertDefaultAuthenticated(WebResponse response) {
+ assertNotNull(response);
+ assertEquals(200, response.getStatusCode());
+ assertAuthenticated("web", "reza", response.getContentAsString(), "foo", "bar");
+ }
+
+ public static void assertDefaultNotAuthenticated(String response) {
+ assertNotAuthenticated("web", "reza", response, "foo", "bar");
+ }
+
+ public static void assertDefaultNotAuthenticated(WebResponse response) {
+ assertNotNull(response);
+ assertEquals(401, response.getStatusCode());
+ assertNotAuthenticated("web", "reza", response.getContentAsString(), "foo", "bar");
+ }
+
+ public static void assertDefaultNotAuthenticatedUnprotected(WebResponse response) {
+ assertNotNull(response);
+ assertEquals(200, response.getStatusCode());
+ assertNotAuthenticatedUnprotected("web", "null", response.getContentAsString(), new ArrayList<String>());
+ }
+
+ public static void assertNotAuthenticatedError(WebResponse response) {
+ assertNotNull(response);
+ assertEquals(500, response.getStatusCode());
+ }
+
+ public static void assertApplicationPrincipalAndContainerPrincipalName(WebResponse response) {
+ assertNotNull(response);
+ assertEquals(200, response.getStatusCode());
+ assertApplicationPrincipalAndContainerPrincipalSubject("reza", "foo", response
+ .getContentAsString());
+ }
+
+ public static void assertBundledHAMPrecedenceOverLoginConfig(WebResponse response) {
+ assertNotNull(response);
+ assertEquals(200, response.getStatusCode());
+ assertBundledHAMPrecedenceOverLoginConfig("reza", "foo", response
+ .getContentAsString());
+ }
+
+ public static void assertBothContainerAndApplicationPrincipalsAreSame(WebResponse response) {
+ assertNotNull(response);
+ assertEquals(200, response.getStatusCode());
+ assertBothContainerAndApplicationPrincipalsAreSame("reza", "foo", response
+ .getContentAsString());
+ }
+
+ public static void assertAuthenticated(String userType, String name, String response, String... roles) {
+ assertTrue(
+ "Should be authenticated as user " + name + " but was not \n Response: \n" +
+ response + "\n search: " + userType + " username: " + name,
+ response.contains(userType + " username: " + name));
+
+ for (String role : roles) {
+ assertTrue(
+ "Authenticated user should have role \"" + role + "\", but did not \n Response: \n" +
+ response,
+ response.contains(userType + " user has role \"" + role + "\": true"));
+ }
+ }
+
+ public static void assertNotAuthenticated(String userType, String name, String response, String... roles) {
+ assertFalse(
+ "Should not be authenticated as user " + name + " but was \n Response: \n" +
+ response + "\n search: " + userType + " username: " + name,
+ response.contains(userType + " username: " + name));
+
+ for (String role : roles) {
+ assertFalse(
+ "Authenticated user should not have role \"" + role + "\", but did \n Response: \n" +
+ response,
+ response.contains(userType + " user has role \"" + role + "\": true"));
+ }
+ }
+
+ public static void assertAuthenticatedRoles(String userType, String response, String... roles) {
+ for (String role : roles) {
+ assertTrue(
+ "Authenticated user should have role \"" + role + "\", but did not \n Response: \n" +
+ response,
+ response.contains(userType + " has role \"" + role + "\": true"));
+ }
+ }
+
+ public static void assertNotAuthenticatedRoles(String userType, String name, String response, String... roles) {
+
+ for (String role : roles) {
+ assertFalse(
+ "Authenticated user should not have role \"" + role + "\", but did \n Response: \n" +
+ response,
+ response.contains(userType + " has role \"" + role + "\": true"));
+ }
+ }
+ public static void assertNotAuthenticatedUnprotected(String userType, String name, String response, List<String> roles) {
+ assertTrue(
+ "Should not be authenticated as user " + name + " but was \n Response: \n" +
+ response + "\n search: " + userType + " username: " + name,
+ response.contains(userType + " username: " + name));
+
+ for (String role : roles) {
+ assertFalse(
+ "Authenticated user should not have role \"" + role + "\", but did \n Response: \n" +
+ response,
+ response.contains(userType + " user has role \"" + role + "\": true"));
+ }
+ }
+
+ public static void assertHasAccessToResource(String userType, String name, String resource, String response) {
+ assertTrue(
+ "user " + name + " should have access to resource "+ resource +" but was not \n Response: \n" +
+ response,
+ response.contains(userType + " user has access to " + resource + ": true"));
+ }
+
+ public static void assertNotHasAccessToResource(String userType, String name, String resource, String response) {
+ assertFalse(
+ "user " + name + " should have access to resource "+ resource +" but was not \n Response: \n" +
+ response,
+ response.contains(userType + " user has access to " + resource + ": true"));
+ }
+
+ public static void assertBundledHAMPrecedenceOverLoginConfig(String name, String role, String response) {
+ assertTrue(
+ "For " + name + " authentication should have been performed by TestAuthenticationMechanism, but wasn't. \n" +
+ "+ Response: \n" +
+ response,
+ response.contains(String.format("Authentication Mechanism:TestAuthenticationMechanism")));
+ }
+
+ public static void assertApplicationPrincipalAndContainerPrincipalSubject(String name, String role, String response) {
+ assertTrue(
+ "Both application principal's and container principal's name should have been same as "
+ + " but was not. \n Response: \n" +
+ response,
+ response.contains(String.format("Container caller principal and application caller principal both are " +
+ "represented by same principal for user %s and is in role %s", name, role)));
+ }
+
+ public static void assertBothContainerAndApplicationPrincipalsAreSame(String name, String role, String response) {
+ assertTrue(
+ "For user " + name + " both container caller principal and application caller principal should have been same, " +
+ "but " +
+ "wasn't. \n" +
+ "+ Response: \n" +
+ response,
+ response.contains(String.format("Both container caller principal and application caller principals are one and " +
+ "the same for user %s in role %s",
+ name, role)));
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/common/src/main/java/org/glassfish/soteria/test/ReportWatcher.java b/appserver/tests/appserv-tests/devtests/security/soteria/common/src/main/java/org/glassfish/soteria/test/ReportWatcher.java
new file mode 100644
index 0000000..6398064
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/common/src/main/java/org/glassfish/soteria/test/ReportWatcher.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import org.junit.rules.TestWatcher;
+import org.junit.runner.Description;
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+public class ReportWatcher extends TestWatcher{
+
+ private SimpleReporterAdapter stat;
+ private String testId;
+
+ public ReportWatcher(SimpleReporterAdapter stat, String testId) {
+ this.stat=stat;
+ this.testId=testId;
+ }
+
+ @Override
+ protected void starting(Description description){
+ stat.addDescription(testId + " " + description.getMethodName());
+ }
+
+ @Override
+ protected void failed(Throwable e, Description description) {
+ stat.addStatus(testId + " " + description.getMethodName() , stat.FAIL);
+ }
+
+ @Override
+ protected void succeeded(Description description) {
+ stat.addStatus(testId + " " + description.getMethodName() , stat.PASS);
+ }
+
+ protected void printSummary(){
+ stat.printSummary();
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/common/src/main/java/org/glassfish/soteria/test/ShrinkWrap.java b/appserver/tests/appserv-tests/devtests/security/soteria/common/src/main/java/org/glassfish/soteria/test/ShrinkWrap.java
new file mode 100644
index 0000000..59029eb
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/common/src/main/java/org/glassfish/soteria/test/ShrinkWrap.java
@@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.soteria.test;
+
+import static java.lang.System.getProperty;
+import static org.jboss.shrinkwrap.api.ShrinkWrap.create;
+
+import java.io.File;
+
+import org.jboss.shrinkwrap.api.importer.ZipImporter;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+
+public class ShrinkWrap {
+
+ public static WebArchive mavenWar() {
+ return
+ create(ZipImporter.class, getProperty("finalName") + ".war")
+ .importFrom(new File("target/" + getProperty("finalName") + ".war"))
+ .as(WebArchive.class);
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/common/src/main/resources/server.xml b/appserver/tests/appserv-tests/devtests/security/soteria/common/src/main/resources/server.xml
new file mode 100644
index 0000000..31ca2b8
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/common/src/main/resources/server.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<server description="new server">
+
+ <featureManager>
+ <feature>javaee-7.0</feature>
+ <feature>localConnector-1.0</feature>
+ </featureManager>
+
+ <httpEndpoint httpPort="9080" httpsPort="9443" id="defaultHttpEndpoint"/>
+
+ <applicationManager autoExpand="true"/>
+
+</server>
diff --git a/appserver/tests/appserv-tests/devtests/security/soteria/pom.xml b/appserver/tests/appserv-tests/devtests/security/soteria/pom.xml
new file mode 100644
index 0000000..b72b376
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/soteria/pom.xml
@@ -0,0 +1,137 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.glassfish.soteria.test</groupId>
+ <artifactId>soteria</artifactId>
+ <version>5.0.1-SNAPSHOT</version>
+ <packaging>pom</packaging>
+
+ <name>Soteria ${project.version} Integration tests and examples</name>
+
+ <properties>
+ <glassfish.version>5.0</glassfish.version>
+ <maven.compiler.source>1.8</maven.compiler.source>
+ <maven.compiler.target>1.8</maven.compiler.target>
+ </properties>
+
+ <modules>
+ <module>common</module>
+ <module>app-mem-basic</module>
+ <module>app-custom</module>
+ <module>app-custom-session</module>
+ <module>app-custom-rememberme</module>
+ <module>app-securitycontext-auth</module>
+ <module>app-securitycontext-auth-ejb</module>
+ <module>app-double-ham</module>
+ <module>app-ham-ordering</module>
+<!-- <module>app-db</module> -->
+ <module>app-custom-identity-store-handler</module>
+ <module>app-multiple-store</module>
+ <module>app-multiple-store-backup</module>
+ <module>app-no-role-mapping</module>
+ <module>app-bundled-ham-basic-login-config-form</module>
+ <module>app-caller-principal</module>
+ <module>app-no-application-caller-principal</module>
+ </modules>
+
+ <dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>org.jboss.arquillian</groupId>
+ <artifactId>arquillian-bom</artifactId>
+ <version>1.3.0.Final</version>
+ <scope>import</scope>
+ <type>pom</type>
+ </dependency>
+ <dependency>
+ <groupId>com.unboundid</groupId>
+ <artifactId>unboundid-ldapsdk</artifactId>
+ <version>4.0.4</version>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
+
+ <dependencies>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.12</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>javax</groupId>
+ <artifactId>javaee-api</artifactId>
+ <version>7.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>javax.security.enterprise</groupId>
+ <artifactId>javax.security.enterprise-api</artifactId>
+ <version>1.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.glassfish.soteria</groupId>
+ <artifactId>javax.security.enterprise</artifactId>
+ <version>1.0</version>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.arquillian.container</groupId>
+ <artifactId>arquillian-glassfish-remote-3.1</artifactId>
+ <version>1.0.2</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>com.sun.ejte.ccl.reporter</groupId>
+ <artifactId>SimpleReporterAdapter</artifactId>
+ <version>1.0</version>
+ <scope>system</scope>
+ <systemPath>${APS_HOME}/lib/reporter.jar</systemPath>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-failsafe-plugin</artifactId>
+ <version>2.20</version>
+ <executions>
+ <execution>
+ <goals>
+ <goal>integration-test</goal>
+ <goal>verify</goal>
+ </goals>
+ </execution>
+ </executions>
+ <configuration>
+ <systemPropertyVariables>
+ <finalName>${project.build.finalName}</finalName>
+ </systemPropertyVariables>
+ <environmentVariables>
+ <GLASSFISH_HOME>${env.S1AS_HOME}/..</GLASSFISH_HOME>
+ </environmentVariables>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+ </project>
diff --git a/appserver/tests/appserv-tests/devtests/security/standalone/build.properties b/appserver/tests/appserv-tests/devtests/security/standalone/build.properties
new file mode 100644
index 0000000..9f7bfb5
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/standalone/build.properties
@@ -0,0 +1,22 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security"/>
+<property name="sub-module" value="${module}-standalone"/>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/standalone/build.xml b/appserver/tests/appserv-tests/devtests/security/standalone/build.xml
new file mode 100644
index 0000000..dee7cfa
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/standalone/build.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../config/common.xml">
+<!ENTITY reporting SYSTEM "file:./../report.xml">
+<!ENTITY run SYSTEM "file:./../../../config/run.xml">
+]>
+
+<project name="standalone" default="usage" basedir=".">
+
+ &commonSetup;
+ &commonBuild;
+ &reporting;
+ &run;
+
+ <target name="all">
+ <ant dir="loginctxdriver" target="all"/>
+ </target>
+
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/build.properties b/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/build.properties
new file mode 100644
index 0000000..edb1319
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/build.properties
@@ -0,0 +1,31 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security"/>
+<property name="sub-module" value="${module}-standalone-loginctxdriver"/>
+<property name="appname" value="${sub-module}"/>
+
+<property name="assemble" value="${build.classes.dir}/archive"/>
+
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="sun-application.xml" value="descriptor/sun-application.xml"/>
+
+<property name="ejb-jar.xml" value="descriptor/ejb-jar.xml"/>
+<property name="sun-ejb-jar.xml" value="descriptor/sun-ejb-jar.xml"/>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/build.xml b/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/build.xml
new file mode 100644
index 0000000..dd0595e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/build.xml
@@ -0,0 +1,117 @@
+<?xml version="1.0"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "file:./../../../../config/run.xml">
+<!ENTITY testProperties SYSTEM "./build.properties">
+<!ENTITY commonSecurity SYSTEM "file:./../../common.xml">
+]>
+
+
+<project name="standalone-loginctxdriver" basedir="." default="usage">
+
+ &commonSetup;
+ &commonBuild;
+ &commonRun;
+ &testProperties;
+ &commonSecurity;
+
+ <target name="usage">
+ <echo>
+ Usage:
+ ant all (Executes standalone login context driver tests)
+ </echo>
+ </target>
+
+ <target name="all" depends="build, setup, deploy,run, undeploy, unsetup">
+ </target>
+
+ <target name="clean" depends="init-common">
+ <antcall target="clean-common"/>
+ </target>
+
+ <target name="compile" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="ejb"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="client"/>
+ </antcall>
+ </target>
+
+ <target name="build" depends="compile">
+ <antcall target="build-ear-common"/>
+ </target>
+
+ <target name="deploy" depends="init-common">
+ <antcall target="deploy-common"/>
+ </target>
+
+ <target name="run" depends="init-common">
+ <antcall target="run-standalone-client"/>
+ </target>
+
+ <target name="echo" depends="init-common">
+ <echo message="as.props = ${as.props}"/>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-common"/>
+ </target>
+
+ <target name="setup" depends="init-common">
+ <antcall target="create-auth-filerealm">
+ <param name="file.realm.name" value="file2"/>
+ <param name="keyfile.path" value="${admin.domain.dir}/${admin.domain}/config/keyfile2"/>
+ </antcall>
+ <!-- <antcall target="reconfig-common"/>-->
+
+ <antcall target="create-user-common">
+ <param name="user" value="testy"/>
+ <param name="password" value="testy"/>
+ <param name="groups" value="employee"/>
+ <param name="authrealmname" value="file2"/>
+ </antcall>
+ </target>
+
+ <target name="unsetup" depends="init-common">
+ <antcall target="delete-user-common">
+ <param name="user" value="testy"/>
+ <param name="authrealmname" value="file2"/>
+ </antcall>
+ </target>
+
+ <target name="run-standalone-client" depends="init-common">
+ <echo message="Running standalone client ..."/>
+
+ <java classname="LoginContextDriverTest"
+ classpath="${admin.domain.dir}/../lib/appserv-rt.jar:${s1astest.classpath}:${assemble.dir}/${appname}AppClient.jar" fork="true">
+ <jvmarg value="-Djava.security.auth.login.config=${admin.domain.dir}/../lib/appclient/appclientlogin.conf"/>
+ <jvmarg value="-Dorg.omg.CORBA.ORBInitialHost=${admin.host}"/>
+ <jvmarg value="-Dorg.omg.CORBA.ORBInitialPort=${orb.port}"/>
+
+ <jvmarg value="-Dj2eelogin.name=testy"/>
+ <jvmarg value="-Dj2eelogin.password=testy"/>
+ </java>
+ </target>
+
+
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/client/LoginContextDriverTest.java b/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/client/LoginContextDriverTest.java
new file mode 100644
index 0000000..f9cde7f
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/client/LoginContextDriverTest.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+import javax.naming.*;
+import javax.rmi.*;
+
+import java.util.Properties;
+
+import javax.ejb.EJBObject;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+import com.sun.enterprise.security.auth.login.LoginCallbackHandler;
+import com.sun.enterprise.security.auth.login.LoginContextDriver;
+import com.sun.enterprise.security.common.SecurityConstants;
+
+/**
+ * This test is for BACKWARD COMPATIBILITY ONLY
+ * Clients should NOT be using LoginContextDriver.doClientLogin
+ * They should be using the ProgrammaticLogin API
+ */
+public class LoginContextDriverTest {
+
+ private static String testId="Standalone-client-login-context-driver";
+ private static boolean testStatus=false;
+ private static SimpleReporterAdapter stat = new SimpleReporterAdapter();
+
+ private static InitialContext ic = null;
+
+ private static MySession1Remote my1r = null;
+
+ public static void main(String[] args) {
+
+ stat.addDescription("Security::EJB Method permissions test using " +
+ "Login Context Driver Standalone Client");
+
+ System.out.println("*** EJBMethod Permission Test using Login Context Driver Standalone client ***");
+
+
+ try{
+ // Use the default callback handler for login - using textauth (false)
+ LoginCallbackHandler handler = new LoginCallbackHandler(false);
+ LoginContextDriver.doClientLogin(
+ SecurityConstants.USERNAME_PASSWORD, handler);
+
+ // Initialize the Context
+ ic = new InitialContext();
+
+ System.out.println("EJB lookup start...");
+ java.lang.Object objref = ic.lookup("ejb/MySession1Bean");
+
+ MySession1RemoteHome my1rh = (MySession1RemoteHome)
+ PortableRemoteObject.narrow(objref, MySession1RemoteHome.class);
+
+ my1r = my1rh.create();
+
+ String retValue = my1r.businessMethod("blah");
+ System.out.println("retValue="+retValue);
+
+ testStatus = true;
+
+ } catch(Exception e) {
+ e.printStackTrace();
+ } finally {
+ if( testStatus)
+ stat.addStatus(testId, stat.PASS);
+ else
+ stat.addStatus(testId, stat.FAIL);
+
+ stat.printSummary(testId);
+ }
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/client/MANIFEST.MF b/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/client/MANIFEST.MF
new file mode 100644
index 0000000..7af180f
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/client/MANIFEST.MF
@@ -0,0 +1,4 @@
+Manifest-Version: 1.0
+Created-By: 1.4.0 (Sun Microsystems Inc.)
+
+
diff --git a/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/descriptor/application.xml b/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/descriptor/application.xml
new file mode 100644
index 0000000..4374375
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/descriptor/application.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application version="1.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/application_1_4.xsd">
+ <display-name>security-standalone-loginctxdriver</display-name>
+ <module>
+ <ejb>security-standalone-loginctxdriver-ejb.jar</ejb>
+ </module>
+</application>
diff --git a/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/descriptor/ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/descriptor/ejb-jar.xml
new file mode 100644
index 0000000..dfb20a2
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/descriptor/ejb-jar.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<ejb-jar version="2.1" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd">
+ <display-name>MyEntApp1-EJBModule</display-name>
+ <enterprise-beans>
+ <session>
+ <display-name>MySession1SB</display-name>
+ <ejb-name>MySession1Bean</ejb-name>
+ <home>MySession1RemoteHome</home>
+ <remote>MySession1Remote</remote>
+ <ejb-class>MySession1Bean</ejb-class>
+ <session-type>Stateless</session-type>
+ <transaction-type>Container</transaction-type>
+ </session>
+ </enterprise-beans>
+ <assembly-descriptor>
+
+
+ <security-role>
+ <role-name>staff</role-name>
+ </security-role>
+
+ <method-permission>
+ <description>method authorized to only staff role</description>
+ <role-name>staff</role-name>
+ <method>
+ <ejb-name>MySession1Bean</ejb-name>
+ <method-name>businessMethod</method-name>
+ </method>
+ </method-permission>
+
+
+ <container-transaction>
+ <method>
+ <ejb-name>MySession1Bean</ejb-name>
+ <method-name>*</method-name>
+ </method>
+ <trans-attribute>Required</trans-attribute>
+ </container-transaction>
+ </assembly-descriptor>
+ </ejb-jar>
diff --git a/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/descriptor/sun-application.xml b/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/descriptor/sun-application.xml
new file mode 100644
index 0000000..55652f9
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/descriptor/sun-application.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 8.0 J2EE Application 1.4//EN" "http://www.sun.com/software/appserver/dtds/sun-application_1_4-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application>
+
+ <security-role-mapping>
+ <role-name>staff</role-name>
+ <principal-name>testy</principal-name>
+ </security-role-mapping>
+
+ <realm>file2</realm>
+
+</sun-application>
diff --git a/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/descriptor/sun-ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/descriptor/sun-ejb-jar.xml
new file mode 100644
index 0000000..1ee0420
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/descriptor/sun-ejb-jar.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 8.1 EJB 2.1//EN" "http://www.sun.com/software/appserver/dtds/sun-ejb-jar_2_1-1.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-ejb-jar>
+
+ <security-role-mapping>
+ <role-name>staff</role-name>
+ <principal-name>testy</principal-name>
+ </security-role-mapping>
+
+ <enterprise-beans>
+ <ejb>
+ <ejb-name>MySession1Bean</ejb-name>
+ <jndi-name>ejb/MySession1Bean</jndi-name>
+ <ior-security-config>
+ <transport-config>
+ <integrity>supported</integrity>
+ <confidentiality>supported</confidentiality>
+ <establish-trust-in-target>supported</establish-trust-in-target>
+ <establish-trust-in-client>supported</establish-trust-in-client>
+ </transport-config>
+ <as-context>
+ <auth-method>username_password</auth-method>
+ <realm>file2</realm>
+ <required>true</required>
+ </as-context>
+ <sas-context>
+ <caller-propagation>supported</caller-propagation>
+ </sas-context>
+ </ior-security-config>
+ </ejb>
+ </enterprise-beans>
+</sun-ejb-jar>
diff --git a/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/ejb/MySession1Bean.java b/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/ejb/MySession1Bean.java
new file mode 100644
index 0000000..b614211
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/ejb/MySession1Bean.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+import javax.ejb.*;
+
+/**
+ * This is the bean class for the MySession1Bean enterprise bean.
+ */
+public class MySession1Bean implements SessionBean, MySession1RemoteBusiness {
+ private SessionContext context;
+
+ /**
+ * @see javax.ejb.SessionBean#setSessionContext(javax.ejb.SessionContext)
+ */
+ public void setSessionContext(SessionContext aContext) {
+ context = aContext;
+ }
+
+ /**
+ * @see javax.ejb.SessionBean#ejbActivate()
+ */
+ public void ejbActivate() {
+
+ }
+
+ /**
+ * @see javax.ejb.SessionBean#ejbPassivate()
+ */
+ public void ejbPassivate() {
+
+ }
+
+ /**
+ * @see javax.ejb.SessionBean#ejbRemove()
+ */
+ public void ejbRemove() {
+
+ }
+ // </editor-fold>
+
+ /**
+ * See section 7.10.3 of the EJB 2.0 specification
+ * See section 7.11.3 of the EJB 2.1 specification
+ */
+ public void ejbCreate() {
+ // TODO implement ejbCreate if necessary, acquire resources
+ // This method has access to the JNDI context so resource aquisition
+ // spanning all methods can be performed here such as home interfaces
+ // and data sources.
+ }
+
+
+
+ public String businessMethod(String name) {
+ return "hello " + name;
+ }
+
+ public String businessMethod2(String name) {
+ return "hey " + name;
+ }
+
+ public String businessMethod3(String name) {
+ return "howdy "+name;
+ }
+
+
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/ejb/MySession1Remote.java b/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/ejb/MySession1Remote.java
new file mode 100644
index 0000000..57f82ec
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/ejb/MySession1Remote.java
@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+import javax.ejb.EJBObject;
+
+
+/**
+ * This is the remote interface for MySession1 enterprise bean.
+ */
+public interface MySession1Remote extends EJBObject, MySession1RemoteBusiness {
+
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/ejb/MySession1RemoteBusiness.java b/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/ejb/MySession1RemoteBusiness.java
new file mode 100644
index 0000000..bdc4e71
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/ejb/MySession1RemoteBusiness.java
@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+/**
+ * This is the business interface for MySession1 enterprise bean.
+ */
+public interface MySession1RemoteBusiness {
+ String businessMethod(String name) throws java.rmi.RemoteException;
+
+ String businessMethod2(String name) throws java.rmi.RemoteException;
+
+ String businessMethod3(String name) throws java.rmi.RemoteException;
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/ejb/MySession1RemoteHome.java b/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/ejb/MySession1RemoteHome.java
new file mode 100644
index 0000000..daada77
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/standalone/loginctxdriver/ejb/MySession1RemoteHome.java
@@ -0,0 +1,30 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+import java.rmi.RemoteException;
+import javax.ejb.CreateException;
+import javax.ejb.EJBHome;
+
+
+/**
+ * This is the home interface for MySession1 enterprise bean.
+ */
+public interface MySession1RemoteHome extends EJBHome {
+
+ MySession1Remote create() throws CreateException, RemoteException;
+
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/timerStandalone/build.properties b/appserver/tests/appserv-tests/devtests/security/timerStandalone/build.properties
new file mode 100644
index 0000000..010b761
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/timerStandalone/build.properties
@@ -0,0 +1,35 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security-timerStandalone"/>
+<property name="appname" value="${module}"/>
+<property name="assemble" value="${build.classes.dir}/archive"/>
+<property name="test.client"
+ value="com.sun.s1asdev.security.timerStandalone.client.Client"/>
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="sun-application.xml" value="descriptor/sun-application.xml"/>
+<property name="ejb-jar.xml" value="descriptor/ejb-jar.xml"/>
+<property name="sun-ejb-jar.xml" value="descriptor/sun-ejb-jar.xml"/>
+<property name="application-client.xml"
+ value="descriptor/application-client.xml"/>
+<property name="sun-application-client.xml"
+ value="descriptor/sun-application-client.xml"/>
+<property name="appclientjar.files" value="${build.classes.dir}"/>
+<property name="appclient.jar" value="${assemble.dir}/${appname}-client.jar"/>
+<property name="app.type" value="application"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/timerStandalone/build.xml b/appserver/tests/appserv-tests/devtests/security/timerStandalone/build.xml
new file mode 100644
index 0000000..65caa58
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/timerStandalone/build.xml
@@ -0,0 +1,106 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../config/common.xml">
+<!ENTITY commonSecurity SYSTEM "file:../common.xml">
+<!ENTITY testproperties SYSTEM "file:./build.properties">
+]>
+
+<project name="security-timerStandalone" default="usage" basedir=".">
+
+ &commonSetup;
+ &commonBuild;
+ &testproperties;
+ &commonSecurity;
+
+ <target name="all" depends="clean, setup, build, deploy, run, undeploy, unsetup"/>
+
+ <target name="clean" depends="init-common">
+ <antcall target="clean-common"/>
+ </target>
+
+ <target name="setup" depends="init-common">
+ <antcall target="create-user-common">
+ <param name="user" value="javaee"/>
+ <param name="password" value="javaee"/>
+ <param name="groups" value="javaee"/>
+ </antcall>
+ </target>
+
+ <target name="unsetup" depends="init-common">
+ <antcall target="delete-user-common">
+ <param name="user" value="javaee"/>
+ </antcall>
+ </target>
+
+ <target name="compile" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="ejb"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="client"/>
+ </antcall>
+ </target>
+
+ <target name="build" depends="compile">
+ <antcall target="ejb-jar-common">
+ <param name="ejbjar.classes"
+ value="**/Sful*.class,**/Sless*.class"/>
+ </antcall>
+ <antcall target="appclient-jar-common">
+ <param name="appclientjar.classes"
+ value="**/Client.class,**/Sful.class,**/Sless.class"/>
+ </antcall>
+ <echo message="appclient.jar=${assemble.dir}/${appname}-client.jar"/>
+ <jar jarfile="${assemble.dir}/${appname}-client.jar" update="yes">
+ <zipfileset src="${env.APS_HOME}/lib/reporter.jar"
+ excludes="META-INF/**"/>
+ </jar>
+ </target>
+
+ <target name="deploy" depends="init-common">
+ <antcall target="deploy-jar-common"/>
+ <antcall target="deploy-client-common"/>
+ </target>
+
+ <target name="run" depends="init-common">
+ <exec executable="${APPCLIENT}">
+ <arg line="-client" />
+ <arg line="${assemble.dir}/${appname}-clientClient.jar"/>
+ <arg line="-name ${appname}Client"/>
+ <arg line="-texauth"/>
+ <arg line="-user" />
+ <arg line="javaee" />
+ <arg line="-password" />
+ <arg line="javaee" />
+
+ </exec>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-jar-common"/>
+ <antcall target="undeploy-client-common"/>
+ </target>
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/timerStandalone/client/Client.java b/appserver/tests/appserv-tests/devtests/security/timerStandalone/client/Client.java
new file mode 100644
index 0000000..89f0aa2
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/timerStandalone/client/Client.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.timerStandalone.client;
+
+import javax.ejb.EJB;
+import com.sun.s1asdev.security.timerStandalone.*;
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+public class Client {
+
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+
+ public static void main (String[] args) {
+
+ stat.addDescription("security-timerStandalone");
+ Client client = new Client(args);
+ client.doTest();
+ stat.printSummary("security-timerStandalone");
+ }
+
+ public Client (String[] args) {
+ }
+
+ @EJB
+ private static Sful sful;
+
+ @EJB
+ private static Sless sless;
+
+ public void doTest() {
+
+ try {
+
+ System.out.println("invoking stateful");
+ sful.hello();
+
+ System.out.println("invoking stateless");
+ sless.hello();
+
+ System.out.println("Sleeping to wait for timeout to happen...");
+ // wait a bit for timeout to happen
+ Thread.sleep(12000);
+
+ System.out.println("Woke up. Now checking for timeout");
+
+ boolean timeoutCalled = sless.timeoutCalled();
+
+ if( timeoutCalled ) {
+ System.out.println("verified that timeout was called");
+ } else {
+ throw new Exception("timeout not called");
+ }
+
+ System.out.println("test complete");
+
+ stat.addStatus("local main", stat.PASS);
+
+ } catch(Exception e) {
+ e.printStackTrace();
+ stat.addStatus("local main" , stat.FAIL);
+ }
+
+ return;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/timerStandalone/client/MANIFEST.MF b/appserver/tests/appserv-tests/devtests/security/timerStandalone/client/MANIFEST.MF
new file mode 100644
index 0000000..3cc5c70
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/timerStandalone/client/MANIFEST.MF
@@ -0,0 +1,4 @@
+Manifest-Version: 1.0
+Created-By: 1.4.0-beta3 (Sun Microsystems Inc.)
