[jboss-cvs] JBossAS SVN: r80749 - branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/cc.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Nov 10 15:52:44 EST 2008
Author: pskopek at redhat.com
Date: 2008-11-10 15:52:44 -0500 (Mon, 10 Nov 2008)
New Revision: 80749
Modified:
branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/cc/testCaseMapping_1.0.xml
Log:
JBOSSCC-22: Test descriptions for EAP testsuite added.
Modified: branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/cc/testCaseMapping_1.0.xml
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/cc/testCaseMapping_1.0.xml 2008-11-10 20:43:10 UTC (rev 80748)
+++ branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/cc/testCaseMapping_1.0.xml 2008-11-10 20:52:44 UTC (rev 80749)
@@ -559,124 +559,178 @@
<testCase name="org.jboss.test.security.test.LoginContextUnitTestCase">
<desc>A JUnit TestCase for the JAAS LoginContext usage.</desc>
<test name="testLogin1">
- <desc></desc>
+ <desc>Test objective: Test whether Subject object put to login context is the same after login() method call.
+ Expected result: Subject obtained by getSubject() call has to point to the same Subject object used while creatig login object.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testLogin2">
- <desc></desc>
+ <desc>Test objective: Creating login context with the same name as login context in previous test (testLogin1).
+ We want to show that subject returned atfer login is the one used in login lcontext creation
+ and not the one from testLogin1 test.
+ Expected result: Subject obtained by getSubject() call has to point to the same Subject object used while creatig login object.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
</testCase>
<testCase name="org.jboss.test.security.test.NamespacePermissionsUnitTestCase">
<desc>A JUnit TestCase for the NamespacePermissions and NamespacePermission classes.</desc>
<test name="testImplied">
- <desc>Test the NamespacePermissionCollection implies method for various permission that should be implied by the setup PermissionCollection.</desc>
- <TSFI></TSFI>
+ <desc>Test objective: Test the NamespacePermissionCollection implies method for various permissions that should be implied by the setup PermissionCollection.
+ For more detaile see test source code.
+ Expected result: All PermissionCollection calls to implies has to return value of true.
+ </desc>
+ <TSFI>tsfi.Permissions</TSFI>
</test>
<test name="testNotImplied">
- <desc>Test the NamespacePermissionCollection implies method for various permission that should NOT be implied by the setup PermissionCollection.</desc>
- <TSFI></TSFI>
+ <desc>Test objective: Test the NamespacePermissionCollection implies method for various permission that should NOT be implied by the setup PermissionCollection.
+ For more detaile see test source code.
+ Expected result: All PermissionCollection calls to implies has to return value of false.
+ </desc>
+ <TSFI>tsfi.Permissions</TSFI>
</test>
</testCase>
<testCase name="org.jboss.test.security.test.PermissionNameUnitTestCase">
<desc>A JUnit TestCase for the PermissionNames class.</desc>
<test name="testOrdering">
- <desc>Test the order of PermissionNames</desc>
- <TSFI></TSFI>
+ <desc>Test objective: Test of correct behaviour of class PermissionNames.
+ Aspects tested: conversion to string, correct entries creation, comparision.
+ Expected result: Test assertions has to be fultilled.
+ </desc>
+ <TSFI>tsfi.Permissions</TSFI>
</test>
</testCase>
<testCase name="org.jboss.test.security.test.WebConstraintsUnitTestCase">
<desc>Tests of the web declarative security model</desc>
<test name="testUnchecked">
- <desc>Test URLs that should require no authentication for any method</desc>
+ <desc>Test objective: Test URLs that should require no authentication for any method.
+ Expected result: All attepmts to call URL has to pass witout any exception.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testGetAccess">
- <desc>Test GETs against URLs that only allows the GET method and required the GetRole role</desc>
+ <desc>Test objective: Test GETs against URLs that only allows the GET method and required the GetRole role.
+ Expected result: All calls to GET URLs using GET method should pass OK those using POST method has to generate HTTP_FORBIDDEN.
+ When chanaged to user without permissions all GET/POST URLs has to generate HTTP_FORBIDDEN.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testExcludedAccess">
- <desc>Test that the excluded paths are not accessible by anyone</desc>
+ <desc>Test objective: Test that the excluded paths are not accessible by anyone.
+ Expected results: All calls to excluded URLs has to generate HTTP_FORBIDDEN.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testPostAccess">
- <desc>Test POSTs against URLs that only allows the POST method and required the PostRole role</desc>
+ <desc>Test objective: Test POSTs against URLs that only allows the POST method and required the PostRole role.
+ Expected result: All calls to POST URLs using POST method should pass OK those using GET method has to generate HTTP_FORBIDDEN.
+ When chanaged to user without permissions all GET/POST URLs has to generate HTTP_FORBIDDEN.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
</testCase>
<testCase name="org.jboss.test.security.test.WebResourcePermissionUnitTestCase">
<desc>Tests of the JAAC WebResourcePermission</desc>
<test name="testCtor2">
- <desc></desc>
+ <desc>Test objective: This is a unit test of WebResourcePermission to make sure it works as expected.
+ Expected result: All combination of calls and setups has to fultill all assertions.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testImpliesPermission">
- <desc></desc>
+ <desc>Test objective: Test whether WebResourcePermission implies correctly all given usage combinations.
+ Expected result: All combination of calls and setups has to fultill all assertions.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testNotImpliesPermission">
- <desc></desc>
+ <desc>Test objective: Test whether WebResourcePermission doesn't implies correctly all given usage combinations.
+ Expected result: All combination of calls and setups has to fultill all assertions.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testBestMatch">
- <desc></desc>
+ <desc>Test objective: Test whether WebResourcePermission implies correctly all given permission combinations.
+ Expected result: All calls and setups has to fultill all assertions.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testQualifiedMatch">
- <desc></desc>
+ <desc>Test objective: Test whether WebResourcePermission /restricted/not GET is NOT implied.
+ Expected result: Assertion has to be fultilled.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testQualifiedPatterns">
- <desc></desc>
+ <desc>Test objective: Test whether all given patterns are prohibited.
+ Expected result: Test should pass without generating an Exception.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
</testCase>
<testCase name="org.jboss.test.security.test.WebUserDataPermissionUnitTestCase">
<desc>Tests of the JAAC WebUserDataPermission</desc>
<test name="testCtor2">
- <desc></desc>
+ <desc>Test objective: This is a unit test of WebUserDataPermission to make sure it works as expected.
+ Expected result: All combination of calls and setups has to fultill all assertions.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testImpliesPermission">
- <desc></desc>
+ <desc>Test objective: Test whether WebUserDataPermission implies correctly all given usage combinations.
+ Expected result: All combination of calls and setups has to fultill all assertions.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testNotImpliesPermission">
- <desc></desc>
+ <desc>Test objective: Test whether WebUserDataPermission doesn't implies correctly all given usage combinations.
+ Expected result: All combination of calls and setups has to fultill all assertions.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testMatch">
- <desc></desc>
+ <desc>Test objective: Test whether WebUserDataPermission implies correctly all given permission combinations.
+ Expected result: All calls and setups has to fultill all assertions.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testQualifiedPatterns">
- <desc></desc>
+ <desc>Test objective: Test whether all given patterns are prohibited.
+ Expected result: Test should pass without generating an Exception.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
</testCase>
<testCase name="org.jboss.test.security.test.auth.AppCallbackHandlerUnitTestCase">
<desc>Unit Tests the AppCallbackHandler</desc>
<test name="testUserNamePassword">
- <desc></desc>
+ <desc>Test objective: Make sure that AppCallbackHandlers puts the same username and password values pass to callback data as passed to it.
+ Expected result: Data have to match.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testMapCallback">
- <desc></desc>
+ <desc>Test objective: Make sure that AppCallbackHandlers puts the same data to Map structure as passed to it.
+ Expected result: Data have to match.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testByteArrayCallback">
- <desc></desc>
+ <desc>Test objective: Make sure that AppCallbackHandlers puts the same data to ByteArray structure as passed to it.
+ Expected result: Data have to match.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
</testCase>
<testCase name="org.jboss.test.security.test.ejb.SFSBIntegrationTestCase">
<desc>Stateful Session Beans Integration Tests</desc>
<test name="testCallerPrincipalInSessionSynchronization">
- <desc>Call a SFSB method that has container transaction and each of
- * the SessionSynchronization callback methods call the getCallerPrincipal
- *
- * Also the SFSB has a ejb ref to another SFSB which is secured and declares
- * a run-as role</desc>
+ <desc>Test objective: Call a SFSB method that has container transaction and each of
+ the SessionSynchronization callback methods call the getCallerPrincipal
+ Also the SFSB has a ejb ref to another SFSB which is secured and declares a run-as role.
+
+ Expected result: Test has to pass without any exception.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
</testCase>
@@ -706,74 +760,100 @@
* Especially tests the usage of the authorization delegate
* called as org.jboss.jmx.connector.invoker.ExternalizableRolesAuthorization</desc>
<test name="testConfigurableRolesAuthorizedAccess">
- <desc>Test that a valid jmx-console domain user can invoke operations
- * through the jmx/invoker/AuthenticatedRMIAdaptor</desc>
+ <desc>Test objective: Test that a valid jmx-console domain user can invoke operations through the jmx/invoker/AuthenticatedRMIAdaptor
+ Expected result: Calls have to pass without any exception.
+ </desc>
<TSFI>tsfi.jmx.rmi</TSFI>
</test>
<test name="testUnAuthorizedAccess">
- <desc>Test invalid access</desc>
+ <desc>Test objective: Test unauthorized access.
+ Expected result: Call should generate exception which is caught by the test code.
+ </desc>
<TSFI>tsfi.jmx.rmi</TSFI>
</test>
</testCase>
<testCase name="org.jboss.test.jmx.test.RMIAdaptorUnitTestCase">
<desc>Tests over the RMIAdaptor</desc>
<test name="testMBeanInfoMarshalling">
- <desc>Test that we can iterate and retrieve MBeanInfo for all registered MBeans</desc>
+ <desc>Test objective: Test that we can iterate and retrieve MBeanInfo for all registered MBeans
+ Expected result: Test should pass without any exception thrown.
+ </desc>
<TSFI>tsfi.jmx.rmi</TSFI>
</test>
</testCase>
<testCase name="org.jboss.test.web.test.ssl.SSLUnitTestCase">
<desc>Tests of ssl and CLIENT-CERT auth. No basic auth.</desc>
<test name="testHttps">
- <desc>Test that access of the transport constrained</desc>
+ <desc>Test objective: Test that access of the transport constrained
+ Expected result: Call should pass without any exception thrown.
+ </desc>
<TSFI>tsfi.https</TSFI>
</test>
<test name="testHttpsSecurityDomain">
- <desc></desc>
+ <desc>Test objective: Test whether https can pass through unrestricted secure servlet using client cert auth.
+ Expected result: Test has to pass without any exception.
