Fixed many issues in the Servlet security tests

Author: arjantijms

pom.xml

@@ -472,6 +472,16 @@
                 </dependency>
             </dependencies>
             <build>
+            	 <plugins>
+                    <plugin>
+                        <artifactId>maven-surefire-plugin</artifactId>
+                        <configuration>
+                            <systemPropertyVariables>
+                                <javaEEServer>payara-remote</javaEEServer>
+                            </systemPropertyVariables>
+                        </configuration>
+                    </plugin>
+                   </plugins>
                 <testResources>
                     <testResource>
                         <directory>src/test/resources</directory>

servlet/async-servlet/pom.xml

@@ -1,16 +1,16 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-    <modelVersion>4.0.0</modelVersion>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
 
-    <parent>
-        <groupId>org.javaee7</groupId>
-        <artifactId>servlet</artifactId>
-        <version>1.0-SNAPSHOT</version>
-        <relativePath>../pom.xml</relativePath>
-  </parent>
-    <groupId>org.javaee7</groupId>
-    <artifactId>servlet-async-servlet</artifactId>
-    <version>1.0-SNAPSHOT</version>
-    <packaging>war</packaging>
-    <name>Java EE 7 Sample: servlet - async-servlet</name>
+	<parent>
+		<groupId>org.javaee7</groupId>
+		<artifactId>servlet</artifactId>
+		<version>1.0-SNAPSHOT</version>
+	</parent>
+	
+	<artifactId>servlet-async-servlet</artifactId>
+	<packaging>war</packaging>
+	
+	<name>Java EE 7 Sample: servlet - async-servlet</name>
 </project>

servlet/pom.xml

@@ -6,34 +6,35 @@
         <groupId>org.javaee7</groupId>
         <artifactId>samples-parent</artifactId>
         <version>1.0-SNAPSHOT</version>
-        <relativePath>../pom.xml</relativePath>
     </parent>
-    <groupId>org.javaee7</groupId>
+    
     <artifactId>servlet</artifactId>
     <packaging>pom</packaging>
+    
     <name>Java EE 7 Sample: servlet</name>
 
     <modules>
-        <module>cookies</module>
+    	<module>simple-servlet</module>
         <module>async-servlet</module>
+        <module>servlet-filters</module>
+        <module>cookies</module>
         <module>error-mapping</module>
         <module>event-listeners</module>
         <module>metadata-complete</module>
+        <module>web-fragment</module>
         <module>nonblocking</module>
         <module>protocol-handler</module>
         <module>resource-packaging</module>
-        <module>servlet-filters</module>
         <module>file-upload</module>
-        <module>web-fragment</module>
+        <module>programmatic-registration</module>
+        
+        <!-- Security samples assuming the container identity store -->
         <module>security-basicauth</module>
         <module>security-form-based</module>
         <module>security-programmatic</module>
         <module>security-deny-uncovered</module>
-<!--        <module>security-annotated</module>
-        <module>security-digest</module>-->
+		<module>security-annotated</module>
         <module>security-basicauth-omission</module>
-        <module>programmatic-registration</module>
-        <module>simple-servlet</module>
     </modules>
 
     <dependencies>

servlet/security-annotated/pom.xml

@@ -1,13 +1,15 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
+    
     <parent>
-        <groupId>org.javaee7.servlet</groupId>
-        <artifactId>servlet-samples</artifactId>
+        <groupId>org.javaee7</groupId>
+		<artifactId>servlet</artifactId>
         <version>1.0-SNAPSHOT</version>
-        <relativePath>../pom.xml</relativePath>
     </parent>
 
     <artifactId>security-annotated</artifactId>
     <packaging>war</packaging>
+    
+    <name>Java EE 7 Sample: servlet - security-annotated</name>
 </project>

servlet/security-annotated/src/main/java/org/javaee7/servlet/security/annotated/SecureServlet.java

@@ -2,10 +2,9 @@
 
 import java.io.IOException;
 import java.io.PrintWriter;
-import javax.annotation.security.RolesAllowed;
+
 import javax.servlet.ServletException;
 import javax.servlet.annotation.HttpConstraint;
-import javax.servlet.annotation.HttpMethodConstraint;
 import javax.servlet.annotation.ServletSecurity;
 import javax.servlet.annotation.WebServlet;
 import javax.servlet.http.HttpServlet;
@@ -16,32 +15,27 @@
  * @author Arun Gupta
  */
 @WebServlet("/SecureServlet")
-//@ServletSecurity(value = @HttpConstraint(rolesAllowed = {"g1"}),
-//        httpMethodConstraints = {
-//            @HttpMethodConstraint(value = "GET", rolesAllowed = {"g1"}),
-//            @HttpMethodConstraint(value = "POST", rolesAllowed = {"g1"})
-//        })
-@ServletSecurity(@HttpConstraint(rolesAllowed = { "g1" }))
-@RolesAllowed("g1")
+@ServletSecurity(@HttpConstraint(rolesAllowed = "g1"))
 public class SecureServlet extends HttpServlet {
 
