You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/01/30 15:01:35 UTC
cxf-fediz git commit: Adding RP custom parameter test
Repository: cxf-fediz
Updated Branches:
refs/heads/master d049d7a21 -> cc1ef7617
Adding RP custom parameter test
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/cc1ef761
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/cc1ef761
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/cc1ef761
Branch: refs/heads/master
Commit: cc1ef761710478965b30beb9fa8fa684adc28dbb
Parents: d049d7a
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Jan 30 15:01:20 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Jan 30 15:01:20 2017 +0000
----------------------------------------------------------------------
systests/custom/pom.xml | 24 ++++++
.../systests/custom/CustomParametersTest.java | 83 ++++++++++++++++++--
.../custom/SignInQueryCallbackHandler.java | 48 +++++++++++
.../custom/src/test/resources/fediz_config.xml | 62 +++++++++++++++
4 files changed, 210 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cc1ef761/systests/custom/pom.xml
----------------------------------------------------------------------
diff --git a/systests/custom/pom.xml b/systests/custom/pom.xml
index 82ffd18..d47b4d0 100644
--- a/systests/custom/pom.xml
+++ b/systests/custom/pom.xml
@@ -110,6 +110,22 @@
</dependency>
</dependencies>
<build>
+ <testResources>
+ <testResource>
+ <directory>src/test/resources</directory>
+ <filtering>true</filtering>
+ <includes>
+ <include>**/fediz_config*.xml</include>
+ </includes>
+ </testResource>
+ <testResource>
+ <directory>src/test/resources</directory>
+ <filtering>false</filtering>
+ <excludes>
+ <exclude>**/fediz_config*.xml</exclude>
+ </excludes>
+ </testResource>
+ </testResources>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
@@ -159,6 +175,14 @@
<outputDirectory>target/tomcat/idp/webapps/fediz-idp-sts</outputDirectory>
</artifactItem>
<artifactItem>
+ <groupId>org.apache.cxf.fediz.systests.webapps</groupId>
+ <artifactId>fediz-systests-webapps-simple</artifactId>
+ <version>${project.version}</version>
+ <type>war</type>
+ <overWrite>true</overWrite>
+ <outputDirectory>target/tomcat/rp/webapps/simpleWebapp</outputDirectory>
+ </artifactItem>
+ <artifactItem>
<groupId>org.apache.cxf.fediz.systests</groupId>
<artifactId>fediz-systests-tests</artifactId>
<version>${project.version}</version>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cc1ef761/systests/custom/src/test/java/org/apache/cxf/fediz/systests/custom/CustomParametersTest.java
----------------------------------------------------------------------
diff --git a/systests/custom/src/test/java/org/apache/cxf/fediz/systests/custom/CustomParametersTest.java b/systests/custom/src/test/java/org/apache/cxf/fediz/systests/custom/CustomParametersTest.java
index 9a33dc7..4e22c65 100644
--- a/systests/custom/src/test/java/org/apache/cxf/fediz/systests/custom/CustomParametersTest.java
+++ b/systests/custom/src/test/java/org/apache/cxf/fediz/systests/custom/CustomParametersTest.java
@@ -20,6 +20,8 @@
package org.apache.cxf.fediz.systests.custom;
import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
import java.io.IOException;
import java.net.URLEncoder;
@@ -31,10 +33,15 @@ import com.gargoylesoftware.htmlunit.html.DomElement;
import com.gargoylesoftware.htmlunit.html.DomNodeList;
import com.gargoylesoftware.htmlunit.html.HtmlPage;
+import org.apache.catalina.Context;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.LifecycleState;
import org.apache.catalina.connector.Connector;
import org.apache.catalina.startup.Tomcat;
+import org.apache.commons.io.IOUtils;
+import org.apache.cxf.fediz.core.ClaimTypes;
+import org.apache.cxf.fediz.integrationtests.HTTPTestUtils;
+import org.apache.cxf.fediz.tomcat7.FederationAuthenticator;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.wss4j.dom.engine.WSSConfig;
@@ -51,6 +58,7 @@ public class CustomParametersTest {
static String rpHttpsPort;
private static Tomcat idpServer;
+ private static Tomcat rpServer;
@BeforeClass
public static void init() throws Exception {
@@ -69,6 +77,7 @@ public class CustomParametersTest {
Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
idpServer = startServer(true, idpHttpsPort);
+ rpServer = startServer(false, rpHttpsPort);
WSSConfig.init();
}
@@ -81,7 +90,11 @@ public class CustomParametersTest {
String baseDir = currentDir + File.separator + "target";
server.setBaseDir(baseDir);
- server.getHost().setAppBase("tomcat/idp/webapps");
+ if (idp) {
+ server.getHost().setAppBase("tomcat/idp/webapps");
+ } else {
+ server.getHost().setAppBase("tomcat/rp/webapps");
+ }
server.getHost().setAutoDeploy(true);
server.getHost().setDeployOnStartup(true);
@@ -100,12 +113,37 @@ public class CustomParametersTest {
httpsConnector.setAttribute("SSLEnabled", true);
server.getService().addConnector(httpsConnector);
-
- File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
- server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
-
- File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
- server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
+
+ if (idp) {
+ File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
+ server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
+
+ File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
+ server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
+ } else {
+ File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
+ Context cxt = server.addWebapp("/fedizhelloworld", rpWebapp.getAbsolutePath());
+
+ // Substitute the IDP port. Necessary if running the test in eclipse where port filtering doesn't seem
+ // to work
+ File f = new File(currentDir + "/src/test/resources/fediz_config.xml");
+ FileInputStream inputStream = new FileInputStream(f);
