You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2014/12/03 12:41:56 UTC
[2/2] cxf git commit: Some more kerberos stuff
Some more kerberos stuff
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/892913e7
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/892913e7
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/892913e7
Branch: refs/heads/3.0.x-fixes
Commit: 892913e71e5bed58419c953ca551a3d13bd7b22d
Parents: 1314a59
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Dec 3 11:34:50 2014 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Dec 3 11:36:07 2014 +0000
----------------------------------------------------------------------
services/sts/systests/advanced/pom.xml | 6 -
.../systest/sts/kerberos/KerberosTokenTest.java | 137 -------------------
.../cxf/systest/sts/kerberos/cxf-client.xml | 67 ---------
.../wssec/kerberos/KerberosTokenTest.java | 8 +-
.../kerberos/wssec/spnego/SpnegoTokenTest.java | 6 +-
5 files changed, 7 insertions(+), 217 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/892913e7/services/sts/systests/advanced/pom.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/pom.xml b/services/sts/systests/advanced/pom.xml
index 446c21f..8af3813 100644
--- a/services/sts/systests/advanced/pom.xml
+++ b/services/sts/systests/advanced/pom.xml
@@ -90,12 +90,6 @@
<scope>test</scope>
</dependency>
<dependency>
- <groupId>org.apache.directory.server</groupId>
- <artifactId>apacheds-kerberos-shared</artifactId>
- <version>1.5.7</version>
- <scope>test</scope>
- </dependency>
- <dependency>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-rt-databinding-jaxb</artifactId>
<version>${project.version}</version>
http://git-wip-us.apache.org/repos/asf/cxf/blob/892913e7/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/KerberosTokenTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/KerberosTokenTest.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/KerberosTokenTest.java
deleted file mode 100644
index 2227056..0000000
--- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/KerberosTokenTest.java
+++ /dev/null
@@ -1,137 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.systest.sts.kerberos;
-
-import java.net.URL;
-import java.util.Arrays;
-import java.util.Collection;
-
-import javax.xml.namespace.QName;
-import javax.xml.ws.BindingProvider;
-import javax.xml.ws.Service;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.bus.spring.SpringBusFactory;
-import org.apache.cxf.systest.sts.common.SecurityTestUtil;
-import org.apache.cxf.systest.sts.common.TestParam;
-import org.apache.cxf.systest.sts.common.TokenTestUtils;
-import org.apache.cxf.systest.sts.deployment.STSServer;
-import org.apache.cxf.systest.sts.deployment.StaxSTSServer;
-import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
-import org.example.contract.doubleit.DoubleItPortType;
-import org.junit.BeforeClass;
-import org.junit.runner.RunWith;
-import org.junit.runners.Parameterized.Parameters;
-
-/**
- * In this test, a CXF client requests a SAML2 HOK Assertion from the STS, which has a policy of requiring
- * a KerberosToken over the TransportBinding. The CXF client retrieves a service ticket from the KDC and
- * inserts it into the security header of the request. The STS validates the ticket using the
- * KerberosTokenValidator.
- *
- * The tests are @Ignored by default, as a KDC is needed. To replicate the test scenario, set up a KDC with
- * user principal "alice" (keytab in "/etc/alice.keytab"), and host service "bob@service.ws.apache.org"
- * (keytab in "/etc/bob.keytab").
