diff --git a/api/pom.xml b/api/pom.xml
index 8d572e30..6fc5c2d6 100644
--- a/api/pom.xml
+++ b/api/pom.xml
@@ -19,7 +19,7 @@
org.eclipse.microprofile.jwt
microprofile-jwt-auth-parent
- 2.2-SNAPSHOT
+ 3.0-SNAPSHOT
microprofile-jwt-auth-api
diff --git a/pom.xml b/pom.xml
index 547e5c9e..09ca4b4f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,16 +24,14 @@
org.eclipse.microprofile.jwt
microprofile-jwt-auth-parent
- 2.2-SNAPSHOT
+ 3.0-SNAPSHOT
pom
MicroProfile JWT Auth
https://github.com/eclipse/microprofile-jwt-auth
- 2.0.0
- 4.0.0
- 3.0
+ 3.1
0.9.3
1.1.0
2.6
@@ -125,20 +123,6 @@
-
- jakarta.authorization
- jakarta.authorization-api
- ${version.jakarta.authorization-api}
- provided
- true
-
-
- jakarta.ejb
- jakarta.ejb-api
- ${version.jakarta.ejb.api}
- provided
- true
-
org.osgi
org.osgi.annotation.versioning
diff --git a/spec/pom.xml b/spec/pom.xml
index 72a8e5b7..39365702 100644
--- a/spec/pom.xml
+++ b/spec/pom.xml
@@ -19,7 +19,7 @@
org.eclipse.microprofile.jwt
microprofile-jwt-auth-parent
- 2.2-SNAPSHOT
+ 3.0-SNAPSHOT
microprofile-jwt-auth-spec
diff --git a/spec/src/main/asciidoc/interoperability.asciidoc b/spec/src/main/asciidoc/interoperability.asciidoc
index e4803b07..7d59936f 100644
--- a/spec/src/main/asciidoc/interoperability.asciidoc
+++ b/spec/src/main/asciidoc/interoperability.asciidoc
@@ -673,43 +673,6 @@ The expectations for use of the various security annotations described in sectio
In terms of mapping between the MP-JWT claims and role names used in @RolesAllowed, the role names that have been mapped to group names in the MP-JWT "groups" claim, MUST result in an allowing authorization decision wherever the security constraint has been applied.
-### Recommendations for Optional Container Integration
-This section describes the expected behaviors for Jakarta EE container APIs other than JAX-RS.
-
-#### jakarta.security.enterprise.identitystore.IdentityStore.getCallerGroups(CredentialValidationResult)
-This method should return the set of names found in the "groups" claim in the JWT if it exists, an empty set otherwise.
-
-#### jakarta.ejb.SessionContext.getCallerPrincipal()
-The java.security.Principal returned from this method MUST be an instance of `org.eclipse.microprofile.jwt.JsonWebToken`.
-
-#### jakarta.ejb.SessionContext#isCallerInRole(String)
-This method MUST return true for any name that is included in the MP-JWT "groups" claim, as well as for any
-role name that has been mapped to a group name in the MP-JWT "groups" claim.
-
-#### Overriding @LoginConfig from web.xml login-config
-If a deployment with a web.xml descriptor contains a login-config element, an MP-JWT implementation should view the
-web.xml metadata as an override to the deployment annotation.
-
-#### jakarta.servlet.http.HttpServletRequest.getUserPrincipal()
-The java.security.Principal returned from this method MUST be an instance of org.eclipse.microprofile.jwt.JsonWebToken.
-
-#### jakarta.servlet.http.HttpServletRequest#isUserInRole(String)
-This method MUST return true for any name that is included in the MP-JWT "groups" claim, as well as for any
-role name that has been mapped to a group name in the MP-JWT "groups" claim.