+Main-Class: com.sun.s1asdev.security.timerStandalone.client.Client
+Class-Path: reporter.jar
diff --git a/appserver/tests/appserv-tests/devtests/security/timerStandalone/descriptor/sun-ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/timerStandalone/descriptor/sun-ejb-jar.xml
new file mode 100644
index 0000000..e9072d0
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/timerStandalone/descriptor/sun-ejb-jar.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 EJB 2.1//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-ejb-jar_2_1-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-ejb-jar>
+ <security-role-mapping>
+ <role-name>javaee</role-name>
+ <principal-name>javaee</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>dummy</role-name>
+ <principal-name>dummy</principal-name>
+ </security-role-mapping>
+</sun-ejb-jar>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/timerStandalone/ejb/Sful.java b/appserver/tests/appserv-tests/devtests/security/timerStandalone/ejb/Sful.java
new file mode 100644
index 0000000..b229224
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/timerStandalone/ejb/Sful.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.timerStandalone;
+
+// Remote business interface
+
+public interface Sful
+{
+ public String hello();
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/timerStandalone/ejb/SfulEJB.java b/appserver/tests/appserv-tests/devtests/security/timerStandalone/ejb/SfulEJB.java
new file mode 100644
index 0000000..ac1d846
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/timerStandalone/ejb/SfulEJB.java
@@ -0,0 +1,32 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.timerStandalone;
+
+import javax.ejb.Stateful;
+import javax.ejb.Remote;
+
+@Stateful
+@Remote({Sful.class})
+public class SfulEJB implements Sful
+{
+
+ public String hello() {
+ System.out.println("In SfulEJB:hello()");
+ return "hello";
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/timerStandalone/ejb/Sless.java b/appserver/tests/appserv-tests/devtests/security/timerStandalone/ejb/Sless.java
new file mode 100644
index 0000000..7197799
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/timerStandalone/ejb/Sless.java
@@ -0,0 +1,25 @@
+/*
+ * Copyright (c) 2002, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.timerStandalone;
+
+// Remote business interface
+
+public interface Sless
+{
+ public String hello();
+ public boolean timeoutCalled();
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/timerStandalone/ejb/SlessEJB.java b/appserver/tests/appserv-tests/devtests/security/timerStandalone/ejb/SlessEJB.java
new file mode 100644
index 0000000..af76b25
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/timerStandalone/ejb/SlessEJB.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.timerStandalone;
+
+import javax.annotation.Resource;
+import javax.annotation.security.DeclareRoles;
+import javax.annotation.security.RolesAllowed;
+import javax.annotation.security.RunAs;
+import javax.ejb.Remote;
+import javax.ejb.SessionContext;
+import javax.ejb.Stateless;
+import javax.ejb.Timeout;
+import javax.ejb.Timer;
+import javax.ejb.TimerService;
+
+@Stateless
+@Remote({Sless.class})
+@DeclareRoles({"dummy"})
+@RunAs("dummy")
+public class SlessEJB implements Sless
+{
+ @Resource private TimerService timerSvc;
+ @Resource private SessionContext sc;
+
+ private static boolean timeoutWasCalled = false;
+
+ @RolesAllowed("javaee")
+ public String hello() {
+ System.out.println("In SlessEJB:hello()");
+ timerSvc.createTimer(1, "timer");
+ return "hello";
+ }
+
+ public boolean timeoutCalled() {
+ return timeoutWasCalled;
+ }
+
+ @Timeout
+ private void timeout(Timer t) {
+ System.out.println("in SlessEJB:timeout");
+ sc.isCallerInRole("dummy");
+ timeoutWasCalled = true;
+ }
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/build.properties b/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/build.properties
new file mode 100644
index 0000000..bff93b0
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/build.properties
@@ -0,0 +1,28 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="UncoveredHTTPMethods"/>
+<property name="appname" value="${module}"/>
+<property name="assemble" value="${build.classes.dir}/archive"/>
+<property name="test.client" value="org.glassfish.jacc.test.uncoveredmethods.Client"/>
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="glassfish-application.xml" value="descriptor/glassfish-application.xml"/>
+<property name="deny-web.xml" value="descriptor/deny-web.xml"/>
+<property name="web.xml" value="descriptor/web.xml"/>
+<property name="app.type" value="application"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/build.xml b/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/build.xml
new file mode 100644
index 0000000..48ef350
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/build.xml
@@ -0,0 +1,112 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+
+ Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!DOCTYPE project [
+<!ENTITY commonSetup SYSTEM "./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "./../../../config/common.xml">
+<!ENTITY commonSecurity SYSTEM "../common.xml">
+<!ENTITY testproperties SYSTEM "./build.properties">
+]>
+
+<project name="uncovered-http-methods" default="usage" basedir=".">
+
+ &commonSetup;
+ &commonBuild;
+ &testproperties;
+ &commonSecurity;
+
+ <target name="all" depends="clean, setup, build, deploy, run, undeploy, unsetup"/>
+
+ <target name="setup" depends="init-common">
+ <antcall target="create-user-common">
+ <param name="user" value="testuser"/>
+ <param name="password" value="javaee"/>
+ <param name="groups" value="users"/>
+ </antcall>
+ </target>
+
+ <target name="run" depends="init-common">
+ <java classname="${test.client}" fork="yes"
+ classpath="${s1astest.classpath}">
+ <arg value="${http.host}"/>
+ <arg value="${http.port}"/>
+ <arg value="testuser"/>
+ <arg value="javaee"/>
+ </java>
+ </target>
+
+ <target name="unsetup" depends="init-common">
+ <antcall target="delete-user-common">
+ <param name="user" value="testuser"/>
+ </antcall>
+ </target>
+
+ <target name="clean" depends="init-common">
+ <antcall target="clean-common"/>
+ </target>
+
+ <target name="compile" depends="clean">
+ </target>
+
+ <target name="build" depends="compile">
+ <antcall target="compile-common">
+ <param name="src" value="web"/>
+ </antcall>
+
+ <mkdir dir="${assemble.dir}"/>
+ <antcall target="package-war-common">
+ <param name="war.classes" value="${build.classes.dir}"/>
+ <param name="war.file" value="${assemble.dir}/openUncoveredServletTest-web.war"/>
+ </antcall>
+ <antcall target="package-war-common">
+ <param name="war.classes" value="${build.classes.dir}"/>
+ <param name="web.xml" value="${deny-web.xml}"/>
+ <param name="war.file" value="${assemble.dir}/denyUncoveredServletTest-web.war"/>
+ </antcall>
+
+ <mkdir dir="${build.classes.dir}/META-INF"/>
+ <copy file="${application.xml}" tofile="${build.classes.dir}/META-INF/application.xml" failonerror="false"/>
+ <copy file="${glassfish-application.xml}" tofile="${build.classes.dir}/META-INF/glassfish-application.xml" failonerror="false"/>
+ <jar jarfile="${assemble.dir}/${appname}App.ear">
+ <fileset dir="${assemble.dir}">
+ <include name="*.war"/>
+ </fileset>
+ <fileset dir="${build.classes.dir}">
+ <include name="META-INF/application.xml"/>
+ <include name="META-INF/glassfish-application.xml"/>
+ </fileset>
+ </jar>
+
+ <antcall target="compile-common">
+ <param name="src" value="client"/>
+ </antcall>
+ </target>
+
+ <target name="deploy" depends="init-common">
+ <antcall target="deploy-common"/>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-common"/>
+ </target>
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/client/Client.java b/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/client/Client.java
new file mode 100644
index 0000000..9223906
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/client/Client.java
@@ -0,0 +1,442 @@
+/*
+ * Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.jacc.test.uncoveredmethods;
+
+import java.net.*;
+import java.io.*;
+import java.util.Enumeration;
+import java.util.Hashtable;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+public class Client {
+ private static SimpleReporterAdapter stat = new SimpleReporterAdapter("appserv-tests");
+ private static String testSuite = "Security::UncoveredHTTPMethods";
+ private static String contextPathOpen = "/open";
+ private static String contextPathDeny = "/deny";
+
+ private String host;
+ private String port;
+ private String username;
+ private String password;
+
+ public static void main(String[] args) {
+ stat.addDescription(testSuite);
+ Client client = new Client(args);
+ client.doTests();
+ stat.printSummary();
+ }
+
+ public Client(String[] args) {
+ host = args[0];
+ port = args[1];
+ username = args[2];
+ password = args[3];
+ System.out.println(" Host: " + host);
+ System.out.println(" Port: " + port);
+ System.out.println(" Username: " + username);
+ }
+
+ public void doTests() {
+ testExample1();
+ testExample1Put();
+ testExample2();
+ testExample2Delete();
+ testExample3a();
+ testExample3aPut();
+ testExample3bPost();
+ testExample3bDelete();
+ testCovered1Post();
+ testCovered1Put();
+ testCovered2();
+ testCovered2Put();
+ testCovered3aPost();
+ testCovered3aDelete();
+ testCovered3b();
+ testCovered3bPut();
+ }
+
+ public void testExample1() {
+ String servlet = "/Example1";
+ String descriptionOpen = contextPathOpen+servlet;
+ String descriptionDeny = contextPathDeny+servlet;
+
+ StringBuffer output = new StringBuffer();
+ boolean success = doIndividualTest(servlet, null, 302, username, contextPathOpen, output);
+ int index = output.indexOf("https://");
+ if (success && (index != -1)) {
+ stat.addStatus(descriptionOpen, stat.PASS);
+ }
+ else stat.addStatus(descriptionOpen, stat.FAIL);
+
+ output = new StringBuffer();
+ success = doIndividualTest(servlet, null, 302, username, contextPathDeny, output);
+ if (success) stat.addStatus(descriptionDeny, stat.PASS);
+ else stat.addStatus(descriptionDeny, stat.FAIL);
+ }
+
+ public void testExample1Put() {
+ String servlet = "/Example1";
+ String method = "PUT";
+ String descriptionOpen = contextPathOpen+servlet+"-"+method;
+ String descriptionDeny = contextPathDeny+servlet+"-"+method;
+
+ StringBuffer output = new StringBuffer();
+ boolean success = doIndividualTest(servlet, method, 200, username, contextPathOpen, output);
+ if (success) {
+ stat.addStatus(descriptionOpen, stat.PASS);
+ }
+ else stat.addStatus(descriptionOpen, stat.FAIL);
+
+ output = new StringBuffer();
+ success = doIndividualTest(servlet, method, 403, username, contextPathDeny, output);
+ if (success) stat.addStatus(descriptionDeny, stat.PASS);
+ else stat.addStatus(descriptionDeny, stat.FAIL);
+ }
+
+ public void testExample2() {
+ String servlet = "/Example2";
+ String descriptionOpen = contextPathOpen+servlet;
+ String descriptionDeny = contextPathDeny+servlet;
+
+ StringBuffer output = new StringBuffer();
+ boolean success = doIndividualTest(servlet, null, 200, username, contextPathOpen, output);
+ if (success) {
+ stat.addStatus(descriptionOpen, stat.PASS);
+ }
+ else stat.addStatus(descriptionOpen, stat.FAIL);
+
+ output = new StringBuffer();
+ success = doIndividualTest(servlet, null, 403, username, contextPathDeny, output);
+ if (success) stat.addStatus(descriptionDeny, stat.PASS);
+ else stat.addStatus(descriptionDeny, stat.FAIL);
+ }
+
+ public void testExample2Delete() {
+ String servlet = "/Example2";
+ String method = "DELETE";
+ String descriptionOpen = contextPathOpen+servlet+"-"+method;
+ String descriptionDeny = contextPathDeny+servlet+"-"+method;
+
+ StringBuffer output = new StringBuffer();
+ boolean success = doIndividualTest(servlet, method, 403, username, contextPathOpen, output);
+ if (success) {
+ stat.addStatus(descriptionOpen, stat.PASS);
+ }
+ else stat.addStatus(descriptionOpen, stat.FAIL);
+
+ output = new StringBuffer();
+ success = doIndividualTest(servlet, method, 403, username, contextPathDeny, output);
+ if (success) stat.addStatus(descriptionDeny, stat.PASS);
+ else stat.addStatus(descriptionDeny, stat.FAIL);
+ }
+
+ public void testExample3a() {
+ String servlet = "/Example3a";
+ String descriptionOpen = contextPathOpen+servlet;
+ String descriptionDeny = contextPathDeny+servlet;
+
+ StringBuffer output = new StringBuffer();
+ boolean success = doIndividualTest(servlet, null, 200, username, contextPathOpen, output);
+ if (success) {
+ stat.addStatus(descriptionOpen, stat.PASS);
+ }
+ else stat.addStatus(descriptionOpen, stat.FAIL);
+
+ output = new StringBuffer();
+ success = doIndividualTest(servlet, null, 200, username, contextPathDeny, output);
+ if (success) stat.addStatus(descriptionDeny, stat.PASS);
+ else stat.addStatus(descriptionDeny, stat.FAIL);
+ }
+
+ public void testExample3aPut() {
+ String servlet = "/Example3a";
+ String method = "PUT";
+ String descriptionOpen = contextPathOpen+servlet+"-"+method;
+ String descriptionDeny = contextPathDeny+servlet+"-"+method;
+
+ StringBuffer output = new StringBuffer();
+ boolean success = doIndividualTest(servlet, method, 200, username, contextPathOpen, output);
+ if (success) {
+ stat.addStatus(descriptionOpen, stat.PASS);
+ }
+ else stat.addStatus(descriptionOpen, stat.FAIL);
+
+ output = new StringBuffer();
+ success = doIndividualTest(servlet, method, 403, username, contextPathDeny, output);
+ if (success) stat.addStatus(descriptionDeny, stat.PASS);
+ else stat.addStatus(descriptionDeny, stat.FAIL);
+ }
+
+ public void testExample3bPost() {
+ String servlet = "/Example3b";
+ String method = "POST";
+ String descriptionOpen = contextPathOpen+servlet+"-"+method;
+ String descriptionDeny = contextPathDeny+servlet+"-"+method;
+
+ StringBuffer output = new StringBuffer();
+ boolean success = doIndividualTest(servlet, method, 200, username, contextPathOpen, output);
+ if (success) {
+ stat.addStatus(descriptionOpen, stat.PASS);
+ }
+ else stat.addStatus(descriptionOpen, stat.FAIL);
+
+ output = new StringBuffer();
+ success = doIndividualTest(servlet, method, 200, username, contextPathDeny, output);
+ if (success) stat.addStatus(descriptionDeny, stat.PASS);
+ else stat.addStatus(descriptionDeny, stat.FAIL);
+ }
+
+ public void testExample3bDelete() {
+ String servlet = "/Example3b";
+ String method = "DELETE";
+ String descriptionOpen = contextPathOpen+servlet+"-"+method;
+ String descriptionDeny = contextPathDeny+servlet+"-"+method;
+
+ StringBuffer output = new StringBuffer();
+ boolean success = doIndividualTest(servlet, method, 200, username, contextPathOpen, output);
+ if (success) {
+ stat.addStatus(descriptionOpen, stat.PASS);
+ }
+ else stat.addStatus(descriptionOpen, stat.FAIL);
+
+ output = new StringBuffer();
+ success = doIndividualTest(servlet, method, 403, username, contextPathDeny, output);
+ if (success) stat.addStatus(descriptionDeny, stat.PASS);
+ else stat.addStatus(descriptionDeny, stat.FAIL);
+ }
+
+ public void testCovered1Post() {
+ String servlet = "/Covered1";
+ String method = "POST";
+ String descriptionOpen = contextPathOpen+servlet+"-"+method;
+ String descriptionDeny = contextPathDeny+servlet+"-"+method;
+
+ StringBuffer output = new StringBuffer();
+ boolean success = doIndividualTest(servlet, method, 302, username, contextPathOpen, output);
+ int index = output.indexOf("https://");
+ if (success && (index != -1)) {
+ stat.addStatus(descriptionOpen, stat.PASS);
+ }
+ else stat.addStatus(descriptionOpen, stat.FAIL);
+
+ output = new StringBuffer();
+ success = doIndividualTest(servlet, method, 302, username, contextPathDeny, output);
+ if (success) stat.addStatus(descriptionDeny, stat.PASS);
+ else stat.addStatus(descriptionDeny, stat.FAIL);
+ }
+
+ public void testCovered1Put() {
+ String servlet = "/Covered1";
+ String method = "PUT";
+ String descriptionOpen = contextPathOpen+servlet+"-"+method;
+ String descriptionDeny = contextPathDeny+servlet+"-"+method;
+
+ StringBuffer output = new StringBuffer();
+ boolean success = doIndividualTest(servlet, method, 302, username, contextPathOpen, output);
+ int index = output.indexOf("https://");
+ if (success && (index != -1)) {
+ stat.addStatus(descriptionOpen, stat.PASS);
+ }
+ else stat.addStatus(descriptionOpen, stat.FAIL);
+
+ output = new StringBuffer();
+ success = doIndividualTest(servlet, method, 302, username, contextPathDeny, output);
+ if (success) stat.addStatus(descriptionDeny, stat.PASS);
+ else stat.addStatus(descriptionDeny, stat.FAIL);
+ }
+
+ public void testCovered2() {
+ String servlet = "/Covered2";
+ String descriptionOpen = contextPathOpen+servlet;
+ String descriptionDeny = contextPathDeny+servlet;
+
+ StringBuffer output = new StringBuffer();
+ boolean success = doIndividualTest(servlet, null, 302, username, contextPathOpen, output);
+ int index = output.indexOf("https://");
+ if (success && (index != -1)) {
+ stat.addStatus(descriptionOpen, stat.PASS);
+ }
+ else stat.addStatus(descriptionOpen, stat.FAIL);
+
+ output = new StringBuffer();
+ success = doIndividualTest(servlet, null, 302, username, contextPathDeny, output);
+ if (success) stat.addStatus(descriptionDeny, stat.PASS);
+ else stat.addStatus(descriptionDeny, stat.FAIL);
+ }
+
+ public void testCovered2Put() {
+ String servlet = "/Covered2";
+ String method = "PUT";
+ String descriptionOpen = contextPathOpen+servlet+"-"+method;
+ String descriptionDeny = contextPathDeny+servlet+"-"+method;
+
+ StringBuffer output = new StringBuffer();
+ boolean success = doIndividualTest(servlet, method, 403, username, contextPathOpen, output);
+ if (success) {
+ stat.addStatus(descriptionOpen, stat.PASS);
+ }
+ else stat.addStatus(descriptionOpen, stat.FAIL);
+
+ output = new StringBuffer();
+ success = doIndividualTest(servlet, method, 403, username, contextPathDeny, output);
+ if (success) stat.addStatus(descriptionDeny, stat.PASS);
+ else stat.addStatus(descriptionDeny, stat.FAIL);
+ }
+
+ public void testCovered3aPost() {
+ String servlet = "/Covered3a";
+ String method = "POST";
+ String descriptionOpen = contextPathOpen+servlet+"-"+method;
+ String descriptionDeny = contextPathDeny+servlet+"-"+method;
+
+ StringBuffer output = new StringBuffer();
+ boolean success = doIndividualTest(servlet, method, 200, username, contextPathOpen, output);
+ if (success) {
+ stat.addStatus(descriptionOpen, stat.PASS);
+ }
+ else stat.addStatus(descriptionOpen, stat.FAIL);
+
+ output = new StringBuffer();
+ success = doIndividualTest(servlet, method, 200, username, contextPathDeny, output);
+ if (success) stat.addStatus(descriptionDeny, stat.PASS);
+ else stat.addStatus(descriptionDeny, stat.FAIL);
+ }
+
+ public void testCovered3aDelete() {
+ String servlet = "/Covered3a";
+ String method = "DELETE";
+ String descriptionOpen = contextPathOpen+servlet+"-"+method;
+ String descriptionDeny = contextPathDeny+servlet+"-"+method;
+
+ StringBuffer output = new StringBuffer();
+ boolean success = doIndividualTest(servlet, method, 200, username, contextPathOpen, output);
+ if (success) {
+ stat.addStatus(descriptionOpen, stat.PASS);
+ }
+ else stat.addStatus(descriptionOpen, stat.FAIL);
+
+ output = new StringBuffer();
+ success = doIndividualTest(servlet, method, 200, username, contextPathDeny, output);
+ if (success) stat.addStatus(descriptionDeny, stat.PASS);
+ else stat.addStatus(descriptionDeny, stat.FAIL);
+ }
+
+ public void testCovered3b() {
+ String servlet = "/Covered3b";
+ String descriptionOpen = contextPathOpen+servlet;
+ String descriptionDeny = contextPathDeny+servlet;
+
+ StringBuffer output = new StringBuffer();
+ boolean success = doIndividualTest(servlet, null, 302, username, contextPathOpen, output);
+ int index = output.indexOf("https://");
+ if (success && (index != -1)) {
+ stat.addStatus(descriptionOpen, stat.PASS);
+ }
+ else stat.addStatus(descriptionOpen, stat.FAIL);
+
+ output = new StringBuffer();
+ success = doIndividualTest(servlet, null, 302, username, contextPathDeny, output);
+ if (success) stat.addStatus(descriptionDeny, stat.PASS);
+ else stat.addStatus(descriptionDeny, stat.FAIL);
+ }
+
+ public void testCovered3bPut() {
+ String servlet = "/Covered3b";
+ String method = "PUT";
+ String descriptionOpen = contextPathOpen+servlet+"-"+method;
+ String descriptionDeny = contextPathDeny+servlet+"-"+method;
+
+ StringBuffer output = new StringBuffer();
+ boolean success = doIndividualTest(servlet, method, 302, username, contextPathOpen, output);
+ int index = output.indexOf("https://");
+ if (success && (index != -1)) {
+ stat.addStatus(descriptionOpen, stat.PASS);
+ }
+ else stat.addStatus(descriptionOpen, stat.FAIL);
+
+ output = new StringBuffer();
+ success = doIndividualTest(servlet, method, 302, username, contextPathDeny, output);
+ if (success) stat.addStatus(descriptionDeny, stat.PASS);
+ else stat.addStatus(descriptionDeny, stat.FAIL);
+ }
+
+ private boolean doIndividualTest(String servlet, String method, int code, String user, String context, StringBuffer output) {
+ boolean result = false;
+ try {
+ int rtncode;
+ String url = "http://" + host + ":" + port + context + servlet;
+ System.out.println("\nInvoking servlet at " + url);
+ rtncode = invokeServlet(url, method, user, output);
+ System.out.println("The servlet return code: " + rtncode);
+ if (rtncode != code) {
+ System.out.println("Incorrect return code, expecting: " + code);
+ }
+ else result = true;
+ } catch (Exception ex) {
+ System.out.println("Exception: " + ex.toString());
+ //ex.printStackTrace();
+ }
+ return result;
+ }
+
+ private int invokeServlet(String url, String method, String user, StringBuffer output) throws Exception {
+ String httpMethod = "GET";
+ if ((method != null) && (method.length() > 0)) httpMethod = method;
+ System.out.println("Invoking servlet with HTTP method: " + httpMethod);
+ URL u = new URL(url);
+ HttpURLConnection c1 = (HttpURLConnection) u.openConnection();
+ c1.setRequestMethod(httpMethod);
+ if ((user != null) && (user.length() > 0)) {
+ // Add BASIC header for authentication
+ String auth = user + ":" + password;
+ String authEncoded = new sun.misc.BASE64Encoder().encode(auth.getBytes());
+ c1.setRequestProperty("Authorization", "Basic " + authEncoded);
+ }
+ c1.setUseCaches(false);
+
+ // Connect and get the response code and/or output to verify
+ c1.connect();
+ int code = c1.getResponseCode();
+ if (code == HttpURLConnection.HTTP_OK) {
+ InputStream is = null;
+ BufferedReader input = null;
+ String line = null;
+ try {
+ is = c1.getInputStream();
+ input = new BufferedReader(new InputStreamReader(is));
+ while ((line = input.readLine()) != null) {
+ output.append(line);
+ //System.out.println(line);
+ }
+ }
+ finally {
+ try { if (is != null) is.close(); }
+ catch (Exception exc) {}
+ try { if (input != null) input.close(); }
+ catch (Exception exc) {}
+ }
+ }
+ else if (code == HttpURLConnection.HTTP_MOVED_TEMP) {
+ URL redir = new URL(c1.getHeaderField("Location"));
+ String line = "Servlet redirected to: " + redir.toString();
+ output.append(line);
+ System.out.println(line);
+ }
+ return code;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/descriptor/application.xml b/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/descriptor/application.xml
new file mode 100644
index 0000000..9af8c5d
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/descriptor/application.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="6"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/application_6.xsd">
+ <display-name>UncoveredHTTPMethods</display-name>
+ <module>
+ <web>
+ <web-uri>openUncoveredServletTest-web.war</web-uri>
+ <context-root>open</context-root>
+ </web>
+ </module>
+ <module>
+ <web>
+ <web-uri>denyUncoveredServletTest-web.war</web-uri>
+ <context-root>deny</context-root>
+ </web>
+ </module>
+</application>
diff --git a/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/descriptor/deny-web.xml b/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/descriptor/deny-web.xml
new file mode 100644
index 0000000..e9b466a
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/descriptor/deny-web.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee web-app_3_1.xsd" version="3.1">
+
+ <deny-uncovered-http-methods/>
+
+ <!-- Also see the @ServletSecurity annotations on the servlet test classes -->
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Example1</web-resource-name>
+ <url-pattern>/Example1</url-pattern>
+ <http-method>GET</http-method>
+ <http-method>POST</http-method>
+ </web-resource-collection>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Example2</web-resource-name>
+ <url-pattern>/Example2</url-pattern>
+ <http-method-omission>GET</http-method-omission>
+ <http-method-omission>POST</http-method-omission>
+ </web-resource-collection>
+ <auth-constraint/>
+ </security-constraint>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Covered1</web-resource-name>
+ <url-pattern>/Covered1</url-pattern>
+ </web-resource-collection>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Covered2.1</web-resource-name>
+ <url-pattern>/Covered2</url-pattern>
+ <http-method-omission>GET</http-method-omission>
+ </web-resource-collection>
+ <auth-constraint/>
+ </security-constraint>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Covered2.2</web-resource-name>
+ <url-pattern>/Covered2</url-pattern>
+ <http-method>GET</http-method>
+ </web-resource-collection>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+</web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/descriptor/glassfish-application.xml b/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/descriptor/glassfish-application.xml
new file mode 100644
index 0000000..8e6aebf
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/descriptor/glassfish-application.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!DOCTYPE glassfish-application PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Java EE Application 6.0//EN" "http://glassfish.org/dtds/glassfish-application_6_0-1.dtd">
+
+<glassfish-application>
+ <security-role-mapping>
+ <role-name>users</role-name>
+ <group-name>users</group-name>
+ </security-role-mapping>
+</glassfish-application>
diff --git a/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/descriptor/web.xml b/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/descriptor/web.xml
new file mode 100644
index 0000000..3dd3d80
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/descriptor/web.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee web-app_3_1.xsd" version="3.1">
+
+ <!-- Also see the @ServletSecurity annotations on the servlet test classes -->
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Example1</web-resource-name>
+ <url-pattern>/Example1</url-pattern>
+ <http-method>GET</http-method>
+ <http-method>POST</http-method>
+ </web-resource-collection>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Example2</web-resource-name>
+ <url-pattern>/Example2</url-pattern>
+ <http-method-omission>GET</http-method-omission>
+ <http-method-omission>POST</http-method-omission>
+ </web-resource-collection>
+ <auth-constraint/>
+ </security-constraint>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Covered1</web-resource-name>
+ <url-pattern>/Covered1</url-pattern>
+ </web-resource-collection>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Covered2.1</web-resource-name>
+ <url-pattern>/Covered2</url-pattern>
+ <http-method-omission>GET</http-method-omission>
+ </web-resource-collection>
+ <auth-constraint/>
+ </security-constraint>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Covered2.2</web-resource-name>
+ <url-pattern>/Covered2</url-pattern>
+ <http-method>GET</http-method>
+ </web-resource-collection>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+</web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/web/BaseServlet.java b/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/web/BaseServlet.java
new file mode 100644
index 0000000..7db7df2
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/web/BaseServlet.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.jacc.test.uncoveredmethods;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.security.Principal;
+import javax.servlet.ServletException;
+import javax.servlet.http.*;
+
+public class BaseServlet extends HttpServlet {
+
+ public void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+ response.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = response.getWriter();
+ try {
+ out.println("<HTML> <HEAD> <TITLE> Servlet Output </TITLE> </HEAD> <BODY>");
+ out.println("Uncovered HTTP Methods Servlet<br>");
+ out.println("<table border=\"2\"><caption>HTTP Request Values</caption>");
+ out.println("<thead><tr><th>HTTP</th><th>Value</th></tr></thead><tbody>");
+ out.println("<tr><td>URL</td><td>" + request.getRequestURL() + "</td>/<tr>");
+ out.println("<tr><td>Method</td><td>" + request.getMethod() + "</td>/<tr>");
+ out.println("<tr><td>Servlet</td><td>" + request.getServletPath() + "</td>/<tr>");
+ out.println("<tr><td>Context</td><td>" + request.getContextPath() + "</td>/<tr>");
+ out.println("<tr><td>Secure</td><td>" + (request.isSecure() ? "true" : "false") + "</td>/<tr>");
+ out.println("<tr><td>UserPrincipal</td><td>"
+ + (request.getUserPrincipal() == null ? "null" : request.getUserPrincipal().getName()) + "</td>/<tr>");
+ out.println("<tr><td>AuthType</td><td>" + request.getAuthType() + "</td>/<tr>");
+ out.println("</tbody></table>");
+ out.println("</BODY> </HTML>");
+ } catch (Throwable t) {
+ out.println("Something went wrong: " + t);
+ } finally {
+ out.close();
+ }
+ }
+
+ public String getServletInfo() {
+ return "Base Servlet implementation class of Test Servlet";
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/web/Covered1.java b/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/web/Covered1.java
new file mode 100644
index 0000000..2116585
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/web/Covered1.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.jacc.test.uncoveredmethods;
+
+import javax.servlet.annotation.WebServlet;
+
+
+@WebServlet(urlPatterns = {"/Covered1"})
+public class Covered1 extends BaseServlet {
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/web/Covered2.java b/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/web/Covered2.java
new file mode 100644
index 0000000..18642af
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/web/Covered2.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.jacc.test.uncoveredmethods;
+
+import javax.servlet.annotation.WebServlet;
+
+
+@WebServlet(urlPatterns = {"/Covered2"})
+public class Covered2 extends BaseServlet {
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/web/Covered3a.java b/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/web/Covered3a.java
new file mode 100644
index 0000000..1fc75cc
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/web/Covered3a.java
@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.jacc.test.uncoveredmethods;
+
+import javax.servlet.annotation.ServletSecurity;
+import javax.servlet.annotation.WebServlet;
+
+
+@WebServlet(urlPatterns = {"/Covered3a"})
+@ServletSecurity()
+public class Covered3a extends BaseServlet {
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/web/Covered3b.java b/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/web/Covered3b.java
new file mode 100644
index 0000000..fdb89bc
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/web/Covered3b.java
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.jacc.test.uncoveredmethods;
+
+import javax.servlet.annotation.HttpConstraint;
+import javax.servlet.annotation.ServletSecurity;
+import javax.servlet.annotation.ServletSecurity.TransportGuarantee;
+import javax.servlet.annotation.WebServlet;
+
+
+@WebServlet(urlPatterns = {"/Covered3b"})
+@ServletSecurity(value = @HttpConstraint(transportGuarantee=TransportGuarantee.CONFIDENTIAL))
+public class Covered3b extends BaseServlet {
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/web/Example1.java b/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/web/Example1.java
new file mode 100644
index 0000000..b51ae7d
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/web/Example1.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.jacc.test.uncoveredmethods;
+
+import javax.servlet.annotation.WebServlet;
+
+
+@WebServlet(urlPatterns = {"/Example1"})
+public class Example1 extends BaseServlet {
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/web/Example2.java b/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/web/Example2.java
new file mode 100644
index 0000000..4910e38
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/web/Example2.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.jacc.test.uncoveredmethods;
+
+import javax.servlet.annotation.WebServlet;
+
+
+@WebServlet(urlPatterns = {"/Example2"})
+public class Example2 extends BaseServlet {
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/web/Example3a.java b/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/web/Example3a.java
new file mode 100644
index 0000000..8d67dc3
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/web/Example3a.java
@@ -0,0 +1,29 @@
+/*
+ * Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.jacc.test.uncoveredmethods;
+
+import javax.servlet.annotation.HttpMethodConstraint;
+import javax.servlet.annotation.ServletSecurity;
+import javax.servlet.annotation.WebServlet;
+
+@WebServlet(urlPatterns = {"/Example3a"})
+@ServletSecurity(httpMethodConstraints = {
+ @HttpMethodConstraint(value = "GET"),
+ @HttpMethodConstraint(value = "POST")
+ })
+public class Example3a extends BaseServlet {
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/web/Example3b.java b/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/web/Example3b.java
new file mode 100644
index 0000000..937c67f
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/uncovered-http-methods/web/Example3b.java
@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.jacc.test.uncoveredmethods;
+
+import javax.servlet.annotation.HttpConstraint;
+import javax.servlet.annotation.HttpMethodConstraint;
+import javax.servlet.annotation.ServletSecurity;
+import javax.servlet.annotation.ServletSecurity.EmptyRoleSemantic;
+import javax.servlet.annotation.WebServlet;
+
+
+@WebServlet(urlPatterns = {"/Example3b/*"})
+@ServletSecurity(value = @HttpConstraint(EmptyRoleSemantic.PERMIT),
+ httpMethodConstraints = {
+ @HttpMethodConstraint(value = "GET", rolesAllowed = "users"),
+ @HttpMethodConstraint(value = "POST", rolesAllowed = "users")
+ })
+public class Example3b extends BaseServlet {
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/README b/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/README
new file mode 100644
index 0000000..d294fde
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/README
@@ -0,0 +1,2 @@
+Fix for CR: 5040224
+Previous appserver builds would not allow usernames of the form "username@blahblah". This test checks against regressions for this fix.
