Search in sources :

Example 36 with EJBAccessException

use of javax.ejb.EJBAccessException in project wildfly by wildfly.

the class AnnotationAuthorizationTestCase method testDenyAllOverride_User1.

@Test
public void testDenyAllOverride_User1() throws Exception {
    LoginContext lc = Util.getCLMLoginContext("user1", "password1");
    lc.login();
    try {
        try {
            denyAllOverrideBean.defaultEcho("1");
            fail("Expected EJBAccessException not thrown");
        } catch (EJBAccessException ignored) {
        }
        String response = denyAllOverrideBean.permitAllEcho("2");
        assertEquals("2", response);
        response = denyAllOverrideBean.role1Echo("3");
        assertEquals("3", response);
    } finally {
        lc.logout();
    }
}
Also used : LoginContext(javax.security.auth.login.LoginContext) EJBAccessException(javax.ejb.EJBAccessException) Test(org.junit.Test)

Example 37 with EJBAccessException

use of javax.ejb.EJBAccessException in project wildfly by wildfly.

the class AnnotationAuthorizationTestCase method testRolesAllowedOverridenInBaseClass_Admin.

@Test
public void testRolesAllowedOverridenInBaseClass_Admin() throws Exception {
    LoginContext lc = Util.getCLMLoginContext("admin", "admin");
    lc.login();
    try {
        try {
            rolesAllowedOverridenBean.aMethod("aMethod");
            fail("Expected EJBAccessException not thrown");
        } catch (EJBAccessException ignored) {
        }
        String response = rolesAllowedOverridenBean.bMethod("bMethod");
        assertEquals("bMethod", response);
    } finally {
        lc.logout();
    }
}
Also used : LoginContext(javax.security.auth.login.LoginContext) EJBAccessException(javax.ejb.EJBAccessException) Test(org.junit.Test)

Example 38 with EJBAccessException

use of javax.ejb.EJBAccessException in project wildfly by wildfly.

the class SingletonSecurityTestCase method testInvocationOnSecuredMethodWithInCorrectRole.

/**
     * Test a method invocation on a singleton bean with an incorrect role.
     *
     * @throws Exception
     */
@Test
public void testInvocationOnSecuredMethodWithInCorrectRole() throws Exception {
    final SingletonSecurity securedSingleton = InitialContext.doLookup("java:module/" + SecuredSingletonBean.class.getSimpleName());
    final SecurityClient securityClient = SecurityClientFactory.getSecurityClient();
    securityClient.setSimple("user2", "password2");
    try {
        // login
        securityClient.login();
        try {
            // expects role1, so should fail
            securedSingleton.allowedForRole1();
            Assert.fail("Call to secured method, with incorrect role, was expected to fail");
        } catch (EJBAccessException ejbae) {
        // expected
        }
    } finally {
        securityClient.logout();
    }
}
Also used : SecurityClient(org.jboss.security.client.SecurityClient) EJBAccessException(javax.ejb.EJBAccessException) Test(org.junit.Test)

Example 39 with EJBAccessException

use of javax.ejb.EJBAccessException in project wildfly by wildfly.

the class AuthenticationTestCase method testAuthentication_TwoBeans_ReAuth_BadPwd.

// TODO - Similar test with first bean @RunAs - does it make sense to also manually switch?
@Test
public void testAuthentication_TwoBeans_ReAuth_BadPwd() throws Exception {
    LoginContext lc = Util.getCLMLoginContext("user1", "password1");
    lc.login();
    try {
        entryBean.doubleWhoAmI("user2", "wrong_password");
        fail("Expected EJBAccessException due to bad password not thrown. (EJB 3.1 FR 17.6.9)");
    } catch (EJBAccessException ignored) {
    } finally {
        lc.logout();
    }
}
Also used : LoginContext(javax.security.auth.login.LoginContext) EJBAccessException(javax.ejb.EJBAccessException) Test(org.junit.Test)

Example 40 with EJBAccessException

use of javax.ejb.EJBAccessException in project wildfly by wildfly.

the class EJBSecurityTestCase method testExcludeList.

@Test
public void testExcludeList() throws Exception {
    final Context ctx = new InitialContext();
    final FullAccess fullAccessDDBean = (FullAccess) ctx.lookup("java:module/" + DDBasedSLSB.class.getSimpleName() + "!" + FullAccess.class.getName());
    fullAccessDDBean.doAnything();
    final DDBasedSLSB ddBasedSLSB = (DDBasedSLSB) ctx.lookup("java:module/" + DDBasedSLSB.class.getSimpleName() + "!" + DDBasedSLSB.class.getName());
    try {
        ddBasedSLSB.accessDenied();
        Assert.fail("Call to accessDenied() method was expected to fail");
    } catch (EJBAccessException ejbae) {
    // expected
    }
    try {
        ddBasedSLSB.onlyTestRoleCanAccess();
        Assert.fail("Call to onlyTestRoleCanAccess() method was expected to fail");
    } catch (EJBAccessException ejbae) {
    // expected since only TestRole can call that method
    }
}
Also used : InitialContext(javax.naming.InitialContext) Context(javax.naming.Context) InitialContext(javax.naming.InitialContext) EJBAccessException(javax.ejb.EJBAccessException) Test(org.junit.Test)

Aggregations

EJBAccessException (javax.ejb.EJBAccessException)45 Test (org.junit.Test)26 LoginContext (javax.security.auth.login.LoginContext)16 Context (javax.naming.Context)13 InitialContext (javax.naming.InitialContext)13 OpenEJBException (org.apache.openejb.OpenEJBException)5 Principal (java.security.Principal)4 NamingException (javax.naming.NamingException)4 ApplicationException (org.apache.openejb.ApplicationException)4 IOException (java.io.IOException)3 Method (java.lang.reflect.Method)3 Properties (java.util.Properties)3 AccessLocalException (javax.ejb.AccessLocalException)3 EJBHome (javax.ejb.EJBHome)3 EJBLocalHome (javax.ejb.EJBLocalHome)3 EJBLocalObject (javax.ejb.EJBLocalObject)3 EJBObject (javax.ejb.EJBObject)3 LoginException (javax.security.auth.login.LoginException)3 ServletException (javax.servlet.ServletException)3 BeanContext (org.apache.openejb.BeanContext)3