+ </desc>
<TSFI>tsfi.https</TSFI>
</test>
</testCase>
+
<testCase name="org.jboss.test.security.test.ClientLoginModuleEJBUnitTestCase">
- <desc>Call BeanA using jduke/theduke
- +-- call BeanB switching idenity using ClientLoginModule
- +---- call BeanC switching idenity using ClientLoginModule
- validing the expected caller principal with different ejb method permissions</desc>
+ <desc></desc>
<test name="testClientLoginModule">
- <desc></desc>
- <TSFI>???jnp.. isn't it disabled?</TSFI>
+ <desc>Test objective: Call BeanA using jduke/theduke
+ +-- call BeanB switching idenity using ClientLoginModule
+ +---- call BeanC switching idenity using ClientLoginModule
+ validing the expected caller principal with different ejb method permissions
+ Expected resutl: Assertion to correctenss of return value has to be fulfilled.
+ </desc>
+ <TSFI>tsfi.rmi.jrmp</TSFI>
</test>
</testCase>
<testCase name="org.jboss.test.security.test.ClientLoginModuleUnitTestCase">
<desc>ClientLoginModuleUnitTestCase/SecurityAssociation interaction tests</desc>
<test name="testSingleThreaded">
- <desc></desc>
+ <desc>Test objective: Tests whether server gets correct current principal in single thread.
+ Expected result: Assertion of returned principal has to be fulfilled.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testSingleThreadedRestoreIdentity">
- <desc></desc>
+ <desc>Test objective: Test whether identity of caller is returned back to original status aftert logout in single thread.
+ Expected result: All assertions has to be fulfilled.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testSingleThreadedRestoreStack">
- <desc></desc>
+ <desc>Test objective: Test whether whole stack of identities are returned back to state before login in single thread.
+ Expected result: All assertions has to be fulfilled.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testMultiThreaded">
- <desc></desc>
+ <desc>Test objective: Test mutithreaded login using two threads.
+ Expected result: Test has to pass without any exception.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testMultiThreadedRestoreIdentity">
- <desc></desc>
+ <desc>Test objective: Test whether identity of caller is returned back to original status aftert logout in multiple threads.
+ Expected result: All assertions has to be fulfilled.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
</testCase>
<testCase name="org.jboss.test.security.test.CustomPrincipalPropagationUnitTestCase">
<desc>Test propagation of Custom Principal</desc>
<test name="testCustomPrincipalTransmission">
- <desc>Custom Principal from outside the Application Server VM</desc>
+ <desc>Test objective: Custom Principal from outside the Application Server VM
+ Expected result: Prinipal returned from validateCallerPrincipal of remote bean has to be of the same type.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testCustomPrincipalTransmissionInVM">
- <desc>A web-app has a welcome jsp (called as index.jsp). Inside this jsp, there is a call made out to an ejb</desc>
+ <desc>Test objective: A web-app has a welcome jsp (called as index.jsp). Inside this jsp, there is a call made out to an ejb.
+ Expected result: Custom principal has to propagated accross calls and assertion at the and has to pass.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
</testCase>
@@ -797,196 +877,271 @@
<testCase name="org.jboss.test.security.test.DynamicLoginConfigServiceUnitTestCase">
<desc>Unit tests for the Dynamic Login Config Service</desc>
<test name="testAbsoluteLoginConfigURL">
- <desc>DynamicLoginConfig service fails absolute login-config.xml url</desc>
+ <desc>Test objective: DynamicLoginConfig service fails absolute login-config.xml url.
+ Expected result: Series of asserions has to be fulfiled.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testAuthConf">
- <desc>Do not allow Null AuthConfig or login-config.xml</desc>
- <TSFI>tsfi.http</TSFI>
+ <desc>Test objective: Do not allow Null AuthConfig or login-config.xml
+ Expected result: Both calls has to generate exception since they are not allowed.
+ </desc>
+ <TSFI>tsfi.rmi.jrmp</TSFI>
</test>
</testCase>
<testCase name="org.jboss.test.security.test.EJBPermissionUnitTestCase">
<desc>Tests of the JAAC EJB*Permissions</desc>
<test name="testCtor1">
- <desc>Tests of the EJBMethodPermission(String name, String actions)</desc>
+ <desc>Test objective: Tests of the EJBMethodPermission(String name, String actions).
+ Expected result: All assertions of call has to pass.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testCtor2">
- <desc>Tests of EJBMethodPermission(String ejbName, String methodInterface, Method method)</desc>
+ <desc>Test objective: Tests of EJBMethodPermission(String ejbName, String methodInterface, Method method).
+ Expected result: All assertions of call has to pass.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testCtor3">
- <desc>Tests of EJBMethodPermission(String ejbName, String methodName,
- String methodInterface, String[] methodParams)</desc>
+ <desc>Test objective: Tests of EJBMethodPermission(String ejbName, String methodName, String methodInterface, String[] methodParams).
+ Expected result: All assertions of call has to pass.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
</testCase>
<testCase name="org.jboss.test.security.test.JaasSecurityDomainUnitTestCase">
<desc>Tests of the JaasSecurityDomain service.</desc>
<test name="testTmpFilePassword">
- <desc></desc>
+ <desc>Test objective: Tests whether pasword returned from service "jboss.security:service=JaasSecurityDomain,domain=testTmpFilePassword" is valid.
+ Expected result: Password has to be as expexted.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testFilePassword">
- <desc></desc>
+ <desc>Test objective: Tests whether pasword returned from service "jboss.security:service=JaasSecurityDomain,domain=testFilePassword" is valid.
+ Expected result: Password has to be as expexted.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testEncodeDecode">
- <desc></desc>
+ <desc>Test objective: Test if encode/decode produces correct results.
+ Expected result: Both methods has to produce expected results.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testEncodeDecode64">
- <desc></desc>
+ <desc>Test objective: Test if encode64/decode64 produces correct results.
+ Expected result: Both methods has to produce expected results.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
- <test name="">
- <desc></desc>
- <TSFI>tsfi.rmi.jrmp</TSFI>
- </test>
</testCase>
<testCase name="org.jboss.test.security.test.LoginModulesUnitTestCase">
<desc>Tests of the LoginModule classes.</desc>
<test name="testClientLogin">
- <desc></desc>
+ <desc>Test objectve: Test correct functioning of client login module with username password handler.
+ Expected resut: Assertions has to be fulfilled.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testUsernamePassword">
- <desc></desc>
+ <desc>Test objectve: Test username passwornd and roles associacions.
+ Expected resut: Assertions has to be fulfilled.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testUsernamePasswordHash">
- <desc></desc>
+ <desc>Test objectve: Test username passwornd and roles associacions using hashed paswords.
+ Expected resut: Assertions has to be fulfilled.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testUsernamePasswordHashWithDigestCallback">
- <desc></desc>
+ <desc>Test objectve: Test username passwornd and roles associacions using hashed paswords with digest callback.
+ Expected resut: Assertions has to be fulfilled.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testUsersRoles">
- <desc></desc>
+ <desc>Test objectve: Test series usernam/passwornd couples whether they have associated proper roles and not associated certain ones.
+ Expected resut: Assertions has to be fulfilled.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testUsersRolesHash">
- <desc></desc>
+ <desc>Test objectve: Test series usernam/passwornd couples whether they have associated proper roles and not associated certain ones using hashed passwords.
+ Expected resut: Assertions has to be fulfilled.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testAnonUsersRoles">
- <desc></desc>
+ <desc>Test objective: Tests whether password handler with null user and password have proper anonymous principal associated.
+ This pricipal has no roles attached except Roles.
+ Expected resut: Assertions has to be fulfilled.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testAnon">
- <desc></desc>
+ <desc>Test objective: Tests whether password handler with null user and password have proper anonymous principal associated.
+ This pricipal has no roles attached except Roles.
+ Expected resut: Assertions has to be fulfilled.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testNull">
- <desc></desc>
+ <desc>Test objective: Using "testNull" login context there should be no way to log with null user and password.
+ Expected result: User cannot log in with null/null username and password.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testIdentity">
- <desc></desc>
- <TSFI></TSFI>
+ <desc>Test objective: Test whether login context "testIdentity" contains proper roles and users.
+ Expected result: All assertions of users and roles has to pass.
+ </desc>
+ <TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testJCACallerIdentity">
- <desc></desc>
+ <desc>Test objective: Test whether login context "testJCACallerIdentity" contains users jduke and jduke2 with expected private credencials.
+ Expected result: All assertions of users has to pass.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testJaasSecurityDomainIdentityLoginModule">
- <desc></desc>
+ <desc>Test objective: Test JAAS security identity login module to access principal and his password credencial.
+ Expected result: Password and username has to to be equal to the ones expected.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testSimple">
- <desc></desc>
+ <desc>Test objective: Tests simple file login module.
+ Expected result: All assertions of users and roles has to pass.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testJdbc">
- <desc></desc>
+ <desc>Test objective: Tests DB login module.
+ Expected result: All assertions of users and roles has to pass.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testControlFlags">
- <desc></desc>
+ <desc>Test objective: Test control flags of application on login module.
+ Expected result: All "testControlFlags" has to return SUFFICIENT status.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testCertLogin">
- <desc></desc>
+ <desc>Test objective: Tests whether cert login module works correctly.
+ Expected result: Subject has to contain principal with name "unit-tests" and proper X509 certificate.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testCertRoles">
- <desc></desc>
+ <desc>Test objective: Tests proper role assignment to principal named "unit-tests".
+ Expected result: The principal has to have all expected roles.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
</testCase>
<testCase name="org.jboss.test.security.test.MissingMethodUnitTestCase">
<desc>Tests missing-method-permissions-excluded-mode</desc>
<test name="testMissingIsUnchecked">
- <desc>Test that methods without a method-permission behave as unchecked</desc>
+ <desc>Test objective: Test that methods without a method-permission behave as unchecked.
+ Expected result: Test has to pass without any exception.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testMissingIsExcluded">
- <desc>Test that methods without a method-permission behave as excluded</desc>
+ <desc>Test objective: Test that methods without a method-permission behave as excluded.
+ Expected result: Call to bean.invokeEcho should pass and bean.callEcho should fail.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
</testCase>
<testCase name="org.jboss.test.security.test.RoleMappingModuleUnitTestCase">
<desc>JBAS-3323: Role Mapping Login Module that maps application role to declarative role</desc>
<test name="testRoleMappingModule">
- <desc>Test the RoleMappingLoginModule with no option to replace the role</desc>
+ <desc>Test objective: Test the RoleMappingLoginModule with no option to replace the role.
+ Expected result: All assertions regardig roles have to pass.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testRoleMappingModuleWithReplace">
- <desc>Test the RoleMappingLoginModule with an option to replace the role</desc>
+ <desc>Test objective: Test the RoleMappingLoginModule with an option to replace the role.
+ Expected result: All assertions regardig roles have to pass.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
</testCase>
<testCase name="org.jboss.test.security.test.SAInheritableThreadLocalUnitTestCase">
<desc>Test that the security context thread locals propagate to child threads</desc>
<test name="testSecurityContext">
- <desc>Test the expected security context exists via the SecurityAssociation accessors</desc>
+ <desc>Test objective: Test the expected security context exists via the SecurityAssociation accessors.
