You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2012/04/13 16:41:48 UTC
svn commit: r1325788 - in /cxf/trunk/services/sts/systests/advanced/src/test:
java/org/apache/cxf/systest/sts/batch/
resources/org/apache/cxf/systest/sts/batch/
Author: coheigea
Date: Fri Apr 13 14:41:48 2012
New Revision: 1325788
URL: http://svn.apache.org/viewvc?rev=1325788&view=rev
Log:
[CXF-4157] - Added a batch validate test to the STS advanced systests
Modified:
cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/BatchRequest.java
cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SAMLBatchUnitTest.java
cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SimpleBatchSTSClient.java
cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/batch/cxf-sts.xml
cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/batch/ws-trust-1.4-service.wsdl
Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/BatchRequest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/BatchRequest.java?rev=1325788&r1=1325787&r2=1325788&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/BatchRequest.java (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/BatchRequest.java Fri Apr 13 14:41:48 2012
@@ -18,46 +18,39 @@
*/
package org.apache.cxf.systest.sts.batch;
-import java.util.List;
+import org.w3c.dom.Element;
public class BatchRequest {
- List<String> tokenTypes;
- List<String> keyTypes;
- String requestType;
- String action;
- List<String> appliesTo;
+ private String tokenType;
+ private String keyType;
+ private String appliesTo;
+ private Element validateTarget;
- public List<String> getTokenTypes() {
- return tokenTypes;
+ public String getTokenType() {
+ return tokenType;
}
- public void setTokenTypes(List<String> tokenTypes) {
- this.tokenTypes = tokenTypes;
+ public void setTokenType(String tokenType) {
+ this.tokenType = tokenType;
}
- public List<String> getKeyTypes() {
- return keyTypes;
+ public String getKeyType() {
+ return keyType;
}
- public void setKeyTypes(List<String> keyTypes) {
- this.keyTypes = keyTypes;
+ public void setKeyType(String keyType) {
+ this.keyType = keyType;
}
- public String getRequestType() {
- return requestType;
- }
- public void setRequestType(String requestType) {
- this.requestType = requestType;
- }
- public String getAction() {
- return action;
- }
- public void setAction(String action) {
- this.action = action;
- }
- public List<String> getAppliesTo() {
+ public String getAppliesTo() {
return appliesTo;
}
- public void setAppliesTo(List<String> appliesTo) {
+ public void setAppliesTo(String appliesTo) {
this.appliesTo = appliesTo;
}
+ public Element getValidateTarget() {
+ return validateTarget;
+ }
+ public void setValidateTarget(Element validateTarget) {
+ this.validateTarget = validateTarget;
+ }
}
Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SAMLBatchUnitTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SAMLBatchUnitTest.java?rev=1325788&r1=1325787&r2=1325788&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SAMLBatchUnitTest.java (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SAMLBatchUnitTest.java Fri Apr 13 14:41:48 2012
@@ -30,12 +30,14 @@ import org.apache.cxf.systest.sts.common
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.trust.STSUtils;
import org.junit.BeforeClass;
import org.opensaml.common.xml.SAMLConstants;
/**
* In this test case, a CXF client requests a number of SAML Tokens from an STS using batch processing.
* It uses a simple STSClient implementation to request both a SAML 1.1 and 2.0 token at the same time.
+ * Batch validation is also tested.
