You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2014/12/05 15:31:56 UTC
[3/3] cxf git commit: Moving LDAP tests to new integration module +
re-enabling
Moving LDAP tests to new integration module + re-enabling
Conflicts:
systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java
systests/kerberos/src/test/resources/ldap.xml
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e305d26d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e305d26d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e305d26d
Branch: refs/heads/3.0.x-fixes
Commit: e305d26dda9eb9a63771c53b97bde8b67f5354d8
Parents: 709ad76
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Dec 5 14:10:15 2014 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Dec 5 14:29:58 2014 +0000
----------------------------------------------------------------------
.../org/apache/cxf/sts/ldap/LDAPClaimsTest.java | 278 ---------------
.../sts-core/src/test/resources/ldap.properties | 20 --
.../sts/sts-core/src/test/resources/ldap.xml | 42 ---
systests/kerberos/pom.xml | 13 +
.../systest/kerberos/ldap/LDAPClaimsTest.java | 349 +++++++++++++++++++
systests/kerberos/src/test/resources/ldap.ldif | 73 ++++
.../kerberos/src/test/resources/ldap.properties | 20 ++
systests/kerberos/src/test/resources/ldap.xml | 58 +++
8 files changed, 513 insertions(+), 340 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/e305d26d/services/sts/sts-core/src/test/java/org/apache/cxf/sts/ldap/LDAPClaimsTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/ldap/LDAPClaimsTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/ldap/LDAPClaimsTest.java
deleted file mode 100644
index 6751131..0000000
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/ldap/LDAPClaimsTest.java
+++ /dev/null
@@ -1,278 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.sts.ldap;
-
-import java.io.InputStream;
-import java.net.URI;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-
-import javax.naming.NamingEnumeration;
-import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.SearchControls;
-
-import org.apache.cxf.helpers.CastUtils;
-import org.apache.cxf.rt.security.claims.Claim;
-import org.apache.cxf.rt.security.claims.ClaimCollection;
-import org.apache.cxf.sts.claims.ClaimTypes;
-import org.apache.cxf.sts.claims.ClaimsParameters;
-import org.apache.cxf.sts.claims.LdapClaimsHandler;
-import org.apache.cxf.sts.claims.ProcessedClaim;
-import org.apache.cxf.sts.claims.ProcessedClaimCollection;
-import org.apache.cxf.ws.security.sts.provider.STSException;
-import org.apache.wss4j.common.principal.CustomTokenPrincipal;
-import org.junit.BeforeClass;
-import org.springframework.context.support.ClassPathXmlApplicationContext;
-import org.springframework.ldap.core.AttributesMapper;
-import org.springframework.ldap.core.LdapTemplate;
-import org.springframework.ldap.filter.AndFilter;
-import org.springframework.ldap.filter.EqualsFilter;
-import org.springframework.util.Assert;
-
-public class LDAPClaimsTest {
-
- private static ClassPathXmlApplicationContext appContext;
- private static Properties props;
-
- @BeforeClass
- public static void setUpLdap() throws Exception {
- appContext = new ClassPathXmlApplicationContext("ldap.xml");
- props = new Properties();
-
- InputStream is = null;
- try {
- is = LDAPClaimsTest.class.getResourceAsStream("/ldap.properties");
- props.load(is);
- } catch (Exception e) {
- e.printStackTrace();
- } finally {
- if (is != null) {
- is.close();
- }
- }
- }
-
-
- @org.junit.Test
- @org.junit.Ignore