diff --git a/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/build.properties b/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/build.properties
new file mode 100644
index 0000000..a1835d4
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/build.properties
@@ -0,0 +1,29 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security"/>
+<property name="app.type" value="application"/>
+<!--======= -->
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="sun-application.xml" value="descriptor/sun-application.xml"/>
+<property name="ejb-jar.xml" value="descriptor/ejb-jar.xml"/>
+<property name="sun-ejb-jar.xml" value="descriptor/sun-ejb-jar.xml"/>
+<property name="application-client.xml" value="descriptor/application-client.xml"/>
+<property name="sun-application-client.xml" value="descriptor/sun-application-client.xml"/>
+<property name="appname" value="rpaLoginBean"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/build.xml b/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/build.xml
new file mode 100644
index 0000000..cbf8b6c
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/build.xml
@@ -0,0 +1,114 @@
+<?xml version="1.0"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "file:./../../../config/run.xml">
+<!ENTITY testProperties SYSTEM "./build.properties">
+<!ENTITY commonSecurity SYSTEM "file:./../common.xml">
+]>
+
+
+<project name="user-with-at-symbol" basedir="." default="usage">
+
+ &commonSetup;
+ &commonBuild;
+ &commonRun;
+ &testProperties;
+ &commonSecurity;
+
+ <target name="all" depends="build, setup, deploy,run, undeploy, unsetup"/>
+
+ <target name="setup" depends="init-common">
+ <property environment="env"/>
+ <echo message="file=${env.S1AS_HOME}/domains/domain1/config/keyfile2" file="temp.txt"/>
+ <replace file="temp.txt" token=":" value="\:"/>
+ <replace file="temp.txt" token="\" value="\\"/>
+ <loadproperties srcFile="temp.txt"/>
+ <echo message="${file}"/>
+ <delete file="temp.txt"/>
+
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="create-auth-realm" />
+ <param name="operand.props" value="--classname com.sun.enterprise.security.auth.realm.file.FileRealm --property file=${file}:jaas-context=fileRealm file2"/>
+ </antcall>
+ <!-- <antcall target="reconfig-common"/>-->
+
+ <echo message="Creating user with an @ symbol: harpreet@foobar.com"/>
+ <antcall target="create-user-common">
+ <param name="user" value="harpreet@foobar.com"/>
+ <param name="password" value="harpreet"/>
+ <param name="groups" value="employee"/>
+ <param name="authrealmname" value="file2"/>
+ </antcall>
+ </target>
+
+ <target name="unsetup" depends="init-common">
+ <antcall target="delete-user-common">
+ <param name="user" value="harpreet@foobar.com"/>
+ <param name="authrealmname" value="file2"/>
+ </antcall>
+
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-auth-realm" />
+ <param name="operand.props" value="file2"/>
+ </antcall>
+
+ <!--<antcall target="reconfig-common"/>-->
+ </target>
+
+ <target name="clean" depends="init-common">
+ <delete dir="${build.classes.dir}"/>
+ <delete dir="${assemble.dir}"/>
+ </target>
+
+ <target name="compile" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="shopping"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="client"/>
+ </antcall>
+ </target>
+
+ <target name="build" depends="compile">
+<!-- <property name="ejbjar.classes" value="**/*Home*.class,**/*Bean*.class,**/*Data*.class,*.dbschema"/>
+-->
+ <antcall target="build-ear-common"/>
+ </target>
+
+ <target name="deploy" depends="init-common">
+ <antcall target="deploy-common"/>
+ </target>
+
+ <target name="run" depends="init-common">
+ <exec executable="${APPCLIENT}">
+ <arg line="-client" />
+ <arg line="${assemble.dir}/${appname}AppClient.jar"/>
+ <arg line="-textauth" />
+ <arg line="-user harpreet@foobar.com" />
+ <arg line="-password harpreet" />
+ </exec>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-common"/>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/client/MANIFEST.MF b/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/client/MANIFEST.MF
new file mode 100644
index 0000000..d6c7e78
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/client/MANIFEST.MF
@@ -0,0 +1,4 @@
+Manifest-Version: 1.0
+Created-By: Apache Ant 1.5
+Main-Class: shopping.RpaClient
+
diff --git a/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/client/RpaClient.java b/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/client/RpaClient.java
new file mode 100644
index 0000000..1cf5f16
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/client/RpaClient.java
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 2002, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package shopping;
+
+import java.io.*;
+import java.util.*;
+import javax.ejb.EJBHome;
+import javax.naming.*;
+import javax.rmi.PortableRemoteObject;
+import org.omg.CORBA.ORB;
+import com.sun.enterprise.security.LoginContext;
+//import com.sun.enterprise.security.auth.login.common.LoginException;
+import java.rmi.RemoteException;
+import java.security.*;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+public class RpaClient {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+
+ public static void main (String[] args) {
+
+ RpaClient client = new RpaClient(args);
+ client.doTest();
+ }
+
+ public RpaClient(String[] args) {
+ //super(args);
+ }
+
+ public String doTest() {
+
+ RpaRemote hr=null;
+ String res=null;
+ Context ic = null;
+ LoginContext lc=null;
+ RpaHome home=null;
+ String testId = "Sec::Username with @";
+ try{
+ stat.addDescription("Security::Username with @");
+ ic = new InitialContext();
+ // create EJB using factory from container
+ java.lang.Object objref = ic.lookup("rpaLoginBean");
+
+ System.err.println("Looked up home!!");
+
+ home = (RpaHome)PortableRemoteObject.narrow(
+ objref, RpaHome.class);
+ System.err.println("Narrowed home!!");
+
+ hr = home.create("LizHurley");
+ System.out.println("Got the EJB!!");
+
+ // invoke 3 overloaded methods on the EJB
+ System.out.println ("Calling authorized method - addItem");
+ hr.addItem("lipstick", 30);
+ hr.addItem("mascara", 40);
+ hr.addItem("lipstick2", 50);
+ hr.addItem("sandals", 200);
+ System.out.println(hr.getTotalCost());
+ hr.deleteItem("lipstick2");
+ java.lang.String[] shoppingList = hr.getItems();
+ System.out.println("Shopping list for LizHurley");
+ for (int i=0; i<shoppingList.length; i++){
+ System.out.println(shoppingList[i]);
+ }
+ System.out.println("Total Cost for Ms Hurley = "+
+ hr.getTotalCost());
+ stat.addStatus(testId, stat.PASS);
+ System.out.println("Username with @:RpaLoginBean Test Passed");
+ } catch(Exception re){
+ re.printStackTrace();
+ stat.addStatus(testId, stat.FAIL);
+ System.out.println("Username with @:RpaLoginBean Test Failed");
+ System.exit(-1);
+ } finally {
+ stat.printSummary();
+ }
+ return res;
+
+ }
+}
+
diff --git a/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/descriptor/application-client.xml b/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/descriptor/application-client.xml
new file mode 100644
index 0000000..2165e5a
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/descriptor/application-client.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE application-client PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application Client 1.3//EN" "http://java.sun.com/dtd/application-client_1_3.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application-client>
+ <display-name>rpaLoginBean-client</display-name>
+ <description>Stateful Login Bean checking j2eelogin.name and j2eelogin.password properties</description>
+ <ejb-ref>
+ <ejb-ref-name>ejb/rpaLoginBean</ejb-ref-name>
+ <ejb-ref-type>Session</ejb-ref-type>
+ <home>shopping.RpaHome</home>
+ <remote>shopping.RpaRemote</remote>
+ </ejb-ref>
+</application-client>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/descriptor/application.xml b/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/descriptor/application.xml
new file mode 100644
index 0000000..a736f97
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/descriptor/application.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE application PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application 1.3//EN" "http://java.sun.com/dtd/application_1_3.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application>
+ <display-name>rpaLoginBean</display-name>
+ <module>
+ <ejb>rpaLoginBean-ejb.jar</ejb>
+ </module>
+ <module>
+ <java>rpaLoginBean-client.jar</java>
+ </module>
+</application>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/descriptor/ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/descriptor/ejb-jar.xml
new file mode 100644
index 0000000..1461e61
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/descriptor/ejb-jar.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 2.0//EN" "http://java.sun.com/dtd/ejb-jar_2_0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<ejb-jar>
+ <display-name>Ejb1</display-name>
+ <enterprise-beans>
+ <session>
+ <display-name>rpaLoginBean</display-name>
+ <ejb-name>rpaLoginBean</ejb-name>
+ <home>shopping.RpaHome</home>
+ <remote>shopping.RpaRemote</remote>
+ <ejb-class>shopping.RpaBean</ejb-class>
+ <session-type>Stateful</session-type>
+ <transaction-type>Container</transaction-type>
+ <security-role-ref>
+ <role-name>EMP</role-name>
+ <role-link>Employee</role-link>
+ </security-role-ref>
+ <security-role-ref>
+ <role-name>STAFF</role-name>
+ <role-link>Employee</role-link>
+ </security-role-ref>
+ <security-identity>
+ <use-caller-identity/>
+ </security-identity>
+ </session>
+ </enterprise-beans>
+ <assembly-descriptor>
+ <security-role>
+ <role-name>Employee</role-name>
+ </security-role>
+ </assembly-descriptor>
+</ejb-jar>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/descriptor/sun-application-client.xml b/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/descriptor/sun-application-client.xml
new file mode 100644
index 0000000..d22ee2b
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/descriptor/sun-application-client.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application-client PUBLIC "-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 Application Client 1.3//EN" "http://www.sun.com/software/sunone/appserver/dtds/sun-application-client_1_3-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application-client>
+<ejb-ref>
+<ejb-ref-name>ejb/rpaLoginBean</ejb-ref-name>
+<jndi-name>rpaLoginBean</jndi-name>
+</ejb-ref>
+</sun-application-client>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/descriptor/sun-application.xml b/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/descriptor/sun-application.xml
new file mode 100644
index 0000000..d2b230f
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/descriptor/sun-application.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application PUBLIC "-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 J2EE Application 1.4//EN" "http://www.sun.com/software/sunone/appserver/dtds/sun-application_1_4-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application>
+ <unique-id>0</unique-id>
+ <security-role-mapping>
+ <role-name>Administrator</role-name>
+ <principal-name>harry</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>Employee</role-name>
+ <principal-name>harpreet</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>Manager</role-name>
+ <principal-name>harpreet</principal-name>
+ </security-role-mapping>
+ <realm>file2</realm>
+</sun-application>
diff --git a/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/descriptor/sun-ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/descriptor/sun-ejb-jar.xml
new file mode 100644
index 0000000..21e6b48
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/descriptor/sun-ejb-jar.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 EJB 2.0//EN" "http://www.sun.com/software/sunone/appserver/dtds/sun-ejb-jar_2_0-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-ejb-jar>
+<enterprise-beans>
+<unique-id>0</unique-id>
+<ejb>
+<ejb-name>rpaLoginBean</ejb-name>
+<jndi-name>rpaLoginBean</jndi-name>
+<ior-security-config>
+<transport-config>
+<integrity>supported</integrity>
+<confidentiality>supported</confidentiality>
+<establish-trust-in-target>supported</establish-trust-in-target>
+<establish-trust-in-client>supported</establish-trust-in-client>
+</transport-config>
+<as-context>
+<auth-method>username_password</auth-method>
+<realm>file2</realm>
+<required>true</required>
+</as-context>
+<sas-context>
+<caller-propagation>supported</caller-propagation>
+</sas-context>
+</ior-security-config>
+<gen-classes/>
+</ejb>
+</enterprise-beans>
+</sun-ejb-jar>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/pwdfile b/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/pwdfile
new file mode 100644
index 0000000..9746ce8
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/pwdfile
@@ -0,0 +1 @@
+PASSWORD=harpreet
diff --git a/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/shopping/RpaBean.java b/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/shopping/RpaBean.java
new file mode 100644
index 0000000..3489659
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/shopping/RpaBean.java
@@ -0,0 +1,131 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+/*
+ * ShoppingEJB.java
+ *
+ * Created on May 15, 2003, 5:16 PM
+ */
+
+package shopping;
+
+import javax.ejb.SessionContext;
+import javax.ejb.SessionBean;
+import java.util.Vector;
+import java.lang.String;
+import java.util.Iterator;
+import javax.ejb.EJBException;
+import java.rmi.RemoteException;
+/**
+ *
+ * @author Harpreet
+ * @version
+ */
+
+public class RpaBean implements SessionBean {
+
+ private String shopper = "anonymous";
+ private String principal = "harpreet@foobar.com";
+ private int totalPrice = 0;
+
+ private int totalItems = 0;
+
+ private Vector items;
+
+ private Vector itemPrice;
+
+ private SessionContext sc = null;
+
+ /** Creates a new instance of ShoppingEJB */
+ public void ejbCreate(String shopperName) {
+ shopper = shopperName;
+ items = new Vector();
+ itemPrice = new Vector();
+ }
+
+ public void addItem(java.lang.String item, int price) throws EJBException,
+ RemoteException{
+ checkCallerPrincipal();
+ items.add(item);
+ itemPrice.add(new Integer(price));
+ totalItems++;
+ totalPrice += price;
+ System.out.println(" Shopping Cart: Shopper "+ shopper +" has bought "
+ + item +" for price ="+ price +" .Total Items = "+totalItems +
+ " .TotalPrice = " + totalPrice);
+ }
+
+ public void deleteItem(java.lang.String item) throws EJBException,
+ RemoteException{
+ checkCallerPrincipal();
+ int index = items.indexOf(item);
+ items.remove(item);
+ Integer price = (Integer) itemPrice.get(index);
+ System.out.println("Shopping Cart: Removing item "+ item +" @price "+
+ price.intValue());
+ totalPrice -= price.shortValue();
+ itemPrice.remove(index);
+ System.out.println(" Shopping Cart: Shopper "+ shopper +" .Total Items = "+totalItems +
+ " .TotalPrice = " + totalPrice);
+ }
+
+ public double getTotalCost() throws EJBException{
+ checkCallerPrincipal();
+ return totalPrice;
+ }
+
+ public String[] getItems() throws EJBException{
+ checkCallerPrincipal();
+
+ Iterator it = items.iterator();
+ int sz = items.size();
+ String[] itemNames = new String[sz];
+ for(int i=0; it.hasNext();){
+ itemNames[i++] = new String( (String)it.next());
+ }
+ return itemNames;
+ }
+
+ public void ejbActivate() {
+ System.out.println("In Rpa ejbActivate");
+ }
+
+
+ public void ejbPassivate() {
+ System.out.println("In Rpa ejbPassivate");
+ }
+
+
+ public void ejbRemove() {
+ System.out.println("In Rpa ejbRemove");
+ }
+
+
+ public void setSessionContext(javax.ejb.SessionContext sessionContext) {
+ sc = sessionContext;
+ }
+
+ private void checkCallerPrincipal() throws EJBException {
+ System.out.println("Caller Princial = " + sc.getCallerPrincipal() +
+ " comparing against " + principal);
+
+ if (!sc.getCallerPrincipal().getName().equals(principal)) {
+ throw new EJBException("Wrong Principal. Principal should be = "
+ + principal);
+ }
+
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/shopping/RpaHome.java b/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/shopping/RpaHome.java
new file mode 100644
index 0000000..e52095e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/shopping/RpaHome.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+/*
+ * RpaHome.java
+ *
+ * Created on May 15, 2003, 5:21 PM
+ */
+
+package shopping;
+import javax.ejb.EJBHome;
+import shopping.RpaRemote;
+/**
+ *
+ * @author Harpreet Singh
+ */
+public interface RpaHome extends EJBHome{
+
+ public RpaRemote create(java.lang.String shopperName)
+ throws java.rmi.RemoteException, javax.ejb.CreateException;
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/shopping/RpaRemote.java b/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/shopping/RpaRemote.java
new file mode 100644
index 0000000..d5b1bb9
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/userWithAtSymbol/shopping/RpaRemote.java
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+/*
+ * Rpa.java
+ *
+ * Created on May 15, 2003, 5:09 PM
+ */
+
+package shopping;
+import javax.ejb.EJBObject;
+/**
+ * Shopping Cart Stateful Session Bean. Just tests -Dj2eelogin.name
+ * -Dj2eelogin.password system properties.
+ * @author hsingh
+ */
+public interface RpaRemote extends EJBObject {
+
+ public void addItem(java.lang.String item, int price) throws java.rmi.RemoteException;
+
+ public void deleteItem(java.lang.String item) throws java.rmi.RemoteException;
+
+ public double getTotalCost() throws java.rmi.RemoteException;
+
+ public java.lang.String[] getItems() throws java.rmi.RemoteException;
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/web-mutual-ssl/WebSSLClient.java b/appserver/tests/appserv-tests/devtests/security/web-mutual-ssl/WebSSLClient.java
new file mode 100644
index 0000000..bb4f565
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/web-mutual-ssl/WebSSLClient.java
@@ -0,0 +1,153 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package devtests.security;
+
+import java.io.*;
+import java.security.*;
+import java.net.*;
+import javax.net.ssl.*;
+import com.sun.ejte.ccl.reporter.*;
+
+/*
+ This is the standalone client java program to access AS web app
+ which has <security-constraint> protected by (in its web.xml)
+ <login-config>
+ <auth-method>CLIENT-CERT</auth-method>
+ <realm-name>default</realm-name>
+ </login-config>
+*/
+public class WebSSLClient {
+
+ private static final String TEST_NAME
+ = "security-web-mutual-ssl";
+
+ private static final String EXPECTED_RESPONSE
+ = "[Ljava.security.cert.X509Certificate;";
+
+ private static SimpleReporterAdapter stat
+ = new SimpleReporterAdapter("appserv-tests");
+
+
+ public static void main(String args[]) throws Exception{
+
+ String host = args[0];
+ String port = args[1];
+ String contextRoot = args[2];
+ String keyStorePath = args[3];
+ String trustStorePath = args[4];
+ String sslPassword = args[5];
+
+ System.out.println("host/port=" + host + "/" + port);
+
+ try {
+ stat.addDescription(TEST_NAME);
+ SSLSocketFactory ssf = getSSLSocketFactory(sslPassword,
+ keyStorePath,
+ trustStorePath);
+ HttpsURLConnection connection = connect("https://" + host + ":"
+ + port + contextRoot
+ + "/TestClientCert",
+ ssf);
+
+ parseResponse(connection);
+
+ } catch (Throwable t) {
+ stat.addStatus(TEST_NAME, stat.FAIL);
+ t.printStackTrace();
+ }
+ stat.printSummary(TEST_NAME);
+ }
+
+
+ private static void parseResponse(HttpsURLConnection connection)
+ throws Exception {
+
+ BufferedReader in = null;
+
+ try {
+ in = new BufferedReader(new InputStreamReader(
+ connection.getInputStream()));
+
+ String line = null;
+ while ((line = in.readLine()) != null) {
+ if (EXPECTED_RESPONSE.equals(line)) {
+ stat.addStatus(TEST_NAME, stat.PASS);
+ break;
+ }
+ }
+
+ if (line == null) {
+ System.err.println("Wrong response. Expected: "
+ + EXPECTED_RESPONSE
+ + ", received: " + line);
+ stat.addStatus(TEST_NAME, stat.FAIL);
+ }
+ } finally {
+ if (in != null) {
+ in.close();
+ }
+ }
+ }
+
+
+ private static SSLSocketFactory getSSLSocketFactory(String sslPassword,
+ String keyStorePath,
+ String trustStorePath)
+ throws Exception {
+
+ SSLContext ctx = SSLContext.getInstance("TLS");
+
+ // Keystore
+ KeyStore ks = KeyStore.getInstance("JKS");
+ char[] passphrase = sslPassword.toCharArray();
+ ks.load(new FileInputStream(keyStorePath), passphrase);
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
+ kmf.init(ks, passphrase);
+
+ // Truststore
+ KeyStore trustStore = KeyStore.getInstance("JKS");
+ trustStore.load(new FileInputStream(trustStorePath), null);
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
+ tmf.init(trustStore);
+
+ ctx.init(kmf.getKeyManagers(),tmf.getTrustManagers(), null);
+
+ return ctx.getSocketFactory();
+ }
+
+
+ private static HttpsURLConnection connect(String urlAddress,
+ SSLSocketFactory ssf)
+ throws Exception {
+
+ URL url = new URL(urlAddress);
+ HttpsURLConnection.setDefaultSSLSocketFactory(ssf);
+ HttpsURLConnection connection = (HttpsURLConnection)
+ url.openConnection();
+
+ connection.setHostnameVerifier(
+ new HostnameVerifier() {
+ public boolean verify(String rserver, SSLSession sses) {
+ return true;
+ }
+ });
+
+ connection.setDoOutput(true);
+
+ return connection;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/web-mutual-ssl/build.properties b/appserver/tests/appserv-tests/devtests/security/web-mutual-ssl/build.properties
new file mode 100644
index 0000000..778c06d
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/web-mutual-ssl/build.properties
@@ -0,0 +1,32 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="web-mutual-ssl"/>
+<property name="appname" value="${module}" />
+<property name="app.type" value="application"/>
+<property name="assemble" value="${build.classes.dir}/archive"/>
+<property name="contextroot" value="/${appname}"/>
+<!--======= -->
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="sun-application.xml" value="descriptor/sun-application.xml"/>
+<property name="ejb-jar.xml" value="descriptor/ejb-jar.xml"/>
+<property name="sun-ejb-jar.xml" value="descriptor/sun-ejb-jar.xml"/>
+<property name="appname" value="statefulLoginBean"/>
+<property name="web.xml" value="descriptor/web.xml"/>
+<property name="sun-web.xml" value="descriptor/sun-web.xml"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/web-mutual-ssl/build.xml b/appserver/tests/appserv-tests/devtests/security/web-mutual-ssl/build.xml
new file mode 100644
index 0000000..24ba176
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/web-mutual-ssl/build.xml
@@ -0,0 +1,210 @@
+<?xml version="1.0"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "file:./../../../config/run.xml">
+<!ENTITY commonSecurity SYSTEM "file:./../common.xml">
+<!ENTITY testProperties SYSTEM "./build.properties">
+]>
+
+
+<project name="web-mutual-auth" basedir="." default="usage">
+
+ &commonSetup;
+ &commonBuild;
+ &commonRun;
+ &commonSecurity;
+ &testProperties;
+
+ <target name="all" depends="build, setup, deploy, run, undeploy, unsetup"/>
+ <target name="clean" depends="init-common">
+ <delete dir="${build.classes.dir}"/>
+ <delete dir="${assemble.dir}"/>
+ </target>
+
+ <target name="compile" depends="clean">
+ <mkdir dir="build"/>
+ <antcall target="compile-common">
+ <param name="src" value="servlet"/>
+ </antcall>
+ <javac srcdir="." destdir="./build" classpath="${env.APS_HOME}/lib/reporter.jar"
+ includes="WebSSLClient.java"/>
+ </target>
+
+ <target name="build" depends="compile">
+ <property name="hasWebclient" value="yes"/>
+ <antcall target="webclient-war-common">
+ <param name="hasWebclient" value="yes" />
+ <param name="webclient.war.classes" value="**/*.class"/>
+ </antcall>
+ </target>
+
+ <target name="build-publish-war" depends="build, publish-war-common" />
+
+ <target name="deploy" depends="init-common,build">
+ <antcall target="deploy-war-common"/>
+ </target>
+
+ <target name="re-deploy" depends="init-common,build">
+ <antcall target="deploy-war-common"/>
+ </target>
+
+ <target name="run" depends="init-common,init-security-util">
+ <!-- <property name="myhttps.host" value="localhost"/>
+ <property name="myhttps.port" value="8181"/> -->
+ <java classname="devtests.security.WebSSLClient">
+ <sysproperty key="javax.net.debug1" value="ssl,handshake,data,trustmanager" />
+ <sysproperty key="sun.security.ssl.allowUnsafeRenegotiation" value="true" />
+ <arg value="${s1asCN}"/>
+ <arg value="${https.port}"/>
+ <arg value="${contextroot}"/>
+ <arg value="${mykeystore.db.file}"/>
+ <arg value="${mytruststore.db.file}"/>
+ <arg value="${ssl.password}"/>
+ <classpath>
+ <pathelement location="${env.APS_HOME}/lib/reporter.jar"/>
+ <pathelement location="./build"/>
+ </classpath>
+ </java>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-war-common"/>
+ </target>
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+
+ <target name="setup" depends="init-common,prepare-store-common">
+ <antcall target="env-check" />
+ <antcall target="generate-ca-client-certs-pe" />
+ <antcall target="generate-ca-client-certs-ee" />
+ <antcall target="restart-server-instance-common"/>
+ </target>
+
+ <target name="unsetup">
+ <antcall target="restore"/>
+ </target>
+
+ <target name="restore" depends="init-common" >
+ <antcall target="remove-store-common"/>
+ <antcall target="restart-server-instance-common"/>
+ </target>
+
+
+
+
+<target name="generate-ca-client-certs-pe" depends="init-common" unless="isNSS">
+<!--client side -->
+ <exec executable="${java.home}/bin/keytool" failonerror="false">
+ <arg line="-delete -alias testcert1 -keystore ${mykeystore.db.file} -storepass ${ssl.password}"/>
+ </exec>
+ <exec executable="${java.home}/bin/keytool" failonerror="false">
+ <arg line="-delete -alias testca -keystore ${mytruststore.db.file} -storepass ${ssl.password}"/>
+ </exec>
+
+ <antcall target="import-cert-jks">
+ <param name="cert.alias" value="testca"/>
+ <param name="keystore.file" value="${mytruststore.db.file}"/>
+ <param name="cert.file" value="${env.APS_HOME}/devtests/security/web-mutual-ssl/certificate/testca.rfc"/>
+ </antcall>
+
+ <antcall target="convert-pkcs12-to-jks">
+ <param name="pkcs12.file" value="${env.APS_HOME}/devtests/security/web-mutual-ssl/certificate/testcert1.p12"/>
+ <param name="pkcs12.pass" value="${ssl.password}"/>
+ <param name="jks.file" value="${mykeystore.db.file}"/>
+ <param name="jks.pass" value="${ssl.password}"/>
+ </antcall>
+
+<!-- server side -->
+ <exec executable="${java.home}/bin/keytool" failonerror="false">
+ <arg line="-delete -alias testca -keystore ${admin.domain.dir}/${admin.domain}/config/cacerts.jks -storepass ${ssl.password}"/>
+ </exec>
+ <exec executable="${java.home}/bin/keytool" failonerror="true">
+ <arg line="-import -trustcacerts -alias testca -storepass '${ssl.password}' -noprompt "/>
+ <arg value="-file"/>
+ <arg file="${env.APS_HOME}/devtests/security/web-mutual-ssl/certificate/testca.rfc"/>
+ <arg value="-keystore"/>
+ <arg file="${admin.domain.dir}/${admin.domain}/config/cacerts.jks"/>
+ </exec>
+</target>
+
+<!--
+ generate selfsigned CA cert testca, and testcert1(issued by/signed by testca) in ${nss.db.dir};
+ export testca to testca.rfc and then import to ${mytruststore.db.file};
+ export testcert1 to testcert.p12 and then import it to ${mykeystore.db.file}.
