From 38b685ad4e2a58ffc7dfd921caffb6d26234ba7f Mon Sep 17 00:00:00 2001 From: Sergey Beryozkin Date: Thu, 29 Feb 2024 14:38:42 +0000 Subject: [PATCH] Remove optional spec text and TCK tests --- api/pom.xml | 2 +- pom.xml | 20 +-- spec/pom.xml | 2 +- .../main/asciidoc/interoperability.asciidoc | 37 ----- tck/pom.xml | 10 +- .../jwt/tck/container/ejb/EjbEndpoint.java | 60 -------- .../jwt/tck/container/ejb/EjbTest.java | 138 ------------------ .../jwt/tck/container/ejb/IService.java | 29 ---- .../jwt/tck/container/ejb/ServiceEJB.java | 79 ---------- .../tck/container/jacc/SubjectEndpoint.java | 53 ------- .../jwt/tck/container/jacc/SubjectTest.java | 103 ------------- .../jwe/DecryptKeyAlgorithmDefaultTest.java | 25 ++-- .../tck/container/servlet/ServiceServlet.java | 100 ------------- .../tck/container/servlet/ServletTest.java | 127 ---------------- .../test/resources/suites/tck-full-suite.xml | 23 --- 15 files changed, 18 insertions(+), 790 deletions(-) delete mode 100644 tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/ejb/EjbEndpoint.java delete mode 100644 tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/ejb/EjbTest.java delete mode 100644 tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/ejb/IService.java delete mode 100644 tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/ejb/ServiceEJB.java delete mode 100644 tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/jacc/SubjectEndpoint.java delete mode 100644 tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/jacc/SubjectTest.java delete mode 100644 tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/servlet/ServiceServlet.java delete mode 100644 tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/servlet/ServletTest.java diff --git a/api/pom.xml b/api/pom.xml index 8d572e30..6fc5c2d6 100644 --- a/api/pom.xml +++ b/api/pom.xml @@ -19,7 +19,7 @@ org.eclipse.microprofile.jwt microprofile-jwt-auth-parent - 2.2-SNAPSHOT + 3.0-SNAPSHOT microprofile-jwt-auth-api diff --git a/pom.xml b/pom.xml index 3f9fc5fc..b1aa012c 100644 --- a/pom.xml +++ b/pom.xml @@ -24,16 +24,14 @@ org.eclipse.microprofile.jwt microprofile-jwt-auth-parent - 2.2-SNAPSHOT + 3.0-SNAPSHOT pom MicroProfile JWT Auth https://github.com/eclipse/microprofile-jwt-auth - 2.0.0 - 4.0.0 - 3.0 + 3.1 0.9.4 1.1.0 2.6 @@ -125,20 +123,6 @@ - - jakarta.authorization - jakarta.authorization-api - ${version.jakarta.authorization-api} - provided - true - - - jakarta.ejb - jakarta.ejb-api - ${version.jakarta.ejb.api} - provided - true - org.osgi org.osgi.annotation.versioning diff --git a/spec/pom.xml b/spec/pom.xml index 72a8e5b7..39365702 100644 --- a/spec/pom.xml +++ b/spec/pom.xml @@ -19,7 +19,7 @@ org.eclipse.microprofile.jwt microprofile-jwt-auth-parent - 2.2-SNAPSHOT + 3.0-SNAPSHOT microprofile-jwt-auth-spec diff --git a/spec/src/main/asciidoc/interoperability.asciidoc b/spec/src/main/asciidoc/interoperability.asciidoc index e4803b07..7d59936f 100644 --- a/spec/src/main/asciidoc/interoperability.asciidoc +++ b/spec/src/main/asciidoc/interoperability.asciidoc @@ -673,43 +673,6 @@ The expectations for use of the various security annotations described in sectio In terms of mapping between the MP-JWT claims and role names used in @RolesAllowed, the role names that have been mapped to group names in the MP-JWT "groups" claim, MUST result in an allowing authorization decision wherever the security constraint has been applied. -### Recommendations for Optional Container Integration -This section describes the expected behaviors for Jakarta EE container APIs other than JAX-RS. - -#### jakarta.security.enterprise.identitystore.IdentityStore.getCallerGroups(CredentialValidationResult) -This method should return the set of names found in the "groups" claim in the JWT if it exists, an empty set otherwise. - -#### jakarta.ejb.SessionContext.getCallerPrincipal() -The java.security.Principal returned from this method MUST be an instance of `org.eclipse.microprofile.jwt.JsonWebToken`. - -#### jakarta.ejb.SessionContext#isCallerInRole(String) -This method MUST return