Examples with EJBAccessException javax.ejb.EJBAccessException used on opensource projects

Example 26 with EJBAccessException

use of javax.ejb.EJBAccessException in project wildfly by wildfly.

the class EJBSecurityTestCase method testDenyAllAnnotation.

@Test
public void testDenyAllAnnotation() throws Exception {
    final Context ctx = new InitialContext();
    final Restriction restrictedBean = (Restriction) ctx.lookup("java:module/" + AnnotatedSLSB.class.getSimpleName() + "!" + Restriction.class.getName());
    try {
        restrictedBean.restrictedMethod();
        Assert.fail("Call to restrictedMethod() method was expected to fail");
    } catch (EJBAccessException ejbae) {
    // expected
    }
    final FullAccess fullAccessBean = (FullAccess) ctx.lookup("java:module/" + AnnotatedSLSB.class.getSimpleName() + "!" + FullAccess.class.getName());
    fullAccessBean.doAnything();
    final AnnotatedSLSB annotatedBean = (AnnotatedSLSB) ctx.lookup("java:module/" + AnnotatedSLSB.class.getSimpleName() + "!" + AnnotatedSLSB.class.getName());
    try {
        annotatedBean.restrictedMethod();
        Assert.fail("Call to restrictedMethod() method was expected to fail");
    } catch (EJBAccessException ejbae) {
    //expected
    }
    // full access, should work
    annotatedBean.doAnything();
    try {
        annotatedBean.restrictedBaseClassMethod();
        Assert.fail("Call to restrictedBaseClassMethod() method was expected to fail");
    } catch (EJBAccessException ejbae) {
    //expected
    }
    // should be accessible, since the overridden method isn't annotated with @DenyAll
    annotatedBean.overriddenMethod();
    final FullyRestrictedBean fullyRestrictedBean = (FullyRestrictedBean) ctx.lookup("java:module/" + FullyRestrictedBean.class.getSimpleName() + "!" + FullyRestrictedBean.class.getName());
    try {
        fullyRestrictedBean.overriddenMethod();
        Assert.fail("Call to overriddenMethod() method was expected to fail");
    } catch (EJBAccessException ejae) {
    // expected
    }
}

Example 27 with EJBAccessException

use of javax.ejb.EJBAccessException in project wildfly by wildfly.

the class SecurityDDOverrideTestCase method testDDOverride.

/**
     * Tests that the overriden roles allowed, via ejb-jar.xml, on an EJB method are taken into account for EJB method
     * invocations
     *
     * @throws Exception
     */
@Test
public void testDDOverride() throws Exception {
    final Context ctx = new InitialContext();
    final PartialDDBean partialDDBean = (PartialDDBean) ctx.lookup("java:module/" + PartialDDBean.class.getSimpleName() + "!" + PartialDDBean.class.getName());
    try {
        partialDDBean.denyAllMethod();
        Assert.fail("Call to denyAllMethod() was expected to fail");
    } catch (EJBAccessException ejbae) {
    // expected
    }
    // expected to pass
    partialDDBean.permitAllMethod();
    // login as user1 and test
    LoginContext lc = Util.getCLMLoginContext("user1", "password1");
    lc.login();
    try {
        // expected to pass since user1 belongs to Role1
        partialDDBean.toBeInvokedOnlyByRole1();
        // expected to fail since user1 *doesn't* belong to Role2
        try {
            partialDDBean.toBeInvokedByRole2();
            Assert.fail("Call to toBeInvokedByRole2() was expected to fail");
        } catch (EJBAccessException ejbae) {
        // expected
        }
    } finally {
        lc.logout();
    }
    // login as user2 and test
    lc = Util.getCLMLoginContext("user2", "password2");
    lc.login();
    try {
        // expected to pass since user2 belongs to Role2
        partialDDBean.toBeInvokedByRole2();
        // expected to fail since user2 *doesn't* belong to Role1
        try {
            partialDDBean.toBeInvokedOnlyByRole1();
            Assert.fail("Call to toBeInvokedOnlyByRole1() was expected to fail");
        } catch (EJBAccessException ejbae) {
        // expected
        }
    } finally {
        lc.logout();
    }
}

Example 28 with EJBAccessException

use of javax.ejb.EJBAccessException in project wildfly by wildfly.

the class AsynchronousSecurityTestCase method testAsyncSecurityPermition.

