User: starksm
Date: 01/06/12 00:58:41
Modified: src/main/org/jboss/test/security/test TestEJBSpec.java
Log:
Add tests of the EJB2.0 unchecked and exclude-list permission elements
Revision Changes Path
1.4 +60 -4 jbosstest/src/main/org/jboss/test/security/test/TestEJBSpec.java
Index: TestEJBSpec.java
===================================================================
RCS file:
/cvsroot/jboss/jbosstest/src/main/org/jboss/test/security/test/TestEJBSpec.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- TestEJBSpec.java 2001/05/22 03:21:00 1.3
+++ TestEJBSpec.java 2001/06/12 07:58:41 1.4
@@ -14,8 +14,8 @@
/** Test of EJB spec conformace using the security-spec.jar
deployment unit.
-@author [EMAIL PROTECTED]
-@version $Revision: 1.3 $
+@author [EMAIL PROTECTED]
+@version $Revision: 1.4 $
*/
public class TestEJBSpec extends junit.framework.TestCase
{
@@ -127,15 +127,71 @@
bean.remove();
}
+ /** Test that a user with a role that has not been assigned any
+ method permissions in the ejb-jar descriptor is able to access a
+ method that has been marked as unchecked.
+ */
+ public void testUnchecked() throws Exception
+ {
+ // Login as scott to create the bean
+ login();
+ InitialContext jndiContext = new InitialContext();
+ Object obj = jndiContext.lookup("spec.StatelessSession");
+ obj = PortableRemoteObject.narrow(obj, StatelessSessionHome.class);
+ StatelessSessionHome home = (StatelessSessionHome) obj;
+ System.out.println("Found spec.StatelessSession Home");
+ StatelessSession bean = home.create();
+ System.out.println("Created spec.StatelessSession");
+ // Logout and login back in as stark to test access to the unchecked method
+ logout();
+ login("stark", "javaman".toCharArray());
+ bean.unchecked();
+ System.out.println("Called Bean.unchecked()");
+ logout();
+ }
+
+ /** Test that user scott who has the Echo role is not able to
+ access the StatelessSession2.excluded method even though
+ the Echo role has been granted access to all methods of
+ StatelessSession2 to test that the excluded-list takes
+ precendence over the method-permissions.
+ */
+ public void testExcluded() throws Exception
+ {
+ System.out.println("+++ testExcluded");
+ login();
+ InitialContext jndiContext = new InitialContext();
+ Object obj = jndiContext.lookup("spec.StatelessSession2");
+ obj = PortableRemoteObject.narrow(obj, StatelessSessionHome.class);
+ StatelessSessionHome home = (StatelessSessionHome) obj;
+ System.out.println("Found spec.StatelessSession2 Home");
+ StatelessSession bean = home.create();
+ System.out.println("Created spec.StatelessSession2");
+ try
+ {
+ bean.excluded();
+ fail("Was able to call Bean.excluded()");
+ }
+ catch(Exception e)
+ {
+ System.out.println("Bean.excluded() failed as expected");
+ // This is what we expect
+ }
+ logout();
+ }
+
/** Login as user scott using the conf.name login config or
- 'other' if conf.name is not defined.
+ 'spec-test' if conf.name is not defined.
*/
private void login() throws Exception
{
+ login(username, password);
+ }
+ private void login(String username, char[] password) throws Exception
+ {
if( loggedIn )
return;
- loggedIn = false;
lc = null;
String confName = System.getProperty("conf.name", "spec-test");
AppCallbackHandler handler = new AppCallbackHandler(username, password);
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-development