- public void testRetrieveClaims() throws Exception {
- LdapClaimsHandler claimsHandler = (LdapClaimsHandler)appContext.getBean("testClaimsHandler");
-
- String user = props.getProperty("claimUser");
- Assert.notNull(user, "Property 'claimUser' not configured");
-
- ClaimCollection requestedClaims = createRequestClaimCollection();
-
- List<URI> expectedClaims = new ArrayList<URI>();
- expectedClaims.add(ClaimTypes.FIRSTNAME);
- expectedClaims.add(ClaimTypes.LASTNAME);
- expectedClaims.add(ClaimTypes.EMAILADDRESS);
-
- ClaimsParameters params = new ClaimsParameters();
- params.setPrincipal(new CustomTokenPrincipal(user));
- ProcessedClaimCollection retrievedClaims =
- claimsHandler.retrieveClaimValues(requestedClaims, params);
-
- Assert.isTrue(
- retrievedClaims.size() == expectedClaims.size(),
- "Retrieved number of claims [" + retrievedClaims.size()
- + "] doesn't match with expected [" + expectedClaims.size() + "]"
- );
-
- for (ProcessedClaim c : retrievedClaims) {
- if (expectedClaims.contains(c.getClaimType())) {
- expectedClaims.remove(c.getClaimType());
- } else {
- Assert.isTrue(false, "Claim '" + c.getClaimType() + "' not requested");
- }
- }
-
- }
-
-
- @org.junit.Test(expected = STSException.class)
- @org.junit.Ignore
- public void testRetrieveClaimsWithUnsupportedMandatoryClaimType() throws Exception {
- LdapClaimsHandler claimsHandler = (LdapClaimsHandler)appContext.getBean("testClaimsHandler");
-
- String user = props.getProperty("claimUser");
- Assert.notNull(user, "Property 'claimUser' not configured");
-
- ClaimCollection requestedClaims = createRequestClaimCollection();
- // add unsupported but mandatory claim
- Claim claim = new Claim();
- claim.setClaimType(ClaimTypes.GENDER);
- claim.setOptional(false);
- requestedClaims.add(claim);
-
- ClaimsParameters params = new ClaimsParameters();
- params.setPrincipal(new CustomTokenPrincipal(user));
- claimsHandler.retrieveClaimValues(requestedClaims, params);
- }
-
- @org.junit.Test
- @org.junit.Ignore
- public void testRetrieveClaimsWithUnsupportedOptionalClaimType() throws Exception {
- LdapClaimsHandler claimsHandler = (LdapClaimsHandler)appContext.getBean("testClaimsHandler");
-
- String user = props.getProperty("claimUser");
- Assert.notNull(user, "Property 'claimUser' not configured");
-
- ClaimCollection requestedClaims = createRequestClaimCollection();
- // add unsupported but optional unsupported claim
- Claim claim = new Claim();
- claim.setClaimType(ClaimTypes.GENDER);
- claim.setOptional(true);
- requestedClaims.add(claim);
-
- // Gender is not expected to be returned because not supported
- List<URI> expectedClaims = new ArrayList<URI>();
- expectedClaims.add(ClaimTypes.FIRSTNAME);
- expectedClaims.add(ClaimTypes.LASTNAME);
- expectedClaims.add(ClaimTypes.EMAILADDRESS);
-
- ClaimsParameters params = new ClaimsParameters();
- params.setPrincipal(new CustomTokenPrincipal(user));
- ProcessedClaimCollection retrievedClaims =
- claimsHandler.retrieveClaimValues(requestedClaims, params);
-
- Assert.isTrue(
- retrievedClaims.size() == expectedClaims.size(),
- "Retrieved number of claims [" + retrievedClaims.size()
- + "] doesn't match with expected [" + expectedClaims.size() + "]"
- );
-
- for (ProcessedClaim c : retrievedClaims) {
- if (expectedClaims.contains(c.getClaimType())) {
- expectedClaims.remove(c.getClaimType());
- } else {
- Assert.isTrue(false, "Claim '" + c.getClaimType() + "' not requested");
- }
- }
- }
-
- private ClaimCollection createRequestClaimCollection() {
