You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/02/08 17:40:42 UTC
[1/6] cxf git commit: Adding more STS tests
Repository: cxf
Updated Branches:
refs/heads/3.1.x-fixes 03a3cf4f9 -> 547f8af05
Adding more STS tests
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b60702df
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b60702df
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b60702df
Branch: refs/heads/3.1.x-fixes
Commit: b60702df6f4f8a651395999ee7cc583bb89589e3
Parents: 03a3cf4
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Feb 8 11:24:06 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Feb 8 16:35:15 2016 +0000
----------------------------------------------------------------------
.../cxf/systest/sts/rest/RESTUnitTest.java | 168 ++++++++++++++++++-
1 file changed, 167 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/b60702df/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
index 068b4c3..de6981c 100644
--- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
+++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
@@ -37,6 +37,8 @@ import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenRespons
import org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.saml.OpenSAMLUtil;
+import org.apache.wss4j.common.saml.SAMLKeyInfo;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
@@ -46,10 +48,17 @@ import org.apache.wss4j.dom.processor.SAMLTokenProcessor;
import org.junit.BeforeClass;
/**
- * Some unit tests for the CXF STSClient Issue Binding.
+ * Some unit tests for the REST interface of the CXF STS.
*/
public class RESTUnitTest extends AbstractBusClientServerTestBase {
+ private static final String SYMMETRIC_KEY_KEYTYPE =
+ "http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey";
+ private static final String PUBLIC_KEY_KEYTYPE =
+ "http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey";
+ private static final String BEARER_KEYTYPE =
+ "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer";
+
static final String STSPORT = allocatePort(STSRESTServer.class);
@BeforeClass
@@ -101,6 +110,163 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase {
}
@org.junit.Test
+ public void testIssueSAML1Token() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = RESTUnitTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token";
+ WebClient client = WebClient.create(address, busFile.toString());
+
+ client.type("application/xml").accept("application/xml");
+ client.path("saml1.1");
+
+ Response response = client.get();
+ Document assertionDoc = response.readEntity(Document.class);
+ assertNotNull(assertionDoc);
+
+ // Process the token
+ List<WSSecurityEngineResult> results = processToken(assertionDoc.getDocumentElement());
+
+ assertTrue(results != null && results.size() == 1);
+ SamlAssertionWrapper assertion =
+ (SamlAssertionWrapper)results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ assertTrue(assertion != null);
+ assertTrue(assertion.getSaml2() == null && assertion.getSaml1() != null);
+ assertTrue(assertion.isSigned());
+
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
+ public void testIssueSymmetricKeySaml1() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = RESTUnitTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token";
+ WebClient client = WebClient.create(address, busFile.toString());
+
+ client.type("application/xml").accept("application/xml");
+ client.path("saml1.1");
+ client.query("keyType", SYMMETRIC_KEY_KEYTYPE);
+
+ Response response = client.get();
+ Document assertionDoc = response.readEntity(Document.class);
+ assertNotNull(assertionDoc);
+
+ // Process the token
+ List<WSSecurityEngineResult> results = processToken(assertionDoc.getDocumentElement());
+
+ assertTrue(results != null && results.size() == 1);
+ SamlAssertionWrapper assertion =
+ (SamlAssertionWrapper)results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ assertTrue(assertion != null);
+ assertTrue(assertion.getSaml2() == null && assertion.getSaml1() != null);
+ assertTrue(assertion.isSigned());
+
+ List<String> methods = assertion.getConfirmationMethods();
+ String confirmMethod = null;
+ if (methods != null && methods.size() > 0) {
+ confirmMethod = methods.get(0);
+ }
+ assertTrue(OpenSAMLUtil.isMethodHolderOfKey(confirmMethod));
+ SAMLKeyInfo subjectKeyInfo = assertion.getSubjectKeyInfo();
+ assertTrue(subjectKeyInfo.getSecret() != null);
+
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
+ @org.junit.Ignore
+ public void testIssuePublicKeySAML2Token() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = RESTUnitTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token";
+ WebClient client = WebClient.create(address, busFile.toString());
+
