You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/11/28 16:50:35 UTC
[1/5] cxf-fediz git commit: Fixing token expiration logic
Repository: cxf-fediz
Updated Branches:
refs/heads/master abc084f03 -> 019cba632
Fixing token expiration logic
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/6112d1a0
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/6112d1a0
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/6112d1a0
Branch: refs/heads/master
Commit: 6112d1a0f882acb9f94ab619df9928750b158287
Parents: abc084f
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Nov 28 14:58:26 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Nov 28 14:58:26 2016 +0000
----------------------------------------------------------------------
.../idp/beans/IdpTokenExpiredAction.java | 20 +++++++++-----------
.../service/idp/beans/wsfed/WfreshParser.java | 9 ++++++---
2 files changed, 15 insertions(+), 14 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6112d1a0/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/IdpTokenExpiredAction.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/IdpTokenExpiredAction.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/IdpTokenExpiredAction.java
index 2ea9a7d..cbe4ee8 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/IdpTokenExpiredAction.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/IdpTokenExpiredAction.java
@@ -38,17 +38,15 @@ public class IdpTokenExpiredAction {
public boolean isTokenExpired(String homeRealm, RequestContext context)
throws Exception {
- if (tokenExpirationValidation) {
- SecurityToken idpToken =
- (SecurityToken) WebUtils.getAttributeFromExternalContext(context, homeRealm);
- if (idpToken == null) {
- return true;
- }
-
- if (idpToken.isExpired()) {
- LOG.info("[IDP_TOKEN=" + idpToken.getId() + "] is expired.");
- return true;
- }
+ SecurityToken idpToken =
+ (SecurityToken) WebUtils.getAttributeFromExternalContext(context, homeRealm);
+ if (idpToken == null) {
+ return true;
+ }
+
+ if (tokenExpirationValidation && idpToken.isExpired()) {
+ LOG.info("[IDP_TOKEN=" + idpToken.getId() + "] is expired.");
+ return true;
}
return false;
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6112d1a0/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/wsfed/WfreshParser.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/wsfed/WfreshParser.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/wsfed/WfreshParser.java
index 1a11873..148d24b 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/wsfed/WfreshParser.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/wsfed/WfreshParser.java
@@ -38,6 +38,12 @@ public class WfreshParser {
public boolean authenticationRequired(String wfresh, String whr, RequestContext context)
throws Exception {
+ SecurityToken idpToken =
+ (SecurityToken) WebUtils.getAttributeFromExternalContext(context, whr);
+ if (idpToken == null) {
+ return true;
+ }
+
if (wfresh == null || wfresh.trim().isEmpty()) {
return false;
}
@@ -55,9 +61,6 @@ public class WfreshParser {
long ttlMs = ttl * 60L * 1000L;
if (ttlMs > 0) {
-
- SecurityToken idpToken =
- (SecurityToken) WebUtils.getAttributeFromExternalContext(context, whr);
Date createdDate = idpToken.getCreated();
if (createdDate != null) {
Date expiryDate = new Date();
[5/5] cxf-fediz git commit: Use HttpOnly for cookie-config
Posted by co...@apache.org.
Use HttpOnly for cookie-config
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/019cba63
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/019cba63
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/019cba63
Branch: refs/heads/master
Commit: 019cba6327685a529ab32ae5e54947e983224e15
Parents: ba70a56
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Nov 28 16:36:51 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Nov 28 16:36:51 2016 +0000
----------------------------------------------------------------------
services/idp/src/main/webapp/WEB-INF/web.xml | 3 +++
services/oidc/src/main/webapp/WEB-INF/web.xml | 3 +++
2 files changed, 6 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/019cba63/services/idp/src/main/webapp/WEB-INF/web.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/web.xml b/services/idp/src/main/webapp/WEB-INF/web.xml
index 4129e72..807fa23 100644
--- a/services/idp/src/main/webapp/WEB-INF/web.xml
+++ b/services/idp/src/main/webapp/WEB-INF/web.xml
@@ -26,6 +26,9 @@ under the License.
