You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by jl...@apache.org on 2021/04/26 17:31:36 UTC
[tomee-tck] branch master updated (15f7763 -> 2d8ec64)
This is an automated email from the ASF dual-hosted git repository.
jlmonteiro pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/tomee-tck.git.
from 15f7763 Fine tune Permissions for CTS tests
new aa56532 Refine permissions a bit more
new 2d8ec64 JASPIC configuration (missing permissions)
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../tomee-plume/conf/ProviderConfiguration.xml | 86 +++++++++++-----------
src/test/tomee-plume/conf/catalina.policy | 18 ++++-
src/test/tomee-plume/conf/context.xml | 8 --
3 files changed, 60 insertions(+), 52 deletions(-)
[tomee-tck] 01/02: Refine permissions a bit more
Posted by jl...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jlmonteiro pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomee-tck.git
commit aa5653258801b546d5ba7b4af2913aac3bd891aa
Author: Jean-Louis Monteiro <jl...@tomitribe.com>
AuthorDate: Mon Apr 26 16:21:33 2021 +0200
Refine permissions a bit more
Signed-off-by: Jean-Louis Monteiro <jl...@tomitribe.com>
---
src/test/tomee-plume/conf/catalina.policy | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/test/tomee-plume/conf/catalina.policy b/src/test/tomee-plume/conf/catalina.policy
index 565dcf2..4413ba4 100644
--- a/src/test/tomee-plume/conf/catalina.policy
+++ b/src/test/tomee-plume/conf/catalina.policy
@@ -171,14 +171,16 @@ grant {
permission java.util.PropertyPermission "openejb.*", "read";
permission java.util.PropertyPermission "user.name", "read";
permission java.util.PropertyPermission "java.io.tmpdir", "read";
+ permission java.io.FilePermission "${catalina.base}/lib/-", "read"; // java ee api class, slf4j, owb, etc
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.loader"; // tomee
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.core"; // tomee
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.realm"; // tomee
- permission java.io.FilePermission "${catalina.base}/lib/-", "read"; // java ee api class, slf4j, owb, etc
+ permission java.lang.RuntimePermission "setContextClassLoader"; // tomee
permission java.lang.RuntimePermission "accessDeclaredMembers"; // owb
permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; // owb
permission java.net.SocketPermission "localhost", "connect,resolve"; // jndi
permission java.net.SocketPermission "127.0.0.1", "connect,resolve"; // jndi
+ permission javax.security.auth.AuthPermission "doAsPrivileged"; // tomee security
permission javax.security.auth.AuthPermission "modifyPrincipals"; // tomee security
permission javax.security.auth.AuthPermission "modifyPrivateCredentials"; // tomee security
[tomee-tck] 02/02: JASPIC configuration (missing permissions)
Posted by jl...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
jlmonteiro pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomee-tck.git
commit 2d8ec640980091dc34a57a9e5b6df53eb8c2cc9a
Author: Jean-Louis Monteiro <jl...@tomitribe.com>
AuthorDate: Mon Apr 26 19:31:21 2021 +0200
JASPIC configuration (missing permissions)
Signed-off-by: Jean-Louis Monteiro <jl...@tomitribe.com>
---
.../tomee-plume/conf/ProviderConfiguration.xml | 86 +++++++++++-----------
src/test/tomee-plume/conf/catalina.policy | 14 ++++
src/test/tomee-plume/conf/context.xml | 8 --
3 files changed, 57 insertions(+), 51 deletions(-)
diff --git a/src/test/tomee-plume/conf/ProviderConfiguration.xml b/src/test/tomee-plume/conf/ProviderConfiguration.xml
