Fish 8925 adding epicyro implementation

[breakponchito]

Implementing epicyro on Payara 7

Description

We are trying to decouple the Jakarta Authentication by using epicyro provider. Epicyro provideds most of the functionality needed to provide Jakarta Authentication mechanism.

Important Info

Blockers

Testing

New tests

Testing Performed

Manual testing by starting and deploying a web applications on payara:

Testing Environment

Windows 11, azul jdk 21, maven 3.9.5

Documentation

Notes for Reviewers

[breakponchito]

For now I can build the server but I have osgi issue to run server

[breakponchito]

Now the server can run but any of the web applications can be seen

[breakponchito]

From last changes I tried to set the exousia DefaultPolicy to fix an issue from authentication part that cause to not load any web application. Still in progress because now when trying to load default web application I'm seeing the following exception:

`
[#|2024-11-26T23:10:00.915-0600|ADVERTENCIA|Payara 7.2024.1.Alpha3|jakarta.enterprise.web|_ThreadID=217;_ThreadName=Thread-23;_TimeMillis=1732684200915;_LevelValue=900;|
java.lang.IllegalStateException: ContainerBase.addChild: start: org.apache.catalina.LifecycleException: org.glassfish.deployment.common.DeploymentException: Error in generating security policy for __admingui -- Cannot invoke "jakarta.security.jacc.Policy.refresh()" because the return value of "org.glassfish.exousia.AuthorizationService.getPolicy()" is null
java.lang.IllegalStateException: ContainerBase.addChild: start: org.apache.catalina.LifecycleException: org.glassfish.deployment.common.DeploymentException: Error in generating security policy for __admingui -- Cannot invoke "jakarta.security.jacc.Policy.refresh()" because the return value of "org.glassfish.exousia.AuthorizationService.getPolicy()" is null

`

[breakponchito]

I added more changes to set the default providers from exousia instead of our version and now partially load the resources of the admin console page:

still dealing with an issue to get the following two resources:

• com_sun_faces_ajax.js
• and the result after calling the j_security_check

[breakponchito]

finally the server is running again after latest changes to fix the callback handler validation for credentials:

[breakponchito]

@Pandrex247 right now checking how to fix some quicklook tests failures:

[breakponchito]

Jenkins test please

[Pandrex247]

Run against all currently passing TCKs kicked off here: https://jenkins.payara.fish/blue/organizations/jenkins/JakartaEE-11-TCK/detail/JakartaEE-11-TCK/90/pipeline

It seems that this causes quite a few other TCKs to start failing:

• Concurrency
• JAX-RS
• WebSockets

[Pandrex247]

From the authentication TCK runner, there appears to be numerous issues with deployment (which look similar to what's happening with the other TCKs):

org.apache.catalina.LifecycleException: org.glassfish.deployment.common.DeploymentException: Error in generating security policy for test.war -- State could not be DELETED but actual state is
	at org.apache.catalina.core.StandardContext.start(StandardContext.java:5775)
	at com.sun.enterprise.web.WebModule.start(WebModule.java:619)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:982)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:965)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:694)
	at com.sun.enterprise.web.WebContainer.loadWebModule(WebContainer.java:1811)
	at com.sun.enterprise.web.WebContainer.loadWebModule(WebContainer.java:1563)
	at com.sun.enterprise.web.WebApplication.start(WebApplication.java:107)
	at org.glassfish.internal.data.EngineRef.start(EngineRef.java:123)
	at org.glassfish.internal.data.ModuleInfo.start(ModuleInfo.java:292)
	at org.glassfish.internal.data.ApplicationInfo.start(ApplicationInfo.java:361)
	at com.sun.enterprise.v3.server.ApplicationLifecycle.initialize(ApplicationLifecycle.java:633)
	at org.glassfish.deployment.admin.DeployCommand.execute(DeployCommand.java:571)

[breakponchito]

Jenkins test please

[breakponchito]

@Pandrex247 still with 2 errors on the side of quicklook tests but now the TCK is passing: https://jenkins.payara.fish/blue/organizations/jenkins/JakartaEE-11-TCK/detail/JakartaEE-11-TCK/93/pipeline

[Pandrex247]

Ran against the authentication TCK as well here: https://jenkins.payara.fish/job/JakartaEE-11-TCK/94/
All the failures apart from the two modules which were failing before the Epicyro implementation are passing again now.
The two failing modules are "Profile SPI Servlet" and "Profile SPI SOAP".

The former fails oddly, it seems to fail to write to the authentication-trace-log.xml file for some reason.
The latter does manage to write to said file, but seems to hit some class loader issues when trying to deploy the app:

java.lang.ClassCastException: class com.sun.enterprise.security.webservices.WebServicesDelegateImpl cannot be cast to class org.glassfish.epicyro.services.RegistrationWrapperRemover (com.sun.enterprise.security.webservices.WebServicesDelegateImpl is in unnamed module of loader org.apache.felix.framework.BundleWiringImpl$BundleClassLoader @4b758edb; org.glassfish.epicyro.services.RegistrationWrapperRemover is in unnamed module of loader org.apache.felix.framework.BundleWiringImpl$BundleClassLoader @66543cf)

[Pandrex247]

This is testing a fairly fundamental aspect of the server - I wouldn't skip this because if we can't create and start instances I wouldn't say the server is in a releasable state (even as an alpha)

[Pandrex247]

On review, this failures only seems to affect clustered instances.
Standalone instances and instances in a deployment group are able to start correctly.

Reasons

[Pandrex247]

This is too large for me to really review in detail, but it's making its way through the TCKs and the server is operational 👍

I've spotted a couple of follow ups and have raised issues for them to be tackled later