Added JASPIC tests that test whether a SAM can forward and include

several kinds of resources

Author: arjantijms

jaspic/common/src/main/java/org/javaee7/jaspic/common/ArquillianBase.java

@@ -26,16 +26,22 @@ public class ArquillianBase {
 
     private static final String WEBAPP_SRC = "src/main/webapp";
     private WebClient webClient;
-
+    
     public static Archive<?> defaultArchive() {
-        
-        WebArchive webArchive = 
+        return tryWrapEAR(defaultWebArchive());
+    }
+    
+    public static WebArchive defaultWebArchive() {
+        return 
             create(WebArchive.class, "test.war")
                 .addPackages(true, "org.javaee7.jaspic")
+                .deleteClass(ArquillianBase.class)
                 .addAsWebInfResource(resource("web.xml"))
                 .addAsWebInfResource(resource("jboss-web.xml"))
                 .addAsWebInfResource(resource("glassfish-web.xml"));
-        
+    }
+    
+    public static Archive<?> tryWrapEAR(WebArchive webArchive) {
         if (getBoolean("useEarForJaspic")) {
             return
                 // EAR archive
@@ -48,15 +54,19 @@ public static Archive<?> defaultArchive() {
                     // This is needed to prevent Arquillian generating an illegal application.xml
                     .addAsModule(
                         webArchive
-                    );	
+                    );  
         } else {
             return webArchive;
         }
     }
 
-    private static File resource(String name) {
+    public static File resource(String name) {
         return new File(WEBAPP_SRC + "/WEB-INF", name);
     }
+    
+    public static File web(String name) {
+        return new File(WEBAPP_SRC, name);
+    }
 
     @ArquillianResource
     private URL base;

jaspic/dispatching-jsf-cdi/pom.xml

@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>org.javaee7</groupId>
+        <artifactId>jaspic</artifactId>
+        <version>1.0-SNAPSHOT</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+    
+    <groupId>org.javaee7</groupId>
+    <artifactId>jaspic-dispatching-jsf-cdi</artifactId>
+    <version>1.0-SNAPSHOT</version>
+    <packaging>war</packaging>
+    <name>Java EE 7 Sample: jaspic - dispatching JSF CDI</name>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.javaee7</groupId>
+            <artifactId>jaspic-common</artifactId>
+            <version>1.0-SNAPSHOT</version>
+        </dependency>
+    </dependencies>
+</project>

jaspic/dispatching-jsf-cdi/src/main/java/org/javaee7/jaspic/dispatching/bean/MyBean.java

@@ -0,0 +1,14 @@
+package org.javaee7.jaspic.dispatching.bean;
+
+import javax.enterprise.context.RequestScoped;
+import javax.inject.Named;
+
+@Named
+@RequestScoped
+public class MyBean {
+
+    public String getText() {
+        return "Called from CDI";
+    }
+    
+}

jaspic/dispatching-jsf-cdi/src/main/java/org/javaee7/jaspic/dispatching/sam/SamAutoRegistrationListener.java

@@ -0,0 +1,22 @@
+package org.javaee7.jaspic.dispatching.sam;
+
+import javax.servlet.ServletContextEvent;
+import javax.servlet.annotation.WebListener;
+
+import org.javaee7.jaspic.common.BaseServletContextListener;
+import org.javaee7.jaspic.common.JaspicUtils;
+
+/**
+ * 
+ * @author Arjan Tijms
+ * 
+ */
+@WebListener
+public class SamAutoRegistrationListener extends BaseServletContextListener {
+
+    @Override
+    public void contextInitialized(ServletContextEvent sce) {
+        JaspicUtils.registerSAM(sce.getServletContext(), new TestServerAuthModule());
+    }
+
+}

jaspic/dispatching-jsf-cdi/src/main/java/org/javaee7/jaspic/dispatching/sam/TestServerAuthModule.java

