[jboss-cvs] JBossAS SVN: r104384 - in projects/ejb-book/trunk: build and 21 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Sat May 1 00:22:54 EDT 2010
Author: ALRubinger
Date: 2010-05-01 00:22:53 -0400 (Sat, 01 May 2010)
New Revision: 104384
Added:
projects/ejb-book/trunk/ch09-secureschool/
projects/ejb-book/trunk/ch09-secureschool/pom.xml
projects/ejb-book/trunk/ch09-secureschool/src/
projects/ejb-book/trunk/ch09-secureschool/src/main/
projects/ejb-book/trunk/ch09-secureschool/src/main/java/
projects/ejb-book/trunk/ch09-secureschool/src/main/java/org/
projects/ejb-book/trunk/ch09-secureschool/src/main/java/org/jboss/
projects/ejb-book/trunk/ch09-secureschool/src/main/java/org/jboss/ejb3/
projects/ejb-book/trunk/ch09-secureschool/src/main/java/org/jboss/ejb3/examples/
projects/ejb-book/trunk/ch09-secureschool/src/main/java/org/jboss/ejb3/examples/ch09/
projects/ejb-book/trunk/ch09-secureschool/src/main/java/org/jboss/ejb3/examples/ch09/secureschool/
projects/ejb-book/trunk/ch09-secureschool/src/main/java/org/jboss/ejb3/examples/ch09/secureschool/api/
projects/ejb-book/trunk/ch09-secureschool/src/main/java/org/jboss/ejb3/examples/ch09/secureschool/api/Roles.java
projects/ejb-book/trunk/ch09-secureschool/src/main/java/org/jboss/ejb3/examples/ch09/secureschool/api/SchoolClosedException.java
projects/ejb-book/trunk/ch09-secureschool/src/main/java/org/jboss/ejb3/examples/ch09/secureschool/api/SecureSchoolLocalBusiness.java
projects/ejb-book/trunk/ch09-secureschool/src/main/java/org/jboss/ejb3/examples/ch09/secureschool/impl/
projects/ejb-book/trunk/ch09-secureschool/src/main/java/org/jboss/ejb3/examples/ch09/secureschool/impl/SecureSchoolBean.java
projects/ejb-book/trunk/ch09-secureschool/src/main/resources/
projects/ejb-book/trunk/ch09-secureschool/src/test/
projects/ejb-book/trunk/ch09-secureschool/src/test/java/
projects/ejb-book/trunk/ch09-secureschool/src/test/java/org/
projects/ejb-book/trunk/ch09-secureschool/src/test/java/org/jboss/
projects/ejb-book/trunk/ch09-secureschool/src/test/java/org/jboss/ejb3/
projects/ejb-book/trunk/ch09-secureschool/src/test/java/org/jboss/ejb3/examples/
projects/ejb-book/trunk/ch09-secureschool/src/test/java/org/jboss/ejb3/examples/ch09/
projects/ejb-book/trunk/ch09-secureschool/src/test/java/org/jboss/ejb3/examples/ch09/secureschool/
projects/ejb-book/trunk/ch09-secureschool/src/test/java/org/jboss/ejb3/examples/ch09/secureschool/SecureSchoolIntegrationTest.java
projects/ejb-book/trunk/ch09-secureschool/src/test/resources/
projects/ejb-book/trunk/ch09-secureschool/src/test/resources/groups.properties
projects/ejb-book/trunk/ch09-secureschool/src/test/resources/users.properties
Modified:
projects/ejb-book/trunk/build/pom.xml
projects/ejb-book/trunk/pom.xml
Log:
[EJBBOOK-22] Add examples for Security Chapter (A secured school)
Modified: projects/ejb-book/trunk/build/pom.xml
===================================================================
--- projects/ejb-book/trunk/build/pom.xml 2010-04-30 21:19:06 UTC (rev 104383)
+++ projects/ejb-book/trunk/build/pom.xml 2010-05-01 04:22:53 UTC (rev 104384)
@@ -52,13 +52,6 @@
</plugin>
<!-- Surefire (Tests) Plugin -->
-
- <!--
- To pass JVM Arguments (ie. Remote Debugging w/ suspend), pass
- "maven.surefire.debug" as system property, ie: mvn test
- -Dmaven.surefire.debug="-Xdebug
- -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8787"
- -->
<plugin>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
Property changes on: projects/ejb-book/trunk/ch09-secureschool
___________________________________________________________________
Name: svn:ignore
+ target
.settings