-
-#### jakarta.security.jacc.PolicyContext.getContext("javax.security.auth.Subject.container")
-The javax.security.auth.Subject returned by the PolicyContext.getContext(String key) method with the standard
-"javax.security.auth.Subject.container" key, MUST return a Subject that has a `java.security.Principal` of type
-`org.eclipse.microprofile.jwt.JsonWebToken` amongst it's set of `Principal`s returned by `getPrincipals()``. Similarly,
-`Subject#getPrincipals(JsonWebToken.class)` must return a set with at least one value. This means that following code
-snipet must not throw an AssertionError:
-
-```java
- Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
- Set extends Principal> principalSet = subject.getPrincipals(JsonWebToken.class);
- assert principalSet.size() > 0;
-```
-
## Mapping MP-JWT Token to Other Container APIs
For non-Jakarta EE containers that provide access to some form of `java.security.Principal` representation of an authenticated
caller, the caller principal MUST be compatible with the `org.eclipse.microprofile.jwt.JsonWebToken` interface.
diff --git a/tck/pom.xml b/tck/pom.xml
index 1b659191..7edd7be9 100644
--- a/tck/pom.xml
+++ b/tck/pom.xml
@@ -19,7 +19,7 @@
org.eclipse.microprofile.jwt
microprofile-jwt-auth-parent
- 2.2-SNAPSHOT
+ 3.0-SNAPSHOT
microprofile-jwt-auth-tck
@@ -59,14 +59,6 @@
jakarta.ws.rs
jakarta.ws.rs-api
-
- jakarta.authorization
- jakarta.authorization-api
-
-
- jakarta.ejb
- jakarta.ejb-api
-
org.bitbucket.b_c
jose4j
diff --git a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/ejb/EjbEndpoint.java b/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/ejb/EjbEndpoint.java
deleted file mode 100644
index f6c338ab..00000000
--- a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/ejb/EjbEndpoint.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Copyright (c) 2016-2017 Contributors to the Eclipse Foundation
- *
- * See the NOTICE file(s) distributed with this work for additional
- * information regarding copyright ownership.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * You may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-package org.eclipse.microprofile.jwt.tck.container.ejb;
-
-import jakarta.annotation.security.DenyAll;
-import jakarta.annotation.security.RolesAllowed;
-import jakarta.ejb.EJB;
-import jakarta.enterprise.context.RequestScoped;
-import jakarta.ws.rs.GET;
-import jakarta.ws.rs.Path;
-import jakarta.ws.rs.QueryParam;
-import jakarta.ws.rs.core.Context;
-import jakarta.ws.rs.core.SecurityContext;
-
-@Path("/endp")
-@DenyAll
-@RequestScoped
-public class EjbEndpoint {
- @EJB
- private IService serviceEJB;
-
- @GET
- @Path("/getEJBEcho")
- @RolesAllowed("Echoer")
- public String getEJBEcho(@Context SecurityContext sec, @QueryParam("input") String input) {
- return serviceEJB.echo(input);
- }
-
- @GET
- @Path("/getEJBPrincipalClass")
- @RolesAllowed("Tester")
- public String getEJBPrincipalClass(@Context SecurityContext sec) {
- return serviceEJB.getPrincipalClass();
- }
-
- @GET
- @Path("/getEJBSubjectClass")
- @RolesAllowed("Tester")
- public String getEJBSubjectClass(@Context SecurityContext sec) throws Exception {
- return serviceEJB.getSubjectClass();
- }
-
-}
diff --git a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/ejb/EjbTest.java b/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/ejb/EjbTest.java
deleted file mode 100644
index 459ac75f..00000000
--- a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/ejb/EjbTest.java
+++ /dev/null
@@ -1,138 +0,0 @@
-/*
- * Copyright (c) 2016-2017 Contributors to the Eclipse Foundation
- *
- * See the NOTICE file(s) distributed with this work for additional
- * information regarding copyright ownership.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * You may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-package org.eclipse.microprofile.jwt.tck.container.ejb;