-    protected void processRequest(HttpServletRequest request, HttpServletResponse response, String method)
-        throws ServletException, IOException {
+    private static final long serialVersionUID = 1L;
+
+    protected void processRequest(HttpServletRequest request, HttpServletResponse response, String method) throws ServletException, IOException {
         response.setContentType("text/html;charset=UTF-8");
+        
         PrintWriter out = response.getWriter();
         out.println("<!DOCTYPE html>");
         out.println("<html>");
-        out.println("<head>");
-        out.println("<title>Servlet Security Annotated - Basic Auth with File-base Realm</title>");
-        out.println("</head>");
-        out.println("<body>");
-        out.println("<h1>Basic Auth with File-base Realm (" + method + ")</h1>");
-        out.println("<h2>Were you prompted for username/password ?</h2>");
-        out.println("</body>");
+        out.println(    "<head>");
+        out.println(        "<title>Servlet Security Annotated - Basic Auth with File-base Realm</title>");
+        out.println(    "</head>");
+        out.println(    "<body>");
+        out.println(        "<h1>Basic Auth with File-base Realm (" + method + ")</h1>");
+        out.println(        "<h2>Were you prompted for username/password ?</h2>");
+        out.println(    "</body>");
         out.println("</html>");
     }
 
-    // <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
     /**
      * Handles the HTTP <code>GET</code> method.
      *
@@ -51,8 +45,7 @@ protected void processRequest(HttpServletRequest request, HttpServletResponse re
      * @throws IOException if an I/O error occurs
      */
     @Override
-    protected void doGet(HttpServletRequest request, HttpServletResponse response)
-        throws ServletException, IOException {
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
         processRequest(request, response, "GET");
     }
 
@@ -65,18 +58,8 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response)
      * @throws IOException if an I/O error occurs
      */
     @Override
-    protected void doPost(HttpServletRequest request, HttpServletResponse response)
-        throws ServletException, IOException {
+    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
         processRequest(request, response, "POST");
     }
 
-    /**
-     * Returns a short description of the servlet.
-     *
-     * @return a String containing servlet description
-     */
-    @Override
-    public String getServletInfo() {
-        return "Short description";
-    }// </editor-fold>
 }

servlet/security-annotated/src/main/webapp/WEB-INF/glassfish-web.xml

@@ -44,7 +44,6 @@
 <glassfish-web-app error-url="">
     <security-role-mapping>
         <role-name>g1</role-name>
-        <principal-name>g1</principal-name>
         <group-name>g1</group-name>
     </security-role-mapping>
 </glassfish-web-app>

servlet/security-annotated/src/test/java/org/javaee7/servlet/security/annotated/SecureServletTest.java

@@ -1,22 +1,29 @@
 package org.javaee7.servlet.security.annotated;
 
-import com.gargoylesoftware.htmlunit.DefaultCredentialsProvider;
-import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
-import com.gargoylesoftware.htmlunit.WebClient;
-import com.gargoylesoftware.htmlunit.WebRequest;
-import com.gargoylesoftware.htmlunit.html.HtmlPage;
+import static com.gargoylesoftware.htmlunit.HttpMethod.POST;
+import static org.javaee7.ServerOperations.addUsersToContainerIdentityStore;
+import static org.jboss.shrinkwrap.api.ShrinkWrap.create;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.fail;
+
 import java.net.URL;
-import javax.ws.rs.HttpMethod;
+
 import org.jboss.arquillian.container.test.api.Deployment;
 import org.jboss.arquillian.junit.Arquillian;
 import org.jboss.arquillian.test.api.ArquillianResource;
-import org.jboss.shrinkwrap.api.ShrinkWrap;
 import org.jboss.shrinkwrap.api.spec.WebArchive;
-import org.junit.Test;
-import static org.junit.Assert.*;
+import org.junit.After;
 import org.junit.Before;
+import org.junit.Test;
 import org.junit.runner.RunWith;
 