+-->
+<target name="generate-ca-client-certs-ee" depends="init-common" if="isNSS">
+ <mkdir dir="build"/>
+ <echo message="${ssl.password}" file="build/passfile"/>
+ <echo message="anything" file="build/seedfile"/>
+
+ <exec executable="${env.S1AS_HOME}/lib/certutil" failonerror="false">
+ <env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib"/>
+ <arg line="-D -n testcert1 -d ${nss.db.dir}"/>
+ </exec>
+ <exec executable="${env.S1AS_HOME}/lib/certutil" failonerror="false">
+ <env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib"/>
+ <arg line="-D -n testca -d ${nss.db.dir}"/>
+ </exec>
+
+ <exec executable="${env.S1AS_HOME}/lib/certutil" failonerror="true">
+ <env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib"/>
+ <arg line="-S -x -n testca -s 'CN=testca, O=Sun, OU=JWS, L=Santa Clara, C=US' -t TCu,Pu,Pu -m 1111 -v 1111 -f ./build/passfile -z ./build/seedfile -d ${nss.db.dir}"/>
+ </exec>
+ <exec executable="${env.S1AS_HOME}/lib/certutil" failonerror="true" output="build/testca.rfc">
+ <env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib"/>
+ <arg line="-L -n testca -a"/>
+ <arg value="-d"/>
+ <arg file="${nss.db.dir}"/>
+ </exec>
+ <antcall target="import-cert-jks">
+ <param name="cert.alias" value="testca"/>
+ <param name="keystore.file" value="${mytruststore.db.file}"/>
+ <param name="cert.file" value="build/testca.rfc"/>
+ </antcall>
+
+ <exec executable="${env.S1AS_HOME}/lib/certutil" failonerror="true">
+ <env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib"/>
+ <arg line="-S -n testcert1 -s 'CN=testcert1, O=Sun, OU=JWS, L=Santa Clara, C=US' -t Pu,Pu,Pu -m 2111 -v 2111 -c testca -f ./build/passfile -z ./build/seedfile -d ${nss.db.dir}"/>
+ </exec>
+ <antcall target="export-cert-p12-nss">
+ <param name="cert.file" value="${env.APS_HOME}/devtests/security/web-mutual-ssl/build/testcert1.p12"/>
+ <param name="cert.dir" value="${nss.db.dir}"/>
+ <param name="certdb.pwd" value="${ssl.password}"/>
+ <param name="cert.pwd" value="${ssl.password}"/>
+ <param name="cert.nickname" value="testcert1"/>
+ </antcall>
+ <antcall target="convert-pkcs12-to-jks">
+ <param name="pkcs12.file" value="${env.APS_HOME}/devtests/security/web-mutual-ssl/build/testcert1.p12"/>
+ <param name="pkcs12.pass" value="${ssl.password}"/>
+ <param name="jks.file" value="${mykeystore.db.file}"/>
+ <param name="jks.pass" value="${ssl.password}"/>
+ </antcall>
+ <exec executable="${env.S1AS_HOME}/lib/certutil" failonerror="false">
+ <env key="LD_LIBRARY_PATH" path="${env.S1AS_HOME}/lib"/>
+ <arg line="-D -n testcert1 -d ${nss.db.dir}"/>
+ </exec>
+
+</target>
+
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/web-mutual-ssl/certificate/testca.rfc b/appserver/tests/appserv-tests/devtests/security/web-mutual-ssl/certificate/testca.rfc
new file mode 100644
index 0000000..d8ebfb9
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/web-mutual-ssl/certificate/testca.rfc
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICFzCCAYCgAwIBAgICBFcwDQYJKoZIhvcNAQEEBQAwUDELMAkGA1UEBhMCVVMx
+FDASBgNVBAcTC1NhbnRhIENsYXJhMQwwCgYDVQQLEwNKV1MxDDAKBgNVBAoTA1N1
+bjEPMA0GA1UEAxMGdGVzdGNhMCAXDTA2MDEyMDAzMDIzNVoYDzIwOTgxMTIwMDMw
+MjM1WjBQMQswCQYDVQQGEwJVUzEUMBIGA1UEBxMLU2FudGEgQ2xhcmExDDAKBgNV
+BAsTA0pXUzEMMAoGA1UEChMDU3VuMQ8wDQYDVQQDEwZ0ZXN0Y2EwgZ8wDQYJKoZI
+hvcNAQEBBQADgY0AMIGJAoGBAKilhShJX3Q4gdbBgPPs3FT/IU9CRd3/72SkOs2d
+zlSG0KQ5ExACDFmyZq6XWrSRgLlOlkxigeqOWlPBFfFpzZa4k6/IuN4t83D2WKS3
+hSyMoQNjxizD01x44MbAddpOgTaHzHEgI0V/eoFGWC80XEzqNzlfztERn5RDBjZ2
+jTLbAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEASJGHWa4TMYHnrA5TYNjl0yLkUwoT
+otr+GV1L8Rr4zZj7OYPH3w99ObbpqBgVaK0Tn83Qmav/WJrtV/xzOtX/oPiVd+sP
++CtKKd7Cf1z02d2GYV7da7OFeQnBSOF2/FfwYCcVcV01pJQ1vAyFs4m/4ln8iPOZ
+5TZKCe9HbZ8yZRQ=
+-----END CERTIFICATE-----
diff --git a/appserver/tests/appserv-tests/devtests/security/web-mutual-ssl/certificate/testcert1.p12 b/appserver/tests/appserv-tests/devtests/security/web-mutual-ssl/certificate/testcert1.p12
new file mode 100644
index 0000000..90c4bcd
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/web-mutual-ssl/certificate/testcert1.p12
Binary files differ
diff --git a/appserver/tests/appserv-tests/devtests/security/web-mutual-ssl/descriptor/sun-web.xml b/appserver/tests/appserv-tests/devtests/security/web-mutual-ssl/descriptor/sun-web.xml
new file mode 100644
index 0000000..195c1f3
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/web-mutual-ssl/descriptor/sun-web.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 Servlet 2.3//EN" "http://www.sun.com/software/sunone/appserver/dtds/sun-web-app_2_3-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-web-app>
+ <security-role-mapping>
+ <role-name>MANAGER</role-name>
+ <principal-name>CN=testcert1, O=Sun, OU=JWS, L=Santa Clara, C=US</principal-name>
+ </security-role-mapping>
+</sun-web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/web-mutual-ssl/descriptor/web.xml b/appserver/tests/appserv-tests/devtests/security/web-mutual-ssl/descriptor/web.xml
new file mode 100644
index 0000000..3c6a6eb
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/web-mutual-ssl/descriptor/web.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
+ http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
+ version="2.4">
+
+ <servlet>
+ <display-name>TestClientCert</display-name>
+ <servlet-name>TestClientCert</servlet-name>
+ <servlet-class>devtests.security.TestClientCert</servlet-class>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>TestClientCert</servlet-name>
+ <url-pattern>/TestClientCert</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Protected Area</web-resource-name>
+ <url-pattern>/TestClientCert</url-pattern>
+ <http-method>DELETE</http-method>
+ <http-method>GET</http-method>
+ <http-method>POST</http-method>
+ <http-method>PUT</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>MANAGER</role-name>
+ </auth-constraint>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>CLIENT-CERT</auth-method>
+ <realm-name>default</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>MANAGER</role-name>
+ </security-role>
+
+</web-app>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/web-mutual-ssl/servlet/TestClientCert.java b/appserver/tests/appserv-tests/devtests/security/web-mutual-ssl/servlet/TestClientCert.java
new file mode 100644
index 0000000..f6011fc
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/web-mutual-ssl/servlet/TestClientCert.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package devtests.security;
+
+import java.io.*;
+import java.security.cert.X509Certificate;
+import javax.servlet.*;
+import javax.servlet.http.*;
+
+public class TestClientCert extends HttpServlet {
+
+ public void service(ServletRequest req, ServletResponse res)
+ throws IOException, ServletException {
+
+ System.out.println("start service(...) of TestClientCert" );
+
+ X509Certificate[] certs = (X509Certificate[])req.getAttribute(
+ "javax.servlet.request.X509Certificate");
+ String clName = null;
+ if (certs != null) {
+ for (X509Certificate cert : certs) {
+ getServletContext().log(cert.toString());
+ }
+ clName = certs.getClass().getName();
+ } else {
+ clName = "cert is null";
+ }
+ res.getWriter().print(clName);
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/weblogic-dd/build.properties b/appserver/tests/appserv-tests/devtests/security/weblogic-dd/build.properties
new file mode 100644
index 0000000..294f235
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/weblogic-dd/build.properties
@@ -0,0 +1,28 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="weblogic-dd"/>
+<property name="appname" value="${module}" />
+<property name="app.type" value="application"/>
+<property name="assemble" value="${build.classes.dir}/archive"/>
+<property name="contextroot" value="/${appname}"/>
+<!--======= -->
+<property name="weblogic-application.xml" value="descriptor/weblogic-application.xml"/>
+<property name="web.xml" value="descriptor/web.xml"/>
+<property name="weblogic.xml" value="descriptor/weblogic.xml"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/weblogic-dd/build.xml b/appserver/tests/appserv-tests/devtests/security/weblogic-dd/build.xml
new file mode 100644
index 0000000..1152563
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/weblogic-dd/build.xml
@@ -0,0 +1,201 @@
+<?xml version="1.0"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "file:./../../../config/run.xml">
+<!ENTITY testProperties SYSTEM "./build.properties">
+<!ENTITY commonSecurity SYSTEM "file:./../common.xml">
+]>
+
+
+<project name="security-weblogic-dd" basedir="." default="usage">
+
+ &commonSetup;
+ &commonBuild;
+ &commonRun;
+ &commonSecurity;
+ &testProperties;
+
+ <target name="all" depends="display-header">
+ <antcall target="setup"/>
+ <antcall target="build"/>
+ <antcall target="deploy"/>
+ <antcall target="run"/>
+ <antcall target="undeploy"/>
+ <antcall target="unsetup"/>
+ </target>
+
+ <target name="display-header">
+ <echo message="-->Running ${ant.project.name} tests from ${basedir} ..."/>
+ </target>
+
+ <target name="setup" depends="init-common">
+ <antcall target="create-user-common">
+ <param name="user" value="wlUser"/>
+ <param name="password" value="javaee"/>
+ <param name="groups" value="weblogic-xml"/>
+ </antcall>
+ <antcall target="create-user-common">
+ <param name="user" value="wlAppUser"/>
+ <param name="password" value="javaee"/>
+ <param name="groups" value="weblogic-app-xml"/>
+ </antcall>
+ </target>
+
+ <target name="unsetup" depends="init-common">
+ <antcall target="delete-user-common">
+ <param name="user" value="wlUser"/>
+ </antcall>
+ <antcall target="delete-user-common">
+ <param name="user" value="wlAppUser"/>
+ </antcall>
+ </target>
+
+ <target name="deploy" depends="init-common">
+ <antcall target="deploy-common"/>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-common"/>
+ </target>
+
+ <target name="clean" depends="init-common">
+ <antcall target="clean-common"/>
+ </target>
+
+ <target name="compile" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="web"/>
+ <param name="build.classes.dir" value="${build.classes.dir}/web"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="client"/>
+ <param name="build.classes.dir" value="${build.classes.dir}"/>
+ </antcall>
+ </target>
+
+ <target name="build" depends="compile">
+ <mkdir dir="${assemble.dir}"/>
+ <mkdir dir="${build.classes.dir}/META-INF"/>
+
+
+ <antcall target="package-war-common">
+ <param name="war.classes" value="${build.classes.dir}/web"/>
+ <param name="war.file" value="${assemble.dir}/${appname}-web.war"/>
+ </antcall>
+
+ <copy file="${weblogic-application.xml}" tofile="${build.classes.dir}/META-INF/weblogic-application.xml" failonerror="false"/>
+ <jar jarfile="${assemble.dir}/${appname}App.ear">
+ <fileset dir="${assemble.dir}">
+ <include name="*.war"/>
+ </fileset>
+ <fileset dir="${build.classes.dir}">
+ <include name="META-INF/weblogic-application.xml"/>
+ </fileset>
+ <fileset dir="${env.APS_HOME}/lib" includes="reporter.jar"/>
+ </jar>
+ </target>
+
+ <!-- variables needed by custom-build
+ 1. wlpass
+ 2. wluser
+ 3. wlrole
+ 4. testres
+ -->
+ <target name="custom-neg-run" depends="init-common">
+
+ <echo message="Testing (NEGATIVE TEST) against URL http://${http.host}:${http.port}/${appname}-web/${testres} using username/password ${wluser}/${wlpass}"/>
+
+ <java classname="TestRoleAssignment" fork="true">
+ <classpath>
+ <pathelement path="${build.classes.dir}:${s1astest.classpath}"/>
+ </classpath>
+ <arg value="-url"/>
+ <arg value="http://${http.host}:${http.port}/${appname}-web/${testres}"/>
+ <arg value="-user"/>
+ <arg value="${wluser}"/>
+ <arg value="-pass"/>
+ <arg value="${wlpass}"/>
+ <arg value="-role"/>
+ <arg value="${wlrole}"/>
+ <arg value="-negative"/>
+ </java>
+ </target>
+
+
+ <target name="custom-run" depends="init-common">
+
+ <echo message="Testing against URL http://${http.host}:${http.port}/${appname}-web/${testres} using username/password ${wluser}/${wlpass}"/>
+
+ <java classname="TestRoleAssignment" fork="true">
+ <classpath>
+ <pathelement path="${build.classes.dir}:${s1astest.classpath}"/>
+ </classpath>
+ <arg value="-url"/>
+ <arg value="http://${http.host}:${http.port}/${appname}-web/${testres}"/>
+ <arg value="-user"/>
+ <arg value="${wluser}"/>
+ <arg value="-pass"/>
+ <arg value="${wlpass}"/>
+ <arg value="-role"/>
+ <arg value="${wlrole}"/>
+ </java>
+ </target>
+ <target name="run" depends="init-common">
+ <antcall target="run-positive"/>
+ <antcall target="run-negative"/>
+ </target>
+
+ <target name="run-positive" depends="init-common">
+ <antcall target="custom-run">
+ <param name="wluser" value="wlUser"/>
+ <param name="wlpass" value="javaee"/>
+ <param name="testres" value="test1"/>
+ <param name="wlrole" value="weblogic-xml"/>
+ </antcall>
+ <antcall target="custom-run">
+ <param name="wluser" value="wlAppUser"/>
+ <param name="wlpass" value="javaee"/>
+ <param name="testres" value="test2"/>
+ <param name="wlrole" value="weblogic-app-xml"/>
+ </antcall>
+ </target>
+
+ <target name="run-negative" depends="init-common">
+ <antcall target="custom-neg-run">
+ <param name="wluser" value="wlUser"/>
+ <param name="wlpass" value="javaee"/>
+ <param name="testres" value="test2"/>
+ <param name="wlrole" value="weblogic-xml"/>
+ </antcall>
+ <antcall target="custom-neg-run">
+ <param name="wluser" value="wlAppUser"/>
+ <param name="wlpass" value="javaee"/>
+ <param name="testres" value="test1"/>
+ <param name="wlrole" value="weblogic-app-xml"/>
+ </antcall>
+ </target>
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/weblogic-dd/client/TestRoleAssignments.java b/appserver/tests/appserv-tests/devtests/security/weblogic-dd/client/TestRoleAssignments.java
new file mode 100644
index 0000000..48a0c30
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/weblogic-dd/client/TestRoleAssignments.java
@@ -0,0 +1,123 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+import java.io.BufferedReader;
+import java.io.InputStreamReader;
+import java.net.URL;
+import java.net.URLConnection;
+import sun.misc.BASE64Encoder;
+
+class TestRoleAssignment {
+
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+ private boolean result = true;
+ private final String url;
+ private final String username;
+ private final String password;
+ private final String role;
+ private final boolean positiveTest;
+
+ public TestRoleAssignment(String url, String username, String password, String role, boolean positiveTest) {
+ this.url = url;
+ this.username = username;
+ this.password = password;
+ this.role = role;
+ this.positiveTest = positiveTest;
+ }
+
+ public void doTest() {
+ try {
+ URL u = new URL(url);
+ URLConnection uconn = u.openConnection();
+
+ String up = username + ":" + password;
+ BASE64Encoder be = new BASE64Encoder();
+ up = be.encode(up.getBytes());
+ uconn.setRequestProperty("authorization", "Basic " + up);
+
+ BufferedReader reader = new BufferedReader(new InputStreamReader(
+ uconn.getInputStream()));
+ while (reader.readLine() != null) {
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ result = false;
+ }
+
+ stat.addDescription("Weblogic Role Assignment test for role: " + role);
+ String testId = "Weblogic Role Assignment test for role: " + role;
+ if (positiveTest) {
+ if (result) {
+ stat.addStatus(testId, stat.PASS);
+ } else {
+ stat.addStatus(testId, stat.FAIL);
+ }
+ } else { // negative test
+ if (result) {
+ stat.addStatus(testId, stat.FAIL);
+ } else {
+ stat.addStatus(testId, stat.PASS);
+ }
+ }
+ stat.printSummary(testId);
+ }
+ public static final String URL_OPTION = "-url";
+ public static final String USER_OPTION = "-user";
+ public static final String PASS_OPTION = "-pass";
+ public static final String ROLE_OPTION = "-role";
+ public static final String NEGATIVE_TEST_OPTION = "-negative";
+
+ public static void usage() {
+ System.out.println("usage: java TestRoleAssignment -url <url> -user <user> -pass <pass> -role <role>");
+ }
+
+ public static void main(String[] args) {
+
+ String url = null;
+ String user = null;
+ String pass = null;
+ String role = null;
+ boolean positiveTest = true;
+
+ for (int i = 0; i < args.length; i++) {
+ if (args[i].intern() == URL_OPTION.intern()) {
+ url = args[++i];
+ } else if (args[i].intern() == USER_OPTION.intern()) {
+ user = args[++i];
+ } else if (args[i].intern() == PASS_OPTION.intern()) {
+ pass = args[++i];
+ } else if (args[i].intern() == ROLE_OPTION.intern()) {
+ role = args[++i];
+ } else if (args[i].intern() == NEGATIVE_TEST_OPTION.intern()) {
+ positiveTest = false;
+ } else {
+ usage();
+ System.exit(1);
+ }
+ }
+
+ if (url == null || user == null || pass == null || role == null) {
+ usage();
+ System.exit(1);
+ }
+
+ TestRoleAssignment test =
+ new TestRoleAssignment(url, user, pass, role, positiveTest);
+ test.doTest();
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/weblogic-dd/descriptor/web.xml b/appserver/tests/appserv-tests/devtests/security/weblogic-dd/descriptor/web.xml
new file mode 100644
index 0000000..df91f20
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/weblogic-dd/descriptor/web.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
+ <servlet>
+ <servlet-name>TestServlet1</servlet-name>
+ <servlet-class>com.sun.security.devtests.weblogicdd.TestServlet</servlet-class>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>TestServlet1</servlet-name>
+ <url-pattern>/test1</url-pattern>
+ <url-pattern>/test2</url-pattern>
+ </servlet-mapping>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>test1</web-resource-name>
+ <description/>
+ <url-pattern>/test1</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <description/>
+ <role-name>weblogic-xml</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>test2</web-resource-name>
+ <description/>
+ <url-pattern>/test2</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <description/>
+ <role-name>weblogic-app-xml</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ </login-config>
+ <security-role>
+ <description/>
+ <role-name>weblogic-xml</role-name>
+ </security-role>
+ <security-role>
+ <description/>
+ <role-name>weblogic-app-xml</role-name>
+ </security-role>
+</web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/weblogic-dd/descriptor/weblogic-application.xml b/appserver/tests/appserv-tests/devtests/security/weblogic-dd/descriptor/weblogic-application.xml
new file mode 100644
index 0000000..17c7597
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/weblogic-dd/descriptor/weblogic-application.xml
@@ -0,0 +1,29 @@
+<?xml version = '1.0' encoding = 'US-ASCII'?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<weblogic-application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.bea.com/ns/weblogic/weblogic-application http://www.bea.com/ns/weblogic/weblogic-application/1.0/weblogic-application.xsd"
+ xmlns="http://www.bea.com/ns/weblogic/weblogic-application">
+ <security>
+ <security-role-assignment>
+ <role-name>weblogic-app-xml</role-name>
+ <principal-name>wlAppUser</principal-name>
+ </security-role-assignment>
+ </security>
+</weblogic-application>
diff --git a/appserver/tests/appserv-tests/devtests/security/weblogic-dd/descriptor/weblogic.xml b/appserver/tests/appserv-tests/devtests/security/weblogic-dd/descriptor/weblogic.xml
new file mode 100644
index 0000000..749ad31
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/weblogic-dd/descriptor/weblogic.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2010, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<weblogic-web-app xmlns="http://xmlns.oracle.com/weblogic/weblogic-web-app">
+ <security-role-assignment>
+ <role-name>weblogic-xml</role-name>
+ <principal-name>wlUser</principal-name>
+ </security-role-assignment>
+</weblogic-web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/weblogic-dd/web/TestServlet.java b/appserver/tests/appserv-tests/devtests/security/weblogic-dd/web/TestServlet.java
new file mode 100644
index 0000000..33a4915
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/weblogic-dd/web/TestServlet.java
@@ -0,0 +1,83 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.security.devtests.weblogicdd;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.security.Principal;
+
+public class TestServlet extends HttpServlet {
+
+ private static final String[] roles = {"weblogic-xml", "weblogic-app-xml"};
+
+ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+ PrintWriter out = response.getWriter();
+ out.println("<br>Basic Authentication tests from Servlet: Test1,Test2 ");
+ out.println("<br>Authorization test from Servlet: Test3 -> HttpServletRequest.isUserInRole() authorization from Servlet.");
+
+ test1(request, response, out);
+ test2(request, response, out);
+ test3(request, response, out);
+ }
+
+ //Tests begin
+ public void test1(HttpServletRequest request, HttpServletResponse response, PrintWriter out) {
+ //Check the auth type - request.getAuthType()
+ out.println("<br><br>Test1. Postive check for the correct authentication type");
+ String authtype = request.getAuthType();
+ if ("BASIC".equalsIgnoreCase(authtype)) {
+ out.println("<br>request.getAuthType() test Passed.");
+ } else {
+ out.println("<br>request.getAuthType() test Failed!");
+ }
+ out.println("<br>Info:request.getAuthType() is= " + authtype);
+ }
+ //Test2
+
+ public void test2(HttpServletRequest request, HttpServletResponse response, PrintWriter out) {
+ Principal ruser = request.getUserPrincipal();
+ out.println("<br><br>Test2. Positive check for the correct principal name");
+ if (ruser != null) {
+ out.println("<br>request.getUserPrincipal() test Passed.");
+ } else {
+ out.println("<br>request.getUserPrincipal() test Failed!");
+ }
+ out.println("<br>Info:request.getUserPrincipal() is= " + ruser);
+
+ }
+ //Test3 - positive test for checking the user's proper role
+
+ public void test3(HttpServletRequest request, HttpServletResponse response, PrintWriter out) {
+ out.println("<br><br>Test3. Positive check whether the user is in proper role");
+ boolean isInProperRole = false;
+ for (int i = 0; i < 2; i++) {
+ if (request.isUserInRole(roles[i])) {
+ isInProperRole = true;
+ out.println("<br>Hello " + roles[i] + "!!!");
+ }
+ }
+ if (isInProperRole) {
+ out.println("<br>HttpServletRequest.isUserInRole() test Passed.");
+ } else {
+ out.println("<br>HttpServletRequest.isUserInRole() test Failed!");
+ }
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/README b/appserver/tests/appserv-tests/devtests/security/wss/README
new file mode 100644
index 0000000..8ac5b1f
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/README
@@ -0,0 +1,26 @@
+UNIT TESTS ON SECURITY/WSS
+==========================
+
+FOR RUNNING THE SECURITY TESTS:
+-------------------------------
+1. Update appserv-tests/config.properties.
+2. setup the following environment variable:
+ S1AS_HOME
+ APS_HOME
+ as in Quicklook tests.
+3. Start the domain
+4. Simply type "ant all" from appserv-tests/devtests/security/wss
+ and pipe the result to a file.
+5. Examine the log file and make sure that all 42 tests pass.
+
+NOTE:
+-----
+If there is a problem in running wsimport for wss tests, then please check
+a) the line 127.0.0.1 is correct in /etc/hosts
+b) $APS_HOME should not have "/" at the end
+
+If the problem involves a proxy warning (when running on windows behind
+a firewall), make sure the host name of your machine is in the list of
+host names for which a proxy is not used in your internet options.
+
+Contact: sjsas-security-dev@sun.com
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/build.xml b/appserver/tests/appserv-tests/devtests/security/wss/build.xml
new file mode 100644
index 0000000..76f9804
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/build.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+
+ Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!DOCTYPE project [
+<!ENTITY commonSetup SYSTEM "../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "../../../config/run.xml">
+<!ENTITY commonSecurity SYSTEM "../common.xml">
+]>
+
+
+<project name="wss" default="usage" basedir=".">
+ &commonSetup;
+ &commonBuild;
+ &commonSecurity;
+ &commonRun;
+
+ <target name="all">
+ <record name="security-wss.output" action="start" />
+
+ <ant dir="encThenSign-default-conf" target="all"/>
+ <ant dir="permethod" target="all"/>
+
+ <!-- JWS 2.0 -->
+ <ant dir="gartner" target="all"/>
+<!-- <ant dir="roles" target="all"/> --> <!-- AppClient environment: not authorized for invocation -->
+<!-- <ant dir="roles2" target="all"/> -->
+<!-- <ant dir="ssl" target="all"/>-->
+<!-- <ant dir="sslclientcert" target="all"/>-->
+
+ <record name="security-wss.output" action="stop" />
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/README b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/README
new file mode 100644
index 0000000..068303a
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/README
@@ -0,0 +1,35 @@
+A Simple WSS test. It is a simple servlet based webservice. Runs on j2sdk1.4.2
+It performs the following:
+1. Signs then Encrypts the message. (aka before-content)
+2. It is setup manually for now. To set up do the following:
+ Domain.xml
+ <provider-config class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule" provider-id="ClientProvider" provider-type="client">
+ <request-policy auth-recipient="before-content" auth-source="content"/>
+ <response-policy auth-recipient="after-content" auth-source="content"/>
+ <property name="security.config" value="${com.sun.aas.instanceRoot}/config/wss-server-config.xml"/>
+ </provider-config>
+ <provider-config class-name="com.sun.xml.wss.provider.ServerSecurityAuthModule" provider-id="ServerProvider" provider-type="server">
+ <request-policy auth-recipient="before-content" auth-source="content"/>
+ <response-policy auth-recipient="after-content" auth-source="content"/>
+ <property name="security.config" value="${com.sun.aas.instanceRoot}/config/wss-server-config.xml"/>
+ </provider-config>
+
+ sun-acc.xml
+
+ <message-security-config auth-layer="SOAP" default-client-provider="ClientProvider">
+ <provider-config class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule" provider-id="ClientProvider" provider-type="client">
+ <request-policy auth-source="content" auth-recipient="before-content"/>
+ <response-policy auth-source="content" auth-recipient="after-content"/>
+ <property name="security.config" value="/export/local/hsingh/SUNWappserver.ssl/lib/appclient/wss-client-config.xml"/>
+ </provider-config>
+
+3. setup bouncy-castle provider
+ Copy bouncy castle to jre/lib/ext directory
+ java.security
+ security.provider.1=sun.security.provider.Sun
+ security.provider.2=org.bouncycastle.jce.provider.BouncyCastleProvider
+ security.provider.3=com.sun.net.ssl.internal.ssl.Provider
+ security.provider.4=com.sun.rsajca.Provider
+ security.provider.5=com.sun.crypto.provider.SunJCE
+ security.provider.6=sun.security.jgss.SunProvider
+
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/build.xml b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/build.xml
new file mode 100644
index 0000000..fc7af03
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/build.xml
@@ -0,0 +1,188 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:../../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:../../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "file:../../../../config/run.xml">
+<!ENTITY commonSecurity SYSTEM "file:../../common.xml">
+]>
+
+
+<project name="wss-encryptThenSign-default" default="usage" basedir=".">
+ &commonSetup;
+ &commonBuild;
+ &commonSecurity;
+ &commonRun;
+
+ <property name="ws-target" value="all"/>
+
+<!-- ======== Targets by execution granularity ========== -->
+ <target name="all">
+ <antcall target="setup"/>
+ <antcall target="runwstargets">
+ <param name="ws-target" value="all"/>
+ </antcall>
+ <antcall target="unsetup"/>
+ </target>
+
+ <target name="run-test">
+ <antcall target="runwstargets">
+ <param name="ws-target" value="run-test"/>
+ </antcall>
+ </target>
+
+ <target name="clean">
+ <antcall target="runwstargets">
+ <param name="ws-target" value="clean"/>
+ </antcall>
+ </target>
+
+ <target name="build">
+ <antcall target="runwstargets">
+ <param name="ws-target" value="build"/>
+ </antcall>
+ </target>
+
+ <target name="deploy">
+ <antcall target="runwstargets">
+ <param name="ws-target" value="deploy"/>
+ </antcall>
+ </target>
+
+ <target name="undeploy">
+ <antcall target="runwstargets">
+ <param name="ws-target" value="undeploy"/>
+ </antcall>
+ </target>
+
+ <target name="run">
+ <antcall target="runwstargets">
+ <param name="ws-target" value="run"/>
+ </antcall>
+ </target>
+
+ <target name="setup" depends="init-common">
+ <!-- exports certdb stuff and imports into keystore -->
+ <antcall target="prepare-store-nickname-common">
+ <param name="cert.nickname" value="s1as"/>
+ </antcall>
+ <antcall target="enable-wss-message-security-provider">
+ <param name="wss.server.provider.name" value="ServerProvider"/>
+ <param name="wss.client.provider.name" value="ClientProvider"/>
+ </antcall>
+
+ <antcall target="set-wss-provider-request-auth-recipient">
+ <param name="wss.provider.name" value="ServerProvider"/>
+ <param name="request.auth.recipient" value="before-content"/>
+ </antcall>
+ <antcall target="set-wss-provider-response-auth-recipient">
+ <param name="wss.provider.name" value="ServerProvider"/>
+ <param name="response.auth.recipient" value="after-content"/>
+ </antcall>
+ <antcall target="set-wss-provider-request-auth-recipient">
+ <param name="wss.provider.name" value="ClientProvider"/>
+ <param name="request.auth.recipient" value="before-content"/>
+ </antcall>
+ <antcall target="set-wss-provider-response-auth-recipient">
+ <param name="wss.provider.name" value="ClientProvider"/>
+ <param name="response.auth.recipient" value="after-content"/>
+ </antcall>
+
+ <antcall target="backup-glassfish-acc.xml"/>
+ <antcall target="enable-wss-appclient-message-security-provider">
+ <param name="wss.client.provider.name" value="ClientProvider"/>
+ </antcall>
+ <antcall target="set-wss-appclient-request-recipient">
+ <param name="request.auth.recipient" value="before-content"/>
+ </antcall>
+ <antcall target="set-wss-appclient-response-recipient">
+ <param name="response.auth.recipient" value="after-content"/>
+ </antcall>
+ <antcall target="restart-server-instance-common" />
+ </target>
+
+ <target name="unsetup" depends="init-common" >
+ <antcall target="set-wss-provider-request-auth-recipient">
+ <param name="wss.provider.name" value="ServerProvider"/>
+ <param name="request.auth.recipient" value=""/>
+ </antcall>
+ <antcall target="set-wss-provider-response-auth-recipient">
+ <param name="wss.provider.name" value="ServerProvider"/>
+ <param name="response.auth.recipient" value=""/>
+ </antcall>
+ <antcall target="set-wss-provider-request-auth-recipient">
+ <param name="wss.provider.name" value="ClientProvider"/>
+ <param name="request.auth.recipient" value=""/>
+ </antcall>
+ <antcall target="set-wss-provider-response-auth-recipient">
+ <param name="wss.provider.name" value="ClientProvider"/>
+ <param name="response.auth.recipient" value=""/>
+ </antcall>
+ <antcall target="disable-wss-message-security-provider"/>
+ <antcall target="disable-wss-appclient-message-security-provider">
+ <param name="wss.client.provider.name" value="ClientProvider"/>
+ </antcall>
+ <antcall target="unset-wss-appclient-request-recipient">
+ <param name="request.auth.recipient" value="before-content"/>
+ </antcall>
+ <antcall target="unset-wss-appclient-response-recipient">
+ <param name="response.auth.recipient" value="after-content"/>
+ </antcall>
+ <antcall target="restart-server-instance-common" />
+ </target>
+
+
+ <target name="runwstargets">
+ <antcall target="servletws"/>
+ </target>
+
+<!-- ======== Targets by technology ========== -->
+
+ <target name="servletws">
+ <record name="security-wss.output" action="start" />
+ <ant dir="servletws" target="${ws-target}"/>
+ <record name="security-wss.output" action="stop" />
+ </target>
+ <target name="usage">
+ <echo> Usage:
+ ======== Targets by execution granularity =========
+
+ ant clean (Cleans all ws tests)
+ ant build (builds all ws tests)
+ ant setup (setup all required resources)
+ ant deploy (deploy all test apps)
+ ant run (Executes all tests)
+ ant undeploy (undeploy all test apps)
+ ant unsetup (remove all set resources)
+
+ ======== Targets by technology =========
+
+ ant servletws (Executes the servletws tests)
+ ant all (Executes all the ws tests)
+
+ ===== Targets by technoloy and execution granularity ======
+ Note: Run the command of the following type:
+
+ % ant servletws -Dws-target=clean
+
+ to run the 'clean' target for 'servletws' tests
+ </echo>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/README b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/README
new file mode 100644
index 0000000..07dbc73
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/README
@@ -0,0 +1,2 @@
+Run ant all from the above directory.
