Search in sources :

Example 31 with EJBAccessException

use of javax.ejb.EJBAccessException in project wildfly by wildfly.

the class SecurityDDOverrideTestCase method testDDOverride.

/**
     * Tests that the overriden roles allowed, via ejb-jar.xml, on an EJB method are taken into account for EJB method
     * invocations
     *
     * @throws Exception
     */
@Test
public void testDDOverride() throws Exception {
    final Context ctx = new InitialContext();
    final PartialDDBean partialDDBean = (PartialDDBean) ctx.lookup("java:module/" + PartialDDBean.class.getSimpleName() + "!" + PartialDDBean.class.getName());
    try {
        partialDDBean.denyAllMethod();
        Assert.fail("Call to denyAllMethod() was expected to fail");
    } catch (EJBAccessException ejbae) {
    // expected
    }
    // expected to pass
    partialDDBean.permitAllMethod();
    // login as user1 and test
    LoginContext lc = Util.getCLMLoginContext("user1", "password1");
    lc.login();
    try {
        // expected to pass since user1 belongs to Role1
        partialDDBean.toBeInvokedOnlyByRole1();
        // expected to fail since user1 *doesn't* belong to Role2
        try {
            partialDDBean.toBeInvokedByRole2();
            Assert.fail("Call to toBeInvokedByRole2() was expected to fail");
        } catch (EJBAccessException ejbae) {
        // expected
        }
    } finally {
        lc.logout();
    }
    // login as user2 and test
    lc = Util.getCLMLoginContext("user2", "password2");
    lc.login();
    try {
        // expected to pass since user2 belongs to Role2
        partialDDBean.toBeInvokedByRole2();
        // expected to fail since user2 *doesn't* belong to Role1
        try {
            partialDDBean.toBeInvokedOnlyByRole1();
            Assert.fail("Call to toBeInvokedOnlyByRole1() was expected to fail");
        } catch (EJBAccessException ejbae) {
        // expected
        }
    } finally {
        lc.logout();
    }
}
Also used : InitialContext(javax.naming.InitialContext) LoginContext(javax.security.auth.login.LoginContext) Context(javax.naming.Context) LoginContext(javax.security.auth.login.LoginContext) PartialDDBean(org.jboss.as.test.integration.ejb.security.dd.override.PartialDDBean) InitialContext(javax.naming.InitialContext) EJBAccessException(javax.ejb.EJBAccessException) Test(org.junit.Test)

Example 32 with EJBAccessException

use of javax.ejb.EJBAccessException in project wildfly by wildfly.

the class AsynchronousSecurityTestCase method testAsyncSecurityPermition.

@Test
public void testAsyncSecurityPermition() throws Exception {
    SecuredStatelessBean.reset();
    SecuredStatelessRemote securedBean = lookupInterface(SecuredStatelessBean.class, SecuredStatelessRemote.class);
    LoginContext lc = Util.getCLMLoginContext("rolefail", "password");
    lc.login();
    // Test 1
    try {
        Future<Boolean> future = securedBean.uncheckedMethod();
        SecuredStatelessBean.startLatch.countDown();
        boolean result = future.get();
        Assert.assertTrue(result);
        // Test 2
        future = null;
        result = false;
        SecuredStatelessBean.reset();
        try {
            future = securedBean.excludedMethod();
            SecuredStatelessBean.startLatch.countDown();
            result = future.get();
        } catch (ExecutionException ee) {
            if (!(ee.getCause() instanceof EJBAccessException)) {
                Assert.fail("Exception cause was not EJBAccessException and was " + ee);
            }
        } catch (EJBAccessException ejbe) {
        // it's ok too
        }
        Assert.assertFalse(result);
    } finally {
        lc.logout();
    }
}
Also used : LoginContext(javax.security.auth.login.LoginContext) ExecutionException(java.util.concurrent.ExecutionException) EJBAccessException(javax.ejb.EJBAccessException) Test(org.junit.Test)

Example 33 with EJBAccessException

use of javax.ejb.EJBAccessException in project wildfly by wildfly.

the class AsynchronousSecurityTestCase method testAsynchSecurityMethod.