+ client.type("application/xml").accept("application/xml");
+ client.path("saml2.0");
+ client.query("keyType", PUBLIC_KEY_KEYTYPE);
+
+ Response response = client.get();
+ Document assertionDoc = response.readEntity(Document.class);
+ assertNotNull(assertionDoc);
+
+ // Process the token
+ List<WSSecurityEngineResult> results = processToken(assertionDoc.getDocumentElement());
+
+ assertTrue(results != null && results.size() == 1);
+ SamlAssertionWrapper assertion =
+ (SamlAssertionWrapper)results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ assertTrue(assertion != null);
+ assertTrue(assertion.getSaml2() != null && assertion.getSaml1() == null);
+ assertTrue(assertion.isSigned());
+
+ List<String> methods = assertion.getConfirmationMethods();
+ String confirmMethod = null;
+ if (methods != null && methods.size() > 0) {
+ confirmMethod = methods.get(0);
+ }
+ assertTrue(OpenSAMLUtil.isMethodHolderOfKey(confirmMethod));
+ SAMLKeyInfo subjectKeyInfo = assertion.getSubjectKeyInfo();
+ assertTrue(subjectKeyInfo.getCerts() != null);
+
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
+ public void testIssueBearerSAML1Token() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = RESTUnitTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token";
+ WebClient client = WebClient.create(address, busFile.toString());
+
+ client.type("application/xml").accept("application/xml");
+ client.path("saml1.1");
+ client.query("keyType", BEARER_KEYTYPE);
+
+ Response response = client.get();
+ Document assertionDoc = response.readEntity(Document.class);
+ assertNotNull(assertionDoc);
+
+ // Process the token
+ List<WSSecurityEngineResult> results = processToken(assertionDoc.getDocumentElement());
+
+ assertTrue(results != null && results.size() == 1);
+ SamlAssertionWrapper assertion =
+ (SamlAssertionWrapper)results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ assertTrue(assertion != null);
+ assertTrue(assertion.getSaml2() == null && assertion.getSaml1() != null);
+ assertTrue(assertion.isSigned());
+
+ List<String> methods = assertion.getConfirmationMethods();
+ String confirmMethod = null;
+ if (methods != null && methods.size() > 0) {
+ confirmMethod = methods.get(0);
+ }
+ assertTrue(confirmMethod.contains("bearer"));
+
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
@org.junit.Ignore
public void testIssueJWTToken() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
[5/6] cxf git commit: Got WS-Trust issuing working again
Posted by co...@apache.org.
Got WS-Trust issuing working again
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1808d49f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1808d49f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1808d49f
Branch: refs/heads/3.1.x-fixes
Commit: 1808d49f62dd08b701c886f529ae7b9efb4b9fbe
Parents: 9da51a9
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Feb 8 14:42:35 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Feb 8 16:35:19 2016 +0000
----------------------------------------------------------------------
.../cxf/sts/rest/RESTSecurityTokenService.java | 3 +-
.../sts/rest/RESTSecurityTokenServiceImpl.java | 12 +++--
.../cxf/systest/sts/rest/RESTUnitTest.java | 47 ++++++++++----------
3 files changed, 34 insertions(+), 28 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/1808d49f/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
index 3014da3..3458c4a 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
@@ -56,6 +56,7 @@ public interface RESTSecurityTokenService {
/**
* @return Issues required token type with default token settings.
*/
+
@GET
@Path("{tokenType}")
@Produces({
@@ -72,7 +73,7 @@ public interface RESTSecurityTokenService {
})
Response getTokenViaWSTrust(@PathParam("tokenType") String tokenType, @QueryParam("keyType") String keyType,
@QueryParam("claim") List<String> requestedClaims, @QueryParam("appliesTo") String appliesTo);
-
+
@POST
@Produces({
MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON
http://git-wip-us.apache.org/repos/asf/cxf/blob/1808d49f/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
index f1291c0..1b39bf7 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
@@ -96,15 +96,21 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl imple
public Response getToken(String tokenType, String keyType, List<String> requestedClaims, String appliesTo) {
RequestSecurityTokenResponseType response =
issueToken(tokenType, keyType, requestedClaims, appliesTo);
-
RequestedSecurityTokenType requestedToken = getRequestedSecurityToken(response);
return Response.ok(requestedToken.getAny()).build();
}
@Override
- public Response getTokenViaWSTrust(String tokenType, String keyType, List<String> requestedClaims, String appliesTo) {
