You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2018/05/30 16:12:30 UTC
[cxf-fediz] branch master updated: Refactoring OIDC tests to make
it easier to subclass them
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git
The following commit(s) were added to refs/heads/master by this push:
new 0f51784 Refactoring OIDC tests to make it easier to subclass them
0f51784 is described below
commit 0f51784276e2e5ba4ef0b4abcf338ecb2b55fc3d
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed May 30 16:27:38 2018 +0100
Refactoring OIDC tests to make it easier to subclass them
---
systests/oidc/pom.xml | 8 +-
.../oidc/{OIDCTest.java => AbstractOIDCTest.java} | 209 +++++----------------
.../cxf/fediz/systests/oidc/OIDCTomcatTest.java | 157 ++++++++++++++++
.../{fediz_config.xml => fediz_config_tomcat.xml} | 2 +-
.../src/test/resources/realma/entities-realma.xml | 2 +-
5 files changed, 210 insertions(+), 168 deletions(-)
diff --git a/systests/oidc/pom.xml b/systests/oidc/pom.xml
index 6341a19..08cafdb 100644
--- a/systests/oidc/pom.xml
+++ b/systests/oidc/pom.xml
@@ -163,7 +163,7 @@
<version>${project.version}</version>
<type>war</type>
<overWrite>true</overWrite>
- <outputDirectory>target/tomcat/rp/webapps/fediz-oidc</outputDirectory>
+ <outputDirectory>target/tomcat/rp/webapps/fediz-oidc-tomcat</outputDirectory>
</artifactItem>
<artifactItem>
<groupId>org.apache.cxf.fediz.systests</groupId>
@@ -189,7 +189,7 @@
<goal>copy-dependencies</goal>
</goals>
<configuration>
- <outputDirectory>${basedir}/target/tomcat/rp/webapps/fediz-oidc/WEB-INF/lib</outputDirectory>
+ <outputDirectory>${basedir}/target/tomcat/rp/webapps/fediz-oidc-tomcat/WEB-INF/lib</outputDirectory>
<includeScope>compile</includeScope>
</configuration>
</execution>
@@ -224,7 +224,7 @@
<goal>copy-resources</goal>
</goals>
<configuration>
- <outputDirectory>${basedir}/target/tomcat/rp/webapps/fediz-oidc/WEB-INF</outputDirectory>
+ <outputDirectory>${basedir}/target/tomcat/rp/webapps/fediz-oidc-tomcat/WEB-INF</outputDirectory>
<resources>
<resource>
<directory>${basedir}/src/test/resources/oidc</directory>
@@ -252,7 +252,7 @@
<configuration>
<tasks>
<delete>
- <fileset dir="${basedir}/target/tomcat/rp/webapps/fediz-oidc/META-INF" includes="context.xml" />
+ <fileset dir="${basedir}/target/tomcat/rp/webapps/fediz-oidc-tomcat/META-INF" includes="context.xml" />
</delete>
</tasks>
</configuration>
diff --git a/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java b/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/AbstractOIDCTest.java
similarity index 86%
rename from systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
rename to systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/AbstractOIDCTest.java
index 7852f3f..5db05c4 100644
--- a/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
+++ b/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/AbstractOIDCTest.java
@@ -20,9 +20,6 @@
package org.apache.cxf.fediz.systests.oidc;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
import java.io.IOException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
@@ -40,7 +37,16 @@ import java.util.List;
import java.util.Locale;
import java.util.TimeZone;
-import javax.servlet.ServletException;
+import org.apache.catalina.LifecycleState;
+import org.apache.catalina.startup.Tomcat;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
+import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
+import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
+import org.apache.cxf.rs.security.jose.jwt.JwtToken;
+import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.wss4j.common.util.Loader;
+import org.junit.Assert;
import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
import com.gargoylesoftware.htmlunit.HttpMethod;
@@ -60,131 +66,16 @@ import com.gargoylesoftware.htmlunit.html.HtmlTextInput;
import com.gargoylesoftware.htmlunit.util.NameValuePair;
import com.gargoylesoftware.htmlunit.util.WebConnectionWrapper;
-import org.apache.catalina.Context;
-import org.apache.catalina.LifecycleException;
-import org.apache.catalina.LifecycleState;
-import org.apache.catalina.connector.Connector;
-import org.apache.catalina.startup.Tomcat;
-import org.apache.commons.io.IOUtils;
-import org.apache.cxf.fediz.tomcat8.FederationAuthenticator;
-import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
-import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
-import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
-import org.apache.cxf.rs.security.jose.jwt.JwtToken;
-import org.apache.http.auth.AuthScope;
-import org.apache.http.auth.UsernamePasswordCredentials;
-import org.apache.wss4j.common.util.Loader;
-import org.junit.AfterClass;
-import org.junit.Assert;
-import org.junit.BeforeClass;
-
/**
* Some OIDC tests.