<display-name>Fediz IDP</display-name>
<session-config>
+ <cookie-config>
+ <http-only>true</http-only>
+ </cookie-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/019cba63/services/oidc/src/main/webapp/WEB-INF/web.xml
----------------------------------------------------------------------
diff --git a/services/oidc/src/main/webapp/WEB-INF/web.xml b/services/oidc/src/main/webapp/WEB-INF/web.xml
index ebc17f0..a41a03b 100644
--- a/services/oidc/src/main/webapp/WEB-INF/web.xml
+++ b/services/oidc/src/main/webapp/WEB-INF/web.xml
@@ -25,6 +25,9 @@
<display-name>WS Federation Spring Example</display-name>
<session-config>
+ <cookie-config>
+ <http-only>true</http-only>
+ </cookie-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
[4/5] cxf-fediz git commit: Close WebClient
Posted by co...@apache.org.
Close WebClient
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/ba70a56e
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/ba70a56e
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/ba70a56e
Branch: refs/heads/master
Commit: ba70a56eb16decfdeb8b83b5054d2676e14b9fd0
Parents: 988c77d
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Nov 28 16:36:45 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Nov 28 16:36:45 2016 +0000
----------------------------------------------------------------------
.../integrationtests/AbstractClientCertTests.java | 6 +++---
.../cxf/fediz/integrationtests/AbstractTests.java | 18 +++++++++---------
.../cxf/fediz/integrationtests/HTTPTestUtils.java | 10 +++++-----
3 files changed, 17 insertions(+), 17 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ba70a56e/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractClientCertTests.java
----------------------------------------------------------------------
diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractClientCertTests.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractClientCertTests.java
index e8edc88..f0431b8 100644
--- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractClientCertTests.java
+++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractClientCertTests.java
@@ -109,7 +109,7 @@ public abstract class AbstractClientCertTests {
Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
bodyTextContent.contains(claim + "=alice@realma.org"));
- // webClient.close();
+ webClient.close();
}
@org.junit.Test
@@ -148,7 +148,7 @@ public abstract class AbstractClientCertTests {
Assert.assertTrue(wctx != null && wtrealm != null);
Assert.assertTrue(wresult != null
&& wresult.contains("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"));
- // webClient.close();
+ webClient.close();
// Now invoke on the RP using the saved parameters above, but a different client cert!
final WebClient webClient2 = new WebClient();
@@ -175,7 +175,7 @@ public abstract class AbstractClientCertTests {
|| ex.getMessage().contains("403 Forbidden"));
}
- // webClient2.close();
+ webClient2.close();
}
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ba70a56e/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
----------------------------------------------------------------------
diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
index 547115e..28e3c66 100644
--- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
+++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
@@ -354,7 +354,7 @@ public abstract class AbstractTests {
Assert.assertTrue(signature.checkSignatureValue(ki.getX509Certificate()));
- // webClient.close();
+ webClient.close();
}
@Test
@@ -399,7 +399,7 @@ public abstract class AbstractTests {
Assert.assertEquals(401, idpPage.getWebResponse().getStatusCode());
- // webClient.close();
+ webClient.close();
}
@Test
@@ -444,7 +444,7 @@ public abstract class AbstractTests {
Assert.assertEquals(401, idpPage.getWebResponse().getStatusCode());
- // webClient.close();
+ webClient.close();
}
@Test
@@ -489,7 +489,7 @@ public abstract class AbstractTests {
Assert.assertEquals(401, idpPage.getWebResponse().getStatusCode());
- // webClient.close();
+ webClient.close();
}
@Test
@@ -540,7 +540,7 @@ public abstract class AbstractTests {
|| ex.getMessage().contains("403 Forbidden"));
}
- // webClient.close();
+ webClient.close();
}
@Test
@@ -587,7 +587,7 @@ public abstract class AbstractTests {
Assert.assertTrue("Unexpected content of RP page", bodyTextContent2.contains("Secure Test"));
- // webClient.close();
