javaee-samples
diff --git a/‎README.md‎
Lines changed: 30 additions & 12 deletions b/‎README.md‎
Lines changed: 30 additions & 12 deletions
diff --git a/‎jaspic/async-authentication/pom.xml‎
Lines changed: 14 additions & 3 deletions b/‎jaspic/async-authentication/pom.xml‎
Lines changed: 14 additions & 3 deletions
diff --git a/‎jaspic/dispatching-jsf-cdi/pom.xml‎
Lines changed: 13 additions & 3 deletions b/‎jaspic/dispatching-jsf-cdi/pom.xml‎
Lines changed: 13 additions & 3 deletions
diff --git a/‎jaspic/ejb-propagation/pom.xml‎
Lines changed: 13 additions & 1 deletion b/‎jaspic/ejb-propagation/pom.xml‎
Lines changed: 13 additions & 1 deletion
diff --git a/‎jaspic/ejb-register-session/pom.xml‎
Lines changed: 36 additions & 0 deletions b/‎jaspic/ejb-register-session/pom.xml‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎…ic/registersession/ejb/ProtectedEJB.java‎ ‎…ic/registersession/ejb/ProtectedEJB.java‎jaspic/register-session/src/main/java/org/javaee7/jaspic/registersession/ejb/ProtectedEJB.java renamed to jaspic/ejb-register-session/src/main/java/org/javaee7/jaspic/registersession/ejb/ProtectedEJB.java b/‎…ic/registersession/ejb/ProtectedEJB.java‎ ‎…ic/registersession/ejb/ProtectedEJB.java‎jaspic/register-session/src/main/java/org/javaee7/jaspic/registersession/ejb/ProtectedEJB.java renamed to jaspic/ejb-register-session/src/main/java/org/javaee7/jaspic/registersession/ejb/ProtectedEJB.java
diff --git a/‎…aspic/registersession/ejb/PublicEJB.java‎ ‎…aspic/registersession/ejb/PublicEJB.java‎jaspic/register-session/src/main/java/org/javaee7/jaspic/registersession/ejb/PublicEJB.java renamed to jaspic/ejb-register-session/src/main/java/org/javaee7/jaspic/registersession/ejb/PublicEJB.java b/‎…aspic/registersession/ejb/PublicEJB.java‎ ‎…aspic/registersession/ejb/PublicEJB.java‎jaspic/register-session/src/main/java/org/javaee7/jaspic/registersession/ejb/PublicEJB.java renamed to jaspic/ejb-register-session/src/main/java/org/javaee7/jaspic/registersession/ejb/PublicEJB.java
diff --git a/‎jaspic/ejb-register-session/src/main/java/org/javaee7/jaspic/registersession/sam/MyPrincipal.java‎
Lines changed: 23 additions & 0 deletions b/‎jaspic/ejb-register-session/src/main/java/org/javaee7/jaspic/registersession/sam/MyPrincipal.java‎
Lines changed: 23 additions & 0 deletions
diff --git a/‎jaspic/ejb-register-session/src/main/java/org/javaee7/jaspic/registersession/sam/SamAutoRegistrationListener.java‎
Lines changed: 22 additions & 0 deletions b/‎jaspic/ejb-register-session/src/main/java/org/javaee7/jaspic/registersession/sam/SamAutoRegistrationListener.java‎
Lines changed: 22 additions & 0 deletions
diff --git a/‎jaspic/ejb-register-session/src/main/java/org/javaee7/jaspic/registersession/sam/TestServerAuthModule.java‎
Lines changed: 116 additions & 0 deletions b/‎jaspic/ejb-register-session/src/main/java/org/javaee7/jaspic/registersession/sam/TestServerAuthModule.java‎
Lines changed: 116 additions & 0 deletions
@@ -12,7 +12,7 @@ A brief instruction how to clone, build, import and run the samples on your loca
 
 Only one container profile and one profile for browser can be active at a given time otherwise there will be dependency conflicts.
 
