itests/openejb-itests-servlets/src/main/java/org/apache/openejb/test/servlet/RunAsServlet.java - tomee - Git at Google

 /**
  *
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  *  Unless required by applicable law or agreed to in writing, software
  *  distributed under the License is distributed on an "AS IS" BASIS,
  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
  */
 package org.apache.openejb.test.servlet;

 import javax.ejb.EJB;
 import javax.ejb.EJBAccessException;
 import javax.servlet.ServletException;
 import javax.servlet.ServletOutputStream;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.io.PrintStream;
 import java.security.Principal;
 import java.lang.reflect.Method;

 import org.junit.Assert;

 public class RunAsServlet extends HttpServlet {
     @EJB
     private SecureEJBLocal secureEJBLocal;

     protected void service(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
         response.setContentType("text/plain");
         final ServletOutputStream out = response.getOutputStream();
         final PrintStream printStream = new PrintStream(out);

         final String methodName = request.getParameter("method");
         if (methodName == null) {
             testAll(request, printStream);
         } else {
             try {
                 final Method method = getClass().getMethod(methodName, HttpServletRequest.class);
                 method.invoke(this, request);
             } catch (final Throwable e) {
                 // response.setStatus(580);
                 printStream.println("FAILED");
                 e.printStackTrace(printStream);
             }
         }
         printStream.flush();
     }

     public void testAll(final HttpServletRequest request, final PrintStream printStream) {
         for (final Method method : EjbServlet.class.getMethods()) {
             if (!method.getName().startsWith("invoke")) continue;

             try {
                 method.invoke(this);
                 printStream.println(method.getName() + " PASSED");
             } catch (final Throwable e) {
                 printStream.println(method.getName() + " FAILED");
                 e.printStackTrace(printStream);
                 printStream.flush();
             }
             printStream.println();
         }
     }

     public void invokeGetCallerPrincipal(final HttpServletRequest request) {
         // Servlet environment - running as "user"
         Principal principal = request.getUserPrincipal();
         Assert.assertNotNull(principal);
         Assert.assertEquals("user", principal.getName());

         // EJB environment - running as "runas"
         principal = secureEJBLocal.getCallerPrincipal();
         Assert.assertNotNull(principal);
         Assert.assertEquals("runas", principal.getName());
     }

     public void invokeIsCallerInRole(final HttpServletRequest request) {
         // Servlet environment - running as "user"
         Assert.assertTrue(request.isUserInRole("user"));
         Assert.assertFalse(request.isUserInRole("manager"));
         Assert.assertFalse(request.isUserInRole("UNKNOWN"));
         Assert.assertFalse(request.isUserInRole("runas"));

         // EJB environment - running as "runas"
         Assert.assertFalse(secureEJBLocal.isCallerInRole("user"));
         Assert.assertFalse(secureEJBLocal.isCallerInRole("manager"));
         Assert.assertFalse(secureEJBLocal.isCallerInRole("UNKNOWN"));
         Assert.assertTrue(secureEJBLocal.isCallerInRole("runas"));
     }

     public void invokeIsAllowed(final HttpServletRequest request) {
         try {
             secureEJBLocal.allowUserMethod();
             Assert.fail("Method allowUserMethod() ALLOWED");
         } catch (final EJBAccessException expected) {
         }

         try {
             secureEJBLocal.allowManagerMethod();
             Assert.fail("Method allowManagerMethod() ALLOWED");
         } catch (final EJBAccessException expected) {
         }

         try {
             secureEJBLocal.allowUnknownMethod();
             Assert.fail("Method allowUnknownMethod() ALLOWED");
         } catch (final EJBAccessException expected) {
         }

         try {
             secureEJBLocal.allowRunasMethod();
         } catch (final EJBAccessException e) {
             Assert.fail("Method allowRunasMethod() NOT ALLOWED");
         }

         try {
             secureEJBLocal.denyAllMethod();
             Assert.fail("Method denyAllMethod() ALLOWED");
         } catch (final EJBAccessException expected) {
         }
     }
 }
	/**
	*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.openejb.test.servlet;

