How to create a Payara user account in an Arquillian functional test?

Question

I'm using Arquillian to deploy a Java EE WAR on Payara embedded for functional testing with Graphene. Everything works fine.

However, I'd like to know whether it's possible to test user authentication for @RolesAllowed protected RESTful methods. Afaik there's no way around creating users on the Java EE server and in GlassFish and Payara that's done in the web admin UI:

• I didn't find anything about a Payara RESTful or similar API for Payara admin tasks.
• There seems to be nothing created on the filesystem by the drone driver so that there's no access to the asadmin command.
• According to sudo netstat -tupln | grep java the Payara embedded process only opens port 8181 (HTTP) and 8182 (can't be opened in browser).
• My question is similar to How to test login with Arquillian - Java EE 7 whose answer doesn't work because CommandRunner isn't injected and a comment says the interface has changed - whatever that means.
• The approach in Embedded Glassfish, security and Arquillian questions doesn't work because it's unclear which Server class is used and none of the available ones match all method names (I tried all that pop up in NetBeans autocompletion).

I'm aware of the possbility to replace the embedded with a remote instance, but that's not part of the question.

I'm using Payara 4.1.2.174.

Answer 1

The preferred way to configure the embedded GlassFish/Payara is to configure a standalone Payara Server instance interactivey first (using Admin console or asadmin commands), copy the configuration from the domain (domain1) into test resources and then point the Arquillian container to the configuration.

The documentation of the Arquillian GlassFish embedded container describes that you can use the property instanceRoot to point to the whole domain directory or configurationXml to just point to the domain.xml in that directory.

In fact, the answer in your last link (https://stackoverflow.com/a/24967309/784594) explains precisely this scenarios and provides a ste-by-step guide. You shouldn't be using any Server class to configure the server, you can skip that step - if you secure your REST endpoint using basic HTTP authentication, you just need to send user and password in request headers.