- return getToken(tokenType, keyType, requestedClaims, appliesTo);
+ public Response getTokenViaWSTrust(String tokenType, String keyType,
+ List<String> requestedClaims, String appliesTo) {
+ RequestSecurityTokenResponseType response =
+ issueToken(tokenType, keyType, requestedClaims, appliesTo);
+
+ JAXBElement<RequestSecurityTokenResponseType> jaxbResponse =
+ QNameConstants.WS_TRUST_FACTORY.createRequestSecurityTokenResponse(response);
+
+ return Response.ok(jaxbResponse).build();
}
private RequestedSecurityTokenType getRequestedSecurityToken(RequestSecurityTokenResponseType response) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/1808d49f/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
index 8ecd2b6..e682911 100644
--- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
+++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
@@ -55,6 +55,8 @@ import org.junit.BeforeClass;
*/
public class RESTUnitTest extends AbstractBusClientServerTestBase {
+ static final String STSPORT = allocatePort(STSRESTServer.class);
+
private static final String SYMMETRIC_KEY_KEYTYPE =
"http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey";
private static final String PUBLIC_KEY_KEYTYPE =
@@ -64,8 +66,6 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase {
private static final String DEFAULT_ADDRESS =
"https://localhost:8081/doubleit/services/doubleittransportsaml1";
- static final String STSPORT = allocatePort(STSRESTServer.class);
-
@BeforeClass
public static void startServers() throws Exception {
assertTrue(
@@ -229,7 +229,7 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase {
bus.shutdown(true);
}
- /*
+
@org.junit.Test
public void testIssueBearerSAML1Token() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
@@ -391,28 +391,8 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase {
bus.shutdown(true);
}
-*/
- @org.junit.Test
- @org.junit.Ignore
- public void testIssueJWTToken() throws Exception {
- SpringBusFactory bf = new SpringBusFactory();
- URL busFile = RESTUnitTest.class.getResource("cxf-client.xml");
-
- Bus bus = bf.createBus(busFile.toString());
- SpringBusFactory.setDefaultBus(bus);
- SpringBusFactory.setThreadDefaultBus(bus);
-
- String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token";
- WebClient client = WebClient.create(address, "alice", "clarinet", busFile.toString());
- client.type("application/json").accept("application/json");
- client.path("jwt");
-
- client.get();
- }
-
@org.junit.Test
- @org.junit.Ignore
public void testIssueSAML2TokenViaWSTrust() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
URL busFile = RESTUnitTest.class.getResource("cxf-client.xml");
@@ -421,7 +401,7 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase {
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
- String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token";
+ String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token/ws-trust";
WebClient client = WebClient.create(address, busFile.toString());
client.type("application/xml").accept("application/xml");
@@ -457,6 +437,25 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase {
bus.shutdown(true);
}
+ @org.junit.Test
+ @org.junit.Ignore
+ public void testIssueJWTToken() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = RESTUnitTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token";
+ WebClient client = WebClient.create(address, "alice", "clarinet", busFile.toString());
+
+ client.type("application/json").accept("application/json");
+ client.path("jwt");
+
+ client.get();
+ }
+
private List<WSSecurityEngineResult> processToken(Element assertionElement)
throws Exception {
RequestData requestData = new RequestData();
[6/6] cxf git commit: Adding tests for POST interface
Posted by co...@apache.org.
Adding tests for POST interface
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/547f8af0
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/547f8af0
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/547f8af0
Branch: refs/heads/3.1.x-fixes
Commit: 547f8af0519e6fd973e9cf379034fa6940eb7ceb
Parents: 1808d49f
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Feb 8 16:33:51 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Feb 8 16:35:19 2016 +0000
----------------------------------------------------------------------
.../cxf/sts/rest/RESTSecurityTokenService.java | 8 +-
.../sts/rest/RESTSecurityTokenServiceImpl.java | 10 +-
.../cxf/systest/sts/rest/RESTUnitTest.java | 194 ++++++++++++++++++-
3 files changed, 202 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/547f8af0/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
index 3458c4a..0967b10 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
