[jboss-cvs] JBossAS SVN: r80222 - branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/cc.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Oct 29 16:07:53 EDT 2008
Author: pskopek at redhat.com
Date: 2008-10-29 16:07:53 -0400 (Wed, 29 Oct 2008)
New Revision: 80222
Modified:
branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/cc/testCaseMapping_1.0.xml
Log:
JBPAPP-1356: Integrate changes to EJB3 Test Suite for Common Criteria - EJB3 tests descriptions
Modified: branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/cc/testCaseMapping_1.0.xml
===================================================================
--- branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/cc/testCaseMapping_1.0.xml 2008-10-29 20:03:44 UTC (rev 80221)
+++ branches/JBPAPP_4_2_0_GA_CP/testsuite/src/resources/cc/testCaseMapping_1.0.xml 2008-10-29 20:07:53 UTC (rev 80222)
@@ -20,6 +20,24 @@
tsfi.jmx.rmi - JMX using RMI
+
+ The following annotations are part of javax.annotation.security that can be used by application developers in the java source code for EJB 3 to configure security attributes on the server side.
+
+ tsfi.DeclareRoles - @DeclareRoles
+ tsfi.RolesAllowed - @RolesAllowed
+ tsfi.PermitAll - @PermitAll
+ tsfi.DenyAll - @DenyAll
+ tsfi.RunAs - @RunAs
+ tsfi.SecurityDomain - @SecurityDomain
+ tsfi.Clustered - @Clustered
+
+ AOP:
+ tsfi.Permissions - @Permissions
+ tsfi.Unchecked - @Unchecked
+ tsfi.Exclude - @Exclude
+
+
+
tsfi.start -
tsfi.stop -
@@ -34,124 +52,187 @@
<testCase name="org.jboss.ejb3.test.jacc.unit.JaccTestCase">
<desc></desc>
<test name="testUnchecked">
- <desc>?? What about tsfi.rmi.https... it also possible</desc>
+ <desc>Test objective: Tests whether it is possible to call method with unchecked (@PermitAll) security declaration possible.
+ Test calls are in combiation of valid and invalid principal/credential to stateless and stateful EJB.
+ Expected result: Assertions of beans method reuslts has to be fulfilled.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
- <TSFI>tsfi.rmi.http</TSFI>
+ <TSFI>tsfi.PermitAll</TSFI>
</test>
<test name="testChecked">
- <desc></desc>
+ <desc>Test objective: Tests whether it is possible to call method with checked (@RolesAllowed) security declaration possible.
+ Tests if the call using principal without proper role fails.
+ Both cases are tested agains stateless and stateful EJB.
+ Expected result: Assertions of beans method reuslts has to be fulfilled.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
- <TSFI>tsfi.rmi.http</TSFI>
+ <TSFI>tsfi.RolesAllowed</TSFI>
</test>
<test name="testAllEntity">
- <desc></desc>
+ <desc>Test objective: Tests if all entity beans operations read/insert/update/delete
+ work with proper principal with valid role.
+ Second part of test try to call operations without valid role and
+ checks whether it fails with proper exception.
+ Tests are conducted using stateless bean calls.
+ Expected result: Assertions of beans method reuslts has to be fulfilled.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
- <TSFI>tsfi.rmi.http</TSFI>
+ <TSFI>tsfi.PermitAll</TSFI>
</test>
<test name="testStarEntity">
- <desc></desc>
+ <desc>Test objective: Tests if all entity beans operations read/insert/update/delete
+ work for StarEntity with proper principal with valid role.
+ Permissions are specified using "*".
+ Second part of test try to call operations without valid role and
+ checks whether it fails with proper exception.
+ Tests are conducted using stateless bean calls.
+ Expected result: Assertions of beans method reuslts has to be fulfilled.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
- <TSFI>tsfi.rmi.http</TSFI>
+ <TSFI>tsfi.PermitAll</TSFI>
</test>
<test name="testSomeEntity">
- <desc></desc>
+ <desc>Test objective: Tests if some entity beans operations insert/delete
+ work for SomeEntity with proper principal with valid role.
+ Second part of test try to call operations without valid role and
+ checks whether it fails with proper exception.
+ Tests are conducted using stateless bean calls.
