0 Replies Latest reply on Sep 19, 2013 5:21 PM by Luciano Borges

    Arquillian Glassfish Embedded Servlet Authtentication Test

    Luciano Borges Newbie

      Hi all,

       

      I'm trying to create a servlet to test Basic Authentication. I'm using Arquillian with Glassfish Embedded.

       

      I have some questions:

       

      1. I created a user in a separate Glassfish, I saw that it put my user in a file named keyfile. Where should I put this file in my project?

       

      2. I put this in my web.xml (the file is in src/test/resources/security), is it correct?

       

      <security-constraint>
        <web-resource-collection>
        <web-resource-name>Exemplo</web-resource-name>
        <url-pattern>/AuthenticationServlet</url-pattern>
        </web-resource-collection>
        <auth-constraint>
        <role-name>user</role-name>
        </auth-constraint>
      </security-constraint>
      <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>file</realm-name>
      </login-config>
      

       

      3. I create a file name sun-web.xml (the file is in src/test/resources/security) with the code below, is it correct?

       

      <sun-web-app error-url="">
        <security-role-mapping>
        <role-name>user</role-name>
        <group-name>users</group-name>
        </security-role-mapping>
      </sun-web-app>
      

       

      4. I copy the file domain.xml from the separeted Glassfish and put it in the directory src/test/resources/security, is it correct?

       

      Below, the code from my AuthenticationServlet.

       

      public class AuthenticationServlet extends HttpServlet {
      
        private static final long serialVersionUID = 1L;
      
        @Inject
        private SecurityContext securityContext;
      
        @Inject
        private Credentials credentials;
      
        protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
             credentials.setUsername("asdrubal");
             credentials.setPassword("asdrubal");
             securityContext.login();
             response.setStatus(HttpStatus.SC_OK);
        }
      }
      

       

      Below, my keyfile content.

       

      asdrubal;{SSHA256}xYbabe0zKCOUrsH4SNQ+MK75W7FxJujcDcAJ9iXruHm1uT5mn+yktw==;users

       

      Below, my test class:

       

      @RunWith(Arquillian.class)
      public class SecurityTest {
      
      
        private static final String PATH = "src/test/resources/security";
      
      
        @ArquillianResource
        private URL deploymentUrl;
      
      
        @Deployment(testable = false)
        public static WebArchive createDeployment() {
        return Tests.createDeployment().addClass(AuthenticationServlet.class)
        .add(Tests.createFileAsset(PATH + "/keyfile"), "keyfile")
        .addAsWebInfResource(Tests.createFileAsset(PATH + "/domain.xml"), "domain.xml")
        .addAsWebInfResource(Tests.createFileAsset(PATH + "/sun-web.xml"), "sun-web.xml")
        .addAsWebInfResource(Tests.createFileAsset(PATH + "/web.xml"), "web.xml");
        }
      
      
        @Test
        public void authentication() throws Exception {
             HttpClient client = new HttpClient();
             GetMethod method = new GetMethod(deploymentUrl + "/AuthenticationServlet");
             try {
                  int status = client.executeMethod(method);
                  assertEquals(HttpStatus.SC_OK, status);
             } catch (Exception e) {
                  fail();
             }
        }
      }
      

       

      Where I'm going wrong?