Return-Path: X-Original-To: apmail-tomee-commits-archive@www.apache.org Delivered-To: apmail-tomee-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D64EDC433 for ; Fri, 9 Jan 2015 11:31:50 +0000 (UTC) Received: (qmail 43452 invoked by uid 500); 9 Jan 2015 11:31:52 -0000 Delivered-To: apmail-tomee-commits-archive@tomee.apache.org Received: (qmail 43430 invoked by uid 500); 9 Jan 2015 11:31:52 -0000 Mailing-List: contact commits-help@tomee.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@tomee.apache.org Delivered-To: mailing list commits@tomee.apache.org Received: (qmail 43421 invoked by uid 99); 9 Jan 2015 11:31:52 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 09 Jan 2015 11:31:52 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id CBEBE92B993; Fri, 9 Jan 2015 11:31:51 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: jlmonteiro@apache.org To: commits@tomee.apache.org Message-Id: <5a6fca1f79a24f02b5130ef328779e28@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: tomee git commit: Adding an example for the CDI event based realm Date: Fri, 9 Jan 2015 11:31:51 +0000 (UTC) Repository: tomee Updated Branches: refs/heads/tomee-1.7.x b9b100865 -> 6aa4afab5 Adding an example for the CDI event based realm Project: http://git-wip-us.apache.org/repos/asf/tomee/repo Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/6aa4afab Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/6aa4afab Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/6aa4afab Branch: refs/heads/tomee-1.7.x Commit: 6aa4afab5cd48a07133bb3950dc8f54140f60dc2 Parents: b9b1008 Author: Jean-Louis Monteiro Authored: Fri Jan 9 12:31:34 2015 +0100 Committer: Jean-Louis Monteiro Committed: Fri Jan 9 12:31:42 2015 +0100 ---------------------------------------------------------------------- examples/cdi-event-realm/pom.xml | 143 ++++++++++++++++++ .../src/main/java/org/superbiz/AuthBean.java | 46 ++++++ .../main/java/org/superbiz/HelloServlet.java | 22 +++ .../main/java/org/superbiz/LoginServlet.java | 31 ++++ .../src/main/resources/META-INF/beans.xml | 22 +++ .../src/main/webapp/META-INF/context.xml | 23 +++ .../java/org/superbiz/CdiEventRealmTest.java | 148 +++++++++++++++++++ .../src/test/resources/arquillian.xml | 31 ++++ examples/pom.xml | 1 + 9 files changed, 467 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/tomee/blob/6aa4afab/examples/cdi-event-realm/pom.xml ---------------------------------------------------------------------- diff --git a/examples/cdi-event-realm/pom.xml b/examples/cdi-event-realm/pom.xml new file mode 100644 index 0000000..147156c --- /dev/null +++ b/examples/cdi-event-realm/pom.xml @@ -0,0 +1,143 @@ + + + 4.0.0 + org.superbiz + cdi-event-realm + war + 1.1.1-SNAPSHOT + OpenEJB :: Web Examples :: CDI Event based realm + + + UTF-8 + 4.7.2-SNAPSHOT + 1.7.2-SNAPSHOT + 7.0.57 + + + + install + + + org.apache.maven.plugins + maven-compiler-plugin + 3.1 + + 1.6 + 1.6 + + + + org.apache.maven.plugins + maven-war-plugin + 2.3 + + false + + + + org.apache.openejb.maven + tomee-maven-plugin + ${tomee.version} + + + + + + + apache-m2-snapshot + Apache Snapshot Repository + http://repository.apache.org/snapshots + + + tomcat-m2-repo + Tomcat Dev Repository + http://tomcat.apache.org/dev/dist/m2-repository/ + + + + + + apache-m2-snapshot + Apache Snapshot Repository + http://repository.apache.org/snapshots + + + + + + org.apache.openejb + javaee-api + 6.0-6 + provided + + + junit + junit + 4.11 + test + + + + org.apache.openejb + tomee-catalina + ${tomee.version} + provided + + + org.apache.tomcat + tomcat-catalina + ${tomcat.version} + provided + + + + + org.apache.openejb + arquillian-tomee-embedded + ${tomee.version} + test + + + org.apache.openejb + ziplock + ${tomee.version} + test + + + junit + junit + 4.11 + test + + + commons-io + commons-io + 2.0.1 + test + + + org.apache.httpcomponents + httpclient + 4.3.6 + test + + + + + + + + local-release-repo + file://${project.build.outputDirectory}/repo/ + + + local-snapshot-repo + file://${project.build.outputDirectory}/repo/ + + + http://git-wip-us.apache.org/repos/asf/tomee/blob/6aa4afab/examples/cdi-event-realm/src/main/java/org/superbiz/AuthBean.java ---------------------------------------------------------------------- diff --git a/examples/cdi-event-realm/src/main/java/org/superbiz/AuthBean.java b/examples/cdi-event-realm/src/main/java/org/superbiz/AuthBean.java new file mode 100644 index 0000000..dc91b83 --- /dev/null +++ b/examples/cdi-event-realm/src/main/java/org/superbiz/AuthBean.java @@ -0,0 +1,46 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.superbiz; + +import org.apache.catalina.realm.GenericPrincipal; +import org.apache.tomee.catalina.realm.event.UserPasswordAuthenticationEvent; + +import javax.enterprise.context.RequestScoped; +import javax.enterprise.event.Observes; +import java.util.Arrays; + +@RequestScoped +public class AuthBean { + + public void authenticate(@Observes final UserPasswordAuthenticationEvent event) { + final String username = event.getUsername(); + final String password = event.getCredential(); + + if (!"secret".equals(password)) return; + + if ("userA".equals(username)) { + event.setPrincipal(new GenericPrincipal(username, "", Arrays.asList("admin", "user"))); + + } else if ("userB".equals(username)) { + event.setPrincipal(new GenericPrincipal(username, "", Arrays.asList("user"))); + + } + + // no else, the user is not going to be authenticated + } + +} http://git-wip-us.apache.org/repos/asf/tomee/blob/6aa4afab/examples/cdi-event-realm/src/main/java/org/superbiz/HelloServlet.java ---------------------------------------------------------------------- diff --git a/examples/cdi-event-realm/src/main/java/org/superbiz/HelloServlet.java b/examples/cdi-event-realm/src/main/java/org/superbiz/HelloServlet.java new file mode 100644 index 0000000..c0a0389 --- /dev/null +++ b/examples/cdi-event-realm/src/main/java/org/superbiz/HelloServlet.java @@ -0,0 +1,22 @@ +package org.superbiz; + +import javax.servlet.ServletException; +import javax.servlet.annotation.HttpConstraint; +import javax.servlet.annotation.ServletSecurity; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +@WebServlet("/hello") +@ServletSecurity(@HttpConstraint(rolesAllowed = {"admin"})) +public class HelloServlet extends HttpServlet { + + @Override + protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException { + resp.setContentType("plain/text"); + resp.getWriter().write("Hello world!"); + } + +} http://git-wip-us.apache.org/repos/asf/tomee/blob/6aa4afab/examples/cdi-event-realm/src/main/java/org/superbiz/LoginServlet.java ---------------------------------------------------------------------- diff --git a/examples/cdi-event-realm/src/main/java/org/superbiz/LoginServlet.java b/examples/cdi-event-realm/src/main/java/org/superbiz/LoginServlet.java new file mode 100644 index 0000000..0346c59 --- /dev/null +++ b/examples/cdi-event-realm/src/main/java/org/superbiz/LoginServlet.java @@ -0,0 +1,31 @@ +package org.superbiz; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +@WebServlet("/login") +public class LoginServlet extends HttpServlet { + + @Override + protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException { + final String username = req.getParameter("username"); + final String password = req.getParameter("password"); + + try { + // create a session + req.getSession(true); + + // login + req.login(username, password); + + } catch (final ServletException se) { + resp.sendError(HttpServletResponse.SC_UNAUTHORIZED); + return; + } + } + +} http://git-wip-us.apache.org/repos/asf/tomee/blob/6aa4afab/examples/cdi-event-realm/src/main/resources/META-INF/beans.xml ---------------------------------------------------------------------- diff --git a/examples/cdi-event-realm/src/main/resources/META-INF/beans.xml b/examples/cdi-event-realm/src/main/resources/META-INF/beans.xml new file mode 100644 index 0000000..4692869 --- /dev/null +++ b/examples/cdi-event-realm/src/main/resources/META-INF/beans.xml @@ -0,0 +1,22 @@ + + + + http://git-wip-us.apache.org/repos/asf/tomee/blob/6aa4afab/examples/cdi-event-realm/src/main/webapp/META-INF/context.xml ---------------------------------------------------------------------- diff --git a/examples/cdi-event-realm/src/main/webapp/META-INF/context.xml b/examples/cdi-event-realm/src/main/webapp/META-INF/context.xml new file mode 100644 index 0000000..3ca5ef4 --- /dev/null +++ b/examples/cdi-event-realm/src/main/webapp/META-INF/context.xml @@ -0,0 +1,23 @@ + + + + + + + http://git-wip-us.apache.org/repos/asf/tomee/blob/6aa4afab/examples/cdi-event-realm/src/test/java/org/superbiz/CdiEventRealmTest.java ---------------------------------------------------------------------- diff --git a/examples/cdi-event-realm/src/test/java/org/superbiz/CdiEventRealmTest.java b/examples/cdi-event-realm/src/test/java/org/superbiz/CdiEventRealmTest.java new file mode 100644 index 0000000..4732b59 --- /dev/null +++ b/examples/cdi-event-realm/src/test/java/org/superbiz/CdiEventRealmTest.java @@ -0,0 +1,148 @@ +package org.superbiz; + +import org.apache.http.NameValuePair; +import org.apache.http.client.entity.UrlEncodedFormEntity; +import org.apache.http.client.methods.CloseableHttpResponse; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.client.methods.HttpPost; +import org.apache.http.impl.client.BasicCookieStore; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.HttpClients; +import org.apache.http.message.BasicNameValuePair; +import org.apache.http.util.EntityUtils; +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.junit.Arquillian; +import org.jboss.arquillian.test.api.ArquillianResource; +import org.jboss.shrinkwrap.api.ShrinkWrap; +import org.jboss.shrinkwrap.api.asset.EmptyAsset; +import org.jboss.shrinkwrap.api.asset.FileAsset; +import org.jboss.shrinkwrap.api.spec.WebArchive; +import org.junit.Test; +import org.junit.runner.RunWith; + +import java.io.File; +import java.io.IOException; +import java.net.URL; +import java.util.ArrayList; +import java.util.List; + +import static org.junit.Assert.assertEquals; + +@RunWith(Arquillian.class) +public class CdiEventRealmTest { + + @Deployment(testable = false) + public static WebArchive war() { + return ShrinkWrap.create(WebArchive.class, "event-realm.war") + .addClasses(AuthBean.class, HelloServlet.class, LoginServlet.class) + .addAsManifestResource(new FileAsset(new File("src/main/webapp/META-INF/context.xml")), "context.xml") + .addAsWebInfResource(EmptyAsset.INSTANCE, "beans.xml"); + } + + @ArquillianResource + private URL webapp; + + @Test + public void notAuthenticated() throws IOException { + final CloseableHttpClient client = HttpClients.createDefault(); + + final HttpGet httpGet = new HttpGet(webapp.toExternalForm() + "hello"); + final CloseableHttpResponse resp = client.execute(httpGet); + try { + // Without login, it fails with a 403, not authorized + assertEquals(403, resp.getStatusLine().getStatusCode()); + + } finally { + resp.close(); + } + } + + @Test + public void badAuthentication() throws IOException { + final CloseableHttpClient client = HttpClients.createDefault(); + + // first authenticate with the login servlet + final HttpPost httpPost = new HttpPost(webapp.toExternalForm() + "login"); + final List data = new ArrayList() {{ + add(new BasicNameValuePair("username", "userB")); + add(new BasicNameValuePair("password", "bla bla")); + }}; + httpPost.setEntity(new UrlEncodedFormEntity(data)); + final CloseableHttpResponse respLogin = client.execute(httpPost); + try { + assertEquals(401, respLogin.getStatusLine().getStatusCode()); + + } finally { + respLogin.close(); + } + } + + @Test + public void notAuthorized() throws IOException { + final BasicCookieStore cookieStore = new BasicCookieStore(); + final CloseableHttpClient client = HttpClients.custom() + .setDefaultCookieStore(cookieStore) + .build(); + + // first authenticate with the login servlet + final HttpPost httpPost = new HttpPost(webapp.toExternalForm() + "login"); + final List data = new ArrayList() {{ + add(new BasicNameValuePair("username", "userB")); + add(new BasicNameValuePair("password", "secret")); + }}; + httpPost.setEntity(new UrlEncodedFormEntity(data)); + final CloseableHttpResponse respLogin = client.execute(httpPost); + try { + assertEquals(200, respLogin.getStatusLine().getStatusCode()); + + } finally { + respLogin.close(); + } + + // then we can just call the hello servlet + final HttpGet httpGet = new HttpGet(webapp.toExternalForm() + "hello"); + final CloseableHttpResponse resp = client.execute(httpGet); + try { + assertEquals(403, resp.getStatusLine().getStatusCode()); + + } finally { + resp.close(); + } + } + + @Test + public void success() throws IOException { + final BasicCookieStore cookieStore = new BasicCookieStore(); + final CloseableHttpClient client = HttpClients.custom() + .setDefaultCookieStore(cookieStore) + .build(); + + // first authenticate with the login servlet + final HttpPost httpPost = new HttpPost(webapp.toExternalForm() + "login"); + final List data = new ArrayList() {{ + add(new BasicNameValuePair("username", "userA")); + add(new BasicNameValuePair("password", "secret")); + }}; + httpPost.setEntity(new UrlEncodedFormEntity(data)); + final CloseableHttpResponse respLogin = client.execute(httpPost); + try { + assertEquals(200, respLogin.getStatusLine().getStatusCode()); + + } finally { + respLogin.close(); + } + + // then we can just call the hello servlet + final HttpGet httpGet = new HttpGet(webapp.toExternalForm() + "hello"); + final CloseableHttpResponse resp = client.execute(httpGet); + try { + assertEquals(200, resp.getStatusLine().getStatusCode()); + System.out.println(EntityUtils.toString(resp.getEntity())); + + } finally { + resp.close(); + } + } + + +} http://git-wip-us.apache.org/repos/asf/tomee/blob/6aa4afab/examples/cdi-event-realm/src/test/resources/arquillian.xml ---------------------------------------------------------------------- diff --git a/examples/cdi-event-realm/src/test/resources/arquillian.xml b/examples/cdi-event-realm/src/test/resources/arquillian.xml new file mode 100644 index 0000000..5dd9613 --- /dev/null +++ b/examples/cdi-event-realm/src/test/resources/arquillian.xml @@ -0,0 +1,31 @@ + + + + + + -1 + -1 + -1 + target/tomee + target/arquillian-dump-dir + + + http://git-wip-us.apache.org/repos/asf/tomee/blob/6aa4afab/examples/pom.xml ---------------------------------------------------------------------- diff --git a/examples/pom.xml b/examples/pom.xml index a286ad6..4ae1977 100644 --- a/examples/pom.xml +++ b/examples/pom.xml @@ -157,6 +157,7 @@ webservice-holder moviefun moviefun-rest + cdi-event-realm