@Test
public void testAsyncSecurityPermition() throws Exception {
    SecuredStatelessBean.reset();
    SecuredStatelessRemote securedBean = lookupInterface(SecuredStatelessBean.class, SecuredStatelessRemote.class);
    LoginContext lc = Util.getCLMLoginContext("rolefail", "password");
    lc.login();
    // Test 1
    try {
        Future<Boolean> future = securedBean.uncheckedMethod();
        SecuredStatelessBean.startLatch.countDown();
        boolean result = future.get();
        Assert.assertTrue(result);
        // Test 2
        future = null;
        result = false;
        SecuredStatelessBean.reset();
        try {
            future = securedBean.excludedMethod();
            SecuredStatelessBean.startLatch.countDown();
            result = future.get();
        } catch (ExecutionException ee) {
            if (!(ee.getCause() instanceof EJBAccessException)) {
                Assert.fail("Exception cause was not EJBAccessException and was " + ee);
            }
        } catch (EJBAccessException ejbe) {
        // it's ok too
        }
        Assert.assertFalse(result);
    } finally {
        lc.logout();
    }
}

Example 29 with EJBAccessException

use of javax.ejb.EJBAccessException in project wildfly by wildfly.

the class AsynchronousSecurityTestCase method testAsynchSecurityMethod.

@Test
public void testAsynchSecurityMethod() throws Exception {
    SecuredStatelessRemote securedBean = lookupInterface(SecuredStatelessBean.class, SecuredStatelessRemote.class);
    boolean result = false;
    Future<Boolean> future;
    // Test 1
    SecuredStatelessBean.reset();
    LoginContext lc = Util.getCLMLoginContext("somebody", "password");
    lc.login();
    try {
        future = securedBean.method();
        SecuredStatelessBean.startLatch.countDown();
        result = future.get();
    } finally {
        lc.logout();
    }
    Assert.assertTrue(result);
    // Test 2
    SecuredStatelessBean.reset();
    future = null;
    result = false;
    lc = Util.getCLMLoginContext("rolefail", "password");
    lc.login();
    try {
        future = securedBean.method();
        SecuredStatelessBean.startLatch.countDown();
        result = future.get();
    } catch (ExecutionException ee) {
        if (!(ee.getCause() instanceof EJBAccessException)) {
            Assert.fail("Exception cause was not EJBAccessException and was " + ee);
        }
    } catch (EJBAccessException ejbe) {
    // it's ok too
    } finally {
        lc.logout();
    }
    Assert.assertFalse(result);
    // Test 3
    SecuredStatelessBean.reset();
    future = null;
    result = false;
    lc = Util.getCLMLoginContext("nosuchuser", "password");
    lc.login();
    try {
        future = securedBean.method();
        SecuredStatelessBean.startLatch.countDown();
        result = future.get();
    } catch (ExecutionException ee) {
        if (!(ee.getCause() instanceof EJBAccessException)) {
            Assert.fail("Exception cause was not EJBAccessException and was " + ee);
        }
    } catch (EJBAccessException ejbe) {
    // it's ok too
    } finally {
        lc.logout();
    }
    Assert.assertFalse(result);
}

Example 30 with EJBAccessException

use of javax.ejb.EJBAccessException in project wildfly by wildfly.

the class AnnotationAuthorizationTestCase method testRolesAllowedOverridenInBaseClass_HR.

@Test
public void testRolesAllowedOverridenInBaseClass_HR() throws Exception {
    LoginContext lc = Util.getCLMLoginContext("hr", "hr");
    lc.login();
    try {
        String response = rolesAllowedOverridenBean.aMethod("aMethod");
        assertEquals("aMethod", response);
        try {
            rolesAllowedOverridenBean.bMethod("bMethod");
            fail("Expected EJBAccessException not thrown");
        } catch (EJBAccessException ignored) {
        }
    } finally {
        lc.logout();
    }
}