*/
-public class OIDCTest {
-
- static String idpHttpsPort;
- static String rpHttpsPort;
-
- private static Tomcat idpServer;
- private static Tomcat rpServer;
+abstract class AbstractOIDCTest {
private static String storedClientId;
private static String storedClient2Id;
private static String storedClientPassword;
- @BeforeClass
- public static void init() throws Exception {
- idpHttpsPort = System.getProperty("idp.https.port");
- Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
- rpHttpsPort = System.getProperty("rp.https.port");
- Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
-
- idpServer = startServer(true, idpHttpsPort);
- rpServer = startServer(false, rpHttpsPort);
-
- loginToClientsPage(rpHttpsPort, idpHttpsPort);
- }
-
- private static Tomcat startServer(boolean idp, String port)
- throws ServletException, LifecycleException, IOException {
- Tomcat server = new Tomcat();
- server.setPort(0);
- String currentDir = new File(".").getCanonicalPath();
- String baseDir = currentDir + File.separator + "target";
- server.setBaseDir(baseDir);
-
- if (idp) {
- server.getHost().setAppBase("tomcat/idp/webapps");
- } else {
- server.getHost().setAppBase("tomcat/rp/webapps");
- }
- server.getHost().setAutoDeploy(true);
- server.getHost().setDeployOnStartup(true);
-
- Connector httpsConnector = new Connector();
- httpsConnector.setPort(Integer.parseInt(port));
- httpsConnector.setSecure(true);
- httpsConnector.setScheme("https");
- httpsConnector.setAttribute("keyAlias", "mytomidpkey");
- httpsConnector.setAttribute("keystorePass", "tompass");
- httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
- httpsConnector.setAttribute("truststorePass", "tompass");
- httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
- httpsConnector.setAttribute("clientAuth", "want");
- // httpsConnector.setAttribute("clientAuth", "false");
- httpsConnector.setAttribute("sslProtocol", "TLS");
- httpsConnector.setAttribute("SSLEnabled", true);
-
- server.getService().addConnector(httpsConnector);
-
- if (idp) {
- File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
- server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
-
- File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
- server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
- } else {
- File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-oidc");
- Context cxt = server.addWebapp("/fediz-oidc", rpWebapp.getAbsolutePath());
-
- // Substitute the IDP port. Necessary if running the test in eclipse where port filtering doesn't seem
- // to work
- File f = new File(currentDir + "/src/test/resources/fediz_config.xml");
- FileInputStream inputStream = new FileInputStream(f);
- String content = IOUtils.toString(inputStream, "UTF-8");
- inputStream.close();
- if (content.contains("idp.https.port")) {
- content = content.replaceAll("\\$\\{idp.https.port\\}", "" + idpHttpsPort);
-
- File f2 = new File(baseDir + "/test-classes/fediz_config.xml");
- try (FileOutputStream outputStream = new FileOutputStream(f2)) {
- IOUtils.write(content, outputStream, "UTF-8");
- }
- }
-
- FederationAuthenticator fa = new FederationAuthenticator();
- fa.setConfigFile(currentDir + File.separator + "target" + File.separator
- + "test-classes" + File.separator + "fediz_config.xml");
- cxt.getPipeline().addValve(fa);
- }
-
- server.start();
-
- return server;
- }
-
- @AfterClass
- public static void cleanup() throws Exception {
- try {
- loginToClientsPageAndDeleteClient(rpHttpsPort, idpHttpsPort);
- } finally {
- shutdownServer(idpServer);
- shutdownServer(rpServer);
- }
- }
-
- private static void shutdownServer(Tomcat server) {
+ protected static void shutdownServer(Tomcat server) {
try {
if (server != null && server.getServer() != null
&& server.getServer().getState() != LifecycleState.DESTROYED) {
@@ -198,21 +89,15 @@ public class OIDCTest {
}
}
- public String getIdpHttpsPort() {
- return idpHttpsPort;
- }
+ protected abstract String getIdpHttpsPort();
- public String getRpHttpsPort() {
- return rpHttpsPort;
- }
+ protected abstract String getRpHttpsPort();
- public String getServletContextName() {
- return "fedizhelloworld";
- }
+ protected abstract String getServletContextName();
// Runs as BeforeClass: Login to the OIDC Clients page + create two new clients