+ Expected result: Assertions of beans method reuslts has to be fulfilled.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
- <TSFI>tsfi.rmi.http</TSFI>
+ <TSFI>tsfi.PermitAll</TSFI>
</test>
- <test name="hasSecurityOrEJBException">
- <desc></desc>
- <TSFI>tsfi.rmi.jrmp</TSFI>
- <TSFI>tsfi.rmi.http</TSFI>
- </test>
</testCase>
<testCase name="org.jboss.ejb3.test.security.unit.EJBSpecUnitTestCase">
<desc>Test of EJB spec conformance using the security-spec.jar deployment unit. These test the basic role based access model. These tests incorporate the use of the javax.annotation.security annotations: PermitAll, DeclareRoles, RolesAllowed, DenyAll, RunAs and org.jboss.annotation.security SecurityDomain</desc>
<test name="testSecurityDomain">
- <desc>Validate that the users have the expected logins and roles.</desc>
+ <desc>Test objective: Validate that the users have the expected logins and roles in different security domains.
+ Expected result: Assertions after each login or has role has to be fulfilled.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
- <TSFI>tsfi.rmi.http</TSFI>
</test>
<test name="testGetCallerPrincipal">
- <desc>Test that:
- 1. SecureBean returns a non-null principal when getCallerPrincipal
- is called with a security context and that this is propagated
- to its Entity bean ref.
-
- 2. UnsecureBean throws an IllegalStateException when getCallerPrincipal
- is called without a security context.</desc>
+ <desc>Test objective: 1. SecureBean returns a non-null principal when getCallerPrincipal
+ is called with a security context and that this is propagated
+ to its Entity bean ref.
+ 2. UnsecureBean throws an IllegalStateException when getCallerPrincipal
+ is called without a security context.
+ Expected result: All assertions has to be fulfilled.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
- <TSFI>tsfi.rmi.http</TSFI>
+ <TSFI>tsfi.RolesAllowed</TSFI>
+ <TSFI>tsfi.SecurityDomain</TSFI>
</test>
<test name="testStatefulCreateCaller">
- <desc>Test the use of getCallerPrincipal from within the ejbCreate in a stateful session bean</desc>
+ <desc>Test objective: Test the use of getCallerPrincipal from within the ejbCreate in a stateful session bean
+ Expected result: Subsequent call to echo method has to pass without exceptions.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
- <TSFI>tsfi.rmi.http</TSFI>
+ <TSFI>tsfi.RolesAllowed</TSFI>
+ <TSFI>tsfi.SecurityDomain</TSFI>
</test>
<test name="testDomainInteraction">
- <desc>Test that a call interacting with different security domains does not change the</desc>
+ <desc>Test objective: Test that a call interacting with different security domains does not change the roles assigned to principal at the beginning.
+ Expected result: Roles do not change after interaction and no other exception occure.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
- <TSFI>tsfi.rmi.http</TSFI>
+ <TSFI>tsfi.RolesAllowed</TSFI>
+ <TSFI>tsfi.SecurityDomain</TSFI>
</test>
<test name="testPrincipalPropagation">
- <desc>Test that the calling principal is propagated across bean calls.</desc>
+ <desc>Test objective: Test that the calling principal is propagated across bean calls.
+ Expected result: If principal is correctly propagated, no exception occure.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
- <TSFI>tsfi.rmi.http</TSFI>
+ <TSFI>tsfi.RolesAllowed</TSFI>
+ <TSFI>tsfi.SecurityDomain</TSFI>
</test>
<test name="testMethodAccess">
- <desc></desc>
+ <desc>Test objective: Chech if simple method access works for principal with "Echo" role.
+ Subsequent call to noop method (no security check) has to pass as well.
+ Expected result: Test has to pass without exceptions.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
- <TSFI>tsfi.rmi.http</TSFI>
+ <TSFI>tsfi.RolesAllowed</TSFI>
+ <TSFI>tsfi.SecurityDomain</TSFI>
</test>
<test name="testDomainMethodAccess">
- <desc>Test that the echo method is accessible by an Echo
- role. Since the excluded() method of the StatelessSession
- bean has been placed into the excluded set it should not
- accessible by any user. This uses the security domain of the
- JaasSecurityDomain service to test its use as an authentication mgr.</desc>
+ <desc>Test objective: Test that the echo method is accessible by an Echo role.