@@ -38,10 +38,10 @@ import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType;
public interface RESTSecurityTokenService {
enum Action {
- ISSUE("issue"),
- VALIDATE("validate"),
- RENEW("renew"),
- CANCEL("cancel");
+ issue("issue"),
+ validate("validate"),
+ renew("renew"),
+ cancel("cancel");
private String value;
private Action(String value) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/547f8af0/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
index 1b39bf7..deb05da 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
@@ -220,7 +220,7 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl imple
// }
// request.setContext(null);
- return processRequest(Action.ISSUE, request);
+ return processRequest(Action.issue, request);
}
@Override
@@ -236,13 +236,13 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl imple
private RequestSecurityTokenResponseType processRequest(Action action,
RequestSecurityTokenType request) {
switch (action) {
- case VALIDATE:
+ case validate:
return validate(request);
- case RENEW:
+ case renew:
return renew(request);
- case CANCEL:
+ case cancel:
return cancel(request);
- case ISSUE:
+ case issue:
default:
return issueSingle(request);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/547f8af0/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
index e682911..9c98bd6 100644
--- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
+++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
@@ -24,6 +24,7 @@ import java.util.List;
import javax.security.auth.callback.CallbackHandler;
import javax.ws.rs.core.Response;
import javax.xml.bind.JAXBElement;
+import javax.xml.transform.dom.DOMSource;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -34,10 +35,12 @@ import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.rt.security.claims.Claim;
import org.apache.cxf.rt.security.claims.ClaimCollection;
import org.apache.cxf.rt.security.saml.utils.SAMLUtils;
+import org.apache.cxf.staxutils.W3CDOMStreamWriter;
import org.apache.cxf.systest.sts.common.SecurityTestUtil;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType;
import org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType;
+import org.apache.cxf.ws.security.trust.STSUtils;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.saml.OpenSAMLUtil;
@@ -57,6 +60,10 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase {
static final String STSPORT = allocatePort(STSRESTServer.class);
+ private static final String SAML1_TOKEN_TYPE =
+ "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";
+ private static final String SAML2_TOKEN_TYPE =
+ "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
private static final String SYMMETRIC_KEY_KEYTYPE =
"http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey";
private static final String PUBLIC_KEY_KEYTYPE =
@@ -65,7 +72,7 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase {
"http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer";
private static final String DEFAULT_ADDRESS =
"https://localhost:8081/doubleit/services/doubleittransportsaml1";
-
+
@BeforeClass
public static void startServers() throws Exception {
assertTrue(
@@ -438,6 +445,191 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase {
}
@org.junit.Test
+ public void testIssueSAML2TokenViaPOST() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = RESTUnitTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token";
+ WebClient client = WebClient.create(address, busFile.toString());
+
+ client.type("application/xml").accept("application/xml");
+
+ // Create RequestSecurityToken
+ W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
+ String namespace = STSUtils.WST_NS_05_12;
+ writer.writeStartElement("wst", "RequestSecurityToken", namespace);
+ writer.writeNamespace("wst", namespace);
+
+ writer.writeStartElement("wst", "RequestType", namespace);
+ writer.writeCharacters(namespace + "/Issue");
+ writer.writeEndElement();
+
+ writer.writeStartElement("wst", "TokenType", namespace);
+ writer.writeCharacters(SAML2_TOKEN_TYPE);
+ writer.writeEndElement();
+
+ writer.writeEndElement();
+
+ Response response = client.post(new DOMSource(writer.getDocument().getDocumentElement()));
+
+ RequestSecurityTokenResponseType securityResponse =
+ response.readEntity(RequestSecurityTokenResponseType.class);
+
+ RequestedSecurityTokenType requestedSecurityToken = null;
+ for (Object obj : securityResponse.getAny()) {
+ if (obj instanceof JAXBElement<?>) {
+ JAXBElement<?> jaxbElement = (JAXBElement<?>)obj;
+ if ("RequestedSecurityToken".equals(jaxbElement.getName().getLocalPart())) {
+ requestedSecurityToken = (RequestedSecurityTokenType)jaxbElement.getValue();
+ break;
+ }
+ }
+ }
+ assertNotNull(requestedSecurityToken);
+
+ // Process the token