-There are 10 available container profiles, for 5 different servers:
+There are 11 available container profiles, for 6 different servers:
 
 * ``wildfly-managed-arquillian``
 
@@ -115,8 +115,7 @@ There are 10 available container profiles, for 5 different servers:
 * ``weblogic-remote-arquillian``
 
     This profile requires you to start up a WebLogic server outside of the build. Each sample will then
-    reuse this instance to run the tests. NOTE: this has been tested on WebLogic 12.1.3, which is a Java EE 6 implementation,
-    but it has some Java EE 7 features which can be optionally activated.
+    reuse this instance to run the tests.
 
     This profile requires you to set the location where WebLogic is installed via the ``weblogicRemoteArquillian_wlHome``
     system property. E.g.
@@ -129,15 +128,37 @@ There are 10 available container profiles, for 5 different servers:
     ``-DweblogicRemoteArquillian_adminUserName=myuser``
     ``-DweblogicRemoteArquillian_adminPassword=mypassword``
 
-Some of the containers allow you to override the version used
+* ``tomcat-remote``
+
+    This profile requires you to start up a plain Tomcat (8.5 or 9) server outside of the build. Each sample will then
+    reuse this instance to run the tests.
+    
+    Tomcat supports samples that make use of Servlet, JSP, Expression Language (EL), WebSocket and JASPIC.
+    
+    This profile requires you to enable JMX in Tomcat. This can be done by adding the following to ``[tomcat home]/bin/catalina.sh``:
+    
+    ```
+    JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote.port=8089 -Dcom.sun.management.jmxremote=true "
+    JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote.ssl=false "
+    JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote.authenticate=false"
+    JAVA_OPTS="$JAVA_OPTS -Djava.rmi.server.hostname=localhost "
+    ```
+    
+    Be aware that this should *only* be done for a Tomcat instance that's used exclusively for testing, as the above will make
+    the Tomcat installation **totally insecure!**
+      
+
+    
+    
+The containers that download and install a server allow you to override the version used, e.g.:
 
-* `-Dorg.wildfly=8.1.0.Final`
+* `-wildfly.version=8.1.0.Final`
 
-    This will change the version from 8.0.0 to 8.1.0.Final for WildFly.
+    This will change the version from the current one (e.g. 10.1.0.Final) to 8.1.0.Final for WildFly.
 
 * `-Dglassfish.version=4.1`
 
-    This will change the version from 4.1.1 to 4.1 for GlassFish testing purposes.
+    This will change the version from the current one (e.g 4.1.1) to 4.1 for GlassFish testing purposes.
 
 Similarly, there are 6 profiles to choose a browser to test on:
 
@@ -191,9 +212,8 @@ There is just a bunch of things you should keep in mind before sending a pull re
 
 Standard tests are jUnit based - for example [this commit](servlet/servlet-filters/src/test/java/org/javaee7/servlet/filters/FilterServletTest.java). Test classes naming must comply with surefire naming standards `**/*Test.java`, `**/*Test*.java` or `**/*TestCase.java`.
 
-However, if you fancy something new, hip and fashionable it is perfectly legal to write  Spock specifications as standard JavaEE integration test. For the sake of clarity and consistency, to minimize the upfront complexity, in this project we prefare standard jUnit test. However, some Spock example are provided in the `extra/spock-tests` folder  - [like here](extra/spock-tests/src/test/java/org/javaee7/servlet/filters/FilterServletSpecification.groovy). The `spock-tests` project also showcases the Maven configuration. In this particular case the Groovy Specification files are included in the maven test phase if and only if you follow Spock naming convention and give your `Specification` suffix the magic will happen.
+For the sake of clarity and consistency, and to minimize the upfront complexity, we prefer standard jUnit tests using Java, with as additional helpers HtmlUnit, Hamcrest and of course Arquillian. Please don't use alternatives for these technologies. If any new dependency has to be introduced into this project it should provide something that's not covered by these existing dependencies.
 
-The extras folder is not included by default, to limit Groovy dependency. If you want to import the extra samples in an Eclipse workspace (including the Spock tests), please install the [Groovy plugins for your Eclipse version](http://groovy.codehaus.org/Eclipse+Plugin) first, then import the sample projects you want using File>Import>Existing Maven Projects. 
 