+ webClient.close();
}
@org.junit.Test
@@ -617,7 +617,7 @@ public abstract class AbstractTests {
idpUrl += "?wa=wsignin1.0&wreply=" + URLEncoder.encode(maliciousURL, "UTF-8");
idpUrl += "&wtrealm=urn%3Aorg%3Aapache%3Acxf%3Afediz%3Afedizhelloworld";
idpUrl += "&whr=urn%3Aorg%3Aapache%3Acxf%3Afediz%3Aidp%3Arealm-A";
- // webClient.close();
+ webClient.close();
final WebClient webClient2 = new WebClient();
webClient2.setCookieManager(cookieManager);
@@ -633,7 +633,7 @@ public abstract class AbstractTests {
} catch (FailingHttpStatusCodeException ex) {
Assert.assertEquals(ex.getStatusCode(), 400);
}
- // webClient2.close();
+ webClient2.close();
}
@Test
@@ -688,7 +688,7 @@ public abstract class AbstractTests {
|| ex.getMessage().contains("403 Forbidden"));
}
- // webClient.close();
+ webClient.close();
}
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/ba70a56e/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/HTTPTestUtils.java
----------------------------------------------------------------------
diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/HTTPTestUtils.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/HTTPTestUtils.java
index 921e97f..f69a088 100644
--- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/HTTPTestUtils.java
+++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/HTTPTestUtils.java
@@ -61,7 +61,7 @@ public final class HTTPTestUtils {
Assert.assertTrue("WS Federation Systests Examples".equals(rpPage.getTitleText())
|| "WS Federation Systests Spring Examples".equals(rpPage.getTitleText()));
- // webClient.close();
+ webClient.close();
return rpPage.getBody().getTextContent();
}
@@ -75,7 +75,7 @@ public final class HTTPTestUtils {
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage rpPage = webClient.getPage(url);
- // webClient.close();
+ webClient.close();
return rpPage.getBody().getTextContent();
}
@@ -100,7 +100,7 @@ public final class HTTPTestUtils {
Assert.assertTrue("WS Federation Systests Examples".equals(rpPage.getTitleText())
|| "WS Federation Systests Spring Examples".equals(rpPage.getTitleText()));
- // webClient.close();
+ webClient.close();
return rpPage.getBody().getTextContent();
}
@@ -126,7 +126,7 @@ public final class HTTPTestUtils {
webClient.getPage(imgSrc);
}
- // webClient.close();
+ webClient.close();
}
public static void logoutCleanup(String url, CookieManager cookieManager) throws IOException {
@@ -149,7 +149,7 @@ public final class HTTPTestUtils {
webClient.getPage(imgSrc);
}
- // webClient.close();
+ webClient.close();
}
}
[3/5] cxf-fediz git commit: Adding more IdP tests
Posted by co...@apache.org.
Adding more IdP tests
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/988c77d1
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/988c77d1
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/988c77d1
Branch: refs/heads/master
Commit: 988c77d15b1ba6621a95d2d0f84e3162ee9bd341
Parents: 771a586
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Nov 28 16:32:16 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Nov 28 16:32:16 2016 +0000
----------------------------------------------------------------------
.../apache/cxf/fediz/systests/idp/IdpTest.java | 185 ++++++++++++++++++-
1 file changed, 184 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/988c77d1/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
----------------------------------------------------------------------
diff --git a/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java b/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
index 04bc875..9455227 100644
--- a/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
+++ b/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
@@ -21,6 +21,7 @@ package org.apache.cxf.fediz.systests.idp;
import java.io.File;
import java.io.IOException;
+import java.io.InputStream;
import java.net.URLEncoder;
import javax.servlet.ServletException;
@@ -29,11 +30,14 @@ import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
+import com.gargoylesoftware.htmlunit.CookieManager;
import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
import com.gargoylesoftware.htmlunit.WebClient;
import com.gargoylesoftware.htmlunit.html.DomElement;
import com.gargoylesoftware.htmlunit.html.DomNodeList;
+import com.gargoylesoftware.htmlunit.html.HtmlForm;
import com.gargoylesoftware.htmlunit.html.HtmlPage;