.classpath
.project
Added: projects/ejb-book/trunk/ch09-secureschool/pom.xml
===================================================================
--- projects/ejb-book/trunk/ch09-secureschool/pom.xml (rev 0)
+++ projects/ejb-book/trunk/ch09-secureschool/pom.xml 2010-05-01 04:22:53 UTC (rev 104384)
@@ -0,0 +1,124 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+ <!-- Parent Information -->
+ <parent>
+ <groupId>org.jboss.ejb3.examples</groupId>
+ <artifactId>jboss-ejb3-examples-build</artifactId>
+ <version>0.0.1-SNAPSHOT</version>
+ <relativePath>../pom.xml</relativePath>
+ </parent>
+
+ <!-- Model Version -->
+ <modelVersion>4.0.0</modelVersion>
+
+ <!-- Artifact Information -->
+ <artifactId>jboss-ejb3-examples-ch09-secureschool</artifactId>
+ <name>JBoss EJB 3.x Examples - Chapter 9: SecureSchool EJBs</name>
+ <description>Example to accompany O'Reilly "Enterprise Java Beans 6th Edition" Chapter 9</description>
+
+ <!-- Build -->
+ <build>
+
+ </build>
+
+
+ <!-- Properties -->
+ <properties>
+
+ <!-- Versioning -->
+ <version.javax.inject_javax.inject>1</version.javax.inject_javax.inject>
+
+ </properties>
+
+ <!-- Dependencies -->
+ <dependencies>
+
+ <dependency>
+ <groupId>org.jboss.ejb3</groupId>
+ <artifactId>jboss-ejb3-api</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.logging</groupId>
+ <artifactId>jboss-logging-log4j</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.logging</groupId>
+ <artifactId>jboss-logging-spi</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.arquillian.container</groupId>
+ <artifactId>arquillian-openejb</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.jboss.arquillian</groupId>
+ <artifactId>arquillian-junit</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>javax.inject</groupId>
+ <artifactId>javax.inject</artifactId>
+ <version>${version.javax.inject_javax.inject}</version>
+ <scope>test</scope>
+ </dependency>
+
+ </dependencies>
+
+ <profiles>
+
+ <profile>
+
+ <!-- Declare the "Integration Test" Profile -->
+ <id>it</id>
+ <activation>
+ <activeByDefault>true</activeByDefault>
+ </activation>
+
+ <build>
+
+ <plugins>
+
+ <!--
+
+ Configure Surefire to run in integration-test phase
+ -->
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>surefire-it</id>
+ <phase>integration-test</phase>
+ <goals>
+ <goal>test</goal>
+ </goals>
+ <configuration>
+ <skip>false</skip>
+ <redirectTestOutputToFile>true</redirectTestOutputToFile>
+ <printSummary>true</printSummary>
+ <forkMode>always</forkMode>
+ <includes>
+ <include>**/*IntegrationTest.java</include>
+ </includes>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+
+ </plugins>
+
+ </build>
+
+ </profile>
+
+ </profiles>
+
+</project>
Property changes on: projects/ejb-book/trunk/ch09-secureschool/pom.xml
___________________________________________________________________
Name: svn:executable
+ *
Added: projects/ejb-book/trunk/ch09-secureschool/src/main/java/org/jboss/ejb3/examples/ch09/secureschool/api/Roles.java
===================================================================
--- projects/ejb-book/trunk/ch09-secureschool/src/main/java/org/jboss/ejb3/examples/ch09/secureschool/api/Roles.java (rev 0)
+++ projects/ejb-book/trunk/ch09-secureschool/src/main/java/org/jboss/ejb3/examples/ch09/secureschool/api/Roles.java 2010-05-01 04:22:53 UTC (rev 104384)
@@ -0,0 +1,57 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ejb3.examples.ch09.secureschool.api;
+
+/**
+ * Holds the list of roles with which users of the school
+ * may be affiliated. EJB Security is role-based, so this
+ * is how we'll determine access.
