Add test coverage for multiple instances of build-in mechanisms

Signed-off-by: Arjan Tijms <arjan.tijms@omnifish.ee>
jakartaee · Feb 26, 2024 · fc7b796 · fc7b796
1 parent 9116f6f
commit fc7b796
Show file tree

Hide file tree

Showing 10 changed files with 662 additions and 0 deletions.
diff --git a/tck/app-custom-authentication-mechanism-handler2/pom.xml b/tck/app-custom-authentication-mechanism-handler2/pom.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    Copyright (c) 2024 Contributors to the Eclipse Foundation.
+
+    This program and the accompanying materials are made available under the
+    terms of the Eclipse Public License v. 2.0, which is available at
+    http://www.eclipse.org/legal/epl-2.0.
+
+    This Source Code may also be made available under the following Secondary
+    Licenses when the conditions for such availability set forth in the
+    Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+    version 2 with the GNU Classpath Exception, which is available at
+    https://www.gnu.org/software/classpath/license.html.
+
+    SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+
+	<parent>
+		<groupId>org.eclipse.ee4j.security.tck</groupId>
+		<artifactId>jakarta-security-tck</artifactId>
+		<version>4.0.0-SNAPSHOT</version>
+	</parent>
+
+	<artifactId>app-custom-authentication-mechanism-handler2</artifactId>
+	<packaging>war</packaging>
+
+	<properties>
+        <failOnMissingWebXml>false</failOnMissingWebXml>
+    </properties>
+
+	<dependencies>
+        <dependency>
+            <groupId>org.eclipse.ee4j.security.tck</groupId>
+            <artifactId>common</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+    </dependencies>
+
+	<build>
+        <finalName>app-custom-authentication-mechanism-handler</finalName>
+	</build>
+</project>
diff --git a/...sm-handler2/src/main/java/ee/jakarta/tck/security/test/BasicAuthenticationMechanism2.java b/...sm-handler2/src/main/java/ee/jakarta/tck/security/test/BasicAuthenticationMechanism2.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2024 Contributors to the Eclipse Foundation.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package ee.jakarta.tck.security.test;
+
+import static java.lang.annotation.ElementType.FIELD;
+import static java.lang.annotation.ElementType.METHOD;
+import static java.lang.annotation.ElementType.PARAMETER;
+import static java.lang.annotation.ElementType.TYPE;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+import jakarta.enterprise.util.AnnotationLiteral;
+import jakarta.inject.Qualifier;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+@Qualifier
+@Retention(RUNTIME)
+@Target({ FIELD, METHOD, TYPE, PARAMETER })
+public @interface BasicAuthenticationMechanism2 {
+
+    /**
+     * Supports inline instantiation of the {@link BasicAuthenticationMechanism2} qualifier.
+     *
+     * @since 4.0
+     */
+    public static final class Literal extends AnnotationLiteral<BasicAuthenticationMechanism2> implements BasicAuthenticationMechanism2 {
+        private static final long serialVersionUID = 1L;
+
+        /**
+         * Instance of the {@link BasicAuthenticationMechanism2} qualifier.
+         */
+        public static final Literal INSTANCE = new Literal();
+    }
+
+}
diff --git a/...sm-handler2/src/main/java/ee/jakarta/tck/security/test/BasicAuthenticationMechanism3.java b/...sm-handler2/src/main/java/ee/jakarta/tck/security/test/BasicAuthenticationMechanism3.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2024 Contributors to the Eclipse Foundation.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+package ee.jakarta.tck.security.test;
+
+import static java.lang.annotation.ElementType.FIELD;
+import static java.lang.annotation.ElementType.METHOD;
+import static java.lang.annotation.ElementType.PARAMETER;
+import static java.lang.annotation.ElementType.TYPE;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+import jakarta.enterprise.util.AnnotationLiteral;
+import jakarta.inject.Qualifier;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+@Qualifier
+@Retention(RUNTIME)
+@Target({ FIELD, METHOD, TYPE, PARAMETER })
+public @interface BasicAuthenticationMechanism3 {
+
+    /**
+     * Supports inline instantiation of the {@link BasicAuthenticationMechanism3} qualifier.
+     *
+     * @since 4.0
+     */
+    public static final class Literal extends AnnotationLiteral<BasicAuthenticationMechanism3> implements BasicAuthenticationMechanism3 {
+        private static final long serialVersionUID = 1L;
+
+        /**
+         * Instance of the {@link BasicAuthenticationMechanism3} qualifier.
+         */
+        public static final Literal INSTANCE = new Literal();
+    }
+
+}
diff --git a/...ler2/src/main/java/ee/jakarta/tck/security/test/CustomAuthenticationMechanismHandler.java b/...ler2/src/main/java/ee/jakarta/tck/security/test/CustomAuthenticationMechanismHandler.java
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) 2024 Contributors to the Eclipse Foundation.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+package ee.jakarta.tck.security.test;
+
+import static jakarta.interceptor.Interceptor.Priority.APPLICATION;
+
+import jakarta.annotation.Priority;
+import jakarta.enterprise.context.ApplicationScoped;
+import jakarta.enterprise.inject.Alternative;
+import jakarta.inject.Inject;