+ List<WSSecurityEngineResult> results =
+ processToken((Element)requestedSecurityToken.getAny());
+
+ assertTrue(results != null && results.size() == 1);
+ SamlAssertionWrapper assertion =
+ (SamlAssertionWrapper)results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ assertTrue(assertion != null);
+ assertTrue(assertion.getSaml2() != null && assertion.getSaml1() == null);
+ assertTrue(assertion.isSigned());
+
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
+ public void testExplicitlyIssueSAML2TokenViaPOST() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = RESTUnitTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token";
+ WebClient client = WebClient.create(address, busFile.toString());
+
+ client.type("application/xml").accept("application/xml");
+ client.query("action", "issue");
+
+ // Create RequestSecurityToken
+ W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
+ String namespace = STSUtils.WST_NS_05_12;
+ writer.writeStartElement("wst", "RequestSecurityToken", namespace);
+ writer.writeNamespace("wst", namespace);
+
+ writer.writeStartElement("wst", "RequestType", namespace);
+ writer.writeCharacters(namespace + "/Issue");
+ writer.writeEndElement();
+
+ writer.writeStartElement("wst", "TokenType", namespace);
+ writer.writeCharacters(SAML2_TOKEN_TYPE);
+ writer.writeEndElement();
+
+ writer.writeEndElement();
+
+ Response response = client.post(new DOMSource(writer.getDocument().getDocumentElement()));
+
+ RequestSecurityTokenResponseType securityResponse =
+ response.readEntity(RequestSecurityTokenResponseType.class);
+
+ RequestedSecurityTokenType requestedSecurityToken = null;
+ for (Object obj : securityResponse.getAny()) {
+ if (obj instanceof JAXBElement<?>) {
+ JAXBElement<?> jaxbElement = (JAXBElement<?>)obj;
+ if ("RequestedSecurityToken".equals(jaxbElement.getName().getLocalPart())) {
+ requestedSecurityToken = (RequestedSecurityTokenType)jaxbElement.getValue();
+ break;
+ }
+ }
+ }
+ assertNotNull(requestedSecurityToken);
+
+ // Process the token
+ List<WSSecurityEngineResult> results =
+ processToken((Element)requestedSecurityToken.getAny());
+
+ assertTrue(results != null && results.size() == 1);
+ SamlAssertionWrapper assertion =
+ (SamlAssertionWrapper)results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ assertTrue(assertion != null);
+ assertTrue(assertion.getSaml2() != null && assertion.getSaml1() == null);
+ assertTrue(assertion.isSigned());
+
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
+ public void testExplicitlyIssueSAML1TokenViaPOST() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = RESTUnitTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token";
+ WebClient client = WebClient.create(address, busFile.toString());
+
+ client.type("application/xml").accept("application/xml");
+ client.query("action", "issue");
+
+ // Create RequestSecurityToken
+ W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
+ String namespace = STSUtils.WST_NS_05_12;
+ writer.writeStartElement("wst", "RequestSecurityToken", namespace);
+ writer.writeNamespace("wst", namespace);
+
+ writer.writeStartElement("wst", "RequestType", namespace);
+ writer.writeCharacters(namespace + "/Issue");
+ writer.writeEndElement();
+
+ writer.writeStartElement("wst", "TokenType", namespace);
+ writer.writeCharacters(SAML1_TOKEN_TYPE);
+ writer.writeEndElement();
+
+ writer.writeEndElement();
+
+ Response response = client.post(new DOMSource(writer.getDocument().getDocumentElement()));
+
+ RequestSecurityTokenResponseType securityResponse =
+ response.readEntity(RequestSecurityTokenResponseType.class);
+
+ RequestedSecurityTokenType requestedSecurityToken = null;
+ for (Object obj : securityResponse.getAny()) {
+ if (obj instanceof JAXBElement<?>) {
+ JAXBElement<?> jaxbElement = (JAXBElement<?>)obj;
+ if ("RequestedSecurityToken".equals(jaxbElement.getName().getLocalPart())) {
+ requestedSecurityToken = (RequestedSecurityTokenType)jaxbElement.getValue();
+ break;
+ }
+ }
+ }
+ assertNotNull(requestedSecurityToken);
+
+ // Process the token
+ List<WSSecurityEngineResult> results =
+ processToken((Element)requestedSecurityToken.getAny());
+
+ assertTrue(results != null && results.size() == 1);
+ SamlAssertionWrapper assertion =
+ (SamlAssertionWrapper)results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ assertTrue(assertion != null);
+ assertTrue(assertion.getSaml2() == null && assertion.getSaml1() != null);
+ assertTrue(assertion.isSigned());
+
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
@org.junit.Ignore
public void testIssueJWTToken() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
[4/6] cxf git commit: Got the PublicKey case working with TLS client
certs
Posted by co...@apache.org.