+ *
+ * @author <a href="mailto:andrew.rubinger at jboss.org">ALR</a>
+ * @version $Revision: $
+ */
+public interface Roles
+{
+ // ---------------------------------------------------------------------------||
+ // Constants -----------------------------------------------------------------||
+ // ---------------------------------------------------------------------------||
+
+ /*
+ * Roles of callers to the system
+ */
+
+ /**
+ * Role denoting the user is a school administrator
+ */
+ String ADMIN = "Administrator";
+
+ /**
+ * Role denoting the user is a student
+ */
+ String STUDENT = "Student";
+
+ /**
+ * Role denoting the user is a janitor
+ */
+ String JANITOR = "Janitor";
+
+}
Added: projects/ejb-book/trunk/ch09-secureschool/src/main/java/org/jboss/ejb3/examples/ch09/secureschool/api/SchoolClosedException.java
===================================================================
--- projects/ejb-book/trunk/ch09-secureschool/src/main/java/org/jboss/ejb3/examples/ch09/secureschool/api/SchoolClosedException.java (rev 0)
+++ projects/ejb-book/trunk/ch09-secureschool/src/main/java/org/jboss/ejb3/examples/ch09/secureschool/api/SchoolClosedException.java 2010-05-01 04:22:53 UTC (rev 104384)
@@ -0,0 +1,80 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ejb3.examples.ch09.secureschool.api;
+
+import javax.ejb.ApplicationException;
+import javax.ejb.EJBAccessException;
+
+/**
+ * Thrown when a user in role other than {@link Roles#ADMIN}
+ * attempts to open the front door to school while it's closed
+ *
+ * @author <a href="mailto:andrew.rubinger at jboss.org">ALR</a>
+ * @version $Revision: $
+ */
+ at ApplicationException(rollback = true)
+// So this isn't wrapped in EJBException
+public class SchoolClosedException extends EJBAccessException
+{
+ //-------------------------------------------------------------------------------------||
+ // Class Members ----------------------------------------------------------------------||
+ //-------------------------------------------------------------------------------------||
+
+ /**
+ * serialVersionUID
+ */
+ private static final long serialVersionUID = 1L;
+
+ //-------------------------------------------------------------------------------------||
+ // Constructor ------------------------------------------------------------------------||
+ //-------------------------------------------------------------------------------------||
+
+ /**
+ * Constructs a new exception
+ */
+ private SchoolClosedException(final String message)
+ {
+ super(message);
+ }
+
+ //-------------------------------------------------------------------------------------||
+ // Factory ----------------------------------------------------------------------------||
+ //-------------------------------------------------------------------------------------||
+
+ /**
+ * Constructs a new exception with the specified, required message
+ * @param message
+ * @throws IllegalArgumentException If the message is not specified
+ */
+ public static SchoolClosedException newInstance(final String message) throws IllegalArgumentException
+ {
+ // Precondition checks
+ if (message == null)
+ {
+ throw new IllegalArgumentException("message must be specified");
+ }
+
+ // Return
+ return new SchoolClosedException(message);
+ }
+
+}
Added: projects/ejb-book/trunk/ch09-secureschool/src/main/java/org/jboss/ejb3/examples/ch09/secureschool/api/SecureSchoolLocalBusiness.java
===================================================================
--- projects/ejb-book/trunk/ch09-secureschool/src/main/java/org/jboss/ejb3/examples/ch09/secureschool/api/SecureSchoolLocalBusiness.java (rev 0)
+++ projects/ejb-book/trunk/ch09-secureschool/src/main/java/org/jboss/ejb3/examples/ch09/secureschool/api/SecureSchoolLocalBusiness.java 2010-05-01 04:22:53 UTC (rev 104384)
@@ -0,0 +1,77 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ejb3.examples.ch09.secureschool.api;
+
+/**
+ * Represents a school holding doors which may be
+ * opened by various users. Using the EJB Security model,
+ * access to open a particular door may be blocked
+ * to certain users.
+ *
+ * @author <a href="mailto:andrew.rubinger at jboss.org">ALR</a>
+ * @version $Revision: $
+ */
+public interface SecureSchoolLocalBusiness
+{
+ // ---------------------------------------------------------------------------||
+ // Contracts -----------------------------------------------------------------||
+ // ---------------------------------------------------------------------------||
+
+ /**
+ * Closes the school for business. At this point the
+ * front door will be unlocked for all.
