0 Replies Latest reply on Sep 19, 2013 5:21 PM by lucianoborges

    Arquillian Glassfish Embedded Servlet Authtentication Test

    lucianoborges
    lucianoborges Sep 19, 2013 5:21 PM

      Hi all,

       

      I'm trying to create a servlet to test Basic Authentication. I'm using Arquillian with Glassfish Embedded.

       

      I have some questions:

       

      1. I created a user in a separate Glassfish, I saw that it put my user in a file named keyfile. Where should I put this file in my project?

       

      2. I put this in my web.xml (the file is in src/test/resources/security), is it correct?

       

      <security-constraint>
  <web-resource-collection>
  <web-resource-name>Exemplo</web-resource-name>
  <url-pattern>/AuthenticationServlet</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>user</role-name>
  </auth-constraint>
</security-constraint>
<login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>file</realm-name>
</login-config>

       

      3. I create a file name sun-web.xml (the file is in src/test/resources/security) with the code below, is it correct?

       

      <sun-web-app error-url="">
  <security-role-mapping>
  <role-name>user</role-name>
  <group-name>users</group-name>
  </security-role-mapping>
</sun-web-app>

       

      4. I copy the file domain.xml from the separeted Glassfish and put it in the directory src/test/resources/security, is it correct?

       

      Below, the code from my AuthenticationServlet.

       

      public class AuthenticationServlet extends HttpServlet {

  private static final long serialVersionUID = 1L;

  @Inject
  private SecurityContext securityContext;

  @Inject
  private Credentials credentials;

  protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
       credentials.setUsername("asdrubal");
       credentials.setPassword("asdrubal");
       securityContext.login();
       response.setStatus(HttpStatus.SC_OK);
  }
}

       

      Below, my keyfile content.

       

      asdrubal;{SSHA256}xYbabe0zKCOUrsH4SNQ+MK75W7FxJujcDcAJ9iXruHm1uT5mn+yktw==;users

       

      Below, my test class:

       

      @RunWith(Arquillian.class)
public class SecurityTest {


  private static final String PATH = "src/test/resources/security";


  @ArquillianResource
  private URL deploymentUrl;


  @Deployment(testable = false)
  public static WebArchive createDeployment() {
  return Tests.createDeployment().addClass(AuthenticationServlet.class)
  .add(Tests.createFileAsset(PATH + "/keyfile"), "keyfile")
  .addAsWebInfResource(Tests.createFileAsset(PATH + "/domain.xml"), "domain.xml")
  .addAsWebInfResource(Tests.createFileAsset(PATH + "/sun-web.xml"), "sun-web.xml")
  .addAsWebInfResource(Tests.createFileAsset(PATH + "/web.xml"), "web.xml");
  }


  @Test
  public void authentication() throws Exception {
       HttpClient client = new HttpClient();
       GetMethod method = new GetMethod(deploymentUrl + "/AuthenticationServlet");
       try {
            int status = client.executeMethod(method);
            assertEquals(HttpStatus.SC_OK, status);
       } catch (Exception e) {
            fail();
       }
  }
}

       

      Where I'm going wrong?