├── .gitignore ├── CONTRIBUTING.md ├── LICENSE.md ├── NOTICE.md ├── README.md ├── api ├── .gitignore ├── pom.xml └── src │ └── main │ ├── java │ ├── jakarta │ │ └── security │ │ │ └── jacc │ │ │ ├── EJBMethodPermission.java │ │ │ ├── EJBRoleRefPermission.java │ │ │ ├── HttpMethodSpec.java │ │ │ ├── Policy.java │ │ │ ├── PolicyConfiguration.java │ │ │ ├── PolicyConfigurationFactory.java │ │ │ ├── PolicyContext.java │ │ │ ├── PolicyContextException.java │ │ │ ├── PolicyContextHandler.java │ │ │ ├── PolicyFactory.java │ │ │ ├── PrincipalMapper.java │ │ │ ├── URLPattern.java │ │ │ ├── URLPatternSpec.java │ │ │ ├── WebResourcePermission.java │ │ │ ├── WebRoleRefPermission.java │ │ │ ├── WebUserDataPermission.java │ │ │ └── package.html │ └── module-info.java │ ├── javadoc │ └── doc-files │ │ └── speclicense.html │ └── resources │ └── exclude-common.xml ├── pom.xml ├── spec ├── README.md ├── assembly.xml ├── pom.xml └── src │ ├── main │ ├── asciidoc │ │ ├── authorization-spec.adoc │ │ ├── chapters │ │ │ ├── 1_overview.adoc │ │ │ ├── 2_provider-configuration.adoc │ │ │ ├── 3_policy-configuration.adoc │ │ │ ├── 4_policy-decision.adoc │ │ │ ├── 5_legacy_support.adoc │ │ │ ├── a_related-documents.adoc │ │ │ ├── b_issues.adoc │ │ │ └── c_revision-history.adoc │ │ ├── footnotes.txt │ │ ├── images │ │ │ ├── PolicyConfigurationStateTable.png │ │ │ ├── authz-1.png │ │ │ ├── authz-1.svg │ │ │ ├── authz-3.png │ │ │ ├── authz-4.png │ │ │ ├── authz.png │ │ │ └── jakarta_ee_logo_schooner_color_stacked_default.png │ │ ├── license-efsl.adoc │ │ ├── preface.adoc │ │ └── scope.adoc │ └── theme │ │ └── jakartaee-theme.yml │ └── theme │ └── jakartaee-theme.yml ├── tck-dist ├── README.md ├── pom.xml ├── src │ └── main │ │ ├── EFTL.txt │ │ └── assembly │ │ └── assembly.xml └── userguide │ ├── README.md │ ├── pom.xml │ └── src │ ├── main │ └── jbake │ │ ├── assets │ │ ├── README.md │ │ ├── _config.yml │ │ ├── css │ │ │ └── style.css │ │ └── img │ │ │ └── eclipse_foundation_logo_tiny.png │ │ ├── content │ │ ├── README │ │ ├── attributes.conf │ │ ├── config.adoc │ │ ├── config.inc │ │ ├── debug-tips.inc │ │ ├── debug.adoc │ │ ├── defns.inc │ │ ├── faq.adoc │ │ ├── install-server-vi.inc │ │ ├── install-server.inc │ │ ├── install.adoc │ │ ├── intro.adoc │ │ ├── intro.inc │ │ ├── packages.inc │ │ ├── platforms.inc │ │ ├── preface.adoc │ │ ├── rebuild.adoc │ │ ├── rebuild.inc │ │ ├── req-software.inc │ │ ├── rules.adoc │ │ ├── rules.inc │ │ ├── tck-packages.inc │ │ ├── title.adoc │ │ ├── title.inc │ │ ├── toc.adoc │ │ ├── using-examples.inc │ │ ├── using.adoc │ │ └── using.inc │ │ ├── jbake.properties │ │ └── templates │ │ ├── footer.ftl │ │ ├── header.ftl │ │ ├── menu.ftl │ │ └── page.ftl │ └── theme │ └── jakartaee-theme.yml └── tck ├── .mvn └── keepme ├── app-custom-policy ├── pom.xml └── src │ ├── main │ ├── java │ │ └── ee │ │ │ └── jakarta │ │ │ └── tck │ │ │ └── authorization │ │ │ └── test │ │ │ ├── PolicyRegistrationListener.java │ │ │ ├── ProtectedServlet.java │ │ │ └── TestPolicy.java │ └── webapp │ │ └── WEB-INF │ │ ├── beans.xml │ │ └── web.xml │ └── test │ └── java │ └── ee │ └── jakarta │ └── tck │ └── authorization │ └── test │ └── AppCustomPolicyIT.java ├── app-custom-policy2 ├── pom.xml └── src │ ├── main │ ├── java │ │ └── ee │ │ │ └── jakarta │ │ │ └── tck │ │ │ └── authorization │ │ │ └── test │ │ │ ├── PolicyRegistrationListener.java │ │ │ ├── ProtectedServlet.java │ │ │ └── TestPolicy.java │ └── webapp │ │ └── WEB-INF │ │ ├── beans.xml │ │ └── web.xml │ └── test │ └── java │ └── ee │ └── jakarta │ └── tck │ └── authorization │ └── test │ └── AppCustomPolicy2IT.java ├── app-custom-policyfactory ├── pom.xml └── src │ ├── main │ ├── java │ │ └── ee │ │ │ └── jakarta │ │ │ └── tck │ │ │ └── authorization │ │ │ └── test │ │ │ ├── ProtectedServlet.java │ │ │ ├── TestPolicy.java │ │ │ └── TestPolicyFactory.java │ └── webapp │ │ └── WEB-INF │ │ ├── beans.xml │ │ └── web.xml │ └── test │ └── java │ └── ee │ └── jakarta │ └── tck │ └── authorization │ └── test │ └── AppCustomPolicyFactoryIT.java ├── app-custom-trace-policy ├── pom.xml └── src │ ├── main │ ├── java │ │ └── ee │ │ │ └── jakarta │ │ │ └── tck │ │ │ └── authorization │ │ │ └── test │ │ │ ├── PolicyRegistrationListener.java │ │ │ └── TSPolicy.java │ └── webapp │ │ ├── WEB-INF │ │ ├── beans.xml │ │ └── web.xml │ │ └── secured.jsp │ └── test │ └── java │ └── ee │ └── jakarta │ └── tck │ └── authorization │ └── test │ └── AppCustomTracePolicyIT.java ├── app-custom-trace-policyconfiguration ├── pom.xml └── src │ ├── main │ ├── java │ │ └── ee │ │ │ └── jakarta │ │ │ └── tck │ │ │ └── authorization │ │ │ └── test │ │ │ ├── TSPolicyConfigurationFactoryImpl.java │ │ │ └── TSPolicyConfigurationImpl.java │ └── webapp │ │ ├── WEB-INF │ │ ├── beans.xml │ │ └── web.xml │ │ ├── accesstoall.jsp │ │ ├── anyauthuser.jsp │ │ ├── excluded.jsp │ │ ├── secured.jsp │ │ ├── sslprotected.jsp │ │ └── unchecked.jsp │ └── test │ └── java │ └── ee │ └── jakarta │ └── tck │ └── authorization │ └── test │ └── AppCustomTracePolicyConfigurationIT.java ├── app-custom-trace-policyconfigurationfactory ├── pom.xml └── src │ ├── main │ ├── java │ │ └── ee │ │ │ └── jakarta │ │ │ └── tck │ │ │ └── authorization │ │ │ └── test │ │ │ ├── PublicServlet.java │ │ │ └── TSPolicyConfigurationFactoryImpl.java │ └── webapp │ │ └── WEB-INF │ │ ├── beans.xml │ │ └── web.xml │ └── test │ └── java │ └── ee │ └── jakarta │ └── tck │ └── authorization │ └── test │ └── AppCustomTracePolicyConfigurationFactoryIT.java ├── app-ejb-constraints ├── pom.xml └── src │ ├── main │ ├── java │ │ └── ee │ │ │ └── jakarta │ │ │ └── tck │ │ │ └── authorization │ │ │ └── test │ │ │ ├── InterMediate.java │ │ │ ├── InterMediateBean.java │ │ │ ├── ProtectedServlet.java │ │ │ ├── Target.java │ │ │ └── TargetBean.java │ └── webapp │ │ └── WEB-INF │ │ ├── beans.xml │ │ └── web.xml │ └── test │ └── java │ └── ee │ └── jakarta │ └── tck │ └── authorization │ └── test │ └── AppEJBConstraintsIT.java ├── app-permissions-equals-hashcode ├── pom.xml └── src │ ├── main │ └── java │ │ └── ee │ │ └── jakarta │ │ └── tck │ │ └── authorization │ │ └── test │ │ └── PublicServlet.java │ └── test │ └── java │ └── ee │ └── jakarta │ └── tck │ └── authorization │ └── test │ └── AppPermissionsEqualsHashcodeIT.java ├── app-policy-within-servlet ├── pom.xml └── src │ ├── main │ ├── java │ │ └── ee │ │ │ └── jakarta │ │ │ └── tck │ │ │ └── authorization │ │ │ └── test │ │ │ └── ProtectedServlet.java │ └── webapp │ │ └── WEB-INF │ │ ├── beans.xml │ │ └── web.xml │ └── test │ └── java │ └── ee │ └── jakarta │ └── tck │ └── authorization │ └── test │ └── AppPolicyWithinServletIT.java ├── app-servlet-constraints ├── pom.xml └── src │ ├── main │ └── webapp │ │ ├── WEB-INF │ │ ├── beans.xml │ │ └── web.xml │ │ ├── accesstoall.jsp │ │ ├── anyauthuser.jsp │ │ ├── excluded.jsp │ │ ├── secured.jsp │ │ ├── sslprotected.jsp │ │ └── unchecked.jsp │ └── test │ └── java │ └── ee │ └── jakarta │ └── tck │ └── authorization │ └── test │ └── AppServletConstraintsIT.java ├── authorization-signaturegen └── pom.xml ├── authorization-signaturetest ├── pom.xml └── src │ └── test │ ├── java │ └── ee │ │ └── jakarta │ │ └── tck │ │ └── authorization │ │ └── signaturetest │ │ ├── AuthorizationSigTestIT.java │ │ ├── PackageList.java │ │ ├── README │ │ ├── SigTest.java │ │ ├── SigTestData.java │ │ ├── SigTestDriver.java │ │ ├── SigTestEE.java │ │ ├── SigTestResult.java │ │ ├── SignatureTestDriver.java │ │ ├── SignatureTestDriverFactory.java │ │ └── TestUtil.java │ └── resources │ └── ee │ └── jakarta │ └── tck │ └── authorization │ └── signaturetest │ ├── jakarta.security.jacc.sig_3.0.0-SNAPSHOT │ ├── sig-test-pkg-list.txt │ └── sig-test.map ├── common ├── pom.xml └── src │ └── main │ └── java │ └── ee │ └── jakarta │ └── tck │ └── authorization │ └── util │ ├── ArquillianBase.java │ ├── Assert.java │ ├── ShrinkWrap.java │ ├── Utils.java │ └── logging │ ├── client │ ├── LogFileProcessor.java │ └── LogRecordEntry.java │ └── server │ ├── TSLogRecord.java │ ├── TSLogger.java │ └── TSXMLFormatter.java ├── j2ee.pass ├── javajoe.pass ├── pom.xml └── reza.pass /.gitignore: -------------------------------------------------------------------------------- 1 | target/ 2 | .classpath 3 | .project 4 | .settings/ 5 | *.iml 6 | *nbactions.xml 7 | .vscode/ 8 | .idea 9 | nb-configuration.xml 10 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing to Jakarta Authorization 2 | 3 | Thanks for your interest in this project. 4 | 5 | ## Project description 6 | 7 | Jakarta Authorization defines a contract between 8 | a Jakarta EE application server and an authorization policy provider. 9 | 10 | * https://projects.eclipse.org/projects/ee4j.jacc 11 | 12 | ## Developer resources 13 | 14 | Information regarding source code management, builds, coding standards, and 15 | more. 16 | 17 | * https://projects.eclipse.org/projects/ee4j.jacc/developer 18 | 19 | The project maintains the following source code repositories 20 | 21 | * https://github.com/eclipse-ee4j/authorization 22 | 23 | ## Eclipse Contributor Agreement 24 | 25 | Before your contribution can be accepted by the project team contributors must 26 | electronically sign the Eclipse Contributor Agreement (ECA). 27 | 28 | * http://www.eclipse.org/legal/ECA.php 29 | 30 | Commits that are provided by non-committers must have a Signed-off-by field in 31 | the footer indicating that the author is aware of the terms by which the 32 | contribution has been provided to the project. The non-committer must 33 | additionally have an Eclipse Foundation account and must have a signed Eclipse 34 | Contributor Agreement (ECA) on file. 35 | 36 | For more information, please see the Eclipse Committer Handbook: 37 | https://www.eclipse.org/projects/handbook/#resources-commit 38 | 39 | ## Eclipse Development Process 40 | 41 | This Eclipse Foundation open project is governed by the Eclipse Foundation 42 | Development Process and operates under the terms of the Eclipse IP Policy. 43 | 44 | The Jakarta EE Specification Committee has adopted the Jakarta EE Specification 45 | Process (JESP) in accordance with the Eclipse Foundation Specification Process 46 | v1.2 (EFSP) to ensure that the specification process is complied with by all 47 | Jakarta EE specification projects. 48 | 49 | * https://eclipse.org/projects/dev_process 50 | * https://www.eclipse.org/org/documents/Eclipse_IP_Policy.pdf 51 | * https://jakarta.ee/about/jesp/ 52 | * https://www.eclipse.org/legal/efsp_non_assert.php 53 | 54 | ## Contact 55 | 56 | Contact the project developers via the project's "dev" list. 57 | 58 | * 59 | -------------------------------------------------------------------------------- /NOTICE.md: -------------------------------------------------------------------------------- 1 | # Notices for Jakarta Authorization 2 | 3 | This content is produced and maintained by the Jakarta Authorization project. 4 | 5 | * Project home: https://projects.eclipse.org/projects/ee4j.jacc 6 | 7 | ## Trademarks 8 | 9 | Jakarta Authorization is a trademark of the Eclipse Foundation. 10 | 11 | ## Copyright 12 | 13 | All content is the property of the respective authors or their employers. For 14 | more information regarding authorship of content, please consult the listed 15 | source code repository logs. 16 | 17 | ## Declared Project Licenses 18 | 19 | This program and the accompanying materials are made available under the terms 20 | of the Eclipse Public License v. 2.0 which is available at 21 | http://www.eclipse.org/legal/epl-2.0. This Source Code may also be made 22 | available under the following Secondary Licenses when the conditions for such 23 | availability set forth in the Eclipse Public License v. 2.0 are satisfied: GNU 24 | General Public License, version 2 with the GNU Classpath Exception which is 25 | available at https://www.gnu.org/software/classpath/license.html. 26 | 27 | SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 28 | 29 | ## Source Code 30 | 31 | The project maintains the following source code repositories: 32 | 33 | * https://github.com/eclipse-ee4j/authorization 34 | 35 | ## Third-party Content 36 | 37 | ## Cryptography 38 | 39 | Content may contain encryption software. The country in which you are currently 40 | may have restrictions on the import, possession, and use, and/or re-export to 41 | another country, of encryption software. BEFORE using any encryption software, 42 | please check the country's laws, regulations and policies concerning the import, 43 | possession, or use, and re-export of encryption software, to see if this is 44 | permitted. 45 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Jakarta Authorization 2 | 3 | This repository contains the code for Jakarta Authorization. 4 | 5 | [Online JavaDoc](https://javadoc.io/doc/jakarta.security.jacc/jakarta.security.jacc-api/) 6 | 7 | Building 8 | -------- 9 | 10 | Jakarta Authorization can be built by executing the following from the project root: 11 | 12 | ``mvn clean package`` 13 | 14 | The API jar can then be found in /app/target. 15 | 16 | Making Changes 17 | -------------- 18 | 19 | To make changes, fork this repository, make your changes, and submit a pull request. 20 | 21 | About Jakarta Authorization 22 | ------------- 23 | 24 | Jakarta Authorization defines a low-level SPI for authorization modules, which are repositories of permissions 25 | facilitating subject based security by determining whether a given subject has a given permission, and algorithms 26 | to transform security constraints for specific containers (such as Jakarta- Servlet or Enterprise Beans) into 27 | these permissions. 28 | -------------------------------------------------------------------------------- /api/.gitignore: -------------------------------------------------------------------------------- 1 | /.flattened-pom.xml 2 | -------------------------------------------------------------------------------- /api/src/main/java/jakarta/security/jacc/PolicyContextException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 1997, 2020 Oracle and/or its affiliates. All rights reserved. 3 | * 4 | * This program and the accompanying materials are made available under the 5 | * terms of the Eclipse Public License v. 2.0, which is available at 6 | * http://www.eclipse.org/legal/epl-2.0. 7 | * 8 | * This Source Code may also be made available under the following Secondary 9 | * Licenses when the conditions for such availability set forth in the 10 | * Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 11 | * version 2 with the GNU Classpath Exception, which is available at 12 | * https://www.gnu.org/software/classpath/license.html. 13 | * 14 | * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 15 | */ 16 | 17 | package jakarta.security.jacc; 18 | 19 | /** 20 | * This checked exception is thrown by implementations of the PolicyConfiguration 21 | * Interface, the PolicyConfigurationFactory abstract class, the 22 | * PolicyContext utility class, and implementations of the 23 | * PolicyContextException Interface. 24 | * 25 | *

26 | * This exception is used by jakarta.security.jacc implementation classes to rethrow checked exceptions occurring within 27 | * an implementation that are not declared by the interface or class being implemented. 28 | * 29 | * @see Exception 30 | * @see PolicyConfiguration 31 | * @see PolicyConfigurationFactory 32 | * @see PolicyContext 33 | * @see PolicyContextHandler 34 | * 35 | * @author Ron Monzillo 36 | * @author Gary Ellison 37 | */ 38 | public class PolicyContextException extends Exception { 39 | 40 | private static final long serialVersionUID = 3925692572777572935L; 41 | 42 | /** 43 | * Constructs a new PolicyContextException with null as its detail message. describing the cause of the 44 | * exception. 45 | */ 46 | public PolicyContextException() { 47 | super(); 48 | } 49 | 50 | /** 51 | * Constructs a new PolicyContextException with the specified detail message 52 | * 53 | * @param message - a String containing a detail message describing the cause of the exception. 54 | */ 55 | public PolicyContextException(String message) { 56 | super(message); 57 | } 58 | 59 | /** 60 | * Constructs a new PolicyContextException with the specified detail message and cause. The cause will be encapsulated 61 | * in the constructed exception. 62 | * 63 | * @param message - A String containing a detail message describing the cause of the exception. 64 | * @param cause - The Throwable that is "causing" this exception to be constructed. A null value is permitted, and the 65 | * value passed through this parameter may subsequently be retrieved by calling getCause() on the 66 | * constructed exception. 67 | */ 68 | public PolicyContextException(String message, Throwable cause) { 69 | super(message, cause); 70 | } 71 | 72 | /** 73 | * Constructs a new PolicyContextException with the specified cause. The cause will be encapsulated in the constructed 74 | * exception. 75 | * 76 | * @param cause - the Throwable that is "causing" this exception to be constructed. A null value is permitted, and the 77 | * value passed through this parameter may subsequently be retrieved by calling getCause() on the 78 | * constructed exception. 79 | */ 80 | public PolicyContextException(Throwable cause) { 81 | super(cause); 82 | } 83 | } 84 | -------------------------------------------------------------------------------- /api/src/main/java/jakarta/security/jacc/package.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 20 | 21 | 22 | 23 | This package contains the Jakarta Authorization API 24 | 25 | 26 | -------------------------------------------------------------------------------- /api/src/main/java/module-info.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021-2021 Contributors to the Eclipse Foundation 3 | * 4 | * This program and the accompanying materials are made available under the 5 | * terms of the Eclipse Public License v. 2.0, which is available at 6 | * http://www.eclipse.org/legal/epl-2.0. 7 | * 8 | * This Source Code may also be made available under the following Secondary 9 | * Licenses when the conditions for such availability set forth in the 10 | * Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 11 | * version 2 with the GNU Classpath Exception, which is available at 12 | * https://www.gnu.org/software/classpath/license.html. 13 | * 14 | * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 15 | */ 16 | module jakarta.security.jacc { 17 | exports jakarta.security.jacc; 18 | requires jakarta.servlet; 19 | } 20 | -------------------------------------------------------------------------------- /api/src/main/javadoc/doc-files/speclicense.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | Eclipse Foundation Specification License - v1.1 4 | 5 | 6 |

Eclipse Foundation Specification License - v1.1

7 |

By using and/or copying this document, or the Eclipse Foundation 8 | document from which this statement is linked or incorporated by reference, you (the licensee) agree 9 | that you have read, understood, and will comply with the following 10 | terms and conditions:

11 | 12 |

Permission to copy, and distribute the contents of this document, or 13 | the Eclipse Foundation document from which this statement is linked, in 14 | any medium for any purpose and without fee or royalty is hereby 15 | granted, provided that you include the following on ALL copies of the 16 | document, or portions thereof, that you use:

17 | 18 | 27 | 28 |

Inclusion of the full text of this NOTICE must be provided. We 29 | request that authorship attribution be provided in any software, 30 | documents, or other items or products that you create pursuant to the 31 | implementation of the contents of this document, or any portion 32 | thereof.

33 | 34 |

No right to create modifications or derivatives of Eclipse Foundation 35 | documents is granted pursuant to this license, except anyone may 36 | prepare and distribute derivative works and portions of this document 37 | in software that implements the specification, in supporting materials 38 | accompanying such software, and in documentation of such software, 39 | PROVIDED that all such works include the notice below. HOWEVER, the 40 | publication of derivative works of this document for use as a technical 41 | specification is expressly prohibited.

42 | 43 |

The notice is:

44 | 45 |

"Copyright © [$date-of-document] Eclipse Foundation AISBL. This software or 46 | document includes material copied from or derived from [title and URI 47 | of the Eclipse Foundation specification document]."

