Hi.
I tried to debug the DeploymentImpl however I wasn't able. Do you know if
this class is only used by the
full TCK run or if it used by single run?
I'm running the TCK with:
./runtests -sql skip -ds --web tomee-plume
com.sun.ts.tests.servlet.ee.spec.security.runAs
And attaching the debugger to port 5005.
I also find something weird: looks like the AnnotationDeployer class is not
run on Servlet classes.
>From what I can tell, only the EJBs are been scanned. The
com.sun.ts.tests.servlet.ee.spec.security.runAs.ServletTwo doesn't reach
there and the applications
doesn't know about the RunAs("Manager").
About the DeploymentImpl probably I'll need to get more information to
understand how it works.
For now, I've applied a patch to the DeployerEjb:
if (slash > 0) {
String moduleId = name.substring(0, slash);
// To remove ".war" from the module name
moduleId = moduleId.substring(0, moduleId.length() - 4);
name = name.substring(slash + 1);
module = modules.get(moduleId);
}
Probably I'll revisit it before sending some official patch.
Thanks!
Em qua., 16 de dez. de 2020 às 10:39, Jean-Louis Monteiro <
jlmonte...@tomitribe.com> escreveu:
> Hi Thiago,
>
> That is astonishing how deep you got in such a little amount of time.
> You have nothing to worry about or to be sorry about.
>
> We all truly appreciate the help.
>
> You are right on.
> Here are some pointers for debugging.
>
> Here is where we get notified by TCK stack about deployments and
> descriptors.
>
> https://github.com/apache/tomee-tck/blob/master/src/main/java/org/apache/openejb/cts/DeploymentImpl.java#L170
>
> L182, I added a hack the other day to support overriding the context from
> the sun descriptor.
> I acknowledge it was a hack but changing the DeployerEjb is a bit tricky
> and can break too many things
> A solution would be to fork it in TomEE TCK and clean it up so we can
> support all deployment descriptors for EAR, WAR packagings.
>
> We would use the TCK specific version to deploy and configure (finer).
>
> What do you think?
>
>
>
> --
> Jean-Louis Monteiro
> http://twitter.com/jlouismonteiro
> http://www.tomitribe.com
>
>
> On Wed, Dec 16, 2020 at 12:14 PM Thiago Henrique Hupner <thi...@gmail.com>
> wrote:
>
> > Hi all!
> >
> > I started taking a look to get a feeling of the whole process.
> > I guess I was able to configure the TCK because I'm able to use the
> > "runtests" script and debug in my IDE.
> >
> > So, as far as I could tell, there isn't any processing of security for
> any
> > sun-*.xml.
> >
> > Another thing that I noticed is that the
> > `webModule.getAltDDs().get("sun-web.xml");` is returning null. The
> process
> > of
> > including the in the "altDDs" (org.apache.openejb.assembler.DeployerEjb)
> is
> > trying to find the module
> > "servlet_ee_spec_security_runAs_second_module_web.war"
> > while the correct (I guess) is
> > "servlet_ee_spec_security_runAs_second_module_web" (because there's a
> entry
> > with this key).
> >
> > Sorry if I'm taking a lot of time to process all this information and
> thank
> > you for helping me.
> >
> > Em ter., 15 de dez. de 2020 às 12:41, Jonathan Gallimore <
> > jonathan.gallim...@gmail.com> escreveu:
> >
> > > There's a similar issue for some of the JAX-RS tests as well which I
> had
> > > been meaning to tackle in the same way - if you have some joy with the
> > > Servlet tests, you'll likely fix the JAX-RS tests too.
> > >
> > > Thanks for looking at this Thiago - let us know how you're getting on!
> > >
> > > Jon
> > >
> > > On Tue, Dec 15, 2020 at 1:02 PM Jean-Louis Monteiro <
> > > jlmonte...@tomitribe.com> wrote:
> > >
> > > > Hi Thiago,
> > > >
> > > > No the TCK setup is unfortunately a bit more complex.
> > > > You can have a look at the readme from this repo
> > > > https://github.com/apache/tomee-tck
> > > >
> > > > What I would recommend is either create a unit test in openejb-core
> to
> > > > reproduce the issue.
> > > > Or at least create an example (starting from
> > > examples/alternate-descriptors
> > > > is probably good).
> > > >
> > > > The TCK is very simple.
> > > > This is where you can find it
> > > >
> > > >
> > >
> >
> https://github.com/eclipse-ee4j/jakartaee-tck/tree/master/src/com/sun/ts/tests/servlet/ee/spec/security/runAs
> > > >
> > > > Basically ServletTwo is secured and called with a user j2ee with
> > > > Administrator role.
> > > > It has @RunAs("Manager"), so it can call the EJB with Manager
> > > > @RolesAllowed.
> > > >
> > > > The goal is to map j2ee with javajoe which has Manager role.
> > > > Check out the comments for the following method
> > > >
> > > >
> > >
> >
> https://github.com/eclipse-ee4j/jakartaee-tck/blob/master/src/com/sun/ts/tests/servlet/ee/spec/security/runAs/Client.java#L211
> > > >
> > > > If you want to go the junit simple test, have a look at
> > > >
> > > >
> > >
> >
> https://github.com/apache/tomee/tree/master/container/openejb-core/src/test/java/org/apache/openejb/config
> > > > You can find a couple of Sun...Test files.