+ * This method may only be called by users in role
+ * {@link Roles#ADMIN}.
+ */
+ void open();
+
+ /**
+ * Closes the school for business. At this point the
+ * front door will be locked for all but users
+ * in role {@link Roles#ADMIN}
+ * This method may only be called by admins.
+ */
+ void close();
+
+ /**
+ * Opens the front door. While school is open,
+ * any authenticated user may open the door, else
+ * only the {@link Roles#ADMIN} may open.
+ */
+ void openFrontDoor();
+
+ /**
+ * Opens the service door. Users in {@link Roles#STUDENT}
+ * role may not open this door, but {@link Roles#ADMIN}
+ * and {@link Roles#JANITOR} may.
+ */
+ void openServiceDoor();
+
+ /**
+ * Returns whether or not the school is open. When closed, only
+ * the {@link Roles#ADMIN} is allowed access to all doors. Anyone,
+ * even unauthenticated users, may check if school is open.
+ * @return
+ */
+ boolean isOpen();
+
+}
Added: projects/ejb-book/trunk/ch09-secureschool/src/main/java/org/jboss/ejb3/examples/ch09/secureschool/impl/SecureSchoolBean.java
===================================================================
--- projects/ejb-book/trunk/ch09-secureschool/src/main/java/org/jboss/ejb3/examples/ch09/secureschool/impl/SecureSchoolBean.java (rev 0)
+++ projects/ejb-book/trunk/ch09-secureschool/src/main/java/org/jboss/ejb3/examples/ch09/secureschool/impl/SecureSchoolBean.java 2010-05-01 04:22:53 UTC (rev 104384)
@@ -0,0 +1,173 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ejb3.examples.ch09.secureschool.impl;
+
+import java.util.logging.Logger;
+
+import javax.annotation.PostConstruct;
+import javax.annotation.Resource;
+import javax.annotation.security.DeclareRoles;
+import javax.annotation.security.PermitAll;
+import javax.annotation.security.RolesAllowed;
+import javax.ejb.Local;
+import javax.ejb.SessionContext;
+import javax.ejb.Singleton;
+import javax.ejb.Startup;
+
+import org.jboss.ejb3.examples.ch09.secureschool.api.Roles;
+import org.jboss.ejb3.examples.ch09.secureschool.api.SchoolClosedException;
+import org.jboss.ejb3.examples.ch09.secureschool.api.SecureSchoolLocalBusiness;
+
+/**
+ * A secure school which may block requests to
+ * open doors depending upon the EJB Security
+ * model's configuration
+ *
+ * @author <a href="mailto:andrew.rubinger at jboss.org">ALR</a>
+ * @version $Revision: $
+ */
+ at Singleton
+ at Local(SecureSchoolLocalBusiness.class)
+// Declare the roles in the system
+ at DeclareRoles(
+{Roles.ADMIN, Roles.STUDENT, Roles.JANITOR})
+// By default allow no one access, we'll enable access at a finer-grained level
+ at RolesAllowed(
+{})
+ at Startup
+public class SecureSchoolBean implements SecureSchoolLocalBusiness
+{
+
+ //-------------------------------------------------------------------------------------||
+ // Class Members ----------------------------------------------------------------------||
+ //-------------------------------------------------------------------------------------||
+
+ /**
+ * Logger
+ */
+ private static final Logger log = Logger.getLogger(SecureSchoolBean.class.getName());
+
+ //-------------------------------------------------------------------------------------||
+ // Instance Members -------------------------------------------------------------------||
+ //-------------------------------------------------------------------------------------||
+
+ /**
+ * Whether or not the school is open
+ */
+ private boolean open;
+
+ /**
+ * Hook to the container to get security information
+ */
+ @Resource
+ private SessionContext context;
+
+ //-------------------------------------------------------------------------------------||
+ // Required Implementations -----------------------------------------------------------||
+ //-------------------------------------------------------------------------------------||
+
+ /**
+ * {@inheritDoc}
+ * @see org.jboss.ejb3.examples.ch09.secureschool.api.SecureSchoolLocalBusiness#openFrontDoor()
+ */
+ // Give everyone access to this method, we may restrict them later
+ @RolesAllowed(
+ {Roles.ADMIN, Roles.STUDENT, Roles.JANITOR})
+ @Override
+ public void openFrontDoor()
+ {
+ // If we've reached this point, EJB security has let us through. However,
+ // we may want to apply some contextual rules. Because EJB security is
+ // declarative at the method level, we use the API to enforce specific logic.
