Running
Tomcat
setenv.[sh|bat]
Set the following system properties
- -Dorg.apache.catalina.STRICT_SERVLET_COMPLIANCE=true
- -Dorg.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR=false
- -Duser.language=en
- -Duser.country=US
context.xml
Make the following changes:
<Context crossContext="true" resourceOnlyServlets="jsp">
<CookieProcessor className="org.apache.tomcat.util.http.LegacyCookieProcessor" alwaysAddExpires="true" forwardSlashIsSeparator="false" />
...
</Context>
tomcat-users.xml
Make the following changes:
<user username="CN=CTS, OU=Java Software, O=Sun Microsystems Inc., L=Burlington, ST=MA, C=US" roles="Administrator"/>
<user username="j2ee" password="j2ee" roles="Administrator,Employee" />
<user username="javajoe" password="javajoe" roles="VP,Manager" />
server.xml
Enable h2c on port 8080, and add some trailer headers
<Connector ... allowedTrailerHeaders="myTrailer, myTrailer2">
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
</Connector>
Enable TLS on port 8443
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true">
<SSLHostConfig truststoreFile="conf/cacerts.jks">
<Certificate certificateKeystoreFile="conf/clientcert.jks"
certificateKeystorePassword="changeit"
type="RSA" />
</SSLHostConfig>
</Connector>
Remove the lock-out realm
Client certificate tests: see below
Test Suite
Download latest nightly build
https://download.eclipse.org/ee4j/jakartaee-tck/8.0.1/nightly/servlettck-4.0_latest.zip
Extract to SERVLET_TCK_HOME
Import bin/cts_cert to a truststore doing: "keytool -import -alias cts -file cts_cert -storetype JKS -keystore cacerts.jks" password should be "changeit"
Create the truststore using "keytool -import -alias cts -file cts_cert -storetype JKS -keystore cacerts.jks" password should be "changeit"
Place cacerts.jks truststore in $SERVLET_TCK_HOME/bin/certificates
Add $SERVLET_TCK_HOME/bin/certificates/cacerts.jks and $SERVLET_TCK_HOME/bin/certificates/clientcert.jks in the Tomcat conf folder
Edit $SERVLET_TCK_HOME/bin/ts.jte
You'll need to set the following properties (adjust the paths and values for your environment)
web.home=/path/to/tomcat
servlet.classes=${web.home}/lib/servlet-api.jar:${web.home}/lib/annotations-api.jarwebServerHost=localhost
webServerPort=8080
securedWebServicePort=8443
command.testExecute += -Djava.endorsed.dirs=${ts.home}/endorsedlib -Djavax.net.ssl.trustStore=${ts.home}/bin/certificates/cacerts.jksset JAVA_HOME
cd $SERVLET_TCK_HOME/bin
ant gui
Accept the defaults and then run the tests
Expected results
A default 9.0.x build with the above configuration triggers 10 test failures
2 Expected failures
- 1 x signature test as Tomcat has added a missing \@Deprecated annotation
- 1 x default context path test as Tomcat configuration always overrides this
8 TCK bugs
- 1 x case sensitive HTTP header checks
- 5 * com/sun/ts/tests/servlet/spec/security/denyUncovered/* use URLs which don't match the WAR name; it needs to be renamed from servlet_sec_denyUncovered_web.war to servlet_sec_denyUncovered.war (there is a proprietary descriptor to rectify the mapping on deployment for Glassfish, but it is not portable)
- 2 * com/sun/ts/tests/servlet/spec/security/secbasic/client.java#test7[_anno]
- Assertion is explained in the common class: https://github.com/eclipse-ee4j/jakartaee-tck/blob/master/src/com/sun/ts/tests/common/jspservletsec/SecBasicClient.java#L340
- I am not aware of this special behavior being mentioned anywhere
- https://github.com/eclipse-ee4j/jakartaee-tck/issues/44
Note the configuration above also works around 3 additional TCK bugs
- 2 x cookie tests assume server is running in en_US locale (fixed by setenv.sh changes that start Tomcat in that locale)
- 1 x missing endorsedLib configuration (fixed by command.testExecute change above)
1 Tomcat bug has also been fixed as a result of running the TCK
- 1 x Enable a PushBuilder to manipluate cookies via HTTP headers
3 Comments
Remy Maucherat
com/sun/ts/tests/servlet/api/javax_servlet_http/sessioncookieconfig/constructortest1 doesn't work for me, even with the -Duser.language=en -Duser.country=US apparently, did I miss something ?
Besides this, everything is now investigated and sorted out.
Mark Thomas
Don't think so. It is failing for me now. I'm wondering if some of the settings to fix issues are causing other issues.
Remy Maucherat
About this particular test, I'm not sure how to pass it yet, the trace looks unreasonable:
02-08-2019 14:53:13: TRACE: [SetCookieHandler] Set-Cookie header received: tck_cookie_name=5b761fc2c9d136a91625d33ed93befaf; version=1; comment=testing_session_cookie_config; domain=sun.com; max-age=50000; path="/servlet_jsh_sessioncookieconfig_web/testservlet"; secure; httponly
02-08-2019 14:53:13: TRACE: [SetCookieHandler] Found expected value, 'tck_cookie_name=' in Set-Cookie header returned by server.
02-08-2019 14:53:13: ERROR: [SetCookieHandler] Unable to find 'expires=' within the Set-Cookie header returned by the server.
02-08-2019 14:53:13: ERROR: [WebValidatorBase] Unable to find the following header in the server's response: Set-Cookie: TCK_Cookie_Name=##Expires=##Path=/servlet_jsh_sessioncookieconfig_web/TestServlet##Secure