@Test
public void testAsynchSecurityMethod() throws Exception {
    SecuredStatelessRemote securedBean = lookupInterface(SecuredStatelessBean.class, SecuredStatelessRemote.class);
    boolean result = false;
    Future<Boolean> future;
    // Test 1
    SecuredStatelessBean.reset();
    LoginContext lc = Util.getCLMLoginContext("somebody", "password");
    lc.login();
    try {
        future = securedBean.method();
        SecuredStatelessBean.startLatch.countDown();
        result = future.get();
    } finally {
        lc.logout();
    }
    Assert.assertTrue(result);
    // Test 2
    SecuredStatelessBean.reset();
    future = null;
    result = false;
    lc = Util.getCLMLoginContext("rolefail", "password");
    lc.login();
    try {
        future = securedBean.method();
        SecuredStatelessBean.startLatch.countDown();
        result = future.get();
    } catch (ExecutionException ee) {
        if (!(ee.getCause() instanceof EJBAccessException)) {
            Assert.fail("Exception cause was not EJBAccessException and was " + ee);
        }
    } catch (EJBAccessException ejbe) {
    // it's ok too
    } finally {
        lc.logout();
    }
    Assert.assertFalse(result);
    // Test 3
    SecuredStatelessBean.reset();
    future = null;
    result = false;
    lc = Util.getCLMLoginContext("nosuchuser", "password");
    lc.login();
    try {
        future = securedBean.method();
        SecuredStatelessBean.startLatch.countDown();
        result = future.get();
    } catch (ExecutionException ee) {
        if (!(ee.getCause() instanceof EJBAccessException)) {
            Assert.fail("Exception cause was not EJBAccessException and was " + ee);
        }
    } catch (EJBAccessException ejbe) {
    // it's ok too
    } finally {
        lc.logout();
    }
    Assert.assertFalse(result);
}
Also used : LoginContext(javax.security.auth.login.LoginContext) ExecutionException(java.util.concurrent.ExecutionException) EJBAccessException(javax.ejb.EJBAccessException) Test(org.junit.Test)

Example 34 with EJBAccessException

use of javax.ejb.EJBAccessException in project wildfly by wildfly.

the class AnnotationAuthorizationTestCase method testRolesAllowedOverridenInBaseClass_HR.

@Test
public void testRolesAllowedOverridenInBaseClass_HR() throws Exception {
    LoginContext lc = Util.getCLMLoginContext("hr", "hr");
    lc.login();
    try {
        String response = rolesAllowedOverridenBean.aMethod("aMethod");
        assertEquals("aMethod", response);
        try {
            rolesAllowedOverridenBean.bMethod("bMethod");
            fail("Expected EJBAccessException not thrown");
        } catch (EJBAccessException ignored) {
        }
    } finally {
        lc.logout();
    }
}
Also used : LoginContext(javax.security.auth.login.LoginContext) EJBAccessException(javax.ejb.EJBAccessException) Test(org.junit.Test)

Example 35 with EJBAccessException

use of javax.ejb.EJBAccessException in project wildfly by wildfly.

the class AnnotationAuthorizationTestCase method testPermitAllOverride_User1.

@Test
public void testPermitAllOverride_User1() throws Exception {
    LoginContext lc = Util.getCLMLoginContext("user1", "password1");
    lc.login();
    try {
        String response = permitAllOverrideBean.defaultEcho("1");
        assertEquals("1", response);
        try {
            permitAllOverrideBean.denyAllEcho("2");
            fail("Expected EJBAccessException not thrown");
        } catch (EJBAccessException ignored) {
        }
        response = permitAllOverrideBean.role1Echo("3");
        assertEquals("3", response);
    } finally {
        lc.logout();
    }
}
Also used : LoginContext(javax.security.auth.login.LoginContext) EJBAccessException(javax.ejb.EJBAccessException) Test(org.junit.Test)

Aggregations

EJBAccessException (javax.ejb.EJBAccessException)45 Test (org.junit.Test)26 LoginContext (javax.security.auth.login.LoginContext)16 Context (javax.naming.Context)13 InitialContext (javax.naming.InitialContext)13 OpenEJBException (org.apache.openejb.OpenEJBException)5 Principal (java.security.Principal)4 NamingException (javax.naming.NamingException)4 ApplicationException (org.apache.openejb.ApplicationException)4 IOException (java.io.IOException)3 Method (java.lang.reflect.Method)3 Properties (java.util.Properties)3 AccessLocalException (javax.ejb.AccessLocalException)3 EJBHome (javax.ejb.EJBHome)3 EJBLocalHome (javax.ejb.EJBLocalHome)3 EJBLocalObject (javax.ejb.EJBLocalObject)3 EJBObject (javax.ejb.EJBObject)3 LoginException (javax.security.auth.login.LoginException)3 ServletException (javax.servlet.ServletException)3 BeanContext (org.apache.openejb.BeanContext)3