Examples with EJBAccessException javax.ejb.EJBAccessException used on opensource projects

Example 11 with EJBAccessException

use of javax.ejb.EJBAccessException in project wildfly by wildfly.

the class EJBSecurityTestCase method testEmptyRolesAllowedAnnotationValue.

/**
     * Tests that if a method of an EJB is annotated with a {@link javax.annotation.security.RolesAllowed} with empty value for the annotation
     * <code>@RolesAllowed({})</code> then access to that method by any user MUST throw an EJBAccessException. i.e. it should
     * behave like a @DenyAll
     *
     * @throws Exception
     */
@Test
public void testEmptyRolesAllowedAnnotationValue() throws Exception {
    final Context ctx = new InitialContext();
    final AnnotatedSLSB annotatedBean = (AnnotatedSLSB) ctx.lookup("java:module/" + AnnotatedSLSB.class.getSimpleName() + "!" + AnnotatedSLSB.class.getName());
    try {
        annotatedBean.methodWithEmptyRolesAllowedAnnotation();
        Assert.fail("Call to methodWithEmptyRolesAllowedAnnotation() method was expected to fail");
    } catch (EJBAccessException ejbae) {
    //expected
    }
}

Example 12 with EJBAccessException

use of javax.ejb.EJBAccessException in project wildfly by wildfly.

the class AuthenticationTestCase method testAuthentication_BadPwd.

@Test
public void testAuthentication_BadPwd() throws Exception {
    LoginContext lc = Util.getCLMLoginContext("user1", "wrong_password");
    lc.login();
    try {
        entryBean.whoAmI();
        fail("Expected EJBAccessException due to bad password not thrown. (EJB 3.1 FR 17.6.9)");
    } catch (EJBAccessException ignored) {
    } finally {
        lc.logout();
    }
}

Example 13 with EJBAccessException

use of javax.ejb.EJBAccessException in project wildfly by wildfly.

the class EJBInWarDefaultSecurityDomainTestCase method testSecurityOnBeanInAbsenceOfExplicitSecurityDomain.

/**
     * Tests that a bean which doesn't explicitly have a security domain configured, but still has EJB security related
     * annotations on it, is still considered secured and the security annotations are honoured
     *
     * @throws Exception
     */
@Test
public void testSecurityOnBeanInAbsenceOfExplicitSecurityDomain() throws Exception {
    final Context ctx = new InitialContext();
    // lookup the bean which doesn't explicitly have any security domain configured
    final Restriction restrictedBean = (Restriction) ctx.lookup("java:module/" + BeanWithoutExplicitSecurityDomain.class.getSimpleName() + "!" + Restriction.class.getName());
    try {
        // try invoking a method annotated @DenyAll (expected to fail)
        restrictedBean.restrictedMethod();
        Assert.fail("Call to restrictedMethod() method was expected to fail");
    } catch (EJBAccessException ejbae) {
    // expected
    }
    // lookup the bean which doesn't explicitly have any security domain configured
    final FullAccess fullAccessBean = (FullAccess) ctx.lookup("java:module/" + BeanWithoutExplicitSecurityDomain.class.getSimpleName() + "!" + FullAccess.class.getName());
    // invoke a @PermitAll method
    fullAccessBean.doAnything();
    // lookup the bean which doesn't explicitly have any security domain configured
    final BeanWithoutExplicitSecurityDomain specificRoleAccessBean = (BeanWithoutExplicitSecurityDomain) ctx.lookup("java:module/" + BeanWithoutExplicitSecurityDomain.class.getSimpleName() + "!" + BeanWithoutExplicitSecurityDomain.class.getName());
    try {
        // invoke a method which only a specific role can access.
        // this is expected to fail since we haven't logged in as any user
        specificRoleAccessBean.allowOnlyRoleTwoToAccess();
        Assert.fail("Invocation was expected to fail since only a specific role was expected to be allowed to access the bean method");
    } catch (EJBAccessException ejbae) {
    // expected
    }
    // login as user1 and test
    LoginContext lc = Util.getCLMLoginContext("user1", "password1");
    lc.login();
    try {
        // expected to pass since user1 belongs to Role1
        specificRoleAccessBean.allowOnlyRoleOneToAccess();
        // expected to fail since user1 *doesn't* belong to Role2
        try {
            specificRoleAccessBean.allowOnlyRoleTwoToAccess();
            Assert.fail("Call to toBeInvokedByRole2() was expected to fail");
        } catch (EJBAccessException ejbae) {
        // expected
        }
    } finally {
        lc.logout();
    }
    // login as user2 and test
    lc = Util.getCLMLoginContext("user2", "password2");
    lc.login();
    try {
        // expected to pass since user2 belongs to Role2
        specificRoleAccessBean.allowOnlyRoleTwoToAccess();
        // expected to fail since user2 *doesn't* belong to Role1
        try {
            specificRoleAccessBean.allowOnlyRoleOneToAccess();
            Assert.fail("Call to toBeInvokedOnlyByRole1() was expected to fail");
        } catch (EJBAccessException ejbae) {
        // expected
        }
    } finally {
        lc.logout();
    }
}

Example 14 with EJBAccessException

use of javax.ejb.EJBAccessException in project wildfly by wildfly.

the class PropagationTestServlet method doGet.

/**
     * Tests access to EJBs implementing {@link Manage} interface.
     *
     * @param req
     * @param resp
     * @throws ServletException
     * @throws IOException
     * @see javax.servlet.http.HttpServlet#doGet(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
     */
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    resp.setContentType("text/plain");
    final PrintWriter writer = resp.getWriter();
    final String beanName = req.getParameter(PARAM_BEAN_NAME);
    final String methodName = req.getParameter(PARAM_METHOD_NAME);
    Context ctx = null;
    try {
        ctx = new InitialContext();
        final Manage manageBean = (Manage) ctx.lookup("java:app/" + Manage.TEST_NAME + "/" + beanName);
        String msg = null;
        if (METHOD_NAME_ADMIN.equals(methodName)) {
            msg = manageBean.admin();
        } else if (METHOD_NAME_MANAGE.equals(methodName)) {
            msg = manageBean.manage();
        } else if (METHOD_NAME_WORK.equals(methodName)) {
            msg = manageBean.work();
        } else {
            msg = "Unknown method: " + methodName;
        }
        writer.append(msg);
    } catch (EJBAccessException e) {
        //expected state in this servlet
        writer.append(RESULT_EJB_ACCESS_EXCEPTION);
    } catch (Exception e) {
        LOGGER.error("EJB Call failed", e);
        e.printStackTrace(writer);
    } finally {
        if (ctx != null) {
            try {
                ctx.close();
            } catch (NamingException e) {
                LOGGER.error("Error", e);
            }
        }
    }
    writer.close();
}

Example 15 with EJBAccessException

use of javax.ejb.EJBAccessException in project wildfly by wildfly.

the class RemotingLoginModuleTestCase method testNotAuthorizedClient.

/**
     * Tests if role check is done correctly for authenticated user.
     *
     * @throws Exception
     */
@Test
public void testNotAuthorizedClient() throws Exception {
    final Properties env = configureEjbClient(CLIENT_NOT_AUTHORIZED_NAME);
    InitialContext ctx = new InitialContext(env);
    final Hello helloBean = (Hello) ctx.lookup(HELLOBEAN_LOOKUP_NAME);
    try {
        helloBean.sayHelloWorld();
        fail("The EJB call should fail for unauthorized client.");
    } catch (EJBAccessException e) {
    //OK
    }
    ctx.close();
}