+
+ // Get the caller
+ final String callerName = context.getCallerPrincipal().getName();
+
+ // Ensure the school is open
+ if (!open)
+ {
+ // School's closed, so only let admins open the door
+ if (!context.isCallerInRole(Roles.ADMIN))
+ {
+ // Kick 'em out
+ throw SchoolClosedException
+ .newInstance("Attempt to open the front door after hours is prohibited to all but admins, denied to: "
+ + callerName);
+ }
+ }
+
+ // Log
+ log.info("Opening front door for: " + callerName);
+ }
+
+ /**
+ * {@inheritDoc}
+ * @see org.jboss.ejb3.examples.ch09.secureschool.api.SecureSchoolLocalBusiness#openServiceDoor()
+ */
+ @RolesAllowed(
+ {Roles.ADMIN, Roles.JANITOR})
+ // Students cannot open this door
+ @Override
+ public void openServiceDoor()
+ {
+ log.info("Opening service door for: " + context.getCallerPrincipal().getName());
+ }
+
+ /**
+ * {@inheritDoc}
+ * @see org.jboss.ejb3.examples.ch09.secureschool.api.SecureSchoolLocalBusiness#close()
+ */
+ @RolesAllowed(Roles.ADMIN)
+ // Only let admins open and close the school
+ @Override
+ public void close()
+ {
+ this.open = false;
+
+ }
+
+ /**
+ * {@inheritDoc}
+ * @see org.jboss.ejb3.examples.ch09.secureschool.api.SecureSchoolLocalBusiness#open()
+ */
+ @Override
+ @PostConstruct
+ // School is open when created
+ @RolesAllowed(Roles.ADMIN)
+ // Only let admins open and close the school
+ public void open()
+ {
+ this.open = true;
+ }
+
+ /**
+ * {@inheritDoc}
+ * @see org.jboss.ejb3.examples.ch09.secureschool.api.SecureSchoolLocalBusiness#isOpen()
+ */
+ @Override
+ @PermitAll
+ // Anyone can check if school is open
+ public boolean isOpen()
+ {
+ return open;
+ }
+}
Added: projects/ejb-book/trunk/ch09-secureschool/src/test/java/org/jboss/ejb3/examples/ch09/secureschool/SecureSchoolIntegrationTest.java
===================================================================
--- projects/ejb-book/trunk/ch09-secureschool/src/test/java/org/jboss/ejb3/examples/ch09/secureschool/SecureSchoolIntegrationTest.java (rev 0)
+++ projects/ejb-book/trunk/ch09-secureschool/src/test/java/org/jboss/ejb3/examples/ch09/secureschool/SecureSchoolIntegrationTest.java 2010-05-01 04:22:53 UTC (rev 104384)
@@ -0,0 +1,448 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2010, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ejb3.examples.ch09.secureschool;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.concurrent.Callable;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import java.util.concurrent.Future;
+import java.util.logging.Logger;
+
+import javax.ejb.EJB;
+import javax.ejb.EJBAccessException;
+import javax.ejb.SessionContext;
+import javax.inject.Inject;
+import javax.naming.Context;
+import javax.naming.NamingException;
+
+import org.jboss.arquillian.api.Deployment;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.arquillian.prototyping.context.api.ArquillianContext;
+import org.jboss.ejb3.examples.ch09.secureschool.api.SchoolClosedException;
+import org.jboss.ejb3.examples.ch09.secureschool.api.SecureSchoolLocalBusiness;
+import org.jboss.ejb3.examples.ch09.secureschool.impl.SecureSchoolBean;
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.spec.JavaArchive;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+/**
+ * Test Cases to ensure the SecureSchoolEJB
+ * is working as contracted with regards to
+ * its security model.