+import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
import com.gargoylesoftware.htmlunit.xml.XmlPage;
import org.apache.catalina.LifecycleException;
@@ -41,6 +45,7 @@ import org.apache.catalina.LifecycleState;
import org.apache.catalina.connector.Connector;
import org.apache.catalina.startup.Tomcat;
import org.apache.commons.io.IOUtils;
+import org.apache.cxf.fediz.core.FederationConstants;
import org.apache.cxf.fediz.core.util.DOMUtils;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
@@ -371,7 +376,9 @@ public class IdpTest {
String wreply = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
url += "&wreply=" + wreply;
- String entity = IOUtils.toString(this.getClass().getClassLoader().getResource("entity_wreq.xml").openStream());
+ InputStream is = this.getClass().getClassLoader().getResource("entity_wreq.xml").openStream();
+ String entity = IOUtils.toString(is, "UTF-8");
+ is.close();
String validWreq =
"<RequestSecurityToken xmlns=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\">"
+ "<TokenType>&m;http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</TokenType>"
@@ -617,5 +624,181 @@ public class IdpTest {
webClient.close();
}
+
+ @Test
+ public void testIdPLogout() throws Exception {
+
+ // 1. First let's login to the IdP
+ String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?";
+ url += "wa=wsignin1.0";
+ url += "&whr=urn:org:apache:cxf:fediz:idp:realm-A";
+ url += "&wtrealm=urn:org:apache:cxf:fediz:fedizhelloworld";
+ String wreply = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
+ url += "&wreply=" + wreply;
+
+ String user = "alice";
+ String password = "ecila";
+
+ CookieManager cookieManager = new CookieManager();
+
+ WebClient webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getCredentialsProvider().setCredentials(
+ new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
+ new UsernamePasswordCredentials(user, password));
+
+ webClient.getOptions().setJavaScriptEnabled(false);
+ HtmlPage idpPage = webClient.getPage(url);
+ webClient.getOptions().setJavaScriptEnabled(true);
+ Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
+ webClient.close();
+
+ // 2. now we logout from IdP
+ String idpLogoutUrl = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?wa="
+ + FederationConstants.ACTION_SIGNOUT;
+
+ webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ idpPage = webClient.getPage(idpLogoutUrl);
+
+ Assert.assertEquals("IDP SignOut Confirmation Response Page", idpPage.getTitleText());
+
+ HtmlForm form = idpPage.getFormByName("signoutconfirmationresponseform");
+ HtmlSubmitInput button = form.getInputByName("_eventId_submit");
+ button.click();
+
+ webClient.close();
+
+ // 3. now we try to access the idp without authentication but with the existing cookies
+ // to see if we are really logged out
+ webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getOptions().setThrowExceptionOnFailingStatusCode(false);
+ idpPage = webClient.getPage(url);
+
+ Assert.assertEquals(401, idpPage.getWebResponse().getStatusCode());
+
+ webClient.close();
+ }
+
+ @Test
+ public void testIdPLogoutCleanup() throws Exception {
+
+ // 1. First let's login to the IdP
+ String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?";
+ url += "wa=wsignin1.0";
+ url += "&whr=urn:org:apache:cxf:fediz:idp:realm-A";
+ url += "&wtrealm=urn:org:apache:cxf:fediz:fedizhelloworld";
+ String wreply = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
+ url += "&wreply=" + wreply;
+
+ String user = "alice";
+ String password = "ecila";
+
+ CookieManager cookieManager = new CookieManager();
+
+ WebClient webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getCredentialsProvider().setCredentials(
+ new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
+ new UsernamePasswordCredentials(user, password));
+
+ webClient.getOptions().setJavaScriptEnabled(false);
+ HtmlPage idpPage = webClient.getPage(url);
+ webClient.getOptions().setJavaScriptEnabled(true);
+ Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
+ webClient.close();
+
+ // 2. now we logout from IdP
+ String idpLogoutUrl = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?wa="
+ + FederationConstants.ACTION_SIGNOUT_CLEANUP;
+
+ webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ idpPage = webClient.getPage(idpLogoutUrl);
+
+ Assert.assertEquals("IDP SignOut Response Page", idpPage.getTitleText());
+
+ webClient.close();
+
