I know this whole thing isn't done very well - at least, I'm not completely comfortably with the ways I did something of the things.
On of them specifically is the way I did the "securityRole" option. What I'm doing is setting a system property right before I create the InitialContext. It's bad practice, and this exception is a prime example of why it's bad practice. If anyone has a better idea about how to get a role configured, please let me know. The basic idea currently is this 1. I read the securityRole option and notice it's not empty 2. I set the Context.SECURITY_PRINCIPLE, Context.SECURITY_CREDENTIALS and "org.apache.openejb.realm" properties. The realm is set to "OpenEjbJunitSecurityRealm". 3. Right before I create the InitialContext, I set the login module system property, to point to the login configuration file in the runner's classpath under /META-INF/openejb-test-login.config 4. This login configuration has reference to a single login module "OpenEjbJunitSecurityRealm", which points to a LoginModule implementation that does a "fake" login for purposes of authorization the role specified in the "securityRole" option. If there is a better way of getting the login module through, or another way of achieving the same, please let me know. Thanks, Quintin Beukes On Mon, Sep 28, 2009 at 11:13 AM, Quintin Beukes <[email protected]> wrote: > Hey, > > It looks like it's not picking up the login module I configured. Which is odd. > > How did you run it? You just initiate the maven build with "mvn install" ? > > Secondly, you have the latest OpenEJB 3.1.2 snapshot in your repo? > > The way I configure the login module is by setting the system property > (can't recall it's name) in the OpenEjbTestContext class. It's the > only System.setProperty call there is. So what could happen is that it > doesn't locate the login.conf I'm specifying, it's not running the > call, or OpenEJB is ignoring the property. > > Quintin Beukes > > > > On Mon, Sep 28, 2009 at 12:55 AM, Jonathan Gallimore > <[email protected]> wrote: >> Just had a quick play with this, it looks really nice. Thanks for a great >> contribution. I think it would be good to get this added to subversion and >> some info up on the website. I'm happy to get this in, anyone got any >> thoughts about where it goes (under openejb3 or somewhere else)? >> >> One problem I did run into was this error running the TestEjbSecurity test >> case: >> >> java.lang.RuntimeException: Failed to configure object. >> at >> org.apache.openejb.junit.context.OpenEjbTestContext.configureTest(OpenEjbTestContext.java:109) >> at >> org.apache.openejb.junit.context.ContextWrapperStatement.evaluate(ContextWrapperStatement.java:44) >> at >> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:73) >> at >> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:46) >> at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:180) >> at org.junit.runners.ParentRunner.access$000(ParentRunner.java:41) >> at org.junit.runners.ParentRunner$1.evaluate(ParentRunner.java:173) >> at >> org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:28) >> at >> org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:31) >> at org.junit.runners.ParentRunner.run(ParentRunner.java:220) >> at org.apache.openejb.junit.OpenEjbRunner.run(OpenEjbRunner.java:133) >> at >> org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:46) >> at >> org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38) >> at >> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:467) >> at >> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:683) >> at >> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:390) >> at >> org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:197) >> Caused by: javax.naming.AuthenticationException: User could not be >> authenticated: RoleA [Root exception is >> javax.security.auth.login.LoginException: No LoginModules configured for >> OpenEjbJunitSecurityRealm] >> at >> org.apache.openejb.client.LocalInitialContext.login(LocalInitialContext.java:127) >> at >> org.apache.openejb.client.LocalInitialContext.