Hi Thiago, That is astonishing how deep you got in such a little amount of time. You have nothing to worry about or to be sorry about.
We all truly appreciate the help. You are right on. Here are some pointers for debugging. Here is where we get notified by TCK stack about deployments and descriptors. https://github.com/apache/tomee-tck/blob/master/src/main/java/org/apache/openejb/cts/DeploymentImpl.java#L170 L182, I added a hack the other day to support overriding the context from the sun descriptor. I acknowledge it was a hack but changing the DeployerEjb is a bit tricky and can break too many things A solution would be to fork it in TomEE TCK and clean it up so we can support all deployment descriptors for EAR, WAR packagings. We would use the TCK specific version to deploy and configure (finer). What do you think? -- Jean-Louis Monteiro http://twitter.com/jlouismonteiro http://www.tomitribe.com On Wed, Dec 16, 2020 at 12:14 PM Thiago Henrique Hupner <thi...@gmail.com> wrote: > Hi all! > > I started taking a look to get a feeling of the whole process. > I guess I was able to configure the TCK because I'm able to use the > "runtests" script and debug in my IDE. > > So, as far as I could tell, there isn't any processing of security for any > sun-*.xml. > > Another thing that I noticed is that the > `webModule.getAltDDs().get("sun-web.xml");` is returning null. The process > of > including the in the "altDDs" (org.apache.openejb.assembler.DeployerEjb) is > trying to find the module > "servlet_ee_spec_security_runAs_second_module_web.war" > while the correct (I guess) is > "servlet_ee_spec_security_runAs_second_module_web" (because there's a entry > with this key). > > Sorry if I'm taking a lot of time to process all this information and thank > you for helping me. > > Em ter., 15 de dez. de 2020 às 12:41, Jonathan Gallimore < > jonathan.gallim...@gmail.com> escreveu: > > > There's a similar issue for some of the JAX-RS tests as well which I had > > been meaning to tackle in the same way - if you have some joy with the > > Servlet tests, you'll likely fix the JAX-RS tests too. > > > > Thanks for looking at this Thiago - let us know how you're getting on! > > > > Jon > > > > On Tue, Dec 15, 2020 at 1:02 PM Jean-Louis Monteiro < > > jlmonte...@tomitribe.com> wrote: > > > > > Hi Thiago, > > > > > > No the TCK setup is unfortunately a bit more complex. > > > You can have a look at the readme from this repo > > > https://github.com/apache/tomee-tck > > > > > > What I would recommend is either create a unit test in openejb-core to > > > reproduce the issue. > > > Or at least create an example (starting from > > examples/alternate-descriptors > > > is probably good). > > > > > > The TCK is very simple. > > > This is where you can find it > > > > > > > > > https://github.com/eclipse-ee4j/jakartaee-tck/tree/master/src/com/sun/ts/tests/servlet/ee/spec/security/runAs > > > > > > Basically ServletTwo is secured and called with a user j2ee with > > > Administrator role. > > > It has @RunAs("Manager"), so it can call the EJB with Manager > > > @RolesAllowed. > > > > > > The goal is to map j2ee with javajoe which has Manager role. > > > Check out the comments for the following method > > > > > > > > > https://github.com/eclipse-ee4j/jakartaee-tck/blob/master/src/com/sun/ts/tests/servlet/ee/spec/security/runAs/Client.java#L211 > > > > > > If you want to go the junit simple test, have a look at > > > > > > > > > https://github.com/apache/tomee/tree/master/container/openejb-core/src/test/java/org/apache/openejb/config > > > You can find a couple of Sun...Test files. > > > > > > The goal is pretty simple in essence. > > > In here > > > > > > > > > https://github.com/apache/tomee/tree/master/container/openejb-jee/src/main/java/org/apache/openejb/jee > > > You have all descriptors supported. > > > > > > Under sun package, you will find deployment descriptors JAXB tree, for > > > instance to parse > > > > > > > > > https://github.com/eclipse-ee4j/jakartaee-tck/blob/master/src/com/sun/ts/tests/servlet/ee/spec/security/runAs/servlet_ee_spec_security_runAs_second_module_web.war.sun-web.xml > > > The role mapping is here > > > > > > > > > https://github.com/apache/tomee/blob/master/container/openejb-jee/src/main/java/org/apache/openejb/jee/sun/Servlet.java > > > > > > You need to convert to the JAXB tree under oejb3. > > > The role mapping is here > > > > > > > > > https://github.com/apache/tomee/blob/master/container/openejb-jee/src/main/java/org/apache/openejb/jee/oejb3/RoleMapping.java > > > > > > Small trick to solve, for glassfish the mapping is done from servlet > name > > > to principal. > > > For OpenEJB/TomEE the mapping is done from role to principal > > > > > > Hope it helps > > > > > > -- > > > Jean-Louis Monteiro > > > http://twitter.com/jlouismonteiro > > > http://www.tomitribe.com > > > > > > > > > On Tue, Dec 15, 2020 at 1:46 PM Thiago Henrique Hupner < > thi...@gmail.com > > > > > > wrote: > > > > > > > I can have a look at the RunAs tests. > > > > > > > > I just want to know, if I make a change in the TomEE, using `mvn > clean > > > > install` would be enough to the tomee-tck use the new jars or > > > > do I need to setup anything else? > > > > > > > > Thanks > > > > > > > > Em ter., 15 de dez. de 2020 às 08:16, Jean-Louis Monteiro < > > > > jlmonte...@tomitribe.com> escreveu: > > > > > > > > > Hi community, > > > > > > > > > > I was working on the Servlet, I I have been able to bring it down > to > > > > > > > > > > > > > > > > > > > > https://tck.work/tomee/tests?build=1607984842299&path=com.sun.ts.tests.servlet > > > > > > > > > > 22 remaining failures. > > > > > > > > > > Based on Tomcat's following page > > > > > https://cwiki.apache.org/confluence/display/TOMCAT/Servlet+TCK+4.0 > > > > > > > > > > I added some excludes for tests which were fix because of known > bugs > > > > > See > > > > > > > > > > > > > > > > > > > > https://github.com/apache/tomee-tck/blob/master/src/test/resources/ts.jtx#L24 > > > > > > > > > > On the 22, we still have some pending tests as explained in the > > Tomcat > > > > > wiki. > > > > > I haven't excluded them because they aren't flagged as bugs on the > > TCK, > > > > so > > > > > until the challenge is accepted and fixed, we should leave them in > my > > > > > opinion. > > > > > > > > > > I'm trying to get some of the permission fixed as well by adding > the > > > > > security manager. > > > > > > > > > > > > > > > - com.sun.ts.tests.servlet.spec.security.clientcert.Client (1 > > > > > failure)--> JDK issue fixed with 1.8u221 - I already updated the > > > > > certificates because they were expired > > > > > - com.sun.ts.tests.servlet.ee.spec.security.permissiondd.Client > > (14 > > > > > failures) --> We need the security manager with Tomcat > > > > > - com.sun.ts.tests.servlet.ee.spec.security.runAs.Client (2 > > > failures) > > > > > --> we need a role mapping so user can switch from j2ee to > > javajoe. > > > We > > > > > do > > > > > support role mapping but with openejb-jar.xml (not standard way > - > > > each > > > > > container has its own). As the TCK provides Glassfish role > mapping > > > > > already, > > > > > we should be able to easily pass this by just improving the > > > > > SunConversion > > > > > class to read and map the roles to our internal model. > > > > > - com.sun.ts.tests.servlet.api.javax_servlet.srevent.URLClient > (1 > > > > > failure) > > > > > - > > com.sun.ts.tests.servlet.api.javax_servlet.asynccontext.URLClient > > > (2 > > > > > failures) > > > > > - com.sun.ts.tests.servlet.spec.security.secbasic.Client (2 > > > failures) > > > > > --> known. Under discussion > > > > > > > > > > If someone wants to take the RunAs, it's an easy one to do. I can > > > provide > > > > > some guidance. > > > > > > > > > > -- > > > > > Jean-Louis Monteiro > > > > > http://twitter.com/jlouismonteiro > > > > > http://www.tomitribe.com > > > > > > > > > > > > > > >