	import javax.ejb.EJB;
	import javax.ejb.EJBAccessException;
	import javax.servlet.ServletException;
	import javax.servlet.ServletOutputStream;
	import javax.servlet.http.HttpServlet;
	import javax.servlet.http.HttpServletRequest;
	import javax.servlet.http.HttpServletResponse;
	import java.io.IOException;
	import java.io.PrintStream;
	import java.security.Principal;
	import java.lang.reflect.Method;

	import org.junit.Assert;

	public class RunAsServlet extends HttpServlet {
	@EJB
	private SecureEJBLocal secureEJBLocal;

	protected void service(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
	response.setContentType("text/plain");
	final ServletOutputStream out = response.getOutputStream();
	final PrintStream printStream = new PrintStream(out);

	final String methodName = request.getParameter("method");
	if (methodName == null) {
	testAll(request, printStream);
	} else {
	try {
	final Method method = getClass().getMethod(methodName, HttpServletRequest.class);
	method.invoke(this, request);
	} catch (final Throwable e) {
	// response.setStatus(580);
	printStream.println("FAILED");
	e.printStackTrace(printStream);
	}
	}
	printStream.flush();
	}

	public void testAll(final HttpServletRequest request, final PrintStream printStream) {
	for (final Method method : EjbServlet.class.getMethods()) {
	if (!method.getName().startsWith("invoke")) continue;

	try {
	method.invoke(this);
	printStream.println(method.getName() + " PASSED");
	} catch (final Throwable e) {
	printStream.println(method.getName() + " FAILED");
	e.printStackTrace(printStream);
	printStream.flush();
	}
	printStream.println();
	}
	}

	public void invokeGetCallerPrincipal(final HttpServletRequest request) {
	// Servlet environment - running as "user"
	Principal principal = request.getUserPrincipal();
	Assert.assertNotNull(principal);
	Assert.assertEquals("user", principal.getName());

	// EJB environment - running as "runas"
	principal = secureEJBLocal.getCallerPrincipal();
	Assert.assertNotNull(principal);
	Assert.assertEquals("runas", principal.getName());
	}

	public void invokeIsCallerInRole(final HttpServletRequest request) {
	// Servlet environment - running as "user"
	Assert.assertTrue(request.isUserInRole("user"));
	Assert.assertFalse(request.isUserInRole("manager"));
	Assert.assertFalse(request.isUserInRole("UNKNOWN"));
	Assert.assertFalse(request.isUserInRole("runas"));

	// EJB environment - running as "runas"
	Assert.assertFalse(secureEJBLocal.isCallerInRole("user"));
	Assert.assertFalse(secureEJBLocal.isCallerInRole("manager"));
	Assert.assertFalse(secureEJBLocal.isCallerInRole("UNKNOWN"));
	Assert.assertTrue(secureEJBLocal.isCallerInRole("runas"));
	}

	public void invokeIsAllowed(final HttpServletRequest request) {
	try {
	secureEJBLocal.allowUserMethod();
	Assert.fail("Method allowUserMethod() ALLOWED");
	} catch (final EJBAccessException expected) {
	}

	try {
	secureEJBLocal.allowManagerMethod();
	Assert.fail("Method allowManagerMethod() ALLOWED");
	} catch (final EJBAccessException expected) {
	}

	try {
	secureEJBLocal.allowUnknownMethod();
	Assert.fail("Method allowUnknownMethod() ALLOWED");
	} catch (final EJBAccessException expected) {
	}

	try {
	secureEJBLocal.allowRunasMethod();
	} catch (final EJBAccessException e) {
	Assert.fail("Method allowRunasMethod() NOT ALLOWED");
	}

	try {
	secureEJBLocal.denyAllMethod();
	Assert.fail("Method denyAllMethod() ALLOWED");
	} catch (final EJBAccessException expected) {
	}
	}
	}