- ClaimCollection claims = new ClaimCollection();
- Claim claim = new Claim();
- claim.setClaimType(ClaimTypes.FIRSTNAME);
- claim.setOptional(true);
- claims.add(claim);
- claim = new Claim();
- claim.setClaimType(ClaimTypes.LASTNAME);
- claim.setOptional(true);
- claims.add(claim);
- claim = new Claim();
- claim.setClaimType(ClaimTypes.EMAILADDRESS);
- claim.setOptional(true);
- claims.add(claim);
- return claims;
- }
-
- @org.junit.Test
- public void testSupportedClaims() throws Exception {
-
- Map<String, String> mapping
- = CastUtils.cast((Map<?, ?>)appContext.getBean("claimsToLdapAttributeMapping"));
-
- LdapClaimsHandler cHandler = new LdapClaimsHandler();
- cHandler.setClaimsLdapAttributeMapping(mapping);
-
- List<URI> supportedClaims = cHandler.getSupportedClaimTypes();
-
- Assert.isTrue(
- mapping.size() == supportedClaims.size(),
- "Supported claims and claims/ldap attribute mapping size different"
- );
-
- for (String claim : mapping.keySet()) {
- Assert.isTrue(
- supportedClaims.contains(new URI(claim)),
- "Claim '" + claim + "' not listed in supported list"
- );
- }
- }
-
-
- @org.junit.Test
- @org.junit.Ignore
- public void testLdapTemplate() throws Exception {
-
- try {
- LdapTemplate ldap = (LdapTemplate)appContext.getBean("ldapTemplate");
-
- String user = props.getProperty("claimUser");
- Assert.notNull(user, "Property 'claimUser' not configured");
-
- String dn = null;
-
- AndFilter filter = new AndFilter();
- filter.and(new EqualsFilter("objectclass", "person")).and(new EqualsFilter("cn", user));
-
- //find DN of user
- AttributesMapper mapper =
- new AttributesMapper() {
- public Object mapFromAttributes(Attributes attrs) throws NamingException {
- return attrs.get("distinguishedName").get();
- }
- };
- @SuppressWarnings("rawtypes")
- List users =
- ldap.search(
- "OU=users,DC=emea,DC=mycompany,DC=com",
- filter.toString(),
- SearchControls.SUBTREE_SCOPE,
- mapper
- );
-
- Assert.isTrue(users.size() == 1, "Only one user expected");
- dn = (String)users.get(0);
-
- // get attributes
- AttributesMapper mapper2 =
- new AttributesMapper() {
- public Object mapFromAttributes(Attributes attrs) throws NamingException {
- Map<String, String> map = new HashMap<String, String>();
- NamingEnumeration<? extends Attribute> attrEnum = attrs.getAll();
- while (attrEnum.hasMore()) {
- Attribute att = attrEnum.next();
- System.out.println(att.toString());
- }
-
- map.put("cn", (String)attrs.get("cn").get());
- map.put("mail", (String)attrs.get("mail").get());
- map.put("sn", (String)attrs.get("sn").get());
- map.put("givenName", (String)attrs.get("givenName").get());
- return map;
- }
- };
- ldap.lookup(dn, new String[] {"cn", "mail", "sn", "givenName", "c"}, mapper2);
- } catch (Exception e) {
- e.printStackTrace();
- }
-
-
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e305d26d/services/sts/sts-core/src/test/resources/ldap.properties
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/resources/ldap.properties b/services/sts/sts-core/src/test/resources/ldap.properties
deleted file mode 100644
index 8654096..0000000
--- a/services/sts/sts-core/src/test/resources/ldap.properties
+++ /dev/null
@@ -1,20 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
-claimUser=alice
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf/blob/e305d26d/services/sts/sts-core/src/test/resources/ldap.xml
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/resources/ldap.xml b/services/sts/sts-core/src/test/resources/ldap.xml
deleted file mode 100644
index 601ece2..0000000