+ Expected result: Subject and principal have to be as expected.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testInheritableThreadLocal">
- <desc>Validate that a child thread sees its parent</desc>
+ <desc>Test objective: Validate that a child thread sees its parent.
+ Expected result: Subject and principal have to be as expected.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
</testCase>
<testCase name="org.jboss.test.security.test.SAThreadLocalUnitTestCase">
<desc>Test that the security context thread locals do NOT propagate to child threads</desc>
<test name="testSecurityContext">
- <desc>Test the order of PermissionNames</desc>
+ <desc>Test objective: Test the order of PermissionNames.
+ Expected result: Subject and principal have to be as expected.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testThreadLocal">
- <desc></desc>
+ <desc>Test objective: Validate that a thread sees its subject and principal from SecurityAssociation.
+ Expected result: Subject and principal have to be as expected.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
</testCase>
<testCase name="org.jboss.test.security.test.SecurityDomainLoginModuleOptionUnitTestCase">
<desc>For changes made on JBAS-1477, the security domain name is added to every login
- * module option map by the ApplicationInfo object. When TRACE logging is enable,
- * a login module will then display this option value for trouble shooting. The
- * first part of test, displays how the security domain option is properly set
- * in a security domain that exists in Configuration. The second test shows
- * how the "other" security domain is displayed when the original domain does not
- * exist in Configuration.</desc>
+ module option map by the ApplicationInfo object. When TRACE logging is enable,
+ a login module will then display this option value for trouble shooting. The
+ first part of test, displays how the security domain option is properly set
+ in a security domain that exists in Configuration. The second test shows
+ how the "other" security domain is displayed when the original domain does not
+ exist in Configuration.</desc>
<test name="testSecurityDomainLoginModuleOption">
- <desc></desc>
+ <desc>Test objective: The security domain name is added to every login module option map by the ApplicationInfo object. When TRACE logging is enable,
+ a login module will then display this option value for trouble shooting. The
+ first part of test, displays how the security domain option is properly set
+ in a security domain that exists in Configuration. The second test shows
+ how the "other" security domain is displayed when the original domain does not
+ exist in Configuration.
+ Expected result: Security domain option should be equal to SecurityConstants.DEFAULT_APPLICATION_POLICY.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
</testCase>
<testCase name="org.jboss.test.security.test.SecurityMgrStressTestCase">
<desc>Stress testing of the JaasSecurityManager</desc>
<test name="testMTAuthentication">
- <desc>Test concurrent access to the isValid and doesUserHaveRole security
- * mgr methods.</desc>
+ <desc>Test objective: Test concurrent access to the isValid and doesUserHaveRole securitymgr methods.
+ Expected result: All threads have to finish without an exception.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
</testCase>
<testCase name="org.jboss.test.security.test.SecurityProxyUnitTestCase">
<desc>Tests of the EJB security proxy.</desc>
<test name="testMethodAccess">
- <desc>Test that the echo method is accessible by an Echo
- role. Since the noop() method of the StatelessSession
- bean was not assigned any permissions it should not be
- accessible by any user.</desc>
+ <desc>Test objective: Test that the echo method is accessible by an Echo
+ role. Since the noop() method of the StatelessSession
+ bean was not assigned any permissions it should not be
+ accessible by any user.
+ Expected result: Calls to bean methods should fail on all occurences.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
</testCase>
@@ -1030,187 +1185,100 @@
</test>
</testCase>
-->
- <testCase name="SRPUnitTestCase">
+ <testCase name="org.jboss.test.security.test.SRPUnitTestCase">
<desc>Test of the secure remote password(SRP) session key to perform crypto
operations.</desc>
<test name="testEchoArgs">
- <desc>Test that the echo method is secured by the SRPCacheLogin module</desc>
+ <desc>Test objective: Test that the echo method is secured by the SRPCacheLogin module.
+ Expected result: Call to bean.echo has to pass without exception.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testMultiUserEchoArgs">
- <desc>Test that the echo method is secured by the SRPCacheLogin module when using multi-session srp with two threads</desc>
+ <desc>Test objective: Test that the echo method is secured by the SRPCacheLogin module when using multi-session srp with two threads.
+ Expected result: Test call should pass without an exception as well as both threads.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
</testCase>
- <testCase name="WebUserDataPermissionUnitTestCase">
- <desc>Tests of the JAAC WebUserDataPermission</desc>
- <test name="testCtor2">
- <desc></desc>
- <TSFI>tsfi.rmi.jrmp</TSFI>
- </test>
- <test name="testImpliesPermission">
- <desc></desc>
- <TSFI>tsfi.rmi.jrmp</TSFI>
- </test>
- <test name="testNotImpliesPermission">
- <desc></desc>
- <TSFI>tsfi.rmi.jrmp</TSFI>
- </test>
- <test name="testMatch">
- <desc></desc>
- <TSFI>tsfi.rmi.jrmp</TSFI>
- </test>
- <test name="testQualifiedPatterns">
- <desc></desc>
- <TSFI>tsfi.rmi.jrmp</TSFI>
- </test>
- </testCase>
<testCase name="org.jboss.test.security.test.XMLLoginModulesUnitTestCase">
- <desc>Tests of the LoginModule classes using the XMLLoginConfigImpl implementation
- * of the JAAS login module configuration.</desc>
+ <desc>Tests of the LoginModule classes using the XMLLoginConfigImpl implementation of the JAAS login module configuration.</desc>
<test name="testGargantusRealm">
- <desc></desc>
+ <desc>Test objective: Test the correct functioning of XML login module.
+ Expected result: Principal, username, password and managedConnectionFactoryName have to be as expected by setup.
+ </desc>
<TSFI></TSFI>
</test>
<test name="testPropertyReplacement">
- <desc></desc>
+ <desc>Test objective: Test whether property replacement works fine.
+ Expected result: Properties should have values as expected by setup.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testPBEIdentityLoginModule">
- <desc></desc>
+ <desc>Test objective: Test whether PBEIdentityLoginModule works fine.
+ Expected result: All assertions have to be fulfilled.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testPBEIdentityLoginModuleTmpFilePassword">
- <desc></desc>
+ <desc>Test objective: Test whether the login module can use tmp password file.
+ Expected result: Returned username and password have to be as expected.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
- <test name="testXmlLoginModuleParsing">
- <desc></desc>
- <TSFI>tsfi.rmi.jrmp</TSFI>
- </test>
<test name="testXMLLoginModule">
- <desc></desc>
+ <desc>Test objective: Test whether XMLIdentityLoginModule works fine.
+ Expected result: All assertions have to be fulfilled.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
- <test name="testXmlLoginModuleJaxbParsing">
- <desc>JBAS-2702</desc>
- <TSFI>tsfi.rmi.jrmp</TSFI>
- </test>
</testCase>
- <testCase name="AppCallbackHandlerUnitTestCase">
- <desc>Unit Tests the AppCallbackHandler</desc>
- <test name="testUserNamePassword">
- <desc></desc>
- <TSFI>tsfi.rmi.jrmp</TSFI>
- </test>
- <test name="testMapCallback">
- <desc></desc>
- <TSFI>tsfi.rmi.jrmp</TSFI>
- </test>
- <test name="testByteArrayCallback">
- <desc></desc>
- <TSFI>tsfi.rmi.jrmp</TSFI>
- </test>
- </testCase>
- <!--
- <testCase name="org.jboss.test.securitymgr.test.EJBSpecUnitTestCase">
- <desc>Tests of the programming restrictions defined by the EJB spec. The JBoss
-server must be running under a security manager. The securitymgr-ejb.jar
-should be granted only the following permission:
-
-grant securitymgr-ejb.jar {
- permission java.util.PropertyPermission "*", "read";
- permission java.lang.RuntimePermission "queuePrintJob";
- permission java.net.SocketPermission "*", "connect";
- };</desc>
- <test name="testFileExists">
- <desc>Test that a bean cannot access the filesystem using java.io.File</desc>
- <TSFI>tsfi.rmi.jrmp</TSFI>
- </test>
- <test name="testFileWrite">
- <desc>Test that a bean cannot access the filesystem using java.io.File</desc>
- <TSFI>tsfi.rmi.jrmp</TSFI>
- </test>
- <test name="testSocketListen">
- <desc></desc>
- <TSFI>tsfi.rmi.jrmp</TSFI>
- </test>
- <test name="testSocketConnect">
- <desc></desc>
- <TSFI>tsfi.rmi.jrmp</TSFI>
- </test>
- <test name="testCreateClassLoader">
- <desc></desc>
- <TSFI>tsfi.rmi.jrmp</TSFI>
- </test>
- <test name="testGetContextClassLoader">
- <desc></desc>
- <TSFI>tsfi.rmi.jrmp</TSFI>
- </test>
- <test name="testSetContextClassLoader">
- <desc></desc>
- <TSFI>tsfi.rmi.jrmp</TSFI>
- </test>
- <test name="testReflection">
- <desc></desc>
- <TSFI>tsfi.rmi.jrmp</TSFI>
- </test>
- <test name="testThreadAccess">
- <desc></desc>
- <TSFI>tsfi.rmi.jrmp</TSFI>
- </test>
- <test name="testCreateThread">
- <desc></desc>
- <TSFI>tsfi.rmi.jrmp</TSFI>
- </test>
- <test name="testChangeSystemErr">
- <desc></desc>
- <TSFI>tsfi.rmi.jrmp</TSFI>
- </test>
- <test name="testCreateSecurityMgr">
- <desc></desc>
- <TSFI>tsfi.rmi.jrmp</TSFI>
- </test>
- <test name="testLoadLibrary">
- <desc></desc>
- <TSFI>tsfi.rmi.jrmp</TSFI>
- </test>
- <test name="testSystemExit">
- <desc></desc>
- <TSFI>tsfi.rmi.jrmp</TSFI>
- </test>
- </testCase>
- -->
<testCase name="org.jboss.test.securitymgr.test.PolicyUnitTestCase">
<desc>Tests of the security permission enforcement that creates and directly
- invokes the ejb methods to test the security policy permissions
- without the noise of the ejb container.</desc>
+ invokes the ejb methods to test the security policy permissions
+ without the noise of the ejb container.
+ </desc>
<test name="testSecurityAssociation">
- <desc>Test that a bean cannot access the SecurityAssociation class</desc>
+ <desc>Test objective: Test that a bean cannot access the SecurityAssociation class.
+ Expected result: All attempts have to fail.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testFileIO">
- <desc></desc>
- <TSFI></TSFI>
+ <desc>Test objective: Test that bean cannot access nofile.txt.
+ Expected result: Generate exception and catch it.
+ </desc>
+ <TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testSockets">
- <desc></desc>
+ <desc>Test objective: Test whether bean can connect or listen on given ports.
+ Expected result: Generate exception and catch it.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testClassLoaders">
- <desc></desc>
+ <desc>Test objective: Test whether bean can create classloader.
+ Expected result: Generate exception and catch it.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testReflection">
- <desc></desc>
+ <desc>Test objective: Test whether bean can use reflection.
+ Expected result: Generate exception and catch it.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testThreadAccess">
- <desc></desc>
+ <desc>Test objective: Test whether bean can reaname the thread.