48 | 49 |

Disclaimers

50 | 51 |

THIS DOCUMENT IS PROVIDED "AS IS," AND TO THE EXTENT PERMITTED BY APPLICABLE LAW THE COPYRIGHT 52 | HOLDERS AND THE ECLIPSE FOUNDATION AISBL MAKE NO REPRESENTATIONS OR 53 | WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 54 | WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, 55 | NON-INFRINGEMENT, OR TITLE; THAT THE CONTENTS OF THE DOCUMENT ARE 56 | SUITABLE FOR ANY PURPOSE; NOR THAT THE IMPLEMENTATION OF SUCH CONTENTS 57 | WILL NOT INFRINGE ANY THIRD PARTY PATENTS, COPYRIGHTS, TRADEMARKS OR 58 | OTHER RIGHTS.

59 | 60 |

TO THE EXTENT PERMITTED BY APPLICABLE LAW THE COPYRIGHT HOLDERS AND THE ECLIPSE FOUNDATION AISBL WILL NOT BE LIABLE 61 | FOR ANY DIRECT, INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES ARISING OUT 62 | OF ANY USE OF THE DOCUMENT OR THE PERFORMANCE OR IMPLEMENTATION OF THE 63 | CONTENTS THEREOF.

64 | 65 |

The name and trademarks of the copyright holders or the Eclipse 66 | Foundation AISBL may NOT be used in advertising or publicity pertaining to 67 | this document or its contents without specific, written prior 68 | permission. Title to copyright in this document will at all times 69 | remain with copyright holders.