+import jakarta.security.enterprise.AuthenticationException;
+import jakarta.security.enterprise.AuthenticationStatus;
+import jakarta.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition;
+import jakarta.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition.BasicAuthenticationMechanism;
+import jakarta.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
+import jakarta.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanismHandler;
+import jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+/**
+ * This HttpAuthenticationMechanismHandler overrides the default provided one and delegates
+ * requests to three individual authentication mechanisms depending on the request path.
+ *
+ * <p>
+ * This tests asserts the ability to define multiple beans using
+ * a {@code ...Definition} annotation. It specifically asserts that
+ * those can come from a repeatable annotation ("realm2" and "realm3")
+ * and that those can be combined with one defined elsewhere ("realm1").
+ *
+ */
+@BasicAuthenticationMechanismDefinition(
+    realmName="realm2",
+    qualifiers = { BasicAuthenticationMechanism2.class}
+)
+
+@BasicAuthenticationMechanismDefinition(
+    realmName="realm3",
+    qualifiers = { BasicAuthenticationMechanism3.class}
+)
+
+@Alternative
+@Priority(APPLICATION)
+@ApplicationScoped
+public class CustomAuthenticationMechanismHandler implements HttpAuthenticationMechanismHandler {
+
+    @Inject
+    @BasicAuthenticationMechanism
+    HttpAuthenticationMechanism authenticationMechanism1;
+
+    @Inject
+    @BasicAuthenticationMechanism2
+    HttpAuthenticationMechanism authenticationMechanism2;
+
+    @Inject
+    @BasicAuthenticationMechanism3
+    HttpAuthenticationMechanism authenticationMechanism3;
+
+    @Override
+    public AuthenticationStatus validateRequest(HttpServletRequest request, HttpServletResponse response,
+            HttpMessageContext httpMessageContext) throws AuthenticationException {
+
+        if (getRequestRelativeURI(request).startsWith("/protectedServlet1")) {
+            return authenticationMechanism1.validateRequest(request, response, httpMessageContext);
+        }
+
+        if (getRequestRelativeURI(request).startsWith("/protectedServlet2")) {
+            return authenticationMechanism2.validateRequest(request, response, httpMessageContext);
+        }
+
+        return authenticationMechanism3.validateRequest(request, response, httpMessageContext);
+    }
+
+    public static String getRequestRelativeURI(HttpServletRequest request) {
+        return request.getRequestURI().substring(request.getContextPath().length());
+    }
+
+}
diff --git a/...tion-mechanism-handler2/src/main/java/ee/jakarta/tck/security/test/ProtectedServlet1.java b/...tion-mechanism-handler2/src/main/java/ee/jakarta/tck/security/test/ProtectedServlet1.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright (c) 2024 Contributors to the Eclipse Foundation.
+ * Copyright (c) 2015, 2020 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package ee.jakarta.tck.security.test;
+
+import jakarta.annotation.security.DeclareRoles;
+import jakarta.inject.Inject;
+import jakarta.security.enterprise.SecurityContext;
+import jakarta.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.annotation.HttpConstraint;
+import jakarta.servlet.annotation.ServletSecurity;
+import jakarta.servlet.annotation.WebServlet;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * Test Servlet that prints out the name of the authenticated caller and whether
+ * this caller is in any of the roles {foo, bar, kaz}
+ *
+ */
+@BasicAuthenticationMechanismDefinition(
+    realmName="realm1"
+)
+@WebServlet("/protectedServlet1")
+@ServletSecurity(@HttpConstraint(rolesAllowed = "foo"))
+@DeclareRoles({"bar", "kaz"})
+public class ProtectedServlet1 extends HttpServlet {
+
+    private static final long serialVersionUID = 1L;
+
+    @Inject
+    private SecurityContext securityContext;
+
+    @Override
+    public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+
+        response.getWriter().write("This is a servlet \n");
+
+        String webName = null;
+        if (request.getUserPrincipal() != null) {
+            webName = request.getUserPrincipal().getName();
+        }
+
+        response.getWriter().write("web username: " + webName + "\n");
+
+        response.getWriter().write("web user has role \"foo\": " + request.isUserInRole("foo") + "\n");
+        response.getWriter().write("web user has role \"bar\": " + request.isUserInRole("bar") + "\n");
+        response.getWriter().write("web user has role \"kaz\": " + request.isUserInRole("kaz") + "\n");
+
+        String contextName = null;
+        if (securityContext.getCallerPrincipal() != null) {
+            contextName = securityContext.getCallerPrincipal().getName();
+        }
+
+        response.getWriter().write("context username: " + contextName + "\n");
+
+        response.getWriter().write("context user has role \"foo\": " + securityContext.isCallerInRole("foo") + "\n");
+        response.getWriter().write("context user has role \"bar\": " + securityContext.isCallerInRole("bar") + "\n");
+        response.getWriter().write("context user has role \"kaz\": " + securityContext.isCallerInRole("kaz") + "\n");
+
+        response.getWriter().write("has access " + securityContext.hasAccessToWebResource("/servlets"));
+
+    }
+
+}