/**
* All methods should have a
*
* @param descriptor the Enterprise Java Bean deployment descriptor
* @return <code>Result</code> the results for this assertion
*/
public Result check(EjbDescriptor descriptor) {
result = getInitializedResult();
// boolean oneFailed = false;
try {
if (descriptor instanceof EjbSessionDescriptor || descriptor instanceof EjbEntityDescriptor) {
Set methods = descriptor.getMethodDescriptors();
// Set methodPermissions = new HashSet();
boolean noPermissions = false;
for (Iterator i = methods.iterator(); i.hasNext(); ) {
MethodDescriptor md = (MethodDescriptor) i.next();
Set permissions = descriptor.getMethodPermissionsFor(md);
if (permissions.isEmpty() || (permissions == null)) {
result.addWarningDetails(
smh.getLocalString(
getClass().getName() + ".failed",
"Warning: Method [ {0} ] of EJB [ {1} ] does not have assigned security-permissions",
new Object[] {md.getName(), descriptor.getName()}));
result.setStatus(result.WARNING);
noPermissions = true;
}
}
if (!noPermissions) {
result.passed(
smh.getLocalString(
getClass().getName() + ".passed",
"Valid: All [ {0} ]EJB interfaces methods have security-permissions assigned.",
new Object[] {descriptor.getName()}));
}
} else {
result.notApplicable(
smh.getLocalString(
getClass().getName() + ".notApplicable",
"The bean [ {0} ] is neither a Session nor Entity Bean",
new Object[] {descriptor.getName()}));
return result;
}
} catch (Exception e) {
result.failed(
smh.getLocalString(
getClass().getName() + ".exception",
"The test generated the following exception [ {0} ]",
new Object[] {e.getLocalizedMessage()}));
}
return result;
}
/**
* The ejb element specifies the URI of a ejb-jar, relative to the top level of the application
* package.
*
* @param descriptor the Application deployment descriptor
* @return <code>Result</code> the results for this assertion
*/
public Result check(Application descriptor) {
Result result = getInitializedResult();
if (descriptor.getBundleDescriptors(EjbBundleDescriptor.class).size() > 0) {
boolean oneFailed = false;
for (Iterator itr = descriptor.getBundleDescriptors(EjbBundleDescriptor.class).iterator();
itr.hasNext(); ) {
EjbBundleDescriptor ejbd = (EjbBundleDescriptor) itr.next();
// not sure what we can do to test this string?
if (ejbd.getModuleDescriptor().getArchiveUri().endsWith(".jar")) {
result.passed(
smh.getLocalString(
getClass().getName() + ".passed",
"[ {0} ] specifies the URI [ {1} ] of an ejb-jar, relative to the top level of the application package [ {2} ].",
new Object[] {
ejbd.getName(), ejbd.getModuleDescriptor().getArchiveUri(), descriptor.getName()
}));
} else {
if (!oneFailed) {
oneFailed = true;
}
result.addErrorDetails(
smh.getLocalString(
getClass().getName() + ".failed",
"Error: [ {0} ] does not specify the URI [ {1} ] of an ejb-jar, relative to the top level of the application package [ {2} ], or does not end with \".jar\"",
new Object[] {
ejbd.getName(), ejbd.getModuleDescriptor().getArchiveUri(), descriptor.getName()
}));
}
}
if (oneFailed) {
result.setStatus(Result.FAILED);
} else {
result.setStatus(Result.PASSED);
}
} else {
result.notApplicable(
smh.getLocalString(
getClass().getName() + ".notApplicable",
"There are no ejb components in application [ {0} ]",
new Object[] {descriptor.getName()}));
}
return result;
}
/**
* Enterprise Bean's business(...) methods argument RMI IIOP test. Each enterprise Bean class must
* define zero or more business(...) methods. The method signatures must follow these rules:
*
* <p>The methods return value must be legal types for RMI-IIOP.