70 | 71 | 72 | -------------------------------------------------------------------------------- /api/src/main/resources/exclude-common.xml: -------------------------------------------------------------------------------- 1 | 18 | 19 | 20 | 24 | 25 | 26 | 27 | 28 | 31 | 32 | 33 | 34 | 35 | 39 | 40 | 41 | 42 | 43 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 58 | 59 | 60 | 61 | 62 | 66 | 67 | 68 | 69 | 70 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | -------------------------------------------------------------------------------- /pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 20 | 21 | 22 | 4.0.0 23 | 24 | 25 | org.eclipse.ee4j 26 | project 27 | 1.0.9 28 | 29 | 30 | org.eclipse.ee4j.authorization 31 | authorization-parent 32 | 3.0.0-SNAPSHOT 33 | pom 34 | 35 | Jakarta Authorization Parent 36 | 37 | Jakarta Authorization defines a low-level SPI for authorization modules, which are repositories of permissions 38 | facilitating subject based security by determining whether a given subject has a given permission, and algorithms 39 | to transform security constraints for specific containers (such as Jakarta Servlet or Jakarta Enterprise Beans) into 40 | these permissions. 41 | 42 | https://github.com/jakartaee/authorization 43 | 44 | 45 | EPL 2.0 46 | http://www.eclipse.org/legal/epl-2.0 47 | repo 48 | 49 | 50 | GPL2 w/ CPE 51 | https://www.gnu.org/software/classpath/license.html 52 | repo 53 | 54 | 55 | 56 | 57 | api 58 | spec 59 | 60 | 61 | 62 | scm:git:ssh://git@github.com/jakartaee/authorization.git 63 | scm:git:ssh://git@github.com/jakartaee/authorization.git 64 | https://github.com/jakartaee/authorization 65 | 66 | 67 | 68 | UTF-8 69 | UTF-8 70 | 71 | 17 72 | 73 | 74 | 75 | 76 | 77 | 78 | org.apache.maven.plugins 79 | maven-enforcer-plugin 80 | 81 | 82 | enforce-maven 83 | 84 | enforce 85 | 86 | 87 | 88 | 89 | 3.9.0 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | -------------------------------------------------------------------------------- /spec/README.md: -------------------------------------------------------------------------------- 1 | Jakarta Authorization Specification 2 | =================================== 3 | 4 | This project generates the Jakarta Authorization Specification. 5 | 6 | Building 7 | -------- 8 | 9 | Prerequisites: 10 | 11 | * JDK8+ 12 | * Maven 3.0.3+ 13 | 14 | Run the full build: 15 | 16 | `mvn install` 17 | 18 | Locate the html files: 19 | - target/generated-docs/Authorization.html 20 | 21 | Locate the PDF files: 22 | - target/generated-docs/Authorization.pdf 23 | -------------------------------------------------------------------------------- /spec/assembly.xml: -------------------------------------------------------------------------------- 1 | 2 | 19 | 20 | 21 | spec 22 | 23 | zip 24 | 25 | authorization-spec 26 | 27 | 28 | target/generated-docs 29 | 30 | 31 | 32 | 33 | -------------------------------------------------------------------------------- /spec/src/main/asciidoc/authorization-spec.adoc: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (c) 2017, 2022 Contributors to the Eclipse Foundation 3 | // 4 | 5 | = Jakarta Authorization 6 | :authors: Jakarta Authorization Team, https://projects.eclipse.org/projects/ee4j.authorization 7 | :email: https://accounts.eclipse.org/mailing-list/jakarta-security-dev 8 | :version-label!: 9 | :doctype: book 10 | :license: Eclipse Foundation Specification License v1.1 11 | :source-highlighter: coderay 12 | :toc: left 13 | :toclevels: 4 14 | :sectnumlevels: 4 15 | :sectanchors: 16 | ifdef::backend-pdf[] 17 | :pagenums: 18 | :numbered: 19 | :title-logo-image: image:jakarta_ee_logo_schooner_color_stacked_default.png[pdfwidth=4.25in,align=right] 20 | endif::[] 21 | 22 | // == License 23 | :sectnums!: 24 | include::license-efsl.adoc[] 25 | 26 | // == Toc 27 | :sectnums: 28 | include::preface.adoc[] 29 | 30 | :doc-part: 1 31 | include::chapters/1_overview.adoc[] 32 | 33 | :doc-part: 2 34 | include::chapters/2_provider-configuration.adoc[] 35 | 36 | :doc-part: 3 37 | include::chapters/3_policy-configuration.adoc[] 38 | 39 | :doc-part: 4 40 | include::chapters/4_policy-decision.adoc[] 41 | 42 | :doc-part: 5 43 | include::chapters/5_legacy_support.adoc[] 44 | 45 | :doc-part: A 46 | include::chapters/a_related-documents.adoc[] 47 | 48 | :doc-part: B 49 | include::chapters/b_issues.adoc[] 50 | 51 | :doc-part: C 52 | include::chapters/c_revision-history.adoc[] 53 | -------------------------------------------------------------------------------- /spec/src/main/asciidoc/chapters/a_related-documents.adoc: -------------------------------------------------------------------------------- 1 | [appendix] 2 | == Related Documents 3 | 4 | This specification refers to the following documents. The terms used to refer to the documents in this 5 | specification are included in brackets. 6 | 7 | _S. Bradner, “Key words for use in RFCs to Indicate Requirement Levels,” RFC 2119, Harvard University, March 1997, [Keywords]_ 8 | 9 | _Jakarta EE 11 Specification [Jakarta EE 11 Specification], available at: https://jakarta.ee/specifications/platform/11/_ 10 | 11 | _Jakarta Servlet Specification, Version 6.1 [Jakarta Servlet Specification], available at: https://jakarta.ee/specifications/servlet/6.1/_ 12 | 13 | _Jakarta Enterprise Beans, Version 4.0 [Jakarta Enterprise Beans Specification], available at: _https://jakarta.ee/specifications/enterprise-beans/4.0/_ 14 | 15 | 16 | -------------------------------------------------------------------------------- /spec/src/main/asciidoc/images/PolicyConfigurationStateTable.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jakartaee/authorization/2cb22aed30a9fce0885fb9b2aac91780540802f1/spec/src/main/asciidoc/images/PolicyConfigurationStateTable.png -------------------------------------------------------------------------------- /spec/src/main/asciidoc/images/authz-1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jakartaee/authorization/2cb22aed30a9fce0885fb9b2aac91780540802f1/spec/src/main/asciidoc/images/authz-1.png -------------------------------------------------------------------------------- /spec/src/main/asciidoc/images/authz-3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jakartaee/authorization/2cb22aed30a9fce0885fb9b2aac91780540802f1/spec/src/main/asciidoc/images/authz-3.png -------------------------------------------------------------------------------- /spec/src/main/asciidoc/images/authz-4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jakartaee/authorization/2cb22aed30a9fce0885fb9b2aac91780540802f1/spec/src/main/asciidoc/images/authz-4.png -------------------------------------------------------------------------------- /spec/src/main/asciidoc/images/authz.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jakartaee/authorization/2cb22aed30a9fce0885fb9b2aac91780540802f1/spec/src/main/asciidoc/images/authz.png -------------------------------------------------------------------------------- /spec/src/main/asciidoc/images/jakarta_ee_logo_schooner_color_stacked_default.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jakartaee/authorization/2cb22aed30a9fce0885fb9b2aac91780540802f1/spec/src/main/asciidoc/images/jakarta_ee_logo_schooner_color_stacked_default.png -------------------------------------------------------------------------------- /spec/src/main/asciidoc/license-efsl.adoc: -------------------------------------------------------------------------------- 1 | [subs="normal"] 2 | .... 3 | Specification: {doctitle} 4 | 5 | Version: {revnumber} 6 | 7 | ifeval::["{revremark}" != ""] 8 | Status: {revremark} 9 | endif::[] 10 | ifeval::["{revremark}" == ""] 11 | Status: Final Release 12 | endif::[] 13 | 14 | Release: {revdate} 15 | .... 16 | 17 | Copyright (c) 2018, {revyear} Eclipse Foundation. 18 | 19 | = Eclipse Foundation Specification License - v1.1 20 | 21 | By using and/or copying this document, or the Eclipse Foundation document from which this statement is linked or incorporated by reference, you (the licensee) agree that you have read, understood, and will comply with the following terms and conditions: 22 | 23 | Permission to copy, and distribute the contents of this document, or the Eclipse Foundation document from which this statement is linked, in any medium for any purpose and without fee or royalty is hereby granted, provided that you include the following on ALL copies of the document, or portions thereof, that you use: 24 | 25 | * link or URL to the original Eclipse Foundation document. 26 | * All existing copyright notices, or if one does not exist, a notice (hypertext is preferred, but a textual representation is permitted) of the form: "Copyright (c) [$date-of-document] Eclipse Foundation AISBL \<> " 27 | 28 | Inclusion of the full text of this NOTICE must be provided. We request that authorship attribution be provided in any software, documents, or other items or products that you create pursuant to the implementation of the contents of this document, or any portion thereof. 29 | 30 | No right to create modifications or derivatives of Eclipse Foundation documents is granted pursuant to this license, except anyone may prepare and distribute derivative works and portions of this document in software that implements the specification, in supporting materials accompanying such software, and in documentation of such software, PROVIDED that all such works include the notice below. HOWEVER, the publication of derivative works of this document for use as a technical specification is expressly prohibited. 31 | 32 | The notice is: 33 | 34 | "Copyright (c) [$date-of-document] Eclipse Foundation AISBL. This software or document includes material copied from or derived from [title and URI of the Eclipse Foundation specification document]." 35 | 36 | == Disclaimers 37 | 38 | THIS DOCUMENT IS PROVIDED "AS IS," AND TO THE EXTENT PERMITTED BY APPLICABLE LAW THE COPYRIGHT HOLDERS AND THE ECLIPSE FOUNDATION AISBL MAKE NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR TITLE; THAT THE CONTENTS OF THE DOCUMENT ARE SUITABLE FOR ANY PURPOSE; NOR THAT THE IMPLEMENTATION OF SUCH CONTENTS WILL NOT INFRINGE ANY THIRD PARTY PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. 39 | 40 | TO THE EXTENT PERMITTED BY APPLICABLE LAW THE COPYRIGHT HOLDERS AND THE ECLIPSE FOUNDATION AISBL WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF ANY USE OF THE DOCUMENT OR THE PERFORMANCE OR IMPLEMENTATION OF THE CONTENTS THEREOF. 41 | 42 | The name and trademarks of the copyright holders or the Eclipse Foundation AISBL may NOT be used in advertising or publicity pertaining to this document or its contents without specific, written prior permission. Title to copyright in this document will at all times remain with copyright holders. -------------------------------------------------------------------------------- /spec/src/main/asciidoc/scope.adoc: -------------------------------------------------------------------------------- 1 | == Specification Scope 2 | 3 | Jakarta Authorization defines a low-level SPI for authorization modules, which are repositories of permissions 4 | facilitating subject based security by determining whether a given subject has a given permission, and algorithms 5 | to transform security constraints for specific containers (such as Jakarta Servlet or Jakarta Enterprise Beans) into 6 | these permissions. 7 | -------------------------------------------------------------------------------- /tck-dist/README.md: -------------------------------------------------------------------------------- 1 | # Jakarta Authorization TCK Distribution 2 | 3 | This bundle contains the Jakarta Authorization TCK. The contents of this bundle are: 4 | - tck/* - the TCK tests src and pom.xml runner profiles 5 | - docs/* - the TCK user guide (HTML and PDF) 6 | - README.md - this README 7 | - LICENSE - the EFTL license terms 8 | -------------------------------------------------------------------------------- /tck-dist/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 18 | 19 | 20 | 4.0.0 21 | 22 | 23 | org.eclipse.ee4j 24 | project 25 | 1.0.9 26 | 27 | 28 | 29 | org.eclipse.ee4j.tck.authorization 30 | jakarta-authorization-tck-dist 31 | 3.0.0-SNAPSHOT 32 | pom 33 | 34 | 35 | userguide 36 | 37 | 38 | 39 | 40 | 41 | org.apache.maven.plugins 42 | maven-enforcer-plugin 43 | 44 | 45 | enforce-versions 46 | 47 | enforce 48 | 49 | 50 | 51 | 52 | 3.6.3 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | maven-assembly-plugin 62 | 63 | 64 | distribution 65 | package 66 | 67 | single 68 | 69 | 70 | 71 | src/main/assembly/assembly.xml 72 | 73 | authorization-tck-${project.version} 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | -------------------------------------------------------------------------------- /tck-dist/src/main/EFTL.txt: -------------------------------------------------------------------------------- 1 | Eclipse Foundation Technology Compatibility Kit License - v 1.0 2 | Copyright (c) 2018, Eclipse Foundation, Inc. and its licensors. 3 | 4 | Redistribution and use in binary form is permitted provided that the following conditions are met: 5 | 1. Use of the Technology Compatibility Kit accompanying this license ( the “TCK”) and its documentation is permitted 6 | solely for the purpose of testing compatibility of an implementation (the “Product”) of a specification 7 | (the “Specification”) made available by the Eclipse Foundation, Inc. (“Eclipse”). 8 | 2. Only those modifications expressly permitted by the TCK and its documentation are permitted. Except in these 9 | limited circumstances, no modifications to the TCK are permitted under this license. 10 | 3. A Product will be deemed to be “compatible” with the Specification if it fully and completely meets and satisfies 11 | all requirements of the TCK. 12 | 4. Before any claim of compatibility (or any similar claim suggesting compatibility) is made based on the TCK, the 13 | testing party must: 14 | a. use the TCK to demonstrate that the Product fully and completely meets and satisfies all requirements of the TCK; 15 | b. make TCK test results showing full and complete satisfaction of all requirements of the TCK publicly 16 | available on the testing party’s website and send a link to such test results to Eclipse at tck@eclipse.org; and 17 | c. comply with any requirements stated in the Specification with regard to subsetting, supersetting, modifying 18 | or extending the Specification in any Product claimed to be compatible with the Specification. 19 | 5. The test results must be continuously available and the link must be live for at least as long as the Product is 20 | available in the marketplace. 21 | 6. The TCK may not be used as a basis for any statements of partial compatibility. The TCK may only be used as a 22 | basis for true, factual statements of full compatibility of Products that fully meet and satisfy all requirements 23 | of the TCK. 24 | 7. A determination that a Product is compatible with the TCK does not, in itself, give rise to the right to use any 25 | name, mark, logo associated with the TCK, Eclipse, or Eclipse’s contributors or licensors. 26 | 8. Upon the request of Eclipse, a tester will retract any statements of compatibility (or any similar claim 27 | suggesting compatibility) which Eclipse reasonably determines to be false or misleading or in violation of the 28 | terms of this license. 29 | 9. Redistribution of the TCK must be under this Eclipse Foundation Technology Compatibility Kit License and must 30 | reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation 31 | and/or other materials provided with the distribution. 32 | 10. Neither the name, trademarks or logos of Eclipse, nor the names, trademarks or logos of its contributors or 33 | licensors may be used to endorse or promote products tested with this software without specific prior written permission. 34 | 11. The source code for the TCK accompanying this license is available from Eclipse. 35 | 36 | TO THE EXTENT PERMITTED BY APPLICABLE LAW, THIS SOFTWARE IS PROVIDED ON AN “AS IS” BASIS, WITHOUT WARRANTIES OR 37 | CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE, 38 | NON- INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. TO THE EXTENT PERMITTED BY APPLICABLE LAW, 39 | NEITHER THE COPYRIGHT OWNER OR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 40 | EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF 41 | LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF 42 | THE USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE 43 | POSSIBILITY OF SUCH DAMAGES. 44 | -------------------------------------------------------------------------------- /tck-dist/src/main/assembly/assembly.xml: -------------------------------------------------------------------------------- 1 | 2 | 18 | 21 | dist 22 | 23 | 24 | zip 25 | 26 | 27 | 28 | 29 | 30 | 31 | src/main/EFTL.txt 32 | LICENSE 33 | 34 | 35 | 36 | 37 | README.md 38 | README.md 39 | 40 | 41 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | ${project.basedir}/../tck 54 | tck 55 | 56 | **/target/** 57 | **/source/dist/** 58 | **/source/dist/classes/** 59 | 60 | 61 | 62 | 63 | 64 | ${project.basedir}/userguide 65 | docs/pdf 66 | 67 | **/src/** 68 | **/pom.xml 69 | 70 | 71 | **/generated-docs/*.pdf 72 | 73 | 74 | 75 | 76 | 77 | ${project.basedir}/userguide 78 | docs/html 79 | 80 | **/src/** 81 | **/pom.xml 82 | 83 | 84 | **/staging/** 85 | 86 | 87 | 88 | 89 | -------------------------------------------------------------------------------- /tck-dist/userguide/README.md: -------------------------------------------------------------------------------- 1 | # A JBake project template 2 | 3 | ## About JBake 4 | 5 | JBake is a static site generator, it's inspired from jekyll and written 6 | in java. The basic idea is to have templates for the structure of the 7 | page, and the body generated from asciidoc content. 8 | 9 | ## Pre requisites 10 | 11 | - Maven 12 | - JDK8+ 13 | 14 | Deploying to Github will require password less authentication. 15 | 16 | This is done by exporting your SSH public key into your Github account. 17 | 18 | ## Build the site locally 19 | 20 | The site is generated under target/staging. 21 | 22 | Open file:///PATH_TO_PROJECT_DIR/target/staging in a browser to view the site. 23 | 24 | ``` 25 | mvn generate-resources 26 | ``` 27 | 28 | Or you can invoke the JBake plugin directly. 29 | 30 | ``` 31 | mvn jbake:build 32 | ``` 33 | 34 | ### Rebuild the site on changes 35 | 36 | ``` 37 | mvn jbake:watch 38 | ``` 39 | 40 | If you keep this command running, changes to the sources will be 41 | detected and the site will be rendered incrementally. 42 | 43 | This is convenient when writing content. 44 | 45 | ### Serve the site locally 46 | 47 | ``` 48 | mvn jbake:serve 49 | ``` 50 | 51 | If a webserver is required (e.g. absolute path are used), this command 52 | will start a webserver (jetty) at http://localhost:8820. It will also 53 | watch for changes and rebuild incrementally. 54 | 55 | ## Deploy the site to Github Pages 56 | 57 | ``` 58 | mvn deploy 59 | ``` 60 | 61 | ## Produce a zip file for download 62 | 63 | To produce a zip file containing the generated html files, use: 64 | 65 | ``` 66 | mvn package 67 | ``` 68 | 69 | When making a release on GitHub, this zip file should be added to the release. 70 | 71 | ## Links 72 | 73 | - [JBake maven plugin documentation](https://github.com/Blazebit/jbake-maven-plugin) 74 | - [JBake documentation](http://jbake.org/docs/2.5.1) 75 | - [Freemarker documentation](http://freemarker.org/docs) 76 | - [AsciiDoc User Guide](http://asciidoc.org/userguide.html) 77 | - [Asciidoctor quick reference](http://asciidoctor.org/docs/asciidoc-syntax-quick-reference) 78 | -------------------------------------------------------------------------------- /tck-dist/userguide/src/main/jbake/assets/README.md: -------------------------------------------------------------------------------- 1 | # About 2 | 3 | The {{site.title}} project contains the [AsciiDoc](http://asciidoc.org/) 4 | source code for the ... 5 | -------------------------------------------------------------------------------- /tck-dist/userguide/src/main/jbake/assets/_config.yml: -------------------------------------------------------------------------------- 1 | remote_theme: jakartaee/jekyll-theme-jakarta-ee 2 | 3 | title: [tck_faces_v4_0] 4 | description: [Oracle Technology Compatibility Kit User's Guide for Jakarta Faces 4.0 for Technology Licensees, Release 4.0] 5 | 6 | # sidebar links url 7 | links: 8 | source: https://github.com/jakartaee/faces 9 | download: https://github.com/jakartaee/faces/releases 10 | #mailinglist: https://javaee.groups.io/g/tck_jaxrs_v2_1 11 | #javadocs: 12 | docs: https://github.com/jakartaee/faces 13 | #faq: 14 | 15 | -------------------------------------------------------------------------------- /tck-dist/userguide/src/main/jbake/assets/img/eclipse_foundation_logo_tiny.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jakartaee/authorization/2cb22aed30a9fce0885fb9b2aac91780540802f1/tck-dist/userguide/src/main/jbake/assets/img/eclipse_foundation_logo_tiny.png -------------------------------------------------------------------------------- /tck-dist/userguide/src/main/jbake/content/README: -------------------------------------------------------------------------------- 1 | The file attributes.conf defines several attributes (variables) that 2 | need to be customized for each technology. 3 | 4 | The *.adoc files should not be modified. 5 | 6 | The following "include" files should be customized as necessary 7 | for the specific technology: 8 | 9 | - rules.inc 10 | 11 | Additional compatibility rules needed by some technologies. 12 | The rules in rules.adoc should NOT be changed. 13 | 14 | - defns.inc 15 | 16 | Additional definitions needed by additional compatibility 17 | rules in rules.inc. 18 | 19 | - config.inc 20 | 21 | Detailed instructions for configuring the TCK, included in 22 | Chapter 4. Unfortunately, these are sections 4.1 - 4.3, 23 | so even if the TCK doesn't require 3 sections you need to 24 | make up something, or else change the sections to "N/A". 25 | 26 | - packages.inc 27 | 28 | A simple list of Jakarta EE package names for the technology. 29 | 30 | - tck-packages.inc 31 | 32 | A list of additional software packages included in the TCK. 33 | 34 | - req-software.inc 35 | 36 | A list of software required in addition to the TCK and CI. 37 | 38 | - install-server.inc 39 | 40 | Steps to install the Jakarta EE CI, if needed. 41 | For standalone technologies, no server may be required, 42 | and this file can be empty. 43 | This is used in install.adoc in section 3.2. 44 | 45 | - install-server-vi.inc 46 | 47 | Steps to install a Vendor's web server, if needed. 48 | For standalone technologies, no web server may be required, 49 | and this file can be empty. 50 | This is used in install.adoc in section 3.2. 51 | 52 | - using-examples.inc 53 | 54 | Command line examples showing how to run the TCK. 55 | 56 | - using.inc 57 | 58 | Optional additional instructions for running the TCK. 59 | 60 | - debug-tips.inc 61 | 62 | Technology-specific troubleshooting tips for Chapter 6. 63 | If this isn't needed, it can be an empty file, but toc.adoc 64 | will need to be fixed. 65 | 66 | - rebuild.inc 67 | 68 | Special instructions for rebuilding the WAR files used by some TCKs. 69 | If needed, customize it appropriately and define the "rebuild" 70 | attribute in attributes.conf. 71 | 72 | - title.inc 73 | Add acronym references as required do distinguish between legacy and 74 | current APIs. 75 | 76 | Note that this template is NOT sufficient for the Jakarta EE platform 77 | or Jakarta EE Web Profile. 78 | -------------------------------------------------------------------------------- /tck-dist/userguide/src/main/jbake/content/attributes.conf: -------------------------------------------------------------------------------- 1 | :TechnologyFullName: Jakarta Authorization 2 | :TechnologyShortName: Authorization 3 | :LegacyAcronym: JSF 4 | :TechnologyVersion: 3.0 5 | :ReleaseDate: April 2024 6 | :CopyrightDates: 2017, 2024 7 | :TechnologyRI: Eclipse Exousia 3.0 8 | :TechnologyRIURL: https://projects.eclipse.org/projects/ee4j.exousia 9 | :GlassFishCI: Eclipse GlassFish 8.0 10 | :GlassFishCIURL: https://projects.eclipse.org/projects/ee4j.glassfish 11 | :SpecificationURL: https://jakarta.ee/specifications/Authorization/3.0 12 | :TCKInquiryList: mailto:jakarta-security-dev@eclipse.org[jakarta-security-dev@eclipse.org] 13 | :SpecificationInquiryList: mailto:jakarta-security-dev@eclipse.org[jakarta-security-dev@eclipse.org] 14 | :techID: Authorization 15 | // Define this attribute (uncomment it) if the TCK includes no API tests. (Rare.) 16 | // :no-api-tests: 17 | // Define this attribute (uncomment it) if the TCK includes end-to-end tests. 18 | // :end-to-end-tests: 19 | // Define this attribute (uncomment it) if subsets of the API are allowed. 20 | // (Common Annotations only) 21 | // :subset-allowed: 22 | // 23 | // The environment variable used to specify the home directory 24 | // for the technology. Used in config.inc. 25 | :TechnologyHomeEnv: JAVAEE_HOME 26 | // Java SE version required. 27 | :SEversion: 17 28 | :MavenVersion: 3.6.3+ 29 | :JakartaEEVersion: 11.0 30 | :excludeListFileName: docs/TCK-Exclude-List.txt 31 | :TCKPackageName: jakarta-authorization-tck-3.0.0.zip 32 | // Directory names used in examples in using.adoc. 33 | :sigTestDirectoryExample: authorization-signaturetest 34 | :singleTestDirectoryExample: app-custom-policy/ 35 | // Define this attribute (uncomment it) if the TCK needs the rebuild appendix. 36 | // :rebuild: 37 | -------------------------------------------------------------------------------- /tck-dist/userguide/src/main/jbake/content/config.adoc: -------------------------------------------------------------------------------- 1 | type=page 2 | status=published 3 | title=Setup and Configuration 4 | next=using.html 5 | prev=install.html 6 | ~~~~~~ 7 | include::attributes.conf[] 8 | Setup and Configuration 9 | ======================= 10 | 11 | [[GBFVV]] 12 | 13 | 14 | 15 | [[setup-and-configuration]] 16 | 4 Setup and Configuration 17 | ------------------------- 18 | 19 | 20 | [NOTE] 21 | ==== 22 | The Jakarta EE Specification process provides for any number of compatible implementations. 23 | As additional implementations become available, refer to project or product documentation from 24 | those vendors for specific TCK setup and operational guidance. 25 | 26 | ==== 27 | 28 | Before proceeding with the instructions in 29 | this chapter, be sure to install all required software, as described in 30 | link:install.html#GBFTP[Chapter 3, "Installation."] 31 | 32 | After completing the instructions in this chapter, proceed to 33 | link:using.html#GBFWO[Chapter 5, "Executing Tests,"] for instructions on 34 | running the {TechnologyShortName} TCK. 35 | 36 | include::config.inc[] 37 | 38 | -------------------------------------------------------------------------------- /tck-dist/userguide/src/main/jbake/content/debug-tips.inc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jakartaee/authorization/2cb22aed30a9fce0885fb9b2aac91780540802f1/tck-dist/userguide/src/main/jbake/content/debug-tips.inc -------------------------------------------------------------------------------- /tck-dist/userguide/src/main/jbake/content/debug.adoc: -------------------------------------------------------------------------------- 1 | type=page 2 | status=published 3 | title=Debugging Test Problems 4 | next=faq.html 5 | prev=using.html 6 | ~~~~~~ 7 | include::attributes.conf[] 8 | Debugging Test Problems 9 | ======================= 10 | 11 | [[GBFUV]] 12 | 13 | 14 | [[debugging-test-problems]] 15 | 6 Debugging Test Problems 16 | ------------------------- 17 | 18 | There are a number of reasons that tests can fail to execute properly. 19 | This chapter provides some approaches for dealing with these failures. 20 | 21 | 22 | This chapter includes the following topics: 23 | 24 | * link:#GBFYP[Overview] 25 | * link:#GBFVP[Test Information] 26 | * link:#GBFYF[Configuration Failures] 27 | 28 | [[GBFYP]][[overview]] 29 | 30 | 6.1 Overview 31 | ~~~~~~~~~~~~ 32 | 33 | The goal of a test run is for all tests in the test suite that are not 34 | filtered out to have passing results. If the root test suite folder 35 | contains tests with errors or failing results, you must troubleshoot and 36 | correct the cause to satisfactorily complete the test run. 37 | 38 | * Errors: Tests with errors could not be executed by the Junit 39 | framework. These errors usually occur because the test environment is not 40 | properly configured. 41 | * Failures: Tests that fail were executed but had failing results. 42 | 43 | 44 | For every test run, the Junit framework creates a set of report files 45 | in the target directory. 46 | 47 | 48 | If a large number of tests failed, you should read 49 | link:#GBFYF[Configuration Failures] to see if a 50 | configuration issue is the cause of the failures. 51 | 52 | 53 | 54 | [[GBFVP]][[test-information]] 55 | 56 | 6.2 Test Information 57 | ~~~~~~~~~~~~~~~~~~~~ 58 | 59 | TBD 60 | 61 | [[GBFYF]][[configuration-failures]] 62 | 63 | 6.3 Configuration Failures 64 | ~~~~~~~~~~~~~~~~~~~~~~~~~~ 65 | 66 | Configuration failures are easily recognized because many tests fail the 67 | same way. When all your tests begin to fail, you may want to stop the 68 | run immediately and start viewing individual test output. 69 | 70 | include::debug-tips.inc[] 71 | -------------------------------------------------------------------------------- /tck-dist/userguide/src/main/jbake/content/defns.inc: -------------------------------------------------------------------------------- 1 | // NOTE TO WRITERS: 2 | // Most technologies will only need the compatibility rules in rules.adoc. 3 | // Some technologies will need additional definitions to go with additional 4 | // rules. If they're needed, remove the comment characters below 5 | // and update the definitions as appropriate. 6 | // 7 | // The first block below is additional definitions needed by 8 | // Jakarta XML Web Services. 9 | // 10 | // The second block below is additional defintions needed by 11 | // Jakarta Server Pages. 12 | // 13 | // NOTE: This set of examples is NOT complete, but should be. 14 | // 15 | // 16 | // Jakarta XML Web Services 17 | // 18 | // |Development Kit |A software product that implements or incorporates a 19 | // Compiler, a Schema Compiler, a Schema Generator, a Java-to-WSDL Tool, a 20 | // WSDL-to-Java Tool, and/or an RMI Compiler. 21 | // 22 | // |Java-to-WSDL Output |Output of a Java-to-WSDL Tool that is required for 23 | // Web service deployment and invocation. 24 | // 25 | // |Java-to-WSDL Tool |A software development tool that implements or 26 | // incorporates a function that generates web service endpoint descriptions 27 | // in WSDL and XML schema format from Source Code as specified by the 28 | // Jakarta XML Web Services Specification. 29 | // 30 | // |WSDL-to-Java Output |Output of a WSDL-to-Java tool that is required for 31 | // Web service deployment and invocation. 32 | // 33 | // |WSDL-to-Java Tool |A software development tool that implements or 34 | // incorporates a function that generates web service interfaces for 35 | // clients and endpoints from a WSDL description as specified by the 36 | // Jakarta XML Web Services Specification. 37 | // 38 | // 39 | // Jakarta Server Pages 40 | // 41 | // |Jakarta Server Page |A text-based document that uses Jakarta Server 42 | // Pages technology. 43 | // 44 | // |Jakarta Server Page Implementation Class |A program constructed by 45 | // transforming the Jakarta Server Page text into a Java language program 46 | // using the transformation rules described in the Specifications. 47 | -------------------------------------------------------------------------------- /tck-dist/userguide/src/main/jbake/content/faq.adoc: -------------------------------------------------------------------------------- 1 | type=page 2 | status=published 3 | title=Appendix A: Frequently Asked Questions 4 | next=rebuild.html 5 | prev=debug.html 6 | ~~~~~~ 7 | include::attributes.conf[] 8 | Appendix A: Frequently Asked Questions 9 | ====================================== 10 | 11 | [[GBFYD]] 12 | 13 | 14 | [[a-frequently-asked-questions]] 15 | A Frequently Asked Questions 16 | ---------------------------- 17 | 18 | This appendix contains the following questions. 19 | 20 | * link:#GBFYQ[Where do I start to debug a test failure?] 21 | * link:#GBFYR[How do I restart a crashed test run?] 22 | * link:#GBFWU[What would cause tests be added to the exclude list?] 23 | 24 | [[GBFYQ]][[a.1-where-do-i-start-to-debug-a-test-failure]] 25 | 26 | A.1 Where do I start to debug a test failure? 27 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 28 | 29 | TBD 30 | 31 | [[GBFYR]][[a.2-how-do-i-restart-a-crashed-test-run]] 32 | 33 | A.2 How do I restart a crashed test run? 34 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 35 | 36 | TBD 37 | 38 | [[GBFWU]][[a.3-what-would-cause-tests-be-added-to-the-exclude-list]] 39 | 40 | A.3 What would cause tests be added to the exclude list? 41 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 42 | 43 | The exclude file (+{excludeListFileName}+) contains all tests that are not 44 | required to be run. The following is a list of reasons for a test to be 45 | included in the Exclude List: 46 | 47 | * An error in a Compatible Implementation that does not allow the test to 48 | execute properly has been discovered. 49 | * An error in the specification that was used as the basis of the test 50 | has been discovered. 51 | * An error in the test has been discovered. 52 | -------------------------------------------------------------------------------- /tck-dist/userguide/src/main/jbake/content/install-server-vi.inc: -------------------------------------------------------------------------------- 1 | . Install a Web server on which the {TechnologyShortName} TCK test 2 | applications can be published for testing the VI. 3 | -------------------------------------------------------------------------------- /tck-dist/userguide/src/main/jbake/content/install-server.inc: -------------------------------------------------------------------------------- 1 | . Install the Jakarta EE {JakartaEEVersion} CI software (the servlet Web container used 2 | for running the {TechnologyShortName} TCK with the 3 | {TechnologyShortName} {TechnologyVersion} CI), if it is not already 4 | installed. + 5 | Download and install the Servlet Web container with the 6 | {TechnologyShortName} {TechnologyVersion} CI used for running the 7 | {TechnologyShortName} TCK {TechnologyVersion}, represented by a Jakarta 8 | EE {JakartaEEVersion} CI. 9 | You are free to use any CI that is certified. The following are some examples you can choose from: 10 | * If you wish to use {TechnologyRI} you may obtain it from {TechnologyRIURL} 11 | * If you wish to use {GlassFishCI} you may obtain it from {GlassFishCIURL} -------------------------------------------------------------------------------- /tck-dist/userguide/src/main/jbake/content/install.adoc: -------------------------------------------------------------------------------- 1 | type=page 2 | status=published 3 | title=Installation 4 | next=config.html 5 | prev=rules.html 6 | ~~~~~~ 7 | include::attributes.conf[] 8 | Installation 9 | ============ 10 | 11 | [[GBFTP]] 12 | 13 | 14 | [[installation]] 15 | 3 Installation 16 | -------------- 17 | 18 | This chapter explains how to install the {TechnologyFullName} TCK software. 19 | 20 | After installing the software according to the instructions in this 21 | chapter, proceed to link:config.html#GBFVV[Chapter 4, "Setup and 22 | Configuration,"] for instructions on configuring your test environment. 23 | 24 | 25 | 26 | [[GBFUD]][[obtaining-the-reference-implementation]] 27 | 28 | 3.1 Obtaining a Compatible Implementation 29 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 30 | 31 | Each compatible implementation (CI) will provide instructions for obtaining 32 | their implementation. 33 | {TechnologyRI} is a compatible implementation which may be obtained 34 | from {TechnologyRIURL} 35 | 36 | [[GBFTS]][[installing-the-software]] 37 | 38 | 3.2 Installing the Software 39 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~ 40 | 41 | Before you can run the {TechnologyShortName} TCK tests, you must 42 | install and set up the following software components: 43 | 44 | include::req-software.inc[] 45 | . Java SE {SEversion} 46 | . Apache Maven {MavenVersion} 47 | . A CI for {TechnologyShortName} {TechnologyVersion}, one example is {TechnologyRI} 48 | . {TechnologyShortName} TCK version {TechnologyVersion} 49 | . The {TechnologyShortName} {TechnologyVersion} Vendor Implementation (VI) 50 | 51 | 52 | Follow these steps: 53 | 54 | . Install the Java SE {SEversion} software, if it is not already installed. + 55 | Download and install the Java SE {SEversion} software from 56 | http://www.oracle.com/technetwork/java/javase/downloads/index.html. 57 | Refer to the installation instructions that accompany the software for 58 | additional information. 59 | 60 | . Install the build tool Apache Maven {MavenVersion} that will be used to run the TCK, 61 | if it is not already installed, for running the tests. 62 | 63 | . Install the {TechnologyShortName} TCK {TechnologyVersion} software. 64 | a. Copy or download the {TechnologyShortName} TCK software to your 65 | local system. + 66 | You can obtain the {TechnologyShortName} TCK software from the 67 | Jakarta EE web site {SpecificationURL}. 68 | b. Use the `unzip` command to extract the bundle in the directory of 69 | your choice: + 70 | +unzip {TCKPackageName}+ + 71 | 72 | include::install-server.inc[] 73 | . Install a {TechnologyShortName} {TechnologyVersion} Compatible 74 | Implementation. + 75 | A Compatible Implementation is used to validate your initial 76 | configuration and setup of the {TechnologyShortName} TCK 77 | {TechnologyVersion} tests, which are explained further in 78 | link:config.html#GBFVV[Chapter 4, "Setup and Configuration."] + 79 | The Compatible Implementations for {TechnologyShortName} are listed on 80 | the Jakarta EE Specifications web site: {SpecificationURL}. 81 | include::install-server-vi.inc[] 82 | . Install the {TechnologyShortName} VI to be tested. + 83 | Follow the installation instructions for the particular VI under test. 84 | -------------------------------------------------------------------------------- /tck-dist/userguide/src/main/jbake/content/intro.inc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jakartaee/authorization/2cb22aed30a9fce0885fb9b2aac91780540802f1/tck-dist/userguide/src/main/jbake/content/intro.inc -------------------------------------------------------------------------------- /tck-dist/userguide/src/main/jbake/content/packages.inc: -------------------------------------------------------------------------------- 1 | ** `jakarta.security.jacc` 2 | -------------------------------------------------------------------------------- /tck-dist/userguide/src/main/jbake/content/platforms.inc: -------------------------------------------------------------------------------- 1 | * CentOS Linux 7 -------------------------------------------------------------------------------- /tck-dist/userguide/src/main/jbake/content/rebuild.adoc: -------------------------------------------------------------------------------- 1 | type=page 2 | status=published 3 | title=Appendix B: Rebuild Rules 4 | prev=faq.html 5 | ~~~~~~ 6 | include::attributes.conf[] 7 | 8 | Appendix B: Rebuild Rules 9 | ========================= 10 | 11 | 12 | ifdef::rebuild[] 13 | include::rebuild.inc[] 14 | endif::rebuild[] 15 | ifndef::rebuild[] 16 | 17 | <<< 18 | Appendix B is not used for the {TechnologyShortName} TCK. 19 | 20 | endif::rebuild[] 21 | -------------------------------------------------------------------------------- /tck-dist/userguide/src/main/jbake/content/rebuild.inc: -------------------------------------------------------------------------------- 1 | /////////////////////////////////////////////////////////////////////////////// 2 | 3 | Copyright (c) 2020, 2021 Oracle and/or its affiliates. All rights reserved. 4 | 5 | This program and the accompanying materials are made available under the 6 | terms of the Eclipse Public License v. 2.0, which is available at 7 | http://www.eclipse.org/legal/epl-2.0. 8 | 9 | This Source Code may also be made available under the following Secondary 10 | Licenses when the conditions for such availability set forth in the 11 | Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 12 | version 2 with the GNU Classpath Exception, which is available at 13 | https://www.gnu.org/software/classpath/license.html. 14 | 15 | SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 16 | 17 | /////////////////////////////////////////////////////////////////////////////// 18 | 19 | /////////////////////////////////////////////////////////////////////// 20 | NOTE TO WRITERS: 21 | The following sections should be customized for the technology. 22 | This text was originally from the {TechnologyShortName} TCK. Most references 23 | to {TechnologyShortName} have been parameterized to serve as a simple starting 24 | point for customization. There are still many details that will 25 | need to be changed or removed. 26 | /////////////////////////////////////////////////////////////////////// 27 | 28 | 29 | 30 | -------------------------------------------------------------------------------- /tck-dist/userguide/src/main/jbake/content/req-software.inc: -------------------------------------------------------------------------------- 1 | /////////////////////////////////////////////////////////////////////// 2 | NOTE TO WRITERS: 3 | This is a list of software required in addition to the TCK and the CI. 4 | For many Jakart EE APIs, the Jakarta EE CI will be required, as described below. 5 | For standalone technologies, no other software may be required, and the 6 | below line can be removed. 7 | 8 | This is used in intro.adoc in section 1.3 and install.adoc in section 3.2. 9 | /////////////////////////////////////////////////////////////////////// 10 | 11 | . Jakarta EE {JakartaEEVersion} CI such as {TechnologyRI}, or {GlassFishCI}, or, at a minimum, a Web server 12 | with a Servlet container 13 | -------------------------------------------------------------------------------- /tck-dist/userguide/src/main/jbake/content/rules.inc: -------------------------------------------------------------------------------- 1 | /////////////////////////////////////////////////////////////////////// 2 | NOTE TO WRITERS: 3 | Most technologies will only need the compatibility rules in rules.adoc. 4 | Some technologies will need additional rules. If they're needed, 5 | remove the comment block delimiters below and update the rules as 6 | appropriate. You may need to adjust the rule numbers to avoid gaps. 7 | 8 | The first comment block below is additional rules needed by JPA. 9 | 10 | The second comment block below is additional rules needed by 11 | JSP and Servlet. (And EJB, if it had a standalone TCK.) 12 | 13 | The third comment block below is additional rules that apply 14 | to any technology that defines deployment descriptors. 15 | 16 | The fourth comment block is special rules that apply only to JSP. 17 | 18 | NOTE: This set of examples is NOT complete, but should be. 19 | /////////////////////////////////////////////////////////////////////// 20 | 21 | /////////////////////////////////////////////////////////////////////// 22 | *{techID}10* The Runtime must report an error when processing a 23 | Configuration Descriptor that does not conform to the Specifications. 24 | 25 | *{techID}11* An error must be reported when processing a configuration 26 | descriptor that includes a Java Persistence QL expression that does not 27 | conform to the Specifications. 28 | 29 | *{techID}12* The presence of an XML comment in a Configuration 30 | Descriptor, when processed by the Runtime, must not cause the 31 | functional programmatic behavior of the Runtime to vary from the 32 | functional programmatic behavior of the Runtime in the absence of that 33 | comment. 34 | /////////////////////////////////////////////////////////////////////// 35 | 36 | /////////////////////////////////////////////////////////////////////// 37 | *{techID}10* Each Container must make technically accessible all Java SE 38 | Runtime interfaces and functionality, as defined by the Specifications, 39 | to programs running in the Container, except only as specifically 40 | exempted by these Rules. 41 | 42 | *{techID}10.1* Containers may impose security constraints, as defined by 43 | the Specifications. 44 | /////////////////////////////////////////////////////////////////////// 45 | 46 | /////////////////////////////////////////////////////////////////////// 47 | *{techID}11* A Deployment Tool must report an error when processing a 48 | Configuration Descriptor that does not conform to the Specifications. 49 | 50 | *{techID}12* The presence of an XML comment in a Configuration 51 | Descriptor, when processed by a Deployment Tool, must not cause the 52 | functional programmatic behavior of the Deployment Tool to vary from 53 | the functional programmatic behavior of the Deployment Tool in the 54 | absence of that comment. 55 | /////////////////////////////////////////////////////////////////////// 56 | 57 | /////////////////////////////////////////////////////////////////////// 58 | *{techID}11* A web Container must report an error, as defined by the 59 | Specifications, when processing a JSP Page that does not conform to the 60 | Specifications. 61 | 62 | *{techID}12* The presence of a Java language comment or Java language 63 | directive in a JSP Page that specifies ”java” as the scripting 64 | language, when processed by a web Container, must not cause the 65 | functional programmatic behavior of that JSP Page to vary from the 66 | functional programmatic behavior of that JSP Page in the absence of 67 | that Java language comment or Java language directive. 68 | 69 | *{techID}13* The contents of any fixed template data (defined by the 70 | Specifications) in a JSP Page, when processed by a web Container, must 71 | not affect the functional programmatic behavior of that JSP Page, 72 | except as defined by the Specifications. 73 | 74 | *{techID}14* The functional programmatic behavior of a JSP Page that 75 | specifies ”java” as the scripting language must be equivalent to the 76 | functional programmatic behavior of the JSP Page Implementation Class 77 | constructed from that JSP Page. 78 | /////////////////////////////////////////////////////////////////////// 79 | -------------------------------------------------------------------------------- /tck-dist/userguide/src/main/jbake/content/tck-packages.inc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jakartaee/authorization/2cb22aed30a9fce0885fb9b2aac91780540802f1/tck-dist/userguide/src/main/jbake/content/tck-packages.inc -------------------------------------------------------------------------------- /tck-dist/userguide/src/main/jbake/content/title.adoc: -------------------------------------------------------------------------------- 1 | type=page 2 | status=published 3 | title=TCK User's Guide for Technology Implementors 4 | next=preface.html 5 | prev=toc.html 6 | ~~~~~~ 7 | include::attributes.conf[] 8 | 9 | TCK User's Guide for {TechnologyFullName}, Release {TechnologyVersion} for Jakarta EE 10 | ===================================================================================== 11 | 12 | [[eclipse-foundation]] 13 | Eclipse Foundation 14 | ------------------ 15 | 16 | Technology Compatibility Kit User's Guide for {TechnologyFullName} 17 | 18 | Release {TechnologyVersion} for Jakarta EE 19 | 20 | {ReleaseDate} 21 | 22 | [[sthref1]] 23 | 24 | ''''' 25 | 26 | Technology Compatibility Kit User's Guide for {TechnologyFullName}, 27 | Release {TechnologyVersion} for Jakarta EE 28 | 29 | Copyright © {CopyrightDates} Oracle and/or its affiliates. All rights reserved. 30 | 31 | This program and the accompanying materials are made available under 32 | the terms of the Eclipse Public License v. 2.0, which is available at 33 | http://www.eclipse.org/legal/epl-2.0. 34 | 35 | SPDX-License-Identifier: EPL-2.0 36 | 37 | Oracle and Java are registered trademarks of Oracle and/or its 38 | affiliates. Other names may be trademarks of their respective owners. 39 | 40 | include::title.inc[] 41 | 42 | 43 | -------------------------------------------------------------------------------- /tck-dist/userguide/src/main/jbake/content/title.inc: -------------------------------------------------------------------------------- 1 | /////////////////////////////////////////////////////////////////////// 2 | NOTE TO WRITERS: 3 | This is included at the tail end of the Title page. 4 | The following section should be customized for the technology. 5 | This is provided to allow each technology to customize legacy acronym names 6 | that are used in this TCK. 7 | Be sure to customize LegacyAcronym in attributes.conf 8 | Add additional lines as needed for acronyms found in your TCK user guide. 9 | /////////////////////////////////////////////////////////////////////// 10 | 11 | References in this document to {LegacyAcronym} refer to the {TechnologyFullName} unless otherwise noted. 12 | -------------------------------------------------------------------------------- /tck-dist/userguide/src/main/jbake/content/toc.adoc: -------------------------------------------------------------------------------- 1 | type=page 2 | status=published 3 | title=TCK User's Guide for Technology Implementors 4 | next=title.html 5 | ~~~~~~ 6 | include::attributes.conf[] 7 | TCK User's Guide for Technology Implementors 8 | ============================================ 9 | 10 | [[contents]] 11 | Contents 12 | -------- 13 | 14 | * link:title.html#eclipse-foundation[Eclipse Foundation] 15 | 16 | link:preface.html#GBFTI[Preface] 17 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 18 | 19 | ** link:preface.html#GBFUS[Who Should Use This Book] 20 | ** link:preface.html#GBFPO[Before You Read This Book] 21 | ** link:preface.html#GBFWF[Typographic Conventions] 22 | ** link:preface.html#FWBSD[Shell Prompts in Command Examples] 23 | 24 | link:intro.html#GBFOW[1 Introduction] 25 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 26 | 27 | ** link:intro.html#GBFTK[1.1 Compatibility Testing] 28 | *** link:intro.html#GBFQN[1.1.1 Why Compatibility Testing is Important] 29 | *** link:intro.html#GBFPR[1.1.2 TCK Compatibility Rules] 30 | *** link:intro.html#GBFPW[1.1.3 TCK Overview] 31 | *** link:intro.html#GBFPB[1.1.4 Jakarta EE Specification Process (JESP) Program and Compatibility Testing] 32 | ** link:intro.html#GBFQR[1.2 About the TCK] 33 | *** link:intro.html#GBFQV[1.2.1 TCK Specifications and Requirements] 34 | *** link:intro.html#GBFSQ[1.2.2 TCK Components] 35 | *** link:intro.html#GBFRA[1.2.3 TCK Compatibility Test Suite] 36 | *** link:intro.html#GBFSH[1.2.4 Exclude Lists] 37 | *** link:intro.html#GBFRR[1.2.5 TCK Configuration] 38 | ** link:intro.html#GBFQW[1.3 Getting Started With the TCK] 39 | 40 | [[procedure-for-certification]] 41 | link:rules.html#GBFSN[2 Procedure for Certification] 42 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 43 | 44 | ** link:rules.html#CJAFFDGI[2.1 Certification Overview] 45 | ** link:rules.html#CJAFGIGG[2.2 Compatibility Requirements] 46 | *** link:rules.html#definitions[2.2.1 Definitions] 47 | *** link:rules.html#sthref7[2.2.2 Rules for {TechnologyFullName} Products] 48 | ** link:rules.html#CJAIIBDJ[2.3 Test Appeals Process] 49 | *** link:rules.html#[2.3.1 Valid Challenges] 50 | *** link:rules.html#[2.3.2 Invalid Challenges] 51 | *** link:rules.html#CJAJEAEI[2.3.3 TCK Test Appeals Steps] 52 | ** link:rules.html#CJAJECIE[2.4 Specifications for {TechnologyFullName}] 53 | ** link:rules.html#CJABAHGI[2.5 Libraries for {TechnologyFullName}] 54 | 55 | link:install.html#GBFTP[3 Installation] 56 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 57 | 58 | ** link:install.html#GBFUD[3.1 Obtaining a Compatible Implementation] 59 | ** link:install.html#GBFTS[3.2 Installing the Software] 60 | 61 | [[setup-and-configuration]] 62 | link:config.html#GBFVV[4 Setup and Configuration] 63 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 64 | 65 | 66 | [[executing-tests]] 67 | link:using.html#GBFWO[5 Executing Tests] 68 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 69 | 70 | ** link:using.html#GBFUZ[5.1 Starting the tests] 71 | *** link:using.html#GBFVW[5.1.1 To Start Tests in Command-Line Mode] 72 | ** link:using.html#GBFWM[5.2 Running a Subset of the Tests] 73 | ** link:using.html#GCLRR[5.3 Running the TCK Against another CI] 74 | ** link:using.html#GCLRZ[5.4 Running the TCK Against a Vendor's Implementation] 75 | ** link:using.html#GBFVK[5.5 Test Reports] 76 | 77 | [[debugging-test-problems]] 78 | link:debug.html#GBFUV[6 Debugging Test Problems] 79 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 80 | 81 | ** link:debug.html#GBFYP[6.1 Overview] 82 | ** link:debug.html#GBFVP[6.2 Test Information] 83 | ** link:debug.html#GBFYF[6.3 Configuration Failures] 84 | * link:faq.html#GBFYD[A Frequently Asked Questions] 85 | ** link:faq.html#GBFYQ[A.1 Where do I start to debug a test failure?] 86 | ** link:faq.html#GBFYR[A.2 How do I restart a crashed test run?] 87 | ** link:faq.html#GBFWU[A.3 What would cause tests be added to the exclude list?] 88 | -------------------------------------------------------------------------------- /tck-dist/userguide/src/main/jbake/content/using-examples.inc: -------------------------------------------------------------------------------- 1 | /////////////////////////////////////////////////////////////////////// 2 | NOTE TO WRITERS: 3 | These CLI examples can be customized as necessary. 4 | /////////////////////////////////////////////////////////////////////// 5 | 6 | Start the Junit tests using the following command: 7 | 8 | [source,oac_no_warn] 9 | ---- 10 | mvn verify 11 | ---- 12 | 13 | [[GCMCU]] 14 | 15 | Example 5-1 {TechnologyShortName} TCK Signature Tests 16 | 17 | To run the {TechnologyShortName} TCK signature tests, enter the 18 | following commands: 19 | 20 | [source,subs="attributes"] 21 | ---- 22 | mvn -f authorization-signaturetest/pom.xml verify 23 | ---- 24 | 25 | [[GCMBV]] 26 | 27 | 28 | Example 5-2 Single Test Directory 29 | 30 | To run a single test directory, enter the following commands: 31 | 32 | [source,subs="attributes"] 33 | ---- 34 | mvn -f {singleTestDirectoryExample}/pom.xml verify 35 | 36 | or alternatively 37 | 38 | mvn clean && mvn clean -pl :{singleTestDirectoryExample} 39 | 40 | ---- 41 | 42 | [[GCMCA]] 43 | 44 | 45 | Example 5-3 Single test 46 | 47 | To run a single test with a single test directory, enter the following commands: 48 | 49 | [source,subs="attributes"] 50 | ---- 51 | mvn clean && mvn clean install -pl :app-custom-policy -Dit.test=AppCustomPolicyIT#testAuthenticated 52 | 53 | ---- 54 | 55 | Example 5-4 Single test with debugging (GlassFish) 56 | 57 | To run a single test with a single test directory with the JVM running GlassFish suspending on port 9009, enter the following commands: 58 | 59 | [source,subs="attributes"] 60 | ---- 61 | mvn clean && mvn clean install -pl :app-custom-policy -Dit.test=AppCustomPolicyIT#testAuthenticated -Dglassfish.suspend 62 | 63 | ---- 64 | 65 | Example 5-5 Running a technology preview version of this TCK 66 | 67 | A technology preview version may include dependencies that are in staging. If that is the case, start 68 | the Junit tests using the following command: 69 | 70 | [source,subs="attributes"] 71 | ---- 72 | mvn verify -Pstaging 73 | 74 | ---- 75 | 76 | 77 | 78 | -------------------------------------------------------------------------------- /tck-dist/userguide/src/main/jbake/content/using.inc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jakartaee/authorization/2cb22aed30a9fce0885fb9b2aac91780540802f1/tck-dist/userguide/src/main/jbake/content/using.inc -------------------------------------------------------------------------------- /tck-dist/userguide/src/main/jbake/jbake.properties: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2021 Oracle and/or its affiliates. All rights reserved. 3 | # 4 | # This program and the accompanying materials are made available under the 5 | # terms of the Eclipse Public License v. 2.0, which is available at 6 | # http://www.eclipse.org/legal/epl-2.0. 7 | # 8 | # This Source Code may also be made available under the following Secondary 9 | # Licenses when the conditions for such availability set forth in the 10 | # Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 11 | # version 2 with the GNU Classpath Exception, which is available at 12 | # https://www.gnu.org/software/classpath/license.html. 13 | # 14 | # SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 15 | # 16 | 17 | site.host=http://jbake.org 18 | render.tags=false 19 | render.sitemap=false 20 | render.archive=false 21 | render.feed=false 22 | render.index=false 23 | asciidoctor.option.safe=0 24 | asciidoctor.attributes.export=true -------------------------------------------------------------------------------- /tck-dist/userguide/src/main/jbake/templates/footer.ftl: -------------------------------------------------------------------------------- 1 | <#-- a footer template fragment included in the page template --> 2 |
3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | <#if content.prev??> 12 | 18 | 19 | 20 | <#if content.next??> 21 | 27 | 28 | 29 | 35 | 36 |
13 | 14 | 15 | Previous 16 | 17 | 22 | 23 | 24 | Next 25 | 26 | 30 | 31 | 32 | Contents 33 | 34 |
37 | 38 | 39 | Eclipse Foundation Logo  40 | Copyright © 2017, 2022 Oracle and/or its affiliates. All rights reserved. 41 | 42 | 43 | 44 | 45 | -------------------------------------------------------------------------------- /tck-dist/userguide/src/main/jbake/templates/header.ftl: -------------------------------------------------------------------------------- 1 | 2 | <#-- a header template fragment included in the page template --> 3 | 4 | 5 | 6 | <#if (content.title)??><#escape x as x?xml>${content.title}</#escape></#if> 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 17 | 18 |
15 | ${content.title}
16 |
19 |
20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | <#if content.prev??> 29 | 35 | 36 | 37 | <#if content.next??> 38 | 44 | 45 | 46 | 52 | 53 |
30 | 31 | 32 | Previous 33 | 34 | 39 | 40 | 41 | Next 42 | 43 | 47 | 48 | 49 | Contents 50 | 51 |
54 | 55 | -------------------------------------------------------------------------------- /tck-dist/userguide/src/main/jbake/templates/menu.ftl: -------------------------------------------------------------------------------- 1 | <#-- a menu bar template fragment included in the page template --> -------------------------------------------------------------------------------- /tck-dist/userguide/src/main/jbake/templates/page.ftl: -------------------------------------------------------------------------------- 1 | <#-- a top level page layout template --> 2 | 3 | <#include "header.ftl"> 4 | <#include "menu.ftl"> 5 | 6 | ${content.body} 7 | 8 | <#include "footer.ftl"> -------------------------------------------------------------------------------- /tck/.mvn/keepme: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jakartaee/authorization/2cb22aed30a9fce0885fb9b2aac91780540802f1/tck/.mvn/keepme -------------------------------------------------------------------------------- /tck/app-custom-policy/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 20 | 21 | 22 | 4.0.0 23 | 24 | 25 | org.eclipse.ee4j.authorization.tck 26 | jakarta-authorization-tck 27 | 3.0.0-SNAPSHOT 28 | 29 | 30 | app-custom-policy 31 | war 32 | 33 | 34 | This tests executing a custom permission check before authentication takes place. 35 | 36 | 37 | 38 | false 39 | 40 | 41 | 42 | 43 | org.eclipse.ee4j.authorization.tck 44 | common 45 | ${project.version} 46 | 47 | 48 | 49 | 50 | app-custom-policy 51 | 52 | 53 | -------------------------------------------------------------------------------- /tck/app-custom-policy/src/main/java/ee/jakarta/tck/authorization/test/PolicyRegistrationListener.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2024 Contributors to the Eclipse Foundation 3 | * 4 | * This program and the accompanying materials are made available under the 5 | * terms of the Eclipse Public License v. 2.0, which is available at 6 | * http://www.eclipse.org/legal/epl-2.0. 7 | * 8 | * This Source Code may also be made available under the following Secondary 9 | * Licenses when the conditions for such availability set forth in the 10 | * Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 11 | * version 2 with the GNU Classpath Exception, which is available at 12 | * https://www.gnu.org/software/classpath/license.html. 13 | * 14 | * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 15 | */ 16 | package ee.jakarta.tck.authorization.test; 17 | 18 | import jakarta.security.jacc.PolicyFactory; 19 | import jakarta.servlet.ServletContextEvent; 20 | import jakarta.servlet.ServletContextListener; 21 | import jakarta.servlet.annotation.WebListener; 22 | 23 | /** 24 | * ServletContextListener that is used to install a custom authorization policy. 25 | * 26 | * @author Arjan Tijms 27 | * 28 | */ 29 | @WebListener 30 | public class PolicyRegistrationListener implements ServletContextListener { 31 | 32 | @Override 33 | public void contextInitialized(ServletContextEvent sce) { 34 | PolicyFactory policyFactory = PolicyFactory.getPolicyFactory(); 35 | policyFactory.setPolicy(new TestPolicy(policyFactory.getPolicy())); 36 | } 37 | 38 | } -------------------------------------------------------------------------------- /tck/app-custom-policy/src/main/java/ee/jakarta/tck/authorization/test/ProtectedServlet.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2024 Contributors to Eclipse Foundation. 3 | * Copyright (c) 2015, 2020 Oracle and/or its affiliates. All rights reserved. 4 | * 5 | * This program and the accompanying materials are made available under the 6 | * terms of the Eclipse Public License v. 2.0, which is available at 7 | * http://www.eclipse.org/legal/epl-2.0. 8 | * 9 | * This Source Code may also be made available under the following Secondary 10 | * Licenses when the conditions for such availability set forth in the 11 | * Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 12 | * version 2 with the GNU Classpath Exception, which is available at 13 | * https://www.gnu.org/software/classpath/license.html. 14 | * 15 | * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 16 | */ 17 | 18 | package ee.jakarta.tck.authorization.test; 19 | 20 | import jakarta.annotation.security.DeclareRoles; 21 | import jakarta.servlet.ServletException; 22 | import jakarta.servlet.annotation.HttpConstraint; 23 | import jakarta.servlet.annotation.ServletSecurity; 24 | import jakarta.servlet.annotation.WebServlet; 25 | import jakarta.servlet.http.HttpServlet; 26 | import jakarta.servlet.http.HttpServletRequest; 27 | import jakarta.servlet.http.HttpServletResponse; 28 | import java.io.IOException; 29 | 30 | /** 31 | * Protected Servlet that prints out the name of the authenticated caller and whether 32 | * this caller is in any of the roles {foo, bar, kaz} 33 | * 34 | *