+ *
+ * @author <a href="mailto:andrew.rubinger at jboss.org">ALR</a>
+ * @version $Revision: $
+ */
+ at RunWith(Arquillian.class)
+public class SecureSchoolIntegrationTest
+{
+
+ //-------------------------------------------------------------------------------------||
+ // Class Members ----------------------------------------------------------------------||
+ //-------------------------------------------------------------------------------------||
+
+ /**
+ * Logger
+ */
+ private static final Logger log = Logger.getLogger(SecureSchoolIntegrationTest.class.getName());
+
+ /**
+ * The EJB JAR to be deployed into the server
+ * @return
+ */
+ @Deployment
+ public static JavaArchive getDeployment()
+ {
+ final JavaArchive archive = ShrinkWrap.create("secureSchool.jar", JavaArchive.class).addPackages(false,
+ SecureSchoolLocalBusiness.class.getPackage(), SecureSchoolBean.class.getPackage());
+ log.info(archive.toString(true));
+ return archive;
+ }
+
+ /**
+ * Name of a role with "Administrator" role
+ */
+ private static String USER_NAME_ADMIN = "admin";
+
+ /**
+ * Password for the "admin" user
+ */
+ private static String PASSWORD_ADMIN = "adminPassword";
+
+ /**
+ * Name of a role with "Student" role
+ */
+ private static String USER_NAME_STUDENT = "student";
+
+ /**
+ * Password for the "student" user
+ */
+ private static String PASSWORD_STUDENT = "studentPassword";
+
+ /**
+ * Name of a role with "Janitor" role
+ */
+ private static String USER_NAME_JANITOR = "janitor";
+
+ /**
+ * Password for the "admin" user
+ */
+ private static String PASSWORD_JANITOR = "janitorPassword";
+
+ /**
+ * JNDI Name at which we'll look up the EJB
+ */
+ //TODO Would be great to wire up Arquillian to use a supplied JNDI Context (with login properties) to inject the EJB
+ private static final String JNDI_NAME_EJB = "SecureSchoolBeanLocal";
+
+ //-------------------------------------------------------------------------------------||
+ // Instance Members -------------------------------------------------------------------||
+ //-------------------------------------------------------------------------------------||
+
+ /**
+ * Hook to Arquillian so we can create new JNDI Contexts using supplied properties
+ */
+ @Inject
+ private ArquillianContext arquillianContext;
+
+ /**
+ * EJB proxy injected without any explicit login or authetication/authorization.
+ * Behind the scenes, Arquillian is using a default JNDI Context without any
+ * login properties to inject the proxy into this target.
+ */
+ @EJB
+ private SecureSchoolLocalBusiness unauthenticatedEjbReference;
+
+ //-------------------------------------------------------------------------------------||
+ // Tests ------------------------------------------------------------------------------||
+ //-------------------------------------------------------------------------------------||
+
+ /**
+ * Ensures that an unauthenticated user cannot open the front door
+ */
+ @Test(expected = EJBAccessException.class)
+ public void unauthenticatedUserCannotOpenFrontDoor() throws NamingException
+ {
+
+ // Try to open the front door before we've authenticated; should fail
+ unauthenticatedEjbReference.openFrontDoor();
+ }
+
+ /**
+ * Ensures that the "student" user can open the front door
+ */
+ @Test
+ public void studentCanOpenFrontDoor() throws NamingException
+ {
+
+ /*
+ * This login and lookup code is specific to OpenEJB container
+ */
+
+ // Log in via JNDI as "student" user
+ final Context context = this.login(USER_NAME_STUDENT, PASSWORD_STUDENT);
+
+ try
+ {
+ // Get
+ final SecureSchoolLocalBusiness school = this.getEjb(context);
+
+ // Invoke (should succeed, not fail with unauthorized errors)
+ school.openFrontDoor();
+ }
+ finally
+ {
+ // Clean up, closing the context to log out
+ context.close();
+ }
+ }
+
+ /**
+ * Ensures that the "janitor" user can open the service door
+ */
+ @Test
+ public void janitorCanOpenServiceDoor() throws NamingException
+ {
+
+ /*