<init>(LocalInitialContext.java:77) >> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) >> at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source) >> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown >> Source) >> at java.lang.reflect.Constructor.newInstance(Unknown Source) >> at >> org.apache.openejb.client.LocalInitialContextFactory.getLocalInitialContext(LocalInitialContextFactory.java:86) >> at >> org.apache.openejb.client.LocalInitialContextFactory.getInitialContext(LocalInitialContextFactory.java:43) >> at javax.naming.spi.NamingManager.getInitialContext(Unknown Source) >> at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source) >> at javax.naming.InitialContext.init(Unknown Source) >> at javax.naming.InitialContext.<init>(Unknown Source) >> at >> org.apache.openejb.junit.context.OpenEjbTestContext.getInitialContext(OpenEjbTestContext.java:130) >> at >> org.apache.openejb.junit.context.OpenEjbTestContext.configureTest(OpenEjbTestContext.java:97) >> ... 16 more >> Caused by: javax.security.auth.login.LoginException: No LoginModules >> configured for OpenEjbJunitSecurityRealm >> at javax.security.auth.login.LoginContext.init(Unknown Source) >> at javax.security.auth.login.LoginContext.<init>(Unknown Source) >> at >> org.apache.openejb.core.security.SecurityServiceImpl.login(SecurityServiceImpl.java:74) >> at >> org.apache.openejb.core.security.SecurityServiceImpl.login(SecurityServiceImpl.java:35) >> at >> org.apache.openejb.client.LocalInitialContext.login(LocalInitialContext.java:123) >> ... 29 more >> >> >> I guess there's something extra I need in my setup, any thoughts? (I admit I >> haven't tried particularly hard to troubleshoot it yet - its getting late, >> but I'll have another go tomorrow!), >> >> Cheers >> >> Jon >> >> On Sun, Sep 27, 2009 at 8:16 PM, Quintin Beukes <[email protected]> wrote: >> >>> Hey, >>> >>> The previous runner I started modifying extensively to customize for >>> our company's tests. I already had a small testing framework for the >>> tests, which used Spring to initial OpenEJB and do the lookups. I >>> changed this to use the runner technique. >>> >>> Then over the weekend I decided to extract the runner code into an >>> openejb-junit project, and make it extensible so I could use the >>> library's code and only extend to give our tests the same >>> functionality. >>> >>> This is what I came up with: >>> https://issues.apache.org/jira/browse/OPENEJB-1078 >>> >>> The JUnit tests demonstrate it's behaviour. These 3 tests are the best >>> examples: >>> org.apache.openejb.junit.TestEjbBasic >>> org.apache.openejb.junit.TestEjbSecurity >>> org.apache.openejb.junit.TestDualConfigOverride >>> >>> It supports class level configuration of the InitialContext, and then >>> method specific configurations. You can configure the InitialContext >>> from a file, or by directly specifying properties. You can have >>> OpenEJB do any of it's supported injections, or you can have the >>> runner inject the InitialContext (or it's initialization Properties >>> object) and do your own lookups. You can specify as which role to load >>> the InitialContext (basically a RunAs). >>> >>> I'm planning on doing resource configurations, such as datasources. >>> Any other suggestions, please throw them my way. And please send me >>> feedback. So far it's working very well for my tests. I have yet to >>> complete the spring modification, but for those tests which don't >>> require it, it works very well. Especially the role tests. >>> >>> Not that it still doesn't support JUnit 3. If you require JUnit 3, let >>> me know and I'll prioritize implementing JUnit 3 support. >>> >>> An basic example would be the following: >>> @RunWith(OpenEjbRunner.class) >>> @ContextConfig( >>> properties={ >>> >>> �...@property("java.naming.factory.initial=org.apache.openejb.client.LocalInitialContextFactory") >>> } >>> ) >>> @LocalClient >>> public class TestEjbSecurity >>> { >>> �...@ejb >>> private MyBusinessBean myBean; >>> >>> �...@testresource >>> private InitialContext currentInitialContext; >>> >>> �...@test >>> �...@contextconfig( >>> securityRole="Admin" >>> ) >>> public void testAsAdmin() >>> { >>> myBean.someMethod(); >>> currentInitialContext.lookup("some/custom/lookup"); >>> } >>> >>> �...@test >>> �...@contextconfig( >>> propertiesFile="/META-INF/employee-context.properties", >>> securityRole="Employe" >>> ) >>> public void testAsEmployee() >>> { >>> myBean.someMethod(); >>> } >>> } >>> >>> Quintin Beukes >>> >> >