+ String content = IOUtils.toString(inputStream, "UTF-8");
+ inputStream.close();
+ if (content.contains("idp.https.port")) {
+ content = content.replaceAll("\\$\\{idp.https.port\\}", "" + idpHttpsPort);
+
+ File f2 = new File(baseDir + "/test-classes/fediz_config.xml");
+ try (FileOutputStream outputStream = new FileOutputStream(f2)) {
+ IOUtils.write(content, outputStream, "UTF-8");
+ }
+ }
+
+ FederationAuthenticator fa = new FederationAuthenticator();
+ fa.setConfigFile(currentDir + File.separator + "target" + File.separator
+ + "test-classes" + File.separator + "fediz_config.xml");
+ cxt.getPipeline().addValve(fa);
+ }
server.start();
@@ -115,6 +153,7 @@ public class CustomParametersTest {
@AfterClass
public static void cleanup() {
shutdownServer(idpServer);
+ shutdownServer(rpServer);
}
private static void shutdownServer(Tomcat server) {
@@ -205,4 +244,34 @@ public class CustomParametersTest {
webClient.close();
}
+
+ @org.junit.Test
+ public void testCustomParameterViaRP() throws Exception {
+ String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
+ String user = "alice";
+ String password = "ecila";
+
+ final String bodyTextContent = HTTPTestUtils.login(url, user, password, getIdpHttpsPort());
+
+ Assert.assertTrue("Principal not " + user,
+ bodyTextContent.contains("userPrincipal=" + user));
+ Assert.assertTrue("User " + user + " does not have role Admin",
+ bodyTextContent.contains("role:Admin=false"));
+ Assert.assertTrue("User " + user + " does not have role Manager",
+ bodyTextContent.contains("role:Manager=false"));
+ Assert.assertTrue("User " + user + " must have role User",
+ bodyTextContent.contains("role:User=true"));
+
+ String claim = ClaimTypes.FIRSTNAME.toString();
+ Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'",
+ bodyTextContent.contains(claim + "=Alice"));
+ claim = ClaimTypes.LASTNAME.toString();
+ Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'",
+ bodyTextContent.contains(claim + "=Smith"));
+ claim = ClaimTypes.EMAILADDRESS.toString();
+ Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
+ bodyTextContent.contains(claim + "=alice@realma.org"));
+
+ }
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cc1ef761/systests/custom/src/test/java/org/apache/cxf/fediz/systests/custom/SignInQueryCallbackHandler.java
----------------------------------------------------------------------
diff --git a/systests/custom/src/test/java/org/apache/cxf/fediz/systests/custom/SignInQueryCallbackHandler.java b/systests/custom/src/test/java/org/apache/cxf/fediz/systests/custom/SignInQueryCallbackHandler.java
new file mode 100644
index 0000000..81bc296
--- /dev/null
+++ b/systests/custom/src/test/java/org/apache/cxf/fediz/systests/custom/SignInQueryCallbackHandler.java
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.systests.custom;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.cxf.fediz.core.spi.SignInQueryCallback;
+
+public class SignInQueryCallbackHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ if (callbacks[i] instanceof SignInQueryCallback) {
+ SignInQueryCallback callback = (SignInQueryCallback) callbacks[i];
+ Map<String, String> signInQueries = new HashMap<>();
+ signInQueries.put("auth_realm",
+ "<realm xmlns=\"http://cxf.apache.org/custom\">custom-realm</realm>");
+ callback.setSignInQueryParamMap(signInQueries);
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
+ }
+ }
+ }
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cc1ef761/systests/custom/src/test/resources/fediz_config.xml
----------------------------------------------------------------------
diff --git a/systests/custom/src/test/resources/fediz_config.xml b/systests/custom/src/test/resources/fediz_config.xml
new file mode 100644
index 0000000..ae1aa3b
--- /dev/null
+++ b/systests/custom/src/test/resources/fediz_config.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<!-- Place in Tomcat conf folder or other location as designated in this sample's webapp/META-INF/context.xml file.
+ Keystore referenced below must have IDP STS' public cert included in it. This example re-uses the Tomcat SSL
+ keystore (tomcat-rp.jks) for this task; alternatively you may wish to use a Fediz-specific keystore instead.
+-->
+<FedizConfig>
+ <contextConfig name="/fedizhelloworld">
+ <audienceUris>
+ <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
+ </audienceUris>
+ <certificateStores>
+ <trustManager>
+ <keyStore file="test-classes/clienttrust.jks"
+ password="storepass" type="JKS" />
+ </trustManager>
+ </certificateStores>
+ <trustedIssuers>
+ <issuer certificateValidation="PeerTrust" />
+ </trustedIssuers>
+ <maximumClockSkew>1000</maximumClockSkew>
+ <signingKey keyAlias="mytomidpkey" keyPassword="tompass">
+ <keyStore file="test-classes/server.jks" password="tompass" type="JKS" />
+ </signingKey>
+ <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:type="federationProtocolType" version="1.0.0">
+ <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
+ <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
+ <roleDelimiter>,</roleDelimiter>
+ <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+ <freshness>10</freshness>
+ <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-A</homeRealm>
+ <signInQuery type="Class">org.apache.cxf.fediz.systests.custom.SignInQueryCallbackHandler</signInQuery>
+ <claimTypesRequested>
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" optional="false" />
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" optional="true" />
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" optional="true" />
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" optional="true" />
+ </claimTypesRequested>
+ </protocol>
+ <logoutURL>/secure/logout</logoutURL>
+ <logoutRedirectTo>/index.html</logoutRedirectTo>
+ </contextConfig>
+</FedizConfig>
+