+ Expected result: Generate exception and catch it.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
<test name="testSystemAccess">
- <desc></desc>
+ <desc>Test objective: Test whether bean can create security manager.
+ Expected result: Generate exception and catch it.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
</test>
</testCase>
@@ -1267,458 +1335,464 @@
The secure access tests require a user named 'jduke' with a password of 'theduke'
with a role of 'AuthorizedUser' in the servlet container.</desc>
<test name="testClientLoginServlet">
- <desc>Access the http://{host}/jbosstest/ClientLoginServlet</desc>
+ <desc>Test objective: Access the http://{host}/jbosstest/ClientLoginServlet
+ Expected result: URL has to be accessible (pass without exception).
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testUserInRoleServlet">
- <desc>Access the http://{host}/jbosstest/restricted/UserInRoleServlet to
- * test isUserInRole.</desc>
+ <desc>Test objective: Access the http://{host}/jbosstest/restricted/UserInRoleServlet to test isUserInRole.
+ Expected result: URL has to be accessible (pass without exception).
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testSecureServlet">
- <desc>Access the http://{host}/jbosstest/restricted/SecureServlet</desc>
+ <desc>Test objective: Access the http://{host}/jbosstest/restricted/SecureServlet
+ Expected result: URL has to be accessible (pass without exception).
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testSecureServlet2">
- <desc>Access the http://{host}/jbosstest/restricted2/SecureServlet</desc>
+ <desc>Test objective: Access the http://{host}/jbosstest/restricted2/SecureServlet.
+ Expected result: URL has to be accessible (pass without exception).
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testSubjectServlet">
- <desc>Access the http://{host}/jbosstest/restricted/SubjectServlet</desc>
+ <desc>Test objective: Access the http://{host}/jbosstest/restricted/SubjectServlet.
+ Expected result: URL has to be accessible (pass without exception).
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testSecureServletAndUnsecureAccess">
- <desc>Access the http://{host}/jbosstest/restricted/SecureServlet</desc>
+ <desc>Test objecive: Access the http://{host}/jbosstest/restricted/SecureServlet
+ Expected result: URL has to be accessible (pass without exception).
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testSecureServletWithBadPass">
- <desc>Access the http://{host}/jbosstest/restricted/SecureServlet</desc>
+ <desc>Access the http://{host}/jbosstest/restricted/SecureServlet
+ Expected result: URL cannot be accessible.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testSecureServletWithNoLogin">
- <desc>Access the http://{host}/jbosstest/restricted/SecureServlet</desc>
+ <desc>Test objective: Access the http://{host}/jbosstest/restricted/SecureServlet
+ Expected result: URL cannot be accessible.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testNotJbosstest">
- <desc>Access the http://{host}/jbosstest-not/unrestricted/SecureServlet</desc>
+ <desc>Test objective: Access the http://{host}/jbosstest-not/unrestricted/SecureServlet
+ Expected result: URL has to be accessible (pass without exception).
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testSecuredEntityFacadeServlet">
- <desc>Access the http://{host}/jbosstest/restricted/SecuredEntityFacadeServlet</desc>
+ <desc>Test objective: Access the http://{host}/jbosstest/restricted/SecuredEntityFacadeServlet
+ Expected result: URL has to be accessible (pass without exception).
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testSecureEJBAccess">
- <desc>Access the http://{host}/jbosstest/restricted/SecureEJBAccess</desc>
+ <desc>Test objective: Access the http://{host}/jbosstest/restricted/SecureEJBAccess
+ Expected result: URL has to be accessible (pass without exception).
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testIncludeEJB">
- <desc>Access the http://{host}/jbosstest/restricted/include_ejb.jsp</desc>
+ <desc>Test objective: Access the http://{host}/jbosstest/restricted/include_ejb.jsp
+ Expected result: URL has to be accessible (pass without exception).
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testUnsecureEJBAccess">
- <desc>Access the http://{host}/jbosstest/UnsecureEJBAccess with method=echo
- * to test that an unsecured servlet cannot access a secured EJB method
- * that requires a valid permission. This should fail.</desc>
+ <desc>Test objective: Access the http://{host}/jbosstest/UnsecureEJBAccess with method=echo
+ to test that an unsecured servlet cannot access a secured EJB method
+ that requires a valid permission.
+ Expected result: URL cannot be accessible. This should fail.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testUnsecureAnonEJBAccess">
- <desc>Access the http://{host}/jbosstest/UnsecureEJBAccess with method=unchecked
- * to test that an unsecured servlet can access a secured EJB method that
- * only requires an authenticated user. This requires unauthenticated
- * identity support by the web security domain.</desc>
+ <desc>Test objective: Access the http://{host}/jbosstest/UnsecureEJBAccess with method=unchecked
+ to test that an unsecured servlet can access a secured EJB method that
+ only requires an authenticated user. This requires unauthenticated
+ identity support by the web security domain.
+ Expected result: URL has to be accessible (pass without exception).
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testUnsecureRunAsServlet">
- <desc></desc>
+ <desc>Test objective: Access the baseURLNoAuth+"jbosstest/UnsecureEJBAccess?method=echo"
+ Expected result: URL has to be accessible (pass without exception).
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testUnsecureRunAsServletWithPrincipalName">
- <desc>Access the http://{host}/jbosstest/UnsecureRunAsServletWithPrincipalName
- * to test that an unsecured servlet can access a secured EJB method by using
- * a run-as role. This should also have a custom run-as principal name.</desc>
+ <desc>Test objective: Access the http://{host}/jbosstest/UnsecureRunAsServletWithPrincipalName
+ to test that an unsecured servlet can access a secured EJB method by using
+ a run-as role. This should also have a custom run-as principal name.
+ Expected result: URL has to be accessible (pass without exception).
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testUnsecureRunAsServletWithPrincipalNameAndRoles">
- <desc>Access the http://{host}/jbosstest/UnsecureRunAsServletWithPrincipalNameAndRoles
- * to test that an unsecured servlet can access a secured EJB method by using
- * a run-as role. This should also have a custom run-as principal name and
- * additional roles.</desc>
+ <desc>Test objective: Access the http://{host}/jbosstest/UnsecureRunAsServletWithPrincipalNameAndRoles
+ to test that an unsecured servlet can access a secured EJB method by using
+ a run-as role. This should also have a custom run-as principal name and
+ additional roles.
+ Expected result: URL has to be accessible (pass without exception).
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testNotJbosstest2">
- <desc>Deploy a second ear that include a notjbosstest-web.war to test ears
- with the same war names conflicting.
- Access the http://{host}/jbosstest-not2/unrestricted/SecureServlet</desc>
+ <desc>Test objective: Deploy a second ear that include a notjbosstest-web.war to test ears
+ with the same war names conflicting.
+ Access the http://{host}/jbosstest-not2/unrestricted/SecureServlet
+ Expected result: URL has to be accessible (pass without exception).
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testUnauthorizedAccess">
- <desc>JBAS-3279: Authenticated user can bypass declarative role checks for servlets</desc>
+ <desc>Test objective: JBAS-3279: Authenticated user can bypass declarative role checks for servlets
+ Expected result: Users cannot bypass the role checks.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
</testCase>
<testCase name="org.jboss.test.securitymgr.test.WebIntegrationUnitTestCase">
- <desc>Tests of servlet container integration into the JBoss server. This test
- requires than a web container be integrated into the JBoss server. The tests
- currently do NOT use the java.net.HttpURLConnection and associated http client
- and these do not return valid HTTP error codes so if a failure occurs it
- is best to connect the webserver using a browser to look for additional error
- info.
-
- The secure access tests require a user named 'jduke' with a password of 'theduke'
- with a role of 'AuthorizedUser' in the servlet container.</desc>
- <test name="testRealPath">
- <desc>Access the http://{host}/jbosstest/APIServlet to test the
- * getRealPath method</desc>
- <TSFI>tsfi.http</TSFI>
- </test>
- <test name="testHttpSessionListener">
- <desc>Access the http://{host}/jbosstest/APIServlet to test the
- * HttpSessionListener events</desc>
- <TSFI>tsfi.http</TSFI>
- </test>
- <test name="testEJBOnStartupServlet">
- <desc>Access the http://{host}/jbosstest/EJBOnStartupServlet</desc>
- <TSFI>tsfi.http</TSFI>
- </test>
- <test name="testENCServlet">
- <desc>Access the http://{host}/jbosstest/ENCServlet</desc>
- <TSFI>tsfi.http</TSFI>
- </test>
- <test name="testServletInJar">
- <desc>Access the http://{host}/jbosstest/SimpleServlet to test that servlets
- * in the WEB-INF/lib jar.</desc>
- <TSFI>tsfi.http</TSFI>
- </test>
- <test name="testEJBServlet">
- <desc>Access the http://{host}/jbosstest/EJBServlet</desc>
- <TSFI>tsfi.http</TSFI>
- </test>
- <test name="testEntityServlet">
- <desc>Access the http://{host}/jbosstest/EntityServlet</desc>
- <TSFI>tsfi.http</TSFI>
- </test>
- <test name="testStatefulSessionServlet">
- <desc>Access the http://{host}/jbosstest/StatefulSessionServlet</desc>
- <TSFI>tsfi.http</TSFI>
- </test>
- <test name="testUserTransactionServlet">
- <desc>Access the http://{host}/jbosstest/UserTransactionServlet</desc>
- <TSFI>tsfi.http</TSFI>
- </test>
- <test name="testSpeedServlet">
- <desc>Access the http://{host}/jbosstest/SpeedServlet</desc>
- <TSFI>tsfi.http</TSFI>
- </test>
- <test name="testSnoopJSP">
- <desc>Access the http://{host}/jbosstest/snoop.jsp</desc>
- <TSFI>tsfi.http</TSFI>
- </test>
- <test name="testSnoopJSPByPattern">
- <desc>Access the http://{host}/jbosstest/snoop.jsp</desc>
- <TSFI>tsfi.http</TSFI>
- </test>
- <test name="testSnoopJSPByMapping">
- <desc>Access the http://{host}/jbosstest/test-jsp-mapping</desc>
- <TSFI>tsfi.http</TSFI>
- </test>
- <test name="testJSPClasspath">
- <desc>Access the http://{host}/jbosstest/classpath.jsp</desc>
- <TSFI>tsfi.http</TSFI>
- </test>
+ <desc>Basic tests for web apps. Using security manager.</desc>
<test name="testClientLoginServlet">
- <desc>Access the http://{host}/jbosstest/ClientLoginServlet</desc>
+ <desc>Test objective: Access the http://{host}/jbosstest/ClientLoginServlet
+ Expected result: URL has to be accessible (pass without exception).
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testUserInRoleServlet">
- <desc>Access the http://{host}/jbosstest/restricted/UserInRoleServlet to
- * test isUserInRole.</desc>
+ <desc>Test objective: Access the http://{host}/jbosstest/restricted/UserInRoleServlet to test isUserInRole.
+ Expected result: URL has to be accessible (pass without exception).
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testSecureServlet">
- <desc>Access the http://{host}/jbosstest/restricted/SecureServlet</desc>
+ <desc>Test objective: Access the http://{host}/jbosstest/restricted/SecureServlet
+ Expected result: URL has to be accessible (pass without exception).