+import com.gargoylesoftware.htmlunit.DefaultCredentialsProvider;
+import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
+import com.gargoylesoftware.htmlunit.WebClient;
+import com.gargoylesoftware.htmlunit.WebRequest;
+import com.gargoylesoftware.htmlunit.html.HtmlPage;
+
 /**
  * @author Arun Gupta
  */
@@ -26,15 +33,17 @@ public class SecureServletTest {
     @ArquillianResource
     private URL base;
 
-    DefaultCredentialsProvider correctCreds = new DefaultCredentialsProvider();
-    DefaultCredentialsProvider incorrectCreds = new DefaultCredentialsProvider();
-    WebClient webClient;
+    private DefaultCredentialsProvider correctCreds = new DefaultCredentialsProvider();
+    private DefaultCredentialsProvider incorrectCreds = new DefaultCredentialsProvider();
+    private WebClient webClient;
 
     @Deployment(testable = false)
     public static WebArchive createDeployment() {
-        WebArchive war = ShrinkWrap.create(WebArchive.class).
-            addClass(SecureServlet.class);
-        return war;
+        
+        addUsersToContainerIdentityStore();
+        
+        return create(WebArchive.class)
+                .addClass(SecureServlet.class);
     }
 
     @Before
@@ -43,45 +52,58 @@ public void setup() {
         incorrectCreds.addCredentials("random", "random");
         webClient = new WebClient();
     }
+    
+    @After
+    public void tearDown() {
+        webClient.getCookieManager().clearCookies();
+        webClient.closeAllWindows();
+    }
 
     @Test
     public void testGetWithCorrectCredentials() throws Exception {
         webClient.setCredentialsProvider(correctCreds);
         HtmlPage page = webClient.getPage(base + "/SecureServlet");
+        
         assertEquals("Servlet Security Annotated - Basic Auth with File-base Realm", page.getTitleText());
     }
 
     @Test
     public void testGetWithIncorrectCredentials() throws Exception {
         webClient.setCredentialsProvider(incorrectCreds);
+        
         try {
             webClient.getPage(base + "/SecureServlet");
         } catch (FailingHttpStatusCodeException e) {
             assertNotNull(e);
             assertEquals(401, e.getStatusCode());
             return;
         }
+        
         fail("/SecureServlet could be accessed without proper security credentials");
     }
 
     @Test
     public void testPostWithCorrectCredentials() throws Exception {
         webClient.setCredentialsProvider(correctCreds);
-        WebRequest request = new WebRequest(new URL(base + "SecureServlet"), HttpMethod.POST);
+        WebRequest request = new WebRequest(new URL(base + "/SecureServlet"), POST);
         HtmlPage page = webClient.getPage(request);
+        
         assertEquals("Servlet Security Annotated - Basic Auth with File-base Realm", page.getTitleText());
     }
 
     @Test
     public void testPostWithIncorrectCredentials() throws Exception {
-        webClient.setCredentialsProvider(correctCreds);
-        WebRequest request = new WebRequest(new URL(base + "SecureServlet"), HttpMethod.POST);
+        webClient.setCredentialsProvider(incorrectCreds);
+        WebRequest request = new WebRequest(new URL(base + "/SecureServlet"), POST);
+        
         try {
             webClient.getPage(request);
         } catch (FailingHttpStatusCodeException e) {
             assertNotNull(e);
-            assertEquals(403, e.getStatusCode());
+            assertEquals(401, e.getStatusCode());
+            return;
         }
+        
         fail("/SecureServlet could be accessed without proper security credentials");
     }
 

servlet/security-annotated/src/test/java/resources/password.txt

@@ -0,0 +1 @@
+AS_ADMIN_USERPASSWORD=p1

servlet/security-basicauth-omission/src/main/java/org/javaee7/servlet/security/basicauth/omission/SecureServlet.java

@@ -40,7 +40,7 @@
 package org.javaee7.servlet.security.basicauth.omission;
 
 import java.io.IOException;
-import java.io.PrintWriter;
+
 import javax.servlet.ServletException;
 import javax.servlet.annotation.WebServlet;
 import javax.servlet.http.HttpServlet;
@@ -53,15 +53,15 @@
 @WebServlet("/SecureServlet")
 public class SecureServlet extends HttpServlet {
 
+    private static final long serialVersionUID = 1L;
+
     @Override
-    protected void doGet(HttpServletRequest request, HttpServletResponse response)
-        throws ServletException, IOException {
+    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
         response.getWriter().print("my GET");
     }
 
     @Override
-    protected void doPost(HttpServletRequest request, HttpServletResponse response)
-        throws ServletException, IOException {
+    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
         response.getWriter().print("my POST");
     }
 }