Start with adding invoker test. WIP

Author: arjantijms

jaspic/invoke-ejb-cdi/pom.xml

@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>org.javaee7</groupId>
+        <artifactId>jaspic</artifactId>
+        <version>1.0-SNAPSHOT</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+    
+    <artifactId>jaspic-invoke-ejb-cdi</artifactId>
+
+    <packaging>war</packaging>
+
+    <name>Java EE 7 Sample: jaspic - invoke EJB and CDI</name>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.javaee7</groupId>
+            <artifactId>jaspic-common</artifactId>
+            <version>1.0-SNAPSHOT</version>
+        </dependency>
+    </dependencies>
+</project>

jaspic/invoke-ejb-cdi/src/main/java/org/javaee7/jaspic/invoke/bean/CDIBean.java

@@ -0,0 +1,14 @@
+package org.javaee7.jaspic.invoke.bean;
+
+import javax.enterprise.context.RequestScoped;
+import javax.inject.Named;
+
+@Named
+@RequestScoped
+public class CDIBean {
+
+    public String getText() {
+        return "Called from CDI";
+    }
+    
+}

jaspic/invoke-ejb-cdi/src/main/java/org/javaee7/jaspic/invoke/bean/EJBBean.java

@@ -0,0 +1,12 @@
+package org.javaee7.jaspic.invoke.bean;
+
+import javax.ejb.Stateless;
+
+@Stateless
+public class EJBBean {
+
+    public String getText() {
+        return "Called from EJB";
+    }
+    
+}

jaspic/invoke-ejb-cdi/src/main/java/org/javaee7/jaspic/invoke/sam/SamAutoRegistrationListener.java

@@ -0,0 +1,22 @@
+package org.javaee7.jaspic.invoke.sam;
+
+import javax.servlet.ServletContextEvent;
+import javax.servlet.annotation.WebListener;
+
+import org.javaee7.jaspic.common.BaseServletContextListener;
+import org.javaee7.jaspic.common.JaspicUtils;
+
+/**
+ * 
+ * @author Arjan Tijms
+ * 
+ */
+@WebListener
+public class SamAutoRegistrationListener extends BaseServletContextListener {
+
+    @Override
+    public void contextInitialized(ServletContextEvent sce) {
+        JaspicUtils.registerSAM(sce.getServletContext(), new TestServerAuthModule());
+    }
+
+}

jaspic/invoke-ejb-cdi/src/main/java/org/javaee7/jaspic/invoke/sam/TestServerAuthModule.java

@@ -0,0 +1,110 @@
+package org.javaee7.jaspic.invoke.sam;
+
+import static java.util.logging.Level.SEVERE;
+import static javax.security.auth.message.AuthStatus.SEND_SUCCESS;
+import static javax.security.auth.message.AuthStatus.SUCCESS;
+
+import java.io.IOException;
+import java.util.Map;
+import java.util.logging.Logger;
+
+import javax.enterprise.inject.spi.CDI;
+import javax.naming.InitialContext;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.MessagePolicy;
+import javax.security.auth.message.callback.CallerPrincipalCallback;
+import javax.security.auth.message.callback.GroupPrincipalCallback;
+import javax.security.auth.message.module.ServerAuthModule;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.javaee7.jaspic.invoke.bean.CDIBean;
+import org.javaee7.jaspic.invoke.bean.EJBBean;
+
+/**
+ * 
+ * @author Arjan Tijms
+ * 
+ */
+public class TestServerAuthModule implements ServerAuthModule {
+
+    private final static Logger logger = Logger.getLogger(TestServerAuthModule.class.getName());
+    
+    private CallbackHandler handler;
+    private Class<?>[] supportedMessageTypes = new Class[] { HttpServletRequest.class, HttpServletResponse.class };
+    
+    
+
+    @Override
+    public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy, CallbackHandler handler,
+        @SuppressWarnings("rawtypes") Map options) throws AuthException {
+        this.handler = handler;
+    }
+
+    @Override
+    public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
+        
+        HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
+        HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
+        
+        if ("cdi".equals(request.getParameter("tech"))) {
+            callCDIBean(response, "validateRequest");
+        } else  if ("ejb".equals(request.getParameter("tech"))) {
+            callEJBBean(response, "validateRequest");
+        }
+        
+        try {
+            handler.handle(new Callback[] {
+                new CallerPrincipalCallback(clientSubject, "test"),
+                new GroupPrincipalCallback(clientSubject, new String[] { "architect" })
+            });
+            
+            return SUCCESS;
+            
+        } catch (IOException | UnsupportedCallbackException e) {
+            throw (AuthException) new AuthException().initCause(e);
+        }
+    }
+    
+    private void callCDIBean(HttpServletResponse response, String phase) {
+        try {
+            CDIBean cdiBean = CDI.current().select(CDIBean.class).get();
+            response.getWriter().write(phase + ": " + cdiBean.getText());
+        } catch (Exception e) {
+            logger.log(SEVERE, "", e);
+        }
+    }
+    
+    private void callEJBBean(HttpServletResponse response, String phase) {
+        try {
+            EJBBean ejbBean = (EJBBean) new InitialContext().lookup("java:module/EJBBean");
+            response.getWriter().write(phase + ": " + ejbBean.getText());
+        } catch (Exception e) {
+            logger.log(SEVERE, "", e);
+        }
+    }
+    
+
+    @Override
+    public Class<?>[] getSupportedMessageTypes() {
+        return supportedMessageTypes;
+    }
+
+    @Override
+    public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException {
+        return SEND_SUCCESS;
+    }
+
+    @Override
+    public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {
+
+    }
+    
+    
+}

jaspic/invoke-ejb-cdi/src/main/java/org/javaee7/jaspic/invoke/servlet/ProtectedServlet.java

