diff --git a/tck/README.md b/tck/README.md index fc85f927..1f82ab9c 100644 --- a/tck/README.md +++ b/tck/README.md @@ -58,6 +58,76 @@ This sub-repo contains working applications that demonstrate and test various as * Test URL: http://localhost:8080/app-securitycontext-auth/servlet?name=rezax (fails authentication via exception) * Test URL: http://localhost:8080/app-securitycontext-auth/servlet?name=rezax (fails authentication via status return code) +## Running tests in parallel (`mvn -T`) + +The default `mvn verify` already uses the GlassFish pool (provisioned by +`glassfish-pool-maven-plugin`, started/cloned per slot, leased by each test +JVM). Adding `-T` runs reactor modules in parallel and is a large +wall-clock win, 10x faster on average. + +The pool itself is parallel-safe (`PoolBootstrap.up` is JVM-wide synchronized ++ idempotent, slot leasing uses `FileChannel.tryLock`), but test modules +have to follow a few rules to be `-T`-safe. Existing modules already comply; +when adding a new one, check the points below. + +### 1. No host-port collisions across modules + +Modules that start an embedded server bound to `localhost:` (UnboundID +LDAP, Tomcat for the Mitre OP, …) must each pick a distinct port. Under `-T` +two modules on the same port fight: only one binds, the other silently +fails, and tests get cryptic 500s or HTTP timeouts. + +Conventions in use: + +- LDAP modules: 33389 (`app-ldap`), 33390 (`app-ldap2`), 33391 (`app-ldap3`), + 12389-12413 for `app-ldap-*`. Pick the next free integer when adding one. +- Tomcat (Mitre OP) modules: 8443 + 8005 (`app-openid2`), 8444 + 8006 + (`app-openid3`). Pick another (8445/8007, …) for any new openid-with-Mitre + module, and keep `server.xml` + the `ProtectedServlet` `providerURI` + annotation + the antrun `` + in sync. + +### 2. No assumption that GF runs on a known port + +Pool slots get ports from `adminBase + (slot-1) * portStride` (default +14848 + N*100), and a test JVM may lease any slot. Do NOT hardcode a slot's +HTTP/HTTPS port in app code. Use `@ArquillianResource URL base` for the +deployed-app URL; for outbound URLs that have to be configured at deployment +time (e.g. Soteria's `OpenIdAuthenticationMechanismDefinition.providerURI`), +use an EL expression backed by a `@RequestScoped`/`@Dependent` CDI bean that +reads `request.getServerName()/getServerPort()` at request time — +`app-openid`'s `OpenIdConfig.getProviderURI()` is the reference. + +### 3. Pre-register every slot when an external service validates redirect URIs + +When a third-party server (e.g. Mitre OP) validates redirect URIs against a +fixed allowlist, register one entry per *possible* slot. The openid-client +deployment may end up on slot 1, 2, … N, and Mitre rejects any redirect URI +not pre-registered. `app-openid2`/`app-openid3`'s antrun loops slot +1..