Update testgroup "security" with more tests

[alwin-joseph]

Resolves https://github.com/jakartaee/rest/issues/1121

Related Issue : https://github.com/eclipse-ee4j/jakartaee-tck/issues/1097

More tests are added to test group (Junit Tags) "security" that was missed in https://github.com/jakartaee/rest/pull/1122.

Requesting fast-track review on this as the changes are involved only in tck. The new service release (3.1.1) of the TCK will be updated with this change and will be used for core profile ballot review.

cc @brideck @jansupol @arjantijms @spericas @starksm64

[brideck]

Should be good. Thanks for the fast PR!

[starksm64]

It looks like if I fail to include any xml binding jars in the test run client and exclude the xml_binding, servlet and security tags, I still see errors do to CNFE from the client side test runner:

[INFO] Results:
[INFO] 
[ERROR] Errors: 
[ERROR]   JAXRSClientIT.marshallTest:115 Fault jakarta.xml.bind.JAXBException: Implementation of Jakarta XML Binding-API has not been found on module path or classpath.
 - with linked exception:
[java.lang.ClassNotFoundException: org.glassfish.jaxb.runtime.v2.ContextFactory]
[ERROR]   JAXRSClientIT.unmarshallTest:172 Fault jakarta.xml.bind.JAXBException: Implementation of Jakarta XML Binding-API has not been found on module path or classpath.
 - with linked exception:
[java.lang.ClassNotFoundException: org.glassfish.jaxb.runtime.v2.ContextFactory]
[ERROR]   JAXRSClientIT.getSecurityContextTest:118->JaxrsCommonClient.invoke:219 » Fault [JAXRSCommonClient] null failed!  Check output for cause of failure.
[ERROR]   JAXRSBasicClientIT.basicAuthorizationAdminTest:134->JAXRSClient.invokeRequest:72->JAXRSCommonClient.invoke:328 » Fault [JAXRSCommonClient] null failed!  Check output for cause of failure.
[ERROR]   JAXRSBasicClientIT.basicAuthorizationStandardUserTest:194->JAXRSClient.invokeRequest:72->JAXRSCommonClient.invoke:328 » Fault [JAXRSCommonClient] null failed!  Check output for cause of failure.
[ERROR]   JAXRSClientIT.jaxbElementTest:506->mediaTest:714->assertHolder:756 » IllegalState RESTEASY004087: No suitable message body reader for class : ee.jakarta.tck.ws.rs.jaxrs21.ee.sse.sseeventsource.JAXRSClientIT$1
[ERROR]   JAXRSClientIT.xmlTest:528->mediaTest:714->assertHolder:751 » IllegalState RESTEASY004087: No suitable message body reader for class : jakarta.ws.rs.core.GenericType
[ERROR]   JAXRSClientIT.clientJaxbElementReaderTest:94 » Processing RESTEASY003145: Unable to find a MessageBodyReader of content-type text/xml;charset=UTF-8 and type class jakarta.xml.bind.JAXBElement
[ERROR]   JAXRSClientIT.clientJaxbElementWriterTest:124->standardWriterInvocation:143->JaxrsCommonClient.invoke:219 » Fault [JAXRSCommonClient] null failed!  Check output for cause of failure.
[ERROR]   JAXRSClientIT.byteArrayWriterContainerInterceptorTest:174->JaxrsCommonClient.invoke:209 » IllegalArgument Invalid uri '/jaxrs_spec_filter_interceptor_web/resource/postjaxb|/jaxrs_spec_filter_interceptor_web/resource/getbytearray/': escaped absolute path not valid
[ERROR]   JAXRSClientIT.fileWriterNoInterceptorTest:590->JaxrsCommonClient.invoke:209 » IllegalArgument Invalid uri '/jaxrs_spec_filter_interceptor_web/resource/postjaxb|/jaxrs_spec_filter_interceptor_web/resource/getfile/': escaped absolute path not valid
[ERROR]   JAXRSClientIT.jaxbReaderContainerInterceptorTest:781->getJaxbToken:80 Runtime jakarta.xml.bind.JAXBException: Implementation of Jakarta XML Binding-API has not been found on module path or classpath.
 - with linked exception:
[java.lang.ClassNotFoundException: org.glassfish.jaxb.runtime.v2.ContextFactory]
[ERROR]   JAXRSClientIT.jaxbReaderNoInterceptorTest:803->getJaxbToken:80 Runtime jakarta.xml.bind.JAXBException: Implementation of Jakarta XML Binding-API has not been found on module path or classpath.
 - with linked exception:
[java.lang.ClassNotFoundException: org.glassfish.jaxb.runtime.v2.ContextFactory]
[ERROR]   JAXRSClientIT.jaxbWriterClientInterceptorTest:873->JaxrsCommonClient.invoke:219 » Fault [JAXRSCommonClient] null failed!  Check output for cause of failure.
[ERROR]   JAXRSClientIT.readWriteJaxbProviderTest:111->setPropertyAndInvoke:67->JaxrsCommonClient.invoke:219 » Fault [JAXRSCommonClient] null failed!  Check output for cause of failure.
[INFO] 
[ERROR] Tests run: 2796, Failures: 0, Errors: 15, Skipped: 59
[INFO] 
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------

[brideck]

The client-related XML Binding ones don't necessarily surprise me. That is not a scenario I tinkered with, since the TCK's dependencies bring in those APIs by default -- you would have to willfully remove that in order to see problems, which I guess perhaps folks might do.

It's hard to tell since your output doesn't include the test classes, but some of the others seem like methods we've already excluded -- marshallTest/unmarshallTest from linkjaxbadapter, jaxbElementTest/xmlTest from sseeventsource, etc.

[brideck]

My test count when I ran earlier today (pre-PR 1124) was 2649, so it would appear that something maybe has gone wrong with your exclusions.

[starksm64]

Yeah, looking into one of the exception traces, the xml_binding test is still being run. Thanks, I'll dig in deeper.

[starksm64]

With correct excludes I'm just seeing the one security test failure that you added the PR for:

[INFO] Results:
[INFO] 
[ERROR] Errors: 
[ERROR]   JAXRSClientIT.getSecurityContextTest:118->JaxrsCommonClient.invoke:219 » Fault [JAXRSCommonClient] null failed!  Check output for cause of failure.
[INFO] 
[ERROR] Tests run: 2656, Failures: 0, Errors: 1, Skipped: 59
[INFO] 
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------

[arjantijms]

Looks good, thanks!