- private static void loginToClientsPage(String rpPort, String idpPort) throws Exception {
- String url = "https://localhost:" + rpPort + "/fediz-oidc/console/clients";
+ protected static void loginToClientsPage(String rpPort, String idpPort, String servletContext) throws Exception {
+ String url = "https://localhost:" + rpPort + "/" + servletContext + "/console/clients";
String user = "alice";
String password = "ecila";
@@ -286,8 +171,8 @@ public class OIDCTest {
}
// Runs as AfterClass: Login to the OIDC Clients page + delete the created clients!
- private static void loginToClientsPageAndDeleteClient(String rpPort, String idpPort) throws Exception {
- String url = "https://localhost:" + rpPort + "/fediz-oidc/console/clients";
+ protected static void loginToClientsPageAndDeleteClient(String rpPort, String idpPort, String servletContext) throws Exception {
+ String url = "https://localhost:" + rpPort + "/" + servletContext + "/console/clients";
String user = "alice";
String password = "ecila";
@@ -335,7 +220,7 @@ public class OIDCTest {
// Test that we managed to create the clients ok
@org.junit.Test
public void testCreatedClients() throws Exception {
- String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients";
+ String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/console/clients";
String user = "alice";
String password = "ecila";
@@ -377,7 +262,7 @@ public class OIDCTest {
// Test that "bob" can't see the clients created by "alice"
@org.junit.Test
public void testRegisteredClientsAsBob() throws Exception {
- String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients";
+ String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/console/clients";
String user = "bob";
String password = "bob";
@@ -399,7 +284,7 @@ public class OIDCTest {
@org.junit.Test
public void testOIDCLoginForClient1() throws Exception {
- String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
+ String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/idp/authorize?";
url += "client_id=" + storedClientId;
url += "&response_type=code";
url += "&scope=openid";
@@ -413,7 +298,7 @@ public class OIDCTest {
// Now use the code to get an IdToken
- url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/oauth2/token";
+ url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/oauth2/token";
WebRequest request = new WebRequest(new URL(url), HttpMethod.POST);
request.setRequestParameters(new ArrayList<NameValuePair>());
@@ -436,7 +321,7 @@ public class OIDCTest {
@org.junit.Test
public void testOIDCLoginForClient2() throws Exception {
- String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
+ String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/idp/authorize?";
url += "client_id=" + storedClient2Id;
url += "&response_type=code";
url += "&scope=openid";
@@ -450,7 +335,7 @@ public class OIDCTest {
// Now use the code to get an IdToken
- url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/oauth2/token";
+ url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/oauth2/token";
WebRequest request = new WebRequest(new URL(url), HttpMethod.POST);
request.setRequestParameters(new ArrayList<NameValuePair>());
@@ -473,7 +358,7 @@ public class OIDCTest {
@org.junit.Test
public void testUsingCodeForOtherClient() throws Exception {
// Get the code for the first client
- String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
+ String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/idp/authorize?";
url += "client_id=" + storedClientId;
url += "&response_type=code";
url += "&scope=openid";
@@ -486,7 +371,7 @@ public class OIDCTest {
Assert.assertNotNull(authorizationCode);
// Now try and get a token for the second client
- url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/oauth2/token";
+ url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/oauth2/token";
WebRequest request = new WebRequest(new URL(url), HttpMethod.POST);
request.setRequestParameters(new ArrayList<NameValuePair>());
@@ -506,7 +391,7 @@ public class OIDCTest {
@org.junit.Test
public void testBadClientId() throws Exception {
- String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
+ String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/idp/authorize?";
url += "client_id=" + storedClientId + 2;
url += "&response_type=code";
url += "&scope=openid";
@@ -525,7 +410,7 @@ public class OIDCTest {