- */
-@RunWith(value = org.junit.runners.Parameterized.class)
-@org.junit.Ignore
-public class KerberosTokenTest extends AbstractBusClientServerTestBase {
-
- static final String STSPORT = allocatePort(STSServer.class);
- static final String STAX_STSPORT = allocatePort(StaxSTSServer.class);
-
- private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
- private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
-
- private static final String PORT = allocatePort(Server.class);
-
- final TestParam test;
-
- public KerberosTokenTest(TestParam type) {
- this.test = type;
- }
-
- @BeforeClass
- public static void startServers() throws Exception {
- assertTrue(
- "Server failed to launch",
- // run the server in the same process
- // set this to false to fork
- launchServer(Server.class, true)
- );
- assertTrue(
- "Server failed to launch",
- // run the server in the same process
- // set this to false to fork
- launchServer(STSServer.class, true)
- );
- assertTrue(
- "Server failed to launch",
- // run the server in the same process
- // set this to false to fork
- launchServer(StaxSTSServer.class, true)
- );
- }
-
- @Parameters(name = "{0}")
- public static Collection<TestParam[]> data() {
-
- return Arrays.asList(new TestParam[][] {{new TestParam(PORT, false, STSPORT)},
- {new TestParam(PORT, true, STSPORT)},
- {new TestParam(PORT, false, STAX_STSPORT)},
- {new TestParam(PORT, true, STAX_STSPORT)},
- });
- }
-
- @org.junit.AfterClass
- public static void cleanup() throws Exception {
- SecurityTestUtil.cleanup();
- stopAllServers();
- }
-
- @org.junit.Test
- public void testKerberosToken() throws Exception {
-
- SpringBusFactory bf = new SpringBusFactory();
- URL busFile = KerberosTokenTest.class.getResource("cxf-client.xml");
-
- Bus bus = bf.createBus(busFile.toString());
- SpringBusFactory.setDefaultBus(bus);
- SpringBusFactory.setThreadDefaultBus(bus);
-
- URL wsdl = KerberosTokenTest.class.getResource("DoubleIt.wsdl");
- Service service = Service.create(wsdl, SERVICE_QNAME);
- QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2Port");
- DoubleItPortType transportSaml2Port =
- service.getPort(portQName, DoubleItPortType.class);
- updateAddressPort(transportSaml2Port, test.getPort());
-
- TokenTestUtils.updateSTSPort((BindingProvider)transportSaml2Port, test.getStsPort());
-
- doubleIt(transportSaml2Port, 25);
-
- ((java.io.Closeable)transportSaml2Port).close();
- bus.shutdown(true);
- }
-
- private static void doubleIt(DoubleItPortType port, int numToDouble) {
- int resp = port.doubleIt(numToDouble);
- assertEquals(numToDouble * 2 , resp);
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/892913e7/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/kerberos/cxf-client.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/kerberos/cxf-client.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/kerberos/cxf-client.xml
deleted file mode 100644
index f56e41c..0000000
--- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/kerberos/cxf-client.xml
+++ /dev/null
@@ -1,67 +0,0 @@
-<?xml version="1.0"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:cxf="http://cxf.apache.org/core" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:sec="http://cxf.apache.org/configuration/security" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
- <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
- <cxf:bus>
- <cxf:features>
- <cxf:logging/>
- </cxf:features>
- </cxf:bus>
- <bean class="org.apache.cxf.ws.security.kerberos.KerberosClient" id="kerberosClient">
- <constructor-arg ref="cxf"/>
- <property name="contextName" value="alice"/>
- <property name="serviceName" value="bob@service.ws.apache.org"/>
- </bean>
- <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2Port" createdFromAPI="true">
- <jaxws:properties>
- <entry key="ws-security.username" value="myclientkey"/>
- <entry key="ws-security.signature.properties" value="clientKeystore.properties"/>
- <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
- <entry key="ws-security.sts.client">
- <bean class="org.apache.cxf.ws.security.trust.STSClient">
- <constructor-arg ref="cxf"/>
- <property name="wsdlLocation" value="https://localhost:${testutil.ports.STSServer}/SecurityTokenService/Kerberos?wsdl"/>
- <property name="serviceName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"/>
- <property name="endpointName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Kerberos_Port"/>
- <property name="properties">