+ * This login and lookup code is specific to OpenEJB container
+ */
+
+ // Log in via JNDI as "janitor" user
+ final Context context = this.login(USER_NAME_JANITOR, PASSWORD_JANITOR);
+
+ try
+ {
+ // Get
+ final SecureSchoolLocalBusiness school = this.getEjb(context);
+
+ // Invoke (should succeed, not fail with unauthorized errors)
+ school.openServiceDoor();
+ }
+ finally
+ {
+ // Clean up, closing the context to log out
+ context.close();
+ }
+ }
+
+ /**
+ * Ensures that the "student" user cannot open the service door
+ */
+ @Test(expected = EJBAccessException.class)
+ public void studentCannotOpenServiceDoor() throws NamingException
+ {
+
+ /*
+ * This login and lookup code is specific to OpenEJB container
+ */
+
+ // Log in via JNDI as "student" user
+ final Context context = this.login(USER_NAME_STUDENT, PASSWORD_STUDENT);
+
+ try
+ {
+ // Get
+ final SecureSchoolLocalBusiness school = this.getEjb(context);
+
+ // Invoke (should fail)
+ school.openServiceDoor();
+ }
+ finally
+ {
+ // Clean up, closing the context to log out
+ context.close();
+ }
+ }
+
+ /**
+ * Ensures that the "student" user cannot close the school (and go home early ;) )
+ */
+ @Test(expected = EJBAccessException.class)
+ public void studentCannotCloseSchool() throws NamingException
+ {
+
+ /*
+ * This login and lookup code is specific to OpenEJB container
+ */
+
+ // Log in via JNDI as "student" user
+ final Context context = this.login(USER_NAME_STUDENT, PASSWORD_STUDENT);
+
+ try
+ {
+ // Get
+ final SecureSchoolLocalBusiness school = this.getEjb(context);
+
+ // Invoke (should fail)
+ school.close();
+ }
+ finally
+ {
+ // Clean up, closing the context to log out
+ context.close();
+ }
+ }
+
+ /**
+ * Ensures that the "admin" user can close the school
+ */
+ @Test
+ public void adminCanCloseSchool() throws NamingException
+ {
+
+ /*
+ * This login and lookup code is specific to OpenEJB container
+ */
+
+ // Log in via JNDI as "admin" user
+ final Context context = this.login(USER_NAME_ADMIN, PASSWORD_ADMIN);
+
+ try
+ {
+ // Get
+ final SecureSchoolLocalBusiness school = this.getEjb(context);
+
+ // Invoke (should succeed)
+ school.close();
+
+ // Test
+ Assert.assertFalse("School should now be closed", school.isOpen());
+
+ // Reset the school to open for subsequent tests
+ school.open();
+
+ // Test
+ Assert.assertTrue("School should now be open", school.isOpen());
+ }
+ finally
+ {
+ // Clean up, closing the context to log out
+ context.close();
+ }
+ }
+
+ /**
+ * Ensures that an unauthenticated user can check if a school is open
+ */
+ @Test
+ public void unauthenticatedUserCanCheckIfSchoolIsOpen()
+ {
+
+ // See if school is open
+ Assert.assertTrue("Unauthenticated user should see that school is open", unauthenticatedEjbReference.isOpen());
+ }
+
+ /**
+ * Ensures that a student cannot open the front door
+ * when school is closed; tests programmatic security via
+ * {@link SessionContext} in the implementation class
+ */
+ @Test(expected = SchoolClosedException.class)
+ public void studentCannotOpenFrontDoorsWhenSchoolIsClosed() throws Throwable
+ {
+ /*
+ * This login and lookup code is specific to OpenEJB container
+ */
+
+ try
+ {
+ // Log in via JNDI as "admin" user
+ final Context context = this.login(USER_NAME_ADMIN, PASSWORD_ADMIN);
+
+ // Get
+ final SecureSchoolLocalBusiness school = this.getEjb(context);
+
+ // Close the school
+ school.close();
+
+ // Log out
+ context.close();
+
+ // Test that we're closed
+ Assert.assertFalse("School should now be closed", school.isOpen());
+
+ // Now try to open the front doors as a student. We do this in another Thread
+ // because OpenEJB will associate the security context with this
+ // Thread to "admin" (from above)
+ final Callable<Void> studentOpenDoorTask = new Callable<Void>()
+ {
+
+ @Override
+ public Void call() throws Exception
+ {
+ // Log in via JNDI as "student" user
+ final Context context = SecureSchoolIntegrationTest.this.login(USER_NAME_STUDENT, PASSWORD_STUDENT);
+
+ try
+ {
+ // Get
