You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2022/05/09 10:20:05 UTC
[cxf] 02/04: Adding a test for the NPE fix in AbstractSTSClient
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 007c8813f1b74459624fb03ed734e2c56b8b50c1
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Mon May 9 10:15:22 2022 +0100
Adding a test for the NPE fix in AbstractSTSClient
(cherry picked from commit 5d72c8df422e453c414a8c8c839c46ae05c43e4d)
(cherry picked from commit ed938a1b97445d17eb6db2ca8938bc78fd1d911a)
---
.../systest/sts/claims/ClaimsCallbackHandler.java | 30 +++++++++-
.../apache/cxf/systest/sts/claims/ClaimsTest.java | 26 ++++++++
.../systest/sts/claims/cxf-client-cbhandler2.xml | 69 ++++++++++++++++++++++
3 files changed, 123 insertions(+), 2 deletions(-)
diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsCallbackHandler.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsCallbackHandler.java
index 457e2802e3..358405e05b 100644
--- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsCallbackHandler.java
+++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsCallbackHandler.java
@@ -29,6 +29,8 @@ import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.rt.security.claims.Claim;
+import org.apache.cxf.rt.security.claims.ClaimCollection;
import org.apache.cxf.ws.security.trust.claims.ClaimsCallback;
/**
@@ -37,13 +39,18 @@ import org.apache.cxf.ws.security.trust.claims.ClaimsCallback;
*/
public class ClaimsCallbackHandler implements CallbackHandler {
+ private boolean createClaimCollection;
+
public void handle(Callback[] callbacks)
throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof ClaimsCallback) {
ClaimsCallback callback = (ClaimsCallback) callbacks[i];
- callback.setClaims(createClaims());
-
+ if (isCreateClaimCollection()) {
+ callback.setClaims(createClaimCollection());
+ } else {
+ callback.setClaims(createClaims());
+ }
} else {
throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
}
@@ -65,4 +72,23 @@ public class ClaimsCallbackHandler implements CallbackHandler {
return claimsElement;
}
+ /**
+ * Create a Claims Element for a "role"
+ */
+ private ClaimCollection createClaimCollection() {
+ ClaimCollection claimCollection = new ClaimCollection();
+ Claim claim = new Claim();
+ claim.setClaimType("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
+ claimCollection.add(claim);
+
+ return claimCollection;
+ }
+
+ public boolean isCreateClaimCollection() {
+ return createClaimCollection;
+ }
+
+ public void setCreateClaimCollection(boolean createClaimCollection) {
+ this.createClaimCollection = createClaimCollection;
+ }
}
diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java
index d48f4ffd43..454e69ba2f 100644
--- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java
+++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java
@@ -374,6 +374,32 @@ public class ClaimsTest extends AbstractBusClientServerTestBase {
bus.shutdown(true);
}
+ // In this test, the WSDL the client is using has no Claims Element (however the service
+ // is using a WSDL that requires Claims). A CallbackHandler is used to send the Claims
+ // Element to the STS.
+ @org.junit.Test
+ public void testSaml2ClaimsCallbackHandler2() throws Exception {
+ createBus(getClass().getResource("cxf-client-cbhandler2.xml").toString());
+
+ URL wsdl = ClaimsTest.class.getResource("DoubleItNoClaims.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2ClaimsPort");
+ DoubleItPortType transportClaimsPort =
+ service.getPort(portQName, DoubleItPortType.class);
+
+ updateAddressPort(transportClaimsPort, test.getPort());
+
+ SecurityTestUtil.updateSTSPort((BindingProvider)transportClaimsPort, test.getStsPort());
+
+ if (test.isStreaming()) {
+ SecurityTestUtil.enableStreaming(transportClaimsPort);
+ }
+
+ doubleIt(transportClaimsPort, 25);
+
+ ((java.io.Closeable)transportClaimsPort).close();
+ }
+
@org.junit.Test
public void testSaml2ChildClaims() throws Exception {
diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-client-cbhandler2.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-client-cbhandler2.xml
new file mode 100644
index 0000000000..f55f083de3
--- /dev/null
+++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-client-cbhandler2.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:jaxws="http://cxf.apache.org/jaxws"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
+ <bean class="org.springframework.context.support.PropertySourcesPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+ <bean id="roleClaimsCallbackHandler" class="org.apache.cxf.systest.sts.claims.ClaimsCallbackHandler">
+ <property name="createClaimCollection" value="true"/>
+ </bean>
+ <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2ClaimsPort" createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="security.sts.client">
+ <bean class="org.apache.cxf.ws.security.trust.STSClient">
+ <constructor-arg ref="cxf"/>
+ <property name="wsdlLocation" value="https://localhost:${testutil.ports.STSServer}/SecurityTokenService/Transport?wsdl"/>
+ <property name="serviceName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"/>
+ <property name="endpointName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port"/>
+ <property name="claimsCallbackHandler" ref="roleClaimsCallbackHandler"/>
+ <property name="properties">
+ <map>
+ <entry key="security.username" value="alice"/>
+ <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="security.sts.token.username" value="myclientkey"/>
+ <entry key="security.sts.token.properties" value="clientKeystore.properties"/>
+ <entry key="security.sts.token.usecert" value="true"/>
+ </map>
+ </property>
+ </bean>
+ </entry>
+ </jaxws:properties>
+ </jaxws:client>
+ <http:conduit name="https://localhost:.*">
+ <http:tlsClientParameters disableCNCheck="true">
+ <sec:trustManagers>
+ <sec:keyStore type="jks" password="cspass" resource="keys/clientstore.jks"/>
+ </sec:trustManagers>
+ <sec:keyManagers keyPassword="ckpass">
+ <sec:keyStore type="jks" password="cspass" resource="keys/clientstore.jks"/>
+ </sec:keyManagers>
+ </http:tlsClientParameters>
+ </http:conduit>
+</beans>
\ No newline at end of file