35 | * The role "foo" is required to access this Servlet. "bar" is a role assigned by the 36 | * native identity store, "kaz" doesn't exist (but we should still be able to test for it). 37 | * 38 | */ 39 | @WebServlet("/protectedServlet/*") 40 | @DeclareRoles("bar") 41 | @ServletSecurity(@HttpConstraint(rolesAllowed = "foo")) 42 | public class ProtectedServlet extends HttpServlet { 43 | 44 | private static final long serialVersionUID = 1L; 45 | 46 | @Override 47 | public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { 48 | 49 | response.getWriter().write("This is a servlet \n"); 50 | 51 | String webName = null; 52 | if (request.getUserPrincipal() != null) { 53 | webName = request.getUserPrincipal().getName(); 54 | } 55 | 56 | response.getWriter().write("web username: " + webName + "\n"); 57 | 58 | response.getWriter().write("web user has role \"foo\": " + request.isUserInRole("foo") + "\n"); 59 | response.getWriter().write("web user has role \"bar\": " + request.isUserInRole("bar") + "\n"); 60 | response.getWriter().write("web user has role \"kaz\": " + request.isUserInRole("kaz") + "\n"); 61 | } 62 | 63 | } 64 | -------------------------------------------------------------------------------- /tck/app-custom-policy/src/main/java/ee/jakarta/tck/authorization/test/TestPolicy.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2024 Contributors to the Eclipse Foundation 3 | * 4 | * This program and the accompanying materials are made available under the 5 | * terms of the Eclipse Public License v. 2.0, which is available at 6 | * http://www.eclipse.org/legal/epl-2.0. 7 | * 8 | * This Source Code may also be made available under the following Secondary 9 | * Licenses when the conditions for such availability set forth in the 10 | * Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 11 | * version 2 with the GNU Classpath Exception, which is available at 12 | * https://www.gnu.org/software/classpath/license.html. 13 | * 14 | * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 15 | */ 16 | package ee.jakarta.tck.authorization.test; 17 | 18 | import jakarta.security.jacc.Policy; 19 | import jakarta.security.jacc.WebResourcePermission; 20 | import java.security.Permission; 21 | import java.security.PermissionCollection; 22 | import java.util.logging.Logger; 23 | import javax.security.auth.Subject; 24 | 25 | /** 26 | * Policy implementation that uses a custom permission check 27 | * to grant access to {@code /protectedServlet/[*]/test} to 28 | * the unauthenticated caller. 29 | */ 30 | public class TestPolicy implements Policy { 31 | 32 | private static final Logger LOGGER = Logger.getLogger(TestPolicy.class.getName()); 33 | 34 | private final Policy originalPolicy; 35 | 36 | public TestPolicy(Policy policy) { 37 | this.originalPolicy = policy; 38 | } 39 | 40 | public boolean implies(Permission permissionToBeChecked, Subject subject) { 41 | LOGGER.info(permissionToBeChecked.toString()); 42 | LOGGER.info(subject.toString()); 43 | 44 | // First try our custom permission checking 45 | if (impliesCustom(permissionToBeChecked)) { 46 | return true; 47 | } 48 | 49 | // If custom doesn't grant access, try the original policy so we 50 | // keep all normal checks in place. 51 | return originalPolicy.implies(permissionToBeChecked, subject); 52 | } 53 | 54 | public PermissionCollection getPermissionCollection(Subject subject) { 55 | return originalPolicy.getPermissionCollection(subject); 56 | } 57 | 58 | private boolean impliesCustom(Permission permissionToBeChecked) { 59 | return 60 | permissionToBeChecked instanceof WebResourcePermission && 61 | permissionToBeChecked.getName().startsWith("/protectedServlet/") && 62 | permissionToBeChecked.getName().endsWith("/test"); 63 | } 64 | 65 | } 66 | -------------------------------------------------------------------------------- /tck/app-custom-policy/src/main/webapp/WEB-INF/beans.xml: -------------------------------------------------------------------------------- 1 | 2 | 20 | 24 | -------------------------------------------------------------------------------- /tck/app-custom-policy/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- 1 | 2 | 19 | 23 | 24 | 25 | BASIC 26 | file 27 | 28 | 29 | -------------------------------------------------------------------------------- /tck/app-custom-policy/src/test/java/ee/jakarta/tck/authorization/test/AppCustomPolicyIT.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2024 Contributors to Eclipse Foundation. 3 | * Copyright (c) 2015, 2020 Oracle and/or its affiliates. All rights reserved. 4 | * 5 | * This program and the accompanying materials are made available under the 6 | * terms of the Eclipse Public License v. 2.0, which is available at 7 | * http://www.eclipse.org/legal/epl-2.0. 8 | * 9 | * This Source Code may also be made available under the following Secondary 10 | * Licenses when the conditions for such availability set forth in the 11 | * Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 12 | * version 2 with the GNU Classpath Exception, which is available at 13 | * https://www.gnu.org/software/classpath/license.html. 14 | * 15 | * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 16 | */ 17 | 18 | package ee.jakarta.tck.authorization.test; 19 | 20 | import static ee.jakarta.tck.authorization.util.Assert.assertDefaultAccess; 21 | import static ee.jakarta.tck.authorization.util.Assert.assertDefaultAuthenticated; 22 | import static ee.jakarta.tck.authorization.util.Assert.assertDefaultNoAccess; 23 | import static ee.jakarta.tck.authorization.util.Assert.assertDefaultNotAuthenticated; 24 | import static ee.jakarta.tck.authorization.util.ShrinkWrap.mavenWar; 25 | 26 | import org.htmlunit.DefaultCredentialsProvider; 27 | import ee.jakarta.tck.authorization.util.ArquillianBase; 28 | import org.jboss.arquillian.container.test.api.Deployment; 29 | import org.jboss.arquillian.junit.Arquillian; 30 | import org.jboss.shrinkwrap.api.Archive; 31 | import org.junit.Test; 32 | import org.junit.runner.RunWith; 33 | 34 | 35 | @RunWith(Arquillian.class) 36 | public class AppCustomPolicyIT extends ArquillianBase { 37 | 38 | @Deployment(testable = false) 39 | public static Archive createDeployment() { 40 | return mavenWar(); 41 | } 42 | 43 | // Test several general conditions to make sure security 44 | // works in the normal way 45 | 46 | /** 47 | * Normally authenticated for a request to the default path. 48 | * Should have access via the role foo 49 | */ 50 | @Test 51 | public void testAuthenticated() { 52 | DefaultCredentialsProvider credentialsProvider = new DefaultCredentialsProvider(); 53 | credentialsProvider.addCredentials("reza", "secret1"); 54 | 55 | getWebClient().setCredentialsProvider(credentialsProvider); 56 | 57 | assertDefaultAuthenticated( 58 | readFromServer("/protectedServlet")); 59 | } 60 | 61 | /** 62 | * Not authenticated on the default path. 63 | * Should not have access, since not in the required role foo 64 | */ 65 | @Test 66 | public void testNotAuthenticated() { 67 | assertDefaultNoAccess( 68 | readFromServer("/protectedServlet")); 69 | } 70 | 71 | /** 72 | * Wrongly authenticated on the default path. 73 | * Should not have access, since not in the required role foo 74 | */ 75 | @Test 76 | public void testNotAuthenticatedWrongName() { 77 | assertDefaultNoAccess( 78 | readFromServer("/protectedServlet?name=romo&password=secret1")); 79 | } 80 | 81 | // Test on the special test path which a custom policy is observing 82 | 83 | /** 84 | * Should have access, despite not being in the required role foo. 85 | * The custom policy made an exception here. 86 | * 87 | * But, the caller should not be in any roles (specially, should not be in role foo) 88 | */ 89 | @Test 90 | public void testNotAuthenticatedSpecial() { 91 | String response = readFromServer("/protectedServlet/foo/test"); 92 | 93 | assertDefaultAccess(response); 94 | assertDefaultNotAuthenticated(response); 95 | } 96 | 97 | } 98 | -------------------------------------------------------------------------------- /tck/app-custom-policy2/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 20 | 21 | 22 | 4.0.0 23 | 24 | 25 | org.eclipse.ee4j.authorization.tck 26 | jakarta-authorization-tck 27 | 3.0.0-SNAPSHOT 28 | 29 | 30 | app-custom-policy2 31 | war 32 | 33 | 34 | This tests executing a custom permission check afer authentication takes place. 35 | 36 | 37 | 38 | false 39 | 40 | 41 | 42 | 43 | org.eclipse.ee4j.authorization.tck 44 | common 45 | ${project.version} 46 | 47 | 48 | 49 | 50 | app-mem-policy2 51 | 52 | 53 | -------------------------------------------------------------------------------- /tck/app-custom-policy2/src/main/java/ee/jakarta/tck/authorization/test/PolicyRegistrationListener.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2024 Contributors to the Eclipse Foundation 3 | * 4 | * This program and the accompanying materials are made available under the 5 | * terms of the Eclipse Public License v. 2.0, which is available at 6 | * http://www.eclipse.org/legal/epl-2.0. 7 | * 8 | * This Source Code may also be made available under the following Secondary 9 | * Licenses when the conditions for such availability set forth in the 10 | * Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 11 | * version 2 with the GNU Classpath Exception, which is available at 12 | * https://www.gnu.org/software/classpath/license.html. 13 | * 14 | * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 15 | */ 16 | package ee.jakarta.tck.authorization.test; 17 | 18 | import jakarta.security.jacc.PolicyFactory; 19 | import jakarta.servlet.ServletContextEvent; 20 | import jakarta.servlet.ServletContextListener; 21 | import jakarta.servlet.annotation.WebListener; 22 | 23 | /** 24 | * ServletContextListener that is used to install a custom authorization policy. 25 | * 26 | * @author Arjan Tijms 27 | * 28 | */ 29 | @WebListener 30 | public class PolicyRegistrationListener implements ServletContextListener { 31 | 32 | @Override 33 | public void contextInitialized(ServletContextEvent sce) { 34 | PolicyFactory policyFactory = PolicyFactory.getPolicyFactory(); 35 | policyFactory.setPolicy(new TestPolicy(policyFactory.getPolicy())); 36 | } 37 | 38 | } -------------------------------------------------------------------------------- /tck/app-custom-policy2/src/main/java/ee/jakarta/tck/authorization/test/ProtectedServlet.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2024 Contributors to the Eclipse Foundation. 3 | * Copyright (c) 2015, 2020 Oracle and/or its affiliates. All rights reserved. 4 | * 5 | * This program and the accompanying materials are made available under the 6 | * terms of the Eclipse Public License v. 2.0, which is available at 7 | * http://www.eclipse.org/legal/epl-2.0. 8 | * 9 | * This Source Code may also be made available under the following Secondary 10 | * Licenses when the conditions for such availability set forth in the 11 | * Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 12 | * version 2 with the GNU Classpath Exception, which is available at 13 | * https://www.gnu.org/software/classpath/license.html. 14 | * 15 | * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 16 | */ 17 | 18 | package ee.jakarta.tck.authorization.test; 19 | 20 | import jakarta.annotation.security.DeclareRoles; 21 | import jakarta.servlet.ServletException; 22 | import jakarta.servlet.annotation.HttpConstraint; 23 | import jakarta.servlet.annotation.ServletSecurity; 24 | import jakarta.servlet.annotation.WebServlet; 25 | import jakarta.servlet.http.HttpServlet; 26 | import jakarta.servlet.http.HttpServletRequest; 27 | import jakarta.servlet.http.HttpServletResponse; 28 | import java.io.IOException; 29 | 30 | /** 31 | * Protected Servlet that prints out the name of the authenticated caller and whether 32 | * this caller is in any of the roles {foo, bar, kaz} 33 | * 34 | *