--- a/services/sts/sts-core/src/test/resources/ldap.xml
+++ /dev/null
@@ -1,42 +0,0 @@
-<?xml version="1.0"?>
-<!--
-
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
-
--->
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation=" http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
- <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
- <property name="url" value="ldap://mycompany.com:389"/>
- <property name="userDn" value="CN=test,OU=svcUID,OU=users,DC=emea,DC=mycompany,DC=com"/>
- <property name="password" value="changeit"/>
- </bean>
- <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
- <constructor-arg ref="contextSource"/>
- </bean>
- <util:map id="claimsToLdapAttributeMapping">
- <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" value="givenName"/>
- <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" value="sn"/>
- <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" value="mail"/>
- <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country" value="c"/>
- </util:map>
- <bean id="testClaimsHandler" class="org.apache.cxf.sts.claims.LdapClaimsHandler">
- <property name="ldapTemplate" ref="ldapTemplate"/>
- <property name="claimsLdapAttributeMapping" ref="claimsToLdapAttributeMapping"/>
- <property name="userBaseDN" value="OU=users,DC=emea,DC=mycompany,DC=com"/>
- </bean>
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/e305d26d/systests/kerberos/pom.xml
----------------------------------------------------------------------
diff --git a/systests/kerberos/pom.xml b/systests/kerberos/pom.xml
index 4fa8b90..1bdbe4a 100644
--- a/systests/kerberos/pom.xml
+++ b/systests/kerberos/pom.xml
@@ -281,6 +281,19 @@
<version>2.4</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.springframework.ldap</groupId>
+ <artifactId>spring-ldap-core</artifactId>
+ <version>${cxf.spring.ldap.version}</version>
+ <scope>test</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+
</dependencies>
<profiles>
<profile>
http://git-wip-us.apache.org/repos/asf/cxf/blob/e305d26d/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java
new file mode 100644
index 0000000..0d4f6de
--- /dev/null
+++ b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java
@@ -0,0 +1,349 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.kerberos.ldap;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.InputStream;
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.cxf.helpers.CastUtils;
+import org.apache.cxf.rt.security.claims.Claim;
+import org.apache.cxf.rt.security.claims.ClaimCollection;
+import org.apache.cxf.sts.claims.ClaimTypes;
+import org.apache.cxf.sts.claims.ClaimsParameters;
+import org.apache.cxf.sts.claims.LdapClaimsHandler;
+import org.apache.cxf.sts.claims.ProcessedClaim;
+import org.apache.cxf.sts.claims.ProcessedClaimCollection;
+import org.apache.cxf.ws.security.sts.provider.STSException;
+import org.apache.directory.server.annotations.CreateLdapServer;
+import org.apache.directory.server.annotations.CreateTransport;
+import org.apache.directory.server.core.annotations.ApplyLdifFiles;
+import org.apache.directory.server.core.annotations.CreateDS;
+import org.apache.directory.server.core.annotations.CreateIndex;
+import org.apache.directory.server.core.annotations.CreatePartition;
+import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
+import org.apache.directory.server.core.integ.FrameworkRunner;
+import org.apache.wss4j.common.principal.CustomTokenPrincipal;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.runner.RunWith;