@@ -0,0 +1,103 @@
+package org.javaee7.jaspic.dispatching.sam;
+
+import static javax.security.auth.message.AuthStatus.SEND_CONTINUE;
+import static javax.security.auth.message.AuthStatus.SEND_SUCCESS;
+import static javax.security.auth.message.AuthStatus.SUCCESS;
+
+import java.io.IOException;
+import java.security.Principal;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.MessagePolicy;
+import javax.security.auth.message.callback.CallerPrincipalCallback;
+import javax.security.auth.message.module.ServerAuthModule;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * 
+ * @author Arjan Tijms
+ * 
+ */
+public class TestServerAuthModule implements ServerAuthModule {
+
+    private CallbackHandler handler;
+    private Class<?>[] supportedMessageTypes = new Class[] { HttpServletRequest.class, HttpServletResponse.class };
+
+    @Override
+    public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy, CallbackHandler handler,
+        @SuppressWarnings("rawtypes") Map options) throws AuthException {
+        this.handler = handler;
+    }
+
+    @Override
+    public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject) throws AuthException {
+        
+        try {
+            HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
+            HttpServletResponse response = (HttpServletResponse) messageInfo.getResponseMessage();
+
+            if ("include".equals(request.getParameter("dispatch"))) {
+                
+                String target = "/includedServlet";
+                if ("jsf".equals(request.getParameter("tech"))) {
+                    target = "/include.jsf";
+                } else  if ("jsfcdi".equals(request.getParameter("tech"))) {
+                    target = "/include-cdi.jsf";
+                }
+                
+                request.getRequestDispatcher(target)
+                       .include(request, response);
+
+                // "Do nothing", required protocol when returning SUCCESS
+                handler.handle(new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) });
+
+                // When using includes, the response stays open and the main
+                // resource can also
+                // write to the response
+                return SUCCESS;
+
+            } else {
+                
+                String target = "/forwardedServlet";
+                if ("jsf".equals(request.getParameter("tech"))) {
+                    target = "/forward.jsf";
+                } else  if ("jsfcdi".equals(request.getParameter("tech"))) {
+                    target = "/forward-cdi.jsf";
+                }
+                
+                request.getRequestDispatcher(target)
+                       .forward(request, response);
+
+                // MUST NOT invoke the resource, so CAN NOT return SUCCESS here.
+                return SEND_CONTINUE;
+            }
+            
+        } catch (IOException | ServletException | UnsupportedCallbackException e) {
+            throw (AuthException) new AuthException().initCause(e);
+        }
+    }
+
+    @Override
+    public Class<?>[] getSupportedMessageTypes() {
+        return supportedMessageTypes;
+    }
+
+    @Override
+    public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException {
+        return SEND_SUCCESS;
+    }
+
+    @Override
+    public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {
+
+    }
+}

jaspic/dispatching-jsf-cdi/src/main/java/org/javaee7/jaspic/dispatching/servlet/ForwardedServlet.java

@@ -0,0 +1,32 @@
+package org.javaee7.jaspic.dispatching.servlet;
+
+import java.io.IOException;
+
+import javax.inject.Inject;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.javaee7.jaspic.dispatching.bean.MyBean;
+
+/**
+ * 
+ * @author Arjan Tijms
+ * 
+ */
+@WebServlet(urlPatterns = "/forwardedServlet")
+public class ForwardedServlet extends HttpServlet {
+
+    private static final long serialVersionUID = 1L;
+    
+    @Inject
+    private MyBean myBean;
+
+    @Override
+    public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        response.getWriter().write("response from forwardedServlet - " + myBean.getText());
+    }
+
+}

jaspic/dispatching-jsf-cdi/src/main/java/org/javaee7/jaspic/dispatching/servlet/IncludedServlet.java

@@ -0,0 +1,32 @@
+package org.javaee7.jaspic.dispatching.servlet;
+
+import java.io.IOException;
+
+import javax.inject.Inject;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.javaee7.jaspic.dispatching.bean.MyBean;
+
+/**
+ * 
+ * @author Arjan Tijms
+ * 
+ */
+@WebServlet(urlPatterns = "/includedServlet")
+public class IncludedServlet extends HttpServlet {
+
+    private static final long serialVersionUID = 1L;
+    
+    @Inject
+    private MyBean myBean;
+
+    @Override
+    public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        response.getWriter().write("response from includedServlet - " + myBean.getText());
+    }
+
+}

jaspic/dispatching-jsf-cdi/src/main/java/org/javaee7/jaspic/dispatching/servlet/ProtectedServlet.java

@@ -0,0 +1,25 @@
+package org.javaee7.jaspic.dispatching.servlet;
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * 
+ * @author Arjan Tijms
+ * 
+ */
+@WebServlet(urlPatterns = "/protected/servlet")
+public class ProtectedServlet extends HttpServlet {
+
+    private static final long serialVersionUID = 1L;
+
+    @Override
+    public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        response.getWriter().write("Resource invoked\n");
+    }
+
+}

jaspic/dispatching-jsf-cdi/src/main/java/org/javaee7/jaspic/dispatching/servlet/PublicServlet.java

@@ -0,0 +1,25 @@
+package org.javaee7.jaspic.dispatching.servlet;
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * 
+ * @author Arjan Tijms
+ * 
+ */
+@WebServlet(urlPatterns = "/public/servlet")
+public class PublicServlet extends HttpServlet {
+
+    private static final long serialVersionUID = 1L;
+
+    @Override
+    public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+        response.getWriter().write("Resource invoked\n");
+    }
+
+}