+
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/build.properties b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/build.properties
new file mode 100644
index 0000000..617b4fa
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/build.properties
@@ -0,0 +1,45 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="ws"/>
+<property name="appname" value="${module}-taxcal"/>
+<property name="assemble" value="${build.classes.dir}/archive"/>
+<property name="test.client"
+ value="com.sun.s1asdev.security.wss.defprovider.servlet.taxcal.client.TaxCalClient"/>
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="application-client.xml"
+ value="descriptor/application-client.xml"/>
+<property name="sun-application-client.xml"
+ value="descriptor/sun-application-client.xml"/>
+<property name="appclientjar.files" value="${build.classes.dir}"/>
+<property name="appclient.jar" value="${assemble.dir}/${appname}-client.jar"/>
+<property name="app.type" value="application"/>
+<property name="wsdl-file" value="wsdl/TaxCalServletService.wsdl"/>
+<property name="client-mapping.xml" value="TaxCalClientMapping.xml"/>
+<property name="wsdlfile.location" value="wsdl"/>
+
+<!--- servlet based endpoint params -->
+<!--property name="mappingfile.location" value=""/-->
+<property name="web-mapping.xml" value="TaxCalServletMapping.xml"/>
+<property name="sun-web.xml" value="descriptor/sun-web.xml"/>
+<property name="web.xml" value="descriptor/web.xml"/>
+<property name="web-webservices.xml" value="descriptor/webservices.xml"/>
+<property name="wsdlfile.name" value="TaxCalServletService.wsdl"/>
+<property name="wsdlfile.location" value="wsdl"/>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/build.xml b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/build.xml
new file mode 100644
index 0000000..8ea11c1
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/build.xml
@@ -0,0 +1,204 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../../../config/common.xml">
+<!ENTITY commonSecurity SYSTEM "file:../../../common.xml">
+<!ENTITY testproperties SYSTEM "file:./build.properties">
+]>
+
+<project name="SbMdbApp" default="usage" basedir=".">
+
+ &commonSetup;
+ &commonBuild;
+ &testproperties;
+ &commonSecurity;
+
+ <target name="all"
+ depends="clean, build, setup, deploy, run, undeploy, unsetup"/>
+
+ <target name="run-test"
+ depends="clean, build, deploy, run, undeploy"/>
+
+ <target name="clean" depends="init-common">
+ <antcall target="clean-common"/>
+ </target>
+
+ <target name="setup"/>
+
+ <target name="unsetup"/>
+
+ <target name="compile" depends="init-common,clean-common, generate-artifacts">
+ <antcall target="compile-common">
+ <param name="src" value="client"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="web"/>
+ </antcall>
+ </target>
+
+ <target name="generate-artifacts">
+ <echo message=" Client Mapping file : ${client-mapping.xml}"/>
+ <antcall target="import-wsdl">
+ <param name="mapping.file"
+ value="${client-mapping.xml}"/>
+ <param name="config-wsdl.file"
+ value="config/config-client.xml"/>
+ </antcall>
+ <echo message="Web Mapping File : ${web-mapping.xml}"/>
+ <antcall target="import-wsdl">
+ <param name="mapping.file"
+ value="${web-mapping.xml}"/>
+ <param name="config-wsdl.file"
+ value="config/config-web.xml"/>
+ </antcall>
+ </target>
+ <target name="ws-package-appclientjar-common">
+ <mkdir dir="${assemble.dir}"/>
+ <delete file="${appclient.jar}" failonerror="false"/>
+ <mkdir dir="${build.classes.dir}/META-INF"/>
+ <copy file="${application-client.xml}"
+ tofile="${build.classes.dir}/META-INF/application-client.xml"/>
+ <copy file="${wsdl-file}"
+ tofile="${build.classes.dir}/META-INF/${wsdl-file}"/>
+ <jar jarfile="${appclient.jar}" basedir="${appclientjar.files}"
+ update="true" includes="${appclientjar.classes}"
+ manifest="./client/MANIFEST.MF">
+
+ <fileset dir="${build.classes.dir}" includes="${client-mapping.xml}"/>
+ <metainf dir="${build.classes.dir}/META-INF">
+ <include name="application-client.xml"/>
+ <include name="${wsdl-file}"/>
+ </metainf>
+ </jar>
+ <delete dir="${build.classes.dir}/META-INF" failonerror="false"/>
+ </target>
+ <target name="ws-package-war-common">
+ <echo message="my build classes dir is:${build.classes.dir}"/>
+ <delete file="${war.file}"/>
+ <mkdir dir="${build.classes.dir}/tmp"/>
+ <mkdir dir="${build.classes.dir}/tmp/WEB-INF"/>
+ <mkdir dir="${build.classes.dir}/tmp/WEB-INF/classes"/>
+ <copy file="${webservices.xml}"
+ tofile="${build.classes.dir}/tmp/WEB-INF/webservices.xml"
+ failonerror="false"/>
+ <copy file="${mappingfile.location}/${mappingfile.name}"
+ tofile="${build.classes.dir}/tmp/${mappingfile.name}"
+ failonerror="false"/>
+ <copy file="${wsdlfile.location}/${wsdlfile.name}"
+ tofile="${build.classes.dir}/tmp/WEB-INF/wsdl/${wsdlfile.name}"
+ failonerror="false"/>
+ <copy file="${web.xml}"
+ tofile="${build.classes.dir}/tmp/WEB-INF/web.xml"/>
+ <copy todir="${build.classes.dir}/tmp/WEB-INF/classes">
+ <fileset dir="${build.classes.dir}">
+ <include name="${war.classes}"/>
+ </fileset>
+ </copy>
+ <echo message="Creating war file ${war.file}"/>
+ <jar jarfile="${war.file}" update="true">
+ <fileset dir="${build.classes.dir}/tmp" casesensitive="yes">
+ <include name="**/*class*"/>
+ </fileset>
+ <fileset dir="${basedir}/web" casesensitive="yes">
+ <include name="**/*.html"/>
+ <include name="**/*.jsp"/>
+ <include name="**/*.gif"/>
+ <include name="**/*.do"/>
+ <exclude name="**/*.java,**/*.xml,**/*.properties"/>
+ </fileset>
+ <fileset dir="${build.classes.dir}/tmp/" casesensitive="true">
+ <include name="WEB-INF/web.xml"/>
+ <include name="WEB-INF/webservices.xml"/>
+ <include name="WEB-INF/wsdl/${wsdlfile.name}"/>
+ <include name="${mappingfile.name}"/>
+ </fileset>
+ </jar>
+ <echo message="created war file ${war.file}"/>
+ <delete dir="${build.classes.dir}/tmp/WEB-INF" failonerror="false"/>
+ <echo message="my webclient war classes are:${webclient.war.classes}"/>
+ </target>
+
+ <target name="build" depends="init-common,compile">
+ <antcall target="ws-package-appclientjar-common">
+ <param name="appclientjar.classes"
+ value="com/sun/s1asdev/security/wss/defprovider/servlet/taxcal/client/*.class" />
+ <param name="appclientjar.files"
+ value="${build.classes.dir}"/>
+ <param name="appclient.jar"
+ value="${assemble.dir}/${appname}-client.jar"/>
+ </antcall>
+ <!--antcall target="ws-war-common"-->
+ <antcall target="ws-package-war-common">
+ <param name="war.file" value="${assemble.dir}/${appname}-web.war"/>
+ <param name="war.classes"
+ value="com/sun/s1asdev/security/wss/defprovider/servlet/taxcal/*.class" />
+ <param name="mappingfile.name"
+ value="${web-mapping.xml}" />
+ <param name="mappingfile.location"
+ value="${build.classes.dir}"/>
+ <param name="webservices.xml"
+ value="${web-webservices.xml}" />
+ </antcall>
+ <antcall target="ear-common"/>
+ </target>
+
+ <target name="deploy"
+ depends="init-common">
+ <antcall target="deploy-common"/>
+ </target>
+
+ <target name="run" depends="init-common">
+ <property name="VMARGS" value="-Djavax.net.ssl.keyStore=${mykeystore.db.file} -Djavax.net.ssl.trustStore=${mytruststore.db.file} -Djavax.net.ssl.keyStorePassword=${ssl.password} -Djavax.net.ssl.trustStorePassword=${ssl.password}"/>
+ <property name="statetax-endpoint-url"
+ value="http://${http.host}:${http.port}/TaxCalWSServlet/statetaxservlet"/>
+ <echo message="State Tax Endpoint URL = ${statetax-endpoint-url}"/>
+ <property name="fedtax-endpoint-url"
+ value="http://${http.host}:${http.port}/TaxCalWSServlet/fedtaxservlet"/>
+ <echo message="Fed Tax Endpoint URL = ${fedtax-endpoint-url}"/>
+ <echo message="VMARGS= ${VMARGS}"/>
+ <exec executable="${APPCLIENT}">
+ <env key="VMARGS" value="${VMARGS}"/>
+ <arg value="-client" />
+ <arg value="${assemble.dir}/${appname}AppClient.jar"/>
+ <arg value="-textauth"/>
+ <arg value="-user"/>
+ <arg value="j2ee"/>
+ <arg value="-password"/>
+ <arg value="j2ee"/>
+ <arg line="-xml ${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml"/>
+ <arg line="${statetax-endpoint-url} ${fedtax-endpoint-url}"/>
+ </exec>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-common"/>
+ </target>
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+
+ <!--
+ =======================================================
+ User Defined specific targets
+ =======================================================
+ -->
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/client/MANIFEST.MF b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/client/MANIFEST.MF
new file mode 100644
index 0000000..8edeacc
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/client/MANIFEST.MF
@@ -0,0 +1,2 @@
+Manifest-Version: 1.0
+Main-Class: com.sun.s1asdev.security.wss.defprovider.servlet.taxcal.client.TaxCalClient
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/client/TaxCalClient.java b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/client/TaxCalClient.java
new file mode 100644
index 0000000..b77dde3
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/client/TaxCalClient.java
@@ -0,0 +1,118 @@
+/*
+ * Copyright (c) 2003, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.wss.defprovider.servlet.taxcal.client;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+import javax.naming.*;
+import javax.xml.rpc.Stub;
+
+
+public class TaxCalClient {
+
+ private static SimpleReporterAdapter stat = new SimpleReporterAdapter("appserv-tests");
+ private static String stateTaxEndpoint = null;
+ private static String fedTaxEndpoint = null;
+ private static String testSuite = "Sec::Servlet_Based_WSS_test Encrypt then Sign";
+ private static String testCase = null;
+ private static TaxCalServletService taxCalService = null;
+
+ public static void main (String[] args) {
+
+ if(args[0] == null || args[1] == null){
+ System.out.println("TaxCal client: Argument missing. Please provide target" +
+ "endpoint address as argument");
+ System.exit(1);
+ } else {
+ stateTaxEndpoint = args[0];
+ fedTaxEndpoint = args[1];
+ }
+
+ stat.addDescription(testSuite);
+ try {
+ TaxCalClient client = new TaxCalClient();
+ Context ic = new InitialContext();
+ taxCalService = (TaxCalServletService)
+ ic.lookup("java:comp/env/service/TaxCalServletService");
+
+ client.callStateTaxService();
+ client.callFedTaxService();
+ stat.addStatus(testSuite, stat.PASS);
+ }catch(Exception e){
+ stat.addStatus(testSuite, stat.FAIL);
+ e.printStackTrace();
+ }
+
+ stat.printSummary(testSuite);
+ }
+
+ public void callStateTaxService() {
+ double income = 85000.00;
+ double deductions = 5000.00;
+
+ //String targetEndpointAddress =
+ // "http://localhost:1024/taxcalculator";
+
+ try {
+
+ StateTaxIF taxCalIFPort = taxCalService.getStateTaxIFPort();
+
+ ((Stub)taxCalIFPort)._setProperty (Stub.ENDPOINT_ADDRESS_PROPERTY,
+ stateTaxEndpoint);
+
+ double stateTax = taxCalIFPort.getStateTax(income, deductions);
+ System.out.println("State tax from servlet based TaxCalService :" + stateTax);
+
+ if(stateTax == 24000.00)
+ stat.addStatus(testSuite + " StateTaxPort", stat.PASS);
+ else
+ stat.addStatus(testSuite + " StateTaxPort", stat.FAIL);
+
+ } catch (Exception ex) {
+ System.out.println("TaxCalEjbWebservice client failed");
+ stat.addStatus(testSuite + " StateTaxPort", stat.FAIL);
+ ex.printStackTrace();
+ }
+ }
+
+ public void callFedTaxService() {
+ double income = 97000.00;
+ double deductions = 7000.00;
+ try {
+ //String targetEndpointAddress =
+ //"http://localhost:1024/FindInterestServlet/FindInterest";
+
+ FedTaxIF taxCalIFPort = taxCalService.getFedTaxIFPort();
+ ((Stub)taxCalIFPort)._setProperty (Stub.ENDPOINT_ADDRESS_PROPERTY,
+ fedTaxEndpoint);
+
+ double fedTax = taxCalIFPort.getFedTax(income, deductions);
+ System.out.println("Fed tax from Servlet based TaxCalService :" + fedTax);
+
+ if(fedTax == 18000.00)
+ stat.addStatus(testSuite + " FedTaxPort", stat.PASS);
+ else
+ stat.addStatus(testSuite + " FedTaxPort", stat.FAIL);
+
+ } catch (Exception ex) {
+ System.out.println("TaxCalServletWebService client failed");
+ stat.addStatus(testSuite + " FedTaxPort", stat.FAIL);
+ ex.printStackTrace();
+ }
+ }
+}
+
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/config/config-client.xml b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/config/config-client.xml
new file mode 100644
index 0000000..d52f02c
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/config/config-client.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<configuration
+ xmlns="http://java.sun.com/xml/ns/jax-rpc/ri/config">
+ <wsdl
+ location="wsdl/TaxCalServletService.wsdl"
+ packageName="com.sun.s1asdev.security.wss.defprovider.servlet.taxcal.client"/>
+</configuration>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/config/config-sei.xml b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/config/config-sei.xml
new file mode 100644
index 0000000..3e39b67
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/config/config-sei.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<configuration
+ xmlns="http://java.sun.com/xml/ns/jax-rpc/ri/config">
+ <service name="TaxCalServletService"
+ targetNamespace="http://tax.org/wsdl"
+ typeNamespace="http://tax.org/types"
+ packageName="com.sun.s1asdev.security.wss.defprovider.servlet.taxcal">
+ <interface name="com.sun.s1asdev.security.wss.defprovider.servlet.taxcal.FedTaxIF"
+ servantName="com.sun.s1asdev.security.wss.defprovider.servlet.taxcal.FedTaxServlet"/>
+ <interface name="com.sun.s1asdev.security.wss.defprovider.servlet.taxcal.StateTaxIF"
+ servantName="com.sun.s1asdev.security.wss.defprovider.servlet.taxcal.StateTaxServlet">
+ </interface>
+ </service>
+</configuration>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/config/config-web.xml b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/config/config-web.xml
new file mode 100644
index 0000000..9e06706
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/config/config-web.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<configuration
+ xmlns="http://java.sun.com/xml/ns/jax-rpc/ri/config">
+ <wsdl
+ location="wsdl/TaxCalServletService.wsdl"
+ packageName="com.sun.s1asdev.security.wss.defprovider.servlet.taxcal"/>
+</configuration>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/descriptor/application-client.xml b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/descriptor/application-client.xml
new file mode 100644
index 0000000..5a6949f
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/descriptor/application-client.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application-client version="1.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/application-client_1_4.xsd">
+ <description>app client dd for taxcalculator</description>
+ <display-name>ws-taxcalClient</display-name>
+ <service-ref>
+ <description>taxcal service ref</description>
+ <service-ref-name>service/TaxCalServletService</service-ref-name>
+ <service-interface>com.sun.s1asdev.security.wss.defprovider.servlet.taxcal.client.TaxCalServletService</service-interface>
+ <wsdl-file>META-INF/wsdl/TaxCalServletService.wsdl</wsdl-file>
+ <jaxrpc-mapping-file>TaxCalClientMapping.xml</jaxrpc-mapping-file>
+ </service-ref>
+</application-client>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/descriptor/application.xml b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/descriptor/application.xml
new file mode 100644
index 0000000..c12a697
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/descriptor/application.xml
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE application PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application 1.3//EN" "http://java.sun.com/dtd/application_1_3.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application>
+ <display-name>TaxCalculatorApp</display-name>
+ <module>
+ <web>
+ <web-uri>ws-taxcal-web.war</web-uri>
+ <context-root>TaxCalWSServlet</context-root>
+ </web>
+ </module>
+ <module>
+ <java>ws-taxcal-client.jar</java>
+ </module>
+</application>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/descriptor/web.xml b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/descriptor/web.xml
new file mode 100644
index 0000000..fd88537
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/descriptor/web.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
+ <display-name>TaxCal ServletWS</display-name>
+ <servlet>
+ <servlet-name>StateTaxServlet</servlet-name>
+ <servlet-class>com.sun.s1asdev.security.wss.defprovider.servlet.taxcal.StateTaxServlet</servlet-class>
+ <load-on-startup>0</load-on-startup>
+ </servlet>
+ <servlet>
+ <servlet-name>FedTaxServlet</servlet-name>
+ <servlet-class>com.sun.s1asdev.security.wss.defprovider.servlet.taxcal.FedTaxServlet</servlet-class>
+ <load-on-startup>0</load-on-startup>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>StateTaxServlet</servlet-name>
+ <url-pattern>/statetaxservlet</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>FedTaxServlet</servlet-name>
+ <url-pattern>/fedtaxservlet</url-pattern>
+ </servlet-mapping>
+ <session-config>
+ <session-timeout>54</session-timeout>
+ </session-config>
+</web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/descriptor/webservices.xml b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/descriptor/webservices.xml
new file mode 100644
index 0000000..1ed4f08
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/descriptor/webservices.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<webservices xmlns="http://java.sun.com/xml/ns/j2ee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
+ http://www.ibm.com/webservices/xsd/j2ee_web_services_1_1.xsd"
+ version="1.1">
+ <description>desc</description>
+ <webservice-description>
+ <webservice-description-name>TaxCalculator Servlet</webservice-description-name>
+ <wsdl-file>WEB-INF/wsdl/TaxCalServletService.wsdl</wsdl-file>
+ <jaxrpc-mapping-file>TaxCalServletMapping.xml</jaxrpc-mapping-file>
+ <port-component>
+ <description>port component description</description>
+ <port-component-name>StateTaxIFPort</port-component-name>
+ <wsdl-port xmlns:taxns="http://tax.org/wsdl">taxns:StateTaxIFPort
+ </wsdl-port>
+ <service-endpoint-interface>com.sun.s1asdev.security.wss.defprovider.servlet.taxcal.StateTaxIF
+ </service-endpoint-interface>
+ <service-impl-bean>
+ <servlet-link>StateTaxServlet</servlet-link>
+ </service-impl-bean>
+ </port-component>
+ <port-component>
+ <description>port component description</description>
+ <port-component-name>FedTaxIFPort</port-component-name>
+ <wsdl-port xmlns:taxns="http://tax.org/wsdl">taxns:FedTaxIFPort
+ </wsdl-port>
+ <service-endpoint-interface>com.sun.s1asdev.security.wss.defprovider.servlet.taxcal.FedTaxIF
+ </service-endpoint-interface>
+ <service-impl-bean>
+ <servlet-link>FedTaxServlet</servlet-link>
+ </service-impl-bean>
+ </port-component>
+ </webservice-description>
+</webservices>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/web/FedTaxIF.java b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/web/FedTaxIF.java
new file mode 100644
index 0000000..bb8b48a
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/web/FedTaxIF.java
@@ -0,0 +1,27 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.wss.defprovider.servlet.taxcal;
+
+import java.rmi.RemoteException;
+import java.rmi.Remote;
+
+
+public interface FedTaxIF extends Remote{
+
+ public double getFedTax(double income, double deductions) throws RemoteException;
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/web/FedTaxServlet.java b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/web/FedTaxServlet.java
new file mode 100644
index 0000000..e6e85dc
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/web/FedTaxServlet.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2002, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.wss.defprovider.servlet.taxcal;
+
+import java.util.Iterator;
+import java.net.URL;
+import javax.xml.namespace.QName;
+import javax.xml.rpc.Call;
+import java.io.Serializable;
+import java.rmi.RemoteException;
+import javax.naming.*;
+import javax.xml.rpc.Service;
+import javax.xml.rpc.server.ServiceLifecycle;
+import javax.xml.namespace.QName;
+import javax.servlet.SingleThreadModel;
+
+public class FedTaxServlet implements
+ SingleThreadModel, ServiceLifecycle {
+
+ public FedTaxServlet() {
+ System.out.println("FedTaxServlet() instantiated");
+ }
+
+ public void init(Object context) {
+ System.out.println("Got ServiceLifecycle::init call " + context);
+ }
+
+ public void destroy() {
+ System.out.println("Got ServiceLifecycle::destroy call");
+ }
+
+ public double getFedTax(double income, double deductions) {
+ System.out.println("getStateTax invoked from servlet endpoint");
+ return ((income - deductions) * 0.2);
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/web/StateTaxIF.java b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/web/StateTaxIF.java
new file mode 100644
index 0000000..3a75d27
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/web/StateTaxIF.java
@@ -0,0 +1,27 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.wss.defprovider.servlet.taxcal;
+
+import java.rmi.RemoteException;
+import java.rmi.Remote;
+
+
+public interface StateTaxIF extends Remote{
+
+ public double getStateTax(double income, double deductions) throws RemoteException;
+
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/web/StateTaxServlet.java b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/web/StateTaxServlet.java
new file mode 100644
index 0000000..9bd03b8
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/web/StateTaxServlet.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2002, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.wss.defprovider.servlet.taxcal;
+
+import java.util.Iterator;
+import java.net.URL;
+import javax.xml.namespace.QName;
+import javax.xml.rpc.Call;
+import java.io.Serializable;
+import java.rmi.RemoteException;
+import javax.naming.*;
+import javax.xml.rpc.Service;
+import javax.xml.rpc.server.ServiceLifecycle;
+import javax.xml.namespace.QName;
+import javax.servlet.SingleThreadModel;
+
+public class StateTaxServlet implements
+ SingleThreadModel, ServiceLifecycle {
+
+ public StateTaxServlet() {
+ System.out.println("StateTaxServlet() instantiated");
+ }
+
+ public void init(Object context) {
+ System.out.println("Got ServiceLifecycle::init call " + context);
+ }
+
+ public void destroy() {
+ System.out.println("Got ServiceLifecycle::destroy call");
+ }
+
+ public double getStateTax(double income, double deductions) {
+ System.out.println("getStateTax invoked from servlet endpoint");
+ return ((income - deductions) * 0.3);
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/wsdl/TaxCalServletService.wsdl b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/wsdl/TaxCalServletService.wsdl
new file mode 100644
index 0000000..866c9d6
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/encThenSign-default-conf/servletws/wsdl/TaxCalServletService.wsdl
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<definitions name="TaxCalServletService" targetNamespace="http://tax.org/wsdl" xmlns:tns="http://tax.org/wsdl" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/">
+ <types/>
+ <message name="FedTaxIF_getFedTax">
+ <part name="double_1" type="xsd:double"/>
+ <part name="double_2" type="xsd:double"/></message>
+ <message name="FedTaxIF_getFedTaxResponse">
+ <part name="result" type="xsd:double"/></message>
+ <message name="StateTaxIF_getStateTax">
+ <part name="double_1" type="xsd:double"/>
+ <part name="double_2" type="xsd:double"/></message>
+ <message name="StateTaxIF_getStateTaxResponse">
+ <part name="result" type="xsd:double"/></message>
+ <portType name="FedTaxIF">
+ <operation name="getFedTax" parameterOrder="double_1 double_2">
+ <input message="tns:FedTaxIF_getFedTax"/>
+ <output message="tns:FedTaxIF_getFedTaxResponse"/></operation></portType>
+ <portType name="StateTaxIF">
+ <operation name="getStateTax" parameterOrder="double_1 double_2">
+ <input message="tns:StateTaxIF_getStateTax"/>
+ <output message="tns:StateTaxIF_getStateTaxResponse"/></operation></portType>
+ <binding name="FedTaxIFBinding" type="tns:FedTaxIF">
+ <operation name="getFedTax">
+ <input>
+ <soap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" use="encoded" namespace="http://tax.org/wsdl"/></input>
+ <output>
+ <soap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" use="encoded" namespace="http://tax.org/wsdl"/></output>
+ <soap:operation soapAction=""/></operation>
+ <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="rpc"/></binding>
+ <binding name="StateTaxIFBinding" type="tns:StateTaxIF">
+ <operation name="getStateTax">
+ <input>
+ <soap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" use="encoded" namespace="http://tax.org/wsdl"/></input>
+ <output>
+ <soap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" use="encoded" namespace="http://tax.org/wsdl"/></output>
+ <soap:operation soapAction=""/></operation>
+ <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="rpc"/></binding>
+ <service name="TaxCalServletService">
+ <port name="FedTaxIFPort" binding="tns:FedTaxIFBinding">
+ <soap:address location="REPLACE_WITH_ACTUAL_URL"/></port>
+ <port name="StateTaxIFPort" binding="tns:StateTaxIFBinding">
+ <soap:address location="REPLACE_WITH_ACTUAL_URL"/></port></service></definitions>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/gartner/build.properties b/appserver/tests/appserv-tests/devtests/security/wss/gartner/build.properties
new file mode 100644
index 0000000..bc1760c
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/gartner/build.properties
@@ -0,0 +1,36 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security-wss-gartner"/>
+<property name="appname" value="${module}"/>
+<property name="assemble" value="${build.classes.dir}/archive"/>
+<property name="test.client"
+ value="com.sun.s1asdev.security.wss.ping.client.PingClient"/>
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="sun-application.xml" value="descriptor/sun-application.xml"/>
+<property name="ejb-jar.xml" value="descriptor/ejb-jar.xml"/>
+<property name="sun-ejb-jar.xml" value="descriptor/sun-ejb-jar.xml"/>
+<property name="sun-web.xml" value="descriptor/sun-web.xml"/>
+<property name="application-client.xml"
+ value="descriptor/application-client.xml"/>
+<property name="sun-application-client.xml"
+ value="descriptor/sun-application-client.xml"/>
+<property name="appclientjar.files" value="${build.classes.dir}"/>
+<property name="appclient.jar" value="${assemble.dir}/${appname}-client.jar"/>
+<property name="app.type" value="application"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/gartner/build.xml b/appserver/tests/appserv-tests/devtests/security/wss/gartner/build.xml
new file mode 100644
index 0000000..38a459d
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/gartner/build.xml
@@ -0,0 +1,164 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../../config/common.xml">
+<!ENTITY commonSecurity SYSTEM "file:../../common.xml">
+<!ENTITY testproperties SYSTEM "file:./build.properties">
+]>
+
+<project name="security-wss-gartner" default="usage" basedir=".">
+
+ &commonSetup;
+ &commonBuild;
+ &testproperties;
+ &commonSecurity;
+
+ <target name="all" depends="clean, setup, build, deploy, run, undeploy, unsetup"/>
+
+ <target name="clean" depends="init-common">
+ <antcall target="clean-common"/>
+ </target>
+
+ <target name="setup" depends="init-common">
+ <!-- exports certdb stuff and imports into keystore -->
+ <antcall target="prepare-store-nickname-common">
+ <param name="cert.nickname" value="s1as"/>
+ </antcall>
+ </target>
+
+ <target name="unsetup" depends="init-common" >
+ </target>
+
+ <target name="compile" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="ejbws"/>
+ <param name="build.classes.dir" value="${build.classes.dir}/ejbws"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="servletws"/>
+ <param name="build.classes.dir" value="${build.classes.dir}/servletws/WEB-INF/classes"/>
+ </antcall>
+
+ <mkdir dir="${build.classes.dir}/client/META-INF/wsdl"/>
+ <antcall target="wsgen">
+ <param name="wsgen.args"
+ value="-wsdl -cp ${build.classes.dir}/ejbws:${s1astest.classpath}/modules/javax.ejb.jar -keep -d ${build.classes.dir}/ejbws com.sun.s1asdev.security.wss.gartner.PingEjb"/>
+ </antcall>
+
+ <antcall target="wsgen">
+ <param name="wsgen.args"
+ value="-wsdl -cp ${build.classes.dir}/servletws/WEB-INF/classes -keep -d ${build.classes.dir}/servletws/WEB-INF/classes com.sun.s1asdev.security.wss.gartner.PingServlet"/>
+ </antcall>
+
+ <!-- copy wsdl to client jar -->
+ <copy file="${build.classes.dir}/ejbws/PingEjbService.wsdl" todir="${build.classes.dir}/client/META-INF/wsdl"/>
+ <copy file="${build.classes.dir}/servletws/WEB-INF/classes/PingServletService.wsdl" todir="${build.classes.dir}/client/META-INF/wsdl"/>
+
+ <copy file="${basedir}/custom-client.xml" todir="${build.classes.dir}/client" overwrite="true"/>
+ <replace file="${build.classes.dir}/client/custom-client.xml" token="@build.classes.dir@" value="${build.classes.dir}/ejbws"/>
+ <!--<value="-b ${build.classes.dir}/client/custom-client.xml -keep -wsdllocation META-INF/wsdl/PingEjbService.wsdl -d ${build.classes.dir}/client ${build.classes.dir}/ejbws/PingEjbService.wsdl"/>-->
+ <antcall target="wsimport">
+ <param name="wsimport.args"
+ value="-keep -p com.sun.s1asdev.security.wss.gartner.client -d ${build.classes.dir}/client ${build.classes.dir}/ejbws/PingEjbService.wsdl"/>
+ </antcall>
+
+ <copy file="${basedir}/custom-client2.xml" todir="${build.classes.dir}/client" overwrite="true"/>
+ <replace file="${build.classes.dir}/client/custom-client2.xml" token="@build.classes.dir@" value="${build.classes.dir}/servletws/WEB-INF/classes"/>
+ <!--value="-b ${build.classes.dir}/client/custom-client2.xml -keep -wsdllocation META-INF/wsdl/PingServletService.wsdl -d ${build.classes.dir}/client ${build.classes.dir}/servletws/WEB-INF/classes/PingServletService.wsdl"/>-->
+ <antcall target="wsimport">
+ <param name="wsimport.args"
+ value=" -keep -p com.sun.s1asdev.security.wss.gartner.client -d ${build.classes.dir}/client ${build.classes.dir}/servletws/WEB-INF/classes/PingServletService.wsdl"/>
+ </antcall>
+
+ <javac srcdir="client" destdir="${build.classes.dir}/client"
+ classpath="${env.APS_HOME}/lib/reporter.jar:${env.S1AS_HOME}/lib/j2ee.jar:${env.S1AS_HOME}/lib/webservices-rt.jar:${env.S1AS_HOME}/lib/webservices-tools.jar:${build.classes.dir}/ejbws:${build.classes.dir}/servletws/WEB-INF/classes:${build.classes.dir}/client" debug="on" failonerror="true"/>
+ </target>
+
+ <target name="build" depends="compile">
+ <delete file="${assemble.dir}/${appname}.ear"/>
+ <mkdir dir="${assemble.dir}"/>
+ <mkdir dir="${build.classes.dir}/META-INF"/>
+
+ <antcall target="package-ejbjar-common">
+ <param name="ejbjar.files" value="${build.classes.dir}/ejbws"/>
+ <param name="ejb.jar" value="${assemble.dir}/${appname}-ejb.jar"/>
+ <param name="ejbjar.classes" value="com/sun/**/*.class"/>
+ </antcall>
+
+ <copy file="${sun-web.xml}" tofile="${build.classes.dir}/servletws/WEB-INF/sun-web.xml" failonerror="true"/>
+ <jar destfile="${assemble.dir}/${appname}-web.war">
+ <fileset dir="${build.classes.dir}/servletws"/>
+ </jar>
+
+ <copy file="${application-client.xml}"
+ tofile="${build.classes.dir}/client/META-INF/application-client.xml"
+ failonerror="false"/>
+ <copy file="${sun-application-client.xml}"
+ tofile="${build.classes.dir}/client/META-INF/sun-application-client.xml"
+ failonerror="false"/>
+ <jar jarfile="${assemble.dir}/${appname}-client.jar"
+ basedir="${build.classes.dir}/client"
+ includes ="com/sun/**/*.class/"
+ manifest="./client/MANIFEST.MF">
+ <metainf dir="${build.classes.dir}/client/META-INF">
+ <include name="**"/>
+ </metainf>
+ </jar>
+
+ <copy file="${sun-application.xml}" tofile="${build.classes.dir}/META-INF/sun-application.xml" failonerror="false"/>
+ <copy file="${application.xml}" tofile="${build.classes.dir}/META-INF/application.xml" failonerror="false"/>
+ <jar jarfile="${assemble.dir}/${appname}App.ear">
+ <fileset dir="${assemble.dir}">
+ <include name="*.jar"/>
+ <include name="*.war"/>
+ </fileset>
+ <fileset dir="${build.classes.dir}">
+ <include name="META-INF/sun-application.xml"/>
+ <include name="META-INF/application.xml"/>
+ </fileset>
+ <fileset dir="${env.APS_HOME}" includes="lib/reporter.jar"/>
+ </jar>
+ </target>
+
+ <target name="deploy" depends="init-common">
+ <antcall target="deploy-common"/>
+ </target>
+
+ <target name="run" depends="init-common">
+ <property name="VMARGS" value="-Djavax.net.ssl.keyStore=${mykeystore.db.file} -Djavax.net.ssl.trustStore=${mytruststore.db.file} -Djavax.net.ssl.keyStorePassword=${ssl.password} -Djavax.net.ssl.trustStorePassword=${ssl.password}"/>
+ <echo message="VMARGS= ${VMARGS}"/>
+ <exec executable="${APPCLIENT}">
+ <env key="VMARGS" value="${VMARGS}"/>
+ <arg line="-client" />
+ <arg line="${assemble.dir}/${appname}AppClient.jar"/>
+ <arg line="${http.host}"/>
+ <arg line="${http.port}"/>
+ </exec>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-common"/>
+ </target>
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/gartner/client/MANIFEST.MF b/appserver/tests/appserv-tests/devtests/security/wss/gartner/client/MANIFEST.MF
new file mode 100644
index 0000000..9db62eb
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/gartner/client/MANIFEST.MF
@@ -0,0 +1,3 @@
+Manifest-Version: 1.0
+Created-By: Apache Ant 1.5
+Main-Class: com.sun.s1asdev.security.wss.gartner.client.PingClient
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/gartner/client/PingClient.java b/appserver/tests/appserv-tests/devtests/security/wss/gartner/client/PingClient.java
new file mode 100644
index 0000000..042c854
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/gartner/client/PingClient.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 2005, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.wss.gartner.client;
+
+import javax.xml.ws.WebServiceRef;
+import javax.xml.ws.BindingProvider;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+public class PingClient {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+
+ @WebServiceRef
+ private static PingEjbService ejbService;
+
+ @WebServiceRef
+ private static PingServletService servletService;
+
+ public static void main(String args[]) {
+ String host = args[0];
+ String port = args[1];
+ stat.addDescription("security-wss-ping");
+
+ try {
+ PingEjb pingEjbPort = ejbService.getPingEjbPort();
+
+ ((BindingProvider)pingEjbPort).getRequestContext().put(
+ BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
+ "http://" + host + ":" + port +
+ "/PingEjbService/PingEjb?WSDL");
+
+ String result = pingEjbPort.ping("Hello");