@org.junit.Test
public void testEmptyClientId() throws Exception {
- String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
+ String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/idp/authorize?";
url += "client_id=";
url += "&response_type=code";
url += "&scope=openid";
@@ -544,7 +429,7 @@ public class OIDCTest {
@org.junit.Test
public void testIncorrectRedirectURI() throws Exception {
- String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
+ String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/idp/authorize?";
url += "client_id=" + storedClientId;
url += "&response_type=code";
url += "&scope=openid";
@@ -563,7 +448,7 @@ public class OIDCTest {
@org.junit.Test
public void testCreateClientWithInvalidRegistrationURI() throws Exception {
- String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients";
+ String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/console/clients";
String user = "alice";
String password = "ecila";
@@ -587,7 +472,7 @@ public class OIDCTest {
@org.junit.Test
public void testCreateClientWithRegistrationURIFragment() throws Exception {
- String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients";
+ String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/console/clients";
String user = "alice";
String password = "ecila";
@@ -611,7 +496,7 @@ public class OIDCTest {
@org.junit.Test
public void testCreateClientWithInvalidAudienceURI() throws Exception {
- String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients";
+ String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/console/clients";
String user = "alice";
String password = "ecila";
@@ -635,7 +520,7 @@ public class OIDCTest {
@org.junit.Test
public void testCreateClientWithInvalidLogoutURI() throws Exception {
- String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients";
+ String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/console/clients";
String user = "alice";
String password = "ecila";
@@ -659,7 +544,7 @@ public class OIDCTest {
@org.junit.Test
public void testCreateClientWithAudienceURIFragment() throws Exception {
- String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients";
+ String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/console/clients";
String user = "alice";
String password = "ecila";
@@ -683,7 +568,7 @@ public class OIDCTest {
@org.junit.Test
public void testClientCredentialsSTS() throws Exception {
- String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/oauth2/token";
+ String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/oauth2/token";
WebRequest request = new WebRequest(new URL(url), HttpMethod.POST);
request.setRequestParameters(new ArrayList<NameValuePair>());
@@ -704,7 +589,7 @@ public class OIDCTest {
@org.junit.Test
public void testCreateClientWithSupportedTLD() throws Exception {
- String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients";
+ String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/console/clients";
String user = "alice";
String password = "ecila";
@@ -744,7 +629,7 @@ public class OIDCTest {
@org.junit.Test
public void testLogout() throws Exception {
// 1. Log in
- String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
+ String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/idp/authorize?";
url += "client_id=" + storedClientId;
url += "&response_type=code";
url += "&scope=openid";
@@ -772,7 +657,7 @@ public class OIDCTest {
Assert.assertNotNull(authorizationCode);
// 3. Log out
- String logoutUrl = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/logout?";
+ String logoutUrl = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/idp/logout?";
logoutUrl += "client_id=" + storedClientId;
webClient.getOptions().setJavaScriptEnabled(false);
@@ -797,7 +682,7 @@ public class OIDCTest {
@org.junit.Test
public void testLogoutViaTokenHint() throws Exception {
// 1. Log in
- String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
+ String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/idp/authorize?";
url += "client_id=" + storedClientId;
url += "&response_type=code";
url += "&scope=openid";
@@ -816,7 +701,7 @@ public class OIDCTest {
String authorizationHeader = "Basic "
+ Base64.getEncoder().encodeToString(data.getBytes(StandardCharsets.UTF_8));
webClient2.addRequestHeader("Authorization", authorizationHeader);