+ Since the excluded() method of the StatelessSession
+ bean has been placed into the excluded set it should not
+ accessible by any user. This uses the security domain of the
+ JaasSecurityDomain service to test its use as an authentication mgr.
+ Expected result: echo method has to pass without exception and excluded method has to throw one.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
- <TSFI>tsfi.rmi.http</TSFI>
+ <TSFI>tsfi.RolesAllowed</TSFI>
+ <TSFI>tsfi.SecurityDomain</TSFI>
+ <TSFI>tsfi.DenyAll</TSFI>
</test>
<test name="testMethodAccess2">
- <desc>Test that the permissions assigned to the stateless session bean:
- with ejb-name=org/jboss/test/security/ejb/StatelessSession_test
- are read correctly.</desc>
+ <desc>Test objective: Test that the permissions assigned to the stateless session bean:
+ with ejb-name=org/jboss/test/security/ejb/StatelessSession_test
+ are read correctly.
+ Expected result: echo method has to pass without exception.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
- <TSFI>tsfi.rmi.http</TSFI>
+ <TSFI>tsfi.RolesAllowed</TSFI>
+ <TSFI>tsfi.SecurityDomain</TSFI>
</test>
<test name="a1testLocalMethodAccess">
- <desc>Test a user with Echo and EchoLocal roles can access the CalleeBean
- through its local interface by calling the CallerBean and that a user
- with only a EchoLocal cannot call the CallerBean.</desc>
+ <desc>Test objective: Test a user with Echo and EchoLocal roles can access the CalleeBean
+ through its local interface by calling the CallerBean and that a user
+ with only a EchoLocal cannot call the CallerBean.
+ Expected result: Test has to pass without exception.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
- <TSFI>tsfi.rmi.http</TSFI>
+ <TSFI>tsfi.RolesAllowed</TSFI>
+ <TSFI>tsfi.SecurityDomain</TSFI>
+ <TSFI>tsfi.RunAs</TSFI>
</test>
<test name="testUncheckedRemote">
- <desc>Test access to a bean with a mix of remote interface permissions and unchecked permissions with the unchecked permissions declared first.</desc>
+ <desc>Test objective: Test access to a bean with a mix of remote interface permissions and unchecked permissions with the unchecked permissions declared first.
+ Expected result: echo method has to pass without exception and excluded method has to throw one.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
- <TSFI>tsfi.rmi.http</TSFI>
+ <TSFI>tsfi.RolesAllowed</TSFI>
+ <TSFI>tsfi.SecurityDomain</TSFI>
+ <TSFI>tsfi.PermitAll</TSFI>
</test>
<test name="testRemoteUnchecked">
- <desc>Test access to a bean with a mix of remote interface permissions and unchecked permissions with the unchecked permissions declared last.</desc>
+ <desc>Test objective: Test access to a bean with a mix of remote interface permissions and unchecked permissions with the unchecked permissions declared last.
+ Expected result: echo method has to pass without exception and excluded method has to throw one.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
- <TSFI>tsfi.rmi.http</TSFI>
+ <TSFI>tsfi.RolesAllowed</TSFI>
+ <TSFI>tsfi.SecurityDomain</TSFI>
+ <TSFI>tsfi.PermitAll</TSFI>
</test>
<test name="testUnchecked">
- <desc>Test that a user with a role that has not been assigned any method permissions in the ejb-jar descriptor is able to access a method that has been marked as unchecked.</desc>
+ <desc>Test objective: Test that a user with a role that has not been assigned any method permissions in the ejb-jar descriptor is able to access a method that has been marked as unchecked.
+ Expected result: unchecked method has to pass without exception.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
- <TSFI>tsfi.rmi.http</TSFI>
+ <TSFI>tsfi.SecurityDomain</TSFI>
</test>
<test name="testUncheckedWithLogin">
- <desc>Test that a user with a valid role is able to access a bean for which all methods have been marked as unchecked.</desc>
+ <desc>Test objective: Test that a user with a valid role is able to access a bean for which all methods have been marked as unchecked.