+ // 3. now we try to access the idp without authentication but with the existing cookies
+ // to see if we are really logged out
+ webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getOptions().setThrowExceptionOnFailingStatusCode(false);
+ idpPage = webClient.getPage(url);
+
+ Assert.assertEquals(401, idpPage.getWebResponse().getStatusCode());
+
+ webClient.close();
+ }
+
+ @Test
+ public void testIdPLogoutCleanupWithBadWReply() throws Exception {
+
+ // 1. First let's login to the IdP
+ String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?";
+ url += "wa=wsignin1.0";
+ url += "&whr=urn:org:apache:cxf:fediz:idp:realm-A";
+ url += "&wtrealm=urn:org:apache:cxf:fediz:fedizhelloworld";
+ String wreply = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
+ url += "&wreply=" + wreply;
+
+ String user = "alice";
+ String password = "ecila";
+
+ CookieManager cookieManager = new CookieManager();
+
+ WebClient webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getCredentialsProvider().setCredentials(
+ new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
+ new UsernamePasswordCredentials(user, password));
+
+ webClient.getOptions().setJavaScriptEnabled(false);
+ HtmlPage idpPage = webClient.getPage(url);
+ webClient.getOptions().setJavaScriptEnabled(true);
+ Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
+ webClient.close();
+
+ // 2. now we logout from IdP using a bad wreply
+ String badWReply = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ + "/secure//fedservlet";
+ String idpLogoutUrl = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?wa="
+ + FederationConstants.ACTION_SIGNOUT_CLEANUP;
+ idpLogoutUrl += "&wreply=" + badWReply;
+
+ webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ try {
+ webClient.getPage(idpLogoutUrl);
+ Assert.fail("Failure expected on a bad wreply value");
+ } catch (FailingHttpStatusCodeException ex) {
+ Assert.assertEquals(ex.getStatusCode(), 400);
+ }
+
+ webClient.close();
+
+ // 3. now we try to access the idp without authentication but with the existing cookies
+ // to see if we are really logged out. Even though an error was thrown on a bad wreply, we should still
+ // be logged out
+ webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getOptions().setThrowExceptionOnFailingStatusCode(false);
+ idpPage = webClient.getPage(url);
+
+ Assert.assertEquals(401, idpPage.getWebResponse().getStatusCode());
+
+ webClient.close();
+ }
}
[2/5] cxf-fediz git commit: Fix wreply parsing on logout
Posted by co...@apache.org.
Fix wreply parsing on logout
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/771a586a
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/771a586a
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/771a586a
Branch: refs/heads/master
Commit: 771a586a8d6e882fa1a99d03ad59ac44e4f3f3f5
Parents: 6112d1a
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Nov 28 15:24:27 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Nov 28 15:24:27 2016 +0000
----------------------------------------------------------------------
.../WEB-INF/flows/federation-validate-request.xml | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/771a586a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
index 578be04..8e3f3dd 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
@@ -82,7 +82,7 @@
<action-state id="validateWReplyForSignout">
<evaluate expression="commonsURLValidator.isValid(flowRequestContext, flowScope.wreply)"/>
<transition on="yes" to="selectSignOutProcess" />
- <transition on="no" to="viewBadRequest" />
+ <transition on="no" to="viewBadRequestAndLogout" />
</action-state>
<decision-state id="selectSignOutProcess">
@@ -199,6 +199,16 @@
<!--<set name="requestScope.reason" value="flowRequestContext.currentTransition" />-->
</on-entry>
</end-state>
+
+ <end-state id="viewBadRequestAndLogout" view="genericerror">
+ <on-entry>
+ <evaluate expression="homeRealmReminder.removeCookie(flowRequestContext)" />
+ <evaluate expression="logoutAction.submit(flowRequestContext)" />
+ <evaluate
+ expression="externalContext.nativeResponse.setStatus(400,flowRequestContext.currentTransition.toString())" />
+ <!--<set name="requestScope.reason" value="flowRequestContext.currentTransition" />-->
+ </on-entry>
+ </end-state>
<!-- abnormal exit point : Http 500 Internal Server Error -->
<end-state id="scInternalServerError" view="genericerror">