 ### Some coding principles ###
 
@@ -209,9 +229,7 @@ That's it! Welcome in the community!
 
 ## CI Job ##
 
-* [WildFly](https://javaee-support.ci.cloudbees.com/job/javaee7-samples-wildfly-8.1/)
-* [GlassFish](https://javaee-support.ci.cloudbees.com/job/javaee7-samples-glassfish-4.1/)
-* [TomEE](https://javaee-support.ci.cloudbees.com/job/javaee7-samples-tomee-2.0/)
+CI jobs are executed by [Travis](https://travis-ci.org/javaee-samples/javaee7-samples). Note that by the very nature of the samples provided here it's perfectly normal that not all tests pass. This normally would indicate a bug in the server on which the samples are executed. If you think it's really the test that's faulty, then please submit an issue or provide a PR with a fix.
 
 ## Run each sample in Docker
 
 
@@ -6,11 +6,9 @@
         <groupId>org.javaee7</groupId>
         <artifactId>jaspic</artifactId>
         <version>1.0-SNAPSHOT</version>
-        <relativePath>../pom.xml</relativePath>
     </parent>
-    <groupId>org.javaee7</groupId>
+    
     <artifactId>jaspic-async-authentication</artifactId>
-    <version>1.0-SNAPSHOT</version>
     <packaging>war</packaging>
     <name>Java EE 7 Sample: jaspic - async-authentication</name>
 
@@ -21,4 +19,17 @@
             <version>1.0-SNAPSHOT</version>
         </dependency>
     </dependencies>
+    
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <configuration>
+                    <skipTests>${skipEJB}</skipTests>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+    
 </project>
@@ -6,12 +6,9 @@
         <groupId>org.javaee7</groupId>
         <artifactId>jaspic</artifactId>
         <version>1.0-SNAPSHOT</version>
-        <relativePath>../pom.xml</relativePath>
     </parent>
 
-    <groupId>org.javaee7</groupId>
     <artifactId>jaspic-dispatching-jsf-cdi</artifactId>
-    <version>1.0-SNAPSHOT</version>
     <packaging>war</packaging>
     <name>Java EE 7 Sample: jaspic - dispatching JSF CDI</name>
 
@@ -22,4 +19,17 @@
             <version>1.0-SNAPSHOT</version>
         </dependency>
     </dependencies>
+    
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <configuration>
+                    <skipTests>${skipJSF}</skipTests>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+    
 </project>
@@ -6,7 +6,6 @@
         <groupId>org.javaee7</groupId>
         <artifactId>jaspic</artifactId>
         <version>1.0-SNAPSHOT</version>
-        <relativePath>../pom.xml</relativePath>
     </parent>
 