+ Expected result: unchecked method has to pass without exception.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
- <TSFI>tsfi.rmi.http</TSFI>
+ <TSFI>tsfi.SecurityDomain</TSFI>
+ <TSFI>tsfi.PermitAll</TSFI>
</test>
<test name="testExcluded">
- <desc>Test that user scott who has the Echo role is not able to access the StatelessSession2.excluded method even though the Echo role has been granted access to all methods of StatelessSession2 to test that the excluded-list takes precendence over the method-permissions.</desc>
+ <desc>Test objective: Test that user scott who has the Echo role is not able to access the StatelessSession2.excluded method even though the Echo role has been granted access to all methods of StatelessSession2 to test that the excluded-list takes precendence over the method-permissions.
+ Expected result: Call to excluded method has to fail with exception.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
- <TSFI>tsfi.rmi.http</TSFI>
+ <TSFI>tsfi.SecurityDomain</TSFI>
+ <TSFI>tsfi.RolesAllowed</TSFI>
</test>
<test name="testRunAs">
- <desc>This method tests the following call chains:
+ <desc>Test objective: This method tests the following call chains:
1. RunAsStatelessSession.echo() -> PrivateEntity.echo()
2. RunAsStatelessSession.noop() -> RunAsStatelessSession.excluded()
3. RunAsStatelessSession.forward() -> StatelessSession.echo()
@@ -160,79 +241,77 @@
2. Should succeed because the run-as identity of RunAsStatelessSession
is valid for accessing RunAsStatelessSession.excluded().
3. Should fail because the run-as identity of RunAsStatelessSession
- is not Echo.</desc>
+ is not Echo.
+ Expected result: echo and noop methods should pass withou any exception and method forward should generate an exception.
+
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
- <TSFI>tsfi.rmi.http</TSFI>
+ <TSFI>tsfi.SecurityDomain</TSFI>
+ <TSFI>tsfi.RunAs</TSFI>
</test>
<test name="testDeepRunAs">
- <desc> This method tests the following call chain:
- Level1CallerBean.callEcho() -> Level2CallerBean.invokeEcho()
- -> Level3CalleeBean.echo()
- The Level1CallerBean uses a run-as of InternalRole and the Level2CallerBean
- and Level3CalleeBean are only accessible by InternalRole.</desc>
+ <desc>Test objective: This method tests the following call chain:
+ Level1CallerBean.callEcho() -> Level2CallerBean.invokeEcho() -> Level3CalleeBean.echo()
+ The Level1CallerBean uses a run-as of InternalRole and the Level2CallerBean
+ and Level3CalleeBean are only accessible by InternalRole.
+ Expected result: All assertions has to be fulfilled.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
- <TSFI>tsfi.rmi.http</TSFI>
+ <TSFI>tsfi.SecurityDomain</TSFI>
+ <TSFI>tsfi.RunAs</TSFI>
</test>
<test name="testRunAsSFSB">
- <desc></desc>
+ <desc>Test objective: Invoked method calls echo on a StatelessSessionLocal and asserts that the caller is in the EchoCaller role.
+ Expected result: Test has to pass without exception.
+ </desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
- <TSFI>tsfi.rmi.http</TSFI>
+ <TSFI>tsfi.RunAs</TSFI>
</test>
<test name="a1testMDBRunAs">
- <desc>Test that an MDB with a run-as identity is able to access secure EJBs that require the identity.</desc>
- <TSFI>tsfi.rmi.jrmp</TSFI>
- <TSFI>tsfi.rmi.http</TSFI>
+ <desc>Test objective: Test that an MDB with a run-as identity is able to access secure EJBs that require the identity.
+ Expected result: Message has to come through to Queue B without "Failed" indication in it.
+ </desc>
+ <TSFI>tsfi.jms</TSFI>
+ <TSFI>tsfi.RunAs</TSFI>
</test>
<test name="a1testMDBDeepRunAs">
- <desc>Test that an MDB with a run-as identity is able to access secure EJBs
- that require the identity. DeepRunAsMDB -> Level1MDBCallerBean.callEcho() ->
- Level2CallerBean.invokeEcho() -> Level3CalleeBean.echo()
- The MDB uses a run-as of InternalRole and the Level2CallerBean
- and Level3CalleeBean are only accessible by InternalRole.</desc>
- <TSFI>tsfi.rmi.jrmp</TSFI>
- <TSFI>tsfi.rmi.http</TSFI>
+ <desc>Test objective: Test that an MDB with a run-as identity is able to access secure EJBs
+ that require the identity. DeepRunAsMDB -> Level1MDBCallerBean.callEcho() ->
+ Level2CallerBean.invokeEcho() -> Level3CalleeBean.echo()
+ The MDB uses a run-as of InternalRole and the Level2CallerBean
+ and Level3CalleeBean are only accessible by InternalRole.