true for any name that is included in the MP-JWT "groups" claim, as well as for any -role name that has been mapped to a group name in the MP-JWT "groups" claim. - -#### Overriding @LoginConfig from web.xml login-config -If a deployment with a web.xml descriptor contains a login-config element, an MP-JWT implementation should view the -web.xml metadata as an override to the deployment annotation. - -#### jakarta.servlet.http.HttpServletRequest.getUserPrincipal() -The java.security.Principal returned from this method MUST be an instance of org.eclipse.microprofile.jwt.JsonWebToken. - -#### jakarta.servlet.http.HttpServletRequest#isUserInRole(String) -This method MUST return true for any name that is included in the MP-JWT "groups" claim, as well as for any -role name that has been mapped to a group name in the MP-JWT "groups" claim. - -#### jakarta.security.jacc.PolicyContext.getContext("javax.security.auth.Subject.container") -The javax.security.auth.Subject returned by the PolicyContext.getContext(String key) method with the standard -"javax.security.auth.Subject.container" key, MUST return a Subject that has a `java.security.Principal` of type -`org.eclipse.microprofile.jwt.JsonWebToken` amongst it's set of `Principal`s returned by `getPrincipals()``. Similarly, -`Subject#getPrincipals(JsonWebToken.class)` must return a set with at least one value. This means that following code -snipet must not throw an AssertionError: - -```java - Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); - Set principalSet = subject.getPrincipals(JsonWebToken.class); - assert principalSet.size() > 0; -``` - ## Mapping MP-JWT Token to Other Container APIs For non-Jakarta EE containers that provide access to some form of `java.security.Principal` representation of an authenticated caller, the caller principal MUST be compatible with the `org.eclipse.microprofile.jwt.JsonWebToken` interface. diff --git a/tck/pom.xml b/tck/pom.xml index 1b659191..7edd7be9 100644 --- a/tck/pom.xml +++ b/tck/pom.xml @@ -19,7 +19,7 @@ org.eclipse.microprofile.jwt microprofile-jwt-auth-parent - 2.2-SNAPSHOT + 3.0-SNAPSHOT microprofile-jwt-auth-tck @@ -59,14 +59,6 @@ jakarta.ws.rs jakarta.ws.rs-api - - jakarta.authorization - jakarta.authorization-api - - - jakarta.ejb - jakarta.ejb-api - org.bitbucket.b_c jose4j diff --git a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/ejb/EjbEndpoint.java b/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/ejb/EjbEndpoint.java deleted file mode 100644 index f6c338ab..00000000 --- a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/ejb/EjbEndpoint.java +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright (c) 2016-2017 Contributors to the Eclipse Foundation - * - * See the NOTICE file(s) distributed with this work for additional - * information regarding copyright ownership. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * You may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -package org.eclipse.microprofile.jwt.tck.container.ejb; - -import jakarta.annotation.security.DenyAll; -import jakarta.annotation.security.RolesAllowed; -import jakarta.ejb.EJB; -import jakarta.enterprise.context.RequestScoped; -import jakarta.ws.rs.GET; -import jakarta.ws.rs.Path; -import jakarta.ws.rs.QueryParam; -import jakarta.ws.rs.core.Context; -import jakarta.ws.rs.core.SecurityContext; - -@Path("/endp") -@DenyAll -@RequestScoped -public class EjbEndpoint { - @EJB - private IService serviceEJB; - - @GET - @Path("/getEJBEcho") - @RolesAllowed("Echoer") - public String getEJBEcho(@Context SecurityContext sec, @QueryParam("input") String input) { - return serviceEJB.echo(input); - } - - @GET - @Path("/getEJBPrincipalClass") - @RolesAllowed("Tester") - public String getEJBPrincipalClass(@Context SecurityContext sec) { - return serviceEJB.getPrincipalClass(); - } - - @GET - @Path("/getEJBSubjectClass") - @RolesAllowed("Tester") - public String getEJBSubjectClass(@Context SecurityContext sec) throws Exception { - return serviceEJB.getSubjectClass(); - } - -} diff --git a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/ejb/EjbTest.java b/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/ejb/EjbTest.java deleted file mode 100644 index 459ac75f..00000000 --- a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/ejb/EjbTest.java +++ /dev/null @@ -1,138 +0,0 @@ -/* - * Copyright (c) 2016-2017 Contributors to the Eclipse Foundation - * - * See the NOTICE file(s) distributed with this work for additional - * information regarding copyright ownership. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * You may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -package org.eclipse.microprofile.jwt.tck.container.ejb; - -import static jakarta.ws.rs.core.MediaType.TEXT_PLAIN; - -import java.io.IOException; -import java.net.HttpURLConnection; -import java.net.URL; - -import org.eclipse.microprofile.jwt.JsonWebToken; -import org.eclipse.microprofile.jwt.tck.TCKConstants; -import org.eclipse.microprofile.jwt.tck.container.jaxrs.TCKApplication; -import org.eclipse.microprofile.jwt.tck.util.MpJwtTestVersion; -import org.eclipse.microprofile.jwt.tck.util.TokenUtils; -import org.jboss.arquillian.container.test.api.Deployment; -import org.jboss.arquillian.container.test.api.RunAsClient; -import org.jboss.arquillian.test.api.ArquillianResource; -import org.jboss.arquillian.testng.Arquillian; -import org.jboss.shrinkwrap.api.ShrinkWrap; -import org.jboss.shrinkwrap.api.asset.EmptyAsset; -import org.jboss.shrinkwrap.api.asset.StringAsset; -import org.jboss.shrinkwrap.api.spec.WebArchive; -import org.testng.Assert; -import org.testng.annotations.BeforeClass; -import org.testng.annotations.Test; - -import jakarta.ws.rs.client.ClientBuilder; -import jakarta.ws.rs.client.WebTarget; -import jakarta.ws.rs.core.HttpHeaders; -import jakarta.ws.rs.core.Response; - -/** - * Basic EJB container integration tests - */ -public class EjbTest extends Arquillian { - - /** - * The test generated JWT token string - */ - private static String token; - /** - * The base URL for the container under test - */ - @ArquillianResource - private URL baseURL; - - /** - * Create a CDI aware base web application archive - * - * @return the base base web application archive - * @throws IOException - * - on resource failure - */ - @Deployment(testable = true) - public static WebArchive createDeployment() throws IOException { - URL publicKey = EjbTest.class.getResource("/publicKey.pem"); - WebArchive webArchive = ShrinkWrap - .create(WebArchive.class, "EjbTest.war") - .addAsManifestResource(new StringAsset(MpJwtTestVersion.MPJWT_V_1_0.name()), - MpJwtTestVersion.MANIFEST_NAME) - .addAsResource(publicKey, "/publicKey.pem") - .addClass(EjbEndpoint.class) - .addClass(IService.class) - .addClass(ServiceEJB.class) - .addClass(TCKApplication.class) - .addAsWebInfResource(EmptyAsset.INSTANCE, "beans.xml"); - System.out.printf("WebArchive: %s\n", webArchive.toString(true)); - return webArchive; - } - - @BeforeClass(alwaysRun = true) - public static void generateToken() throws Exception { - token = TokenUtils.generateTokenString("/Token1.json"); - } - - @RunAsClient - @Test(groups = TCKConstants.TEST_GROUP_EJB, description = "Validate a request with MP-JWT to a secured method propagates to a secured ejb method") - public void callEjbEcho() throws Exception { - String uri = baseURL.toExternalForm() + "endp/getEJBEcho"; - WebTarget echoEndpointTarget = ClientBuilder.newClient() - .target(uri); - Response response = - echoEndpointTarget.request(TEXT_PLAIN).header(HttpHeaders.AUTHORIZATION, "Bearer " + token).get(); - Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK); - String reply = response.readEntity(String.class); - System.out.println(reply); - } - - @RunAsClient - @Test(groups = TCKConstants.TEST_GROUP_EJB, description = "Validate a request with MP-JWT PolicyContext.getContext() Subject has a JsonWebToken") - public void getSubjectClass() throws Exception { - String uri = baseURL.toExternalForm() + "endp/getEJBSubjectClass"; - WebTarget echoEndpointTarget = ClientBuilder.newClient() - .target(uri); - Response response = - echoEndpointTarget.request(TEXT_PLAIN).header(HttpHeaders.AUTHORIZATION, "Bearer " + token).get(); - Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK); - String reply = response.readEntity(String.class); - System.out.println(reply); - } - - @RunAsClient - @Test(groups = TCKConstants.TEST_GROUP_EJB, description = "Validate a request with MP-JWT SecurityContext.getUserPrincipal() is a JsonWebToken") - public void testEJBPrincipalClass() throws Exception { - String uri = baseURL.toExternalForm() + "endp/getEJBPrincipalClass"; - WebTarget echoEndpointTarget = ClientBuilder.newClient() - .target(uri); - Response response = - echoEndpointTarget.request(TEXT_PLAIN).header(HttpHeaders.AUTHORIZATION, "Bearer " + token).get(); - Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK); - String reply = response.readEntity(String.class); - String[] ifaces = reply.split(","); - boolean hasJsonWebToken = false; - for (String iface : ifaces) { - hasJsonWebToken |= iface.equals(JsonWebToken.class.getTypeName()); - } - Assert.assertTrue(hasJsonWebToken, "EJB PrincipalClass has JsonWebToken interface"); - } - -} diff --git a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/ejb/IService.java b/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/ejb/IService.java deleted file mode 100644 index 9b6c1478..00000000 --- a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/ejb/IService.java +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright (c) 2016-2017 Contributors to the Eclipse Foundation - * - * See the NOTICE file(s) distributed with this work for additional - * information regarding copyright ownership. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * You may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -package org.eclipse.microprofile.jwt.tck.container.ejb; - -import jakarta.ejb.Local; - -@Local -public interface IService { - public String echo(String input); - public String getPrincipalClass(); - public String getSubjectClass() throws Exception; -} diff --git a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/ejb/ServiceEJB.java b/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/ejb/ServiceEJB.java deleted file mode 100644 index af6feb90..00000000 --- a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/ejb/ServiceEJB.java +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Copyright (c) 2016-2017 Contributors to the Eclipse Foundation - * - * See the NOTICE file(s) distributed with this work for additional - * information regarding copyright ownership. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * You may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -package org.eclipse.microprofile.jwt.tck.container.ejb; - -import java.security.Principal; -import java.util.HashSet; -import java.util.Set; - -import javax.security.auth.Subject; - -import org.eclipse.microprofile.jwt.JsonWebToken; - -import jakarta.annotation.Resource; -import jakarta.annotation.security.RolesAllowed; -import jakarta.ejb.SessionContext; -import jakarta.ejb.Stateless; -import jakarta.security.jacc.PolicyContext; - -@Stateless -public class ServiceEJB implements IService { - - @Resource - private SessionContext ctx; - - @RolesAllowed("Echoer") - public String echo(String input) { - Principal user = ctx.getCallerPrincipal(); - return String.format("ServiceEJB, input=%s, user=%s", input, user.getName()); - } - - @RolesAllowed("Tester") - public String getPrincipalClass() { - Principal user = ctx.getCallerPrincipal(); - System.out.printf("ServiceEJB.getPrincipalClass, user=%s, class=%s\n", user.getName(), user.getClass()); - HashSet interfaces = new HashSet<>(); - Class current = user.getClass(); - while (current.equals(Object.class) == false) { - Class[] tmp = current.getInterfaces(); - for (Class c : tmp) { - interfaces.add(c); - } - current = current.getSuperclass(); - } - StringBuilder tmp = new StringBuilder(); - for (Class iface : interfaces) { - tmp.append(iface.getTypeName()); - tmp.append(','); - } - tmp.setLength(tmp.length() - 1); - return tmp.toString(); - } - @RolesAllowed("Tester") - public