35 | * The role "kaz" is required to access this Servlet. "foo" and "bar" are roles assigned 36 | * by the native identity store. 37 | * 38 | */ 39 | @WebServlet("/protectedServlet/*") 40 | @DeclareRoles({"foo", "bar"}) 41 | @ServletSecurity(@HttpConstraint(rolesAllowed = "kaz")) 42 | public class ProtectedServlet extends HttpServlet { 43 | 44 | private static final long serialVersionUID = 1L; 45 | 46 | @Override 47 | public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { 48 | 49 | response.getWriter().write("This is a servlet \n"); 50 | 51 | String webName = null; 52 | if (request.getUserPrincipal() != null) { 53 | webName = request.getUserPrincipal().getName(); 54 | } 55 | 56 | response.getWriter().write("web username: " + webName + "\n"); 57 | 58 | response.getWriter().write("web user has role \"foo\": " + request.isUserInRole("foo") + "\n"); 59 | response.getWriter().write("web user has role \"bar\": " + request.isUserInRole("bar") + "\n"); 60 | response.getWriter().write("web user has role \"kaz\": " + request.isUserInRole("kaz") + "\n"); 61 | 62 | 63 | } 64 | 65 | } 66 | -------------------------------------------------------------------------------- /tck/app-custom-policy2/src/main/java/ee/jakarta/tck/authorization/test/TestPolicy.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2024 Contributors to the Eclipse Foundation. 3 | * 4 | * This program and the accompanying materials are made available under the 5 | * terms of the Eclipse Public License v. 2.0, which is available at 6 | * http://www.eclipse.org/legal/epl-2.0. 7 | * 8 | * This Source Code may also be made available under the following Secondary 9 | * Licenses when the conditions for such availability set forth in the 10 | * Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 11 | * version 2 with the GNU Classpath Exception, which is available at 12 | * https://www.gnu.org/software/classpath/license.html. 13 | * 14 | * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 15 | */ 16 | package ee.jakarta.tck.authorization.test; 17 | 18 | import static jakarta.security.jacc.PolicyContext.PRINCIPAL_MAPPER; 19 | 20 | import jakarta.security.jacc.Policy; 21 | import jakarta.security.jacc.PolicyContext; 22 | import jakarta.security.jacc.PolicyContextException; 23 | import jakarta.security.jacc.PrincipalMapper; 24 | import jakarta.security.jacc.WebResourcePermission; 25 | import java.security.Permission; 26 | import java.security.PermissionCollection; 27 | import java.security.Principal; 28 | import java.util.logging.Logger; 29 | import javax.security.auth.Subject; 30 | 31 | /** 32 | * Policy implementation that uses a custom permission check 33 | * to grant access to {@code /protectedServlet/[*]/test} to 34 | * the *authenticated* caller. 35 | */ 36 | public class TestPolicy implements Policy { 37 | 38 | private static final Logger LOGGER = Logger.getLogger(TestPolicy.class.getName()); 39 | 40 | private final Policy originalPolicy; 41 | 42 | public TestPolicy(Policy policy) { 43 | this.originalPolicy = policy; 44 | } 45 | 46 | @Override 47 | public boolean implies(Permission permissionToBeChecked, Subject subject) { 48 | LOGGER.info(permissionToBeChecked.toString()); 49 | LOGGER.info(subject.toString()); 50 | 51 | Principal callerPrincipal = getCallerPrincipal(subject); 52 | 53 | LOGGER.info(callerPrincipal == null? "null" : callerPrincipal.toString() + " " + callerPrincipal.getName()); 54 | 55 | // First try our custom permission checking, but only for authenticated callers 56 | if (isAuthenticated(callerPrincipal) && impliesCustom(permissionToBeChecked)) { 57 | return true; 58 | } 59 | 60 | // If custom doesn't grant access, try the original policy so we 61 | // keep all normal checks in place. 62 | return originalPolicy.implies(permissionToBeChecked, subject); 63 | } 64 | 65 | @Override 66 | public PermissionCollection getPermissionCollection(Subject subject) { 67 | return originalPolicy.getPermissionCollection(subject); 68 | } 69 | 70 | private Principal getCallerPrincipal(Subject subject) { 71 | try { 72 | // Use the PrincipalMapper to retrieve the caller principal 73 | // that should be somewhere in the Subject 74 | 75 | PrincipalMapper principalMapper = PolicyContext.getContext(PRINCIPAL_MAPPER); 76 | 77 | return principalMapper.getCallerPrincipal(subject); 78 | 79 | } catch (PolicyContextException e) { 80 | throw new IllegalStateException(e); 81 | } 82 | } 83 | 84 | private boolean isAuthenticated(Principal callerPrincipal) { 85 | return callerPrincipal != null && callerPrincipal.getName() != null; 86 | } 87 | 88 | private boolean impliesCustom(Permission permissionToBeChecked) { 89 | return 90 | permissionToBeChecked instanceof WebResourcePermission && 91 | permissionToBeChecked.getName().startsWith("/protectedServlet/") && 92 | permissionToBeChecked.getName().endsWith("/test"); 93 | } 94 | 95 | } 96 | -------------------------------------------------------------------------------- /tck/app-custom-policy2/src/main/webapp/WEB-INF/beans.xml: -------------------------------------------------------------------------------- 1 | 2 | 20 | 24 | -------------------------------------------------------------------------------- /tck/app-custom-policy2/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- 1 | 2 | 19 | 23 | 24 | 25 | BASIC 26 | file 27 | 28 | 29 | -------------------------------------------------------------------------------- /tck/app-custom-policyfactory/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 20 | 21 | 22 | 4.0.0 23 | 24 | 25 | org.eclipse.ee4j.authorization.tck 26 | jakarta-authorization-tck 27 | 3.0.0-SNAPSHOT 28 | 29 | 30 | app-custom-policyfactory 31 | war 32 | 33 | 34 | Like app-custom-policy, but uses a custom PolicyFactory defined in web.xml to supply a custom Policy. 35 | Note that this only tests for the PolicyFactory being replaceable and wrappable, and 36 | is not an example of how to easily supply a custom Policy or how to write a realistic 37 | PolicyFactory. 38 | 39 | 40 | 41 | false 42 | 43 | 44 | 45 | 46 | org.eclipse.ee4j.authorization.tck 47 | common 48 | ${project.version} 49 | 50 | 51 | 52 | 53 | app-custom-policyfactory 54 | 55 | 56 | -------------------------------------------------------------------------------- /tck/app-custom-policyfactory/src/main/java/ee/jakarta/tck/authorization/test/ProtectedServlet.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2024 Contributors to Eclipse Foundation. 3 | * Copyright (c) 2015, 2020 Oracle and/or its affiliates. All rights reserved. 4 | * 5 | * This program and the accompanying materials are made available under the 6 | * terms of the Eclipse Public License v. 2.0, which is available at 7 | * http://www.eclipse.org/legal/epl-2.0. 8 | * 9 | * This Source Code may also be made available under the following Secondary 10 | * Licenses when the conditions for such availability set forth in the 11 | * Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 12 | * version 2 with the GNU Classpath Exception, which is available at 13 | * https://www.gnu.org/software/classpath/license.html. 14 | * 15 | * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 16 | */ 17 | 18 | package ee.jakarta.tck.authorization.test; 19 | 20 | import jakarta.annotation.security.DeclareRoles; 21 | import jakarta.servlet.ServletException; 22 | import jakarta.servlet.annotation.HttpConstraint; 23 | import jakarta.servlet.annotation.ServletSecurity; 24 | import jakarta.servlet.annotation.WebServlet; 25 | import jakarta.servlet.http.HttpServlet; 26 | import jakarta.servlet.http.HttpServletRequest; 27 | import jakarta.servlet.http.HttpServletResponse; 28 | import java.io.IOException; 29 | 30 | /** 31 | * Protected Servlet that prints out the name of the authenticated caller and whether 32 | * this caller is in any of the roles {foo, bar, kaz} 33 | * 34 | *

35 | * The role "foo" is required to access this Servlet. "bar" is a role assigned by the 36 | * native identity store, "kaz" doesn't exist (but we should still be able to test for it). 37 | * 38 | */ 39 | @WebServlet("/protectedServlet/*") 40 | @DeclareRoles("bar") 41 | @ServletSecurity(@HttpConstraint(rolesAllowed = "foo")) 42 | public class ProtectedServlet extends HttpServlet { 43 | 44 | private static final long serialVersionUID = 1L; 45 | 46 | @Override 47 | public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { 48 | 49 | response.getWriter().write("This is a servlet \n"); 50 | 51 | String webName = null; 52 | if (request.getUserPrincipal() != null) { 53 | webName = request.getUserPrincipal().getName(); 54 | } 55 | 56 | response.getWriter().write("web username: " + webName + "\n"); 57 | 58 | response.getWriter().write("web user has role \"foo\": " + request.isUserInRole("foo") + "\n"); 59 | response.getWriter().write("web user has role \"bar\": " + request.isUserInRole("bar") + "\n"); 60 | response.getWriter().write("web user has role \"kaz\": " + request.isUserInRole("kaz") + "\n"); 61 | } 62 | 63 | } 64 | -------------------------------------------------------------------------------- /tck/app-custom-policyfactory/src/main/java/ee/jakarta/tck/authorization/test/TestPolicy.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2024 Contributors to the Eclipse Foundation 3 | * 4 | * This program and the accompanying materials are made available under the 5 | * terms of the Eclipse Public License v. 2.0, which is available at 6 | * http://www.eclipse.org/legal/epl-2.0. 7 | * 8 | * This Source Code may also be made available under the following Secondary 9 | * Licenses when the conditions for such availability set forth in the 10 | * Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 11 | * version 2 with the GNU Classpath Exception, which is available at 12 | * https://www.gnu.org/software/classpath/license.html. 13 | * 14 | * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 15 | */ 16 | package ee.jakarta.tck.authorization.test; 17 | 18 | import jakarta.security.jacc.Policy; 19 | import jakarta.security.jacc.WebResourcePermission; 20 | import java.security.Permission; 21 | import java.security.PermissionCollection; 22 | import java.util.logging.Logger; 23 | import javax.security.auth.Subject; 24 | 25 | /** 26 | * Policy implementation that uses a custom permission check 27 | * to grant access to {@code /protectedServlet/[*]/test} to 28 | * the unauthenticated caller. 29 | */ 30 | public class TestPolicy implements Policy { 31 | 32 | private static final Logger LOGGER = Logger.getLogger(TestPolicy.class.getName()); 33 | 34 | private final Policy originalPolicy; 35 | 36 | public TestPolicy(Policy policy) { 37 | this.originalPolicy = policy; 38 | } 39 | 40 | public boolean implies(Permission permissionToBeChecked, Subject subject) { 41 | LOGGER.info(permissionToBeChecked.toString()); 42 | LOGGER.info(subject.toString()); 43 | 44 | // First try our custom permission checking 45 | if (impliesCustom(permissionToBeChecked)) { 46 | return true; 47 | } 48 | 49 | // If custom doesn't grant access, try the original policy so we 50 | // keep all normal checks in place. 51 | return originalPolicy.implies(permissionToBeChecked, subject); 52 | } 53 | 54 | public PermissionCollection getPermissionCollection(Subject subject) { 55 | return originalPolicy.getPermissionCollection(subject); 56 | } 57 | 58 | private boolean impliesCustom(Permission permissionToBeChecked) { 59 | return 60 | permissionToBeChecked instanceof WebResourcePermission && 61 | permissionToBeChecked.getName().startsWith("/protectedServlet/") && 62 | permissionToBeChecked.getName().endsWith("/test"); 63 | } 64 | 65 | } 66 | -------------------------------------------------------------------------------- /tck/app-custom-policyfactory/src/main/java/ee/jakarta/tck/authorization/test/TestPolicyFactory.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2024 Contributors to Eclipse Foundation. 3 | * 4 | * This program and the accompanying materials are made available under the 5 | * terms of the Eclipse Public License v. 2.0, which is available at 6 | * http://www.eclipse.org/legal/epl-2.0. 7 | * 8 | * This Source Code may also be made available under the following Secondary 9 | * Licenses when the conditions for such availability set forth in the 10 | * Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 11 | * version 2 with the GNU Classpath Exception, which is available at 12 | * https://www.gnu.org/software/classpath/license.html. 13 | * 14 | * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 15 | */ 16 | package ee.jakarta.tck.authorization.test; 17 | 18 | import jakarta.security.jacc.Policy; 19 | import jakarta.security.jacc.PolicyFactory; 20 | 21 | /** 22 | * Test policy configuration factory. 23 | * 24 | *