+ Expected result: Message has to come through to Queue B without "Failed" indication in it.
+ </desc>
+ <TSFI>tsfi.jms</TSFI>
+ <TSFI>tsfi.SecurityDomain</TSFI>
+ <TSFI>tsfi.RunAs</TSFI>
</test>
<test name="a1testRunAsWithRoles">
- <desc>This method tests that the RunAsWithRolesMDB is assigned multiple roles within its onMessage so that it can call into the ProjRepository session bean's methods that required ProjectAdmin, CreateFolder and DeleteFolder
- roles.
+ <desc>Test objective: This method tests that the RunAsWithRolesMDB is assigned multiple roles within its onMessage
+ so that it can call into the ProjRepository session bean's methods that
+ required ProjectAdmin, CreateFolder and DeleteFolder roles.
+ Expected result: Message has to come through to Queue B without "Failed" indication in it.
</desc>
<TSFI>tsfi.rmi.jrmp</TSFI>
- <TSFI>tsfi.rmi.http</TSFI>
+ <TSFI>tsfi.RunAs</TSFI>
</test>
</testCase>
<testCase name="org.jboss.ejb3.test.security.unit.ServletUnitTestCase">
- <desc>Tests of servlet container integration into the JBoss server. This test
- requires than a web container be integrated into the JBoss server. The tests
- currently do NOT use the java.net.HttpURLConnection and associated http client
- and these do not return valid HTTP error codes so if a failure occurs it
- is best to connect the webserver using a browser to look for additional error
- info.
-
- The secure access tests require a user named 'jduke' with a password of 'theduke'
- with a role of 'AuthorizedUser' in the servlet container.</desc>
+ <desc>Test objective: Tests of servlet container integration into the JBoss server. This test
+ requires than a web container be integrated into the JBoss server. The tests
+ currently do NOT use the java.net.HttpURLConnection and associated http client
+ and these do not return valid HTTP error codes so if a failure occurs it
+ is best to connect the webserver using a browser to look for additional error info.
+ </desc>
<test name="testEJBServlet">
- <desc></desc>
+ <desc>Test objective: The secure access tests require a user named 'jduke' with a password of 'theduke'
+ with a role of 'AuthorizedUser' in the servlet container.
+ Expected result: After accessing the specified URL with username and password result is HttpURLConnection.HTTP_OK.
+ </desc>
<TSFI>tsfi.http</TSFI>
- </test>
+ </test>
</testCase>
- <testCase name="org.jboss.test.security.test.ClientLoginModuleEJBUnitTestCase">
- <desc>Call BeanA using jduke/theduke
- +-- call BeanB switching idenity using ClientLoginModule
- +---- call BeanC switching idenity using ClientLoginModule
- validing the expected caller principal with different ejb method permissions</desc>
- <test name="testClientLoginModule">
- <desc></desc>
- <TSFI>???jnp.. isn't it disabled?</TSFI>
- </test>
- </testCase>
- <testCase name="">
- <desc></desc>
- <test name="">
- <desc></desc>
- <TSFI></TSFI>
- </test>
- </testCase>
</testSuite>
<!-- Standard EAP testsuite to TOE Security Interface mapping -->
@@ -1636,7 +1715,15 @@
<TSFI>???jnp.. isn't it disabled?</TSFI>
</test>
</testCase>
-
+ <testCase name="org.jboss.test.aop.test.SecurityUnitTestCase">
+ <desc></desc>
+ <test name="testAnnotated">
+ <desc>Objective: Test all annotated aspects</desc>
+ <TSFI>tsfi.Permissions</TSFI>
+ <TSFI>tsfi.Unchecked</TSFI>
+ <TSFI>tsfi.Exclude</TSFI>
+ </test>
+ </testCase>
</testSuite>
<testSuite name="JBM">
More information about the jboss-cvs-commits
mailing list