@Deployment(testable = false)
public static WebArchive createDeployment() {
return defaultArchive();
}
cd javaee7-samples/jaspic/ejb-propagation/Now we are ready to start testing. You can run all the tests in this sample by executing:
mvn test
Or you can run individual tests by executing one of the following:mvn test -Dtest=ProtectedEJBPropagationTestmvn test -Dtest=PublicEJBPropagationTest
This tests that the established authenticated identity propagates correctly from the web layer to a "protected" EJB (an EJB with declarative role checking).
@Deployment(testable = false)
public static WebArchive createDeployment() {
return defaultArchive();
}
@Test
public void testProtectedServletWithLoginCallingEJB() throws IOException, SAXException {
String response = getFromServerPath("protected/servlet-protected-ejb?doLogin");
// Both the web (HttpServletRequest) and EJB (EJBContext) should see the same
// user name.
assertTrue(response.contains("web username: test"));
assertTrue("Web has user principal set, but EJB not.", response.contains("EJB username: test"));
// Both the web (HttpServletRequest) and EJB (EJBContext) should see that the
// user has the role "architect".
assertTrue(response.contains("web user has role \"architect\": true"));
assertTrue("Web user principal has role \"architect\", but one in EJB doesn't.",
response.contains("EJB user has role \"architect\": true"));
}
A small variation on the testProtectedServletWithLoginCallingEJB that tests if for authentication that happened for public resources the security context also propagates to EJB.
@Test
public void testPublicServletWithLoginCallingEJB() throws IOException, SAXException {
String response = getFromServerPath("public/servlet-protected-ejb?doLogin");
// Both the web (HttpServletRequest) and EJB (EJBContext) should see the same
// user name.
assertTrue(response.contains("web username: test"));
assertTrue("Web has user principal set, but EJB not.", response.contains("EJB username: test"));
// Both the web (HttpServletRequest) and EJB (EJBContext) should see that the
// user has the role "architect".
assertTrue(response.contains("web user has role \"architect\": true"));
assertTrue("Web user principal has role \"architect\", but one in EJB doesn't.",
response.contains("EJB user has role \"architect\": true"));
}
This tests that the established authenticated identity propagates correctly from the web layer to a "public" EJB (an EJB without declarative role checking).
@Deployment(testable = false)
public static WebArchive createDeployment() {
return defaultArchive();
}
@Test
public void testProtectedServletWithLoginCallingEJB() throws IOException, SAXException {
String response = getFromServerPath("protected/servlet-public-ejb?doLogin");
// Both the web (HttpServletRequest) and EJB (EJBContext) should see the same
// user name.
assertTrue(response.contains("web username: test"));
assertTrue("Web has user principal set, but EJB not.", response.contains("EJB username: test"));
}
There's a lot more about JavaEE to cover. If you're ready to learn more, check out the other available samples.
git clone git://github.com/javaee-samples/javaee7-samples.git
cd javaee7-samples/jaspic/ejb-propagation/
Do the changes as you see fit and send a pull request!
Good Luck!