+import org.springframework.context.support.ClassPathXmlApplicationContext;
+import org.springframework.util.Assert;
+
+@RunWith(FrameworkRunner.class)
+
+//Define the DirectoryService
+@CreateDS(name = "LDAPClaimsTest-class",
+ enableAccessControl = false,
+ allowAnonAccess = false,
+ enableChangeLog = true,
+ partitions = {
+ @CreatePartition(
+ name = "example",
+ suffix = "dc=example,dc=com",
+ indexes = {
+ @CreateIndex(attribute = "objectClass"),
+ @CreateIndex(attribute = "dc"),
+ @CreateIndex(attribute = "ou")
+ }
+ ) }
+)
+
+@CreateLdapServer(
+ transports = {
+ @CreateTransport(protocol = "LDAP")
+ }
+)
+
+//Inject an file containing entries
+@ApplyLdifFiles("ldap.ldif")
+
+public class LDAPClaimsTest extends AbstractLdapTestUnit {
+
+ private static Properties props;
+ private static boolean portUpdated;
+
+ private ClassPathXmlApplicationContext appContext;
+
+ @BeforeClass
+ public static void startServers() throws Exception {
+ props = new Properties();
+
+ InputStream is = null;
+ try {
+ is = LDAPClaimsTest.class.getResourceAsStream("/ldap.properties");
+ props.load(is);
+ } catch (Exception e) {
+ e.printStackTrace();
+ } finally {
+ if (is != null) {
+ is.close();
+ }
+ }
+ }
+
+ @Before
+ public void updatePort() throws Exception {
+ if (!portUpdated) {
+ String basedir = System.getProperty("basedir");
+ if (basedir == null) {
+ basedir = new File(".").getCanonicalPath();
+ }
+
+ // Read in ldap.xml and substitute in the correct port
+ File f = new File(basedir + "/src/test/resources/ldap.xml");
+
+ FileInputStream inputStream = new FileInputStream(f);
+ String content = IOUtils.toString(inputStream, "UTF-8");
+ inputStream.close();
+ content = content.replaceAll("portno", "" + super.getLdapServer().getPort());
+
+ File f2 = new File(basedir + "/target/test-classes/ldapport.xml");
+ FileOutputStream outputStream = new FileOutputStream(f2);
+ IOUtils.write(content, outputStream, "UTF-8");
+ outputStream.close();
+
+ portUpdated = true;
+ }
+
+ appContext = new ClassPathXmlApplicationContext("ldapport.xml");
+ }
+
+ @org.junit.Test
+ public void testRetrieveClaims() throws Exception {
+ LdapClaimsHandler claimsHandler = (LdapClaimsHandler)appContext.getBean("testClaimsHandler");
+
+ String user = props.getProperty("claimUser");
+ Assert.notNull(user, "Property 'claimUser' not configured");
+
+ ClaimCollection requestedClaims = createRequestClaimCollection();
+
+ List<URI> expectedClaims = new ArrayList<URI>();
+ expectedClaims.add(ClaimTypes.FIRSTNAME);
+ expectedClaims.add(ClaimTypes.LASTNAME);
+ expectedClaims.add(ClaimTypes.EMAILADDRESS);
+
+ ClaimsParameters params = new ClaimsParameters();
+ params.setPrincipal(new CustomTokenPrincipal(user));
+ ProcessedClaimCollection retrievedClaims =
+ claimsHandler.retrieveClaimValues(requestedClaims, params);
+
+ Assert.isTrue(
+ retrievedClaims.size() == expectedClaims.size(),
+ "Retrieved number of claims [" + retrievedClaims.size()
+ + "] doesn't match with expected [" + expectedClaims.size() + "]"
+ );
+
+ for (ProcessedClaim c : retrievedClaims) {
+ if (expectedClaims.contains(c.getClaimType())) {
+ expectedClaims.remove(c.getClaimType());
+ } else {
+ Assert.isTrue(false, "Claim '" + c.getClaimType() + "' not requested");
+ }
+ }
+ }
+
+<<<<<<< HEAD:services/sts/sts-core/src/test/java/org/apache/cxf/sts/ldap/LDAPClaimsTest.java
+=======
+ @org.junit.Test
+ public void testMultiUserBaseDNs() throws Exception {
+ LdapClaimsHandler claimsHandler = (LdapClaimsHandler)appContext.getBean("testClaimsHandlerMultipleUserBaseDNs");