-
-import static jakarta.ws.rs.core.MediaType.TEXT_PLAIN;
-
-import java.io.IOException;
-import java.net.HttpURLConnection;
-import java.net.URL;
-
-import org.eclipse.microprofile.jwt.JsonWebToken;
-import org.eclipse.microprofile.jwt.tck.TCKConstants;
-import org.eclipse.microprofile.jwt.tck.container.jaxrs.TCKApplication;
-import org.eclipse.microprofile.jwt.tck.util.MpJwtTestVersion;
-import org.eclipse.microprofile.jwt.tck.util.TokenUtils;
-import org.jboss.arquillian.container.test.api.Deployment;
-import org.jboss.arquillian.container.test.api.RunAsClient;
-import org.jboss.arquillian.test.api.ArquillianResource;
-import org.jboss.arquillian.testng.Arquillian;
-import org.jboss.shrinkwrap.api.ShrinkWrap;
-import org.jboss.shrinkwrap.api.asset.EmptyAsset;
-import org.jboss.shrinkwrap.api.asset.StringAsset;
-import org.jboss.shrinkwrap.api.spec.WebArchive;
-import org.testng.Assert;
-import org.testng.annotations.BeforeClass;
-import org.testng.annotations.Test;
-
-import jakarta.ws.rs.client.ClientBuilder;
-import jakarta.ws.rs.client.WebTarget;
-import jakarta.ws.rs.core.HttpHeaders;
-import jakarta.ws.rs.core.Response;
-
-/**
- * Basic EJB container integration tests
- */
-public class EjbTest extends Arquillian {
-
- /**
- * The test generated JWT token string
- */
- private static String token;
- /**
- * The base URL for the container under test
- */
- @ArquillianResource
- private URL baseURL;
-
- /**
- * Create a CDI aware base web application archive
- *
- * @return the base base web application archive
- * @throws IOException
- * - on resource failure
- */
- @Deployment(testable = true)
- public static WebArchive createDeployment() throws IOException {
- URL publicKey = EjbTest.class.getResource("/publicKey.pem");
- WebArchive webArchive = ShrinkWrap
- .create(WebArchive.class, "EjbTest.war")
- .addAsManifestResource(new StringAsset(MpJwtTestVersion.MPJWT_V_1_0.name()),
- MpJwtTestVersion.MANIFEST_NAME)
- .addAsResource(publicKey, "/publicKey.pem")
- .addClass(EjbEndpoint.class)
- .addClass(IService.class)
- .addClass(ServiceEJB.class)
- .addClass(TCKApplication.class)
- .addAsWebInfResource(EmptyAsset.INSTANCE, "beans.xml");
- System.out.printf("WebArchive: %s\n", webArchive.toString(true));
- return webArchive;
- }
-
- @BeforeClass(alwaysRun = true)
- public static void generateToken() throws Exception {
- token = TokenUtils.generateTokenString("/Token1.json");
- }
-
- @RunAsClient
- @Test(groups = TCKConstants.TEST_GROUP_EJB, description = "Validate a request with MP-JWT to a secured method propagates to a secured ejb method")
- public void callEjbEcho() throws Exception {
- String uri = baseURL.toExternalForm() + "endp/getEJBEcho";
- WebTarget echoEndpointTarget = ClientBuilder.newClient()
- .target(uri);
- Response response =
- echoEndpointTarget.request(TEXT_PLAIN).header(HttpHeaders.AUTHORIZATION, "Bearer " + token).get();
- Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
- String reply = response.readEntity(String.class);
- System.out.println(reply);
- }
-
- @RunAsClient
- @Test(groups = TCKConstants.TEST_GROUP_EJB, description = "Validate a request with MP-JWT PolicyContext.getContext() Subject has a JsonWebToken")
- public void getSubjectClass() throws Exception {
- String uri = baseURL.toExternalForm() + "endp/getEJBSubjectClass";
- WebTarget echoEndpointTarget = ClientBuilder.newClient()
- .target(uri);
- Response response =
- echoEndpointTarget.request(TEXT_PLAIN).header(HttpHeaders.AUTHORIZATION, "Bearer " + token).get();
- Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
- String reply = response.readEntity(String.class);
- System.out.println(reply);
- }
-
- @RunAsClient