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testSecureServlet2">
- <desc>Access the http://{host}/jbosstest/restricted2/SecureServlet</desc>
+ <desc>Test objective: Access the http://{host}/jbosstest/restricted2/SecureServlet.
+ Expected result: URL has to be accessible (pass without exception).
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testSubjectServlet">
- <desc>Access the http://{host}/jbosstest/restricted/SubjectServlet</desc>
+ <desc>Test objective: Access the http://{host}/jbosstest/restricted/SubjectServlet.
+ Expected result: URL has to be accessible (pass without exception).
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testSecureServletAndUnsecureAccess">
- <desc>Access the http://{host}/jbosstest/restricted/SecureServlet</desc>
+ <desc>Test objecive: Access the http://{host}/jbosstest/restricted/SecureServlet
+ Expected result: URL has to be accessible (pass without exception).
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testSecureServletWithBadPass">
- <desc>Access the http://{host}/jbosstest/restricted/SecureServlet</desc>
+ <desc>Access the http://{host}/jbosstest/restricted/SecureServlet
+ Expected result: URL cannot be accessible.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testSecureServletWithNoLogin">
- <desc>Access the http://{host}/jbosstest/restricted/SecureServlet</desc>
+ <desc>Test objective: Access the http://{host}/jbosstest/restricted/SecureServlet
+ Expected result: URL cannot be accessible.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testNotJbosstest">
- <desc>Access the http://{host}/jbosstest-not/unrestricted/SecureServlet</desc>
+ <desc>Test objective: Access the http://{host}/jbosstest-not/unrestricted/SecureServlet
+ Expected result: URL has to be accessible (pass without exception).
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testSecuredEntityFacadeServlet">
- <desc>Access the http://{host}/jbosstest/restricted/SecuredEntityFacadeServlet</desc>
+ <desc>Test objective: Access the http://{host}/jbosstest/restricted/SecuredEntityFacadeServlet
+ Expected result: URL has to be accessible (pass without exception).
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testSecureEJBAccess">
- <desc>Access the http://{host}/jbosstest/restricted/SecureEJBAccess</desc>
+ <desc>Test objective: Access the http://{host}/jbosstest/restricted/SecureEJBAccess
+ Expected result: URL has to be accessible (pass without exception).
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testIncludeEJB">
- <desc>Access the http://{host}/jbosstest/restricted/include_ejb.jsp</desc>
+ <desc>Test objective: Access the http://{host}/jbosstest/restricted/include_ejb.jsp
+ Expected result: URL has to be accessible (pass without exception).
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testUnsecureEJBAccess">
- <desc>Access the http://{host}/jbosstest/UnsecureEJBAccess with method=echo
- * to test that an unsecured servlet cannot access a secured EJB method
- * that requires a valid permission. This should fail.</desc>
+ <desc>Test objective: Access the http://{host}/jbosstest/UnsecureEJBAccess with method=echo
+ to test that an unsecured servlet cannot access a secured EJB method
+ that requires a valid permission.
+ Expected result: URL cannot be accessible. This should fail.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testUnsecureAnonEJBAccess">
- <desc>Access the http://{host}/jbosstest/UnsecureEJBAccess with method=unchecked
- * to test that an unsecured servlet can access a secured EJB method that
- * only requires an authenticated user. This requires unauthenticated
- * identity support by the web security domain.</desc>
+ <desc>Test objective: Access the http://{host}/jbosstest/UnsecureEJBAccess with method=unchecked
+ to test that an unsecured servlet can access a secured EJB method that
+ only requires an authenticated user. This requires unauthenticated
+ identity support by the web security domain.
+ Expected result: URL has to be accessible (pass without exception).
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testUnsecureRunAsServlet">
- <desc></desc>
+ <desc>Test objective: Access the baseURLNoAuth+"jbosstest/UnsecureEJBAccess?method=echo"
+ Expected result: URL has to be accessible (pass without exception).
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testUnsecureRunAsServletWithPrincipalName">
- <desc>Access the http://{host}/jbosstest/UnsecureRunAsServletWithPrincipalName
- * to test that an unsecured servlet can access a secured EJB method by using
- * a run-as role. This should also have a custom run-as principal name.</desc>
+ <desc>Test objective: Access the http://{host}/jbosstest/UnsecureRunAsServletWithPrincipalName
+ to test that an unsecured servlet can access a secured EJB method by using
+ a run-as role. This should also have a custom run-as principal name.
+ Expected result: URL has to be accessible (pass without exception).
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testUnsecureRunAsServletWithPrincipalNameAndRoles">
- <desc>Access the http://{host}/jbosstest/UnsecureRunAsServletWithPrincipalNameAndRoles
- * to test that an unsecured servlet can access a secured EJB method by using
- * a run-as role. This should also have a custom run-as principal name and
- * additional roles.</desc>
+ <desc>Test objective: Access the http://{host}/jbosstest/UnsecureRunAsServletWithPrincipalNameAndRoles
+ to test that an unsecured servlet can access a secured EJB method by using
+ a run-as role. This should also have a custom run-as principal name and
+ additional roles.
+ Expected result: URL has to be accessible (pass without exception).
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testNotJbosstest2">
- <desc>Deploy a second ear that include a notjbosstest-web.war to test ears
- with the same war names conflicting.
- Access the http://{host}/jbosstest-not2/unrestricted/SecureServlet</desc>
+ <desc>Test objective: Deploy a second ear that include a notjbosstest-web.war to test ears
+ with the same war names conflicting.
+ Access the http://{host}/jbosstest-not2/unrestricted/SecureServlet
+ Expected result: URL has to be accessible (pass without exception).
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
- <test name="testBadWarRedeploy">
- <desc>Deploy a bad war and then redploy with a fixed war to test failed war
- * cleanup.
- * Access the http://{host}/redeploy/index.html</desc>
- <TSFI>tsfi.http</TSFI>
- </test>
- <test name="testWarManifest">
- <desc>Test of a war that accesses classes referred to via the war manifest
- * classpath. Access the http://{host}/manifest/classpath.jsp</desc>
- <TSFI>tsfi.http</TSFI>
- </test>
- <test name="testBadEarRedeploy">
- <desc></desc>
- <TSFI>tsfi.http</TSFI>
- </test>
- <test name="testJava2ClassLoadingComplianceOverride">
- <desc>Validate a war level override of the
- * java2ClassLoadingComplianceOverride flag to true with a
- * useJBossWebLoader = false</desc>
- <TSFI>tsfi.http</TSFI>
- </test>
- <test name="testJava2ClassLoadingComplianceOverrideULR">
- <desc>Validate a war level override of the
- * java2ClassLoadingComplianceOverride flag to true with a
- * useJBossWebLoader = true</desc>
- <TSFI>tsfi.http</TSFI>
- </test>
<test name="testUnauthorizedAccess">
- <desc>JBAS-3279: Authenticated user can bypass declarative role checks for servlets</desc>
+ <desc>Test objective: JBAS-3279: Authenticated user can bypass declarative role checks for servlets
+ Expected result: Users cannot bypass the role checks.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
</testCase>
<testCase name="org.jboss.test.web.security.CustomHeaderAuthTestCase">
<desc>JBAS-2283: Custom Header based authentication</desc>
<test name="testRegularFormAuth">
- <desc>Ensure that in the absence of headers, there is regular
- * form based authentication</desc>
+ <desc>Test objective: Ensure that in the absence of headers, there is regular form based authentication.
+ Expected result: Test should pass without any exception.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
</testCase>
- <!--
- <testCase name="org.jboss.test.web.test.ClusteredSingleSignOnUnitTestCase">
- <desc>Tests of web app single sign-on in a clustered environment</desc>
- <test name="testUndeployNonClusteredWebapp">
- <desc></desc>
- <TSFI>tsfi.http</TSFI>
- </test>
- <test name="testUndeployClusteredWebapp">
- <desc></desc>
- <TSFI>tsfi.http</TSFI>
- </test>
- <test name="testFormAuthSingleSignOn">
- <desc>Test single sign-on across two web apps using form based auth</desc>
- <TSFI>tsfi.http</TSFI>
- </test>
- <test name="testNoAuthSingleSignOn">
- <desc>Test single sign-on across two web apps using form based auth</desc>
- <TSFI>tsfi.http</TSFI>
- </test>
- <test name="testSessionExpiration">
- <desc>Tests that use of transactions in ClusteredSSO does not interfere
- * with session expiration thread. See JBAS-2212.</desc>
- <TSFI>tsfi.http</TSFI>
- </test>
- </testCase>
- -->
- <testCase name="FormAuthUnitTestCase">
+ <testCase name="org.jboss.test.web.test.FormAuthUnitTestCase">
<desc>Tests of form authentication</desc>
<test name="testFormAuth">
- <desc>Test form authentication of a secured servlet</desc>
+ <desc>Test objective: Test form authentication of a secured servlet.
+ Expected result: Access the resuorce with proper login.
+ Access the resource without attempting a login to validate that the
+ session is valid and that any caching on the server is working as expected.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testFormAuthException">
- <desc>Test that a bad login is redirected to the errors.jsp and that the
- * session j_exception is not null.
- * </desc>
+ <desc>Test objective: Test that a bad login is redirected to the errors.jsp and that the
+ session j_exception is not null.
+ Expected result: All assertions on returned content have to pass.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testFormAuthSubject">
- <desc>Test form authentication of a secured servlet and validate that there is
- * a SecurityAssociation setting Subject. </desc>
+ <desc>Test objective: Test form authentication of a secured servlet and validate that there is
+ a SecurityAssociation setting Subject.
+ Expected result: All assertions on returned content have to pass.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testPostDataFormAuth">
- <desc>Test that a post from an unsecured form to a secured servlet does not
- * loose its data during the redirct to the form login.</desc>
+ <desc>Test objective: Test that a post from an unsecured form to a secured servlet does not
+ loose its data during the redirct to the form login.
+ Expected result: All assertions on returned content have to pass.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testFlushOnSessionInvalidation">
- <desc>Test that the war which use <security-domain flushOnSessionInvalidation="true">
- * in the jboss-web.xml does not have any jaas security domain cache entries
- * after the web session has been invalidated.</desc>
+ <desc>Test objective: Test that the war which use <security-domain flushOnSessionInvalidation="true">
+ in the jboss-web.xml does not have any jaas security domain cache entries
+ after the web session has been invalidated.
+ Expected result: All assertions have to pass to ensure there are not leftovers.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
</testCase>
<testCase name="org.jboss.test.web.test.SingleSignOnUnitTestCase">
- <desc>ests of web app single sign-on</desc>
+ <desc>Tests of web app single sign-on</desc>
<test name="testFormAuthSingleSignOn">
- <desc>Test single sign-on across two web apps using form based auth</desc>
+ <desc>Test objective: Test single sign-on across two web apps using form based auth.