*
* @param descriptor the Enterprise Java Bean deployment descriptor
* @return <code>Result</code> the results for this assertion
*/
public Result check(EjbDescriptor descriptor) {
result = getInitializedResult();
compName = getVerifierContext().getComponentNameConstructor();
if ((descriptor instanceof EjbSessionDescriptor)
|| (descriptor instanceof EjbEntityDescriptor)) {
if (descriptor.getRemoteClassName() != null && !"".equals(descriptor.getRemoteClassName()))
commonToBothInterfaces(descriptor.getRemoteClassName(), descriptor);
Set<String> remoteInterfaces = descriptor.getRemoteBusinessClassNames();
for (String remoteIntf : remoteInterfaces) commonToBothInterfaces(remoteIntf, descriptor);
}
if (result.getStatus() != Result.FAILED) {
addGoodDetails(result, compName);
result.passed(
smh.getLocalString(
getClass().getName() + ".passed", "Proper declaration of business method(s) found."));
}
return result;
}
/**
* The Web form-error-page value defines the location in the web application where the page can be
* used for error page can be found within web application test
*
* @param descriptor the Web deployment descriptor
* @return <code>Result</code> the results for this assertion
*/
public Result check(WebBundleDescriptor descriptor) {
Result result = getInitializedResult();
ComponentNameConstructor compName = getVerifierContext().getComponentNameConstructor();
if (descriptor.getLoginConfiguration() != null) {
boolean foundIt = false;
// ZipEntry ze=null;
// JarFile jar=null;
FileArchive arch = null;
String formErrorPage = descriptor.getLoginConfiguration().getFormErrorPage();
if (formErrorPage.length() > 0) {
try {
// File f =
// Verifier.getArchiveFile(descriptor.getModuleDescriptor().getArchiveUri());
// if(f==null){
String uri = getAbstractArchiveUri(descriptor);
try {
arch = new FileArchive();
arch.open(uri);
} catch (IOException e) {
throw e;
}
// }else{
// jar = new JarFile(f);
// }
if (formErrorPage.startsWith("/")) formErrorPage = formErrorPage.substring(1);
// if (f!=null){
// ze = jar.getEntry(formErrorPage);
// foundIt = (ze != null);
// }
// else{
File fep = new File(new File(arch.getURI()), formErrorPage);
if (fep.exists()) foundIt = true;
fep = null;
// }
// if (jar!=null)
// jar.close();
} catch (Exception ex) {
// should be aldready set?
foundIt = false;
}
if (foundIt) {
result.addGoodDetails(
smh.getLocalString(
"tests.componentNameConstructor",
"For [ {0} ]",
new Object[] {compName.toString()}));
result.passed(
smh.getLocalString(
getClass().getName() + ".passed",
"The form-error-page [ {0} ] value defines the location in the web application where the error page that is displayed when login is not successful can be found within web application [ {1} ]",
new Object[] {formErrorPage, descriptor.getName()}));
} else {
result.addErrorDetails(
smh.getLocalString(
"tests.componentNameConstructor",
"For [ {0} ]",
new Object[] {compName.toString()}));
result.failed(
smh.getLocalString(
getClass().getName() + ".failed",
"Error: The form-error-page [ {0} ] value does not define the location in the web application where the error page that is displayed when login is not successful can be found within web application [ {1} ]",
new Object[] {formErrorPage, descriptor.getName()}));
}
} else {
result.addNaDetails(
smh.getLocalString(
"tests.componentNameConstructor",
"For [ {0} ]",
new Object[] {compName.toString()}));
result.notApplicable(
smh.getLocalString(
getClass().getName() + ".notApplicable",
"There are no form-error-page elements within this web archive [ {0} ]",
new Object[] {descriptor.getName()}));
}
} else {
result.addNaDetails(
smh.getLocalString(
"tests.componentNameConstructor", "For [ {0} ]", new Object[] {compName.toString()}));
result.notApplicable(
smh.getLocalString(
getClass().getName() + ".notApplicable",
"There are no form-error-page elements within this web archive [ {0} ]",
new Object[] {descriptor.getName()}));
}
return result;
}