- @Test(groups = TCKConstants.TEST_GROUP_EJB, description = "Validate a request with MP-JWT SecurityContext.getUserPrincipal() is a JsonWebToken")
- public void testEJBPrincipalClass() throws Exception {
- String uri = baseURL.toExternalForm() + "endp/getEJBPrincipalClass";
- WebTarget echoEndpointTarget = ClientBuilder.newClient()
- .target(uri);
- Response response =
- echoEndpointTarget.request(TEXT_PLAIN).header(HttpHeaders.AUTHORIZATION, "Bearer " + token).get();
- Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
- String reply = response.readEntity(String.class);
- String[] ifaces = reply.split(",");
- boolean hasJsonWebToken = false;
- for (String iface : ifaces) {
- hasJsonWebToken |= iface.equals(JsonWebToken.class.getTypeName());
- }
- Assert.assertTrue(hasJsonWebToken, "EJB PrincipalClass has JsonWebToken interface");
- }
-
-}
diff --git a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/ejb/IService.java b/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/ejb/IService.java
deleted file mode 100644
index 9b6c1478..00000000
--- a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/ejb/IService.java
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * Copyright (c) 2016-2017 Contributors to the Eclipse Foundation
- *
- * See the NOTICE file(s) distributed with this work for additional
- * information regarding copyright ownership.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * You may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-package org.eclipse.microprofile.jwt.tck.container.ejb;
-
-import jakarta.ejb.Local;
-
-@Local
-public interface IService {
- public String echo(String input);
- public String getPrincipalClass();
- public String getSubjectClass() throws Exception;
-}
diff --git a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/ejb/ServiceEJB.java b/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/ejb/ServiceEJB.java
deleted file mode 100644
index af6feb90..00000000
--- a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/ejb/ServiceEJB.java
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Copyright (c) 2016-2017 Contributors to the Eclipse Foundation
- *
- * See the NOTICE file(s) distributed with this work for additional
- * information regarding copyright ownership.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * You may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-package org.eclipse.microprofile.jwt.tck.container.ejb;
-
-import java.security.Principal;
-import java.util.HashSet;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-
-import org.eclipse.microprofile.jwt.JsonWebToken;
-
-import jakarta.annotation.Resource;
-import jakarta.annotation.security.RolesAllowed;
-import jakarta.ejb.SessionContext;
-import jakarta.ejb.Stateless;
-import jakarta.security.jacc.PolicyContext;
-
-@Stateless
-public class ServiceEJB implements IService {
-
- @Resource
- private SessionContext ctx;
-
- @RolesAllowed("Echoer")
- public String echo(String input) {
- Principal user = ctx.getCallerPrincipal();
- return String.format("ServiceEJB, input=%s, user=%s", input, user.getName());
- }
-
- @RolesAllowed("Tester")
- public String getPrincipalClass() {
- Principal user = ctx.getCallerPrincipal();
- System.out.printf("ServiceEJB.getPrincipalClass, user=%s, class=%s\n", user.getName(), user.getClass());
- HashSet interfaces = new HashSet<>();
- Class current = user.getClass();
- while (current.equals(Object.class) == false) {
- Class[] tmp = current.getInterfaces();
- for (Class c : tmp) {
- interfaces.add(c);
- }
- current = current.getSuperclass();
- }
- StringBuilder tmp = new StringBuilder();
- for (Class iface : interfaces) {
- tmp.append(iface.getTypeName());
- tmp.append(',');
- }
- tmp.setLength(tmp.length() - 1);
- return tmp.toString();
- }
- @RolesAllowed("Tester")
- public String getSubjectClass() throws Exception {
- Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
- System.out.printf("ServiceEJB.getSubjectClass, subject=%s\n", subject);
- Set extends Principal> principalSet = subject.getPrincipals(JsonWebToken.class);
- if (principalSet.size() > 0) {
- return "subject.getPrincipals(JsonWebToken.class) ok";
- }
- throw new IllegalStateException("subject.getPrincipals(JsonWebToken.class) == 0");
- }
-}
diff --git a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/jacc/SubjectEndpoint.java b/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/jacc/SubjectEndpoint.java
deleted file mode 100644
index 8a03d1e2..00000000
--- a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/jacc/SubjectEndpoint.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright (c) 2016-2017 Contributors to the Eclipse Foundation
- *
- * See the NOTICE file(s) distributed with this work for additional
- * information regarding copyright ownership.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * You may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-package org.eclipse.microprofile.jwt.tck.container.jacc;
-
-import java.security.Principal;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-
-import org.eclipse.microprofile.jwt.JsonWebToken;
-
-import jakarta.annotation.security.DenyAll;
-import jakarta.annotation.security.RolesAllowed;
-import jakarta.enterprise.context.RequestScoped;
-import jakarta.security.jacc.PolicyContext;
-import jakarta.ws.rs.GET;
-import jakarta.ws.rs.Path;
-import jakarta.ws.rs.core.Context;
-import jakarta.ws.rs.core.SecurityContext;
-
-@Path("/endp")
-@DenyAll
-@RequestScoped
-public class SubjectEndpoint {
- @GET
- @Path("/getSubjectClass")
- @RolesAllowed("Tester")
- public String getSubjectClass(@Context SecurityContext sec) throws Exception {
- Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
- Set extends Principal> principalSet = subject.getPrincipals(JsonWebToken.class);
- if (principalSet.size() > 0) {
- return "subject.getPrincipals(JWTPrincipal.class) ok";
- }
- throw new IllegalStateException("subject.getPrincipals(JWTPrincipal.class) == 0");
- }
-}
diff --git a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/jacc/SubjectTest.java b/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/jacc/SubjectTest.java
deleted file mode 100644
index 4350594e..00000000
--- a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/jacc/SubjectTest.java
+++ /dev/null
@@ -1,103 +0,0 @@
-/*
- * Copyright (c) 2016-2017 Contributors to the Eclipse Foundation
- *
- * See the NOTICE file(s) distributed with this work for additional
- * information regarding copyright ownership.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * You may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-package org.eclipse.microprofile.jwt.tck.container.jacc;
-
-import static jakarta.ws.rs.core.MediaType.TEXT_PLAIN;
-
-import java.io.IOException;
-import java.net.HttpURLConnection;
-import java.net.URL;
-
-import org.eclipse.microprofile.jwt.tck.TCKConstants;
-import org.eclipse.microprofile.jwt.tck.container.jaxrs.TCKApplication;
-import org.eclipse.microprofile.jwt.tck.util.MpJwtTestVersion;
-import org.eclipse.microprofile.jwt.tck.util.TokenUtils;
-import org.jboss.arquillian.container.test.api.Deployment;
-import org.jboss.arquillian.container.test.api.RunAsClient;
-import org.jboss.arquillian.test.api.ArquillianResource;
-import org.jboss.arquillian.testng.Arquillian;
-import org.jboss.shrinkwrap.api.ShrinkWrap;
-import org.jboss.shrinkwrap.api.asset.EmptyAsset;
-import org.jboss.shrinkwrap.api.asset.StringAsset;
-import org.jboss.shrinkwrap.api.spec.WebArchive;
-import org.testng.Assert;
-import org.testng.annotations.BeforeClass;
-import org.testng.annotations.Test;
-
-import jakarta.ws.rs.client.ClientBuilder;
-import jakarta.ws.rs.client.WebTarget;
