jst j2ee
test plan: Web validation		WTP LogoWTP Home
Introduction
 

Validation is provided for Web Application of version 2.2, 2.3 and 2.4. When validation runs both the web project structure, as well as the web.xml and any web related artifacts are validated. The following test scenario is aimed at exercising all validation checks to insure they are working properly. In order to properly test the validation, invalid states must be created by the user by editing the web.xml as well as the project structure. The following scenario gives a list of states the validator checks and instructions on how to edit your web app to achieve these "invalid" states.

Import an web application (one for each spec version) which contains examples needed to run all War related validation checks. Follow every step below for each archive web application.
Download the following 2.3 spec level war Test23Web.war. Navigate via the browse button and select this war from disk. Keep the default Project Name, select your Target runtime, and click finish.
For each of the following steps, open the web.xml....make the change needed, save then run validation (by building or selecting "Run Validation" after right clicking on the project) and check the problems view (note: you may need to open the Problems view by hand

Steps
 

  1. Servlet Mapping
    Navigate to the <servlet-mapping> tag
    • Change the name to "HellowServlet1". Save and run validaiton to see a warning
      CHKJ3004W: The servlet mapping "/HelloServlet" refers to a servlet that is not defined. web.xml WebValidationTest23/WebContent/WEB-INF
    • Undo this change and continue

  2. Authorized role for a servlet mapping
    Add the following to the dd after the <welcome-file-list> . Save and run validation. There should be no errors
    • <security-role>
          <description>This is a user He is cool</description>
          <role-name>user</role-name>
      </security-role>
      <security-role>
          <description>This is the boss</description>
          <role-name>manager</role-name>
      </security-role>

      and add the following to the <servlet> element

      <security-role-ref>
          <role-name>user role</role-name>
          <role-link>user</role-link>
      </security-role-ref>


    • Remove the role-name "user role" in the security-role-ref Error Invalid Security role name
    • Remove the role-link "user" in the security-role-ref Error InvalidSecurity role-link
    • Remove the role-name "user" on the security-role
      Error: Invalid Security role-link: user
      Error: Empty entry of type security role name
    • Undo this change but leave the security roles

  3. User roles that are permitted access to security roles
    • Add the following to the web.xml after the <welcome-filelist> tag and before the <security-role> tags
      <security-constraint>
          <web-resource-collection>
            <web-resource-name>secure content</web-resource-name>
            <description></description>
            <url-pattern>/secure</url-pattern>
            <http-method>PUT</http-method>
            <http-method>HEAD</http-method>
          </web-resource-collection>
          <auth-constraint>
            <description>this is secure</description>
            <role-name>user</role-name>
          </auth-constraint>
          <user-data-constraint>
              <transport-guarantee>INTEGRAL</transport-guarantee>
          </user-data-constraint>
      </security-constraint>

      and add the following

      <web-resource-collection>
            <web-resource-name>WRC1</web-resource-name>
            <description></description>
            <http-method>PUT</http-method>
            <http-method>GET</http-method>
      </web-resource-collection>
    • change the PUT or GET to RANDOM or JUNK and save.Notice the new error (then undo).
    • Renambe the <transport-guarantee> from INTEGRAL to RANDOM and save. Notice the new error (then undo).
    • Rename <role-name> from user to user 1 and save. Notice the new error (then undo).

  4. Login Authentication
    • Add the following to the web.xml after the <welcome-filelist> tag and before the <security-role> tags
      <login-config>
          <auth-method>FORM</auth-method>
          <form-login-config>
              <form-login-page>/index.html</form-login-page>
              <form-error-page>/error.html</form-error-page>
          </form-login-config>
      </login-config>
    • Rename <auth-method> FORM to BASIC and save. Notice the new validation warning. (then undo).
    • Rename <auth-method> FORM to RANDOM and save. Notice the new error (then undo).
    • Delete the <url-pattern> element in the <servlet-mapping>. Notice the new error (then undo).

  5. Session Timeout
    • Add the following to the web.xml after the <welcome-filelist> tag and before the <security-role> tags
      <session-config>
          <session-timeout>30</session-timeout>
      </session-config>
    • Change the 30 to 30.5 and save. Notice the new error (then undo).

  6. Error Code
    • Add the following to the web.xml after the <welcome-filelist> tag and before the <security-role> tags
      <error-page>
          <error-code>404</error-code>
          <location>/error.html</location>
      </error-page>
      <error-page>
          <exception-type>com.ibm.servlet.PageNotFoundException</exception-type> (Could not find class PageNotFoundException...)
          <location>/error.html</location>
      </error-page>
    • Verify that only error code can go into <error-code> by changing 404 to a string and save. Notice the new error (then undo)
    • Verify that only Java Exception Class can go into <exception-type> by changing to RANDOM and save. Notice the new error (then undo)

  7. Resource References
    • Add the following to the web.xml after the <welcome-filelist> tag and before the <security-role> tags
      <resource-ref id="ResourceRef_1">
          <description></description>
          <res-ref-name>HelloWorld</res-ref-name>
          <res-type>java.lang.Object</res-type>
          <res-auth>Container</res-auth>
      </resource-ref>
    • Verify <res-auth> can only be "Application" or "Servlet" by changing both to "RANDOM" and saving. Notice the new error (then undo).

  8. Filter
    • In the web.xml navigate to the the <filter> tag.
    • Change <filter-name> MyFilter </filter-name> to RANDOM and save. Notice the new error (then undo)
    • In the <filter-mapping> , change <filter-name> MyFilter </filter-name> to RANDOM and save. Notice the new error (then undo).

  9. Listener
    • Add the following to the web.xml after the <welcome-filelist> tag and before the <security-role> tags
      <listener>
          <listener-class>webtooling.MyListener</listener-class>
      </listener>
    • Change <listener-class> webtooling.MyListener </listener-class> to RANDOM and save. Notice the new error (then undo).

  10. Validation Enablement
    • Right click on one of your web projects and select properties. IN the Validation submenu, select override validation prefernces and deselect "War Validator". Now rerun one of the above steps to insure validation does not run on a build (note: it does by default) and that the Run Validation menu item is disabled.