index ff72155..e21cbff 100644
--- a/src/test/tomee-plume/conf/ProviderConfiguration.xml
+++ b/src/test/tomee-plume/conf/ProviderConfiguration.xml
@@ -18,47 +18,47 @@
-->
<provider-config
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns="http://java.oracle.com/xml/ns/jaspic"
- xsi:schemaLocation="http://java.oracle.com/xml/ns/jaspic provider-configuration.xsd">
- <provider-config-entry>
- <provider-class>com.sun.ts.tests.jaspic.tssv.config.TSAuthConfigProvider</provider-class>
- <properties version="1.0">
- <entry key="AuthStatus_SEND_SUCCESS">false</entry>
- <entry key="requestPolicy">USER_NAME_PASSWORD</entry>
- </properties>
- <message-layer>SOAP</message-layer>
- <app-context-id>null</app-context-id>
- <reg-description>TestSuite JSR 196 Config Provider</reg-description>
- </provider-config-entry>
- <provider-config-entry>
- <provider-class>com.sun.ts.tests.jaspic.tssv.config.TSAuthConfigProvider</provider-class>
- <properties version="1.0">
- <entry key="AuthStatus_SEND_SUCCESS">false</entry>
- <entry key="requestPolicy">USER_NAME_PASSWORD</entry>
- </properties>
- <message-layer>SOAP</message-layer>
- <app-context-id>Catalina/localhost /Hello_web/Hello</app-context-id>
- <reg-description>TestSuite JSR 196 Config Provider</reg-description>
- </provider-config-entry>
- <provider-config-entry>
- <provider-class>com.sun.ts.tests.jaspic.tssv.config.TSAuthConfigProviderServlet</provider-class>
- <properties version="1.0">
- <entry key="AuthStatus_SEND_SUCCESS">true</entry>
- <entry key="requestPolicy">USER_NAME_PASSWORD</entry>
- </properties>
- <message-layer>HttpServlet</message-layer>
- <app-context-id>Catalina/localhost /spitests_servlet_web</app-context-id>
- <reg-description>Registration for TSAuthConfigProviderServlet using spitests_servlet_web</reg-description>
- </provider-config-entry>
- <provider-config-entry>
- <provider-class>com.sun.ts.tests.jaspic.tssv.config.TSAuthConfigProviderServlet</provider-class>
- <properties version="1.0">
- <entry key="AuthStatus_SEND_SUCCESS">true</entry>
- <entry key="requestPolicy">USER_NAME_PASSWORD</entry>
- </properties>
- <message-layer>HttpServlet</message-layer>
- <app-context-id>Catalina/localhost /spitests_servlet_web/WrapperServlet</app-context-id>
- <reg-description>Registration for TSAuthConfigProviderServlet using spitests_servlet_web</reg-description>
- </provider-config-entry>
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns="http://java.oracle.com/xml/ns/jaspic"
+ xsi:schemaLocation="http://java.oracle.com/xml/ns/jaspic provider-configuration.xsd">
+ <provider-config-entry>
+ <provider-class>com.sun.ts.tests.jaspic.tssv.config.TSAuthConfigProvider</provider-class>
+ <properties version="1.0">
+ <entry key="AuthStatus_SEND_SUCCESS">false</entry>
+ <entry key="requestPolicy">USER_NAME_PASSWORD</entry>
+ </properties>
+ <message-layer>SOAP</message-layer>
+ <app-context-id>null</app-context-id>
+ <reg-description>TestSuite JSR 196 Config Provider</reg-description>
+ </provider-config-entry>
+ <provider-config-entry>
+ <provider-class>com.sun.ts.tests.jaspic.tssv.config.TSAuthConfigProvider</provider-class>
+ <properties version="1.0">
+ <entry key="AuthStatus_SEND_SUCCESS">false</entry>
+ <entry key="requestPolicy">USER_NAME_PASSWORD</entry>
+ </properties>
+ <message-layer>SOAP</message-layer>
+ <app-context-id>Catalina/localhost /Hello_web/Hello</app-context-id>
+ <reg-description>TestSuite JSR 196 Config Provider</reg-description>
+ </provider-config-entry>
+ <provider-config-entry>