-import jakarta.ws.rs.core.HttpHeaders;
-import jakarta.ws.rs.core.Response;
-
-/**
- * Tests of accessing the JACC Subject to validate it contains a JsonWebToken principal
- */
-public class SubjectTest extends Arquillian {
-
- /**
- * The test generated JWT token string
- */
- private static String token;
- /**
- * The base URL for the container under test
- */
- @ArquillianResource
- private URL baseURL;
-
- /**
- * Create a CDI aware base web application archive
- *
- * @return the base base web application archive
- * @throws IOException
- * - on resource failure
- */
- @Deployment(testable = true)
- public static WebArchive createDeployment() throws IOException {
- URL publicKey = SubjectTest.class.getResource("/publicKey.pem");
- WebArchive webArchive = ShrinkWrap
- .create(WebArchive.class, "SubjectTest.war")
- .addAsManifestResource(new StringAsset(MpJwtTestVersion.MPJWT_V_1_0.name()),
- MpJwtTestVersion.MANIFEST_NAME)
- .addAsResource(publicKey, "/publicKey.pem")
- .addClass(SubjectEndpoint.class)
- .addClass(TCKApplication.class)
- .addAsWebInfResource(EmptyAsset.INSTANCE, "beans.xml");
- System.out.printf("WebArchive: %s\n", webArchive.toString(true));
- return webArchive;
- }
-
- @BeforeClass(alwaysRun = true)
- public static void generateToken() throws Exception {
- token = TokenUtils.generateTokenString("/Token1.json");
- }
-
- @RunAsClient
- @Test(groups = TCKConstants.TEST_GROUP_JACC, description = "Validate a request with MP-JWT PolicyContext.getContext(jakarta.security.auth.Subject.containe) has a JsonWebToken")
- public void getSubjectClass() throws Exception {
- String uri = baseURL.toExternalForm() + "endp/getSubjectClass";
- WebTarget echoEndpointTarget = ClientBuilder.newClient()
- .target(uri);
- Response response =
- echoEndpointTarget.request(TEXT_PLAIN).header(HttpHeaders.AUTHORIZATION, "Bearer " + token).get();
- Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
- String reply = response.readEntity(String.class);
- System.out.println(reply);
- }
-}
diff --git a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/jaxrs/jwe/DecryptKeyAlgorithmDefaultTest.java b/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/jaxrs/jwe/DecryptKeyAlgorithmDefaultTest.java
index 8dc65be8..4cc77228 100644
--- a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/jaxrs/jwe/DecryptKeyAlgorithmDefaultTest.java
+++ b/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/jaxrs/jwe/DecryptKeyAlgorithmDefaultTest.java
@@ -19,10 +19,15 @@
*/
package org.eclipse.microprofile.jwt.tck.container.jaxrs.jwe;
-import jakarta.ws.rs.client.ClientBuilder;
-import jakarta.ws.rs.client.WebTarget;
-import jakarta.ws.rs.core.HttpHeaders;
-import jakarta.ws.rs.core.Response;
+import static jakarta.ws.rs.core.MediaType.TEXT_PLAIN;
+import static org.eclipse.microprofile.jwt.tck.TCKConstants.TEST_GROUP_JAXRS;
+
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.URL;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+
import org.eclipse.microprofile.jwt.tck.container.jaxrs.RolesEndpoint;
import org.eclipse.microprofile.jwt.tck.container.jaxrs.TCKApplication;
import org.eclipse.microprofile.jwt.tck.util.KeyManagementAlgorithm;
@@ -39,14 +44,10 @@
import org.testng.Reporter;
import org.testng.annotations.Test;
-import java.io.IOException;
-import java.net.HttpURLConnection;
-import java.net.URL;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-
-import static jakarta.ws.rs.core.MediaType.TEXT_PLAIN;
-import static org.eclipse.microprofile.jwt.tck.TCKConstants.TEST_GROUP_JAXRS;
+import jakarta.ws.rs.client.ClientBuilder;
+import jakarta.ws.rs.client.WebTarget;
+import jakarta.ws.rs.core.HttpHeaders;
+import jakarta.ws.rs.core.Response;
/**
* If "mp.jwt.decryption.algorithm" is not set then both RSA-OAEP and RSA-OAEP-256 must be accepted.