Got the PublicKey case working with TLS client certs
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9da51a99
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9da51a99
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9da51a99
Branch: refs/heads/3.1.x-fixes
Commit: 9da51a99400fad5e6396949bd74a9efaf2093ade
Parents: bc025f0
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Feb 8 14:13:16 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Feb 8 16:35:18 2016 +0000
----------------------------------------------------------------------
.../sts/rest/RESTSecurityTokenServiceImpl.java | 52 +++++++++++++++-----
.../cxf/systest/sts/rest/RESTUnitTest.java | 5 +-
2 files changed, 43 insertions(+), 14 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/9da51a99/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
index 181a05a..f1291c0 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
@@ -46,8 +46,11 @@ import org.apache.cxf.ws.security.sts.provider.model.ObjectFactory;
import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType;
import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType;
import org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType;
+import org.apache.cxf.ws.security.sts.provider.model.UseKeyType;
import org.apache.cxf.ws.security.trust.STSUtils;
import org.apache.wss4j.dom.WSConstants;
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.keys.content.X509Data;
public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl implements RESTSecurityTokenService {
@@ -132,9 +135,31 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl imple
request.getAny().add(of.createRequestType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue"));
- request.getAny().add(of.createKeyType(keyType != null
- ? keyType
- : defaultKeyType));
+ String desiredKeyType = keyType != null ? keyType : defaultKeyType;
+ request.getAny().add(of.createKeyType(desiredKeyType));
+
+ // Add the TLS client Certificate as the UseKey Element if the KeyType is PublicKey
+ if (STSConstants.PUBLIC_KEY_KEYTYPE.equals(desiredKeyType)) {
+ X509Certificate clientCert = getTLSClientCertificate();
+ if (clientCert != null) {
+ Document doc = DOMUtils.createDocument();
+ Element keyInfoElement = doc.createElementNS("http://www.w3.org/2000/09/xmldsig#", "KeyInfo");
+
+ try {
+ X509Data certElem = new X509Data(doc);
+ certElem.addCertificate(clientCert);
+ keyInfoElement.appendChild(certElem.getElement());
+
+ UseKeyType useKeyType = of.createUseKeyType();
+ useKeyType.setAny(keyInfoElement);
+
+ JAXBElement<UseKeyType> useKey = of.createUseKey(useKeyType);
+ request.getAny().add(useKey);
+ } catch (XMLSecurityException ex) {
+ // TODO
+ }
+ }
+ }
// Claims
if (requestedClaims == null) {
@@ -266,18 +291,23 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl imple
SecurityContext sc = (SecurityContext)messageContext.get(SecurityContext.class);
if (sc == null || sc.getUserPrincipal() == null) {
// Get the TLS client principal if no security context is set up
- TLSSessionInfo tlsInfo =
- (TLSSessionInfo)PhaseInterceptorChain.getCurrentMessage().get(TLSSessionInfo.class);
- if (tlsInfo != null && tlsInfo.getPeerCertificates() != null
- && tlsInfo.getPeerCertificates().length > 0
- && (tlsInfo.getPeerCertificates()[0] instanceof X509Certificate)
- ) {
- return ((X509Certificate)tlsInfo.getPeerCertificates()[0]).getSubjectX500Principal();
- }
+ return getTLSClientCertificate().getSubjectX500Principal();
}
return messageContext.getSecurityContext().getUserPrincipal();
}
+ private X509Certificate getTLSClientCertificate() {
+ TLSSessionInfo tlsInfo =
+ (TLSSessionInfo)PhaseInterceptorChain.getCurrentMessage().get(TLSSessionInfo.class);
+ if (tlsInfo != null && tlsInfo.getPeerCertificates() != null
+ && tlsInfo.getPeerCertificates().length > 0
+ && (tlsInfo.getPeerCertificates()[0] instanceof X509Certificate)
+ ) {
+ return (X509Certificate)tlsInfo.getPeerCertificates()[0];
+ }
+ return null;
+ }
+
@Override
protected Map<String, Object> getMessageContext() {
return PhaseInterceptorChain.getCurrentMessage();
http://git-wip-us.apache.org/repos/asf/cxf/blob/9da51a99/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
index 65c0cf3..8ecd2b6 100644
--- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
+++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
@@ -189,7 +189,6 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase {
}
@org.junit.Test
- @org.junit.Ignore
public void testIssuePublicKeySAML2Token() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
URL busFile = RESTUnitTest.class.getResource("cxf-client.xml");
@@ -230,7 +229,7 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase {
bus.shutdown(true);
}
-
+ /*
@org.junit.Test
public void testIssueBearerSAML1Token() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
@@ -392,7 +391,7 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase {
bus.shutdown(true);
}
-
+*/
@org.junit.Test
@org.junit.Ignore
public void testIssueJWTToken() throws Exception {
[2/6] cxf git commit: Adding AppliesTo support
Posted by co...@apache.org.