25 | * This factort is solely used to test for replacement and wrapping of the PolicyFactory. 26 | * It ignores the contextId which is not something real factories should 27 | * do in most cases, and therefor should not be used as an example of how to create 28 | * a custom PolicyFactory. 29 | */ 30 | public class TestPolicyFactory extends PolicyFactory { 31 | 32 | private Policy policy; 33 | 34 | public TestPolicyFactory(PolicyFactory policyFactory) { 35 | super(policyFactory); 36 | policy = new TestPolicy(policyFactory.getPolicy()); 37 | } 38 | 39 | public Policy getPolicy(String contextId) { 40 | return policy; 41 | } 42 | 43 | @Override 44 | public void setPolicy(String contextId, Policy policy) { 45 | this.policy = new TestPolicy(policy); 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /tck/app-custom-policyfactory/src/main/webapp/WEB-INF/beans.xml: -------------------------------------------------------------------------------- 1 | 2 | 20 | 24 | -------------------------------------------------------------------------------- /tck/app-custom-policyfactory/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- 1 | 2 | 19 | 23 | 24 | 25 | jakarta.security.jacc.PolicyFactory.provider 26 | ee.jakarta.tck.authorization.test.TestPolicyFactory 27 | 28 | 29 | 30 | BASIC 31 | file 32 | 33 | 34 | -------------------------------------------------------------------------------- /tck/app-custom-policyfactory/src/test/java/ee/jakarta/tck/authorization/test/AppCustomPolicyFactoryIT.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2024 Contributors to Eclipse Foundation. 3 | * Copyright (c) 2015, 2020 Oracle and/or its affiliates. All rights reserved. 4 | * 5 | * This program and the accompanying materials are made available under the 6 | * terms of the Eclipse Public License v. 2.0, which is available at 7 | * http://www.eclipse.org/legal/epl-2.0. 8 | * 9 | * This Source Code may also be made available under the following Secondary 10 | * Licenses when the conditions for such availability set forth in the 11 | * Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 12 | * version 2 with the GNU Classpath Exception, which is available at 13 | * https://www.gnu.org/software/classpath/license.html. 14 | * 15 | * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 16 | */ 17 | 18 | package ee.jakarta.tck.authorization.test; 19 | 20 | import static ee.jakarta.tck.authorization.util.Assert.assertDefaultAccess; 21 | import static ee.jakarta.tck.authorization.util.Assert.assertDefaultAuthenticated; 22 | import static ee.jakarta.tck.authorization.util.Assert.assertDefaultNoAccess; 23 | import static ee.jakarta.tck.authorization.util.Assert.assertDefaultNotAuthenticated; 24 | import static ee.jakarta.tck.authorization.util.ShrinkWrap.mavenWar; 25 | 26 | import ee.jakarta.tck.authorization.util.ArquillianBase; 27 | import org.jboss.arquillian.container.test.api.Deployment; 28 | import org.jboss.arquillian.junit.Arquillian; 29 | import org.jboss.shrinkwrap.api.Archive; 30 | import org.junit.Test; 31 | import org.junit.runner.RunWith; 32 | 33 | 34 | @RunWith(Arquillian.class) 35 | public class AppCustomPolicyFactoryIT extends ArquillianBase { 36 | 37 | @Deployment(testable = false) 38 | public static Archive createDeployment() { 39 | return mavenWar(); 40 | } 41 | 42 | // Test several general conditions to make sure security 43 | // works in the normal way 44 | 45 | /** 46 | * Normally authenticated for a request to the default path. 47 | * Should have access via the role foo 48 | */ 49 | @Test 50 | public void testAuthenticated() { 51 | assertDefaultAuthenticated( 52 | readFromServerWithCredentials("/protectedServlet", "reza", "secret1")); 53 | } 54 | 55 | /** 56 | * Not authenticated on the default path. 57 | * Should not have access, since not in the required role foo 58 | */ 59 | @Test 60 | public void testNotAuthenticated() { 61 | assertDefaultNoAccess( 62 | readFromServer("/protectedServlet")); 63 | } 64 | 65 | /** 66 | * Wrongly authenticated on the default path. 67 | * Should not have access, since not in the required role foo 68 | */ 69 | @Test 70 | public void testNotAuthenticatedWrongName() { 71 | assertDefaultNoAccess( 72 | readFromServer("/protectedServlet?name=romo&password=secret1")); 73 | } 74 | 75 | // Test on the special test path which a custom policy is observing 76 | 77 | /** 78 | * Should have access, despite not being in the required role foo. 79 | * The custom policy made an exception here. 80 | * 81 | * But, the caller should not be in any roles (specially, should not be in role foo) 82 | */ 83 | @Test 84 | public void testNotAuthenticatedSpecial() { 85 | String response = readFromServer("/protectedServlet/foo/test"); 86 | 87 | assertDefaultAccess(response); 88 | assertDefaultNotAuthenticated(response); 89 | } 90 | 91 | } 92 | -------------------------------------------------------------------------------- /tck/app-custom-trace-policy/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 20 | 21 | 22 | 4.0.0 23 | 24 | 25 | org.eclipse.ee4j.authorization.tck 26 | jakarta-authorization-tck 27 | 3.0.0-SNAPSHOT 28 | 29 | 30 | app-custom-trace-policy 31 | war 32 | 33 | 34 | This module installs a policy that tests several aspects of the Policy; 35 | whether it's called at all, and if certain context objects are available to it. 36 | 37 | 38 | 39 | false 40 | 41 | 42 | 43 | 44 | org.eclipse.ee4j.authorization.tck 45 | common 46 | ${project.version} 47 | 48 | 49 | 50 | 51 | app-custom-trace-policy 52 | 53 | 54 | -------------------------------------------------------------------------------- /tck/app-custom-trace-policy/src/main/java/ee/jakarta/tck/authorization/test/PolicyRegistrationListener.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2024 Contributors to the Eclipse Foundation. 3 | * 4 | * This program and the accompanying materials are made available under the 5 | * terms of the Eclipse Public License v. 2.0, which is available at 6 | * http://www.eclipse.org/legal/epl-2.0. 7 | * 8 | * This Source Code may also be made available under the following Secondary 9 | * Licenses when the conditions for such availability set forth in the 10 | * Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 11 | * version 2 with the GNU Classpath Exception, which is available at 12 | * https://www.gnu.org/software/classpath/license.html. 13 | * 14 | * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 15 | */ 16 | package ee.jakarta.tck.authorization.test; 17 | 18 | import jakarta.security.jacc.PolicyFactory; 19 | import jakarta.servlet.ServletContextEvent; 20 | import jakarta.servlet.ServletContextListener; 21 | import jakarta.servlet.annotation.WebListener; 22 | 23 | /** 24 | * ServletContextListener that is used to install a custom authorization policy. 25 | * 26 | * @author Arjan Tijms 27 | * 28 | */ 29 | @WebListener 30 | public class PolicyRegistrationListener implements ServletContextListener { 31 | 32 | @Override 33 | public void contextInitialized(ServletContextEvent sce) { 34 | PolicyFactory policyFactory = PolicyFactory.getPolicyFactory(); 35 | policyFactory.setPolicy(new TSPolicy(policyFactory.getPolicy())); 36 | } 37 | 38 | } -------------------------------------------------------------------------------- /tck/app-custom-trace-policy/src/main/webapp/WEB-INF/beans.xml: -------------------------------------------------------------------------------- 1 | 2 | 20 | 24 | -------------------------------------------------------------------------------- /tck/app-custom-trace-policy/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- 1 | 2 | 20 | 21 | 25 | jacc_web_toolsContracts 26 | 27 | 28 | 29 | 30 | secured 31 | secured 32 | /secured.jsp 33 | 0 34 | 35 | ADM 36 | Administrator 37 | 38 | 39 | 40 | secured 41 | /secured.jsp 42 | 43 | 44 | 45 | MySecureBit3 46 | /secured.jsp 47 | POST 48 | GET 49 | 50 | 51 | Administrator 52 | 53 | 54 | NONE 55 | 56 | 57 | 58 | 59 | 60 | BASIC 61 | default 62 | 63 | 64 | 65 | Administrator 66 | 67 | 68 | Manager 69 | 70 | 71 | Employee 72 | 73 | 74 | -------------------------------------------------------------------------------- /tck/app-custom-trace-policy/src/main/webapp/secured.jsp: -------------------------------------------------------------------------------- 1 | <%-- 2 | 3 | Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved. 4 | 5 | This program and the accompanying materials are made available under the 6 | terms of the Eclipse Public License v. 2.0, which is available at 7 | http://www.eclipse.org/legal/epl-2.0. 8 | 9 | This Source Code may also be made available under the following Secondary 10 | Licenses when the conditions for such availability set forth in the 11 | Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 12 | version 2 with the GNU Classpath Exception, which is available at 13 | https://www.gnu.org/software/classpath/license.html. 14 | 15 | SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 16 | 17 | --%> 18 | 19 | 22 | 23 | <%@ page language="java" %> 24 | 25 | 26 | JSP with Security Constraint 27 | 28 |

JSP with Security Constraint

29 | 30 | <% 31 | 32 | out.println("The user principal is: " + request.getUserPrincipal().getName() + "
"); 33 | out.println("getRemoteUser(): " + request.getRemoteUser() + "
" ); 34 | 35 | // Surround these with !'s so they are easier to search for. 36 | // (i.e. we can search for !true! or !false!) 37 | out.println("isUserInRole(\"ADM\"): !" + request.isUserInRole("ADM") + "!
"); 38 | out.println("isUserInRole(\"MGR\"): !" + request.isUserInRole("MGR") + "!
"); 39 | out.println("isUserInRole(\"VP\"): !" + request.isUserInRole("VP") + "!
"); 40 | out.println("isUserInRole(\"EMP\"): !" + request.isUserInRole("EMP") + "!
"); 41 | out.println("isUserInRole(\"Administrator\"): !" + request.isUserInRole("Administrator") + "!
"); 42 | 43 | %> 44 | 45 | 46 | 47 | 48 | 49 | -------------------------------------------------------------------------------- /tck/app-custom-trace-policyconfiguration/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 20 | 21 | 22 | 4.0.0 23 | 24 | 25 | org.eclipse.ee4j.authorization.tck 26 | jakarta-authorization-tck 27 | 3.0.0-SNAPSHOT 28 | 29 | 30 | app-custom-trace-policyconfiguration 31 | war 32 | 33 | 34 | This module installs a tracing PolicyConfiguration that writes to a seperate log file 35 | called "authorization-trace-log.xml". The location where this file will be written can be 36 | set using the "log.file.location" system property for both the server and the client test. 37 | 38 | The test uses the log file to check for specific permissions having been added to the PolicyConfiguration. 39 | The log file is so detailed and eleborate, that it is essentially a serialized database of the permissions 40 | that have been created. 41 | 42 | This therefor tests the Jakarta Authorization implementation to create and send the right permission instances 43 | to the configured PolicyConfiguration. It does not test the behaviour of the default PolicyConfiguration so much, 44 | other than a simple test for the in service state. 45 | 46 | 47 | 48 | false 49 | 50 | 51 | 52 | 53 | org.eclipse.ee4j.authorization.tck 54 | common 55 | ${project.version} 56 | 57 | 58 | 59 | 60 | app-custom-trace-policyconfiguration 61 | 62 | 63 | -------------------------------------------------------------------------------- /tck/app-custom-trace-policyconfiguration/src/main/webapp/WEB-INF/beans.xml: -------------------------------------------------------------------------------- 1 | 2 | 20 | 24 | -------------------------------------------------------------------------------- /tck/app-custom-trace-policyconfiguration/src/main/webapp/accesstoall.jsp: -------------------------------------------------------------------------------- 1 | <%-- 2 | 3 | Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved. 4 | 5 | This program and the accompanying materials are made available under the 6 | terms of the Eclipse Public License v. 2.0, which is available at 7 | http://www.eclipse.org/legal/epl-2.0. 8 | 9 | This Source Code may also be made available under the following Secondary 10 | Licenses when the conditions for such availability set forth in the 11 | Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 12 | version 2 with the GNU Classpath Exception, which is available at 13 | https://www.gnu.org/software/classpath/license.html. 14 | 15 | SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 16 | 17 | --%> 18 | 19 | 22 | 23 | <%@ page language="java" %> 24 | 25 | 26 | JSP with WildCard Auth Constraint 27 | 28 |

JSP with WildCard Auth Constraint

29 | 30 | <% 31 | 32 | out.println("The user principal is: " + request.getUserPrincipal().getName() + "
"); 33 | out.println("getRemoteUser(): " + request.getRemoteUser() + "
" ); 34 | 35 | if (request.isUserInRole("ADM")){ 36 | out.println("USR_IN_ROLE_ADM"); 37 | }else 38 | out.println("USR_NOT_IN_ROLE_ADM"); 39 | 40 | if (request.isUserInRole("MGR")){ 41 | out.println("USR_IN_ROLE_MGR"); 42 | }else 43 | out.println("USR_NOT_IN_ROLE_MGR"); 44 | 45 | if (request.isUserInRole("EMP")){ 46 | out.println("USR_IN_ROLE_EMP"); 47 | }else 48 | out.println("USR_NOT_IN_ROLE_EMP"); 49 | 50 | if (request.isUserInRole("VP")){ 51 | out.println("USR_IN_ROLE_VP"); 52 | }else 53 | out.println("USR_NOT_IN_ROLE_VP"); 54 | 55 | %> 56 | 57 | 58 | 59 | -------------------------------------------------------------------------------- /tck/app-custom-trace-policyconfiguration/src/main/webapp/anyauthuser.jsp: -------------------------------------------------------------------------------- 1 | <%-- 2 | 3 | Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved. 4 | 5 | This program and the accompanying materials are made available under the 6 | terms of the Eclipse Public License v. 2.0, which is available at 7 | http://www.eclipse.org/legal/epl-2.0. 8 | 9 | This Source Code may also be made available under the following Secondary 10 | Licenses when the conditions for such availability set forth in the 11 | Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 12 | version 2 with the GNU Classpath Exception, which is available at 13 | https://www.gnu.org/software/classpath/license.html. 14 | 15 | SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 16 | 17 | --%> 18 | 19 | 20 | <%@ page language="java" %> 21 | 22 | 23 | JSP with Any Authenticated User Auth Constraint 24 | 25 |

JSP with Double-WildCard Auth Constraint

26 | 27 | <% 28 | 29 | out.println("The user principal is: " + request.getUserPrincipal().getName() + "
"); 30 | out.println("getRemoteUser(): " + request.getRemoteUser() + "
" ); 31 | 32 | if (request.isUserInRole("**")){ 33 | out.println("USR_IN_ROLE_STARSTAR"); 34 | } else { 35 | out.println("USR_NOT_IN_ROLE_STARSTAR"); 36 | } 37 | 38 | %> 39 | 40 | 41 | 42 | -------------------------------------------------------------------------------- /tck/app-custom-trace-policyconfiguration/src/main/webapp/excluded.jsp: -------------------------------------------------------------------------------- 1 | <%-- 2 | 3 | Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved. 4 | 5 | This program and the accompanying materials are made available under the 6 | terms of the Eclipse Public License v. 2.0, which is available at 7 | http://www.eclipse.org/legal/epl-2.0. 8 | 9 | This Source Code may also be made available under the following Secondary 10 | Licenses when the conditions for such availability set forth in the 11 | Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 12 | version 2 with the GNU Classpath Exception, which is available at 13 | https://www.gnu.org/software/classpath/license.html. 14 | 15 | SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 16 | 17 | --%> 18 | 19 | 22 | 23 | <%@ page language="java" %> 24 | 25 | 26 | JSP used for verifying excluded policy statement 27 | 28 |

JSP used for excluded policy statement

29 | 30 | <% 31 | 32 | out.println("The user principal is: " + request.getUserPrincipal().getName() + "
"); 33 | out.println("getRemoteUser(): " + request.getRemoteUser() + "
" ); 34 | 35 | %> 36 | 37 | 38 | 39 | 40 | 41 | -------------------------------------------------------------------------------- /tck/app-custom-trace-policyconfiguration/src/main/webapp/secured.jsp: -------------------------------------------------------------------------------- 1 | <%-- 2 | 3 | Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved. 4 | 5 | This program and the accompanying materials are made available under the 6 | terms of the Eclipse Public License v. 2.0, which is available at 7 | http://www.eclipse.org/legal/epl-2.0. 8 | 9 | This Source Code may also be made available under the following Secondary 10 | Licenses when the conditions for such availability set forth in the 11 | Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 12 | version 2 with the GNU Classpath Exception, which is available at 13 | https://www.gnu.org/software/classpath/license.html. 14 | 15 | SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 16 | 17 | --%> 18 | 19 | 22 | 23 | <%@ page language="java" %> 24 | 25 | 26 | JSP with Security Constraint 27 | 28 |

JSP with Security Constraint

29 | 30 | <% 31 | 32 | out.println("The user principal is: " + request.getUserPrincipal().getName() + "
"); 33 | out.println("getRemoteUser(): " + request.getRemoteUser() + "
" ); 34 | 35 | // Surround these with !'s so they are easier to search for. 36 | // (i.e. we can search for !true! or !false!) 37 | out.println("isUserInRole(\"ADM\"): !" + request.isUserInRole("ADM") + "!
"); 38 | out.println("isUserInRole(\"MGR\"): !" + request.isUserInRole("MGR") + "!
"); 39 | out.println("isUserInRole(\"VP\"): !" + request.isUserInRole("VP") + "!
"); 40 | out.println("isUserInRole(\"EMP\"): !" + request.isUserInRole("EMP") + "!
"); 41 | out.println("isUserInRole(\"Administrator\"): !" + request.isUserInRole("Administrator") + "!
"); 42 | 43 | %> 44 | 45 | 46 | 47 | 48 | 49 | -------------------------------------------------------------------------------- /tck/app-custom-trace-policyconfiguration/src/main/webapp/sslprotected.jsp: -------------------------------------------------------------------------------- 1 | <%-- 2 | 3 | Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved. 4 | 5 | This program and the accompanying materials are made available under the 6 | terms of the Eclipse Public License v. 2.0, which is available at 7 | http://www.eclipse.org/legal/epl-2.0. 8 | 9 | This Source Code may also be made available under the following Secondary 10 | Licenses when the conditions for such availability set forth in the 11 | Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 12 | version 2 with the GNU Classpath Exception, which is available at 13 | https://www.gnu.org/software/classpath/license.html. 14 | 15 | SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 16 | 17 | --%> 18 | 19 | 22 | 23 | <%@ page language="java" %> 24 | 25 | 26 | SSL Proteected 27 | 28 |

SSL protected JSP

29 | 30 | <% 31 | 32 | out.println("The user principal is: " + request.getUserPrincipal().getName() + "
"); 33 | out.println("getRemoteUser(): " + request.getRemoteUser() + "
" ); 34 | 35 | %> 36 | 37 | 38 | 39 | 40 | 41 | -------------------------------------------------------------------------------- /tck/app-custom-trace-policyconfiguration/src/main/webapp/unchecked.jsp: -------------------------------------------------------------------------------- 1 | <%-- 2 | 3 | Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved. 4 | 5 | This program and the accompanying materials are made available under the 6 | terms of the Eclipse Public License v. 2.0, which is available at 7 | http://www.eclipse.org/legal/epl-2.0. 8 | 9 | This Source Code may also be made available under the following Secondary 10 | Licenses when the conditions for such availability set forth in the 11 | Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 12 | version 2 with the GNU Classpath Exception, which is available at 13 | https://www.gnu.org/software/classpath/license.html. 14 | 15 | SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 16 | 17 | --%> 18 | 19 | 22 | 23 | <%@ page language="java" %> 24 | 25 | 26 | JSP used for verifying unchecked permission 27 | 28 |