+ final SecureSchoolLocalBusiness school = SecureSchoolIntegrationTest.this.getEjb(context);
+
+ // Try to open the door (should fail)
+ school.openFrontDoor();
+
+ // Return
+ return null;
+ }
+ finally
+ {
+ context.close();
+ }
+ }
+ };
+ final ExecutorService service = Executors.newSingleThreadExecutor();
+ final Future<Void> future = service.submit(studentOpenDoorTask);
+ try
+ {
+ future.get();// Should fail here
+ }
+ catch (final ExecutionException ee)
+ {
+
+ // Unwrap, should throw SchoolClosedException
+ throw ee.getCause();
+ }
+
+ }
+ finally
+ {
+ // Cleanup and open the school for other tests
+ final Context context = this.login(USER_NAME_ADMIN, PASSWORD_ADMIN);
+ final SecureSchoolLocalBusiness school = this.getEjb(context);
+
+ // Reset the school to open for subsequent tests
+ school.open();
+
+ // Test
+ Assert.assertTrue("School should now be open", school.isOpen());
+
+ // Clean up, closing the context to log out
+ context.close();
+
+ }
+ }
+
+ //-------------------------------------------------------------------------------------||
+ // Internal Helper Methods ------------------------------------------------------------||
+ //-------------------------------------------------------------------------------------||
+
+ /**
+ * Logs in to JNDI (and by extension, the EJB security system)
+ * with the specified username and password. This mechanism is
+ * specific to the OpenEJB container.
+ */
+ private Context login(final String username, final String password)
+ {
+ // Precondition checks
+ assert username != null : "username must be supplied";
+ assert password != null : "password must be supplied";
+
+ // Log in and create a context
+ final Map<String, Object> namingContextProps = new HashMap<String, Object>();
+ namingContextProps.put(Context.SECURITY_PRINCIPAL, username);
+ namingContextProps.put(Context.SECURITY_CREDENTIALS, password);
+ final Context context = arquillianContext.get(Context.class, namingContextProps);
+
+ // Return
+ return context;
+ }
+
+ /**
+ * Obtains a proxy to the EJB via the specified JNDI Context (through
+ * which the user may have authenticated)
+ * @param context
+ * @return
+ * @throws NamingException
+ */
+ private SecureSchoolLocalBusiness getEjb(final Context context) throws NamingException
+ {
+ // Look up in JNDI specific to OpenEJB
+ //TODO Use Global JNDI
+ return (SecureSchoolLocalBusiness) context.lookup(JNDI_NAME_EJB);
+ }
+}
Added: projects/ejb-book/trunk/ch09-secureschool/src/test/resources/groups.properties
===================================================================
--- projects/ejb-book/trunk/ch09-secureschool/src/test/resources/groups.properties (rev 0)
+++ projects/ejb-book/trunk/ch09-secureschool/src/test/resources/groups.properties 2010-05-01 04:22:53 UTC (rev 104384)
@@ -0,0 +1,5 @@
+# OpenEJB Roles Configuration
+# Format: Role=Username
+Administrator=admin
+Janitor=janitor
+Student=student
\ No newline at end of file
Added: projects/ejb-book/trunk/ch09-secureschool/src/test/resources/users.properties
===================================================================
--- projects/ejb-book/trunk/ch09-secureschool/src/test/resources/users.properties (rev 0)
+++ projects/ejb-book/trunk/ch09-secureschool/src/test/resources/users.properties 2010-05-01 04:22:53 UTC (rev 104384)
@@ -0,0 +1,5 @@
+# OpenEJB Users Configuration
+# Format: Username=Password
+admin=adminPassword
+student=studentPassword
+janitor=janitorPassword
\ No newline at end of file
Modified: projects/ejb-book/trunk/pom.xml
===================================================================
--- projects/ejb-book/trunk/pom.xml 2010-04-30 21:19:06 UTC (rev 104383)
+++ projects/ejb-book/trunk/pom.xml 2010-05-01 04:22:53 UTC (rev 104384)
@@ -21,6 +21,7 @@
<module>ch07-rsscache</module>
<module>ch08-statusupdate</module>
<module>ch08-messagedestinationlink</module>
+ <module>ch09-secureschool</module>
<module>chxx-interceptors</module>
</modules>
More information about the jboss-cvs-commits
mailing list