java jboss-arquillian java-ee-7 glassfish-embedded

How to test login/authentication with Arquillian - Java EE 7

We have a Java EE 7 application and use Arquillian to test stuff. Now we want to check for some permissions of the currently logged in user. My question is quite basic, how do I login a user when inside a testcase? I have read ProgrammaticLogin doesnt work in arquillian tests and Embedded Glassfish, security and Arquillian questions but they are not clearly answered. My current approach is something like this:

// Inject services etc.  

@Test
public void testLogin(){

    UserAccount user = new UserAccount();
    user.setUsername("bob");
    user.setPassword("bob");
    userAccountService.save(user);

    ProgrammaticLogin pl = new ProgrammaticLogin();
    String realmName = "secureJDBCRealm";
    try {
        pl.login("bob", "bob".toCharArray(), realmName, true);
    } catch (Exception e){
        e.printStackTrace();
    }
}

Now when I try to run this, a get a LoginException claiming that I have no LoginModule configured for "fileRealm". But "fileRealm" is not the realm i am searching for (I put it there to test first time, but then i changed it to "secureJDBCRealm", which is our custom Security Realm for GlassFish). We use arquillian-glassfish-embedded-3.1 for testing.

Does anybody know where to define the Realm for Arquillian?
Why does my application keep looking for fileRealm? Is this the default value? (couldn't find any specs here)

Solution

Arquillian does not provide any support for defining realms. Instead you need to configure the realm in the container yourself. This is somewhat tricky when using an embedded Glassfish container but it is doable.

I am assuming that secureJDBCRealm is a custom realm and not one of the standard/built-in Glassfish Realms. In order to configure a custom realm in a embedded Glassfish container you need to:

Place a login.conf file on the test class path that references the realm. To do this add a config directory to your resources directory and place login.conf inside that directory. Your login.conf will look something like this
```
secureJDBCRealm {
   com.blah.blah.LoginModule required;
};
```
Your custom realm along with any dependencies need to be on the test class path.

You need to programmatically create the realm in glassfish. This can be done via org.glassfish.embeddable.CommandRunner. Luckily the Arquillian Embedded Container makes this available via JNDI which means you can do the following:

@Resource(mappedName = "org.glassfish.embeddable.CommandRunner") CommandRunner commandRunner;

public void configureLoginRealm() {
    CommandResult commandResult = commandRunner.run("create-auth-realm", "--classname=com.blah.blah.SecureJDBCRealm", "--property=jaas-context= secureJDBCRealm", "secure-JDBC-realm");
    log.debug(commandResult.getExitStatus().toString() + " " + commandResult.getOutput());
    Throwable throwable = commandResult.getFailureCause();
    if (throwable != null) {
        log.error(throwable.getMessage(), throwable);
    }
}

}

You can then programmatically login with

ProgrammaticLogin pl = new ProgrammaticLogin();
String realmName = "secureJDBCRealm";
try {
    pl.login("bob", "bob".toCharArray(), realmName, true);
} catch (Exception e){
    e.printStackTrace();
} finally {
    pl.logout();
}