+
+ String user = props.getProperty("claimUser");
+ Assert.notNull(user, "Property 'claimUser' not configured");
+ String otherUser = props.getProperty("otherClaimUser");
+ Assert.notNull(otherUser, "Property 'otherClaimUser' not configured");
+
+ ClaimCollection requestedClaims = createRequestClaimCollection();
+
+ List<URI> expectedClaims = new ArrayList<URI>();
+ expectedClaims.add(ClaimTypes.FIRSTNAME);
+ expectedClaims.add(ClaimTypes.LASTNAME);
+ expectedClaims.add(ClaimTypes.EMAILADDRESS);
+
+ // First user
+ ClaimsParameters params = new ClaimsParameters();
+ params.setPrincipal(new CustomTokenPrincipal(user));
+ ProcessedClaimCollection retrievedClaims =
+ claimsHandler.retrieveClaimValues(requestedClaims, params);
+
+ Assert.isTrue(
+ retrievedClaims.size() == expectedClaims.size(),
+ "Retrieved number of claims [" + retrievedClaims.size()
+ + "] doesn't match with expected [" + expectedClaims.size() + "]"
+ );
+
+ for (ProcessedClaim c : retrievedClaims) {
+ if (expectedClaims.contains(c.getClaimType())) {
+ expectedClaims.remove(c.getClaimType());
+ } else {
+ Assert.isTrue(false, "Claim '" + c.getClaimType() + "' not requested");
+ }
+ }
+
+ // Second user
+ params.setPrincipal(new CustomTokenPrincipal(otherUser));
+ retrievedClaims = claimsHandler.retrieveClaimValues(requestedClaims, params);
+
+ expectedClaims.add(ClaimTypes.FIRSTNAME);
+ expectedClaims.add(ClaimTypes.LASTNAME);
+ expectedClaims.add(ClaimTypes.EMAILADDRESS);
+
+ Assert.isTrue(
+ retrievedClaims.size() == expectedClaims.size(),
+ "Retrieved number of claims [" + retrievedClaims.size()
+ + "] doesn't match with expected [" + expectedClaims.size() + "]"
+ );
+
+ for (ProcessedClaim c : retrievedClaims) {
+ if (expectedClaims.contains(c.getClaimType())) {
+ expectedClaims.remove(c.getClaimType());
+ } else {
+ Assert.isTrue(false, "Claim '" + c.getClaimType() + "' not requested");
+ }
+ }
+ }
+>>>>>>> 7bf10fc... Moving LDAP tests to new integration module + re-enabling:systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java
+
+ @org.junit.Test(expected = STSException.class)
+ public void testRetrieveClaimsWithUnsupportedMandatoryClaimType() throws Exception {
+ LdapClaimsHandler claimsHandler = (LdapClaimsHandler)appContext.getBean("testClaimsHandler");
+
+ String user = props.getProperty("claimUser");
+ Assert.notNull(user, "Property 'claimUser' not configured");
+
+ ClaimCollection requestedClaims = createRequestClaimCollection();
+ // add unsupported but mandatory claim
+ Claim claim = new Claim();
+ claim.setClaimType(ClaimTypes.GENDER);
+ claim.setOptional(false);
+ requestedClaims.add(claim);
+
+ ClaimsParameters params = new ClaimsParameters();
+ params.setPrincipal(new CustomTokenPrincipal(user));
+ ProcessedClaimCollection processedClaim =
+ claimsHandler.retrieveClaimValues(requestedClaims, params);
+
+ for (Claim requestedClaim : requestedClaims) {
+ URI claimType = requestedClaim.getClaimType();
+ boolean found = false;
+ if (!requestedClaim.isOptional()) {
+ for (ProcessedClaim c : processedClaim) {
+ if (c.getClaimType().equals(claimType)) {
+ found = true;
+ break;
+ }
+ }
+ if (!found) {
+ throw new STSException("Mandatory claim '" + claim.getClaimType() + "' not found");
+ }
+ }
+ }
+ }
+
+ @org.junit.Test
+ public void testRetrieveClaimsWithUnsupportedOptionalClaimType() throws Exception {
+ LdapClaimsHandler claimsHandler = (LdapClaimsHandler)appContext.getBean("testClaimsHandler");
+
+ String user = props.getProperty("claimUser");
