Examples of org.jboss.test.security.ejb3.SimpleSession

• org.jboss.test.security.ejb3.SimpleSession

  This is the remote interface of session beans used in the EJB3 security tests.

  @author Stefan Guilhen

      // login with a user that has the RegularUser role.
      this.login("UserB", "PassB".toCharArray());

      // get a reference to the remote run-as session.
      Object obj = getInitialContext().lookup("RunAsSessionBean/remote");
      RunAsSession session = (RunAsSession) PortableRemoteObject.narrow(obj, RunAsSession.class);

      // invoke the session, that delegates the invocation to the delegate session using @RunAs.
      Principal principal = session.invokeRunAs();
      assertNotNull("Found unexpected null principal", principal);
      // run-as identity should be the default unauthenticated identity configured in the login module.
      assertEquals("anonymous", principal.getName());

      this.logout();

      // login with a user that has the RegularUser role.
      this.login("UserA", "PassA".toCharArray());

      // get a reference to the remote protected stateless session bean.
      Object obj = getInitialContext().lookup("SimpleStatelessSessionBean/remote");
      SimpleSession session = (SimpleSession) PortableRemoteObject.narrow(obj, SimpleSession.class);

      Principal principal = null;
      try
      {
         principal = session.invokeRegularMethod();
         if (!(principal instanceof EJB3CustomPrincipalImpl))
            fail("Custom principal is not the caller principal");
      }
      catch (EJBAccessException eae)
      {

      // login with a user that has the Administrator role.
      this.login("UserA", "PassA".toCharArray());

      // get a reference to the remote protected stateless session bean.
      Object obj = getInitialContext().lookup("SimpleStatelessSessionBean/remote");
      SimpleSession session = (SimpleSession) PortableRemoteObject.narrow(obj, SimpleSession.class);

      // an administrator should have access to all methods but invokeUnavailableMethod.
      this.assertMethodAccessResults(session, true, true);

      // repeat the tests, this time calling a stateful session bean.

      // login with a user that has the RegularUser role.
      this.login("UserB", "PassB".toCharArray());

      // get a reference to the remote protected stateless session bean.
      Object obj = getInitialContext().lookup("SimpleStatelessSessionBean/remote");
      SimpleSession session = (SimpleSession) PortableRemoteObject.narrow(obj, SimpleSession.class);

      // a regular user cannot access administrative methods.
      this.assertMethodAccessResults(session, true, false);

      // repeat the tests, this time calling a stateful session bean.

      // login with a user that has the Guest role.
      this.login("UserC", "PassC".toCharArray());

      // get a reference to the remote protected stateless session bean.
      Object obj = getInitialContext().lookup("SimpleStatelessSessionBean/remote");
      SimpleSession session = (SimpleSession) PortableRemoteObject.narrow(obj, SimpleSession.class);

      // a guest user should have access to unprotected methods only.
      this.assertMethodAccessResults(session, false, false);

      // repeat the tests, this time calling a stateful session bean.

    */
   public void testUnauthenticatedMethodAccess() throws Exception
   {
      // get a reference to the remote protected stateless session bean.
      Object obj = getInitialContext().lookup("SimpleStatelessSessionBean/remote");
      SimpleSession session = (SimpleSession) PortableRemoteObject.narrow(obj, SimpleSession.class);

      // an unauthenticated user should have access to unprotected methods only.
      this.assertMethodAccessResults(session, false, false);

      // repeat the tests, this time calling a stateful session bean.