> > > >
> > > > The goal is pretty simple in essence.
> > > > In here
> > > >
> > > >
> > >
> >
> https://github.com/apache/tomee/tree/master/container/openejb-jee/src/main/java/org/apache/openejb/jee
> > > > You have all descriptors supported.
> > > >
> > > > Under sun package, you will find deployment descriptors JAXB tree,
> for
> > > > instance to parse
> > > >
> > > >
> > >
> >
> https://github.com/eclipse-ee4j/jakartaee-tck/blob/master/src/com/sun/ts/tests/servlet/ee/spec/security/runAs/servlet_ee_spec_security_runAs_second_module_web.war.sun-web.xml
> > > > The role mapping is here
> > > >
> > > >
> > >
> >
> https://github.com/apache/tomee/blob/master/container/openejb-jee/src/main/java/org/apache/openejb/jee/sun/Servlet.java
> > > >
> > > > You need to convert to the JAXB tree under oejb3.
> > > > The role mapping is here
> > > >
> > > >
> > >
> >
> https://github.com/apache/tomee/blob/master/container/openejb-jee/src/main/java/org/apache/openejb/jee/oejb3/RoleMapping.java
> > > >
> > > > Small trick to solve, for glassfish the mapping is done from servlet
> > name
> > > > to principal.
> > > > For OpenEJB/TomEE the mapping is done from role to principal
> > > >
> > > > Hope it helps
> > > >
> > > > --
> > > > Jean-Louis Monteiro
> > > > http://twitter.com/jlouismonteiro
> > > > http://www.tomitribe.com
> > > >
> > > >
> > > > On Tue, Dec 15, 2020 at 1:46 PM Thiago Henrique Hupner <
> > thi...@gmail.com
> > > >
> > > > wrote:
> > > >
> > > > > I can have a look at the RunAs tests.
> > > > >
> > > > > I just want to know, if I make a change in the TomEE, using `mvn
> > clean
> > > > > install` would be enough to the tomee-tck use the new jars or
> > > > > do I need to setup anything else?
> > > > >
> > > > > Thanks
> > > > >
> > > > > Em ter., 15 de dez. de 2020 às 08:16, Jean-Louis Monteiro <
> > > > > jlmonte...@tomitribe.com> escreveu:
> > > > >
> > > > > > Hi community,
> > > > > >
> > > > > > I was working on the Servlet, I I have been able to bring it down
> > to
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> https://tck.work/tomee/tests?build=1607984842299&path=com.sun.ts.tests.servlet
> > > > > >
> > > > > > 22 remaining failures.
> > > > > >
> > > > > > Based on Tomcat's following page
> > > > > >
> https://cwiki.apache.org/confluence/display/TOMCAT/Servlet+TCK+4.0
> > > > > >
> > > > > > I added some excludes for tests which were fix because of known
> > bugs
> > > > > > See
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> https://github.com/apache/tomee-tck/blob/master/src/test/resources/ts.jtx#L24
> > > > > >
> > > > > > On the 22, we still have some pending tests as explained in the
> > > Tomcat
> > > > > > wiki.
> > > > > > I haven't excluded them because they aren't flagged as bugs on
> the
> > > TCK,
> > > > > so
> > > > > > until the challenge is accepted and fixed, we should leave them
> in
> > my
> > > > > > opinion.
> > > > > >
> > > > > > I'm trying to get some of the permission fixed as well by adding
> > the
> > > > > > security manager.
> > > > > >
> > > > > >
> > > > > > - com.sun.ts.tests.servlet.spec.security.clientcert.Client (1
> > > > > > failure)--> JDK issue fixed with 1.8u221 - I already updated
> the
> > > > > > certificates because they were expired
> > > > > > - com.sun.ts.tests.servlet.ee
> .spec.security.permissiondd.Client
> > > (14
> > > > > > failures) --> We need the security manager with Tomcat
> > > > > > - com.sun.ts.tests.servlet.ee.spec.security.runAs.Client (2
> > > > failures)
> > > > > > --> we need a role mapping so user can switch from j2ee to
> > > javajoe.
> > > > We
> > > > > > do
> > > > > > support role mapping but with openejb-jar.xml (not standard
> way
> > -
> > > > each
> > > > > > container has its own). As the TCK provides Glassfish role
> > mapping
> > > > > > already,
> > > > > > we should be able to easily pass this by just improving the
> > > > > > SunConversion
> > > > > > class to read and map the roles to our internal model.
> > > > > > - com.sun.ts.tests.servlet.api.javax_servlet.srevent.URLClient
> > (1
> > > > > > failure)
> > > > > > -
> > > com.sun.ts.tests.servlet.api.javax_servlet.asynccontext.URLClient
> > > > (2
> > > > > > failures)
> > > > > > - com.sun.ts.tests.servlet.spec.security.secbasic.Client (2
> > > > failures)
> > > > > > --> known. Under discussion
> > > > > >
> > > > > > If someone wants to take the RunAs, it's an easy one to do. I can
> > > > provide
> > > > > > some guidance.
> > > > > >
> > > > > > --
> > > > > > Jean-Louis Monteiro
> > > > > > http://twitter.com/jlouismonteiro
> > > > > > http://www.tomitribe.com
> > > > > >
> > > > >
> > > >
> > >
> >
>