String getSubjectClass() throws Exception { - Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); - System.out.printf("ServiceEJB.getSubjectClass, subject=%s\n", subject); - Set principalSet = subject.getPrincipals(JsonWebToken.class); - if (principalSet.size() > 0) { - return "subject.getPrincipals(JsonWebToken.class) ok"; - } - throw new IllegalStateException("subject.getPrincipals(JsonWebToken.class) == 0"); - } -} diff --git a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/jacc/SubjectEndpoint.java b/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/jacc/SubjectEndpoint.java deleted file mode 100644 index 8a03d1e2..00000000 --- a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/jacc/SubjectEndpoint.java +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (c) 2016-2017 Contributors to the Eclipse Foundation - * - * See the NOTICE file(s) distributed with this work for additional - * information regarding copyright ownership. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * You may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -package org.eclipse.microprofile.jwt.tck.container.jacc; - -import java.security.Principal; -import java.util.Set; - -import javax.security.auth.Subject; - -import org.eclipse.microprofile.jwt.JsonWebToken; - -import jakarta.annotation.security.DenyAll; -import jakarta.annotation.security.RolesAllowed; -import jakarta.enterprise.context.RequestScoped; -import jakarta.security.jacc.PolicyContext; -import jakarta.ws.rs.GET; -import jakarta.ws.rs.Path; -import jakarta.ws.rs.core.Context; -import jakarta.ws.rs.core.SecurityContext; - -@Path("/endp") -@DenyAll -@RequestScoped -public class SubjectEndpoint { - @GET - @Path("/getSubjectClass") - @RolesAllowed("Tester") - public String getSubjectClass(@Context SecurityContext sec) throws Exception { - Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); - Set principalSet = subject.getPrincipals(JsonWebToken.class); - if (principalSet.size() > 0) { - return "subject.getPrincipals(JWTPrincipal.class) ok"; - } - throw new IllegalStateException("subject.getPrincipals(JWTPrincipal.class) == 0"); - } -} diff --git a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/jacc/SubjectTest.java b/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/jacc/SubjectTest.java deleted file mode 100644 index 4350594e..00000000 --- a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/jacc/SubjectTest.java +++ /dev/null @@ -1,103 +0,0 @@ -/* - * Copyright (c) 2016-2017 Contributors to the Eclipse Foundation - * - * See the NOTICE file(s) distributed with this work for additional - * information regarding copyright ownership. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * You may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -package org.eclipse.microprofile.jwt.tck.container.jacc; - -import static jakarta.ws.rs.core.MediaType.TEXT_PLAIN; - -import java.io.IOException; -import java.net.HttpURLConnection; -import java.net.URL; - -import org.eclipse.microprofile.jwt.tck.TCKConstants; -import org.eclipse.microprofile.jwt.tck.container.jaxrs.TCKApplication; -import org.eclipse.microprofile.jwt.tck.util.MpJwtTestVersion; -import org.eclipse.microprofile.jwt.tck.util.TokenUtils; -import org.jboss.arquillian.container.test.api.Deployment; -import org.jboss.arquillian.container.test.api.RunAsClient; -import org.jboss.arquillian.test.api.ArquillianResource; -import org.jboss.arquillian.testng.Arquillian; -import org.jboss.shrinkwrap.api.ShrinkWrap; -import org.jboss.shrinkwrap.api.asset.EmptyAsset; -import org.jboss.shrinkwrap.api.asset.StringAsset; -import org.jboss.shrinkwrap.api.spec.WebArchive; -import org.testng.Assert; -import org.testng.annotations.BeforeClass; -import org.testng.annotations.Test; - -import jakarta.ws.rs.client.ClientBuilder; -import jakarta.ws.rs.client.WebTarget; -import jakarta.ws.rs.core.HttpHeaders; -import jakarta.ws.rs.core.Response; - -/** - * Tests of accessing the JACC Subject to validate it contains a JsonWebToken principal - */ -public class