- <map>
- <entry key="ws-security.username" value="alice"/>
- <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
- <entry key="ws-security.sts.token.username" value="myclientkey"/>
- <entry key="ws-security.sts.token.properties" value="clientKeystore.properties"/>
- <entry key="ws-security.sts.token.usecert" value="true"/>
- <entry key="ws-security.kerberos.client" value-ref="kerberosClient"/>
- </map>
- </property>
- </bean>
- </entry>
- </jaxws:properties>
- </jaxws:client>
- <http:conduit name="https://localhost:.*">
- <http:tlsClientParameters disableCNCheck="true">
- <sec:trustManagers>
- <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
- </sec:trustManagers>
- <sec:keyManagers keyPassword="skpass">
- <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
- </sec:keyManagers>
- </http:tlsClientParameters>
- </http:conduit>
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/892913e7/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/kerberos/KerberosTokenTest.java
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/kerberos/KerberosTokenTest.java b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/kerberos/KerberosTokenTest.java
index f9b8468..ccac694 100644
--- a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/kerberos/KerberosTokenTest.java
+++ b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/kerberos/KerberosTokenTest.java
@@ -48,6 +48,7 @@ import org.apache.directory.server.core.integ.FrameworkRunner;
import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
import org.apache.wss4j.dom.WSSConfig;
import org.example.contract.doubleit.DoubleItPortType;
+import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.runner.RunWith;
@@ -133,7 +134,6 @@ public class KerberosTokenTest extends AbstractLdapTestUnit {
outputStream.close();
System.setProperty("java.security.krb5.conf", f2.getPath());
- System.setProperty("sun.security.krb5.debug", "false");
}
@BeforeClass
@@ -153,7 +153,7 @@ public class KerberosTokenTest extends AbstractLdapTestUnit {
basedir += "/..";
}
- System.setProperty("sun.security.krb5.debug", "true");
+ // System.setProperty("sun.security.krb5.debug", "true");
System.setProperty("java.security.auth.login.config",
basedir + "/kerberos/src/test/resources/kerberos.jaas");
@@ -449,7 +449,7 @@ public class KerberosTokenTest extends AbstractLdapTestUnit {
SecurityTestUtil.enableStreaming(kerberosPort);
}
- kerberosPort.doubleIt(25);
+ Assert.assertEquals(50, kerberosPort.doubleIt(25));
((java.io.Closeable)kerberosPort).close();
bus.shutdown(true);
@@ -479,7 +479,7 @@ public class KerberosTokenTest extends AbstractLdapTestUnit {
SecurityTestUtil.enableStreaming(kerberosPort);
}
- kerberosPort.doubleIt(25);
+ Assert.assertEquals(50, kerberosPort.doubleIt(25));
((java.io.Closeable)kerberosPort).close();
bus.shutdown(true);
http://git-wip-us.apache.org/repos/asf/cxf/blob/892913e7/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/SpnegoTokenTest.java
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/SpnegoTokenTest.java b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/SpnegoTokenTest.java
index 37394eb..6003d40 100644
--- a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/SpnegoTokenTest.java
+++ b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/SpnegoTokenTest.java
@@ -45,6 +45,7 @@ import org.apache.directory.server.core.integ.FrameworkRunner;
import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
import org.apache.wss4j.dom.WSSConfig;
import org.example.contract.doubleit.DoubleItPortType;
+import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.runner.RunWith;
@@ -126,7 +127,6 @@ public class SpnegoTokenTest extends AbstractLdapTestUnit {
outputStream.close();
System.setProperty("java.security.krb5.conf", f2.getPath());
- System.setProperty("sun.security.krb5.debug", "false");
}
@BeforeClass
@@ -145,7 +145,7 @@ public class SpnegoTokenTest extends AbstractLdapTestUnit {
basedir += "/..";
}
- System.setProperty("sun.security.krb5.debug", "true");
+ // System.setProperty("sun.security.krb5.debug", "true");
System.setProperty("java.security.auth.login.config",
basedir + "/kerberos/src/test/resources/kerberos.jaas");
@@ -261,7 +261,7 @@ public class SpnegoTokenTest extends AbstractLdapTestUnit {
SecurityTestUtil.enableStreaming(kerberosPort);
}
- kerberosPort.doubleIt(25);
+ Assert.assertEquals(50, kerberosPort.doubleIt(25));
((java.io.Closeable)kerberosPort).close();
bus.shutdown(true);