`${session.request.degreeOfConcurrency}` into `clients.sql` using the +pool's `adminBase` + `portStride` — that property is Maven's `-TN` value +(defaults to 1) and is also the upper bound on how far the pool can grow, +since each Maven thread leases at most one slot at a time. + +### 4. Wipe Tomcat `work/` before startup + +If a module starts its own Tomcat in pre-integration-test, add +`` to the antrun *before* +`startup.sh`. Tomcat's `StandardManager` persists HTTP sessions to +`work/Catalina/localhost//SESSIONS.ser` on shutdown and rehydrates +them at startup; without the wipe, a re-run without `mvn clean` resurrects +the previous run's sessions and can skip flows the test depends on (e.g. +the OpenID consent page). + +### 5. Don't race on shared paths in a `` execution + +Anything inheritable that writes to `${maven.multiModuleProjectDirectory}/…` +runs once per module under `-T` and races. The parent's source-staging step +uses a `mkdir`-based lock + marker file inside an `antrun` so first-acquirer +does the work and others fast-exit; copy that pattern for any new shared +preparation. Plain `maven-dependency-plugin:unpack` into a shared directory +is NOT thread-safe for the first-extraction window even with markers. + ## Running the TCK in Docker (needs updating to recent versions) diff --git a/tck/app-ldap2/src/main/java/ee/jakarta/tck/security/test/LdapSetup.java b/tck/app-ldap2/src/main/java/ee/jakarta/tck/security/test/LdapSetup.java index 29078e1b..a6f4c65d 100644 --- a/tck/app-ldap2/src/main/java/ee/jakarta/tck/security/test/LdapSetup.java +++ b/tck/app-ldap2/src/main/java/ee/jakarta/tck/security/test/LdapSetup.java @@ -28,7 +28,7 @@ import jakarta.ejb.Startup; /** - * Starts up the embedded Unboundid LDAP server on port 33389 and loads a test directory + * Starts up the embedded Unboundid LDAP server on port 33390 and loads a test directory * into it containing the same caller- and roles names as the Database and Embedded idenity * stores are using. * @@ -45,7 +45,7 @@ public void init() { try { InMemoryDirectoryServerConfig config = new InMemoryDirectoryServerConfig("dc=net"); config.setListenerConfigs( - new InMemoryListenerConfig("myListener", null, 33389, null, null, null)); + new InMemoryListenerConfig("myListener", null, 33390, null, null, null)); directoryServer = new InMemoryDirectoryServer(config); diff --git a/tck/app-ldap2/src/main/java/ee/jakarta/tck/security/test/Servlet.java b/tck/app-ldap2/src/main/java/ee/jakarta/tck/security/test/Servlet.java index 8a77f87e..c13c6627 100644 --- a/tck/app-ldap2/src/main/java/ee/jakarta/tck/security/test/Servlet.java +++ b/tck/app-ldap2/src/main/java/ee/jakarta/tck/security/test/Servlet.java @@ -30,7 +30,7 @@ * this caller is in any of the roles {foo, bar, kaz} */ @LdapIdentityStoreDefinition( - url = "ldap://localhost:33389/", + url = "ldap://localhost:33390/", bindDn = "uid=ldap,ou=apps,dc=jsr375,dc=net", bindDnPassword = "changeOnInstall", callerSearchBase = "dc=jsr375,dc=net", diff --git a/tck/app-ldap3/src/main/java/ee/jakarta/tck/security/test/LdapSetup.java b/tck/app-ldap3/src/main/java/ee/jakarta/tck/security/test/LdapSetup.java index 29078e1b..8deb8940 100644 --- a/tck/app-ldap3/src/main/java/ee/jakarta/tck/security/test/LdapSetup.java +++ b/tck/app-ldap3/src/main/java/ee/jakarta/tck/security/test/LdapSetup.java @@ -28,7 +28,7 @@ import jakarta.ejb.Startup; /** - * Starts up the embedded Unboundid LDAP server on port 33389 and loads a test directory + * Starts up the embedded Unboundid LDAP server on port 33391 and loads a test directory * into it containing the same caller- and roles names as the Database and Embedded idenity * stores are using. * @@ -45,7 +45,7 @@ public void init() { try { InMemoryDirectoryServerConfig config = new InMemoryDirectoryServerConfig("dc=net"); config.setListenerConfigs( - new InMemoryListenerConfig("myListener", null, 33389, null, null, null)); + new InMemoryListenerConfig("myListener", null, 33391, null, null, null)); directoryServer = new InMemoryDirectoryServer(config); diff --git a/tck/app-ldap3/src/main/java/ee/jakarta/tck/security/test/Servlet.java b/tck/app-ldap3/src/main/java/ee/jakarta/tck/security/test/Servlet.java index efc7571c..f7540ddf 100644 --- a/tck/app-ldap3/src/main/java/ee/jakarta/tck/security/test/Servlet.java +++ b/tck/app-ldap3/src/main/java/ee/jakarta/tck/security/test/Servlet.java @@ -30,7 +30,7 @@ * this caller is in any of the roles {foo, bar, kaz} */ @LdapIdentityStoreDefinition( - url = "ldap://localhost:33389/", + url = "ldap://localhost:33391/", bindDn = "uid=ldap,ou=apps,dc=jsr375,dc=net", bindDnPassword = "changeOnInstall", callerSearchBase = "dc=jsr375,dc=net", diff --git a/tck/app-openid/src/main/java/ee/jakarta/tck/security/test/client/defaulttests/OpenIdConfig.java b/tck/app-openid/src/main/java/ee/jakarta/tck/security/test/client/defaulttests/OpenIdConfig.java index b7616568..a5d2ecab 100644 --- a/tck/app-openid/src/main/java/ee/jakarta/tck/security/test/client/defaulttests/OpenIdConfig.java +++ b/tck/app-openid/src/main/java/ee/jakarta/tck/security/test/client/defaulttests/OpenIdConfig.java @@ -22,7 +22,9 @@ import jakarta.annotation.PostConstruct; import jakarta.enterprise.context.Dependent; +import jakarta.inject.Inject; import jakarta.inject.Named; +import jakarta.servlet.http.HttpServletRequest; @Named @Dependent @@ -35,6 +37,9 @@ public class OpenIdConfig { private Properties config; + @Inject + private HttpServletRequest request; + @PostConstruct public void init() { config = new Properties(); @@ -71,4 +76,14 @@ public String getClientSecret() { return OidcProvider.CLIENT_SECRET_VALUE; } + + /** + * Provider URI computed from the live request's host:port so the test runs + * against whatever HTTP listener the GlassFish slot has bound (the dist's + * default 8080, the pool's 14849, etc.) without recompiling. + */ + public String getProviderURI() { + return "http://" + request.getServerName() + ":" + request.getServerPort() + + "/openid-server/webresources/oidc-provider-demo"; + } } diff --git a/tck/app-openid/src/main/java/ee/jakarta/tck/security/test/client/defaulttests/SecuredServlet.java b/tck/app-openid/src/main/java/ee/jakarta/tck/security/test/client/defaulttests/SecuredServlet.java index 046953f4..10919f02 100644 --- a/tck/app-openid/src/main/java/ee/jakarta/tck/security/test/client/defaulttests/SecuredServlet.java +++ b/tck/app-openid/src/main/java/ee/jakarta/tck/security/test/client/defaulttests/SecuredServlet.java @@ -37,7 +37,7 @@ */ @WebServlet("/Secured") @OpenIdAuthenticationMechanismDefinition( - providerURI = "http://localhost:8080/openid-server/webresources/oidc-provider-demo", + providerURI = "${openIdConfig.providerURI}", clientId = CLIENT_ID_VALUE, clientSecret = CLIENT_SECRET_VALUE, redirectURI = "${baseURL}/Callback") diff --git a/tck/app-openid/src/main/java/ee/jakarta/tck/security/test/client/defaulttests/SecuredServletWithEL.java b/tck/app-openid/src/main/java/ee/jakarta/tck/security/test/client/defaulttests/SecuredServletWithEL.java index a72f3f29..e9c7046d 100644 --- a/tck/app-openid/src/main/java/ee/jakarta/tck/security/test/client/defaulttests/SecuredServletWithEL.java +++ b/tck/app-openid/src/main/java/ee/jakarta/tck/security/test/client/defaulttests/SecuredServletWithEL.java @@ -34,7 +34,7 @@ */ @WebServlet("/Secured") @OpenIdAuthenticationMechanismDefinition( - providerURI = "http://localhost:8080/openid-server/webresources/oidc-provider-demo", + providerURI = "${openIdConfig.providerURI}", clientId = "${openIdConfig.clientId}", clientSecret = "${openIdConfig.clientSecret}", redirectURI = "${openIdConfig.redirectURI}") diff --git a/tck/app-openid/src/main/java/ee/jakarta/tck/security/test/server/OidcProvider.java b/tck/app-openid/src/main/java/ee/jakarta/tck/security/test/server/OidcProvider.java index e765c295..2221bd87 100644 --- a/tck/app-openid/src/main/java/ee/jakarta/tck/security/test/server/OidcProvider.java +++ b/tck/app-openid/src/main/java/ee/jakarta/tck/security/test/server/OidcProvider.java @@ -73,9 +73,11 @@ import jakarta.ws.rs.PathParam; import jakarta.ws.rs.Produces; import jakarta.ws.rs.QueryParam; +import jakarta.ws.rs.core.Context; import jakarta.ws.rs.core.MediaType; import jakarta.ws.rs.core.Response; import jakarta.ws.rs.core.Response.ResponseBuilder; +import jakarta.ws.rs.core.UriInfo; /** * @author Gaurav Gupta @@ -97,6 +99,18 @@ public class OidcProvider { private static final String HTTPS_HOST = "https://localhost:"; + /** + * Hardcoded base URL inside the static openid-configuration.json template + * and the JWT issuer claim. Rewritten at request time to {@link #issuer()} + * so the metadata and tokens match whatever HTTP listener GlassFish is + * actually bound to (the dist's default 8080, the pool's 14849, etc.). + */ + private static final String TEMPLATE_BASE_URL = + "http://localhost:8080/openid-server/webresources/oidc-provider-demo"; + + @Context + private UriInfo uriInfo; + private static String nonce; boolean rolesInUserInfoEndpoint; @@ -133,21 +147,20 @@ public Response getConfiguration() { } } catch (IOException ex) {} - if (oidcProviderHttpsPort != null && !oidcProviderHttpsPort.isEmpty()) { - String httpsHostAndPort = HTTPS_HOST + oidcProviderHttpsPort; - result = useHttpsHostAndPort(result, "http://localhost:8080/openid-server/webresources/oidc-provider-demo/auth", httpsHostAndPort); - result = useHttpsHostAndPort(result, "http://localhost:8080/openid-server/webresources/oidc-provider-demo/token", httpsHostAndPort); - result = useHttpsHostAndPort(result, "http://localhost:8080/openid-server/webresources/oidc-provider-demo/userinfo", httpsHostAndPort); - result = useHttpsHostAndPort(result, "http://localhost:8080/openid-server/webresources/oidc-provider-demo/revoke", httpsHostAndPort); - result = useHttpsHostAndPort(result, "http://localhost:8080/openid-server/webresources/oidc-provider-demo/certs", httpsHostAndPort); - } + // Rewrite every TEMPLATE_BASE_URL/ in the metadata to either the live + // HTTPS host:port (when configured) or the live HTTP base. Done in one pass + // so the issuer URL also tracks the live request. + String liveBase = (oidcProviderHttpsPort != null && !oidcProviderHttpsPort.isEmpty()) + ? HTTPS_HOST + oidcProviderHttpsPort + "/openid-server/webresources/oidc-provider-demo" + : issuer(); + result = result.replace(TEMPLATE_BASE_URL, liveBase); return Response.ok(result).header("Access-Control-Allow-Origin", "*").build(); } - private String useHttpsHostAndPort(String result, String endpoint, String httpsHostAndPort) { - String path = endpoint.substring(21); - return result.replace(endpoint, httpsHostAndPort + path); + /** Live request's base URL for this resource — used as both metadata issuer and JWT iss claim. */ + private String issuer() { + return uriInfo.getBaseUriBuilder().path("oidc-provider-demo").build().toString(); } @GET @@ -209,7 +222,7 @@ public Response tokenEndpoint( .build(); JWTClaimsSet.Builder jwtClaimsBuilder = new JWTClaimsSet.Builder() - .issuer("http://localhost:8080/openid-server/webresources/oidc-provider-demo") + .issuer(issuer()) .subject(getSubject()) .audience(List.of(CLIENT_ID_VALUE)) .expirationTime(new Date(now.getTime() + 1000 * 60 * 10)) diff --git a/tck/app-openid/src/test/java/ee/jakarta/tck/security/test/OpenIdTestUtil.java b/tck/app-openid/src/test/java/ee/jakarta/tck/security/test/OpenIdTestUtil.java index 939f549d..aa6f6e06 100644 --- a/tck/app-openid/src/test/java/ee/jakarta/tck/security/test/OpenIdTestUtil.java +++ b/tck/app-openid/src/test/java/ee/jakarta/tck/security/test/OpenIdTestUtil.java @@ -34,6 +34,7 @@ import ee.jakarta.tck.security.test.client.CallbackServlet; import ee.jakarta.tck.security.test.client.UnsecuredServlet; import ee.jakarta.tck.security.test.client.UserNameServlet; +import ee.jakarta.tck.security.test.client.defaulttests.OpenIdConfig; import ee.jakarta.tck.security.test.server.ApplicationConfig; import ee.jakarta.tck.security.test.server.OidcProvider; @@ -81,6 +82,9 @@ public static WebArchive createClientDeployment(Class... additionalClasses) { .addClass(CallbackServlet.class) .addClass(UnsecuredServlet.class) .addClass(UserNameServlet.class) + // OpenIdConfig is the @Named CDI bean now backing every Secured* + // servlet's providerURI EL expression — needed by all client deployments. + .addClass(OpenIdConfig.class) .addClasses(additionalClasses) .addAsWebInfResource("beans.xml"); diff --git a/tck/app-openid2/pom.xml b/tck/app-openid2/pom.xml index a07ade7a..9293a7bf 100644 --- a/tck/app-openid2/pom.xml +++ b/tck/app-openid2/pom.xml @@ -132,15 +132,30 @@ - - - + + + + + + + + @@ -172,42 +187,8 @@ - - org.codehaus.mojo - keytool-maven-plugin - 2.0.2 - - - import-tomcat-cert - pre-integration-test - - importCertificate - - - ${project.basedir}/tomcat.cert - tomcat - ${trustStore.path} - ${trustStore.password} - true - true - true - - - - delete-tomcat-cert - post-integration-test - - deleteAlias - - - tomcat - ${trustStore.path} - ${trustStore.password} - true - - - - + + diff --git a/tck/app-openid3/localhost-rsa.jks b/tck/app-openid3/localhost-rsa.jks index f5226568..0cb11e0a 100644 Binary files a/tck/app-openid3/localhost-rsa.jks and b/tck/app-openid3/localhost-rsa.jks differ diff --git a/tck/app-openid3/pom.xml b/tck/app-openid3/pom.xml index 6da44468..85df9c8a 100644 --- a/tck/app-openid3/pom.xml +++ b/tck/app-openid3/pom.xml @@ -124,18 +124,33 @@ Replacing in ${tomcat.dir} - + - - - + + + + + + + + @@ -167,42 +182,8 @@ - - org.codehaus.mojo - keytool-maven-plugin - 2.0.2 - - - import-tomcat-cert - pre-integration-test - - importCertificate - - - ${project.basedir}/tomcat.cert - tomcat - ${trustStore.path} - ${trustStore.password} - true - true - true - - - - delete-tomcat-cert - post-integration-test - - deleteAlias - - - tomcat - ${trustStore.path} - ${trustStore.password} - true - - - - + + diff --git a/tck/app-openid3/server.xml b/tck/app-openid3/server.xml index 43188665..e3cff4ab 100644 --- a/tck/app-openid3/server.xml +++ b/tck/app-openid3/server.xml @@ -15,7 +15,7 @@ --> - + @@ -32,7 +32,7 @@ - diff --git a/tck/app-openid3/src/main/java/ee/jakarta/tck/security/test/ProtectedServlet.java b/tck/app-openid3/src/main/java/ee/jakarta/tck/security/test/ProtectedServlet.java index eac9bb24..eb40857c 100644 --- a/tck/app-openid3/src/main/java/ee/jakarta/tck/security/test/ProtectedServlet.java +++ b/tck/app-openid3/src/main/java/ee/jakarta/tck/security/test/ProtectedServlet.java @@ -38,7 +38,7 @@ // The Mitre "openid-connect-server-webapp" provider that we deploy via pom.xml // The OpenId authentication mechanism directs us to here when logging in. - providerURI = "https://localhost:8443/openid-connect-server-webapp", + providerURI = "https://localhost:8444/openid-connect-server-webapp", // The ID of default client provided by Mitre. // See openid-connect-server-webapp/WEB-INF/classes/db/hsql/clients.sql: diff --git a/tck/app-openid3/tomcat.cert b/tck/app-openid3/tomcat.cert index 34ecbe05..8c336d34 100644 --- a/tck/app-openid3/tomcat.cert +++ b/tck/app-openid3/tomcat.cert @@ -1,21 +1,21 @@ -----BEGIN CERTIFICATE----- -MIIDeTCCAmGgAwIBAgIIcK6YkkSkzCwwDQYJKoZIhvcNAQELBQAwazELMAkGA1UE +MIIDeTCCAmGgAwIBAgIIA7nA+YhYdgswDQYJKoZIhvcNAQELBQAwazELMAkGA1UE BhMCbmwxEDAOBgNVBAgTB2hvbGxhbmQxEjAQBgNVBAcTCWFtc3RlcmRhbTEQMA4G A1UEChMHZWNsaXBzZTEQMA4GA1UECxMHamFrYXJ0YTESMBAGA1UEAxMJbG9jYWxo -b3N0MB4XDTIyMTIwOTIyMjM1OVoXDTIzMDMwOTIyMjM1OVowazELMAkGA1UEBhMC +b3N0MB4XDTI1MDgwNjE1NTYzOVoXDTM1MDgwNDE1NTYzOVowazELMAkGA1UEBhMC bmwxEDAOBgNVBAgTB2hvbGxhbmQxEjAQBgNVBAcTCWFtc3RlcmRhbTEQMA4GA1UE ChMHZWNsaXBzZTEQMA4GA1UECxMHamFrYXJ0YTESMBAGA1UEAxMJbG9jYWxob3N0 -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyVui1k3XIof7ub0zn8VW -TRkRHK0cgbPLKRiyv/K4kFANWfsAil8jAkFEMkzCOsAtEGSkb5VtXZPXFKNxqLms -F4SXZf6BlthVm4Llk/HrBjR1AA4WoRe6GmOtAvJkPzHC18ysQiGT+lODh4Rk3tDn -R845ACw1dwMXsU1Vku58tbrllqfTFmrLzuOgTMn72RZS4WShvSW9Q2oPzMvX8+xl -lU6XP0Sg+zfujVj8HVjZWqjbRmhp8AN1tdBKd6tQ97f3cwdHr7NzTaHwEYdu9iSy -7PXvCsfjcZW03f7urCvVcti7gdqxHpWJxUGZsaah0E+jfdXZ56vHvifKibIlxPwL -4wIDAQABoyEwHzAdBgNVHQ4EFgQUJOd5/soSTVLtSKFd76h9Aax/qUAwDQYJKoZI -hvcNAQELBQADggEBAJJNB1Z/wEZh5tP4cPBNxqrvRqhwyTBoQVOfMz44ws16Ephm -BxquCim/vX/XstbRlxPgV4RUS1UWrvdJYrbZq5b+TNOfEn+Dz1yZ9VTlp1cbGHKG -a8IcjuQnXxEQYUfA1DeD5uEVoZsOUCw/BU/1pDFVsvxlsGnKvU3q7MD9OyM5Tqz/ -ImKmFTxH1qf9D0lFZj8qzhBONBXh+eEeq64NFNouGr9ya7V8FH2tKmeSXTnSuK/z -b+VxkfKwogO++JFYoNSifhpKzzPInK9qUsX4xfTLBF2K7THkBbm99wsw8jp4lkd8 -mLifgwyUQJ0zEP7OOkzVSh8/V5gt/N5IcvFFvLk= +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoeMV3BN5XH8XtL4uUuS9 +cRoyfa9hAruDiZlV7X+5atdONZV45IQrz/TpS/a07bPG9iRaqA8i4PSGroADBpuP +9YtPzqZvGc+OBsISiTW9X6GddC3YHGbfrIcDVx37mbSIXn1NZbpz1FZD8nYOHQEn +WKwgNcLKHbnMST/Wm8Q9LYjQjWV0Fjg5DEgTi6IDoZV3rTTaiHnxQ+FXy90NmIv/ +fnxtBSDQJ6mEmHDomF4IqFSstM+jQqOpx935q5SuRM9tews+SXjVFg0U8KxcAq9Y +UZcpTUpWv5DPA7NUkTNAEwGpDhZdCRbMQ+0NrCeesKtT3prBle8u84qn2KgQDkMp +ywIDAQABoyEwHzAdBgNVHQ4EFgQUlNlERDXVaatRCss/2aSwyEXoc1QwDQYJKoZI +hvcNAQELBQADggEBAB67LkMg8wIjMaqcjb7QPomkpLp8MDYxwHQrp6pIeJfzqNBQ +J7TKL4/08LRTShLjYDPUXZ5km9eEBmoTX+wGzw1Lla7mPn7OS+jWbUlMGAVUMJ9K +vfz7DdRLuFn44kJGJG7Tgan/3mYXwoAKNn9hRuUTRy4gDAecFQkHzAWNCWCQK/eP +6ZpAWu0sj5vEMmrBlwbUTIUfuAGt55G5g/JWNL6YKXftys6FtawwgpZxxpV/BLMH +cYW7s5Q6s0rZKvG5fcXsO4T3btw9Eq0U+Ul1DFHXbLOI8r5tSDabZLNIxrqKkrT/ +5Fs8NE6j63mbBfrHGN5MS4mjFh+MqklHotGitp8= -----END CERTIFICATE----- diff --git a/tck/common/src/main/resources/arquillian.xml b/tck/common/src/main/resources/arquillian.xml index 0c4517c7..b4e728a3 100644 --- a/tck/common/src/main/resources/arquillian.xml +++ b/tck/common/src/main/resources/arquillian.xml @@ -22,6 +22,19 @@ + + + + ${gf.pool.dir} + + + xml diff --git a/tck/pom.xml b/tck/pom.xml index 8b49f045..bed6cb73 100644 --- a/tck/pom.xml +++ b/tck/pom.xml @@ -192,7 +192,30 @@ ${project.basedir}/LICENSE_EFTL.md 5.0.0-SNAPSHOT 1.10.1.Final - + + + 9.0.0-SNAPSHOT + 2.2.0-SNAPSHOT + false + false + 5.0.0 + + + 1 + ${maven.multiModuleProjectDirectory}/target/pool + ${maven.multiModuleProjectDirectory}/target/dist + ${gf.pool.dist}/glassfish9 + 14848 + 100 + + true + false + ${project.basedir}/target @@ -400,6 +423,49 @@ maven-site-plugin 3.21.0 + + ee.omnifish.arquillian + glassfish-pool-maven-plugin + ${glassfish.arquillian.version} + + ${gf.pool.dir} + ${gf.pool.source} + ${gf.pool.size} + ${gf.pool.adminBase} + ${gf.pool.portStride} + ${gf.pool.dist} + ${gf.pool.unpack.skip} + + org.glassfish.main.distributions + glassfish + ${glassfish.version} + zip + + + + jakarta.security.enterprise + jakarta.security.enterprise-api + ${security-api.version} + jakarta.security-api.jar + ${security.api.noupdate} + + + org.glassfish.soteria + soteria + ${soteria.version} + soteria.jar + ${soteria.noupdate} + + + org.glassfish.soteria + soteria.spi.bean.decorator.weld + ${soteria.version} + soteria.spi.bean.decorator.weld.jar + ${soteria.noupdate} + + + + @@ -457,6 +523,8 @@ 3.5.5 + aggregate-failsafe-report + false post-integration-test failsafe-report-only @@ -467,6 +535,26 @@ true + + + + org.cyclonedx + cyclonedx-maven-plugin + + + default + none + + + aggregate-bom-root + false + verify + + makeAggregateBom + + + + @@ -496,24 +584,10 @@ - 9.0.0-SNAPSHOT - 2.1.3 - 8080 - glassfish9 - ${project.build.directory} - - ${glassfish.root}/${glassfish.dirName} - - - p12 - ${glassfish.home}/glassfish/domains/domain1/config/cacerts.${trustStore.suffix} + p12 + ${gf.pool.dir}/slot-1/glassfish/glassfish/domains/domain1/config/cacerts.${trustStore.suffix} changeit - - false - - false - 5.0.0 - + - unpack - process-test-classes - - unpack - - - ${skipITs} - ${glassfish.root} - ${glassfish.root}/dependency-maven-plugin-markers - - - org.glassfish.main.distributions - glassfish - ${glassfish.version} - zip - true - ${glassfish.root} - - - - - - - - update-security-api - process-test-classes + expose-degree-of-concurrency + initialize - copy + bsh-property - ${security.api.noupdate} - - - jakarta.security.enterprise - jakarta.security.enterprise-api - ${security-api.version} - jar - true - ${glassfish.root}/glassfish9/glassfish/modules - jakarta.security-api.jar - - + + maven.degreeOfConcurrency = ${session.request.degreeOfConcurrency}; + + + maven.degreeOfConcurrency + + + - + + + org.apache.maven.plugins + maven-dependency-plugin + - update-security-impl - process-test-classes - - copy - + resolve-glassfish-dist + validate + get - ${soteria.noupdate} - - - org.glassfish.soteria - soteria - ${soteria.version} - jar - true - ${glassfish.root}/glassfish9/glassfish/modules - soteria.jar - - - org.glassfish.soteria - soteria.spi.bean.decorator.weld - ${soteria.version} - jar - true - ${glassfish.root}/glassfish9/glassfish/modules - soteria.spi.bean.decorator.weld.jar - - + org.glassfish.main.distributions:glassfish:${glassfish.version}:zip + + org.apache.maven.plugins maven-antrun-plugin 3.0.0 - set-port - pre-integration-test - - run - + prepare-source-glassfish + validate + run - ${skipITs} - Replacing in ${glassfish.home} - - - + + + + - + + + ee.omnifish.arquillian + glassfish-pool-maven-plugin + + + javax.net.ssl.trustStorePassword=${trustStore.password} + + + + + pool-up + initialize + up + + + + maven-install-plugin 3.1.4 - unpack - pre-integration-test + install-vendor-api + false + initialize install-file - ${glassfish.root}/glassfish9/glassfish/modules/jakarta.security.enterprise-api.jar + ${gf.pool.source}/glassfish/modules/jakarta.security.enterprise-api.jar ${sigtest.api.groupId} ${sigtest.api.artifactId} ${sigtest.api.version} @@ -700,19 +754,19 @@ - + org.apache.maven.plugins maven-failsafe-plugin - ${glassfish.home} + ${gf.pool.dir} + ${gf.pool.source} + ${gf.pool.adminBase} + ${gf.pool.portStride} + ${gf.pool.restartOnRelease} ${trustStore.path} ${trustStore.password} - - javax.net.debug=${glassfish.javax.net.debug} - javax.net.ssl.trustStorePassword=${trustStore.password} -