+ if (result == null || result.indexOf("Sun") == -1) {
+ System.out.println("Unexpected ping result: " + result);
+ stat.addStatus("JWSS Ejb Ping", stat.FAIL);
+ }
+ stat.addStatus("JWSS Ejb Ping", stat.PASS);
+ } catch(Exception ex) {
+ ex.printStackTrace();
+ stat.addStatus("JWSS Ejb Ping", stat.FAIL);
+ }
+
+ try {
+ PingServlet pingServletPort = servletService.getPingServletPort();
+
+ ((BindingProvider)pingServletPort).getRequestContext().put(
+ BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
+ "http://" + host + ":" + port +
+ "/security-wss-gartner-web/PingServletService?WSDL");
+
+ String result = pingServletPort.ping("Hello");
+ if (result == null || result.indexOf("Sun") == -1) {
+ System.out.println("Unexpected ping result: " + result);
+ stat.addStatus("JWSS Servlet Ping", stat.FAIL);
+ }
+ stat.addStatus("JWSS Servlet Ping", stat.PASS);
+ } catch(Exception ex) {
+ ex.printStackTrace();
+ stat.addStatus("JWSS Servlet Ping", stat.FAIL);
+ }
+ stat.printSummary("security-wss-ping");
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/gartner/custom-client.xml b/appserver/tests/appserv-tests/devtests/security/wss/gartner/custom-client.xml
new file mode 100644
index 0000000..693e7fc
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/gartner/custom-client.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!--
+
+ Copyright (c) 2005, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<bindings
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:jaxb="http://java.sun.com/xml/ns/jaxb"
+ xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
+ wsdlLocation="@build.classes.dir@/PingEjbService.wsdl"
+ xmlns="http://java.sun.com/xml/ns/jaxws">
+ <bindings node="ns1:definitions" xmlns:ns1="http://schemas.xmlsoap.org/wsdl/">
+ <package name="com.sun.s1asdev.security.wss.gartner.client"/>
+ </bindings>
+ <bindings node="ns1:definitions/ns1:types/xsd:schema" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns1="http://schemas.xmlsoap.org/wsdl/">
+ <jaxb:schemaBindings>
+ <jaxb:package name="com.sun.s1asdev.security.wss.gartner.client"/>
+ </jaxb:schemaBindings>
+ </bindings>
+</bindings>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/gartner/custom-client2.xml b/appserver/tests/appserv-tests/devtests/security/wss/gartner/custom-client2.xml
new file mode 100644
index 0000000..a5fcde9
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/gartner/custom-client2.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!--
+
+ Copyright (c) 2005, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<bindings
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:jaxb="http://java.sun.com/xml/ns/jaxb"
+ xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
+ wsdlLocation="@build.classes.dir@/PingServletService.wsdl"
+ xmlns="http://java.sun.com/xml/ns/jaxws">
+ <bindings node="ns1:definitions" xmlns:ns1="http://schemas.xmlsoap.org/wsdl/">
+ <package name="com.sun.s1asdev.security.wss.gartner.client"/>
+ </bindings>
+ <bindings node="ns1:definitions/ns1:types/xsd:schema" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns1="http://schemas.xmlsoap.org/wsdl/">
+ <jaxb:schemaBindings>
+ <jaxb:package name="com.sun.s1asdev.security.wss.gartner.client"/>
+ </jaxb:schemaBindings>
+ </bindings>
+</bindings>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/gartner/descriptor/sun-application-client.xml b/appserver/tests/appserv-tests/devtests/security/wss/gartner/descriptor/sun-application-client.xml
new file mode 100644
index 0000000..14c70c3
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/gartner/descriptor/sun-application-client.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application-client PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+Application Server 8.0 Application Client 1.4//EN' 'http://www.sun.com/software/
+sunone/appserver/dtds/sun-application-client_1_4-0.dtd'>
+
+<sun-application-client>
+ <service-ref>
+ <service-ref-name>com.sun.s1asdev.security.wss.gartner.client.PingClient/ejbService</service-ref-name>
+ <port-info>
+ <wsdl-port>
+ <namespaceURI>http://gartner.wss.security.s1asdev.sun.com</namespaceURI>
+ <localpart>PingEjbPort</localpart>
+ </wsdl-port>
+ <message-security-binding auth-layer="SOAP"
+ provider-id="XWS_ClientProvider">
+ <message-security>
+ <message/>
+ <request-protection
+ auth-source="content" auth-recipient="after-content"/>
+ <response-protection
+ auth-source="content" auth-recipient="after-content"/>
+ </message-security>
+ </message-security-binding>
+ </port-info>
+ </service-ref>
+
+ <service-ref>
+ <service-ref-name>com.sun.s1asdev.security.wss.gartner.client.PingClient/servletService</service-ref-name>
+ <port-info>
+ <wsdl-port>
+ <namespaceURI>http://gartner.wss.security.s1asdev.sun.com</namespaceURI>
+ <localpart>PingServletPort</localpart>
+ </wsdl-port>
+ <message-security-binding auth-layer="SOAP"
+ provider-id="XWS_ClientProvider">
+ <message-security>
+ <message/>
+ <request-protection
+ auth-source="content" auth-recipient="after-content"/>
+ <response-protection
+ auth-source="content" auth-recipient="after-content"/>
+ </message-security>
+ </message-security-binding>
+ </port-info>
+ </service-ref>
+</sun-application-client>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/gartner/descriptor/sun-ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/wss/gartner/descriptor/sun-ejb-jar.xml
new file mode 100644
index 0000000..e286d48
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/gartner/descriptor/sun-ejb-jar.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 EJB 2.1//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-ejb-jar_2_1-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-ejb-jar>
+ <enterprise-beans>
+ <name>Ping-ejb.jar</name>
+ <unique-id>0</unique-id>
+ <ejb>
+ <ejb-name>PingEjb</ejb-name>
+ <gen-classes/>
+ <webservice-endpoint>
+ <port-component-name>PingEjb</port-component-name>
+ <endpoint-address-uri>/PingEjbService/PingEjb</endpoint-address-uri>
+ <message-security-binding auth-layer="SOAP"
+ provider-id="XWS_ServerProvider">
+ <message-security>
+ <message/>
+ <request-protection
+ auth-source="content" auth-recipient="after-content"/>
+ <response-protection
+ auth-source="content" auth-recipient="after-content"/>
+ </message-security>
+ </message-security-binding>
+ </webservice-endpoint>
+ </ejb>
+ </enterprise-beans>
+</sun-ejb-jar>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/gartner/descriptor/sun-web.xml b/appserver/tests/appserv-tests/devtests/security/wss/gartner/descriptor/sun-web.xml
new file mode 100644
index 0000000..a6ee5e5
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/gartner/descriptor/sun-web.xml
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 Servlet 2.4//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-web-app_2_4-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-web-app>
+ <servlet>
+ <servlet-name>PingServlet</servlet-name>
+ <webservice-endpoint>
+ <port-component-name>PingServlet</port-component-name>
+ <endpoint-address-uri>PingServletService</endpoint-address-uri>
+ <message-security-binding auth-layer="SOAP"
+ provider-id="XWS_ServerProvider">
+ <message-security>
+ <message/>
+ <request-protection
+ auth-source="content" auth-recipient="after-content"/>
+ <response-protection
+ auth-source="content" auth-recipient="after-content"/>
+ </message-security>
+ </message-security-binding>
+ </webservice-endpoint>
+ </servlet>
+</sun-web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/gartner/ejbws/PingEjb.java b/appserver/tests/appserv-tests/devtests/security/wss/gartner/ejbws/PingEjb.java
new file mode 100644
index 0000000..5500ece
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/gartner/ejbws/PingEjb.java
@@ -0,0 +1,30 @@
+/*
+ * Copyright (c) 2005, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.wss.gartner;
+
+import javax.jws.WebService;
+import javax.ejb.Stateless;
+
+@Stateless
+@WebService(targetNamespace="http://gartner.wss.security.s1asdev.sun.com")
+public class PingEjb {
+ private static String id = "Sun Java System Application Server 9 - (EJB Endpoint) ";
+
+ public String ping(String text) {
+ return id + text;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/gartner/servletws/PingServlet.java b/appserver/tests/appserv-tests/devtests/security/wss/gartner/servletws/PingServlet.java
new file mode 100644
index 0000000..0bc34c7
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/gartner/servletws/PingServlet.java
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.wss.gartner;
+
+import javax.jws.WebService;
+
+@WebService(targetNamespace="http://gartner.wss.security.s1asdev.sun.com")
+public class PingServlet {
+ private static String id = "Sun Java System Application Server 9 - (Servlet Endpoint) ";
+
+ public String ping(String text) {
+ return id + text;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/permethod/build.xml b/appserver/tests/appserv-tests/devtests/security/wss/permethod/build.xml
new file mode 100644
index 0000000..68db00d
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/permethod/build.xml
@@ -0,0 +1,128 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:../../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:../../../../config/common.xml">
+<!ENTITY commonRun SYSTEM "file:../../../../config/run.xml">
+<!ENTITY commonSecurity SYSTEM "file:../../common.xml">
+]>
+
+
+<project name="wss-permethod" default="usage" basedir=".">
+ &commonSetup;
+ &commonBuild;
+ &commonSecurity;
+ &commonRun;
+
+ <property name="ws-target" value="all"/>
+
+<!-- ======== Targets by execution granularity ========== -->
+ <target name="all">
+ <antcall target="setup"/>
+ <antcall target="runwstargets">
+ <param name="ws-target" value="all"/>
+ </antcall>
+ <antcall target="unsetup"/>
+ </target>
+
+ <target name="run-test">
+ <antcall target="runwstargets">
+ <param name="ws-target" value="run-test"/>
+ </antcall>
+ </target>
+
+ <target name="clean">
+ <antcall target="runwstargets">
+ <param name="ws-target" value="clean"/>
+ </antcall>
+ </target>
+
+ <target name="build">
+ <antcall target="runwstargets">
+ <param name="ws-target" value="build"/>
+ </antcall>
+ </target>
+
+ <target name="deploy">
+ <antcall target="runwstargets">
+ <param name="ws-target" value="deploy"/>
+ </antcall>
+ </target>
+
+ <target name="undeploy">
+ <antcall target="runwstargets">
+ <param name="ws-target" value="undeploy"/>
+ </antcall>
+ </target>
+
+ <target name="run">
+ <antcall target="runwstargets">
+ <param name="ws-target" value="run"/>
+ </antcall>
+ </target>
+
+ <target name="setup" depends="init-common">
+ <!-- exports certdb stuff and imports into keystore -->
+ <antcall target="prepare-store-nickname-common">
+ <param name="cert.nickname" value="s1as"/>
+ </antcall>
+ </target>
+
+ <target name="unsetup" depends="init-common" >
+ </target>
+
+
+ <target name="runwstargets">
+ <antcall target="servletws"/>
+ </target>
+
+<!-- ======== Targets by technology ========== -->
+
+ <target name="servletws">
+ <record name="security-wss.output" action="start" />
+ <ant dir="servletws" target="${ws-target}"/>
+ <record name="security-wss.output" action="stop" />
+ </target>
+ <target name="usage">
+ <echo> Usage:
+ ======== Targets by execution granularity =========
+
+ ant clean (Cleans all ws tests)
+ ant build (builds all ws tests)
+ ant setup (setup all required resources)
+ ant deploy (deploy all test apps)
+ ant run (Executes all tests)
+ ant undeploy (undeploy all test apps)
+ ant unsetup (remove all set resources)
+
+ ======== Targets by technology =========
+
+ ant servletws (Executes the servletws tests)
+ ant all (Executes all the ws tests)
+
+ ===== Targets by technoloy and execution granularity ======
+ Note: Run the command of the following type:
+
+ % ant servletws -Dws-target=clean
+
+ to run the 'clean' target for 'servletws' tests
+ </echo>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/build.properties b/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/build.properties
new file mode 100644
index 0000000..079b36b
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/build.properties
@@ -0,0 +1,45 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security-wss-permethod-servlet"/>
+<property name="appname" value="${module}"/>
+<property name="assemble" value="${build.classes.dir}/archive"/>
+<property name="test.client"
+ value="com.sun.s1asdev.security.wss.permethod.servlet.client.Client"/>
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="application-client.xml"
+ value="descriptor/application-client.xml"/>
+<property name="sun-application-client.xml"
+ value="descriptor/sun-application-client.xml"/>
+<property name="appclientjar.files" value="${build.classes.dir}"/>
+<property name="appclient.jar" value="${assemble.dir}/${appname}-client.jar"/>
+<property name="app.type" value="application"/>
+<property name="wsdl-file" value="wsdl/HelloServletService.wsdl"/>
+<property name="client-mapping.xml" value="HelloClientMapping.xml"/>
+<property name="wsdlfile.location" value="wsdl"/>
+
+<!--- servlet based endpoint params -->
+<!--property name="mappingfile.location" value=""/-->
+<property name="web-mapping.xml" value="HelloServletMapping.xml"/>
+<property name="sun-web.xml" value="descriptor/sun-web.xml"/>
+<property name="web.xml" value="descriptor/web.xml"/>
+<property name="web-webservices.xml" value="descriptor/webservices.xml"/>
+<property name="wsdlfile.name" value="HelloServletService.wsdl"/>
+<property name="wsdlfile.location" value="wsdl"/>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/build.xml b/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/build.xml
new file mode 100644
index 0000000..1a9be89
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/build.xml
@@ -0,0 +1,216 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../../../config/common.xml">
+<!ENTITY commonSecurity SYSTEM "file:../../../common.xml">
+<!ENTITY testproperties SYSTEM "file:./build.properties">
+]>
+
+<project name="wss-permethod" default="usage" basedir=".">
+
+ &commonSetup;
+ &commonBuild;
+ &testproperties;
+ &commonSecurity;
+
+ <target name="all"
+ depends="clean, build, setup, deploy, run, undeploy, unsetup"/>
+
+ <target name="run-test"
+ depends="clean, build, deploy, run, undeploy"/>
+
+ <target name="clean" depends="init-common">
+ <antcall target="clean-common"/>
+ </target>
+
+ <target name="setup">
+ <antcall target="create-user-common">
+ <param name="user" value="j2ee"/>
+ <param name="password" value="j2ee"/>
+ <param name="groups" value="j2ee"/>
+ </antcall>
+ </target>
+
+ <target name="unsetup">
+ <antcall target="delete-user-common">
+ <param name="user" value="j2ee"/>
+ </antcall>
+ </target>
+
+ <target name="compile" depends="init-common,clean-common, generate-artifacts">
+ <antcall target="compile-common">
+ <param name="src" value="client"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="web"/>
+ </antcall>
+ </target>
+
+ <target name="generate-artifacts">
+ <echo message=" Client Mapping file : ${client-mapping.xml}"/>
+ <antcall target="import-wsdl">
+ <param name="mapping.file"
+ value="${client-mapping.xml}"/>
+ <param name="config-wsdl.file"
+ value="config/config-client.xml"/>
+ </antcall>
+ <echo message="Web Mapping File : ${web-mapping.xml}"/>
+ <antcall target="import-wsdl">
+ <param name="mapping.file"
+ value="${web-mapping.xml}"/>
+ <param name="config-wsdl.file"
+ value="config/config-web.xml"/>
+ </antcall>
+ </target>
+ <target name="ws-package-appclientjar-common">
+ <mkdir dir="${assemble.dir}"/>
+ <delete file="${appclient.jar}" failonerror="false"/>
+ <mkdir dir="${build.classes.dir}/META-INF"/>
+ <copy file="${application-client.xml}"
+ tofile="${build.classes.dir}/META-INF/application-client.xml"/>
+ <copy file="${sun-application-client.xml}"
+ tofile="${build.classes.dir}/META-INF/sun-application-client.xml"/>
+ <copy file="${wsdl-file}"
+ tofile="${build.classes.dir}/META-INF/${wsdl-file}"/>
+ <jar jarfile="${appclient.jar}" basedir="${appclientjar.files}"
+ update="true" includes="${appclientjar.classes}"
+ manifest="./client/MANIFEST.MF">
+
+ <fileset dir="${build.classes.dir}" includes="${client-mapping.xml}"/>
+ <metainf dir="${build.classes.dir}/META-INF">
+ <include name="application-client.xml"/>
+ <include name="sun-application-client.xml"/>
+ <include name="${wsdl-file}"/>
+ </metainf>
+ </jar>
+ <delete dir="${build.classes.dir}/META-INF" failonerror="false"/>
+ </target>
+ <target name="ws-package-war-common">
+ <echo message="my build classes dir is:${build.classes.dir}"/>
+ <delete file="${war.file}"/>
+ <mkdir dir="${build.classes.dir}/tmp"/>
+ <mkdir dir="${build.classes.dir}/tmp/WEB-INF"/>
+ <mkdir dir="${build.classes.dir}/tmp/WEB-INF/classes"/>
+ <copy file="${sun-web.xml}"
+ tofile="${build.classes.dir}/tmp/WEB-INF/sun-web.xml" failonerror="false"/>
+ <copy file="${webservices.xml}"
+ tofile="${build.classes.dir}/tmp/WEB-INF/webservices.xml"
+ failonerror="false"/>
+ <copy file="${mappingfile.location}/${mappingfile.name}"
+ tofile="${build.classes.dir}/tmp/${mappingfile.name}"
+ failonerror="false"/>
+ <copy file="${wsdlfile.location}/${wsdlfile.name}"
+ tofile="${build.classes.dir}/tmp/WEB-INF/wsdl/${wsdlfile.name}"
+ failonerror="false"/>
+ <copy file="${web.xml}"
+ tofile="${build.classes.dir}/tmp/WEB-INF/web.xml"/>
+ <copy todir="${build.classes.dir}/tmp/WEB-INF/classes">
+ <fileset dir="${build.classes.dir}">
+ <include name="${war.classes}"/>
+ </fileset>
+ </copy>
+ <echo message="Creating war file ${war.file}"/>
+ <jar jarfile="${war.file}" update="true">
+ <fileset dir="${build.classes.dir}/tmp" casesensitive="yes">
+ <include name="**/*class*"/>
+ </fileset>
+ <fileset dir="${basedir}/web" casesensitive="yes">
+ <include name="**/*.html"/>
+ <include name="**/*.jsp"/>
+ <include name="**/*.gif"/>
+ <include name="**/*.do"/>
+ <exclude name="**/*.java,**/*.xml,**/*.properties"/>
+ </fileset>
+ <fileset dir="${build.classes.dir}/tmp/" casesensitive="true">
+ <include name="WEB-INF/web.xml"/>
+ <include name="WEB-INF/sun-web.xml"/>
+ <include name="WEB-INF/webservices.xml"/>
+ <include name="WEB-INF/wsdl/${wsdlfile.name}"/>
+ <include name="${mappingfile.name}"/>
+ </fileset>
+ </jar>
+ <echo message="created war file ${war.file}"/>
+ <delete dir="${build.classes.dir}/tmp/WEB-INF" failonerror="false"/>
+ <echo message="my webclient war classes are:${webclient.war.classes}"/>
+ </target>
+
+ <target name="build" depends="init-common,compile">
+ <antcall target="ws-package-appclientjar-common">
+ <param name="appclientjar.classes"
+ value="com/sun/s1asdev/security/wss/permethod/servlet/client/*.class" />
+ <param name="appclientjar.files"
+ value="${build.classes.dir}"/>
+ <param name="appclient.jar"
+ value="${assemble.dir}/${appname}-client.jar"/>
+ </antcall>
+ <!--antcall target="ws-war-common"-->
+ <antcall target="ws-package-war-common">
+ <param name="war.file" value="${assemble.dir}/${appname}-web.war"/>
+ <param name="war.classes"
+ value="com/sun/s1asdev/security/wss/permethod/servlet/*.class" />
+ <param name="mappingfile.name"
+ value="${web-mapping.xml}" />
+ <param name="mappingfile.location"
+ value="${build.classes.dir}"/>
+ <param name="webservices.xml"
+ value="${web-webservices.xml}" />
+ </antcall>
+ <antcall target="ear-common"/>
+ </target>
+
+ <target name="deploy"
+ depends="init-common">
+ <antcall target="deploy-common"/>
+ </target>
+
+ <target name="run" depends="init-common">
+ <property name="VMARGS" value="-Djavax.net.ssl.keyStore=${mykeystore.db.file} -Djavax.net.ssl.trustStore=${mytruststore.db.file} -Djavax.net.ssl.keyStorePassword=${ssl.password} -Djavax.net.ssl.trustStorePassword=${ssl.password}"/>
+ <property name="hello-endpoint-url"
+ value="http://${http.host}:${http.port}/${appname}/helloservlet"/>
+ <echo message="VMARGS= ${VMARGS}"/>
+ <exec executable="${APPCLIENT}">
+ <env key="VMARGS" value="${VMARGS}"/>
+ <arg value="-client" />
+ <arg value="${assemble.dir}/${appname}AppClient.jar"/>
+ <arg value="-textauth"/>
+ <arg value="-user"/>
+ <arg value="j2ee"/>
+ <arg value="-password"/>
+ <arg value="j2ee"/>
+ <arg line="-xml ${admin.domain.dir}/${admin.domain}/config/glassfish-acc.xml"/>
+ <arg line="${hello-endpoint-url}"/>
+ </exec>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-common"/>
+ </target>
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+
+ <!--
+ =======================================================
+ User Defined specific targets
+ =======================================================
+ -->
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/client/Client.java b/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/client/Client.java
new file mode 100644
index 0000000..58d5ccb
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/client/Client.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright (c) 2003, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.wss.permethod.servlet.client;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+import javax.naming.Context;
+import javax.naming.InitialContext;
+import javax.xml.rpc.Stub;
+
+public class Client {
+
+ private static SimpleReporterAdapter stat = new SimpleReporterAdapter("appserv-tests");
+ private static String testSuite = "Sec:Servlet Per method WSS test ";
+
+ public static void main (String[] args) {
+ String helloEndpoint = null;
+ if (args[0] == null){
+ System.out.println("WSS Permethod client: Argument missing. Please provide target endpoint address as argument");
+ System.exit(1);
+ } else {
+ helloEndpoint = args[0];
+ }
+
+ stat.addDescription(testSuite);
+
+ HelloIF helloIFPort = null;
+ try {
+ Context ic = new InitialContext();
+ HelloServletService helloService = (HelloServletService)
+ ic.lookup("java:comp/env/service/HelloServletService");
+ helloIFPort = helloService.getHelloIFPort();
+ ((Stub)helloIFPort)._setProperty(
+ Stub.ENDPOINT_ADDRESS_PROPERTY, helloEndpoint);
+ System.out.println("Calling sayHello");
+ String reply = helloIFPort.sayHello("Hello World");
+ System.out.println("Reply sayHello: " + reply);
+ stat.addStatus(testSuite + " sayHello", stat.PASS);
+ } catch(Exception e){
+ stat.addStatus(testSuite + " sayHello", stat.FAIL);
+ e.printStackTrace();
+ }
+
+ try {
+ System.out.println("Calling sendSecret");
+ int code = helloIFPort.sendSecret("It is a secret");
+ System.out.println("Reply sendSecret: " + code);
+ stat.addStatus(testSuite + " sendSecret", stat.PASS);
+ } catch(Exception e){
+ stat.addStatus(testSuite + "sendSecret", stat.FAIL);
+ e.printStackTrace();
+ }
+
+ try {
+ System.out.println("Calling getSecret");
+ String secret = helloIFPort.getSecret(100.0);
+ System.out.println("Reply getSecret: " + secret);
+ stat.addStatus(testSuite + " getSecret", stat.PASS);
+ } catch(Exception e){
+ stat.addStatus(testSuite + " getSecret", stat.FAIL);
+ e.printStackTrace();
+ }
+
+ stat.printSummary(testSuite);
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/client/MANIFEST.MF b/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/client/MANIFEST.MF
new file mode 100644
index 0000000..32c6d74
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/client/MANIFEST.MF
@@ -0,0 +1,2 @@
+Manifest-Version: 1.0
+Main-Class: com.sun.s1asdev.security.wss.permethod.servlet.client.Client
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/config/config-client.xml b/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/config/config-client.xml
new file mode 100644
index 0000000..2f051d8
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/config/config-client.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<configuration
+ xmlns="http://java.sun.com/xml/ns/jax-rpc/ri/config">
+ <wsdl
+ location="wsdl/HelloServletService.wsdl"
+ packageName="com.sun.s1asdev.security.wss.permethod.servlet.client"/>
+</configuration>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/config/config-sei.xml b/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/config/config-sei.xml
new file mode 100644
index 0000000..eb69b7d
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/config/config-sei.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<configuration
+ xmlns="http://java.sun.com/xml/ns/jax-rpc/ri/config">
+ <service name="HelloServletService"
+ targetNamespace="http://hello.org/wsdl"
+ typeNamespace="http://hello.org/types"
+ packageName="com.sun.s1asdev.security.wss.permethod.servlet">
+ <interface name="com.sun.s1asdev.security.wss.permethod.servlet.HelloIF"
+ servantName="com.sun.s1asdev.security.wss.permethod.servlet.HelloServlet"/>
+ </interface>
+ </service>
+</configuration>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/config/config-web.xml b/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/config/config-web.xml
new file mode 100644
index 0000000..4eb520f
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/config/config-web.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<configuration
+ xmlns="http://java.sun.com/xml/ns/jax-rpc/ri/config">
+ <wsdl
+ location="wsdl/HelloServletService.wsdl"
+ packageName="com.sun.s1asdev.security.wss.permethod.servlet"/>
+</configuration>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/descriptor/application-client.xml b/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/descriptor/application-client.xml
new file mode 100644
index 0000000..ce75975
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/descriptor/application-client.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application-client version="1.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/application-client_1_4.xsd">
+ <description>app client dd for hello</description>
+ <display-name>ws-permethod-hello</display-name>
+ <service-ref>
+ <description>hello service ref</description>
+ <service-ref-name>service/HelloServletService</service-ref-name>
+ <service-interface>com.sun.s1asdev.security.wss.permethod.servlet.client.HelloServletService</service-interface>
+ <wsdl-file>META-INF/wsdl/HelloServletService.wsdl</wsdl-file>
+ <jaxrpc-mapping-file>HelloClientMapping.xml</jaxrpc-mapping-file>
+ </service-ref>
+</application-client>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/descriptor/application.xml b/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/descriptor/application.xml
new file mode 100644
index 0000000..d266f7c
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/descriptor/application.xml
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE application PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application 1.3//EN" "http://java.sun.com/dtd/application_1_3.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application>
+ <display-name>WSSServletHelloApp</display-name>
+ <module>
+ <web>
+ <web-uri>security-wss-permethod-servlet-web.war</web-uri>
+ <context-root>security-wss-permethod-servlet</context-root>
+ </web>
+ </module>
+ <module>
+ <java>security-wss-permethod-servlet-client.jar</java>
+ </module>
+</application>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/descriptor/sun-application-client.xml b/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/descriptor/sun-application-client.xml
new file mode 100644
index 0000000..e5b49c2
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/descriptor/sun-application-client.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application-client PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 Application Client 1.4//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-application-client_1_4-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application-client>
+ <service-ref>
+ <service-ref-name>service/HelloServletService</service-ref-name>
+ <port-info>
+ <wsdl-port>
+ <namespaceURI>http://hello.org/wsdl</namespaceURI>
+ <localpart>HelloIFPort</localpart>
+ </wsdl-port>
+ <message-security-binding auth-layer="SOAP"
+ provider-id="ClientProvider">
+ <message-security>
+ <message>
+ <operation-name>sayHello</operation-name>
+ </message>
+ <request-protection/>
+ <response-protection/>
+ </message-security>
+ <message-security>
+ <message>
+ <operation-name>sendSecret</operation-name>
+ </message>
+ <request-protection
+ auth-source="content"/>
+ <response-protection
+ auth-source="content"/>
+ </message-security>
+ <message-security>
+ <message>
+ <operation-name>getSecret</operation-name>
+ </message>
+ <request-protection
+ auth-source="sender"/>
+ <response-protection
+ auth-source="content"/>
+ </message-security>
+ </message-security-binding>
+ </port-info>
+ </service-ref>
+</sun-application-client>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/descriptor/sun-web.xml b/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/descriptor/sun-web.xml
new file mode 100644
index 0000000..e811ba3
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/descriptor/sun-web.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 Servlet 2.4//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-web-app_2_4-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-web-app>
+ <servlet>
+ <servlet-name>HelloServlet</servlet-name>
+ <webservice-endpoint>
+ <port-component-name>HelloIFPort</port-component-name>
+ <endpoint-address-uri>helloservlet</endpoint-address-uri>
+ <message-security-binding auth-layer="SOAP"
+ provider-id="ServerProvider">
+ <message-security>
+ <message>
+ <operation-name>sendSecret</operation-name>
+ </message>
+ <request-protection
+ auth-source="content"/>
+ <response-protection
+ auth-source="content"/>
+ </message-security>
+ <message-security>
+ <message>
+ <operation-name>getSecret</operation-name>
+ </message>
+ <request-protection
+ auth-source="sender"/>
+ <response-protection
+ auth-source="content"/>
+ </message-security>
+ </message-security-binding>
+ </webservice-endpoint>
+ </servlet>
+</sun-web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/descriptor/web.xml b/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/descriptor/web.xml
new file mode 100644
index 0000000..3bdd4e9
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/descriptor/web.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
+ <display-name>Hello ServletWS</display-name>
+ <servlet>
+ <servlet-name>HelloServlet</servlet-name>
+ <servlet-class>com.sun.s1asdev.security.wss.permethod.servlet.HelloServlet</servlet-class>
+ <load-on-startup>0</load-on-startup>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>HelloServlet</servlet-name>
+ <url-pattern>/helloservlet</url-pattern>
+ </servlet-mapping>
+ <session-config>
+ <session-timeout>54</session-timeout>
+ </session-config>
+</web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/descriptor/webservices.xml b/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/descriptor/webservices.xml
new file mode 100644
index 0000000..0ca2051
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/descriptor/webservices.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<webservices xmlns="http://java.sun.com/xml/ns/j2ee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
+ http://www.ibm.com/webservices/xsd/j2ee_web_services_1_1.xsd"
+ version="1.1">
+ <description>desc</description>
+ <webservice-description>
+ <webservice-description-name>Hello Servlet</webservice-description-name>
+ <wsdl-file>WEB-INF/wsdl/HelloServletService.wsdl</wsdl-file>
+ <jaxrpc-mapping-file>HelloServletMapping.xml</jaxrpc-mapping-file>
+ <port-component>
+ <description>port component description</description>
+ <port-component-name>HelloIFPort</port-component-name>
+ <wsdl-port xmlns:hellons="http://hello.org/wsdl">hellons:HelloIFPort
+ </wsdl-port>
+ <service-endpoint-interface>com.sun.s1asdev.security.wss.permethod.servlet.HelloIF
+ </service-endpoint-interface>
+ <service-impl-bean>
+ <servlet-link>HelloServlet</servlet-link>
+ </service-impl-bean>
+ </port-component>
+ </webservice-description>
+</webservices>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/web/HelloIF.java b/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/web/HelloIF.java
new file mode 100644
index 0000000..6a3bd1d
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/web/HelloIF.java
@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.wss.permethod.servlet;
+
+import java.rmi.Remote;
+import java.rmi.RemoteException;
+
+public interface HelloIF extends Remote {
+ public String sayHello(String message) throws RemoteException;
+ public int sendSecret(String message) throws RemoteException;
+ public String getSecret(double key) throws RemoteException;
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/web/HelloServlet.java b/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/web/HelloServlet.java
new file mode 100644
index 0000000..baa0071
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/web/HelloServlet.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 2002, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.wss.permethod.servlet;
+
+import javax.servlet.SingleThreadModel;
+import javax.xml.rpc.server.ServiceLifecycle;
+
+public class HelloServlet implements
+ SingleThreadModel, ServiceLifecycle {
+
+ public HelloServlet() {
+ System.out.println("HelloServlet() instantiated");
+ }
+
+ public void init(Object context) {
+ System.out.println("Got ServiceLifecycle::init call " + context);
+ }
+
+ public void destroy() {
+ System.out.println("Got ServiceLifecycle::destroy call");
+ }
+
+ public String sayHello(String message) {
+ System.out.println("sayHello invoked from servlet endpoint");
+ return "reply from " + message;
+ }
+
+ public int sendSecret(String message) {
+ System.out.println("sendSecret invoked from servlet endpoint");
+ return message.hashCode();
+ }
+
+ public String getSecret(double key) {
+ System.out.println("getSecret invoked from servlet endpoint");
+ return "Secret-" + key;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/wsdl/HelloServletService.wsdl b/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/wsdl/HelloServletService.wsdl
new file mode 100644
index 0000000..af7cfc0
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/permethod/servletws/wsdl/HelloServletService.wsdl
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<definitions name="HelloServletService" targetNamespace="http://hello.org/wsdl" xmlns:tns="http://hello.org/wsdl" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/">
+ <types/>
+ <message name="HelloIF_sayHello">
+ <part name="string" type="xsd:string"/>
+ </message>
+ <message name="HelloIF_sayHelloResponse">
+ <part name="result" type="xsd:string"/>
+ </message>
+ <message name="HelloIF_sendSecret">
+ <part name="string" type="xsd:string"/>
+ </message>
+ <message name="HelloIF_sendSecretResponse">
+ <part name="result" type="xsd:int"/>
+ </message>