JSP used for unchecked permission

29 | 30 | <% 31 | 32 | out.println("The user principal is: " + request.getUserPrincipal().getName() + "
"); 33 | out.println("getRemoteUser(): " + request.getRemoteUser() + "
" ); 34 | 35 | %> 36 | 37 | 38 | 39 | 40 | 41 | -------------------------------------------------------------------------------- /tck/app-custom-trace-policyconfigurationfactory/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 20 | 21 | 22 | 4.0.0 23 | 24 | 25 | org.eclipse.ee4j.authorization.tck 26 | jakarta-authorization-tck 27 | 3.0.0-SNAPSHOT 28 | 29 | 30 | app-custom-trace-policyconfigurationfactory 31 | war 32 | 33 | 34 | This module installs a tracing PolicyConfigurationFactory that writes to a seperate log file 35 | called "authorization-trace-log.xml". The location where this file will be written can be 36 | set using the "log.file.location" system property for both the server and the client test. 37 | 38 | The test uses the log file to check for certain calls being made to PolicyConfigurationFactory. 39 | 40 | 41 | 42 | false 43 | 44 | 45 | 46 | 47 | org.eclipse.ee4j.authorization.tck 48 | common 49 | ${project.version} 50 | 51 | 52 | 53 | 54 | app-custom-trace-policyconfigurationfactory 55 | 56 | 57 | -------------------------------------------------------------------------------- /tck/app-custom-trace-policyconfigurationfactory/src/main/java/ee/jakarta/tck/authorization/test/PublicServlet.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2024 Contributors to the Eclipse Foundation. 3 | * 4 | * This program and the accompanying materials are made available under the 5 | * terms of the Eclipse Public License v. 2.0, which is available at 6 | * http://www.eclipse.org/legal/epl-2.0. 7 | * 8 | * This Source Code may also be made available under the following Secondary 9 | * Licenses when the conditions for such availability set forth in the 10 | * Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 11 | * version 2 with the GNU Classpath Exception, which is available at 12 | * https://www.gnu.org/software/classpath/license.html. 13 | * 14 | * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 15 | */ 16 | package ee.jakarta.tck.authorization.test; 17 | 18 | import jakarta.servlet.ServletException; 19 | import jakarta.servlet.annotation.WebServlet; 20 | import jakarta.servlet.http.HttpServlet; 21 | import jakarta.servlet.http.HttpServletRequest; 22 | import jakarta.servlet.http.HttpServletResponse; 23 | import java.io.IOException; 24 | 25 | /** 26 | * This servlet only exist so that we have a resource in the application available 27 | * The tests don't actually need to call this. 28 | */ 29 | @WebServlet("/PublicServlet") 30 | public class PublicServlet extends HttpServlet { 31 | 32 | private static final long serialVersionUID = 1L; 33 | 34 | @Override 35 | protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { 36 | response.getWriter().append("Served at: ").append(request.getContextPath()); 37 | } 38 | 39 | } 40 | -------------------------------------------------------------------------------- /tck/app-custom-trace-policyconfigurationfactory/src/main/webapp/WEB-INF/beans.xml: -------------------------------------------------------------------------------- 1 | 2 | 20 | 24 | -------------------------------------------------------------------------------- /tck/app-custom-trace-policyconfigurationfactory/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- 1 | 2 | 19 | 20 | jacc_web_toolsContracts 21 | 22 | 23 | jakarta.security.jacc.PolicyConfigurationFactory.provider 24 | ee.jakarta.tck.authorization.test.TSPolicyConfigurationFactoryImpl 25 | 26 | -------------------------------------------------------------------------------- /tck/app-ejb-constraints/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 20 | 21 | 22 | 4.0.0 23 | 24 | 25 | org.eclipse.ee4j.authorization.tck 26 | jakarta-authorization-tck 27 | 3.0.0-SNAPSHOT 28 | 29 | 30 | app-ejb-constraints 31 | war 32 | 33 | 34 | This test module uses plain Servlet and Enterprise Beans code and does 35 | not use anything Jakarta Authorization specific. It is the responsibility of 36 | the one performing the test to make sure the product under test indeed uses 37 | Jakarta Authorization internally. 38 | 39 | Products that don't support Jakarta Authorization, but do provide a 40 | compliant Servlet and specificatlly Jakarta Enterprise Beans implementation should 41 | be able to pass these tests as well. 42 | 43 | 44 | 45 | false 46 | 47 | 48 | 49 | 50 | org.eclipse.ee4j.authorization.tck 51 | common 52 | ${project.version} 53 | 54 | 55 | jakarta.ejb 56 | jakarta.ejb-api 57 | 4.0.1 58 | 59 | 60 | 61 | 62 | app-ejb-constraints 63 | 64 | 65 | -------------------------------------------------------------------------------- /tck/app-ejb-constraints/src/main/java/ee/jakarta/tck/authorization/test/InterMediate.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2024 Contributors to Eclipse Foundation. 3 | * Copyright (c) 2007, 2018 Oracle and/or its affiliates. All rights reserved. 4 | * 5 | * This program and the accompanying materials are made available under the 6 | * terms of the Eclipse Public License v. 2.0, which is available at 7 | * http://www.eclipse.org/legal/epl-2.0. 8 | * 9 | * This Source Code may also be made available under the following Secondary 10 | * Licenses when the conditions for such availability set forth in the 11 | * Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 12 | * version 2 with the GNU Classpath Exception, which is available at 13 | * https://www.gnu.org/software/classpath/license.html. 14 | * 15 | * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 16 | */ 17 | package ee.jakarta.tck.authorization.test; 18 | 19 | public interface InterMediate { 20 | 21 | boolean IsCallerB1(String caller); 22 | boolean IsCallerB2(String caller); 23 | boolean InRole(String role); 24 | boolean EjbNotAuthz(); 25 | boolean EjbIsAuthz(); 26 | boolean EjbSecRoleRef(String role); 27 | boolean uncheckedTest(); 28 | boolean excludeTest(); 29 | 30 | } 31 | -------------------------------------------------------------------------------- /tck/app-ejb-constraints/src/main/java/ee/jakarta/tck/authorization/test/Target.java: -------------------------------------------------------------------------------- 1 | /* 2 | *Copyright (c) 2024 Contributors to Eclipse Foundation. 3 | * Copyright (c) 2007, 2020 Oracle and/or its affiliates. All rights reserved. 4 | * 5 | * This program and the accompanying materials are made available under the 6 | * terms of the Eclipse Public License v. 2.0, which is available at 7 | * http://www.eclipse.org/legal/epl-2.0. 8 | * 9 | * This Source Code may also be made available under the following Secondary 10 | * Licenses when the conditions for such availability set forth in the 11 | * Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 12 | * version 2 with the GNU Classpath Exception, which is available at 13 | * https://www.gnu.org/software/classpath/license.html. 14 | * 15 | * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 16 | */ 17 | package ee.jakarta.tck.authorization.test; 18 | 19 | public interface Target { 20 | 21 | boolean IsCaller(String caller); 22 | boolean EjbNotAuthz(); 23 | boolean EjbIsAuthz(); 24 | boolean EjbSecRoleRef(String role); 25 | boolean uncheckedTest(); 26 | boolean excludeTest(); 27 | } 28 | -------------------------------------------------------------------------------- /tck/app-ejb-constraints/src/main/java/ee/jakarta/tck/authorization/test/TargetBean.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2024 Contributors to Eclipse Foundation. 3 | * Copyright (c) 2007, 2020 Oracle and/or its affiliates. All rights reserved. 4 | * 5 | * This program and the accompanying materials are made available under the 6 | * terms of the Eclipse Public License v. 2.0, which is available at 7 | * http://www.eclipse.org/legal/epl-2.0. 8 | * 9 | * This Source Code may also be made available under the following Secondary 10 | * Licenses when the conditions for such availability set forth in the 11 | * Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 12 | * version 2 with the GNU Classpath Exception, which is available at 13 | * https://www.gnu.org/software/classpath/license.html. 14 | * 15 | * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 16 | */ 17 | package ee.jakarta.tck.authorization.test; 18 | 19 | import static jakarta.ejb.TransactionAttributeType.REQUIRED; 20 | 21 | import jakarta.annotation.Resource; 22 | import jakarta.annotation.security.DeclareRoles; 23 | import jakarta.annotation.security.DenyAll; 24 | import jakarta.annotation.security.PermitAll; 25 | import jakarta.annotation.security.RolesAllowed; 26 | import jakarta.ejb.SessionContext; 27 | import jakarta.ejb.Stateless; 28 | import jakarta.ejb.TransactionAttribute; 29 | 30 | @DeclareRoles({ "Administrator", "Manager", "Employee" }) 31 | @Stateless(name = "TargetBean") 32 | public class TargetBean implements Target { 33 | 34 | private SessionContext sessionContext; 35 | 36 | @Resource 37 | public void setSessionContext(SessionContext sc) { 38 | sessionContext = sc; 39 | } 40 | 41 | @Override 42 | @TransactionAttribute(REQUIRED) 43 | public boolean IsCaller(String caller) { 44 | return !(sessionContext.getCallerPrincipal().getName().indexOf(caller) < 0); 45 | } 46 | 47 | @Override 48 | @RolesAllowed({ "Administrator" }) 49 | @TransactionAttribute(REQUIRED) 50 | public boolean EjbNotAuthz() { 51 | return true; 52 | } 53 | 54 | @Override 55 | @RolesAllowed({ "Administrator", "Manager", "Employee" }) 56 | @TransactionAttribute(REQUIRED) 57 | public boolean EjbIsAuthz() { 58 | return true; 59 | } 60 | 61 | @Override 62 | @RolesAllowed({ "Manager", "Employee" }) 63 | @TransactionAttribute(REQUIRED) 64 | public boolean EjbSecRoleRef(String role) { 65 | return sessionContext.isCallerInRole(role); 66 | } 67 | 68 | @Override 69 | @PermitAll 70 | public boolean uncheckedTest() { 71 | return true; 72 | } 73 | 74 | @Override 75 | @DenyAll 76 | @TransactionAttribute(REQUIRED) 77 | public boolean excludeTest() { 78 | return true; 79 | } 80 | 81 | } 82 | -------------------------------------------------------------------------------- /tck/app-ejb-constraints/src/main/webapp/WEB-INF/beans.xml: -------------------------------------------------------------------------------- 1 | 2 | 20 | 24 | -------------------------------------------------------------------------------- /tck/app-ejb-constraints/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- 1 | 2 | 19 | 23 | 24 | 25 | BASIC 26 | file 27 | 28 | 29 | -------------------------------------------------------------------------------- /tck/app-permissions-equals-hashcode/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 20 | 21 | 22 | 4.0.0 23 | 24 | 25 | org.eclipse.ee4j.authorization.tck 26 | jakarta-authorization-tck 27 | 3.0.0-SNAPSHOT 28 | 29 | 30 | app-permissions-equals-hashcode 31 | war 32 | 33 | 34 | This module tests whether the equals and hashcode methods of the Permissions supplied 35 | by the API work. 36 | 37 | 38 | 39 | false 40 | 41 | 42 | 43 | 44 | org.eclipse.ee4j.authorization.tck 45 | common 46 | ${project.version} 47 | 48 | 49 | 50 | 51 | app-permissions-equals-hashcode 52 | 53 | 54 | -------------------------------------------------------------------------------- /tck/app-policy-within-servlet/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 20 | 21 | 22 | 4.0.0 23 | 24 | 25 | org.eclipse.ee4j.authorization.tck 26 | jakarta-authorization-tck 27 | 3.0.0-SNAPSHOT 28 | 29 | 30 | app-policy-use-within-servlet 31 | war 32 | 33 | 34 | Access a Servlet (the resource), and check from within that Servlet whether the 35 | permission checks from the Policy match with the expectations for that request. 36 | 37 | 38 | 39 | false 40 | 41 | 42 | 43 | 44 | org.eclipse.ee4j.authorization.tck 45 | common 46 | ${project.version} 47 | 48 | 49 | 50 | 51 | app-mem-policy3 52 | 53 | 54 | -------------------------------------------------------------------------------- /tck/app-policy-within-servlet/src/main/java/ee/jakarta/tck/authorization/test/ProtectedServlet.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2024 Contributors to the Eclipse Foundation. 3 | * Copyright (c) 2015, 2020 Oracle and/or its affiliates. All rights reserved. 4 | * 5 | * This program and the accompanying materials are made available under the 6 | * terms of the Eclipse Public License v. 2.0, which is available at 7 | * http://www.eclipse.org/legal/epl-2.0. 8 | * 9 | * This Source Code may also be made available under the following Secondary 10 | * Licenses when the conditions for such availability set forth in the 11 | * Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 12 | * version 2 with the GNU Classpath Exception, which is available at 13 | * https://www.gnu.org/software/classpath/license.html. 14 | * 15 | * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 16 | */ 17 | 18 | package ee.jakarta.tck.authorization.test; 19 | 20 | import static jakarta.security.jacc.PolicyContext.SUBJECT; 21 | 22 | import jakarta.annotation.security.DeclareRoles; 23 | import jakarta.security.jacc.Policy; 24 | import jakarta.security.jacc.PolicyContext; 25 | import jakarta.security.jacc.PolicyFactory; 26 | import jakarta.security.jacc.WebResourcePermission; 27 | import jakarta.servlet.ServletException; 28 | import jakarta.servlet.annotation.HttpConstraint; 29 | import jakarta.servlet.annotation.ServletSecurity; 30 | import jakarta.servlet.annotation.WebServlet; 31 | import jakarta.servlet.http.HttpServlet; 32 | import jakarta.servlet.http.HttpServletRequest; 33 | import jakarta.servlet.http.HttpServletResponse; 34 | import java.io.IOException; 35 | import java.security.Permission; 36 | import javax.security.auth.Subject; 37 | 38 | /** 39 | * Protected Servlet that prints out the response from the default policy for the current request. 40 | * 41 | *

42 | * The role "foo" is required to access this Servlet. "bar" and "foo" are roles assigned by the 43 | * native identity store 44 | * 45 | */ 46 | @WebServlet("/protectedServlet/*") 47 | @DeclareRoles({"bar"}) 48 | @ServletSecurity(@HttpConstraint(rolesAllowed = "foo")) 49 | public class ProtectedServlet extends HttpServlet { 50 | 51 | private static final long serialVersionUID = 1L; 52 | 53 | @Override 54 | public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { 55 | response.getWriter().write("This is a servlet \n"); 56 | 57 | Policy policy = PolicyFactory.getPolicyFactory().getPolicy(); 58 | 59 | // Check permissions for the current request 60 | Permission requestPermission = new WebResourcePermission(request); 61 | Subject subject = PolicyContext.get(SUBJECT); 62 | 63 | response.getWriter().write("Current request is unchecked: " + policy.isUnchecked(requestPermission) + "\n"); 64 | response.getWriter().write("Current request is excluded: " + policy.isExcluded(requestPermission) + "\n"); 65 | response.getWriter().write("Current request is by role: " + policy.impliesByRole(requestPermission, subject) + "\n"); 66 | } 67 | 68 | } 69 | -------------------------------------------------------------------------------- /tck/app-policy-within-servlet/src/main/webapp/WEB-INF/beans.xml: -------------------------------------------------------------------------------- 1 | 2 | 20 | 24 | -------------------------------------------------------------------------------- /tck/app-policy-within-servlet/src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- 1 | 2 | 19 | 23 | 24 | 25 | BASIC 26 | file 27 | 28 | 29 | -------------------------------------------------------------------------------- /tck/app-policy-within-servlet/src/test/java/ee/jakarta/tck/authorization/test/AppPolicyWithinServletIT.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2024 Contributors to the Eclipse Foundation. 3 | * Copyright (c) 2015, 2020 Oracle and/or its affiliates. All rights reserved. 4 | * 5 | * This program and the accompanying materials are made available under the 6 | * terms of the Eclipse Public License v. 2.0, which is available at 7 | * http://www.eclipse.org/legal/epl-2.0. 8 | * 9 | * This Source Code may also be made available under the following Secondary 10 | * Licenses when the conditions for such availability set forth in the 11 | * Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 12 | * version 2 with the GNU Classpath Exception, which is available at 13 | * https://www.gnu.org/software/classpath/license.html. 14 | * 15 | * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 16 | */ 17 | 18 | package ee.jakarta.tck.authorization.test; 19 | 20 | import static ee.jakarta.tck.authorization.util.ShrinkWrap.mavenWar; 21 | import static org.junit.Assert.assertTrue; 22 | 23 | import org.htmlunit.DefaultCredentialsProvider; 24 | import ee.jakarta.tck.authorization.util.ArquillianBase; 25 | import org.jboss.arquillian.container.test.api.Deployment; 26 | import org.jboss.arquillian.junit.Arquillian; 27 | import org.jboss.shrinkwrap.api.Archive; 28 | import org.junit.Test; 29 | import org.junit.runner.RunWith; 30 | 31 | 32 | @RunWith(Arquillian.class) 33 | public class AppPolicyWithinServletIT extends ArquillianBase { 34 | 35 | @Deployment(testable = false) 36 | public static Archive createDeployment() { 37 | return mavenWar(); 38 | } 39 | 40 | /** 41 | * Access a protected Servlet, and check from within that Servlet whether the 42 | * permission checks from the Policy match with the expectations for that request. 43 | */ 44 | @Test 45 | public void testAuthenticated() { 46 | DefaultCredentialsProvider credentialsProvider = new DefaultCredentialsProvider(); 47 | credentialsProvider.addCredentials("reza", "secret1".toCharArray()); 48 | 49 | getWebClient().setCredentialsProvider(credentialsProvider); 50 | 51 | String response = readFromServer("/protectedServlet"); 52 | 53 | assertTrue( 54 | "Should have not have had unchecked access, but had.\n" + 55 | response, 56 | response.contains("Current request is unchecked: false")); 57 | 58 | assertTrue( 59 | "Should have not be excluded from access, but was.\n" + 60 | response, 61 | response.contains("Current request is excluded: false")); 62 | 63 | assertTrue( 64 | "Should have had access by role, but had not.\n" + 65 | response, 66 | response.contains("Current request is by role: true")); 67 | } 68 | 69 | } 70 | -------------------------------------------------------------------------------- /tck/app-servlet-constraints/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 20 | 21 | 22 | 4.0.0 23 | 24 | 25 | org.eclipse.ee4j.authorization.tck 26 | jakarta-authorization-tck 27 | 3.0.0-SNAPSHOT 28 | 29 | 30 | app-servlet-constraints 31 | war 32 | 33 | 34 | This module contain tests that do HTTP requests to several resources which are protected in different ways via constraints 35 | in a Servlet web.xml. 36 | 37 | The tests do no check anything specific to Jakarta Authorization, and as such the tests should also pass on 38 | a Servlet container that does not use Jakarta Authorization at all, as the same behaviour is also specified 39 | by Servlet. 40 | 41 | It is the responsibility of the compatible implementation that is being tested here to make sure that 42 | Jakarta Authorization is indeed used, so that these tests indeed test the Jakarta Authorization implementation. 43 | 44 | 45 | 46 | false 47 | 48 | 49 | 50 | 51 | org.eclipse.ee4j.authorization.tck 52 | common 53 | ${project.version} 54 | 55 | 56 | 57 | 58 | app-servlet-constraints 59 | 60 | 61 | -------------------------------------------------------------------------------- /tck/app-servlet-constraints/src/main/webapp/WEB-INF/beans.xml: -------------------------------------------------------------------------------- 1 | 2 | 20 | 24 | -------------------------------------------------------------------------------- /tck/app-servlet-constraints/src/main/webapp/accesstoall.jsp: -------------------------------------------------------------------------------- 1 | <%-- 2 | 3 | Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved. 4 | 5 | This program and the accompanying materials are made available under the 6 | terms of the Eclipse Public License v. 2.0, which is available at 7 | http://www.eclipse.org/legal/epl-2.0. 8 | 9 | This Source Code may also be made available under the following Secondary 10 | Licenses when the conditions for such availability set forth in the 11 | Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 12 | version 2 with the GNU Classpath Exception, which is available at 13 | https://www.gnu.org/software/classpath/license.html. 14 | 15 | SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 16 | 17 | --%> 18 | 19 | 22 | 23 | <%@ page language="java" %> 24 | 25 | 26 | JSP with WildCard Auth Constraint 27 | 28 |

JSP with WildCard Auth Constraint

29 | 30 | <% 31 | 32 | out.println("The user principal is: " + request.getUserPrincipal().getName() + "
"); 33 | out.println("getRemoteUser(): " + request.getRemoteUser() + "
" ); 34 | 35 | if (request.isUserInRole("ADM")) { 36 | out.println("USR_IN_ROLE_ADM"); 37 | } else 38 | out.println("USR_NOT_IN_ROLE_ADM"); 39 | 40 | if (request.isUserInRole("MGR")) { 41 | out.println("USR_IN_ROLE_MGR"); 42 | } else 43 | out.println("USR_NOT_IN_ROLE_MGR"); 44 | 45 | if (request.isUserInRole("EMP")) { 46 | out.println("USR_IN_ROLE_EMP"); 47 | } else 48 | out.println("USR_NOT_IN_ROLE_EMP"); 49 | 50 | if (request.isUserInRole("VP")) { 51 | out.println("USR_IN_ROLE_VP"); 52 | } else 53 | out.println("USR_NOT_IN_ROLE_VP"); 54 | 55 | %> 56 | 57 | 58 | 59 | -------------------------------------------------------------------------------- /tck/app-servlet-constraints/src/main/webapp/anyauthuser.jsp: -------------------------------------------------------------------------------- 1 | <%-- 2 | 3 | Copyright (c) 2013, 2018 Oracle and/or its affiliates. All rights reserved. 4 | 5 | This program and the accompanying materials are made available under the 6 | terms of the Eclipse Public License v. 2.0, which is available at 7 | http://www.eclipse.org/legal/epl-2.0. 8 | 9 | This Source Code may also be made available under the following Secondary 10 | Licenses when the conditions for such availability set forth in the 11 | Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 12 | version 2 with the GNU Classpath Exception, which is available at 13 | https://www.gnu.org/software/classpath/license.html. 14 | 15 | SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 16 | 17 | --%> 18 | 19 | 20 | <%@ page language="java" %> 21 | 22 | 23 | JSP with Any Authenticated User Auth Constraint 24 | 25 |

JSP with Double-WildCard Auth Constraint

26 | 27 | <% 28 | 29 | out.println("The user principal is: " + request.getUserPrincipal().getName() + "
"); 30 | out.println("getRemoteUser(): " + request.getRemoteUser() + "
" ); 31 | 32 | if (request.isUserInRole("**")){ 33 | out.println("USR_IN_ROLE_STARSTAR"); 34 | } else { 35 | out.println("USR_NOT_IN_ROLE_STARSTAR"); 36 | } 37 | 38 | %> 39 | 40 | 41 | 42 | -------------------------------------------------------------------------------- /tck/app-servlet-constraints/src/main/webapp/excluded.jsp: -------------------------------------------------------------------------------- 1 | <%-- 2 | 3 | Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved. 4 | 5 | This program and the accompanying materials are made available under the 6 | terms of the Eclipse Public License v. 2.0, which is available at 7 | http://www.eclipse.org/legal/epl-2.0. 8 | 9 | This Source Code may also be made available under the following Secondary 10 | Licenses when the conditions for such availability set forth in the 11 | Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 12 | version 2 with the GNU Classpath Exception, which is available at 13 | https://www.gnu.org/software/classpath/license.html. 14 | 15 | SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 16 | 17 | --%> 18 | 19 | 22 | 23 | <%@ page language="java" %> 24 | 25 | 26 | JSP used for verifying excluded policy statement 27 | 28 |

JSP used for excluded policy statement

29 | 30 | <% 31 | 32 | out.println("The user principal is: " + request.getUserPrincipal().getName() + "
"); 33 | out.println("getRemoteUser(): " + request.getRemoteUser() + "
" ); 34 | 35 | %> 36 | 37 | 38 | 39 | 40 | 41 | -------------------------------------------------------------------------------- /tck/app-servlet-constraints/src/main/webapp/secured.jsp: -------------------------------------------------------------------------------- 1 | <%-- 2 | 3 | Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved. 4 | 5 | This program and the accompanying materials are made available under the 6 | terms of the Eclipse Public License v. 2.0, which is available at 7 | http://www.eclipse.org/legal/epl-2.0. 8 | 9 | This Source Code may also be made available under the following Secondary 10 | Licenses when the conditions for such availability set forth in the 11 | Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 12 | version 2 with the GNU Classpath Exception, which is available at 13 | https://www.gnu.org/software/classpath/license.html. 14 | 15 | SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 16 | 17 | --%> 18 | 19 | 22 | 23 | <%@ page language="java" %> 24 | 25 | 26 | JSP with Security Constraint 27 | 28 |

JSP with Security Constraint

29 | 30 | <% 31 | 32 | out.println("The user principal is: " + request.getUserPrincipal().getName() + "
"); 33 | out.println("getRemoteUser(): " + request.getRemoteUser() + "
" ); 34 | 35 | // Surround these with !'s so they are easier to search for. 36 | // (i.e. we can search for !true! or !false!) 37 | out.println("isUserInRole(\"ADM\"): !" + request.isUserInRole("ADM") + "!
"); 38 | out.println("isUserInRole(\"MGR\"): !" + request.isUserInRole("MGR") + "!
"); 39 | out.println("isUserInRole(\"VP\"): !" + request.isUserInRole("VP") + "!
"); 40 | out.println("isUserInRole(\"EMP\"): !" + request.isUserInRole("EMP") + "!
"); 41 | out.println("isUserInRole(\"Administrator\"): !" + request.isUserInRole("Administrator") + "!
"); 42 | 43 | %> 44 | 45 | 46 | 47 | 48 | 49 | -------------------------------------------------------------------------------- /tck/app-servlet-constraints/src/main/webapp/sslprotected.jsp: -------------------------------------------------------------------------------- 1 | <%-- 2 | 3 | Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved. 4 | 5 | This program and the accompanying materials are made available under the 6 | terms of the Eclipse Public License v. 2.0, which is available at 7 | http://www.eclipse.org/legal/epl-2.0. 8 | 9 | This Source Code may also be made available under the following Secondary 10 | Licenses when the conditions for such availability set forth in the 11 | Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 12 | version 2 with the GNU Classpath Exception, which is available at 13 | https://www.gnu.org/software/classpath/license.html. 14 | 15 | SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 16 | 17 | --%> 18 | 19 | 22 | 23 | <%@ page language="java" %> 24 | 25 | 26 | SSL Proteected 27 | 28 |

SSL protected JSP

29 | 30 | <% 31 | 32 | out.println("The user principal is: " + request.getUserPrincipal().getName() + "
"); 33 | out.println("getRemoteUser(): " + request.getRemoteUser() + "
" ); 34 | 35 | %> 36 | 37 | 38 | 39 | 40 | 41 | -------------------------------------------------------------------------------- /tck/app-servlet-constraints/src/main/webapp/unchecked.jsp: -------------------------------------------------------------------------------- 1 | <%-- 2 | 3 | Copyright (c) 2006, 2018 Oracle and/or its affiliates. All rights reserved. 4 | 5 | This program and the accompanying materials are made available under the 6 | terms of the Eclipse Public License v. 2.0, which is available at 7 | http://www.eclipse.org/legal/epl-2.0. 8 | 9 | This Source Code may also be made available under the following Secondary 10 | Licenses when the conditions for such availability set forth in the 11 | Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 12 | version 2 with the GNU Classpath Exception, which is available at 13 | https://www.gnu.org/software/classpath/license.html. 14 | 15 | SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 16 | 17 | --%> 18 | 19 | 22 | 23 | <%@ page language="java" %> 24 | 25 | 26 | JSP used for verifying unchecked permission 27 | 28 |

