/**
   * All methods should have a
   *
   * @param descriptor the Enterprise Java Bean deployment descriptor
   * @return <code>Result</code> the results for this assertion
   */
  public Result check(EjbDescriptor descriptor) {

    result = getInitializedResult();
    //        boolean oneFailed = false;

    try {
      if (descriptor instanceof EjbSessionDescriptor || descriptor instanceof EjbEntityDescriptor) {

        Set methods = descriptor.getMethodDescriptors();
        //		 Set methodPermissions = new HashSet();
        boolean noPermissions = false;

        for (Iterator i = methods.iterator(); i.hasNext(); ) {
          MethodDescriptor md = (MethodDescriptor) i.next();
          Set permissions = descriptor.getMethodPermissionsFor(md);
          if (permissions.isEmpty() || (permissions == null)) {
            result.addWarningDetails(
                smh.getLocalString(
                    getClass().getName() + ".failed",
                    "Warning: Method [ {0} ] of EJB [ {1} ] does not have assigned security-permissions",
                    new Object[] {md.getName(), descriptor.getName()}));
            result.setStatus(result.WARNING);
            noPermissions = true;
          }
        }

        if (!noPermissions) {
          result.passed(
              smh.getLocalString(
                  getClass().getName() + ".passed",
                  "Valid: All [ {0} ]EJB  interfaces methods have security-permissions assigned.",
                  new Object[] {descriptor.getName()}));
        }

      } else {
        result.notApplicable(
            smh.getLocalString(
                getClass().getName() + ".notApplicable",
                "The bean [ {0} ] is neither a Session nor Entity Bean",
                new Object[] {descriptor.getName()}));
        return result;
      }
    } catch (Exception e) {
      result.failed(
          smh.getLocalString(
              getClass().getName() + ".exception",
              "The test generated the following exception [ {0} ]",
              new Object[] {e.getLocalizedMessage()}));
    }
    return result;
  }
Exemple #2
0
  /**
   * The ejb element specifies the URI of a ejb-jar, relative to the top level of the application
   * package.
   *
   * @param descriptor the Application deployment descriptor
   * @return <code>Result</code> the results for this assertion
   */
  public Result check(Application descriptor) {

    Result result = getInitializedResult();

    if (descriptor.getBundleDescriptors(EjbBundleDescriptor.class).size() > 0) {
      boolean oneFailed = false;
      for (Iterator itr = descriptor.getBundleDescriptors(EjbBundleDescriptor.class).iterator();
          itr.hasNext(); ) {
        EjbBundleDescriptor ejbd = (EjbBundleDescriptor) itr.next();

        // not sure what we can do to test this string?
        if (ejbd.getModuleDescriptor().getArchiveUri().endsWith(".jar")) {
          result.passed(
              smh.getLocalString(
                  getClass().getName() + ".passed",
                  "[ {0} ] specifies the URI [ {1} ] of an ejb-jar, relative to the top level of the application package [ {2} ].",
                  new Object[] {
                    ejbd.getName(), ejbd.getModuleDescriptor().getArchiveUri(), descriptor.getName()
                  }));
        } else {
          if (!oneFailed) {
            oneFailed = true;
          }
          result.addErrorDetails(
              smh.getLocalString(
                  getClass().getName() + ".failed",
                  "Error: [ {0} ] does not specify the URI [ {1} ] of an ejb-jar, relative to the top level of the application package [ {2} ], or does not end with \".jar\"",
                  new Object[] {
                    ejbd.getName(), ejbd.getModuleDescriptor().getArchiveUri(), descriptor.getName()
                  }));
        }
      }
      if (oneFailed) {
        result.setStatus(Result.FAILED);
      } else {
        result.setStatus(Result.PASSED);
      }
    } else {
      result.notApplicable(
          smh.getLocalString(
              getClass().getName() + ".notApplicable",
              "There are no ejb components in application [ {0} ]",
              new Object[] {descriptor.getName()}));
    }

    return result;
  }
  /**
   * Enterprise Bean's business(...) methods argument RMI IIOP test. Each enterprise Bean class must
   * define zero or more business(...) methods. The method signatures must follow these rules:
   *
   * <p>The methods return value must be legal types for RMI-IIOP.
   *
   * @param descriptor the Enterprise Java Bean deployment descriptor
   * @return <code>Result</code> the results for this assertion
   */
  public Result check(EjbDescriptor descriptor) {

    result = getInitializedResult();
    compName = getVerifierContext().getComponentNameConstructor();

    if ((descriptor instanceof EjbSessionDescriptor)
        || (descriptor instanceof EjbEntityDescriptor)) {
      if (descriptor.getRemoteClassName() != null && !"".equals(descriptor.getRemoteClassName()))
        commonToBothInterfaces(descriptor.getRemoteClassName(), descriptor);