+ <message name="HelloIF_getSecret">
+ <part name="string" type="xsd:double"/>
+ </message>
+ <message name="HelloIF_getSecretResponse">
+ <part name="result" type="xsd:string"/>
+ </message>
+ <portType name="HelloIF">
+ <operation name="sayHello">
+ <input message="tns:HelloIF_sayHello"/>
+ <output message="tns:HelloIF_sayHelloResponse"/>
+ </operation>
+ <operation name="sendSecret">
+ <input message="tns:HelloIF_sendSecret"/>
+ <output message="tns:HelloIF_sendSecretResponse"/>
+ </operation>
+ <operation name="getSecret">
+ <input message="tns:HelloIF_getSecret"/>
+ <output message="tns:HelloIF_getSecretResponse"/>
+ </operation>
+ </portType>
+ <binding name="HelloIFBinding" type="tns:HelloIF">
+ <operation name="sayHello">
+ <input>
+ <soap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" use="encoded" namespace="http://hello.org/wsdl"/></input>
+ <output>
+ <soap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" use="encoded" namespace="http://hello.org/wsdl"/></output>
+ <soap:operation soapAction=""/>
+ </operation>
+ <operation name="sendSecret">
+ <input>
+ <soap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" use="encoded" namespace="http://hello.org/wsdl"/></input>
+ <output>
+ <soap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" use="encoded" namespace="http://hello.org/wsdl"/></output>
+ <soap:operation soapAction=""/>
+ </operation>
+ <operation name="getSecret">
+ <input>
+ <soap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" use="encoded" namespace="http://hello.org/wsdl"/></input>
+ <output>
+ <soap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" use="encoded" namespace="http://hello.org/wsdl"/></output>
+ <soap:operation soapAction=""/>
+ </operation>
+ <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="rpc"/> </binding>
+ <service name="HelloServletService">
+ <port name="HelloIFPort" binding="tns:HelloIFBinding">
+ <soap:address location="REPLACE_WITH_ACTUAL_URL"/>
+ </port>
+ </service>
+</definitions>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/roles/build.properties b/appserver/tests/appserv-tests/devtests/security/wss/roles/build.properties
new file mode 100644
index 0000000..5e82f84
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/roles/build.properties
@@ -0,0 +1,37 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security-wss-roles"/>
+<property name="appname" value="${module}"/>
+<property name="assemble" value="${build.classes.dir}/archive"/>
+<property name="test.client"
+ value="com.sun.s1asdev.security.wss.roles.client.Client"/>
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="sun-application.xml" value="descriptor/sun-application.xml"/>
+<property name="ejb-jar.xml" value="descriptor/ejb-jar.xml"/>
+<property name="sun-ejb-jar.xml" value="descriptor/sun-ejb-jar.xml"/>
+<property name="sun-ejb-jar2.xml" value="descriptor/sun-ejb-jar2.xml"/>
+<property name="web.xml" value="descriptor/web.xml"/>
+<property name="application-client.xml"
+ value="descriptor/application-client.xml"/>
+<property name="sun-application-client.xml"
+ value="descriptor/sun-application-client.xml"/>
+<property name="appclientjar.files" value="${build.classes.dir}"/>
+<property name="appclient.jar" value="${assemble.dir}/${appname}-client.jar"/>
+<property name="app.type" value="application"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/roles/build.xml b/appserver/tests/appserv-tests/devtests/security/wss/roles/build.xml
new file mode 100644
index 0000000..ce7f3a1
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/roles/build.xml
@@ -0,0 +1,191 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../../config/common.xml">
+<!ENTITY commonSecurity SYSTEM "file:../../common.xml">
+<!ENTITY testproperties SYSTEM "file:./build.properties">
+]>
+
+<project name="security-wss-roles" default="usage" basedir=".">
+
+ &commonSetup;
+ &commonBuild;
+ &testproperties;
+ &commonSecurity;
+
+ <target name="all" depends="clean, setup, build-deploy, run, undeploy, unsetup"/>
+
+ <target name="clean" depends="init-common">
+ <antcall target="clean-common"/>
+ </target>
+
+ <target name="setup" depends="init-common">
+ <antcall target="create-auth-filerealm">
+ <param name="file.realm.name" value="file2"/>
+ <param name="keyfile.path" value="${admin.domain.dir}/${admin.domain}/config/keyfile2"/>
+ </antcall>
+ <!-- <antcall target="reconfig-common"/>-->
+
+ <antcall target="create-user-common">
+ <param name="user" value="javaee"/>
+ <param name="password" value="javaee"/>
+ <param name="groups" value="javaee"/>
+ <param name="authrealmname" value="file2"/>
+ </antcall>
+ </target>
+
+ <target name="unsetup" depends="init-common">
+ <antcall target="delete-user-common">
+ <param name="user" value="javaee"/>
+ <param name="authrealmname" value="file2"/>
+ </antcall>
+ <antcall target="asadmin-common">
+ <param name="admin.command" value="delete-auth-realm" />
+ <param name="operand.props" value="file2"/>
+ </antcall>
+ </target>
+
+ <target name="compile-server" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="ejbws"/>
+ <param name="build.classes.dir" value="${build.classes.dir}/ejbws"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="ejbws2"/>
+ <param name="build.classes.dir" value="${build.classes.dir}/ejbws2"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="servletws"/>
+ <param name="build.classes.dir" value="${build.classes.dir}/servletws"/>
+ </antcall>
+ </target>
+
+ <target name="compile-client">
+ <mkdir dir="${build.classes.dir}/client"/>
+ <antcall target="wsimport">
+ <param name="wsimport.args"
+ value="-keep -d ${build.classes.dir}/client http://${http.host}:${http.port}/WssRolesEjbService/HelloEjb?WSDL"/>
+ </antcall>
+ <antcall target="wsimport">
+ <param name="wsimport.args"
+ value="-keep -d ${build.classes.dir}/client http://${http.host}:${http.port}/WssRolesEjb2Service/HelloEjb2?WSDL"/>
+ </antcall>
+ <antcall target="wsimport">
+ <param name="wsimport.args"
+ value="-keep -d ${build.classes.dir}/client http://${http.host}:${http.port}/security-wss-roles-web/webservice/WssRolesServletService/HelloServlet?WSDL"/>
+ </antcall>
+
+ <delete file="client/Client.java" failonerror="false"/>
+ <copy file="client/Client.java.template" tofile="client/Client.java"/>
+ <replace file="client/Client.java">
+ <replacefilter token="@HOST@" value="${http.host}"/>
+ <replacefilter token="@PORT@" value="${http.port}"/>
+ </replace>
+ <javac srcdir="client" destdir="${build.classes.dir}/client"
+ classpath="${env.APS_HOME}/lib/reporter.jar:${env.S1AS_HOME}/lib/j2ee.jar:${env.S1AS_HOME}/lib/webservices-rt.jar:${env.S1AS_HOME}/lib/webservices-tools.jar:${build.classes.dir}/client" debug="on" failonerror="true"/>
+ </target>
+
+ <target name="build-server" depends="compile-server">
+ <mkdir dir="${assemble.dir}"/>
+ <mkdir dir="${build.classes.dir}/META-INF"/>
+
+ <antcall target="package-ejbjar-common">
+ <param name="ejbjar.files" value="${build.classes.dir}/ejbws"/>
+ <param name="ejb.jar" value="${assemble.dir}/${appname}-ejb.jar"/>
+ <param name="ejbjar.classes" value="com/sun/**/*.class"/>
+ </antcall>
+ <antcall target="package-ejbjar-common">
+ <param name="ejbjar.files" value="${build.classes.dir}/ejbws2"/>
+ <param name="ejb.jar" value="${assemble.dir}/${appname}-ejb2.jar"/>
+ <param name="ejbjar.classes" value="com/sun/**/*.class"/>
+ <param name="sun-ejb-jar.xml" value="${sun-ejb-jar2.xml}"/>
+ </antcall>
+ <war destfile="${assemble.dir}/${appname}-web.war" webxml="${web.xml}">
+ <classes dir="${build.classes.dir}/servletws"/>
+ </war>
+
+ <copy file="${sun-application.xml}" tofile="${build.classes.dir}/META-INF/sun-application.xml" failonerror="false"/>
+ <jar jarfile="${assemble.dir}/${appname}App.ear">
+ <fileset dir="${assemble.dir}">
+ <include name="*.jar"/>
+ <include name="*.war"/>
+ </fileset>
+ <fileset dir="${build.classes.dir}">
+ <include name="META-INF/sun-application.xml"/>
+ </fileset>
+ </jar>
+ </target>
+
+ <target name="build-client" depends="compile-client">
+ <mkdir dir="${assemble.dir}"/>
+
+ <unjar src="${env.APS_HOME}/lib/reporter.jar" dest="${build.classes.dir}/client"/>
+ <antcall target="package-appclientjar-common">
+ <param name="appclientjar.files"
+ value="${build.classes.dir}/client"/>
+ <param name="appclient.jar"
+ value="${assemble.dir}/${appname}-client.jar"/>
+ <param name="appclientjar.classes"
+ value="com/sun/**/*.class"/>
+ </antcall>
+ </target>
+
+ <target name="build-deploy" depends="init-common">
+ <antcall target="build-server"/>
+ <antcall target="deploy-common"/>
+ <antcall target="build-client"/>
+ <antcall target="deploy-client-common"/>
+ </target>
+
+ <target name="run" depends="init-common">
+ <antcall target="runclient1"/>
+ <antcall target="runclient2"/>
+ </target>
+
+ <target name="runclient1" depends="init-common">
+ <exec executable="${APPCLIENT}">
+ <arg line="-client" />
+ <arg line="${assemble.dir}/${appname}-clientClient.jar"/>
+ <arg line="-textauth"/>
+ <arg line="-user" />
+ <arg line="javaee" />
+ <arg line="-password" />
+ <arg line="javaee" />
+ </exec>
+ </target>
+
+ <target name="runclient2" depends="init-common">
+ <exec executable="${APPCLIENT}">
+ <arg line="-client" />
+ <arg line="${assemble.dir}/${appname}-clientClient.jar"/>
+ <arg line="authprop" />
+ </exec>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-common"/>
+ <antcall target="undeploy-client-common"/>
+ </target>
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/roles/client/Client.java.template b/appserver/tests/appserv-tests/devtests/security/wss/roles/client/Client.java.template
new file mode 100644
index 0000000..3b571c4
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/roles/client/Client.java.template
@@ -0,0 +1,161 @@
+/*
+ * Copyright (c) 2005, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.wss.roles.client;
+
+import java.util.Map;
+
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.WebServiceRef;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+import com.sun.s1asdev.security.wss.roles.ejbws.HelloEjb;
+import com.sun.s1asdev.security.wss.roles.ejbws.WssRolesEjbService;
+import com.sun.s1asdev.security.wss.roles.ejbws2.HelloEjb2;
+import com.sun.s1asdev.security.wss.roles.ejbws2.WssRolesEjb2Service;
+import com.sun.s1asdev.security.wss.roles.servletws.HelloServlet;
+import com.sun.s1asdev.security.wss.roles.servletws.WssRolesServletService;
+
+public class Client {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+ private static String testSuite = "Sec:WSS Roles test ";
+
+ @WebServiceRef(wsdlLocation="http://@HOST@:@PORT@/WssRolesEjbService/HelloEjb?WSDL")
+ private static WssRolesEjbService service;
+
+ @WebServiceRef(wsdlLocation="http://@HOST@:@PORT@/WssRolesEjb2Service/HelloEjb2?WSDL")
+ private static WssRolesEjb2Service service2;
+
+ @WebServiceRef(wsdlLocation="http://@HOST@:@PORT@/security-wss-roles-web/webservice/WssRolesServletService/HelloServlet?WSDL")
+ private static WssRolesServletService service3;
+
+ public static void main(String[] args) {
+ boolean authprop =
+ (args != null && args.length > 0 && "authprop".equals(args[0]));
+
+ if (authprop) {
+ System.out.println("Authenticate through BindingProvider property");
+ stat.addDescription("security-wss-roles: authprop");
+ } else {
+ stat.addDescription("security-wss-roles");
+ }
+
+ String description = null;
+ try {
+ // first ejb ws
+ HelloEjb port = service.getHelloEjbPort();
+
+ if (authprop) {
+ authenticate((BindingProvider)port);
+ }
+
+ description = testSuite + " ejbws1: hello";
+ port.hello("Sun");
+ stat.addStatus(description, stat.PASS);
+
+ description = testSuite + " ejbws1: rolesAllowed1";
+ port.rolesAllowed1("Sun");
+ stat.addStatus(description, stat.PASS);
+
+ try {
+ description = testSuite + " ejbws1: rolesAllowed2";
+ port.rolesAllowed2("Sun");
+ stat.addStatus(description, stat.FAIL);
+ } catch(Exception e) {
+ System.out.println("Expected failure: " + e);
+ stat.addStatus(description, stat.PASS);
+ }
+
+ description = testSuite + " ejbws1: permitAll";
+ port.permitAll("Sun");
+ stat.addStatus(description, stat.PASS);
+
+ try {
+ description = testSuite + " ejbws1: denyAll";
+ port.denyAll("Sun");
+ stat.addStatus(description, stat.FAIL);
+ } catch(Exception e) {
+ System.out.println("Expected failure: " + e);
+ stat.addStatus(description, stat.PASS);
+ }
+
+ try {
+ description = testSuite + " ejbws1: runAs1";
+ port.runAs1();
+ stat.addStatus(description, stat.FAIL);
+ } catch(Exception e) {
+ System.out.println("Expected failure: " + e);
+ stat.addStatus(description, stat.PASS);
+ }
+
+ description = testSuite + " ejbws1: runAs2";
+ port.runAs2();
+ stat.addStatus(description, stat.PASS);
+
+ // second ejb ws
+ HelloEjb2 port2 = service2.getHelloEjb2Port();
+
+ if (authprop) {
+ authenticate((BindingProvider)port2);
+ }
+
+ description = testSuite + " ejbws2: rolesAllowed1";
+ port2.rolesAllowed1("Sun");
+ stat.addStatus(description, stat.PASS);
+
+ try {
+ description = testSuite + " ejbws2: rolesAllowed2";
+ port2.rolesAllowed2("Sun");
+ stat.addStatus(description, stat.FAIL);
+ } catch(Exception e) {
+ System.out.println("Expected failure: " + e);
+ stat.addStatus(description, stat.PASS);
+ }
+
+ // first servlet ws
+ HelloServlet port3 = service3.getHelloServletPort();
+ if (authprop) {
+ authenticate((BindingProvider)port3);
+ }
+ description = testSuite + " serlvet: hello";
+ String msg = port3.hello("Sun");
+ if (msg != null && msg.startsWith("javaee")) {
+ stat.addStatus(description, stat.PASS);
+ } else {
+ stat.addStatus(description, stat.FAIL);
+ }
+
+ } catch(Exception ex) {
+ ex.printStackTrace();
+ stat.addStatus(description, stat.FAIL);
+ }
+
+ if (authprop) {
+ stat.printSummary("security-wss-roles: authprop");
+ } else {
+ stat.printSummary("security-wss-roles");
+ }
+ }
+
+ private static void authenticate(BindingProvider bd) {
+ System.out.println("authenticate through BindingProvider property");
+ Map<String, Object> requestContext = bd.getRequestContext();
+ requestContext.put(BindingProvider.USERNAME_PROPERTY, "javaee");
+ requestContext.put(BindingProvider.PASSWORD_PROPERTY, "javaee");
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/roles/client/MANIFEST.MF b/appserver/tests/appserv-tests/devtests/security/wss/roles/client/MANIFEST.MF
new file mode 100644
index 0000000..6e24fb0
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/roles/client/MANIFEST.MF
@@ -0,0 +1,2 @@
+Manifest-Version: 1.0
+Main-Class: com.sun.s1asdev.security.wss.roles.client.Client
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/roles/descriptor/sun-application.xml b/appserver/tests/appserv-tests/devtests/security/wss/roles/descriptor/sun-application.xml
new file mode 100644
index 0000000..5b3df2c
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/roles/descriptor/sun-application.xml
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application PUBLIC "-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 J2EE Application 1.4//EN" "http://www.sun.com/software/sunone/appserver/dtds/sun-application_1_4-0.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application>
+ <unique-id>0</unique-id>
+ <security-role-mapping>
+ <role-name>javaee</role-name>
+ <principal-name>javaee</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>ejbuser</role-name>
+ <principal-name>ejbuser</principal-name>
+ </security-role-mapping>
+ <realm>file2</realm>
+</sun-application>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/roles/descriptor/sun-ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/wss/roles/descriptor/sun-ejb-jar.xml
new file mode 100644
index 0000000..3a6754d
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/roles/descriptor/sun-ejb-jar.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 EJB 2.1//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-ejb-jar_2_1-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-ejb-jar>
+ <enterprise-beans>
+ <ejb>
+ <ejb-name>HelloEjb</ejb-name>
+ <webservice-endpoint>
+ <port-component-name>HelloEjb</port-component-name>
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm>file2</realm>
+ </login-config>
+ </webservice-endpoint>
+ </ejb>
+ </enterprise-beans>
+</sun-ejb-jar>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/roles/descriptor/sun-ejb-jar2.xml b/appserver/tests/appserv-tests/devtests/security/wss/roles/descriptor/sun-ejb-jar2.xml
new file mode 100644
index 0000000..7b2352a
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/roles/descriptor/sun-ejb-jar2.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 EJB 2.1//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-ejb-jar_2_1-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-ejb-jar>
+ <enterprise-beans>
+ <ejb>
+ <ejb-name>HelloEjb2</ejb-name>
+ <webservice-endpoint>
+ <port-component-name>HelloEjb2</port-component-name>
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ </login-config>
+ </webservice-endpoint>
+ </ejb>
+ </enterprise-beans>
+</sun-ejb-jar>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/roles/descriptor/web.xml b/appserver/tests/appserv-tests/devtests/security/wss/roles/descriptor/web.xml
new file mode 100644
index 0000000..a008245
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/roles/descriptor/web.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:j2ee="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2.5"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
+
+ <servlet>
+ <servlet-name>HelloServlet</servlet-name>
+ <servlet-class>com.sun.s1asdev.security.wss.roles.servletws.HelloServlet</servlet-class>
+ <load-on-startup>0</load-on-startup>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>HelloServlet</servlet-name>
+ <url-pattern>/webservice/WssRolesServletService/HelloServlet</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Secure Area</web-resource-name>
+ <url-pattern>/webservice/WssRolesServletService/HelloServlet</url-pattern>
+ <http-method>POST</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>javaee</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>file2</realm-name>
+ </login-config>
+ <security-role>
+ <role-name>javaee</role-name>
+ </security-role>
+</web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/roles/ejbws/HelloEjb.java b/appserver/tests/appserv-tests/devtests/security/wss/roles/ejbws/HelloEjb.java
new file mode 100644
index 0000000..ce4bd3b
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/roles/ejbws/HelloEjb.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright (c) 2005, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.wss.roles.ejbws;
+
+import javax.annotation.Resource;
+import javax.annotation.security.DeclareRoles;
+import javax.annotation.security.DenyAll;
+import javax.annotation.security.PermitAll;
+import javax.annotation.security.RolesAllowed;
+import javax.annotation.security.RunAs;
+import javax.ejb.EJB;
+import javax.ejb.Stateless;
+import javax.ejb.SessionContext;
+import javax.jws.WebService;
+import javax.xml.ws.WebServiceContext;
+
+import com.sun.s1asdev.security.wss.roles.ejb.SfulLocal;
+
+@Stateless
+@WebService(targetNamespace="http://ejbws.roles.wss.security.s1asdev.sun.com", serviceName="WssRolesEjbService")
+@DeclareRoles({"javaee", "webuser", "ejbuser"})
+@RunAs("ejbuser")
+public class HelloEjb {
+ @EJB private SfulLocal sful;
+ @Resource private SessionContext sc;
+ @Resource WebServiceContext wsContext;
+
+ public String hello(String who) {
+ if (!sc.isCallerInRole("javaee") || sc.isCallerInRole("ejbuser")) {
+ throw new RuntimeException("sc not of role javaee or of role ejbuser");
+ }
+
+ if (!wsContext.isUserInRole("javaee") || wsContext.isUserInRole("ejbuser")) {
+ throw new RuntimeException("wsc not of role javaee or of role ejbuser");
+ }
+
+ return "Hello, " + who;
+ }
+
+ @RolesAllowed(value={"javaee"})
+ public String rolesAllowed1(String who) {
+ return "Hello, " + who;
+ }
+
+ @RolesAllowed(value={"webuser"})
+ public String rolesAllowed2(String who) {
+ return "Hello, " + who;
+ }
+
+ @DenyAll
+ public String denyAll(String who) {
+ return "Hello, " + who;
+ }
+
+ @PermitAll
+ public String permitAll(String who) {
+ return "Hello, " + who;
+ }
+
+ public String runAs1() {
+ return sful.hello();
+ }
+
+ public String runAs2() {
+ return sful.goodBye();
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/roles/ejbws/SfulEJB.java b/appserver/tests/appserv-tests/devtests/security/wss/roles/ejbws/SfulEJB.java
new file mode 100644
index 0000000..9be8e56
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/roles/ejbws/SfulEJB.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.wss.roles.ejb;
+
+import javax.annotation.security.RolesAllowed;
+import javax.ejb.Local;
+import javax.ejb.Stateful;
+
+@Stateful
+@Local({SfulLocal.class})
+public class SfulEJB implements SfulLocal {
+ @RolesAllowed(value={"javaee"})
+ public String hello() {
+ return "hello from Sful";
+ }
+
+ @RolesAllowed(value={"ejbuser"})
+ public String goodBye() {
+ return "goodBye from Sful";
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/roles/ejbws/SfulLocal.java b/appserver/tests/appserv-tests/devtests/security/wss/roles/ejbws/SfulLocal.java
new file mode 100644
index 0000000..e73d0da
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/roles/ejbws/SfulLocal.java
@@ -0,0 +1,23 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.wss.roles.ejb;
+
+public interface SfulLocal {
+ public String hello();
+
+ public String goodBye();
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/roles/ejbws2/HelloEjb2.java b/appserver/tests/appserv-tests/devtests/security/wss/roles/ejbws2/HelloEjb2.java
new file mode 100644
index 0000000..04048d2
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/roles/ejbws2/HelloEjb2.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2005, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.wss.roles.ejbws2;
+
+import javax.annotation.security.RolesAllowed;
+import javax.ejb.Stateless;
+import javax.jws.WebService;
+
+@Stateless
+@WebService(targetNamespace="http://ejbws2.roles.wss.security.s1asdev.sun.com", serviceName="WssRolesEjb2Service")
+public class HelloEjb2 {
+ @RolesAllowed(value={"javaee"})
+ public String rolesAllowed1(String who) {
+ return "Hello, " + who;
+ }
+
+ @RolesAllowed(value={"webuser"})
+ public String rolesAllowed2(String who) {
+ return "Hello, " + who;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/roles/servletws/HelloServlet.java b/appserver/tests/appserv-tests/devtests/security/wss/roles/servletws/HelloServlet.java
new file mode 100644
index 0000000..e276afd
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/roles/servletws/HelloServlet.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2005, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.wss.roles.servletws;
+
+import javax.annotation.Resource;
+import javax.jws.WebService;
+import javax.xml.ws.WebServiceContext;
+
+@WebService(targetNamespace="http://servletws.roles.wss.security.s1asdev.sun.com", serviceName="WssRolesServletService")
+public class HelloServlet {
+ @Resource WebServiceContext wsContext;
+
+ public String hello(String who) {
+ if (!wsContext.isUserInRole("javaee") ||
+ wsContext.isUserInRole("ejbuser")) {
+ throw new RuntimeException("not of role javaee or of role ejbuser");
+ }
+
+ return wsContext.getUserPrincipal() + "Hello, " + who;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/roles2/build.properties b/appserver/tests/appserv-tests/devtests/security/wss/roles2/build.properties
new file mode 100644
index 0000000..7f3642f
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/roles2/build.properties
@@ -0,0 +1,35 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security-wss-roles2"/>
+<property name="appname" value="${module}"/>
+<property name="assemble" value="${build.classes.dir}/archive"/>
+<property name="test.client"
+ value="com.sun.s1asdev.security.wss.roles2.client.Client"/>
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="sun-application.xml" value="descriptor/sun-application.xml"/>
+<property name="ejb-jar.xml" value="descriptor/ejb-jar.xml"/>
+<property name="sun-ejb-jar.xml" value="descriptor/sun-ejb-jar.xml"/>
+<property name="application-client.xml"
+ value="descriptor/application-client.xml"/>
+<property name="sun-application-client.xml"
+ value="descriptor/sun-application-client.xml"/>
+<property name="appclientjar.files" value="${build.classes.dir}"/>
+<property name="appclient.jar" value="${assemble.dir}/${appname}-client.jar"/>
+<property name="app.type" value="application"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/roles2/build.xml b/appserver/tests/appserv-tests/devtests/security/wss/roles2/build.xml
new file mode 100644
index 0000000..47196a6
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/roles2/build.xml
@@ -0,0 +1,136 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../../config/common.xml">
+<!ENTITY commonSecurity SYSTEM "file:../../common.xml">
+<!ENTITY testproperties SYSTEM "file:./build.properties">
+]>
+
+<project name="security-wss-roles2" default="usage" basedir=".">
+
+ &commonSetup;
+ &commonBuild;
+ &testproperties;
+ &commonSecurity;
+
+ <target name="all" depends="clean, setup, build-deploy, run, undeploy, unsetup"/>
+
+ <target name="clean" depends="init-common">
+ <antcall target="clean-common"/>
+ </target>
+
+ <target name="setup" depends="init-common">
+ <antcall target="create-user-common">
+ <param name="user" value="javaee"/>
+ <param name="password" value="javaee"/>
+ <param name="groups" value="javaee"/>
+ </antcall>
+ <!-- exports certdb stuff and imports into keystore -->
+ <antcall target="prepare-store-nickname-common">
+ <param name="cert.nickname" value="s1as"/>
+ </antcall>
+ </target>
+
+ <target name="unsetup" depends="init-common">
+ <antcall target="delete-user-common">
+ <param name="user" value="javaee"/>
+ </antcall>
+ </target>
+
+ <target name="compile-server" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="ejbws"/>
+ <param name="build.classes.dir" value="${build.classes.dir}/ejbws"/>
+ </antcall>
+ </target>
+
+ <target name="compile-client">
+ <mkdir dir="${build.classes.dir}/client"/>
+ <antcall target="wsimport">
+ <param name="wsimport.args"
+ value="-keep -d ${build.classes.dir}/client http://${http.host}:${http.port}/WssRoles2EjbService/HelloEjb?WSDL"/>
+ </antcall>
+
+ <delete file="client/Client.java" failonerror="false"/>
+ <copy file="client/Client.java.template" tofile="client/Client.java"/>
+ <replace file="client/Client.java">
+ <replacefilter token="@HOST@" value="${http.host}"/>
+ <replacefilter token="@PORT@" value="${http.port}"/>
+ </replace>
+ <javac srcdir="client" destdir="${build.classes.dir}/client"
+ classpath="${env.APS_HOME}/lib/reporter.jar:${env.S1AS_HOME}/lib/j2ee.jar:${env.S1AS_HOME}/lib/webservices-rt.jar:${env.S1AS_HOME}/lib/webservices-tools.jar:${build.classes.dir}/client" debug="on" failonerror="true"/>
+ </target>
+
+ <target name="build-server" depends="compile-server">
+ <mkdir dir="${assemble.dir}"/>
+ <mkdir dir="${build.classes.dir}/META-INF"/>
+
+ <antcall target="package-ejbjar-common">
+ <param name="ejbjar.files" value="${build.classes.dir}/ejbws"/>
+ <param name="ejb.jar" value="${assemble.dir}/${appname}-ejb.jar"/>
+ <param name="ejbjar.classes" value="com/sun/**/*.class"/>
+ </antcall>
+ </target>
+
+ <target name="build-client" depends="compile-client">
+ <mkdir dir="${assemble.dir}"/>
+
+ <unjar src="${env.APS_HOME}/lib/reporter.jar" dest="${build.classes.dir}/client"/>
+ <antcall target="package-appclientjar-common">
+ <param name="appclientjar.files"
+ value="${build.classes.dir}/client"/>
+ <param name="appclient.jar"
+ value="${assemble.dir}/${appname}-client.jar"/>
+ <param name="appclientjar.classes"
+ value="com/sun/**/*.class"/>
+ </antcall>
+ </target>
+
+ <target name="build-deploy" depends="init-common">
+ <antcall target="build-server"/>
+ <antcall target="deploy-jar-common"/>
+ <antcall target="build-client"/>
+ <antcall target="deploy-client-common"/>
+ </target>
+
+ <target name="run" depends="init-common">
+ <exec executable="${APPCLIENT}">
+ <env key="VMARGS" value="-Djavax.net.ssl.keyStore=${mykeystore.db.file} -Djavax.net.ssl.trustStore=${mytruststore.db.file} -Djavax.net.ssl.keyStorePassword=${ssl.password} -Djavax.net.ssl.trustStorePassword=${ssl.password}"/>
+ <arg line="-xml ${env.S1AS_HOME}/domains/domain1/config/glassfish-acc.xml" />
+ <arg line="-client" />
+ <arg line="${assemble.dir}/${appname}-clientClient.jar"/>
+ <arg line="-texauth"/>
+ <arg line="-user" />
+ <arg line="javaee" />
+ <arg line="-password" />
+ <arg line="javaee" />
+ </exec>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-jar-common"/>
+ <antcall target="undeploy-client-common"/>
+ </target>
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/roles2/client/Client.java.template b/appserver/tests/appserv-tests/devtests/security/wss/roles2/client/Client.java.template
new file mode 100644
index 0000000..244d9c2
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/roles2/client/Client.java.template
@@ -0,0 +1,106 @@
+/*
+ * Copyright (c) 2005, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.wss.roles2.client;
+
+import java.util.Map;
+
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.WebServiceRef;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+import com.sun.s1asdev.security.wss.roles2.ejbws.HelloEjb;
+import com.sun.s1asdev.security.wss.roles2.ejbws.WssRoles2EjbService;
+
+public class Client {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+ private static String testSuite = "Sec:WSS Roles2 test ";
+
+ @WebServiceRef(wsdlLocation="http://@HOST@:@PORT@/WssRoles2EjbService/HelloEjb?WSDL")
+ private static WssRoles2EjbService service;
+
+ public static void main(String[] args) {
+ stat.addDescription("security-wss-roles2");
+ String description = null;
+ try {
+ HelloEjb port = service.getHelloEjbPort();
+
+ description = testSuite + " ejbws: hello";
+ port.hello("Sun");
+ stat.addStatus(description, stat.PASS);
+
+ description = testSuite + " ejbws: rolesAllowed1";
+ port.rolesAllowed1("Sun");
+ stat.addStatus(description, stat.PASS);
+
+ try {
+ description = testSuite + " ejbws: rolesAllowed2";
+ port.rolesAllowed2("Sun");
+ stat.addStatus(description, stat.FAIL);
+ } catch(Exception e) {
+ System.out.println("Expected failure: " + e);
+ stat.addStatus(description, stat.PASS);
+ }
+
+ description = testSuite + " ejbws: permitAll";
+ port.permitAll("Sun");
+ stat.addStatus(description, stat.PASS);
+
+ try {
+ description = testSuite + " ejbws: denyAll";
+ port.denyAll("Sun");
+ stat.addStatus(description, stat.FAIL);
+ } catch(Exception e) {
+ System.out.println("Expected failure: " + e);
+ stat.addStatus(description, stat.PASS);
+ }
+
+ try {
+ description = testSuite + " ejbws: runAs1";
+ port.runAs1();
+ stat.addStatus(description, stat.FAIL);
+ } catch(Exception e) {
+ System.out.println("Expected failure: " + e);
+ stat.addStatus(description, stat.PASS);
+ }
+
+ description = testSuite + " ejbws: runAs2";
+ port.runAs2();
+ stat.addStatus(description, stat.PASS);
+
+ description = testSuite + " ejbws: runAsRunAs1";
+ port.runAsRunAs1();
+ stat.addStatus(description, stat.PASS);
+
+ try {
+ description = testSuite + " ejbws: runAsRunAs2";
+ port.runAsRunAs2();
+ stat.addStatus(description, stat.FAIL);
+ } catch(Exception e) {
+ System.out.println("Expected failure: " + e);
+ stat.addStatus(description, stat.PASS);
+ }
+
+ } catch(Exception ex) {
+ ex.printStackTrace();
+ stat.addStatus(description, stat.FAIL);
+ }
+
+ stat.printSummary("security-wss-roles2");
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/roles2/client/MANIFEST.MF b/appserver/tests/appserv-tests/devtests/security/wss/roles2/client/MANIFEST.MF
new file mode 100644
index 0000000..f9a55a7
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/roles2/client/MANIFEST.MF
@@ -0,0 +1,2 @@
+Manifest-Version: 1.0
+Main-Class: com.sun.s1asdev.security.wss.roles2.client.Client
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/roles2/descriptor/sun-application-client.xml b/appserver/tests/appserv-tests/devtests/security/wss/roles2/descriptor/sun-application-client.xml
new file mode 100644
index 0000000..7fef3f0
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/roles2/descriptor/sun-application-client.xml
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-application-client PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 Application Client 1.4//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-application-client_1_4-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application-client>
+ <service-ref>
+ <service-ref-name>com.sun.s1asdev.security.wss.roles2.client.Client/service</service-ref-name>
+ <port-info>
+ <wsdl-port>
+ <namespaceURI>http://ejbws.roles2.wss.security.s1asdev.sun.com</namespaceURI>
+ <localpart>HelloEjbPort</localpart>
+ </wsdl-port>
+ <message-security-binding auth-layer="SOAP"
+ provider-id="XWS_ClientProvider">
+ <message-security>
+ <message/>
+ <request-protection auth-source="sender"/>
+ <response-protection auth-source="content"/>
+ </message-security>
+ </message-security-binding>
+ </port-info>
+ </service-ref>
+</sun-application-client>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/roles2/descriptor/sun-ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/wss/roles2/descriptor/sun-ejb-jar.xml
new file mode 100644
index 0000000..81ea10e
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/roles2/descriptor/sun-ejb-jar.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 EJB 2.1//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-ejb-jar_2_1-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-ejb-jar>
+ <security-role-mapping>
+ <role-name>javaee</role-name>
+ <principal-name>javaee</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>javaeegp</role-name>
+ <group-name>javaee</group-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>ejbuser</role-name>
+ <principal-name>ejbuser</principal-name>
+ </security-role-mapping>
+ <security-role-mapping>
+ <role-name>j2ee</role-name>
+ <principal-name>j2ee</principal-name>
+ </security-role-mapping>
+
+ <enterprise-beans>
+ <ejb>
+ <ejb-name>HelloEjb</ejb-name>
+ <webservice-endpoint>
+ <port-component-name>HelloEjb</port-component-name>
+ <endpoint-address-uri>/WssRoles2EjbService/HelloEjb</endpoint-address-uri>
+ <message-security-binding auth-layer="SOAP"
+ provider-id="XWS_ServerProvider">
+ <message-security>
+ <message/>
+ <request-protection auth-source="sender"/>
+ <response-protection auth-source="content"/>
+ </message-security>
+ </message-security-binding>
+ </webservice-endpoint>
+ </ejb>
+ </enterprise-beans>