diff --git a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/servlet/ServiceServlet.java b/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/servlet/ServiceServlet.java
deleted file mode 100644
index 6bc48041..00000000
--- a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/servlet/ServiceServlet.java
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Copyright (c) 2016-2017 Contributors to the Eclipse Foundation
- *
- * See the NOTICE file(s) distributed with this work for additional
- * information regarding copyright ownership.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * You may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-package org.eclipse.microprofile.jwt.tck.container.servlet;
-
-import java.io.IOException;
-import java.security.Principal;
-import java.util.HashSet;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-
-import org.eclipse.microprofile.jwt.JsonWebToken;
-import org.eclipse.microprofile.jwt.tck.container.ejb.IService;
-
-import jakarta.ejb.EJB;
-import jakarta.security.jacc.PolicyContext;
-import jakarta.security.jacc.PolicyContextException;
-import jakarta.servlet.ServletException;
-import jakarta.servlet.annotation.HttpConstraint;
-import jakarta.servlet.annotation.ServletSecurity;
-import jakarta.servlet.annotation.WebServlet;
-import jakarta.servlet.http.HttpServlet;
-import jakarta.servlet.http.HttpServletRequest;
-import jakarta.servlet.http.HttpServletResponse;
-
-@ServletSecurity(@HttpConstraint(rolesAllowed = {"Tester"}))
-@WebServlet("/ServiceServlet/*")
-public class ServiceServlet extends HttpServlet {
- @EJB
- private IService serviceEJB;
-
- @Override
- protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
- Principal user = req.getUserPrincipal();
- String pathInfo = req.getPathInfo();
- System.out.printf("pathInfo=%s\n", pathInfo);
-
- String result = "";
- if (pathInfo.endsWith("/getSubject")) {
- System.out.printf("Calling getSubject\n");
- result = getSubject(resp);
- } else {
- System.out.printf("Calling getPrincipalClass\n");
- result = getPrincipalClass(user);
- }
- resp.getWriter().write(result);
- }
- private String getPrincipalClass(Principal user) {
- HashSet interfaces = new HashSet<>();
- Class current = user.getClass();
- while (current.equals(Object.class) == false) {
- Class[] tmp = current.getInterfaces();
- for (Class c : tmp) {
- interfaces.add(c);
- }
- current = current.getSuperclass();
- }
- StringBuilder tmp = new StringBuilder();
- for (Class iface : interfaces) {
- tmp.append(iface.getTypeName());
- tmp.append(',');
- }
- tmp.setLength(tmp.length() - 1);
- return tmp.toString();
- }
- private String getSubject(HttpServletResponse response) throws IOException {
- try {
- Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
- Set extends Principal> principalSet = subject.getPrincipals(JsonWebToken.class);
- if (principalSet.size() > 0) {
- return "subject.getPrincipals(JsonWebToken.class) ok";
- }
- response.sendError(500, "subject.getPrincipals(JsonWebToken.class) == 0");
- } catch (PolicyContextException e) {
- e.printStackTrace();
- response.sendError(500, e.getMessage());
- }
- throw new IllegalStateException("subject.getPrincipals(JsonWebToken.class) == 0");
- }
- private String callEJB(HttpServletResponse response) throws IOException {
- return "";
- }
-}
diff --git a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/servlet/ServletTest.java b/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/servlet/ServletTest.java
deleted file mode 100644
index d32b5dcf..00000000
--- a/tck/src/test/java/org/eclipse/microprofile/jwt/tck/container/servlet/ServletTest.java
+++ /dev/null
@@ -1,127 +0,0 @@
-/*
- * Copyright (c) 2016-2017 Contributors to the Eclipse Foundation
- *
- * See the NOTICE file(s) distributed with this work for additional
- * information regarding copyright ownership.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * You may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-package org.eclipse.microprofile.jwt.tck.container.servlet;
-
-import static jakarta.ws.rs.core.MediaType.TEXT_PLAIN;
-
-import java.io.IOException;
-import java.net.HttpURLConnection;
-import java.net.URL;
-
-import org.eclipse.microprofile.jwt.JsonWebToken;
-import org.eclipse.microprofile.jwt.tck.TCKConstants;