      Set<String> remoteInterfaces = descriptor.getRemoteBusinessClassNames();
      for (String remoteIntf : remoteInterfaces) commonToBothInterfaces(remoteIntf, descriptor);
    }
    if (result.getStatus() != Result.FAILED) {
      addGoodDetails(result, compName);
      result.passed(
          smh.getLocalString(
              getClass().getName() + ".passed", "Proper declaration of business method(s) found."));
    }
    return result;
  }
Exemple #4
0
  /**
   * The Web form-error-page value defines the location in the web application where the page can be
   * used for error page can be found within web application test
   *
   * @param descriptor the Web deployment descriptor
   * @return <code>Result</code> the results for this assertion
   */
  public Result check(WebBundleDescriptor descriptor) {

    Result result = getInitializedResult();
    ComponentNameConstructor compName = getVerifierContext().getComponentNameConstructor();

    if (descriptor.getLoginConfiguration() != null) {
      boolean foundIt = false;
      //            ZipEntry ze=null;
      //            JarFile jar=null;
      FileArchive arch = null;

      String formErrorPage = descriptor.getLoginConfiguration().getFormErrorPage();
      if (formErrorPage.length() > 0) {

        try {

          //                    File f =
          // Verifier.getArchiveFile(descriptor.getModuleDescriptor().getArchiveUri());
          //                    if(f==null){

          String uri = getAbstractArchiveUri(descriptor);

          try {
            arch = new FileArchive();
            arch.open(uri);
          } catch (IOException e) {
            throw e;
          }
          //                    }else{
          //                        jar = new JarFile(f);
          //                    }
          if (formErrorPage.startsWith("/")) formErrorPage = formErrorPage.substring(1);
          //                    if (f!=null){
          //                        ze = jar.getEntry(formErrorPage);
          //                        foundIt = (ze != null);
          //                    }
          //                    else{
          File fep = new File(new File(arch.getURI()), formErrorPage);
          if (fep.exists()) foundIt = true;
          fep = null;
          //                    }
          //                    if (jar!=null)
          //                        jar.close();
        } catch (Exception ex) {
          // should be aldready set?
          foundIt = false;
        }
        if (foundIt) {
          result.addGoodDetails(
              smh.getLocalString(
                  "tests.componentNameConstructor",
                  "For [ {0} ]",
                  new Object[] {compName.toString()}));
          result.passed(
              smh.getLocalString(
                  getClass().getName() + ".passed",
                  "The form-error-page [ {0} ] value defines the location in the web application where the error page that is displayed when login is not successful can be found within web application [ {1} ]",
                  new Object[] {formErrorPage, descriptor.getName()}));
        } else {
          result.addErrorDetails(
              smh.getLocalString(
                  "tests.componentNameConstructor",
                  "For [ {0} ]",
                  new Object[] {compName.toString()}));
          result.failed(
              smh.getLocalString(
                  getClass().getName() + ".failed",
                  "Error: The form-error-page [ {0} ] value does not define the location in the web application where the error page that is displayed when login is not successful can be found within web application [ {1} ]",
                  new Object[] {formErrorPage, descriptor.getName()}));
        }
      } else {
        result.addNaDetails(
            smh.getLocalString(
                "tests.componentNameConstructor",
                "For [ {0} ]",
                new Object[] {compName.toString()}));
        result.notApplicable(
            smh.getLocalString(
                getClass().getName() + ".notApplicable",
                "There are no form-error-page elements within this web archive [ {0} ]",
                new Object[] {descriptor.getName()}));
      }
    } else {
      result.addNaDetails(
          smh.getLocalString(
              "tests.componentNameConstructor", "For [ {0} ]", new Object[] {compName.toString()}));
      result.notApplicable(
          smh.getLocalString(
              getClass().getName() + ".notApplicable",
              "There are no form-error-page elements within this web archive [ {0} ]",
              new Object[] {descriptor.getName()}));
    }

    return result;
  }