+</sun-ejb-jar>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/roles2/ejbws/HelloEjb.java b/appserver/tests/appserv-tests/devtests/security/wss/roles2/ejbws/HelloEjb.java
new file mode 100644
index 0000000..e3a5f33
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/roles2/ejbws/HelloEjb.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 2005, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.wss.roles2.ejbws;
+
+import javax.annotation.Resource;
+import javax.annotation.security.DeclareRoles;
+import javax.annotation.security.DenyAll;
+import javax.annotation.security.PermitAll;
+import javax.annotation.security.RolesAllowed;
+import javax.annotation.security.RunAs;
+import javax.ejb.EJB;
+import javax.ejb.Stateless;
+import javax.ejb.SessionContext;
+import javax.jws.WebService;
+
+import com.sun.s1asdev.security.wss.roles2.ejb.SfulLocal;
+
+@Stateless
+@WebService(targetNamespace="http://ejbws.roles2.wss.security.s1asdev.sun.com", serviceName="WssRoles2EjbService")
+@DeclareRoles({"javaee", "webuser", "ejbuser"})
+@RunAs("ejbuser")
+public class HelloEjb {
+ @EJB private SfulLocal sful;
+ @Resource private SessionContext sc;
+
+ public String hello(String who) {
+ if (!sc.isCallerInRole("javaee")) {
+ throw new RuntimeException("not of role javaee");
+ }
+ if (sc.isCallerInRole("ejbuser")) {
+ throw new RuntimeException("of role ejbuser");
+ }
+ return "Hello, " + who;
+ }
+
+ @RolesAllowed(value={"javaee"})
+ public String rolesAllowed1(String who) {
+ return "Hello, " + who;
+ }
+
+ @RolesAllowed(value={"webuser"})
+ public String rolesAllowed2(String who) {
+ return "Hello, " + who;
+ }
+
+ @DenyAll
+ public String denyAll(String who) {
+ return "Hello, " + who;
+ }
+
+ @PermitAll
+ public String permitAll(String who) {
+ return "Hello, " + who;
+ }
+
+ public String runAs1() {
+ return sful.hello();
+ }
+
+ public String runAs2() {
+ return sful.goodBye();
+ }
+
+ @RolesAllowed(value={"javaeegp"})
+ public String runAsRunAs1() {
+ return sful.slessHello();
+ }
+
+ public String runAsRunAs2() {
+ return sful.slessGoodBye();
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/roles2/ejbws/SfulEJB.java b/appserver/tests/appserv-tests/devtests/security/wss/roles2/ejbws/SfulEJB.java
new file mode 100644
index 0000000..8e01fa1
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/roles2/ejbws/SfulEJB.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.wss.roles2.ejb;
+
+import javax.annotation.security.RolesAllowed;
+import javax.annotation.security.RunAs;
+import javax.ejb.EJB;
+import javax.ejb.Local;
+import javax.ejb.Stateful;
+
+@Stateful
+@Local({SfulLocal.class})
+@RunAs("j2ee")
+public class SfulEJB implements SfulLocal {
+ @EJB private SlessLocal sless;
+
+ @RolesAllowed(value={"javaee"})
+ public String hello() {
+ return "hello from Sful";
+ }
+
+ @RolesAllowed(value={"ejbuser"})
+ public String goodBye() {
+ return "goodBye from Sful";
+ }
+
+ public String slessHello() {
+ return sless.hello();
+ }
+
+ public String slessGoodBye() {
+ return sless.goodBye();
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/roles2/ejbws/SfulLocal.java b/appserver/tests/appserv-tests/devtests/security/wss/roles2/ejbws/SfulLocal.java
new file mode 100644
index 0000000..02a8411
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/roles2/ejbws/SfulLocal.java
@@ -0,0 +1,27 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.wss.roles2.ejb;
+
+public interface SfulLocal {
+ public String hello();
+
+ public String goodBye();
+
+ public String slessHello();
+
+ public String slessGoodBye();
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/roles2/ejbws/SlessEJB.java b/appserver/tests/appserv-tests/devtests/security/wss/roles2/ejbws/SlessEJB.java
new file mode 100644
index 0000000..48f7895
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/roles2/ejbws/SlessEJB.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.wss.roles2.ejb;
+
+import javax.annotation.security.RolesAllowed;
+import javax.ejb.Local;
+import javax.ejb.Stateless;
+
+@Stateless
+@Local({SlessLocal.class})
+public class SlessEJB implements SlessLocal {
+ @RolesAllowed(value={"j2ee"})
+ public String hello() {
+ return "hello from Sless";
+ }
+
+ @RolesAllowed(value={"javaee"})
+ public String goodBye() {
+ return "goodBye from Sless";
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/roles2/ejbws/SlessLocal.java b/appserver/tests/appserv-tests/devtests/security/wss/roles2/ejbws/SlessLocal.java
new file mode 100644
index 0000000..ae59099
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/roles2/ejbws/SlessLocal.java
@@ -0,0 +1,23 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.wss.roles2.ejb;
+
+public interface SlessLocal {
+ public String hello();
+
+ public String goodBye();
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/ssl/build.properties b/appserver/tests/appserv-tests/devtests/security/wss/ssl/build.properties
new file mode 100644
index 0000000..44c63f9
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/ssl/build.properties
@@ -0,0 +1,36 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security-wss-ssl"/>
+<property name="appname" value="${module}"/>
+<property name="assemble" value="${build.classes.dir}/archive"/>
+<property name="test.client"
+ value="com.sun.s1asdev.security.wss.ssl.client.Client"/>
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="sun-application.xml" value="descriptor/sun-application.xml"/>
+<property name="ejb-jar.xml" value="descriptor/ejb-jar.xml"/>
+<property name="sun-ejb-jar.xml" value="descriptor/sun-ejb-jar.xml"/>
+<property name="web.xml" value="descriptor/web.xml"/>
+<property name="application-client.xml"
+ value="descriptor/application-client.xml"/>
+<property name="sun-application-client.xml"
+ value="descriptor/sun-application-client.xml"/>
+<property name="appclientjar.files" value="${build.classes.dir}"/>
+<property name="appclient.jar" value="${assemble.dir}/${appname}-client.jar"/>
+<property name="app.type" value="application"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/ssl/build.xml b/appserver/tests/appserv-tests/devtests/security/wss/ssl/build.xml
new file mode 100644
index 0000000..f4c1b50
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/ssl/build.xml
@@ -0,0 +1,150 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../../config/common.xml">
+<!ENTITY commonSecurity SYSTEM "file:../../common.xml">
+<!ENTITY testproperties SYSTEM "file:./build.properties">
+]>
+
+<project name="security-wss-ssl" default="usage" basedir=".">
+
+ &commonSetup;
+ &commonBuild;
+ &testproperties;
+ &commonSecurity;
+
+ <target name="all" depends="clean, setup, build-deploy, run, undeploy, unsetup"/>
+
+ <target name="clean" depends="init-common">
+ <antcall target="clean-common"/>
+ </target>
+
+ <target name="setup" depends="init-common">
+ </target>
+
+ <target name="unsetup" depends="init-common">
+ </target>
+
+ <target name="compile-server" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="ejbws"/>
+ <param name="build.classes.dir" value="${build.classes.dir}/ejbws"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="servletws"/>
+ <param name="build.classes.dir" value="${build.classes.dir}/servletws"/>
+ </antcall>
+ </target>
+
+ <target name="compile-client" depends="prepare-truststore-common, init-security-util">
+ <mkdir dir="${build.classes.dir}/client"/>
+ <antcall target="wsimport">
+ <!--value="-keep -d ${build.classes.dir}/client https://${s1asCN}:${https.port}/WssSslEjbService/HelloEjb?WSDL"/>-->
+ <param name="wsimport.VMARGS" value=" -Djavax.net.ssl.trustStore=${build.base.dir}/cacerts.jks -Djavax.net.ssl.trustStorePassword=${ssl.password}"/>
+ <param name="wsimport.args"
+ value="-keep -d ${build.classes.dir}/client https://${s1asCN}:${https.port}/WssSslEjbService/HelloEjb?WSDL"/>
+ </antcall>
+ <antcall target="wsimport">
+ <param name="wsimport.VMARGS" value=" -Djavax.net.ssl.trustStore=${build.base.dir}/cacerts.jks -Djavax.net.ssl.trustStorePassword=${ssl.password}"/>
+ <param name="wsimport.args"
+ value="-keep -d ${build.classes.dir}/client https://${s1asCN}:${https.port}/security-wss-ssl/webservice/WssSslServletService/HelloServlet?WSDL"/>
+ </antcall>
+
+ <delete file="client/Client.java" failonerror="false"/>
+ <copy file="client/Client.java.template" tofile="client/Client.java"/>
+ <replace file="client/Client.java">
+ <replacefilter token="@HOST@" value="${s1asCN}"/>
+ <replacefilter token="@PORT@" value="${https.port}"/>
+ </replace>
+ <javac srcdir="client" destdir="${build.classes.dir}/client"
+ classpath="${env.APS_HOME}/lib/reporter.jar:${env.S1AS_HOME}/lib/j2ee.jar:${env.S1AS_HOME}/lib/webservices-rt.jar:${env.S1AS_HOME}/lib/webservices-tools.jar:${build.classes.dir}/client" debug="on" failonerror="true"/>
+ </target>
+
+ <target name="build-server" depends="compile-server">
+ <mkdir dir="${assemble.dir}"/>
+ <mkdir dir="${build.classes.dir}/META-INF"/>
+
+ <antcall target="package-ejbjar-common">
+ <param name="ejbjar.files" value="${build.classes.dir}/ejbws"/>
+ <param name="ejb.jar" value="${assemble.dir}/${appname}-ejb.jar"/>
+ <param name="ejbjar.classes" value="com/sun/**/*.class"/>
+ </antcall>
+
+ <antcall target="package-war-common">
+ <param name="war.classes" value="${build.classes.dir}/servletws"/>
+ <param name="war.file" value="${assemble.dir}/${appname}-web.war"/>
+ </antcall>
+
+ <copy file="${application.xml}" tofile="${build.classes.dir}/META-INF/application.xml" failonerror="false"/>
+ <jar jarfile="${assemble.dir}/${appname}App.ear">
+ <fileset dir="${assemble.dir}">
+ <include name="*.jar"/>
+ <include name="*.war"/>
+ </fileset>
+ <fileset dir="${build.classes.dir}">
+ <include name="META-INF/application.xml"/>
+ </fileset>
+ </jar>
+ </target>
+
+ <target name="build-client" depends="compile-client">
+ <mkdir dir="${assemble.dir}"/>
+
+ <unjar src="${env.APS_HOME}/lib/reporter.jar" dest="${build.classes.dir}/client"/>
+ <antcall target="package-appclientjar-common">
+ <param name="appclientjar.files"
+ value="${build.classes.dir}/client"/>
+ <param name="appclient.jar"
+ value="${assemble.dir}/${appname}-client.jar"/>
+ <param name="appclientjar.classes"
+ value="com/sun/**/*.class"/>
+ </antcall>
+ </target>
+
+ <target name="build-deploy" depends="init-common">
+ <antcall target="build-server"/>
+ <antcall target="deploy-common"/>
+ <antcall target="build-client"/>
+ <antcall target="deploy-client-common"/>
+ </target>
+
+ <target name="run" depends="prepare-truststore-common">
+ <exec executable="${APPCLIENT}">
+ <env key="VMARGS" value=" -Djavax.net.ssl.trustStore=${build.base.dir}/cacerts.jks -Djavax.net.ssl.trustStorePassword=${ssl.password}"/>
+ <arg line="-client" />
+ <arg line="${assemble.dir}/${appname}-clientClient.jar"/>
+ <arg line="-texauth"/>
+ <arg line="-user" />
+ <arg line="dummy" />
+ <arg line="-password" />
+ <arg line="dummy" />
+ </exec>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-common"/>
+ <antcall target="undeploy-client-common"/>
+ </target>
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/ssl/client/Client.java.template b/appserver/tests/appserv-tests/devtests/security/wss/ssl/client/Client.java.template
new file mode 100644
index 0000000..638aac1
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/ssl/client/Client.java.template
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.wss.ssl.client;
+
+import javax.xml.ws.WebServiceRef;
+
+import com.sun.s1asdev.security.wss.ssl.ejbws.HelloEjb;
+import com.sun.s1asdev.security.wss.ssl.ejbws.WssSslEjbService;
+import com.sun.s1asdev.security.wss.ssl.servletws.HelloServlet;
+import com.sun.s1asdev.security.wss.ssl.servletws.WssSslServletService;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+public class Client {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+ private static String testSuite = "Sec:WSS SSL test ";
+
+ @WebServiceRef(wsdlLocation="https://@HOST@:@PORT@/WssSslEjbService/HelloEjb?WSDL")
+ private static WssSslEjbService ejbService;
+ @WebServiceRef(wsdlLocation="https://@HOST@:@PORT@/security-wss-ssl/webservice/WssSslServletService/HelloServlet?WSDL")
+ private static WssSslServletService servletService;
+
+ public static void main(String[] args) {
+ stat.addDescription("security-wss-ssl");
+ String description = null;
+ try {
+ // ejb ws
+ HelloEjb ejbPort = ejbService.getHelloEjbPort();
+ description = testSuite + " ssl: ejb hello";
+ ejbPort.hello("Sun Ejb");
+ stat.addStatus(description, stat.PASS);
+ } catch(Exception ex) {
+ ex.printStackTrace();
+ stat.addStatus(description, stat.FAIL);
+ }
+
+ try {
+ // servlet ws
+ HelloServlet servletPort = servletService.getHelloServletPort();
+ description = testSuite + " ssl: servlet hello";
+ servletPort.hello("Sun Servlet");
+ stat.addStatus(description, stat.PASS);
+ } catch(Exception ex) {
+ ex.printStackTrace();
+ stat.addStatus(description, stat.FAIL);
+ }
+
+ stat.printSummary("security-wss-ssl");
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/ssl/client/MANIFEST.MF b/appserver/tests/appserv-tests/devtests/security/wss/ssl/client/MANIFEST.MF
new file mode 100644
index 0000000..4a95741
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/ssl/client/MANIFEST.MF
@@ -0,0 +1,2 @@
+Manifest-Version: 1.0
+Main-Class: com.sun.s1asdev.security.wss.ssl.client.Client
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/ssl/descriptor/application.xml b/appserver/tests/appserv-tests/devtests/security/wss/ssl/descriptor/application.xml
new file mode 100644
index 0000000..cd0b2e9
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/ssl/descriptor/application.xml
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE application PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application 1.3//EN" "http://java.sun.com/dtd/application_1_3.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application>
+ <display-name>security-wss-sslApp</display-name>
+ <module>
+ <ejb>security-wss-ssl-ejb.jar</ejb>
+ </module>
+ <module>
+ <web>
+ <web-uri>security-wss-ssl-web.war</web-uri>
+ <context-root>security-wss-ssl</context-root>
+ </web>
+ </module>
+</application>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/ssl/descriptor/sun-ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/wss/ssl/descriptor/sun-ejb-jar.xml
new file mode 100644
index 0000000..5cf6228
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/ssl/descriptor/sun-ejb-jar.xml
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 EJB 2.1//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-ejb-jar_2_1-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-ejb-jar>
+ <enterprise-beans>
+ <ejb>
+ <ejb-name>HelloEjb</ejb-name>
+ <webservice-endpoint>
+ <port-component-name>HelloEjb</port-component-name>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </webservice-endpoint>
+ </ejb>
+ </enterprise-beans>
+</sun-ejb-jar>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/ssl/descriptor/web.xml b/appserver/tests/appserv-tests/devtests/security/wss/ssl/descriptor/web.xml
new file mode 100644
index 0000000..9ede38c
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/ssl/descriptor/web.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:j2ee="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2.5"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
+
+ <description>SSL WebTier for the Hello Service</description>
+ <display-name>HelloWAR</display-name>
+ <servlet>
+ <description>Endpoint for Hello Web Service</description>
+ <display-name>HelloWebService</display-name>
+ <servlet-name>HelloServlet</servlet-name>
+ <servlet-class>com.sun.s1asdev.security.wss.ssl.servletws.HelloServlet</servlet-class>
+ <load-on-startup>0</load-on-startup>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>HelloServlet</servlet-name>
+ <url-pattern>/webservice/WssSslServletService/HelloServlet</url-pattern>
+ </servlet-mapping>
+ <session-config>
+ <session-timeout>54</session-timeout>
+ </session-config>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Protected Area</web-resource-name>
+ <url-pattern>/webservice/WssSslServletService/HelloServlet</url-pattern>
+ <http-method>GET</http-method>
+ <http-method>POST</http-method>
+ </web-resource-collection>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+</web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/ssl/ejbws/HelloEjb.java b/appserver/tests/appserv-tests/devtests/security/wss/ssl/ejbws/HelloEjb.java
new file mode 100644
index 0000000..4913293
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/ssl/ejbws/HelloEjb.java
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.wss.ssl.ejbws;
+
+import javax.ejb.Stateless;
+import javax.jws.WebService;
+
+@Stateless
+@WebService(targetNamespace="http://ejbws.ssl.wss.security.s1asdev.sun.com", serviceName="WssSslEjbService")
+public class HelloEjb {
+ public String hello(String who) {
+ return "Hello, SSL " + who;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/ssl/servletws/HelloServlet.java b/appserver/tests/appserv-tests/devtests/security/wss/ssl/servletws/HelloServlet.java
new file mode 100644
index 0000000..3df17c1
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/ssl/servletws/HelloServlet.java
@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.wss.ssl.servletws;
+
+import javax.jws.WebService;
+
+@WebService(targetNamespace="http://servletws.ssl.wss.security.s1asdev.sun.com", serviceName="WssSslServletService")
+public class HelloServlet {
+ public String hello(String who) {
+ return "Hello, SSL " + who;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/sslclientcert/build.properties b/appserver/tests/appserv-tests/devtests/security/wss/sslclientcert/build.properties
new file mode 100644
index 0000000..2018a65
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/sslclientcert/build.properties
@@ -0,0 +1,36 @@
+<!--
+
+ Copyright (c) 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+
+<property name="module" value="security-wss-sslclientcert"/>
+<property name="appname" value="${module}"/>
+<property name="assemble" value="${build.classes.dir}/archive"/>
+<property name="test.client"
+ value="com.sun.s1asdev.security.wss.sslclientcert.client.Client"/>
+<property name="application.xml" value="descriptor/application.xml"/>
+<property name="sun-application.xml" value="descriptor/sun-application.xml"/>
+<property name="ejb-jar.xml" value="descriptor/ejb-jar.xml"/>
+<property name="sun-ejb-jar.xml" value="descriptor/sun-ejb-jar.xml"/>
+<property name="web.xml" value="descriptor/web.xml"/>
+<property name="application-client.xml"
+ value="descriptor/application-client.xml"/>
+<property name="sun-application-client.xml"
+ value="descriptor/sun-application-client.xml"/>
+<property name="appclientjar.files" value="${build.classes.dir}"/>
+<property name="appclient.jar" value="${assemble.dir}/${appname}-client.jar"/>
+<property name="app.type" value="application"/>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/sslclientcert/build.xml b/appserver/tests/appserv-tests/devtests/security/wss/sslclientcert/build.xml
new file mode 100644
index 0000000..4a5ed3c
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/sslclientcert/build.xml
@@ -0,0 +1,158 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE project [
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<!ENTITY commonSetup SYSTEM "file:./../../../../config/properties.xml">
+<!ENTITY commonBuild SYSTEM "file:./../../../../config/common.xml">
+<!ENTITY commonSecurity SYSTEM "file:../../common.xml">
+<!ENTITY testproperties SYSTEM "file:./build.properties">
+]>
+
+<project name="security-wss-sslclientcert" default="usage" basedir=".">
+
+ &commonSetup;
+ &commonBuild;
+ &testproperties;
+ &commonSecurity;
+
+ <target name="all" depends="clean, setup, build-deploy, run, undeploy, unsetup"/>
+
+ <target name="clean" depends="init-common">
+ <antcall target="clean-common"/>
+ </target>
+
+ <target name="setup" depends="init-common">
+ <!-- exports certdb stuff and imports into keystore -->
+ <antcall target="prepare-store-nickname-common">
+ <param name="cert.nickname" value="s1as"/>
+ </antcall>
+ </target>
+
+ <target name="unsetup" depends="init-common">
+ </target>
+
+ <target name="compile-server" depends="clean">
+ <antcall target="compile-common">
+ <param name="src" value="ejbws"/>
+ <param name="build.classes.dir" value="${build.classes.dir}/ejbws"/>
+ </antcall>
+ <antcall target="compile-common">
+ <param name="src" value="servletws"/>
+ <param name="build.classes.dir" value="${build.classes.dir}/servletws"/>
+ </antcall>
+ </target>
+
+ <target name="compile-client" depends="init-common, init-security-util">
+ <mkdir dir="${build.classes.dir}/client"/>
+ <antcall target="wsimport">
+ <param name="wsimport.VMARGS" value=" -Djavax.net.ssl.trustStore=${mytruststore.db.file} -Djavax.net.ssl.trustStorePassword=${ssl.password}"/>
+ <param name="wsimport.args"
+ value="-keep -d ${build.classes.dir}/client https://${s1asCN}:${https.port}/WssSslClientCertEjbService/HelloEjb?WSDL"/>
+ </antcall>
+ <antcall target="wsimport">
+ <param name="wsimport.VMARGS" value=" -Djavax.net.ssl.trustStore=${mytruststore.db.file} -Djavax.net.ssl.trustStorePassword=${ssl.password}"/>
+ <param name="wsimport.args"
+ value="-keep -d ${build.classes.dir}/client https://${s1asCN}:${https.port}/security-wss-sslclientcert/webservice/WssSslClientCertServletService/HelloServlet?WSDL"/>
+ </antcall>
+
+ <delete file="client/Client.java" failonerror="false"/>
+ <copy file="client/Client.java.template" tofile="client/Client.java"/>
+ <replace file="client/Client.java">
+ <replacefilter token="@HOST@" value="${s1asCN}"/>
+ <replacefilter token="@PORT@" value="${https.port}"/>
+ </replace>
+ <javac srcdir="client" destdir="${build.classes.dir}/client"
+ classpath="${env.APS_HOME}/lib/reporter.jar:${env.S1AS_HOME}/lib/j2ee.jar:${env.S1AS_HOME}/lib/webservices-rt.jar:${env.S1AS_HOME}/lib/webservices-tools.jar:${build.classes.dir}/client" debug="on" failonerror="true"/>
+ </target>
+
+ <target name="build-server" depends="compile-server, init-security-util">
+ <mkdir dir="${assemble.dir}"/>
+ <mkdir dir="${build.classes.dir}/META-INF"/>
+
+ <antcall target="package-ejbjar-common">
+ <param name="ejbjar.files" value="${build.classes.dir}/ejbws"/>
+ <param name="ejb.jar" value="${assemble.dir}/${appname}-ejb.jar"/>
+ <param name="ejbjar.classes" value="com/sun/**/*.class"/>
+ </antcall>
+
+ <antcall target="package-war-common">
+ <param name="war.classes" value="${build.classes.dir}/servletws"/>
+ <param name="war.file" value="${assemble.dir}/${appname}-web.war"/>
+ </antcall>
+
+ <copy file="descriptor/sun-application.xml.template" tofile="${build.classes.dir}/META-INF/sun-application.xml"/>
+ <replace file="${build.classes.dir}/META-INF/sun-application.xml">
+ <replacefilter token="@HOST@" value="${s1asCN}"/>
+ </replace>
+ <copy file="${application.xml}" tofile="${build.classes.dir}/META-INF/application.xml" failonerror="false"/>
+ <jar jarfile="${assemble.dir}/${appname}App.ear">
+ <fileset dir="${assemble.dir}">
+ <include name="*.jar"/>
+ <include name="*.war"/>
+ </fileset>
+ <fileset dir="${build.classes.dir}">
+ <include name="META-INF/application.xml"/>
+ <include name="META-INF/sun-application.xml"/>
+ </fileset>
+ </jar>
+ </target>
+
+ <target name="build-client" depends="compile-client">
+ <mkdir dir="${assemble.dir}"/>
+
+ <unjar src="${env.APS_HOME}/lib/reporter.jar" dest="${build.classes.dir}/client"/>
+ <antcall target="package-appclientjar-common">
+ <param name="appclientjar.files"
+ value="${build.classes.dir}/client"/>
+ <param name="appclient.jar"
+ value="${assemble.dir}/${appname}-client.jar"/>
+ <param name="appclientjar.classes"
+ value="com/sun/**/*.class"/>
+ </antcall>
+ </target>
+
+ <target name="build-deploy" depends="init-common">
+ <antcall target="build-server"/>
+ <antcall target="deploy-common"/>
+ <antcall target="build-client"/>
+ <antcall target="deploy-client-common"/>
+ </target>
+
+ <target name="run" depends="init-common">
+ <exec executable="${APPCLIENT}">
+ <env key="VMARGS" value=" -Djavax.net.ssl.trustStore=${mytruststore.db.file} -Djavax.net.ssl.trustStorePassword=${ssl.password} -Djavax.net.ssl.keyStore=${mykeystore.db.file} -Djavax.net.ssl.keyStorePassword=${ssl.password}"/>
+ <arg line="-client" />
+ <arg line="${assemble.dir}/${appname}-clientClient.jar"/>
+ <arg line="-texauth"/>
+ <arg line="-user" />
+ <arg line="dummy" />
+ <arg line="-password" />
+ <arg line="dummy" />
+ </exec>
+ </target>
+
+ <target name="undeploy" depends="init-common">
+ <antcall target="undeploy-common"/>
+ <antcall target="undeploy-client-common"/>
+ </target>
+
+ <target name="usage">
+ <antcall target="usage-common"/>
+ </target>
+</project>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/sslclientcert/client/Client.java.template b/appserver/tests/appserv-tests/devtests/security/wss/sslclientcert/client/Client.java.template
new file mode 100644
index 0000000..3b94eb6
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/sslclientcert/client/Client.java.template
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.wss.sslclientcert.client;
+
+import javax.xml.ws.WebServiceRef;
+
+import com.sun.s1asdev.security.wss.sslclientcert.ejbws.HelloEjb;
+import com.sun.s1asdev.security.wss.sslclientcert.ejbws.WssSslClientCertEjbService;
+import com.sun.s1asdev.security.wss.sslclientcert.servletws.HelloServlet;
+import com.sun.s1asdev.security.wss.sslclientcert.servletws.WssSslClientCertServletService;
+
+import com.sun.ejte.ccl.reporter.SimpleReporterAdapter;
+
+public class Client {
+ private static SimpleReporterAdapter stat =
+ new SimpleReporterAdapter("appserv-tests");
+ private static String testSuite = "Sec:WSS SSL Client Cert test ";
+
+ @WebServiceRef(wsdlLocation="https://@HOST@:@PORT@/WssSslClientCertEjbService/HelloEjb?WSDL")
+ private static WssSslClientCertEjbService ejbService;
+ @WebServiceRef(wsdlLocation="https://@HOST@:@PORT@/security-wss-sslclientcert/webservice/WssSslClientCertServletService/HelloServlet?WSDL")
+ private static WssSslClientCertServletService servletService;
+
+ public static void main(String[] args) {
+ stat.addDescription("security-wss-sslclientcert");
+ String description = null;
+ try {
+ // ejb ws
+ HelloEjb ejbPort = ejbService.getHelloEjbPort();
+ description = testSuite + " sslclientcert: ejb hello";
+ String ejbMsg = ejbPort.hello("Sun Ejb");
+ System.out.println(ejbMsg);
+ if (ejbMsg != null && ejbMsg.startsWith("Hello Ejb, CN=@HOST@")) {
+ stat.addStatus(description, stat.PASS);
+ } else {
+ stat.addStatus(description, stat.FAIL);
+ }
+
+ description = testSuite + " sslclientcert: ejb hello2";
+ String ejbMsg2 = ejbPort.hello2("Sun Ejb - 2");
+ System.out.println(ejbMsg2);
+ if (ejbMsg2 != null && ejbMsg2.startsWith("Hello Ejb 2, CN=@HOST@")) {
+ stat.addStatus(description, stat.PASS);
+ } else {
+ stat.addStatus(description, stat.FAIL);
+ }
+ } catch(Exception ex) {
+ ex.printStackTrace();
+ stat.addStatus(description, stat.FAIL);
+ }
+
+ try {
+ // servlet ws
+ HelloServlet servletPort = servletService.getHelloServletPort();
+ description = testSuite + " sslclientcert: servlet hello";
+ String servletMsg = servletPort.hello("Sun Servlet");
+ System.out.println(servletMsg);
+ if (servletMsg != null && servletMsg.startsWith("Hello Servlet, CN=@HOST@")) {
+ stat.addStatus(description, stat.PASS);
+ } else {
+ stat.addStatus(description, stat.FAIL);
+ }
+ } catch(Exception ex) {
+ ex.printStackTrace();
+ stat.addStatus(description, stat.FAIL);
+ }
+
+ stat.printSummary("security-wss-sslclientcert");
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/sslclientcert/client/MANIFEST.MF b/appserver/tests/appserv-tests/devtests/security/wss/sslclientcert/client/MANIFEST.MF
new file mode 100644
index 0000000..2f0095f
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/sslclientcert/client/MANIFEST.MF
@@ -0,0 +1,2 @@
+Manifest-Version: 1.0
+Main-Class: com.sun.s1asdev.security.wss.sslclientcert.client.Client
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/sslclientcert/descriptor/application.xml b/appserver/tests/appserv-tests/devtests/security/wss/sslclientcert/descriptor/application.xml
new file mode 100644
index 0000000..92757d8
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/sslclientcert/descriptor/application.xml
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE application PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application 1.3//EN" "http://java.sun.com/dtd/application_1_3.dtd">
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<application>
+ <display-name>security-wss-sslclientcertApp</display-name>
+ <module>
+ <ejb>security-wss-sslclientcert-ejb.jar</ejb>
+ </module>
+ <module>
+ <web>
+ <web-uri>security-wss-sslclientcert-web.war</web-uri>
+ <context-root>security-wss-sslclientcert</context-root>
+ </web>
+ </module>
+</application>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/sslclientcert/descriptor/sun-application.xml.template b/appserver/tests/appserv-tests/devtests/security/wss/sslclientcert/descriptor/sun-application.xml.template
new file mode 100644
index 0000000..64a3d8c
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/sslclientcert/descriptor/sun-application.xml.template
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-application>
+ <security-role-mapping>
+ <role-name>SECUSER</role-name>
+ <principal-name>CN=@HOST@, OU=GlassFish, O=Sun Microsystems, L=Santa Clara, ST=California, C=US</principal-name>
+ </security-role-mapping>
+</sun-application>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/sslclientcert/descriptor/sun-ejb-jar.xml b/appserver/tests/appserv-tests/devtests/security/wss/sslclientcert/descriptor/sun-ejb-jar.xml
new file mode 100644
index 0000000..4d7852d
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/sslclientcert/descriptor/sun-ejb-jar.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE sun-ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 8.0 EJB 2.1//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-ejb-jar_2_1-0.dtd'>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<sun-ejb-jar>
+ <enterprise-beans>
+ <ejb>
+ <ejb-name>HelloEjb</ejb-name>
+ <webservice-endpoint>
+ <port-component-name>HelloEjb</port-component-name>
+ <login-config>
+ <auth-method>CLIENT-CERT</auth-method>
+ </login-config>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </webservice-endpoint>
+ </ejb>
+ </enterprise-beans>
+</sun-ejb-jar>
+
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/sslclientcert/descriptor/web.xml b/appserver/tests/appserv-tests/devtests/security/wss/sslclientcert/descriptor/web.xml
new file mode 100644
index 0000000..fc44e33
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/sslclientcert/descriptor/web.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Copyright (c) 2017, 2018 Oracle and/or its affiliates. All rights reserved.
+
+ This program and the accompanying materials are made available under the
+ terms of the Eclipse Public License v. 2.0, which is available at
+ http://www.eclipse.org/legal/epl-2.0.
+
+ This Source Code may also be made available under the following Secondary
+ Licenses when the conditions for such availability set forth in the
+ Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ version 2 with the GNU Classpath Exception, which is available at
+ https://www.gnu.org/software/classpath/license.html.
+
+ SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:j2ee="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2.5"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
+
+ <description>SSL WebTier for the Hello Service</description>
+ <display-name>HelloWAR</display-name>
+ <servlet>
+ <description>Endpoint for Hello Web Service</description>
+ <display-name>HelloWebService</display-name>
+ <servlet-name>HelloServlet</servlet-name>
+ <servlet-class>com.sun.s1asdev.security.wss.sslclientcert.servletws.HelloServlet</servlet-class>
+ <load-on-startup>0</load-on-startup>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>HelloServlet</servlet-name>
+ <url-pattern>/webservice/WssSslClientCertServletService/HelloServlet</url-pattern>
+ </servlet-mapping>
+ <session-config>
+ <session-timeout>54</session-timeout>
+ </session-config>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Protected Area</web-resource-name>
+ <url-pattern>/webservice/WssSslClientCertServletService/HelloServlet</url-pattern>
+ <http-method>POST</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>SECUSER</role-name>
+ </auth-constraint>
+ <user-data-constraint>
+ <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+ </user-data-constraint>
+ </security-constraint>
+ <login-config>
+ <auth-method>CLIENT-CERT</auth-method>
+ </login-config>
+ <security-role>
+ <role-name>SECUSER</role-name>
+ </security-role>
+</web-app>
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/sslclientcert/ejbws/HelloEjb.java b/appserver/tests/appserv-tests/devtests/security/wss/sslclientcert/ejbws/HelloEjb.java
new file mode 100644
index 0000000..9b4e8b8
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/sslclientcert/ejbws/HelloEjb.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.wss.sslclientcert.ejbws;
+
+import javax.annotation.Resource;
+import javax.ejb.SessionContext;
+import javax.ejb.Stateless;
+import javax.jws.WebService;
+import javax.xml.ws.WebServiceContext;
+
+@Stateless
+@WebService(targetNamespace="http://ejbws.sslclientcert.wss.security.s1asdev.sun.com", serviceName="WssSslClientCertEjbService")
+public class HelloEjb {
+ @Resource private SessionContext sc;
+ @Resource WebServiceContext wsc;
+
+ public String hello(String msg) {
+ return "Hello Ejb, " + sc.getCallerPrincipal() + ": " + msg ;
+ }
+
+ public String hello2(String msg) {
+ return "Hello Ejb 2, " + wsc.getUserPrincipal() + ": " + msg ;
+ }
+}
diff --git a/appserver/tests/appserv-tests/devtests/security/wss/sslclientcert/servletws/HelloServlet.java b/appserver/tests/appserv-tests/devtests/security/wss/sslclientcert/servletws/HelloServlet.java
new file mode 100644
index 0000000..4a02115
--- /dev/null
+++ b/appserver/tests/appserv-tests/devtests/security/wss/sslclientcert/servletws/HelloServlet.java
@@ -0,0 +1,30 @@
+/*
+ * Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package com.sun.s1asdev.security.wss.sslclientcert.servletws;
+
+import javax.annotation.Resource;
+import javax.jws.WebService;
+import javax.xml.ws.WebServiceContext;
+
+@WebService(targetNamespace="http://servletws.sslclientcert.wss.security.s1asdev.sun.com", serviceName="WssSslClientCertServletService")
+public class HelloServlet {
+ @Resource WebServiceContext wsc;
+
+ public String hello(String msg) {
+ return "Hello Servlet, " + wsc.getUserPrincipal() + ": " + msg;
+ }
+}