+ Expected result: All assertions have to pass.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testNoAuthSingleSignOn">
- <desc>Test single sign-on across two web apps using form based auth</desc>
+ <desc>Test objective: Test single sign-on across two web apps using form based auth
+ Expected result: All assertions have to pass.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
</testCase>
<testCase name="org.jboss.test.web.test.UserInRoleUnitTestCase">
<desc>Tests of the servlet request isUserInRole call.</desc>
<test name="testRoleWithLink">
- <desc>Test that the custom 404 error page is seen</desc>
+ <desc>Test objective: Access to baseURL+"userinrole/testRoleWithLink"
+ Expected result: URL has to be accessible (pass without exception).
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testRoleWithoutLink">
- <desc></desc>
+ <desc>Test objective: Access to baseURL+"userinrole/testUnreferencedRole"
+ Expected result: URL has to be accessible (pass without exception).
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testConflictingUserInRole">
- <desc>Test that two wars from different security domains with common principal
- * names do not conflict in terms of isUserInRole results.
- * http://jira.jboss.com/jira/browse/JBAS-3043
- *
- * This is the non-jacc version where the programmatic security of isUserInRole
- * will work off of the roles populated in the subject, irrespective of whether
- * the roles are fully defined in the web.xml</desc>
+ <desc>Test objective: Test that two wars from different security domains with common principal
+ names do not conflict in terms of isUserInRole results.
+
+ This is the non-jacc version where the programmatic security of isUserInRole
+ will work off of the roles populated in the subject, irrespective of whether
+ the roles are fully defined in the web.xml
+ Expected result: All assertions on returned content have to pass.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testConflictingUserInRoleJaccVersion">
- <desc>Test that two wars from different security domains with common principal
- * names do not conflict in terms of isUserInRole results.
- * http://jira.jboss.com/jira/browse/JBAS-3043
- *
- * This is the jacc version where the programmatic security of isUserInRole
- * will work only of the roles are fully defined in the web.xml</desc>
+ <desc>Test objective: Test that two wars from different security domains with common principal
+ names do not conflict in terms of isUserInRole results.
+
+ This is the jacc version where the programmatic security of isUserInRole
+ will work only of the roles are fully defined in the web.xml
+ Expected result: All assertions on returned content have to pass.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
</testCase>
<testCase name="org.jboss.test.web.test.WebProgrammaticLoginTestCase">
<desc>JBAS-4077: Web Programmatic Login </desc>
<test name="testUnsuccessfulLogin">
- <desc>Test unsuccessful login</desc>
+ <desc>Test objective: Test unsuccessful login
+ Expected result: All assertions on access allowed/denied have to pass.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testSuccessfulLogin">
- <desc>Test Successful programmatic login in a servlet</desc>
+ <desc>Test objective: Test Successful programmatic login in a servlet
+ Expected result: All assertions on access allowed/denied have to pass.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
</testCase>
<testCase name="org.jboss.test.jmx.test.SecureRMIAdaptorUnitTestCase">
<desc>Tests for a secured deployment of the jmx invoker adaptor</desc>
<test name="testAuthenticatedAccess">
- <desc>Test that a valid jmx-console domain user can invoke operations
- * through the jmx/invoker/AuthenticatedRMIAdaptor</desc>
+ <desc>Test objective: Test that a valid jmx-console domain user can invoke operations
+ through the jmx/invoker/AuthenticatedRMIAdaptor.
+ Expected result: Test has to pass without exception which means access was granted.
+ </desc>
<TSFI>tsfi.jmx.rmi</TSFI>
</test>
<test name="testUnauthenticatedAccess">
- <desc>Test that a valid jmx-console domain user can NOT invoke operations
- * through the jmx/invoker/AuthenticatedRMIAdaptor</desc>
+ <desc>Test objective: Test that a valid jmx-console domain user can NOT invoke operations
+ through the jmx/invoker/AuthenticatedRMIAdaptor
+ Expected result: Call to getAttribute should fail and exception has to be caught.
+ </desc>
<TSFI>tsfi.jmx.rmi</TSFI>
</test>
<test name="testAuthorizedAccess">
- <desc>Test that a valid jmx-console domain user can invoke operations
- * through the jmx/invoker/AuthenticatedRMIAdaptor</desc>
+ <desc>Test objective: Test that a valid jmx-console domain user can invoke operations
+ through the jmx/invoker/AuthenticatedRMIAdaptor.
+ Expected result: Test has to pass without exception which means authorization to call operations was granted.
+ </desc>
<TSFI>tsfi.jmx.rmi</TSFI>
</test>
<test name="testUnauthorizedAccess">
- <desc>Test that a valid jmx-console domain user can NOT invoke operations
- * through the jmx/invoker/AuthenticatedRMIAdaptor</desc>
+ <desc>Test objective: Test that a valid jmx-console domain user can NOT invoke operations
+ through the jmx/invoker/AuthenticatedRMIAdaptor
+ Expected result: Call to getAttribute should fail and exception has to be caught.
+ </desc>
<TSFI>tsfi.jmx.rmi</TSFI>
</test>
</testCase>
<testCase name="org.jboss.test.naming.test.SecurityUnitTestCase">
<desc>Tests of secured access to the JNDI naming service. This testsuite will be run with the standard security resources available via the classpath.</desc>
<test name="testSecureHttpInvokerFailure">
- <desc>Test access to the security http InitialContext without a login</desc>
+ <desc>Test objective: Test access to the security http InitialContext without a login.
+ Expected result: "jmx" shoudn't have to be able to lookup.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testSecureHttpInvoker">
- <desc>Test access to the JNDI naming service over a restricted http URL</desc>
+ <desc>Test objective: Test access to the JNDI naming service over a restricted http URL.
+ Expected result: Test has to pass without exception and after logout principal has to be equal to null.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testHttpReadonlyLookup">
- <desc>Test access of the readonly context without a login</desc>
+ <desc>Test objective: Test access of the readonly context without a login.
+ Expected result: Lookup to readonly data has to be possible, but attaching data into readonly subtree is denied.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testHttpReadonlyContextLookup">
- <desc>Test access of the readonly context without a login</desc>
+ <desc>Test objective: Test access of the readonly context without a login.
+ Expected result: Readonly stuff has to be accessed, but not bindable. Context not under readonly should not be accessed.
+ </desc>
<TSFI>tsfi.http</TSFI>
</test>
<test name="testLoginInitialContext">
- <desc>Test an initial context factory that does a JAAS login to validate the credentials passed in</desc>
- <TSFI>???jnp.. isn't it disabled?</TSFI>
+ <desc>Test objective: Test an initial context factory that does a JAAS login to validate the credentials passed in.
+ Expected result: Initial context has to be accessed with proper login, but disallowed using bad password.
+ </desc>
+ <TSFI>tsfi.jnp</TSFI>
</test>
<test name="testSecureEJBViaLoginInitialContextFactory">
- <desc>Use the LoginInitialContextFactory to access a secured ejb</desc>
- <TSFI>???jnp.. isn't it disabled?</TSFI>
+ <desc>Test objective: Use the LoginInitialContextFactory to access a secured ejb
+ Expected result: EJB has to be accessed with proper login, but disallowed using bad password.
+ </desc>
+ <TSFI>tsfi.jnp</TSFI>
</test>
<test name="testSecureEJBViaJndiLoginInitialContextFactory">
- <desc>Use the JndiLoginInitialContextFactory to access a secured ejb</desc>
- <TSFI>???jnp.. isn't it disabled?</TSFI>
+ <desc>Test objective: Use the JndiLoginInitialContextFactory to access a secured ejb.
+ Expected result: EJB has to be accessed with proper login, but disallowed using bad password.
+ </desc>
+ <TSFI>tsfi.jnp</TSFI>
</test>
<test name="testEjbLinkLocalSecured">
- <desc></desc>
- <TSFI>???jnp.. isn't it disabled?</TSFI>
+ <desc>Test objective: Use the JndiLoginInitialContextFactory to access a secured ejb which was redeployed after creation of initial context.
+ Expected result: EJB has to be accessed with proper login, but disallowed using bad password.
+ </desc>
+ <TSFI>tsfi.jnp</TSFI>
</test>
</testCase>
<testCase name="org.jboss.test.aop.test.SecurityUnitTestCase">
<desc></desc>
<test name="testAnnotated">
- <desc>Objective: Test all annotated aspects</desc>
+ <desc>Test objective: Test all annotated aspects.
+ Expected result: All AOP tests has to finish without exception.
+ </desc>
<TSFI>tsfi.Permissions</TSFI>
<TSFI>tsfi.Unchecked</TSFI>
<TSFI>tsfi.Exclude</TSFI>
@@ -1726,450 +1800,4 @@
</testCase>
</testSuite>
- <testSuite name="JBM">
-
- <testCase name="org.jboss.test.messaging.jms.SecurityTest">
- <desc>Test JMS Security. This test must be run with the Test security config. on the server.</desc>
- <test name="testLoginNoUserNoPassword ">
- <desc>Login with no user, no password. Should allow login (equivalent to guest)</desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testLoginValidUserAndPassword">
- <desc>Login with valid user and password
- * Should allow</desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testLoginValidUserInvalidPassword">
- <desc>Login with valid user and invalid password</desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testLoginInvalidUserInvalidPassword">
- <desc>Login with invalid user and invalid password</desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testPreConfClientID">
- <desc>user/pwd with preconfigured clientID, should return preconf</desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testSetClientID">
- <desc>Try setting client ID</desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testSetClientIDPreConf">
- <desc>Try setting client ID on preconfigured connection - should throw exception</desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testAnonymousConnection">
- <desc>Authorization tests</desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testValidTopicPublisher">
- <desc></desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testInvalidTopicPublisher">
- <desc></desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testValidTopicSubscriber">
- <desc></desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testInvalidTopicSubscriber">
- <desc></desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testValidQueueBrowser">
- <desc></desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testInvalidQueueBrowser">
- <desc></desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testValidQueueSender">
- <desc></desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testInvalidQueueSender">
- <desc></desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testValidQueueReceiver">
- <desc></desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testInvalidQueueReceiver">
- <desc></desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testValidDurableSubscriptionCreationPreConf">
- <desc>Test valid durable subscription creation for connection preconfigured with client id</desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testInvalidDurableSubscriptionCreationPreConf">
- <desc> Test invalid durable subscription creation for connection preconfigured with client id</desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testValidDurableSubscriptionCreationNotPreConf">
- <desc>Test valid durable subscription creation for connection not preconfigured with client id</desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testInvalidDurableSubscriptionCreationNotPreConf">
- <desc>Test invalid durable subscription creation for connection not preconfigured with client id</desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testDefaultSecurityValid">
- <desc></desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testDefaultSecurityInvalid">
- <desc></desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testDefaultSecurityUpdate">
- <desc>This test makes sure that changing the default security configuration on the server has effect over already deployed destinations.</desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testQueueSecurityUpdateStopped">
- <desc>This test makes sure that changing the queue security configuration on the server has effect
- * over destinations when they are stopped (this is what happens in a real deployment - the security config
- * gets set before the queue/topic is started
- * See http://jira.jboss.com/jira/browse/JBMESSAGING-976</desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testTopicSecurityUpdateStopped">
- <desc> * This test makes sure that changing the topic security configuration on the server has effect
- * over destinations when they are stopped (this is what happens in a real deployment - the security config
- * gets set before the queue/topic is started
- * See http://jira.jboss.com/jira/browse/JBMESSAGING-976</desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testQueueSecurityUpdate">
- <desc>This test makes sure that changing the queue security configuration on the server has effect
- * over already deployed destinations.</desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testTopicSecurityUpdate">
- <desc>This test makes sure that changing the topic security configuration on the server has effect
- * over already deployed destinations.</desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testSecurityForQueuesAndTopicsWithTheSameName">
- <desc></desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testSecurityForTemporaryQueue">
- <desc></desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testSecurityForTemporaryTopic">
- <desc></desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testSecurityForTemporaryDestination">
- <desc></desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testSecurityOnXA">
- <desc>This Validate sending messages on an Queue where the user don't have write authorization</desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- </testCase>
- <testCase name="org.jboss.test.thirdparty.jbosssx.SecurityAssociationTest">
- <desc>Set of tests to insure consistent behavior relative to the JBoss AS security infrastructure.