     <artifactId>jaspic-ejb-propagation</artifactId>
@@ -20,4 +19,17 @@
             <version>1.0-SNAPSHOT</version>
         </dependency>
     </dependencies>
+    
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <configuration>
+                    <skipTests>${skipEJB}</skipTests>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+    
 </project>
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>org.javaee7</groupId>
+        <artifactId>jaspic</artifactId>
+        <version>1.0-SNAPSHOT</version>
+    </parent>
+    
+    <artifactId>jaspic-ejb-register-session</artifactId>
+    <packaging>war</packaging>
+    
+    <name>Java EE 7 Sample: jaspic - ejb-register-session</name>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.javaee7</groupId>
+            <artifactId>jaspic-common</artifactId>
+            <version>1.0-SNAPSHOT</version>
+        </dependency>
+    </dependencies>
+    
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <configuration>
+                    <skipTests>${skipEJB}</skipTests>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+    
+</project>
@@ -0,0 +1,23 @@
+package org.javaee7.jaspic.registersession.sam;
+
+import java.security.Principal;
+
+/**
+ * 
+ * @author Arjan Tijms
+ * 
+ */
+public class MyPrincipal implements Principal {
+
+    private final String name;
+    
+    public MyPrincipal(String name) {
+        this.name = name;
+    }
+    
+    @Override
+    public String getName() {
+        return name;
+    }
+    
+}
@@ -0,0 +1,22 @@
+package org.javaee7.jaspic.registersession.sam;
+
+import javax.servlet.ServletContextEvent;
+import javax.servlet.annotation.WebListener;
+
+import org.javaee7.jaspic.common.BaseServletContextListener;
+import org.javaee7.jaspic.common.JaspicUtils;
+
+/**
+ * 
+ * @author Arjan Tijms
+ *
+ */
+@WebListener
+public class SamAutoRegistrationListener extends BaseServletContextListener {
+
+    @Override
+    public void contextInitialized(ServletContextEvent sce) {
+        JaspicUtils.registerSAM(sce.getServletContext(), new TestServerAuthModule());
+    }
+
+}
@@ -0,0 +1,116 @@
+package org.javaee7.jaspic.registersession.sam;
+
+import static java.lang.Boolean.TRUE;
+import static javax.security.auth.message.AuthStatus.SUCCESS;
+
+import java.io.IOException;
+import java.security.Principal;
+import java.util.Map;
+
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.MessagePolicy;
+import javax.security.auth.message.callback.CallerPrincipalCallback;
+import javax.security.auth.message.callback.GroupPrincipalCallback;
+import javax.security.auth.message.module.ServerAuthModule;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+
+/**
+ * 
+ * @author Arjan Tijms
+ * 
+ */
+public class TestServerAuthModule implements ServerAuthModule {
+
+    private CallbackHandler handler;
+    private Class<?>[] supportedMessageTypes = new Class[] { HttpServletRequest.class, HttpServletResponse.class };
+
+    @Override
+    public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy, CallbackHandler handler,
+        @SuppressWarnings("rawtypes") Map options) throws AuthException {
+        this.handler = handler;
+    }
+
+    @SuppressWarnings("unchecked")
+    @Override
+    public AuthStatus validateRequest(MessageInfo messageInfo, Subject clientSubject, Subject serviceSubject)
+        throws AuthException {
+
+        HttpServletRequest request = (HttpServletRequest) messageInfo.getRequestMessage();
+        Callback[] callbacks;
+
+        Principal userPrincipal = request.getUserPrincipal();
+        if (userPrincipal != null && request.getParameter("continueSession") != null) {
+
+            // ### If already authenticated before, continue this session
+
+            // Execute protocol to signal container registered authentication session be used.
+            callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, userPrincipal) };
+
+        } else if (request.getParameter("doLogin") != null) {
+
+            // ### If not authenticated before, do a new login if so requested
+
+            // For the test perform a login by directly "returning" the details of the authenticated user.
+            // Normally credentials would be checked and the details fetched from some repository
+
+            callbacks = new Callback[] {
+                // The name of the authenticated user
+                
+                    request.getParameter("customPrincipal") == null?
+                        // Name based Callback 
+                        new CallerPrincipalCallback(clientSubject, "test") :
+                        
+                        // Custom principal based Callback
+                        new CallerPrincipalCallback(clientSubject, new MyPrincipal("test")),
+                
+                
+                // the roles of the authenticated user
+                new GroupPrincipalCallback(clientSubject, new String[] { "architect" }) };
+
+            // Tell container to register an authentication session.
+            messageInfo.getMap().put("javax.servlet.http.registerSession", TRUE.toString());
+        } else {
+
+            // ### If no registered session and no login request "do nothing"
+
+            // The JASPIC protocol for "do nothing"
+            callbacks = new Callback[] { new CallerPrincipalCallback(clientSubject, (Principal) null) };
+        }
+
+        try {
+
+            // Communicate the details of the authenticated user to the container. In many
+            // cases the handler will just store the details and the container will actually handle
+            // the login after we return from this method.
+            handler.handle(callbacks);
+
+        } catch (IOException | UnsupportedCallbackException e) {
+            throw (AuthException) new AuthException().initCause(e);
+        }
+
+        return SUCCESS;
+    }
+
+    @Override
+    public Class<?>[] getSupportedMessageTypes() {
+        return supportedMessageTypes;
+    }
+
+    @Override
+    public AuthStatus secureResponse(MessageInfo messageInfo, Subject serviceSubject) throws AuthException {
+        return AuthStatus.SEND_SUCCESS;
+    }
+
+    @Override
+    public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {
+
+    }
+}