use of javax.ejb.EJBAccessException in project wildfly by wildfly.
the class SecurityDDOverrideTestCase method testDDOverride.
/**
* Tests that the overriden roles allowed, via ejb-jar.xml, on an EJB method are taken into account for EJB method
* invocations
*
* @throws Exception
*/
@Test
public void testDDOverride() throws Exception {
final Context ctx = new InitialContext();
final PartialDDBean partialDDBean = (PartialDDBean) ctx.lookup("java:module/" + PartialDDBean.class.getSimpleName() + "!" + PartialDDBean.class.getName());
try {
partialDDBean.denyAllMethod();
Assert.fail("Call to denyAllMethod() was expected to fail");
} catch (EJBAccessException ejbae) {
// expected
}
// expected to pass
partialDDBean.permitAllMethod();
// login as user1 and test
LoginContext lc = Util.getCLMLoginContext("user1", "password1");
lc.login();
try {
// expected to pass since user1 belongs to Role1
partialDDBean.toBeInvokedOnlyByRole1();
// expected to fail since user1 *doesn't* belong to Role2
try {
partialDDBean.toBeInvokedByRole2();
Assert.fail("Call to toBeInvokedByRole2() was expected to fail");
} catch (EJBAccessException ejbae) {
// expected
}
} finally {
lc.logout();
}
// login as user2 and test
lc = Util.getCLMLoginContext("user2", "password2");
lc.login();
try {
// expected to pass since user2 belongs to Role2
partialDDBean.toBeInvokedByRole2();
// expected to fail since user2 *doesn't* belong to Role1
try {
partialDDBean.toBeInvokedOnlyByRole1();
Assert.fail("Call to toBeInvokedOnlyByRole1() was expected to fail");
} catch (EJBAccessException ejbae) {
// expected
}
} finally {
lc.logout();
}
}
use of javax.ejb.EJBAccessException in project wildfly by wildfly.
the class AsynchronousSecurityTestCase method testAsyncSecurityPermition.
@Test
public void testAsyncSecurityPermition() throws Exception {
SecuredStatelessBean.reset();
SecuredStatelessRemote securedBean = lookupInterface(SecuredStatelessBean.class, SecuredStatelessRemote.class);
LoginContext lc = Util.getCLMLoginContext("rolefail", "password");
lc.login();
// Test 1
try {
Future<Boolean> future = securedBean.uncheckedMethod();
SecuredStatelessBean.startLatch.countDown();
boolean result = future.get();
Assert.assertTrue(result);
// Test 2
future = null;
result = false;
SecuredStatelessBean.reset();
try {
future = securedBean.excludedMethod();
SecuredStatelessBean.startLatch.countDown();
result = future.get();
} catch (ExecutionException ee) {
if (!(ee.getCause() instanceof EJBAccessException)) {
Assert.fail("Exception cause was not EJBAccessException and was " + ee);
}
} catch (EJBAccessException ejbe) {
// it's ok too
}
Assert.assertFalse(result);
} finally {
lc.logout();
}
}
use of javax.ejb.EJBAccessException in project wildfly by wildfly.
the class AsynchronousSecurityTestCase method testAsynchSecurityMethod.
@Test
public void testAsynchSecurityMethod() throws Exception {
SecuredStatelessRemote securedBean = lookupInterface(SecuredStatelessBean.class, SecuredStatelessRemote.class);
boolean result = false;
Future<Boolean> future;
// Test 1
SecuredStatelessBean.reset();
LoginContext lc = Util.getCLMLoginContext("somebody", "password");
lc.login();
try {
future = securedBean.method();
SecuredStatelessBean.startLatch.countDown();
result = future.get();
} finally {
lc.logout();
}
Assert.assertTrue(result);
// Test 2
SecuredStatelessBean.reset();
future = null;
result = false;
lc = Util.getCLMLoginContext("rolefail", "password");
lc.login();
try {
future = securedBean.method();
SecuredStatelessBean.startLatch.countDown();
result = future.get();
} catch (ExecutionException ee) {
if (!(ee.getCause() instanceof EJBAccessException)) {
Assert.fail("Exception cause was not EJBAccessException and was " + ee);
}
} catch (EJBAccessException ejbe) {
// it's ok too
} finally {
lc.logout();
}
Assert.assertFalse(result);
// Test 3
SecuredStatelessBean.reset();
future = null;
result = false;
lc = Util.getCLMLoginContext("nosuchuser", "password");
lc.login();
try {
future = securedBean.method();
SecuredStatelessBean.startLatch.countDown();
result = future.get();
} catch (ExecutionException ee) {
if (!(ee.getCause() instanceof EJBAccessException)) {
Assert.fail("Exception cause was not EJBAccessException and was " + ee);
}
} catch (EJBAccessException ejbe) {
// it's ok too
} finally {
lc.logout();
}
Assert.assertFalse(result);
}
use of javax.ejb.EJBAccessException in project wildfly by wildfly.
the class AnnotationAuthorizationTestCase method testRolesAllowedOverridenInBaseClass_HR.
@Test
public void testRolesAllowedOverridenInBaseClass_HR() throws Exception {
LoginContext lc = Util.getCLMLoginContext("hr", "hr");
lc.login();
try {
String response = rolesAllowedOverridenBean.aMethod("aMethod");
assertEquals("aMethod", response);
try {
rolesAllowedOverridenBean.bMethod("bMethod");
fail("Expected EJBAccessException not thrown");
} catch (EJBAccessException ignored) {
}
} finally {
lc.logout();
}
}
use of javax.ejb.EJBAccessException in project wildfly by wildfly.
the class AnnotationAuthorizationTestCase method testPermitAllOverride_User1.
@Test
public void testPermitAllOverride_User1() throws Exception {
LoginContext lc = Util.getCLMLoginContext("user1", "password1");
lc.login();
try {
String response = permitAllOverrideBean.defaultEcho("1");
assertEquals("1", response);
try {
permitAllOverrideBean.denyAllEcho("2");
fail("Expected EJBAccessException not thrown");
} catch (EJBAccessException ignored) {
}
response = permitAllOverrideBean.role1Echo("3");
assertEquals("3", response);
} finally {
lc.logout();
}
}
Aggregations