You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomee.apache.org by André Zimmermann <zi...@gmail.com> on 2013/02/06 16:36:30 UTC

Testing security in webapp

Hi
Since very long time I'm trying to setup an environment with tomee / jpa and
security. I was able to create an EJB Layer, which i can test like the
following example, which is really nice.

http://tomee.apache.org/examples-trunk/testing-security-3/README.html

My first problem. How can I inject EntityManger to the LoginProvider. This
example LoginProvider just returns static roles. I would like to make
queries to the database and construct roles programatically. Or maybe I
should not use JAAS (ServiceLoginProviderModule) for this kind of
requirement.

My second problem. I also added a jersey layer on top. I would like to test
this layer with security. How i can do this? Are there any useful examples?
I tried many frameworks like rest-assured which looks realy nice to me, but
I couldn't figure out, how to configure web.xml without to declare
security-constraints for each jax-rs service. 

It could not be so complicated, but it seems, that I am the only one with
such problems. :-(

Thanks allot for your help



--
View this message in context: http://openejb.979440.n4.nabble.com/Testing-security-in-webapp-tp4660610.html
Sent from the OpenEJB Dev mailing list archive at Nabble.com.

Re: Testing security in webapp

Posted by Thiago Veronezi <th...@veronezi.org>.

Hi André,

Issue #1) The LoginModule has no injections. What you can do is to
lookup an ejb with your authentication logic.
This post does the same thing, but with javascript.
http://buildnplay.blogspot.ca/2012/12/tomee-and-jaas-with-javascript.html


[]s,
Thiago.

On Wed, Feb 6, 2013 at 10:36 AM, André Zimmermann <zi...@gmail.com> wrote:
> Hi
> Since very long time I'm trying to setup an environment with tomee / jpa and
> security. I was able to create an EJB Layer, which i can test like the
> following example, which is really nice.
>
> http://tomee.apache.org/examples-trunk/testing-security-3/README.html
>
> My first problem. How can I inject EntityManger to the LoginProvider. This
> example LoginProvider just returns static roles. I would like to make
> queries to the database and construct roles programatically. Or maybe I
> should not use JAAS (ServiceLoginProviderModule) for this kind of
> requirement.
>
> My second problem. I also added a jersey layer on top. I would like to test
> this layer with security. How i can do this? Are there any useful examples?
> I tried many frameworks like rest-assured which looks realy nice to me, but
> I couldn't figure out, how to configure web.xml without to declare
> security-constraints for each jax-rs service.
>
> It could not be so complicated, but it seems, that I am the only one with
> such problems. :-(
>
> Thanks allot for your help
>
>
>
> --
> View this message in context: http://openejb.979440.n4.nabble.com/Testing-security-in-webapp-tp4660610.html
> Sent from the OpenEJB Dev mailing list archive at Nabble.com.

Re: Testing security in webapp

Posted by Romain Manni-Bucau <rm...@gmail.com>.

Hi,

using a filter calling request.login is often enough to secure rest
services with JAAS.

about injections there is nothing in JavaEE but using a custom LoginModule
you can use tomee lazy realm and activate cdi. If you do so simply produce
your entity manager then use @Inject to get it. Another way is to use ejb
lookup or deltaspike BeanProvider.

*Romain Manni-Bucau*
*Twitter: @rmannibucau <https://twitter.com/rmannibucau>*
*Blog: **http://rmannibucau.wordpress.com/*<http://rmannibucau.wordpress.com/>
*LinkedIn: **http://fr.linkedin.com/in/rmannibucau*
*Github: https://github.com/rmannibucau*



2013/2/6 André Zimmermann <zi...@gmail.com>

> Hi
> Since very long time I'm trying to setup an environment with tomee / jpa
> and
> security. I was able to create an EJB Layer, which i can test like the
> following example, which is really nice.
>
> http://tomee.apache.org/examples-trunk/testing-security-3/README.html
>
> My first problem. How can I inject EntityManger to the LoginProvider. This
> example LoginProvider just returns static roles. I would like to make
> queries to the database and construct roles programatically. Or maybe I
> should not use JAAS (ServiceLoginProviderModule) for this kind of
> requirement.
>
> My second problem. I also added a jersey layer on top. I would like to test
> this layer with security. How i can do this? Are there any useful examples?
> I tried many frameworks like rest-assured which looks realy nice to me, but
> I couldn't figure out, how to configure web.xml without to declare
> security-constraints for each jax-rs service.
>
> It could not be so complicated, but it seems, that I am the only one with
> such problems. :-(
>
> Thanks allot for your help
>
>
>
> --
> View this message in context:
> http://openejb.979440.n4.nabble.com/Testing-security-in-webapp-tp4660610.html
> Sent from the OpenEJB Dev mailing list archive at Nabble.com.
>