-import org.eclipse.microprofile.jwt.tck.container.ejb.EjbEndpoint;
-import org.eclipse.microprofile.jwt.tck.container.ejb.IService;
-import org.eclipse.microprofile.jwt.tck.container.ejb.ServiceEJB;
-import org.eclipse.microprofile.jwt.tck.container.jaxrs.TCKApplication;
-import org.eclipse.microprofile.jwt.tck.util.MpJwtTestVersion;
-import org.eclipse.microprofile.jwt.tck.util.TokenUtils;
-import org.jboss.arquillian.container.test.api.Deployment;
-import org.jboss.arquillian.container.test.api.RunAsClient;
-import org.jboss.arquillian.test.api.ArquillianResource;
-import org.jboss.arquillian.testng.Arquillian;
-import org.jboss.shrinkwrap.api.ShrinkWrap;
-import org.jboss.shrinkwrap.api.asset.EmptyAsset;
-import org.jboss.shrinkwrap.api.asset.StringAsset;
-import org.jboss.shrinkwrap.api.spec.WebArchive;
-import org.testng.Assert;
-import org.testng.annotations.BeforeClass;
-import org.testng.annotations.Test;
-
-import jakarta.ws.rs.client.ClientBuilder;
-import jakarta.ws.rs.client.WebTarget;
-import jakarta.ws.rs.core.HttpHeaders;
-import jakarta.ws.rs.core.Response;
-
-/**
- * Basic servlet container integration tests
- */
-public class ServletTest extends Arquillian {
-
- /**
- * The test generated JWT token string
- */
- private static String token;
- /**
- * The base URL for the container under test
- */
- @ArquillianResource
- private URL baseURL;
-
- /**
- * Create a CDI aware base web application archive
- *
- * @return the base base web application archive
- * @throws IOException
- * - on resource failure
- */
- @Deployment(testable = true)
- public static WebArchive createDeployment() throws IOException {
- URL publicKey = ServletTest.class.getResource("/publicKey.pem");
- WebArchive webArchive = ShrinkWrap
- .create(WebArchive.class, "ServletTest.war")
- .addAsManifestResource(new StringAsset(MpJwtTestVersion.MPJWT_V_1_0.name()),
- MpJwtTestVersion.MANIFEST_NAME)
- .addAsResource(publicKey, "/publicKey.pem")
- .addClass(EjbEndpoint.class)
- .addClass(ServiceServlet.class)
- .addClass(IService.class)
- .addClass(ServiceEJB.class)
- .addClass(TCKApplication.class)
- .addAsWebInfResource(EmptyAsset.INSTANCE, "beans.xml");
- System.out.printf("WebArchive: %s\n", webArchive.toString(true));
- return webArchive;
- }
-
- @BeforeClass(alwaysRun = true)
- public static void generateToken() throws Exception {
- token = TokenUtils.generateTokenString("/Token1.json");
- }
-
- @RunAsClient
- @Test(groups = TCKConstants.TEST_GROUP_SERVLET, description = "Validate a request with MP-JWT SecurityContext.getUserPrincipal() is a JsonWebToken")
- public void getServletPrincipalClass() throws Exception {
- String uri = baseURL.toExternalForm() + "ServiceServlet/getPrincipalClass";
- WebTarget echoEndpointTarget = ClientBuilder.newClient()
- .target(uri);
- Response response =
- echoEndpointTarget.request(TEXT_PLAIN).header(HttpHeaders.AUTHORIZATION, "Bearer " + token).get();
- Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
- String reply = response.readEntity(String.class);
- String[] ifaces = reply.split(",");
- boolean hasJsonWebToken = false;
- for (String iface : ifaces) {
- hasJsonWebToken |= iface.equals(JsonWebToken.class.getTypeName());
- }
- Assert.assertTrue(hasJsonWebToken, "PrincipalClass has JsonWebToken interface");
- }
- @RunAsClient
- @Test(groups = TCKConstants.TEST_GROUP_SERVLET, description = "Validate a request with MP-JWT PolicyContext.getContext() Subject has a JsonWebToken")
- public void getServletSubjectClass() throws Exception {
- String uri = baseURL.toExternalForm() + "ServiceServlet/getSubject";
- WebTarget echoEndpointTarget = ClientBuilder.newClient()
- .target(uri);
- Response response =
- echoEndpointTarget.request(TEXT_PLAIN).header(HttpHeaders.AUTHORIZATION, "Bearer " + token).get();
- Assert.assertEquals(response.getStatus(), HttpURLConnection.HTTP_OK);
- String reply = response.readEntity(String.class);
- System.out.println(reply);
- }
-}
diff --git a/tck/src/test/resources/suites/tck-full-suite.xml b/tck/src/test/resources/suites/tck-full-suite.xml
index 8f0f52d0..75e87bb4 100644
--- a/tck/src/test/resources/suites/tck-full-suite.xml
+++ b/tck/src/test/resources/suites/tck-full-suite.xml
@@ -87,27 +87,4 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-