SubjectTest extends Arquillian { - - /** - * The test generated JWT token string - */ - private static String token; - /** - * The base URL for the container under test - */ - @ArquillianResource - private URL baseURL; - - /** - * Create a CDI aware base web application archive - * - * @return the base base web application archive - * @throws IOException - * - on resource failure - */ - @Deployment(testable = true) - public static WebArchive createDeployment() throws IOException { - URL publicKey = SubjectTest.class.getResource("/publicKey.pem"); - WebArchive webArchive = ShrinkWrap - .create(WebArchive.class, "SubjectTest.war") - .addAsManifestResource(new StringAsset(MpJwtTestVersion.MPJWT_V_1_0.name()), - MpJwtTestVersion.MANIFEST_NAME) - .addAsResource(publicKey, "/publicKey.pem") - .addClass(SubjectEndpoint.class) - .addClass(TCKApplication.class) - .addAsWebInfResource(EmptyAsset.INSTANCE, "beans.xml"); - System.out.printf("WebArchive: %s\n", webArchive.toString(true)); - return webArchive; - } - - @BeforeClass(alwaysRun = true) - public static void generateToken() throws Exception { - token = TokenUtils.generateTokenString("/Token1.json"); - } - - @RunAsClient - @Test(groups = TCKConstants.TEST_GROUP_JACC, description = "Validate a request with MP-JWT PolicyContext.getContext(jakarta.security.auth.Subject.containe) has a JsonWebToken") - public void getSubjectClass() throws Exception { - String uri = baseURL.toExternalForm() + "endp/getSubjectClass"; - WebTarget echoEndpointTarget = ClientBuilder.newClient() - .target(uri); - Response response = - echoEndpointTarget.request(TEXT_PLAIN).header(HttpHeaders.AUTHORIZATION, "Bearer " + token).get(); - Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK); - String reply = response.readEntity(String.class); - System.out.println(reply); - } -} diff --git a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/jaxrs/jwe/DecryptKeyAlgorithmDefaultTest.java b/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/jaxrs/jwe/DecryptKeyAlgorithmDefaultTest.java index 8dc65be8..4cc77228 100644 --- a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/jaxrs/jwe/DecryptKeyAlgorithmDefaultTest.java +++ b/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/jaxrs/jwe/DecryptKeyAlgorithmDefaultTest.java @@ -19,10 +19,15 @@ */ package org.eclipse.microprofile.jwt.tck.container.jaxrs.jwe; -import jakarta.ws.rs.client.ClientBuilder; -import jakarta.ws.rs.client.WebTarget; -import jakarta.ws.rs.core.HttpHeaders; -import jakarta.ws.rs.core.Response; +import static jakarta.ws.rs.core.MediaType.TEXT_PLAIN; +import static org.eclipse.microprofile.jwt.tck.TCKConstants.TEST_GROUP_JAXRS; + +import java.io.IOException; +import java.net.HttpURLConnection; +import java.net.URL; +import java.security.PrivateKey; +import java.security.PublicKey; + import org.eclipse.microprofile.jwt.tck.container.jaxrs.RolesEndpoint; import org.eclipse.microprofile.jwt.tck.container.jaxrs.TCKApplication; import org.eclipse.microprofile.jwt.tck.util.KeyManagementAlgorithm; @@ -39,14 +44,10 @@ import org.testng.Reporter; import org.testng.annotations.Test; -import java.io.IOException; -import java.net.HttpURLConnection; -import java.net.URL; -import java.security.PrivateKey; -import java.security.PublicKey; - -import static jakarta.ws.rs.core.MediaType.TEXT_PLAIN; -import static org.eclipse.microprofile.jwt.tck.TCKConstants.TEST_GROUP_JAXRS; +import jakarta.ws.rs.client.ClientBuilder; +import jakarta.ws.rs.client.WebTarget; +import jakarta.ws.rs.core.HttpHeaders; +import jakarta.ws.rs.core.Response; /** * If "mp.jwt.decryption.algorithm" is not set then both RSA-OAEP and RSA-OAEP-256 must be accepted. diff --git a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/servlet/ServiceServlet.java b/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/servlet/ServiceServlet.java deleted file mode 100644 index 6bc48041..00000000 --- a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/servlet/ServiceServlet.java +++ /dev/null @@ -1,100 +0,0 @@ -/* - * Copyright (c) 2016-2017 Contributors to the Eclipse Foundation - * - * See the NOTICE file(s) distributed with this work for additional - * information regarding copyright ownership. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * You may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -package org.eclipse.microprofile.jwt.tck.container.servlet; - -import java.io.IOException; -import java.security.Principal; -import java.util.HashSet; -import java.util.Set; - -import javax.security.auth.Subject; - -import org.eclipse.microprofile.jwt.JsonWebToken; -import org.eclipse.microprofile.jwt.tck.container.ejb.IService; - -import jakarta.ejb.EJB; -import jakarta.security.jacc.PolicyContext; -import jakarta.security.jacc.PolicyContextException; -import jakarta.servlet.ServletException; -import jakarta.servlet.annotation.HttpConstraint; -import jakarta.servlet.annotation.ServletSecurity; -import jakarta.servlet.annotation.WebServlet; -import jakarta.servlet.http.HttpServlet; -import jakarta.servlet.http.HttpServletRequest; -import jakarta.servlet.http.HttpServletResponse; - -@ServletSecurity(@HttpConstraint(rolesAllowed = {"Tester"})) -@WebServlet("/ServiceServlet/*") -public class ServiceServlet extends HttpServlet { - @EJB - private IService serviceEJB; - - @Override - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - Principal user = req.getUserPrincipal(); - String pathInfo = req.getPathInfo(); - System.out.printf("pathInfo=%s\n", pathInfo); - - String result = ""; - if (pathInfo.endsWith("/getSubject")) { - System.out.printf("Calling getSubject\n"); - result = getSubject(resp); - } else { - System.out.printf("Calling getPrincipalClass\n"); - result = getPrincipalClass(user); - } - resp.getWriter().write(result); - } - private String getPrincipalClass(Principal user) { - HashSet interfaces = new HashSet<>(); - Class current = user.getClass(); - while (current.equals(Object.class) == false) { - Class[] tmp = current.getInterfaces(); - for (Class c : tmp) { - interfaces.add(c); - } - current = current.getSuperclass(); - } - StringBuilder tmp = new StringBuilder(); - for (Class iface : interfaces) { - tmp.append(iface.getTypeName()); - tmp.append(','); - } - tmp.setLength(tmp.length() - 1); - return tmp.toString(); - } - private String getSubject(HttpServletResponse response) throws IOException { - try { - Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container"); - Set principalSet = subject.getPrincipals(JsonWebToken.class); - if (principalSet.size() > 0) { - return "subject.getPrincipals(JsonWebToken.class) ok"; - } - response.sendError(500, "subject.getPrincipals(JsonWebToken.class) == 0"); - } catch (PolicyContextException e) { - e.printStackTrace(); - response.sendError(500, e.getMessage()); - } - throw new IllegalStateException("subject.getPrincipals(JsonWebToken.class) == 0"); - } - private String callEJB(HttpServletResponse response) throws IOException { - return ""; - } -} diff --git a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/servlet/ServletTest.java b/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/servlet/ServletTest.java deleted file mode 100644 index d32b5dcf..00000000 --- a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/servlet/ServletTest.java +++ /dev/null @@ -1,127 +0,0 @@ -/* - * Copyright (c) 2016-2017 Contributors to the Eclipse Foundation - * - * See the NOTICE file(s) distributed with this work for additional - * information regarding copyright ownership. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * You may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -package org.eclipse.microprofile.jwt.tck.container.servlet; - -import static jakarta.ws.rs.core.MediaType.TEXT_PLAIN; - -import java.io.IOException; -import java.net.HttpURLConnection; -import java.net.URL; - -import org.eclipse.microprofile.jwt.JsonWebToken; -import org.eclipse.microprofile.jwt.tck.TCKConstants; -import org.eclipse.microprofile.jwt.tck.container.ejb.EjbEndpoint; -import org.eclipse.microprofile.jwt.tck.container.ejb.IService; -import org.eclipse.microprofile.jwt.tck.container.ejb.ServiceEJB; -import