Adding AppliesTo support
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/01956cc9
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/01956cc9
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/01956cc9
Branch: refs/heads/3.1.x-fixes
Commit: 01956cc9af68f80d4f12018a3779c12f36d5308e
Parents: b60702d
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Feb 8 11:58:36 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Feb 8 16:35:16 2016 +0000
----------------------------------------------------------------------
.../cxf/sts/rest/RESTSecurityTokenService.java | 5 +-
.../sts/rest/RESTSecurityTokenServiceImpl.java | 27 +++++++--
.../cxf/systest/sts/rest/RESTUnitTest.java | 62 ++++++++++++++++++++
3 files changed, 87 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/01956cc9/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
index a68194d..3014da3 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenService.java
@@ -62,7 +62,8 @@ public interface RESTSecurityTokenService {
MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON
})
Response getToken(@PathParam("tokenType") String tokenType, @QueryParam("keyType") String keyType,
- @QueryParam("claim") List<String> requestedClaims);
+ @QueryParam("claim") List<String> requestedClaims,
+ @QueryParam("appliesTo") String appliesTo);
@GET
@Path("ws-trust/{tokenType}")
@@ -70,7 +71,7 @@ public interface RESTSecurityTokenService {
MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON
})
Response getTokenViaWSTrust(@PathParam("tokenType") String tokenType, @QueryParam("keyType") String keyType,
- @QueryParam("claim") List<String> requestedClaims);
+ @QueryParam("claim") List<String> requestedClaims, @QueryParam("appliesTo") String appliesTo);
@POST
@Produces({
http://git-wip-us.apache.org/repos/asf/cxf/blob/01956cc9/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
index ae454ab..181a05a 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
@@ -90,9 +90,9 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl imple
private boolean requestClaimsOptional = true;
@Override
- public Response getToken(String tokenType, String keyType, List<String> requestedClaims) {
+ public Response getToken(String tokenType, String keyType, List<String> requestedClaims, String appliesTo) {
RequestSecurityTokenResponseType response =
- issueToken(tokenType, keyType, requestedClaims);
+ issueToken(tokenType, keyType, requestedClaims, appliesTo);
RequestedSecurityTokenType requestedToken = getRequestedSecurityToken(response);
@@ -100,8 +100,8 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl imple
}
@Override
- public Response getTokenViaWSTrust(String tokenType, String keyType, List<String> requestedClaims) {
- return getToken(tokenType, keyType, requestedClaims);
+ public Response getTokenViaWSTrust(String tokenType, String keyType, List<String> requestedClaims, String appliesTo) {
+ return getToken(tokenType, keyType, requestedClaims, appliesTo);
}
private RequestedSecurityTokenType getRequestedSecurityToken(RequestSecurityTokenResponseType response) {
@@ -119,7 +119,8 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl imple
private RequestSecurityTokenResponseType issueToken(
String tokenType,
String keyType,
- List<String> requestedClaims
+ List<String> requestedClaims,
+ String appliesTo
) {
if (tokenTypeMap != null && tokenTypeMap.containsKey(tokenType)) {
tokenType = tokenTypeMap.get(tokenType);
@@ -158,6 +159,22 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl imple
}
request.getAny().add(claims);
}
+
+ if (appliesTo != null) {
+ String wspNamespace = "http://www.w3.org/ns/ws-policy";
+ Document doc = DOMUtils.createDocument();
+ Element appliesToElement = doc.createElementNS(wspNamespace, "AppliesTo");
+
+ String addressingNamespace = "http://www.w3.org/2005/08/addressing";
+ Element eprElement = doc.createElementNS(addressingNamespace, "EndpointReference");
+ Element addressElement = doc.createElementNS(addressingNamespace, "Address");
+ addressElement.setTextContent(appliesTo);
+
+ eprElement.appendChild(addressElement);
+ appliesToElement.appendChild(eprElement);
+
+ request.getAny().add(appliesToElement);
+ }
// OnBehalfOf
// User Authentication done with JWT or SAML?