- String tokenUrl = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/oauth2/token";
+ String tokenUrl = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/oauth2/token";
WebRequest request = new WebRequest(new URL(tokenUrl), HttpMethod.POST);
request.setRequestParameters(new ArrayList<NameValuePair>());
@@ -836,7 +721,7 @@ public class OIDCTest {
webClient2.close();
// 2. Log out using the token hint
- String logoutUrl = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/logout?";
+ String logoutUrl = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/idp/logout?";
logoutUrl += "id_token_hint=" + idToken;
webClient.getOptions().setJavaScriptEnabled(false);
@@ -861,7 +746,7 @@ public class OIDCTest {
// Test that the form has the correct CSRF token in it when creating a client
@org.junit.Test
public void testCSRFClientRegistration() throws Exception {
- String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients";
+ String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/console/clients";
String user = "alice";
String password = "ecila";
@@ -893,7 +778,7 @@ public class OIDCTest {
@org.junit.Test
public void testOIDCLoginForClient1WithRoles() throws Exception {
- String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
+ String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/idp/authorize?";
url += "client_id=" + storedClientId;
url += "&response_type=code";
url += "&scope=openid";
@@ -908,7 +793,7 @@ public class OIDCTest {
// Now use the code to get an IdToken
- url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/oauth2/token";
+ url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/oauth2/token";
WebRequest request = new WebRequest(new URL(url), HttpMethod.POST);
request.setRequestParameters(new ArrayList<NameValuePair>());
@@ -931,7 +816,7 @@ public class OIDCTest {
@org.junit.Test
public void testOIDCLoginForClient1WithRolesScope() throws Exception {
- String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
+ String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/idp/authorize?";
url += "client_id=" + storedClientId;
url += "&response_type=code";
url += "&scope=openid%20roles";
@@ -945,7 +830,7 @@ public class OIDCTest {
// Now use the code to get an IdToken
- url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/oauth2/token";
+ url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/oauth2/token";
WebRequest request = new WebRequest(new URL(url), HttpMethod.POST);
request.setRequestParameters(new ArrayList<NameValuePair>());
diff --git a/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTomcatTest.java b/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTomcatTest.java
new file mode 100644
index 0000000..062d5d2
--- /dev/null
+++ b/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTomcatTest.java
@@ -0,0 +1,157 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.systests.oidc;
+
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.LifecycleException;
+import org.apache.catalina.connector.Connector;
+import org.apache.catalina.startup.Tomcat;
+import org.apache.commons.io.IOUtils;
+import org.apache.cxf.fediz.tomcat8.FederationAuthenticator;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+
+/**
+ * Some OIDC tests where the OIDC is deployed and secured by the Fediz Tomcat plugin.
+ */
+public class OIDCTomcatTest extends AbstractOIDCTest {
+
+ static String idpHttpsPort;
+ static String rpHttpsPort;
+
+ private static Tomcat idpServer;
+ private static Tomcat rpServer;
+
+ @BeforeClass
+ public static void init() throws Exception {
+ idpHttpsPort = System.getProperty("idp.https.port");
+ Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
+ rpHttpsPort = System.getProperty("rp.https.port");
+ Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
+
+ idpServer = startServer(true, idpHttpsPort);
+ rpServer = startServer(false, rpHttpsPort);
+
+ loginToClientsPage(rpHttpsPort, idpHttpsPort, "fediz-oidc-tomcat");
+ }
+
+ private static Tomcat startServer(boolean idp, String port)
+ throws ServletException, LifecycleException, IOException {
+ Tomcat server = new Tomcat();
+ server.setPort(0);
+ String currentDir = new File(".").getCanonicalPath();
+ String baseDir = currentDir + File.separator + "target";
+ server.setBaseDir(baseDir);
+
+ if (idp) {
+ server.getHost().setAppBase("tomcat/idp/webapps");