+ <provider-class>com.sun.ts.tests.jaspic.tssv.config.TSAuthConfigProviderServlet</provider-class>
+ <properties version="1.0">
+ <entry key="AuthStatus_SEND_SUCCESS">true</entry>
+ <entry key="requestPolicy">USER_NAME_PASSWORD</entry>
+ </properties>
+ <message-layer>HttpServlet</message-layer>
+ <app-context-id>Catalina/localhost /spitests_servlet_web</app-context-id>
+ <reg-description>Registration for TSAuthConfigProviderServlet using spitests_servlet_web</reg-description>
+ </provider-config-entry>
+ <provider-config-entry>
+ <provider-class>com.sun.ts.tests.jaspic.tssv.config.TSAuthConfigProviderServlet</provider-class>
+ <properties version="1.0">
+ <entry key="AuthStatus_SEND_SUCCESS">true</entry>
+ <entry key="requestPolicy">USER_NAME_PASSWORD</entry>
+ </properties>
+ <message-layer>HttpServlet</message-layer>
+ <app-context-id>Catalina/localhost /spitests_servlet_web/WrapperServlet</app-context-id>
+ <reg-description>Registration for TSAuthConfigProviderServlet using spitests_servlet_web</reg-description>
+ </provider-config-entry>
</provider-config>
diff --git a/src/test/tomee-plume/conf/catalina.policy b/src/test/tomee-plume/conf/catalina.policy
index 4413ba4..4fb8777 100644
--- a/src/test/tomee-plume/conf/catalina.policy
+++ b/src/test/tomee-plume/conf/catalina.policy
@@ -292,6 +292,20 @@ grant codeBase "file:${catalina.home}/webapps/host-manager/-" {
// };
// TomEE for CTS configuration
+grant codeBase "file:${cts.home}/dist/com/sun/ts/tests/jaspic/-" {
+ permission java.io.FilePermission "${catalina.base}/conf/-", "read";
+ permission java.io.FilePermission "${catalina.base}/conf/jaspic-providers.xml", "read,write,delete"; // Tomcat ACF
+ permission java.io.FilePermission "${catalina.base}/conf/jaspic-providers.xml.new", "read,write,delete"; // Tomcat ACF
+ permission java.io.FilePermission "${catalina.base}/conf/jaspic-providers.xml.old", "read,write,delete"; // Tomcat ACF
+ permission java.io.FilePermission "${catalina.base}/temp/-", "read,write";
+ permission java.io.FilePermission "${catalina.base}/logs/-", "read,write";
+ permission java.io.FilePermission "${catalina.base}/work/-", "read,write";
+ permission java.util.PropertyPermission "*", "read,write"; // the log file
+ permission java.security.SecurityPermission "getProperty.authconfigprovider.factory";
+ permission java.security.SecurityPermission "setProperty.authconfigprovider.factory";
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.authenticator.jaspic";
+ permission java.util.logging.LoggingPermission "control";
+};
grant codeBase "file:${cts.home}/dist/com/sun/ts/tests/servlet/ee/spec/security/permissiondd/servlet_ee_spec_security_permissiondd_web/-" {
permission java.util.PropertyPermission "cts.*", "read";
diff --git a/src/test/tomee-plume/conf/context.xml b/src/test/tomee-plume/conf/context.xml
index 5d42cfe..3c422ef 100644
--- a/src/test/tomee-plume/conf/context.xml
+++ b/src/test/tomee-plume/conf/context.xml
@@ -30,14 +30,6 @@
-->
<Valve className="org.apache.openejb.cts.TransactionalWorkaroundLeakGuardValve"/>
- <!-- Rollback this because it causes some other tests to fail because they test the Form authentication and Tomcat
- Does not allow multiple authenticator valve
- We need to hear back or to find a way to only add this for jaspic webapp or tests
-
- <Valve className="org.apache.catalina.authenticator.BasicAuthenticator"
- jaspicCallbackHandlerClass="org.apache.openejb.cts.CallbackHandlerImpl"
- />
- -->
<Environment name="myUrl" value="http://google.com"
type="java.net.URL" override="false"/>