org.eclipse.microprofile.jwt.tck.container.jaxrs.TCKApplication; -import org.eclipse.microprofile.jwt.tck.util.MpJwtTestVersion; -import org.eclipse.microprofile.jwt.tck.util.TokenUtils; -import org.jboss.arquillian.container.test.api.Deployment; -import org.jboss.arquillian.container.test.api.RunAsClient; -import org.jboss.arquillian.test.api.ArquillianResource; -import org.jboss.arquillian.testng.Arquillian; -import org.jboss.shrinkwrap.api.ShrinkWrap; -import org.jboss.shrinkwrap.api.asset.EmptyAsset; -import org.jboss.shrinkwrap.api.asset.StringAsset; -import org.jboss.shrinkwrap.api.spec.WebArchive; -import org.testng.Assert; -import org.testng.annotations.BeforeClass; -import org.testng.annotations.Test; - -import jakarta.ws.rs.client.ClientBuilder; -import jakarta.ws.rs.client.WebTarget; -import jakarta.ws.rs.core.HttpHeaders; -import jakarta.ws.rs.core.Response; - -/** - * Basic servlet container integration tests - */ -public class ServletTest extends Arquillian { - - /** - * The test generated JWT token string - */ - private static String token; - /** - * The base URL for the container under test - */ - @ArquillianResource - private URL baseURL; - - /** - * Create a CDI aware base web application archive - * - * @return the base base web application archive - * @throws IOException - * - on resource failure - */ - @Deployment(testable = true) - public static WebArchive createDeployment() throws IOException { - URL publicKey = ServletTest.class.getResource("/publicKey.pem"); - WebArchive webArchive = ShrinkWrap - .create(WebArchive.class, "ServletTest.war") - .addAsManifestResource(new StringAsset(MpJwtTestVersion.MPJWT_V_1_0.name()), - MpJwtTestVersion.MANIFEST_NAME) - .addAsResource(publicKey, "/publicKey.pem") - .addClass(EjbEndpoint.class) - .addClass(ServiceServlet.class) - .addClass(IService.class) - .addClass(ServiceEJB.class) - .addClass(TCKApplication.class) - .addAsWebInfResource(EmptyAsset.INSTANCE, "beans.xml"); - System.out.printf("WebArchive: %s\n", webArchive.toString(true)); - return webArchive; - } - - @BeforeClass(alwaysRun = true) - public static void generateToken() throws Exception { - token = TokenUtils.generateTokenString("/Token1.json"); - } - - @RunAsClient - @Test(groups = TCKConstants.TEST_GROUP_SERVLET, description = "Validate a request with MP-JWT SecurityContext.getUserPrincipal() is a JsonWebToken") - public void getServletPrincipalClass() throws Exception { - String uri = baseURL.toExternalForm() + "ServiceServlet/getPrincipalClass"; - WebTarget echoEndpointTarget = ClientBuilder.newClient() - .target(uri); - Response response = - echoEndpointTarget.request(TEXT_PLAIN).header(HttpHeaders.AUTHORIZATION, "Bearer " + token).get(); - Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK); - String reply = response.readEntity(String.class); - String[] ifaces = reply.split(","); - boolean hasJsonWebToken = false; - for (String iface : ifaces) { - hasJsonWebToken |= iface.equals(JsonWebToken.class.getTypeName()); - } - Assert.assertTrue(hasJsonWebToken, "PrincipalClass has JsonWebToken interface"); - } - @RunAsClient - @Test(groups = TCKConstants.TEST_GROUP_SERVLET, description = "Validate a request with MP-JWT PolicyContext.getContext() Subject has a JsonWebToken") - public void getServletSubjectClass() throws Exception { - String uri = baseURL.toExternalForm() + "ServiceServlet/getSubject"; - WebTarget echoEndpointTarget = ClientBuilder.newClient() - .target(uri); - Response response = - echoEndpointTarget.request(TEXT_PLAIN).header(HttpHeaders.AUTHORIZATION, "Bearer " + token).get(); - Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK); - String reply = response.readEntity(String.class); - System.out.println(reply); - } -} diff --git a/tck/src/test/resources/suites/tck-full-suite.xml b/tck/src/test/resources/suites/tck-full-suite.xml index 8f0f52d0..75e87bb4 100644 --- a/tck/src/test/resources/suites/tck-full-suite.xml +++ b/tck/src/test/resources/suites/tck-full-suite.xml @@ -87,27 +87,4 @@ - - - - - - - - - - - - - - - - - - - - - - -