+ Assert.notNull(user, "Property 'claimUser' not configured");
+
+ ClaimCollection requestedClaims = createRequestClaimCollection();
+ // add unsupported but optional unsupported claim
+ Claim claim = new Claim();
+ claim.setClaimType(ClaimTypes.GENDER);
+ claim.setOptional(true);
+ requestedClaims.add(claim);
+
+ // Gender is not expected to be returned because not supported
+ List<URI> expectedClaims = new ArrayList<URI>();
+ expectedClaims.add(ClaimTypes.FIRSTNAME);
+ expectedClaims.add(ClaimTypes.LASTNAME);
+ expectedClaims.add(ClaimTypes.EMAILADDRESS);
+
+ ClaimsParameters params = new ClaimsParameters();
+ params.setPrincipal(new CustomTokenPrincipal(user));
+ ProcessedClaimCollection retrievedClaims =
+ claimsHandler.retrieveClaimValues(requestedClaims, params);
+
+ Assert.isTrue(
+ retrievedClaims.size() == expectedClaims.size(),
+ "Retrieved number of claims [" + retrievedClaims.size()
+ + "] doesn't match with expected [" + expectedClaims.size() + "]"
+ );
+
+ for (ProcessedClaim c : retrievedClaims) {
+ if (expectedClaims.contains(c.getClaimType())) {
+ expectedClaims.remove(c.getClaimType());
+ } else {
+ Assert.isTrue(false, "Claim '" + c.getClaimType() + "' not requested");
+ }
+ }
+ }
+
+ @org.junit.Test
+ public void testSupportedClaims() throws Exception {
+
+ Map<String, String> mapping
+ = CastUtils.cast((Map<?, ?>)appContext.getBean("claimsToLdapAttributeMapping"));
+
+ LdapClaimsHandler cHandler = new LdapClaimsHandler();
+ cHandler.setClaimsLdapAttributeMapping(mapping);
+
+ List<URI> supportedClaims = cHandler.getSupportedClaimTypes();
+
+ Assert.isTrue(
+ mapping.size() == supportedClaims.size(),
+ "Supported claims and claims/ldap attribute mapping size different"
+ );
+
+ for (String claim : mapping.keySet()) {
+ Assert.isTrue(
+ supportedClaims.contains(new URI(claim)),
+ "Claim '" + claim + "' not listed in supported list"
+ );
+ }
+ }
+
+ private ClaimCollection createRequestClaimCollection() {
+ ClaimCollection claims = new ClaimCollection();
+ Claim claim = new Claim();
+ claim.setClaimType(ClaimTypes.FIRSTNAME);
+ claim.setOptional(true);
+ claims.add(claim);
+ claim = new Claim();
+ claim.setClaimType(ClaimTypes.LASTNAME);
+ claim.setOptional(true);
+ claims.add(claim);
+ claim = new Claim();
+ claim.setClaimType(ClaimTypes.EMAILADDRESS);
+ claim.setOptional(true);
+ claims.add(claim);
+ return claims;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/e305d26d/systests/kerberos/src/test/resources/ldap.ldif
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/resources/ldap.ldif b/systests/kerberos/src/test/resources/ldap.ldif
new file mode 100644
index 0000000..bdb6a83
--- /dev/null
+++ b/systests/kerberos/src/test/resources/ldap.ldif
@@ -0,0 +1,73 @@
+dn: dc=example,dc=com
+dc: example
+objectClass: top
+objectClass: domain
+
+dn: ou=users,dc=example,dc=com
+objectClass: organizationalUnit
+objectClass: top
+ou: users
+
+dn: ou=other-users,dc=example,dc=com
+objectClass: organizationalUnit
+objectClass: top
+ou: other-users
+
+dn: ou=groups,dc=example,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: groups
+
+dn: cn=employee,ou=groups,dc=example,dc=com
+objectClass: groupOfNames
+objectClass: top
+cn: employee
+member: cn=alice,ou=users,dc=example,dc=com
+member: cn=bob,ou=other-users,dc=example,dc=com
+description: This is an employee
+
+dn: cn=boss,ou=groups,dc=example,dc=com
+objectClass: groupOfNames
+objectClass: top
+cn: boss
+member: cn=alice,ou=users,dc=example,dc=com
+description: The boss
+
+# Web server identity/service principal.