- * This is just a safety layer, full fledged security tests should be present in the integration
- * test suite.</desc>
- <test name="testSecurityAssociation">
- <desc></desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testGuestAuthorizedSend">
- <desc>Send a message to a queue that requires write permissions, and make sure the thread local
- * SecurityContext stack is correctly cleaned up after that. We're using a test security
- * manager that simulates a JBoss JaasSecurityManager.</desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- <test name="testAuthorizedSend">
- <desc>Send a message to a queue that requires write permissions, and make sure the thread local
- * SecurityContext stack is correctly cleaned up after that. We're using a test security
- * manager that simulates a JBoss JaasSecurityManager.</desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- </testCase>
- <testCase name="org.jboss.test.security.test.HttpsUnitTestCase">
- <desc>Test of using https urls inside of the JBoss server. This testcase
- creates a simple https server and deploys a service that tries to
- connect to the server using the https url passed to the service.</desc>
- <test name="testJSSE">
- <desc>Test the JSSE installation</desc>
- <TSFI>tsfi.https</TSFI>
- </test>
- <test name="testHttpsURL">
- <desc>Test a login against the SRP service using the SRPLoginModule</desc>
- <TSFI>tsfi.https</TSFI>
- </test>
- </testCase>
-
- <!-- template -->
- <testCase name="">
- <desc></desc>
- <test name="">
- <desc></desc>
- <TSFI>tsfi.jms</TSFI>
- </test>
- </testCase>
-
- </testSuite>
-
- <!-- JBoss (TOE) has passed J2EE TCK 1.4, so some testcases from there are also picked up -->
- <testSuite name="CTS">
- <testCase name="com.sun.ts.tests.ejb.ee.timer.entity.cmp20.Client">
- <desc>EJB:SPEC:864, 864.1, 864.2 If the Bean Provider invokes the setRollbackOnly method from within the ejbTimeout method, the container must rollback the transaction in which the ejbTimeout method is invoked. The container must retry the timeout after the transaction rollback. </desc>
- <test name="rollbackTxInEjbTimeoutIntervalTest">
- <desc>Create a container-managed transaction bean implementing the TimedObject interface. Create an entity bean with two flags; one flag is set with a Requires method, the other with RequiresNew. Both flags are initialized unset. Create an interval timer. In a transaction context in the ejbTimeout method, set both flags, and cause the transaction to be rolled back. When the ejbTimeout method is retried, verify that the transaction has been rolled back if the RequiresNew flag is set and the Requires flag is unset. In the application client, block on a JMS receive for a period longer than the timer's duration. Verify that the correct message from ejbTimeout was received. API tested: TimerService.createTimer(long, long, Serializable) </desc>
- <TSFI>tsfi.jts.api</TSFI>
- </test>
- <test name="rollbackTxInEjbTimeoutSingleEventTest">
- <desc>Create a container-managed transaction bean implementing the TimedObject interface. Create an entity bean with two flags; one flag is set with a Requires method, the other with RequiresNew. Both flags are initialized unset. Create an single-event timer. In a transaction context in the ejbTimeout method, set both flags, and cause the transaction to be rolled back. When the ejbTimeout method is retried, verify that the transaction has been rolled back if the RequiresNew flag is set and the Requires flag is unset. In the application client, block on a JMS receive for a period longer than the timer's duration. Verify that the correct message from ejbTimeout was received. API tested: TimerService.createTimer(long, Serializable)</desc>
- <TSFI>tsfi.jts.api</TSFI>
- </test>
- </testCase>
-
- <testCase name="com.sun.ts.tests.ejb.ee.timer.mdb.Client">
- <desc>EJB:SPEC:864, 864.1, 864.2 If the Bean Provider invokes the setRollbackOnly method from within the ejbTimeout method, the container must rollback the transaction in which the ejbTimeout method is invoked. The container must retry the timeout after the transaction rollback. </desc>
- <test name="rollbackTxInEjbTimeoutSingleEventTest">
- <desc>Create a message-driven container-managed transaction bean implementing the TimedObject interface. Create an entity bean with two flags; one flag is set with a Requires method, the other with RequiresNew. Both flags are initialized unset. Create an single-event timer. In a transaction context in the ejbTimeout method, set both flags, and cause the transaction to be rolled back. When the ejbTimeout method is retried, verify that the transaction has been rolled back if the RequiresNew flag is set and the Requires flag is unset. In the application client, block on a JMS receive for a period longer than the timer's duration. Verify that the correct message from ejbTimeout was received. API tested: TimerService.createTimer(long, Serializable)</desc>
- <TSFI>tsfi.jts.api</TSFI>
- </test>
- </testCase>
-
- <testCase name="com.sun.ts.tests.ejb.ee.timer.session.stateless.bm.Client">
- <desc>EJB:SPEC:849 If an enterprise bean cancels a timer within a transaction, and if the transaction is rolled back, the container rescinds the timer cancellation. </desc>
- <test name="cancelAndRollbackSingleEventTest">
- <desc> Create a bean implementing the TimedObject interface.
- In the ejbTimeout method, send a JMS message.
- Create a single-event timer within a transaction
- context.
- In a separate transaction, cancel the timer and
- roll back the transaction.
- Access the timer and verify that no exception is
- thrown.
- In the application client, block on a JMS receive
- for a period longer than the timer's duration.
- Verify that the message is received.
- API tested:
- TimerService.createTimer(long, Serializable)
- Timer.getHandle()
- TimerHandle.getTimer()
- </desc>
- <TSFI>tsfi.jts.api</TSFI>
- </test>
-</testCase>
- <testCase name="com.sun.ts.tests.ejb.ee.timer.session.stateless.cm.Client">
- <desc>EJB:SPEC:848 If an enterprise bean creates a timer within a transaction, and if the transaction is rolled back, the timer creation is rolled back.</desc>
- <test name="rollbackTxOnCreationSingleEventTest">
- <desc>Create a container-managed transaction bean implementing the TimedObject interface. Create an entity bean with two flags; one flag is set with a Requires method, the other with RequiresNew. Both flags are initialized unset. Create an single-event timer. In a transaction context in the ejbTimeout method, set both flags, and cause the transaction to be rolled back. When the ejbTimeout method is retried, verify that the transaction has been rolled back if the RequiresNew flag is set and the Requires flag is unset. In the application client, block on a JMS receive for a period longer than the timer's duration. Verify that the correct message from ejbTimeout was received. API tested: TimerService.createTimer(long, Serializable)</desc>
- <TSFI>tsfi.jts.api</TSFI>
- </test>
- </testCase>
- <testCase name="com.sun.ts.tests.ejb.ee.tx.entity.cmp.cm.Tx_SetRollbackOnly.Client">
- <desc>EJB:SPEC:589 When the EJBContext.setRollbackOnly() method is invoked from a business method executing with the Required, RequiresNew, or Mandatory transaction attribute, the Container must ensure that the transaction will never commit. </desc>
- <test name="test1">
- <desc>setRollbackOnly with EJB - Required
- Create an instance of a stateful session Testbean bean.
- Create an instance of a stateful session TxECMPBean (Required) bean.
- Perform a delete row operation to a table
- and force a rollback via EJBContext.setRollbackOnly().
- Ensure the EJBContext.getRollbackOnly() status returns true.
- Ensure the transaction is rolledback.
- </desc>
- <TSFI>tsfi.jts.api</TSFI>
- </test>
- <test name="test5">
- <desc>setRollbackOnly with EJB - Mandatory
- Create an instance of a stateful session Testbean bean.
- Create an instance of a stateful session TxECMPBean (Mandatory) bean.
- Mark a transaction involving an entity EJB for rollback, in a Mandatory case
- Verify that and TransactionRequiredException is thrown due to the fact that the call to create was not in a transaction.
- </desc>
- <TSFI>tsfi.jts.api</TSFI>
- </test>
- <test name="test8">
- <desc>setRollbackOnly with EJB - RequiresNew
- Create an instance of a stateful session Testbean bean.
- Create an instance of a stateful session TxECMPBean (RequiresNew) bean.
- Perform a delete row operation to a table
- and force a rollback via EJBContext.setRollbackOnly().
- Ensure the EJBContext.getRollbackOnly() status returns true.
- Ensure the transaction is rolledback.
- </desc>
- <TSFI>tsfi.jts.api</TSFI>
- </test>
- </testCase>
-
- <testCase name="com.sun.ts.tests.ejb.ee.tx.session.stateful.bm.TxM_GlobalSingle.Client">
- <desc>EJB:SPEC:543 The javax.transaction.UserTransaction interface is used to demarcate transactions for beans with bean-managed transaction demarcation. An enterprise bean with bean-managed transaction demarcation can rollback a transaction using the rollback() method of the javax.transaction.UserTransaction interface.</desc>
- <test name="test2">
- <desc> Create a stateful session TX_BEAN_MANAGED bean.
- Obtain the UserTransaction interface.
- Perform a global transactions using the TxBean
- (deployed as TX_MANDATORY) to a single RDBMS table.
- Insert/Delete followed by a rollback to a single table.
- </desc>
- <TSFI>tsfi.jts.api</TSFI>
- </test>
- </testCase>
-
-
- <testCase name="com.sun.ts.tests.ejb.ee.tx.session.stateful.bm.TxBM_GlobalSingle.Client">
- <desc>EJB:SPEC:543 The javax.transaction.UserTransaction interface is used to demarcate transactions for beans with bean-managed transaction demarcation. An enterprise bean with bean-managed transaction demarcation can rollback a transaction using the rollback() method of the javax.transaction.UserTransaction interface.</desc>
- <test name="test2">
- <desc> Create a stateful session TX_BEAN_MANAGED bean.
- Obtain the UserTransaction interface.
- Perform a global transactions using the TxBean
- (deployed as TX_BEAN_MANAGED) to a single RDBMS table.
- Insert/Delete followed by a rollback to a single table.
- </desc>
- <TSFI>tsfi.jts.api</TSFI>
- </test>
- </testCase>
-
- <testCase name="com.sun.ts.tests.ejb.ee.tx.session.stateful.bm.TxS_GlobalSingle.Client">
- <desc>EJB:SPEC:543 The javax.transaction.UserTransaction interface is used to demarcate transactions for beans with bean-managed transaction demarcation. An enterprise bean with bean-managed transaction demarcation can rollback a transaction using the rollback() method of the javax.transaction.UserTransaction interface.</desc>
- <test name="test2">
- <desc> Create a stateful session TX_BEAN_MANAGED bean.
