1 Reply Latest reply on Mar 25, 2013 3:55 AM by Antoine Simonnet

    Struggling to test secure EJB: No mapping available for role reference

    Antoine Simonnet Newbie

      Hi All,

       

      I'm trying to test an EJB secured with basic authentification.

       

      I'm using Arquillian with Glassfish Embedded:

       

              <dependency>

                  <groupId>org.jboss.arquillian</groupId>

                  <artifactId>arquillian-bom</artifactId>

                  <version>1.0.3.Final</version>

                  <scope>import</scope>

                  <type>pom</type>

              </dependency>

       

                  <dependency>

                      <groupId>org.jboss.arquillian.container</groupId>

                      <artifactId>arquillian-glassfish-embedded-3.1</artifactId>

                      <version>1.0.0.CR3</version>

                      <scope>test</scope>             

                  </dependency>

                  <dependency>

                      <groupId>org.glassfish.main.extras</groupId>

                      <artifactId>glassfish-embedded-all</artifactId>

                      <version>3.1.2</version>

                      <scope>provided</scope>

                  </dependency>

       

      Test.java:

       

      @RunWith(Arquillian.class)

      public class GirafeBOFactoryLocalBeanTest {

         

          @EJB(mappedName="ejb/GirafeBeanFactory")

          private GirafeBOFactoryLocal girafeBOFactory;

        

          public GirafeBOFactoryLocalBeanTest() {

          }

         

          @Deployment

          public static JavaArchive createDeployment() {

             

              JavaArchive myArchive = ShrinkWrap.create(JavaArchive.class)

                  .addPackage(GirafeBOFactoryLocalBean.class.getPackage())

                  .addPackage(Fault.class.getPackage())

                  .addAsManifestResource("META-INF/persistence.xml", "persistence.xml")

                  .addAsManifestResource("META-INF/sun-ejb-jar.xml", "sun-ejb-jar.xml")

                  .addAsManifestResource("META-INF/ejb-jar.xml", "ejb-jar.xml")

                  .addAsManifestResource(EmptyAsset.INSTANCE, "beans.xml");

                  

              System.out.println(myArchive.toString(true));

             

              return myArchive;

          }

       

          /**

           * Test of getFault method, of class GirafeBOFactoryLocalBean.

           */

          @Test

          public void testGetFault_4args() throws Exception {

       

              if (GlassFishTestHelper.loginFileUser("simonna", "xxxxx"))

              {

                  System.out.println("login success");         

       

                  Fault expResult = null;

                 

                  Fault result = null;

       

                  System.out.println("context:" + this.girafeBOFactory.getSessionContext());

                  System.out.println("principal:" + this.girafeBOFactory.getSessionContext().getCallerPrincipal());

                  System.out.println("role Query:" + this.girafeBOFactory.getSessionContext().isCallerInRole("Query"));

                  assertEquals(expResult, result);

              }

              else

              {

                  System.out.println("login failure");           

                  fail("Login failed.");

              }

       

       

          }

       

      The GlassfishTestHelper class simply connects the embedded server using the programmatic API:

       

      ProgrammaticLogin pgLogin = new ProgrammaticLogin();       

      boolean res = pgLogin.login(username, password.toCharArray(), "CbsWebRealm", true);

       

      The connection seems to work properly, however the test is failing when checking the user role:

       

      Output:

      INFO: test was successfully deployed in 4,820 milliseconds.

      getFault

      login success

      context:GirafeBOFactoryLocalBean; id: [B@3f8949

      principal:simonna

      classLoader = WebappClassLoader (delegate=true; repositories=WEB-INF/classes/)

      SharedSecrets.getJavaNetAccess()=java.net.URLClassLoader$7@1def16d

      PlainTextActionReporterSUCCESSNo monitoring data to report.

      Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 8.315 sec <<< FAILURE!

       

      Exception:

      Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 8.315 sec <<< FAILURE!

      testGetFault_4args(com.telkom.girafe.beans.GirafeBOFactoryLocalBeanTest)  Time elapsed: 0.436 sec  <<< ERROR!

      java.lang.IllegalStateException: No mapping available for role reference Query

                at com.sun.ejb.containers.EJBContextImpl.isCallerInRole(EJBContextImpl.java:463)

                at com.telkom.girafe.beans.GirafeBOFactoryLocalBeanTest.testGetFault_4args(GirafeBOFactoryLocalBeanTest.java:118)

       

       

      It looks like my sun-ejb-jar.xml (where my role / group mapping is defined) is not taken into consideration.

      I guess the way I add the file as a manifest resource with ShrinkWrap is incorrect, but I couldn't find the right way to do it?

       

      Did somebody already had this problem and found a solution?

      I could not find any complete example implementing secure EJB testing with Arquillian. This would definitely help.

        • 1. Re: Struggling to test secure EJB: No mapping available for role reference
          Antoine Simonnet Newbie

          I managed to get some progress by using the "Default Principal to Role Mapping" property.

           

          I activated it in the domain.xml file defined as a test resource and used by my embedded glassfish:

          <security-service activate-default-principal-to-role-mapping="true">

           

          When this property is activated, the group defined for a users is used as role directly.

          I therefore add to modify the groups of my testing users to have them correspond to the roles declared and allowed for my EJB.

           

          With this, I could access my EJBs.