@@ -0,0 +1,25 @@
+package org.javaee7.jaspic.invoke.servlet;
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * 
+ * @author Arjan Tijms
+ * 
+ */
+@WebServlet(urlPatterns = "/protected/servlet")
+public class ProtectedServlet extends HttpServlet {
+
+    private static final long serialVersionUID = 1L;
+
+    @Override
+    public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        response.getWriter().write("Resource invoked\n");
+    }
+
+}

jaspic/invoke-ejb-cdi/src/main/java/org/javaee7/jaspic/invoke/servlet/PublicServlet.java

@@ -0,0 +1,25 @@
+package org.javaee7.jaspic.invoke.servlet;
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * 
+ * @author Arjan Tijms
+ * 
+ */
+@WebServlet(urlPatterns = "/public/servlet")
+public class PublicServlet extends HttpServlet {
+
+    private static final long serialVersionUID = 1L;
+
+    @Override
+    public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        response.getWriter().write("Resource invoked\n");
+    }
+
+}

jaspic/invoke-ejb-cdi/src/main/webapp/WEB-INF/beans.xml

@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
+<glassfish-web-app>
+
+    <security-role-mapping>
+        <role-name>architect</role-name>
+        <group-name>architect</group-name>
+    </security-role-mapping>
+
+    <parameter-encoding default-charset="UTF-8" />
+
+</glassfish-web-app>

jaspic/invoke-ejb-cdi/src/main/webapp/WEB-INF/glassfish-web.xml

@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<application-bnd xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://websphere.ibm.com/xml/ns/javaee http://websphere.ibm.com/xml/ns/javaee/ibm-application-bnd_1_2.xsd"
+    xmlns="http://websphere.ibm.com/xml/ns/javaee"
+    version="1.2">
+
+    <security-role name="architect"> 
+        <group name="architect" />
+    </security-role>
+
+</application-bnd>

jaspic/invoke-ejb-cdi/src/main/webapp/WEB-INF/ibm-application-bnd.xml

@@ -0,0 +1,5 @@
+<?xml version="1.0"?>
+
+<jboss-web>
+    <security-domain>jaspitest</security-domain>
+</jboss-web>

jaspic/invoke-ejb-cdi/src/main/webapp/WEB-INF/jboss-web.xml

@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee"
+    xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+    version="3.0">
+
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>Test</web-resource-name>
+            <url-pattern>/protected/*</url-pattern>
+        </web-resource-collection>
+        <auth-constraint>
+            <role-name>architect</role-name>
+        </auth-constraint>
+    </security-constraint>
+
+    <security-role>
+        <role-name>architect</role-name>
+    </security-role>
+
+</web-app>

jaspic/invoke-ejb-cdi/src/main/webapp/WEB-INF/web.xml

@@ -0,0 +1,55 @@
+package org.javaee7.jaspictest.invoke;
+
+import static org.junit.Assert.assertTrue;
+
+import java.io.IOException;
+
+import org.javaee7.jaspic.common.ArquillianBase;
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.shrinkwrap.api.Archive;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.xml.sax.SAXException;
+
+/**
+ * 
+ * @author Arjan Tijms
+ * 
+ */
+@RunWith(Arquillian.class)
+public class InvokeCDIBeanTest extends ArquillianBase {
+
+    @Deployment(testable = false)
+    public static Archive<?> createDeployment() {
+        return tryWrapEAR(
+            defaultWebArchive()
+                .addAsWebInfResource(resource("beans.xml"))
+        );
+    }
+
+    @Test
+    public void invokeCDIBeanFromSAM() throws IOException, SAXException {
+
+        String response = getFromServerPath("public/servlet?tech=cdi");
+        
+        assertTrue(
+            "Response did not contain output from CDI bean for validateRequest.", 
+            response.contains("validateRequest: Called from CDI")
+        );
+    }
+    
+    @Test
+    public void invokeEJBBeanInValidateRequest() throws IOException, SAXException {
+
+        String response = getFromServerPath("public/servlet?tech=ejb");
+        
+        assertTrue(
+            "Response did not contain output from EJB bean for validateRequest.", 
+            response.contains("validateRequest: Called from EJB")
+        );
+    }
+    
+
+
+}

jaspic/invoke-ejb-cdi/src/test/java/org/javaee7/jaspictest/invoke/InvokeCDIBeanTest.java

@@ -8,17 +8,23 @@
         <version>1.0-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
-    <groupId>org.javaee7</groupId>
+    
     <artifactId>jaspic</artifactId>
-    <version>1.0-SNAPSHOT</version>
     <packaging>pom</packaging>
+    
     <name>Java EE 7 Sample: jaspic</name>
 
     <modules>
         <!-- Not a module with tests, but contains common code for the other modules -->
         <module>common</module>
+        
+        <!-- Tests that a SAM is able to invoke EJB beans and CDI bean. NOTE; JASPIC 1.1 does not require this,
+             although a JASPIC 1.1 compatible container "should" at least be able to call EJB beans (even though
+             the spec is silent on this)
+        -->
+        <module>invoke-ejb-cdi</module>
 
-           <!-- Tests behavior of authentication involving asynchronous requests -->
+        <!-- Tests behavior of authentication involving asynchronous requests -->
         <module>async-authentication</module>
 
         <!-- Tests a simple authentication from both public and protected resources -->