- Obtain the UserTransaction interface.
- Perform a global transactions using the TxBean
- (deployed as TX_SUPPORTS) to a single RDBMS table.
- Insert/Delete followed by a rollback to a single table.
- </desc>
- <TSFI>tsfi.jts.api</TSFI>
- </test>
- </testCase>
-
- <testCase name="com.sun.ts.tests.ejb.ee.tx.session.stateful.bm.TxRN_GlobalSingle.Client">
- <desc>EJB:SPEC:543 The javax.transaction.UserTransaction interface is used to demarcate transactions for beans with bean-managed transaction demarcation. An enterprise bean with bean-managed transaction demarcation can rollback a transaction using the rollback() method of the javax.transaction.UserTransaction interface.</desc>
- <test name="test2">
- <desc> Create a stateful session TX_BEAN_MANAGED bean.
- Obtain the UserTransaction interface.
- Perform a global transactions using the TxBean
- (deployed as TX_REQUIRESNEW) to a single RDBMS table.
- Insert/Delete followed by a rollback to a single table.
- </desc>
- <TSFI>tsfi.jts.api</TSFI>
- </test>
- </testCase>
-
- <testCase name="com.sun.ts.tests.ejb.ee.tx.session.stateful.bm.TxR_GlobalSingle.Client">
- <desc>EJB:SPEC:543 The javax.transaction.UserTransaction interface is used to demarcate transactions for beans with bean-managed transaction demarcation. An enterprise bean with bean-managed transaction demarcation can rollback a transaction using the rollback() method of the javax.transaction.UserTransaction interface.</desc>
- <test name="test2">
- <desc> Create a stateful session TX_BEAN_MANAGED bean.
- Obtain the UserTransaction interface.
- Perform a global transactions using the TxBean
- (deployed as TX_REQUIRES) to a single RDBMS table.
- Insert/Delete followed by a rollback to a single table.
- </desc>
- <TSFI>tsfi.jts.api</TSFI>
- </test>
- </testCase>
-
- <testCase name="com.sun.ts.tests.ejb.ee.pm.ejbql.tx.Client">
- <desc>The Container is responsible for ensuring that updates to the states of all entity beans in the same transaction context as the ejbFindMETHOD method are visible in the results of the ejbFindMETHOD method. Before invoking the ejbFindMETHOD method, the container must therefore first synchronize the state of any entity bean instances that are participating in the same transaction context as it is used to execute the ejbFindMETHOD method by invoking ejbStore() method on those entity bean instances.</desc>
- <test name="txTest2">
- <desc>Create an instance of a CMP 2.0 entity bean. Begin a transaction with the transaction attribute set to Required. Update the data and ensure that the update is visible within the transaction context by invoking a finder method with associated EJB-QL. Rollback the transaction and verify the rollback was successful.</desc>
- <TSFI>tsfi.jts.api</TSFI>
- </test>
- <test name="txTest4">
- <desc>Create an instance of a CMP 2.0 entity bean. Begin a transaction with the transaction attribute set to RequiredNew. Update the data and ensure that the update is visible within the transaction context by invoking a finder method with associated EJB-QL. Rollback the transaction and verify the rollback was successful.</desc>
- <TSFI>tsfi.jts.api</TSFI>
- </test>
- <test name="txTest6">
- <desc>Create an instance of a CMP 2.0 entity bean. Begin a transaction with the transaction attribute set to Mandatory. Update the data and ensure that the update is visible within the transaction context by invoking a finder method with associated EJB-QL. Rollback the transaction and verify the rollback was successful.</desc>
- <TSFI>tsfi.jts.api</TSFI>
- </test>
- </testCase>
-
- <testCase name="com.sun.ts.tests.integration.session.jspejbjdbc.URLClient">
-<desc>J2EE:SPEC:40, 40.1, 40.2, J2EE:SPEC:47 JSP pages may access multiple resource managers and invoke multiple enterprise beans within a single transaction. The specified transaction context is automatically propagated to the enterprise beans and transactional resource managers.The result of the propagation may be subject to the enterprise bean transaction attributes. If a web component invokes an enterprise bean from a thread associated with a JTA transaction, the J2EE platform must propagate the transaction context with the enterprise bean invocation. Whether the target enterprise bean will be invoked in this transaction context or not is determined by the rules defined in the EJB specification.</desc>
- <test name="test1">
- <desc> Functional test to demonstrate an N-Tier client which performs database transactions via accessing web server component, ejb server component and database server component using the Application Programming Model as described in the J2EE Platform Specification. The test is a complete end-to-end tests and is modeled as follows: URLClient -> JSP -> JAVABEAN -> EJB -> DB. The test strategy is to create an N-Tier Application Test involving jsp and ejb. Deploy it on the J2EE server. Verify correct operations.
-</desc>
- <TSFI>tsfi.jts.api</TSFI>
- </test>
-</testCase>
-<testCase name="com.sun.ts.tests.integration.entity.servletejbjdbc.URLClient">
-<desc>J2EE:SPEC:40, 40.1, 40.2, J2EE:SPEC:47 Servlets may access multiple resource managers and invoke multiple enterprise beans within a single transaction. The specified transaction context is automatically propagated to the enterprise beans and transactional resource managers.The result of the propagation may be subject to the enterprise bean transaction attributes. If a web component invokes an enterprise bean from a thread associated with a JTA transaction, the J2EE platform must propagate the transaction context with the enterprise bean invocation. Whether the target enterprise bean will be invoked in this transaction context or not is determined by the rules defined in the EJB specification.</desc>
- <test name="test1">
- <desc> Functional test to demonstrate an N-Tier client which performs database transactions via accessing web server component, ejb server component and database server component using the Application Programming Model as described in the J2EE Platform Specification. The test is a complete end-to-end tests and is modeled as follows: URLClient -> SERVLET -> JAVABEAN -> EJB -> DB. The test strategy is to create an N-Tier Application Test involving jsp and ejb. Deploy it on the J2EE server. Verify correct operations.
-</desc>
- <TSFI>tsfi.jts.api</TSFI>
- </test>
-</testCase>
-<testCase name="com.sun.ts.tests.integration.sec.propagation.Client">
- <desc>J2EE:SPEC:25 Web containers are required to support access to web resources by clients that have not authenticated themselves to the container. This is the common mode of access to web resources on the Internet. A web container reports that no user has been authenticated by returning null from the HttpServletRequest method getUserPrincipal. This is different than the corresponding result for EJB containers. The EJB specification requires that the EJBContext method getCallerPrincipal always return a valid Principal object. The method can never return null. Components running in a web container must be able to call enterprise beans even when no user has been authenticated in the web container. When a call is made in such a case from a component in a web container to an enterprise bean, a J2EE product must provide a principal for use in the call. A J2EE product may provide a principal for use by unauthenticated callers using many approaches, including, but not limited t!
o: Always use a single distinguished principal. Use a different distinguished principal per server, or per session, or per application. Allow the deployer or system administrator to choose which principal to use through the Run As capability of the web and enterprise bean containers. J2EE:SPEC:30 Propagated Caller Identities. It must be possible to configure a J2EE product so that a propagated caller identity is used in all authorization decisions. With this configuration, for all calls to all enterprise beans from a single application within a single J2EE product, the principal name returned by the EJBContext method getCallerPrincipal must be the same as that returned by the first enterprise bean in the call chain. If the first enterprise bean in the call chain is called by a servlet or JSP page, the principal name must be the same as that returned by the HttpServletRequest method getUserPrincipal in the calling servlet or JSP page. (However, if the HttpServletRequest met!
hod getUserPrincipal returns null, the principal used in calls to ente
rprise beans is not specified by this specification, although it must still be possible to configure enterprise beans to be callable by such components.) Note that this does not require delegation of credentials, only identification of the caller. A single principal must be the principal used in authorization decisions for access to all enterprise beans in the call chain. The requirements in this section apply only when a J2EE product has been configured to propagate caller identity.</desc>
- <test name="test_web_to_ejb_noauth">
- <desc>1. Send request for web_to_ejb_noauth.jsp, a jsp page that
- is set up with no authentication.
- 2. web_to_ejb_noauth.jsp looks up Bean1, a stateless
- session bean.
- 3. web_to_ejb_noauth.jsp calls
- bean1.getCallerPrincipalName(), which returns
- the caller principal.
- 4. web_to_ejb_noauth.jsp returns the caller principal as
- the contents of the web page as follows:
- value of getUserPrincipal().getName()
- call is successful or not
- value of second call to getUserPrincipal()
- 5. Receive response from web_to_ejb_noauth.jsp and ensure
- the principal output is null for both calls in the jsp
- and the call to the ejb is successful.
-
- Note: The value returned for an unauthenticated caller from a
- call to getRemoteUserPrincipal() in a servlet must
- be null, and an unauthenticated caller can call an ejb
- successfully.
- </desc>
- <TSFI>tsfi.http</TSFI>
- </test>
- <test name="test_web_to_ejb_auth">
- <desc> 1. Send request for web_to_ejb_auth.jsp, a jsp page that
- is set up for BASIC authentication. Pass in j2ee as
- username and password.
- 2. web_to_ejb_auth.jsp looks up Bean1, a stateless session
- bean.
- 3. web_to_ejb_auth.jsp calls
- bean1.getCallerPrincipalName(), which returns
- the caller principal.
- 4. web_to_ejb_auth.jsp returns the caller principal as the
- contents of the web page as follows.
- value of getUserPrincipal().getName()
- value of ejb.getCallerPrincipal().getName()
- value of second call to getUserPrincipal()
- 5. Receive response from web_to_ejb_auth.jsp and ensure
- the principal output is "j2ee" for both the jsp and
- the ejb.
- </desc>
- <TSFI>tsfi.http</TSFI>
- </test>
- </testCase>
- <testCase name="com.sun.ts.tests.integration.sec.secbasicssl.Client">
- <desc>J2EE:SPEC:22 All J2EE products are required to support HTTP basic authentication (RFC2068). Platform Providers are also required to support basic authentication over SSL.</desc>
- <test name="test_login_basic_over_ssl">
- <desc> This assertion ensures that HTTP Basic authentication over SSL is supported by the J2EE server. It first calls request.isSecure() to ensure it returns true, indicating that a secure connection is in place. Next, the fully qualified URL for the page being viewed is received via the HttpUtils.getRequestURL( request ) method. This url is checked to make sure it begins with https, indicating HTTPS is in use.</desc>
- <TSFI>tsfi.http</TSFI>
- <TSFI>tsfi.https</TSFI>
- </test>
- </testCase>
-
- <!-- template -->
- <testCase name="">
- <desc></desc>
- <test name="">
- <desc></desc>
- <TSFI></TSFI>
- </test>
- </testCase>
-
- </testSuite>
</cc:testCaseMapping>
More information about the jboss-cvs-commits
mailing list