JSP used for unchecked permission

29 | 30 | <% 31 | 32 | out.println("The user principal is: " + request.getUserPrincipal().getName() + "
"); 33 | out.println("getRemoteUser(): " + request.getRemoteUser() + "
" ); 34 | 35 | %> 36 | 37 | 38 | 39 | 40 | 41 | -------------------------------------------------------------------------------- /tck/authorization-signaturetest/src/test/java/ee/jakarta/tck/authorization/signaturetest/README: -------------------------------------------------------------------------------- 1 | The latest signature files are updated in the faces repoitory 2 | (faces/tck/faces-signaturetest/src/test/resources/ee/jakarta/tck/faces/signaturetest/) 3 | generated using sigtest-maven-plugin.jar(version 1.5). 4 | 5 | The signature tests are run using the sigtest-maven-plugin.jar and the framework to start the tests 6 | is avaliable in this folder. 7 | 8 | 9 | 10 | For TCK developers :- 11 | 12 | 1. Generate Signature Files : The signature file will be generated by the TCK team using faces-signaturetest/pom.xml 13 | by running 'mvn install -Precord-signature'. The classpath should contain the api jar for which we are generating the signature file. 14 | 15 | Modify the record-signature profile configuration in faces-signaturetest/pom.xml with the path to extracted classes. 16 | The signature file name expected is jakarta.faces.sig_${version} , where version is the api version for which the signature is generated. 17 | 18 | 2. Place the required files in the TCK folder : 19 | 20 | All the below files has to be placed in the folder faces-signaturetest/src/test/resources/ee/jakarta/tck/faces/signaturetest, 21 | so they are included as part of the TCK jar during the build. 22 | 23 | -The signature file generated from above of the name jakarta.faces.sig_${version} 24 | -The mapping file will be named sig-test.map, it contains the api to version mapping. This file will be used to pick the right signature file when running the signature test. 25 | -The package list file will be named sig-test-pkg-list.txt, contains the list of packages tested. 26 | 27 | 28 | 29 | For TCK users (to run the signature test as a Junit test) :- 30 | 31 | 32 | 1. Set the below system properties correctly : 33 | 34 | jimage.dir //The jdk9+(jdk11 for this release) will be extracted to this location as to use the Java modules in the path. 35 | optional.tech.packages.to.ignore // The optional package that should be ignored while running the signature test 36 | signature.sigTestClasspath // the sigTestClasspath that will contain the implementation jar that needs to be tested along with dependent jars. 37 | 38 | For eg: 39 | 40 | ${project.build.directory}/jdk11-bundle 41 | jakarta.xml.bind 42 | ${project.build.directory}/jakarta.faces-api.jar:jakarta.el-api.jar:jakarta.enterprise.cdi-api.jar:${project.build.directory}/jdk11-bundle/java.base:${project.build.directory}/jdk11-bundle/java.rmi:${project.build.directory}/jdk11-bundle/java.sql:${project.build.directory}/jdk11-bundle/java.naming 43 | 44 | 2. The signature test can be run using below command within faces-signaturetest/ directory. 45 | 46 | mvn verify 47 | -------------------------------------------------------------------------------- /tck/authorization-signaturetest/src/test/java/ee/jakarta/tck/authorization/signaturetest/SigTestData.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2022 Oracle and/or its affiliates. All rights reserved. 3 | * 4 | * This program and the accompanying materials are made available under the 5 | * terms of the Eclipse Public License v. 2.0, which is available at 6 | * http://www.eclipse.org/legal/epl-2.0. 7 | * 8 | * This Source Code may also be made available under the following Secondary 9 | * Licenses when the conditions for such availability set forth in the 10 | * Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 11 | * version 2 with the GNU Classpath Exception, which is available at 12 | * https://www.gnu.org/software/classpath/license.html. 13 | * 14 | * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 15 | */ 16 | 17 | package ee.jakarta.tck.authorization.signaturetest; 18 | 19 | import java.util.Properties; 20 | 21 | /** 22 | * This class holds the data passed to a signature test invocation during the setup phase. This allows us to keep the 23 | * passed data separate and reuse the data between the signature test framework base classes. 24 | */ 25 | public class SigTestData { 26 | 27 | private Properties props; 28 | 29 | public SigTestData() { 30 | this.props = System.getProperties(); 31 | } 32 | 33 | public String getTestClasspath() { 34 | return props.getProperty("signature.sigTestClasspath", ""); 35 | } 36 | 37 | public String getProperty(String prop) { 38 | return props.getProperty(prop); 39 | } 40 | 41 | public String getOptionalTechPackagesToIgnore() { 42 | return props.getProperty("optional.tech.packages.to.ignore", "jakarta.xml.bind"); 43 | } 44 | 45 | public String getJImageDir() { 46 | return props.getProperty("jimage.dir", ""); 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /tck/authorization-signaturetest/src/test/java/ee/jakarta/tck/authorization/signaturetest/SigTestResult.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2022 Oracle and/or its affiliates. All rights reserved. 3 | * 4 | * This program and the accompanying materials are made available under the 5 | * terms of the Eclipse Public License v. 2.0, which is available at 6 | * http://www.eclipse.org/legal/epl-2.0. 7 | * 8 | * This Source Code may also be made available under the following Secondary 9 | * Licenses when the conditions for such availability set forth in the 10 | * Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 11 | * version 2 with the GNU Classpath Exception, which is available at 12 | * https://www.gnu.org/software/classpath/license.html. 13 | * 14 | * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 15 | */ 16 | 17 | package ee.jakarta.tck.authorization.signaturetest; 18 | 19 | import java.io.Serializable; 20 | import java.util.ArrayList; 21 | import java.util.List; 22 | 23 | public class SigTestResult implements Serializable { 24 | 25 | private static final long serialVersionUID = 1L; 26 | 27 | private static final String NL = System.getProperty("line.separator", "\n"); 28 | 29 | private List failedPkgs = new ArrayList<>(); 30 | private List passedPkgs = new ArrayList<>(); 31 | private List failedClasses = new ArrayList<>(); 32 | private List passedClasses = new ArrayList<>(); 33 | 34 | // ---------------------------------------------------------- Public Methods 35 | 36 | public synchronized boolean passed() { 37 | return failedPkgs.size() == 0 && failedClasses.size() == 0; 38 | } 39 | 40 | public synchronized void addFailedPkg(String pkg) { 41 | failedPkgs.add(pkg); 42 | } 43 | 44 | public synchronized void addPassedPkg(String pkg) { 45 | passedPkgs.add(pkg); 46 | } 47 | 48 | public synchronized void addFailedClass(String className) { 49 | failedClasses.add(className); 50 | } 51 | 52 | public synchronized void addPassedClass(String className) { 53 | passedClasses.add(className); 54 | } 55 | 56 | @Override 57 | public String toString() { 58 | String delim = "******************************************************" + NL; 59 | if (!pkgsTested() && !classesTested()) { 60 | return (delim + "******** No packages or classes were tested **********" + NL + delim); 61 | } 62 | 63 | StringBuffer buf = new StringBuffer(); 64 | buf.append(delim); 65 | buf.append(delim); 66 | if (passed()) { 67 | buf.append("All package signatures passed.").append(NL); 68 | } else { 69 | buf.append("Some signatures failed.").append(NL); 70 | if (failedPkgs.size() > 0) { 71 | buf.append("\tFailed packages listed below: ").append(NL); 72 | formatList(failedPkgs, buf); 73 | } 74 | if (failedClasses.size() > 0) { 75 | buf.append("\tFailed classes listed below: ").append(NL); 76 | formatList(failedClasses, buf); 77 | } 78 | } 79 | if (passedPkgs.size() > 0) { 80 | buf.append("\tPassed packages listed below: ").append(NL); 81 | formatList(passedPkgs, buf); 82 | } 83 | if (passedClasses.size() > 0) { 84 | buf.append("\tPassed classes listed below: ").append(NL); 85 | formatList(passedClasses, buf); 86 | } 87 | buf.append("\t"); 88 | buf.append(delim); 89 | buf.append(delim); 90 | 91 | return buf.toString(); 92 | } 93 | 94 | // --------------------------------------------------------- Private Methods 95 | 96 | private synchronized void formatList(List list, StringBuffer buf) { 97 | synchronized (this) { 98 | for (String pkg : list) { 99 | buf.append("\t\t").append(pkg).append(NL); 100 | } 101 | } 102 | } 103 | 104 | private synchronized boolean pkgsTested() { 105 | return failedPkgs.size() != 0 || passedPkgs.size() != 0; 106 | } 107 | 108 | private synchronized boolean classesTested() { 109 | return failedClasses.size() != 0 || passedClasses.size() != 0; 110 | } 111 | 112 | } 113 | -------------------------------------------------------------------------------- /tck/authorization-signaturetest/src/test/java/ee/jakarta/tck/authorization/signaturetest/SignatureTestDriverFactory.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2022 Oracle and/or its affiliates. All rights reserved. 3 | * 4 | * This program and the accompanying materials are made available under the 5 | * terms of the Eclipse Public License v. 2.0, which is available at 6 | * http://www.eclipse.org/legal/epl-2.0. 7 | * 8 | * This Source Code may also be made available under the following Secondary 9 | * Licenses when the conditions for such availability set forth in the 10 | * Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 11 | * version 2 with the GNU Classpath Exception, which is available at 12 | * https://www.gnu.org/software/classpath/license.html. 13 | * 14 | * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 15 | */ 16 | 17 | package ee.jakarta.tck.authorization.signaturetest; 18 | 19 | /** 20 | * Factory to obtain SignatureTestDriver implementations. 21 | */ 22 | public class SignatureTestDriverFactory { 23 | 24 | /** 25 | * Identifier for the driver that uses the Signature Test framwork for signature validation. 26 | */ 27 | public static final String SIG_TEST = "sigtest"; 28 | 29 | // ------------------------------------------------------------ Constructors 30 | 31 | // Access via factory method 32 | private SignatureTestDriverFactory() { 33 | } 34 | 35 | // ---------------------------------------------------------- Public Methods 36 | 37 | /** 38 | * Obtain a {@link SignatureTestDriver} instance based on the type argument. 39 | * 40 | * @param type the driver type to create 41 | * @return a {@link SignatureTestDriver} implementation 42 | */ 43 | public static SignatureTestDriver getInstance(String type) { 44 | if (type == null || type.length() == 0) { 45 | throw new IllegalArgumentException("Type was null or empty"); 46 | } 47 | 48 | if (SIG_TEST.equals(type)) { 49 | return new SigTestDriver(); 50 | } 51 | 52 | throw new IllegalArgumentException("Unknown Type: '" + type + '\''); 53 | 54 | 55 | } 56 | 57 | } 58 | -------------------------------------------------------------------------------- /tck/authorization-signaturetest/src/test/resources/ee/jakarta/tck/authorization/signaturetest/sig-test-pkg-list.txt: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2018, 2022 Oracle and/or its affiliates. All rights reserved. 3 | # 4 | # This program and the accompanying materials are made available under the 5 | # terms of the Eclipse Public License v. 2.0, which is available at 6 | # http://www.eclipse.org/legal/epl-2.0. 7 | # 8 | # This Source Code may also be made available under the following Secondary 9 | # Licenses when the conditions for such availability set forth in the 10 | # Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 11 | # version 2 with the GNU Classpath Exception, which is available at 12 | # https://www.gnu.org/software/classpath/license.html. 13 | # 14 | # SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 15 | # 16 | 17 | ## 18 | # This file contains a list of all the packages 19 | # contained in the signature files for this 20 | # deliverable. This file is used to exclude valid 21 | # sub-packages from being verified when their 22 | # parent package's signature is checked. 23 | ## 24 | 25 | jakarta.security.jacc 26 | -------------------------------------------------------------------------------- /tck/authorization-signaturetest/src/test/resources/ee/jakarta/tck/authorization/signaturetest/sig-test.map: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2022 Oracle and/or its affiliates. All rights reserved. 3 | # 4 | # This program and the accompanying materials are made available under the 5 | # terms of the Eclipse Public License v. 2.0, which is available at 6 | # http://www.eclipse.org/legal/epl-2.0. 7 | # 8 | # This Source Code may also be made available under the following Secondary 9 | # Licenses when the conditions for such availability set forth in the 10 | # Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 11 | # version 2 with the GNU Classpath Exception, which is available at 12 | # https://www.gnu.org/software/classpath/license.html. 13 | # 14 | # SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 15 | # 16 | 17 | ############################################################### 18 | # The signature test mapping file for the Faces TCK. This file 19 | # should be formatted as a standard java properties file. The 20 | # name is the package name and the value is the version of the 21 | # package that should be tested by the signature tests. 22 | ############################################################### 23 | 24 | jakarta.security.jacc=3.0.0-SNAPSHOT 25 | -------------------------------------------------------------------------------- /tck/common/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 20 | 21 | 22 | 4.0.0 23 | 24 | 25 | org.eclipse.ee4j.authorization.tck 26 | jakarta-authorization-tck 27 | 3.0.0-SNAPSHOT 28 | 29 | 30 | common 31 | jar 32 | 33 | 34 | 35 | jakarta.xml.bind 36 | jakarta.xml.bind-api 37 | 4.0.0 38 | provided 39 | 40 | 41 | 42 | junit 43 | junit 44 | provided 45 | 46 | 47 | 48 | org.jboss.arquillian.junit 49 | arquillian-junit-container 50 | provided 51 | 52 | 53 | 54 | org.htmlunit 55 | htmlunit 56 | 3.11.0 57 | provided 58 | 59 | 60 | 61 | -------------------------------------------------------------------------------- /tck/common/src/main/java/ee/jakarta/tck/authorization/util/Assert.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2024 Contributors to the Eclipse Foundation. 3 | * Copyright (c) 2015, 2020 Oracle and/or its affiliates. All rights reserved. 4 | * 5 | * This program and the accompanying materials are made available under the 6 | * terms of the Eclipse Public License v. 2.0, which is available at 7 | * http://www.eclipse.org/legal/epl-2.0. 8 | * 9 | * This Source Code may also be made available under the following Secondary 10 | * Licenses when the conditions for such availability set forth in the 11 | * Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 12 | * version 2 with the GNU Classpath Exception, which is available at 13 | * https://www.gnu.org/software/classpath/license.html. 14 | * 15 | * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 16 | */ 17 | 18 | package ee.jakarta.tck.authorization.util; 19 | 20 | import static org.junit.Assert.assertFalse; 21 | import static org.junit.Assert.assertTrue; 22 | 23 | public final class Assert { 24 | 25 | public static void assertDefaultNoAccess(String response) { 26 | assertFalse( 27 | "Should not have access to servlet, but had access.\n" + 28 | response, 29 | response.contains("This is a servlet")); 30 | } 31 | 32 | public static void assertDefaultAccess(String response) { 33 | assertTrue( 34 | "Should have access to servlet, but had no access.\n" + 35 | response, 36 | response.contains("This is a servlet")); 37 | } 38 | 39 | public static void assertDefaultAuthenticated(String response) { 40 | assertAuthenticated("web", "reza", response, "foo", "bar"); 41 | } 42 | 43 | public static void assertDefaultNotAuthenticated(String response) { 44 | assertNotAuthenticated("web", "reza", response, "foo", "bar"); 45 | } 46 | 47 | public static void assertAuthenticated(String userType, String name, String response, String... roles) { 48 | assertTrue( 49 | "Should be authenticated as user " + name + " but was not \n Response: \n" + 50 | response + "\n search: " + userType + " username: " + name, 51 | response.contains(userType + " username: " + name)); 52 | 53 | for (String role : roles) { 54 | assertTrue( 55 | "Authenticated user should have role \"" + role + "\", but did not \n Response: \n" + 56 | response, 57 | response.contains(userType + " user has role \"" + role + "\": true")); 58 | } 59 | } 60 | 61 | public static void assertNotAuthenticated(String userType, String name, String response, String... roles) { 62 | assertFalse( 63 | "Should not be authenticated as user " + name + " but was \n Response: \n" + 64 | response + "\n search: " + userType + " username: " + name, 65 | response.contains(userType + " username: " + name)); 66 | 67 | for (String role : roles) { 68 | assertFalse( 69 | "Authenticated user should not have role \"" + role + "\", but did \n Response: \n" + 70 | response, 71 | response.contains(userType + " user has role \"" + role + "\": true")); 72 | } 73 | } 74 | 75 | } 76 | -------------------------------------------------------------------------------- /tck/common/src/main/java/ee/jakarta/tck/authorization/util/ShrinkWrap.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2015, 2020 Oracle and/or its affiliates. All rights reserved. 3 | * 4 | * This program and the accompanying materials are made available under the 5 | * terms of the Eclipse Public License v. 2.0, which is available at 6 | * http://www.eclipse.org/legal/epl-2.0. 7 | * 8 | * This Source Code may also be made available under the following Secondary 9 | * Licenses when the conditions for such availability set forth in the 10 | * Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 11 | * version 2 with the GNU Classpath Exception, which is available at 12 | * https://www.gnu.org/software/classpath/license.html. 13 | * 14 | * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 15 | */ 16 | 17 | package ee.jakarta.tck.authorization.util; 18 | 19 | import static java.lang.System.getProperty; 20 | import static org.jboss.shrinkwrap.api.ShrinkWrap.create; 21 | 22 | import java.io.File; 23 | import org.jboss.shrinkwrap.api.importer.ZipImporter; 24 | import org.jboss.shrinkwrap.api.spec.WebArchive; 25 | 26 | public class ShrinkWrap { 27 | 28 | public static WebArchive mavenWar() { 29 | return 30 | create(ZipImporter.class, getProperty("finalName") + ".war") 31 | .importFrom(new File("target/" + getProperty("finalName") + ".war")) 32 | .as(WebArchive.class); 33 | } 34 | 35 | } 36 | -------------------------------------------------------------------------------- /tck/common/src/main/java/ee/jakarta/tck/authorization/util/logging/server/TSLogRecord.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2007, 2020 Oracle and/or its affiliates. All rights reserved. 3 | * 4 | * This program and the accompanying materials are made available under the 5 | * terms of the Eclipse Public License v. 2.0, which is available at 6 | * http://www.eclipse.org/legal/epl-2.0. 7 | * 8 | * This Source Code may also be made available under the following Secondary 9 | * Licenses when the conditions for such availability set forth in the 10 | * Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 11 | * version 2 with the GNU Classpath Exception, which is available at 12 | * https://www.gnu.org/software/classpath/license.html. 13 | * 14 | * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 15 | */ 16 | 17 | /** 18 | * $Id$ 19 | * 20 | * @author Raja Perumal 21 | * 07/12/02 22 | */ 23 | 24 | package ee.jakarta.tck.authorization.util.logging.server; 25 | 26 | import java.util.logging.Level; 27 | import java.util.logging.LogRecord; 28 | 29 | /** 30 | * TSLogRecord is the custom LogRecord which has one additional logging field ContextId, in addition to the regular 31 | * Logging fields. The Log fields of TSLogRecord are 1) sequence number 2) context Id (The logging context) 3) message 32 | * 4) class name (The class which logs the log message) 5) method name ( The method which logs the log message) 33 | **/ 34 | public class TSLogRecord extends LogRecord { 35 | 36 | private static final long serialVersionUID = 1L; 37 | 38 | /** 39 | * @serial The logging context Id 40 | */ 41 | private String contextId; 42 | 43 | /** 44 | * Construct a LogRecord with the given level, message and context values. 45 | * 46 | * @param level a logging level value 47 | * @param contextId the logging contextId 48 | * @param msg the raw non-localized logging message 49 | * 50 | */ 51 | TSLogRecord(Level level, String message, String contextId) { 52 | // set the rest of the fields using parent constructor 53 | super(level, message); 54 | this.contextId = contextId; 55 | 56 | } 57 | 58 | /** 59 | * Construct a LogRecord with the given level and message 60 | * 61 | * @param level a logging level value 62 | * @param msg the raw non-localized logging message 63 | * 64 | */ 65 | TSLogRecord(Level level, String message) { 66 | super(level, message); 67 | // Add jacc_ctx for default contextId 68 | this.contextId = "jacc_ctx"; 69 | } 70 | 71 | /** 72 | * Get the contextId 73 | * 74 | * @ return contextId 75 | */ 76 | public String getContextId() { 77 | return contextId; 78 | } 79 | 80 | /** 81 | * Set the contextId 82 | * 83 | * @param contextId the logging context Id 84 | */ 85 | public void setContextId(String cId) { 86 | contextId = cId; 87 | } 88 | 89 | } 90 | -------------------------------------------------------------------------------- /tck/j2ee.pass: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2024, 2024 Contributors to the Eclipse Foundation. 3 | # 4 | # This program and the accompanying materials are made available under the 5 | # terms of the Eclipse Public License v. 2.0, which is available at 6 | # http://www.eclipse.org/legal/epl-2.0. 7 | # 8 | # This Source Code may also be made available under the following Secondary 9 | # Licenses when the conditions for such availability set forth in the 10 | # Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 11 | # version 2 with the GNU Classpath Exception, which is available at 12 | # https://www.gnu.org/software/classpath/license.html. 13 | # 14 | # SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 15 | # 16 | AS_ADMIN_USERPASSWORD=j2ee -------------------------------------------------------------------------------- /tck/javajoe.pass: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2024, 2024 Contributors to the Eclipse Foundation. 3 | # 4 | # This program and the accompanying materials are made available under the 5 | # terms of the Eclipse Public License v. 2.0, which is available at 6 | # http://www.eclipse.org/legal/epl-2.0. 7 | # 8 | # This Source Code may also be made available under the following Secondary 9 | # Licenses when the conditions for such availability set forth in the 10 | # Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 11 | # version 2 with the GNU Classpath Exception, which is available at 12 | # https://www.gnu.org/software/classpath/license.html. 13 | # 14 | # SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 15 | # 16 | AS_ADMIN_USERPASSWORD=javajoe -------------------------------------------------------------------------------- /tck/reza.pass: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2024, 2024 Contributors to the Eclipse Foundation. 3 | # 4 | # This program and the accompanying materials are made available under the 5 | # terms of the Eclipse Public License v. 2.0, which is available at 6 | # http://www.eclipse.org/legal/epl-2.0. 7 | # 8 | # This Source Code may also be made available under the following Secondary 9 | # Licenses when the conditions for such availability set forth in the 10 | # Eclipse Public License v. 2.0 are satisfied: GNU General Public License, 11 | # version 2 with the GNU Classpath Exception, which is available at 12 | # https://www.gnu.org/software/classpath/license.html. 13 | # 14 | # SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 15 | # 16 | AS_ADMIN_USERPASSWORD=secret1 --------------------------------------------------------------------------------