Hi all,
I'm trying to create a servlet to test Basic Authentication. I'm using
Arquillian with Glassfish Embedded.
I have some questions:
1. I created a user in a separate Glassfish, I saw that it put my user in a
file named *keyfile*. Where should I put this file in my project?
2. I put this in my *web.xml* (the file is in* src/test/resources/security*),
is it correct?
1. <security-constraint>
2. <web-resource-collection>
3. <web-resource-name>Exemplo</web-resource-name>
4. <url-pattern>/AuthenticationServlet</url-pattern>
5. </web-resource-collection>
6. <auth-constraint>
7. <role-name>user</role-name>
8. </auth-constraint>
9. </security-constraint>
10. <login-config>
11. <auth-method>BASIC</auth-method>
12. <realm-name>file</realm-name>
13. </login-config>
3. I create a file name *sun-web.xml* (the file is in*
src/test/resources/security*) with the code below, is it correct?
1. <sun-web-app error-url="">
2. <security-role-mapping>
3. <role-name>user</role-name>
4. <group-name>users</group-name>
5. </security-role-mapping>
6. </sun-web-app>
4. I copy the file *domain.xml* from the separeted Glassfish and put it in
the directory *src/test/resources/security*, is it correct?
Below, the code from my *AuthenticationServlet*.
1. public class AuthenticationServlet extends HttpServlet {
2.
3. private static final long serialVersionUID = 1L;
4.
5. @Inject
6. private SecurityContext securityContext;
7.
8. @Inject
9. private Credentials credentials;
10.
11. protected void
doGet(HttpServletRequest request, HttpServletResponse response) throws
ServletException, IOException {
12. credentials.setUsername("asdrubal");
13. credentials.setPassword("asdrubal");
14. securityContext.login();
15. response.setStatus(HttpStatus.SC_OK);
16. }
17. }
Below, my keyfile content.
*
asdrubal;{SSHA256}xYbabe0zKCOUrsH4SNQ+MK75W7FxJujcDcAJ9iXruHm1uT5mn+yktw==;users
*
Below, my test class:
1. @RunWith(Arquillian.class)
2. public class SecurityTest {
3.
4.
5. private static final String PATH = "src/test/resources/security";
6.
7.
8. @ArquillianResource
9. private URL deploymentUrl;
10.
11.
12. @Deployment(testable = false)
13. public static WebArchive createDeployment() {
14. return Tests.createDeployment().addClass(AuthenticationServlet.
class)
15. .add(Tests.createFileAsset(PATH + "/keyfile"), "keyfile")
16. .addAsWebInfResource(Tests.createFileAsset(PATH + "/domain.xml"),
"domain.xml")
17. .addAsWebInfResource(Tests.createFileAsset(PATH + "/sun-web.xml"),
"sun-web.xml")
18. .addAsWebInfResource(Tests.createFileAsset(PATH + "/web.xml"),
"web.xml");
19. }
20.
21.
22. @Test
23. public void authentication() throws Exception {
24. HttpClient client = new HttpClient();
25. GetMethod method = new GetMethod(deploymentUrl +
"/AuthenticationServlet");
26. try {
27. int status = client.executeMethod(method);
28. assertEquals(HttpStatus.SC_OK, status);
29. } catch (Exception e) {
30. fail();
31. }
32. }
33. }
Where I'm going wrong?