+dn: cn=bob,ou=other-users,dc=example,dc=com
+objectclass: top
+objectclass: person
+objectclass: inetOrgPerson
+objectclass: organizationalPerson
+cn: bob
+sn: green
+uid: bob
+mail: bob@users.apache.org
+givenname: bob2
+userpassword: security
+
+# User / client principal.
+dn: cn=alice,ou=users,dc=example,dc=com
+objectclass: top
+objectclass: person
+objectclass: inetOrgPerson
+objectclass: organizationalPerson
+cn: alice
+sn: smith
+uid: alice
+mail: alice@users.apache.org
+givenname: alice2
+userpassword: security
+
+dn: uid=admin,dc=example,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: system administrator
+sn: administrator
+displayName: Directory Superuser
+uid: admin
+userPassword:: e1NTSEF9c2UyV0ZiWHowL2RjSkVuTWgvOWNOZnIzUXU4YUg1R1gvM2E1OFE9P
+ Q==
+
http://git-wip-us.apache.org/repos/asf/cxf/blob/e305d26d/systests/kerberos/src/test/resources/ldap.properties
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/resources/ldap.properties b/systests/kerberos/src/test/resources/ldap.properties
new file mode 100644
index 0000000..8654096
--- /dev/null
+++ b/systests/kerberos/src/test/resources/ldap.properties
@@ -0,0 +1,20 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+claimUser=alice
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf/blob/e305d26d/systests/kerberos/src/test/resources/ldap.xml
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/resources/ldap.xml b/systests/kerberos/src/test/resources/ldap.xml
new file mode 100644
index 0000000..41885ba
--- /dev/null
+++ b/systests/kerberos/src/test/resources/ldap.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0"?>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation=" http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
+ <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
+ <property name="url" value="ldap://localhost:portno"/>
+ <property name="userDn" value="UID=admin,DC=example,DC=com"/>
+ <property name="password" value="ldap_su"/>
+ </bean>
+ <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
+ <constructor-arg ref="contextSource"/>
+ </bean>
+ <util:map id="claimsToLdapAttributeMapping">
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" value="givenname"/>
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" value="sn"/>
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" value="mail"/>
+ <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country" value="c"/>
+ </util:map>
+ <bean id="testClaimsHandler" class="org.apache.cxf.sts.claims.LdapClaimsHandler">
+<<<<<<< HEAD:services/sts/sts-core/src/test/resources/ldap.xml
+ <property name="ldapTemplate" ref="ldapTemplate"/>
+ <property name="claimsLdapAttributeMapping" ref="claimsToLdapAttributeMapping"/>
+ <property name="userBaseDN" value="OU=users,DC=emea,DC=mycompany,DC=com"/>
+=======
+ <property name="ldapTemplate" ref="ldapTemplate" />
+ <property name="claimsLdapAttributeMapping" ref="claimsToLdapAttributeMapping" />
+ <property name="userBaseDN" value="OU=users,DC=example,DC=com" />
+ </bean>
+ <bean id="testClaimsHandlerMultipleUserBaseDNs" class="org.apache.cxf.sts.claims.LdapClaimsHandler">
+ <property name="ldapTemplate" ref="ldapTemplate" />
+ <property name="claimsLdapAttributeMapping" ref="claimsToLdapAttributeMapping" />
+ <property name="userBaseDNs">
+ <list>
+ <value>OU=users,DC=example,DC=com</value>
+ <value>OU=other-users,DC=example,DC=com</value>
+ </list>
+ </property>
+>>>>>>> 7bf10fc... Moving LDAP tests to new integration module + re-enabling:systests/kerberos/src/test/resources/ldap.xml
+ </bean>
+</beans>