http://git-wip-us.apache.org/repos/asf/cxf/blob/01956cc9/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
index de6981c..e0ed538 100644
--- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
+++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
@@ -58,6 +58,8 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase {
"http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey";
private static final String BEARER_KEYTYPE =
"http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer";
+ private static final String DEFAULT_ADDRESS =
+ "https://localhost:8081/doubleit/services/doubleittransportsaml1";
static final String STSPORT = allocatePort(STSRESTServer.class);
@@ -267,6 +269,66 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase {
}
@org.junit.Test
+ public void testIssueSAML2TokenAppliesTo() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = RESTUnitTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token";
+ WebClient client = WebClient.create(address, busFile.toString());
+
+ client.type("application/xml").accept("application/xml");
+ client.path("saml2.0");
+ client.query("appliesTo", DEFAULT_ADDRESS);
+
+ Response response = client.get();
+ Document assertionDoc = response.readEntity(Document.class);
+ assertNotNull(assertionDoc);
+
+ // Process the token
+ List<WSSecurityEngineResult> results = processToken(assertionDoc.getDocumentElement());
+
+ assertTrue(results != null && results.size() == 1);
+ SamlAssertionWrapper assertion =
+ (SamlAssertionWrapper)results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ assertTrue(assertion != null);
+ assertTrue(assertion.getSaml2() != null && assertion.getSaml1() == null);
+ assertTrue(assertion.isSigned());
+
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
+ public void testIssueSAML2TokenUnknownAppliesTo() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = RESTUnitTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token";
+ WebClient client = WebClient.create(address, busFile.toString());
+
+ client.type("application/xml").accept("application/xml");
+ client.path("saml2.0");
+ client.query("appliesTo", "https://localhost:8081/tripleit/");
+
+ Response response = client.get();
+ try {
+ response.readEntity(Document.class);
+ fail("Failure expected on an unknown AppliesTo address");
+ } catch (Exception ex) {
+ // expected
+ }
+
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
@org.junit.Ignore
public void testIssueJWTToken() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
[3/6] cxf git commit: Adding claims test
Posted by co...@apache.org.
Adding claims test
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/bc025f0f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/bc025f0f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/bc025f0f
Branch: refs/heads/3.1.x-fixes
Commit: bc025f0fe4acf7191430230080318346272543e1
Parents: 01956cc
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Feb 8 12:17:57 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Feb 8 16:35:17 2016 +0000
----------------------------------------------------------------------
.../cxf/systest/sts/rest/RESTUnitTest.java | 65 ++++++++++++++++++++
1 file changed, 65 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/bc025f0f/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
index e0ed538..65c0cf3 100644
--- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
+++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java
@@ -31,6 +31,9 @@ import org.w3c.dom.Element;
import org.apache.cxf.Bus;
import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.cxf.rt.security.claims.Claim;
+import org.apache.cxf.rt.security.claims.ClaimCollection;
+import org.apache.cxf.rt.security.saml.utils.SAMLUtils;
import org.apache.cxf.systest.sts.common.SecurityTestUtil;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType;
@@ -329,6 +332,68 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase {
}
@org.junit.Test
+ public void testIssueSAML2TokenClaims() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = RESTUnitTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token";
+ WebClient client = WebClient.create(address, busFile.toString());
+
+ client.type("application/xml").accept("application/xml");
+ client.path("saml2.0");
+
+ // First check that the role isn't usually in the generated token
+
+ Response response = client.get();
+ Document assertionDoc = response.readEntity(Document.class);
+ assertNotNull(assertionDoc);
+
+ // Process the token
+ List<WSSecurityEngineResult> results = processToken(assertionDoc.getDocumentElement());
+
+ assertTrue(results != null && results.size() == 1);
+ SamlAssertionWrapper assertion =
+ (SamlAssertionWrapper)results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ assertTrue(assertion != null);
+ assertTrue(assertion.getSaml2() != null && assertion.getSaml1() == null);
+ assertTrue(assertion.isSigned());
+
+ ClaimCollection claims = SAMLUtils.getClaims(assertion);
+ assertEquals(1, claims.size());
+ Claim claim = claims.get(0);
+ String role = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role";
+ assertNotEquals(claim.getClaimType().toString(), role);
+
+ // Now get another token specifying the role
+ client.query("claim", role);
+ response = client.get();
+ assertionDoc = response.readEntity(Document.class);
+ assertNotNull(assertionDoc);
+
+ // Process the token
+ results = processToken(assertionDoc.getDocumentElement());
+
+ assertTrue(results != null && results.size() == 1);
+ assertion =
+ (SamlAssertionWrapper)results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ assertTrue(assertion != null);
+ assertTrue(assertion.getSaml2() != null && assertion.getSaml1() == null);
+ assertTrue(assertion.isSigned());
+
+ claims = SAMLUtils.getClaims(assertion);
+ assertEquals(1, claims.size());
+ claim = claims.get(0);
+ assertEquals(claim.getClaimType().toString(), role);
+ assertEquals("ordinary-user", claim.getValues().get(0));
+
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
@org.junit.Ignore
public void testIssueJWTToken() throws Exception {
SpringBusFactory bf = new SpringBusFactory();