Details
-
Bug
-
Resolution: Done
-
Major
-
7.0.0.DR12
-
None
Description
Test coverage for @RunAs annotated servlets testing is not sufficient in the server.
The WebSecurityRunAsTestCase in testsuite/integration/basic doesn't test the behavior correctly as mentioned in this comment of WFLY-5015.
I suggest to move the coverage to manualmode to be able to test also the behavior of @RunAs annotated HttpServlet.destroy() method during AS server shutdown.
Possible "sun-shine" test scenario:
- prepare deployment
- use init parameter to configure path to a file which will serve as exceptions-counter for the application
- add EJB annotated with @RolesAllowed("Admin")
- add @RunAs("Admin") annotated servlet which calls the EJB in init(), doGet() and destroy() methods - if exception is thrown it increases the counter in the file (init param)
- start server
- deploy the test deployment
- make call to the servlet
- stop the server
- start the server again
- make call to the servlet
- undeploy test deployment
- check the counter (in file) if the exceptions count is 0
Create "cloudy" scenarios based on modifications of the "sun-shine" one. (E.g. alter the run-as role name used in servlet and check the EJB call falls in all cases)