+ } else {
+ server.getHost().setAppBase("tomcat/rp/webapps");
+ }
+ server.getHost().setAutoDeploy(true);
+ server.getHost().setDeployOnStartup(true);
+
+ Connector httpsConnector = new Connector();
+ httpsConnector.setPort(Integer.parseInt(port));
+ httpsConnector.setSecure(true);
+ httpsConnector.setScheme("https");
+ httpsConnector.setAttribute("keyAlias", "mytomidpkey");
+ httpsConnector.setAttribute("keystorePass", "tompass");
+ httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
+ httpsConnector.setAttribute("truststorePass", "tompass");
+ httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
+ httpsConnector.setAttribute("clientAuth", "want");
+ // httpsConnector.setAttribute("clientAuth", "false");
+ httpsConnector.setAttribute("sslProtocol", "TLS");
+ httpsConnector.setAttribute("SSLEnabled", true);
+
+ server.getService().addConnector(httpsConnector);
+
+ if (idp) {
+ File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
+ server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
+
+ File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
+ server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
+ } else {
+ File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-oidc-tomcat");
+ Context cxt = server.addWebapp("/fediz-oidc-tomcat", rpWebapp.getAbsolutePath());
+
+ // Substitute the IDP port. Necessary if running the test in eclipse where port filtering doesn't seem
+ // to work
+ File f = new File(currentDir + "/src/test/resources/fediz_config_tomcat.xml");
+ FileInputStream inputStream = new FileInputStream(f);
+ String content = IOUtils.toString(inputStream, "UTF-8");
+ inputStream.close();
+ if (content.contains("idp.https.port")) {
+ content = content.replaceAll("\\$\\{idp.https.port\\}", "" + idpHttpsPort);
+
+ File f2 = new File(baseDir + "/test-classes/fediz_config_tomcat.xml");
+ try (FileOutputStream outputStream = new FileOutputStream(f2)) {
+ IOUtils.write(content, outputStream, "UTF-8");
+ }
+ }
+
+ FederationAuthenticator fa = new FederationAuthenticator();
+ fa.setConfigFile(currentDir + File.separator + "target" + File.separator
+ + "test-classes" + File.separator + "fediz_config_tomcat.xml");
+ cxt.getPipeline().addValve(fa);
+ }
+
+ server.start();
+
+ return server;
+ }
+
+ @AfterClass
+ public static void cleanup() throws Exception {
+ try {
+ loginToClientsPageAndDeleteClient(rpHttpsPort, idpHttpsPort, "fediz-oidc-tomcat");
+ } finally {
+ shutdownServer(idpServer);
+ shutdownServer(rpServer);
+ }
+ }
+
+ @Override
+ protected String getIdpHttpsPort() {
+ return idpHttpsPort;
+ }
+
+ @Override
+ protected String getRpHttpsPort() {
+ return rpHttpsPort;
+ }
+
+ @Override
+ protected String getServletContextName() {
+ return "fediz-oidc-tomcat";
+ }
+
+}
diff --git a/systests/oidc/src/test/resources/fediz_config.xml b/systests/oidc/src/test/resources/fediz_config_tomcat.xml
similarity index 98%
rename from systests/oidc/src/test/resources/fediz_config.xml
rename to systests/oidc/src/test/resources/fediz_config_tomcat.xml
index 55c4def..4f7a22e 100644
--- a/systests/oidc/src/test/resources/fediz_config.xml
+++ b/systests/oidc/src/test/resources/fediz_config_tomcat.xml
@@ -23,7 +23,7 @@
In Fediz 1.0, one keystore was used for SSL and the STS public certificate.
-->
<FedizConfig>
- <contextConfig name="/fediz-oidc">
+ <contextConfig name="/fediz-oidc-tomcat">
<audienceUris>
<audienceItem>urn:org:apache:cxf:fediz:oidc</audienceItem>
</audienceUris>
diff --git a/systests/oidc/src/test/resources/realma/entities-realma.xml b/systests/oidc/src/test/resources/realma/entities-realma.xml
index a879dfb..79a29f8 100644
--- a/systests/oidc/src/test/resources/realma/entities-realma.xml
+++ b/systests/oidc/src/test/resources/realma/entities-realma.xml
@@ -119,7 +119,7 @@
<property name="role" value="ApplicationServiceType" />
<property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
<property name="lifeTime" value="3600" />
- <property name="passiveRequestorEndpointConstraint" value="https://localhost:?(\d)*/fediz-oidc/.*" />
+ <property name="passiveRequestorEndpointConstraint" value="https://localhost:?(\d)*/fediz-oidc.*/.*" />
</bean>
<bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
--
To stop receiving notification emails like this one, please contact
coheigea@apache.org.