*/
public class SAMLBatchUnitTest extends AbstractBusClientServerTestBase {
@@ -57,7 +59,7 @@ public class SAMLBatchUnitTest extends A
}
@org.junit.Test
- public void testBatchIssueSAMLTokens() throws Exception {
+ public void testBatchSAMLTokens() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
URL busFile = SAMLBatchUnitTest.class.getResource("cxf-client-unit.xml");
@@ -68,42 +70,54 @@ public class SAMLBatchUnitTest extends A
String wsdlLocation =
"https://localhost:" + STSPORT + "/SecurityTokenService/Transport?wsdl";
+ List<BatchRequest> requestList = new ArrayList<BatchRequest>();
BatchRequest request = new BatchRequest();
- List<String> appliesTo = new ArrayList<String>();
- appliesTo.add("https://localhost:8081/doubleit/services/doubleittransportsaml1");
- appliesTo.add("https://localhost:8081/doubleit/services/doubleittransportsaml2");
- request.setAppliesTo(appliesTo);
-
- request.setAction("http://docs.oasis-open.org/ws-sx/ws-trust/200512/BatchIssue");
- request.setRequestType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/BatchIssue");
-
- List<String> tokenTypes = new ArrayList<String>();
- tokenTypes.add("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
- tokenTypes.add("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
- request.setTokenTypes(tokenTypes);
- List<String> keyTypes = new ArrayList<String>();
- keyTypes.add("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer");
- keyTypes.add("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer");
- request.setKeyTypes(keyTypes);
+ request.setAppliesTo("https://localhost:8081/doubleit/services/doubleittransportsaml1");
+ request.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
+ request.setKeyType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer");
+ requestList.add(request);
+
+ request = new BatchRequest();
+ request.setAppliesTo("https://localhost:8081/doubleit/services/doubleittransportsaml2");
+ request.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
+ request.setKeyType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer");
+ requestList.add(request);
+
+ String action = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/BatchIssue";
+ String requestType = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/BatchIssue";
+ String port = "{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port";
// Request the token
- List<SecurityToken> tokens = requestSecurityToken(bus, wsdlLocation, request);
+ List<SecurityToken> tokens =
+ requestSecurityTokens(bus, wsdlLocation, requestList, action, requestType, port);
assertTrue(tokens != null && tokens.size() == 2);
assertTrue(tokens.get(0).getToken().getLocalName().equals("Assertion"));
assertTrue(tokens.get(0).getToken().getNamespaceURI().equals(SAMLConstants.SAML1_NS));
assertTrue(tokens.get(1).getToken().getLocalName().equals("Assertion"));
assertTrue(tokens.get(1).getToken().getNamespaceURI().equals(SAMLConstants.SAML20_NS));
+
+ // Now validate the tokens
+ requestList.get(0).setValidateTarget(tokens.get(0).getToken());
+ requestList.get(0).setTokenType(STSUtils.WST_NS_05_12 + "/RSTR/Status");
+ requestList.get(1).setValidateTarget(tokens.get(1).getToken());
+ requestList.get(1).setTokenType(STSUtils.WST_NS_05_12 + "/RSTR/Status");
+ action = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/BatchValidate";
+ requestType = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/BatchValidate";
+ port = "{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port2";
+
+ validateSecurityTokens(bus, wsdlLocation, requestList, action, requestType, port);
}
- private List<SecurityToken> requestSecurityToken(
- Bus bus, String wsdlLocation, BatchRequest request
+ private List<SecurityToken> requestSecurityTokens(
+ Bus bus, String wsdlLocation, List<BatchRequest> requestList, String action, String requestType,
+ String port
) throws Exception {
SimpleBatchSTSClient stsClient = new SimpleBatchSTSClient(bus);
stsClient.setWsdlLocation(wsdlLocation);
stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
- stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port");
+ stsClient.setEndpointName(port);
Map<String, Object> properties = new HashMap<String, Object>();
properties.put(SecurityConstants.USERNAME, "alice");
@@ -116,12 +130,33 @@ public class SAMLBatchUnitTest extends A
stsClient.setEnableLifetime(true);
stsClient.setProperties(properties);
- stsClient.setRequiresEntropy(true);
- stsClient.setKeySize(128);
stsClient.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
- return stsClient.requestBatchSecurityTokens(request);
+ return stsClient.requestBatchSecurityTokens(requestList, action, requestType);
}
-
+ private List<SecurityToken> validateSecurityTokens(
+ Bus bus, String wsdlLocation, List<BatchRequest> requestList, String action, String requestType,
+ String port
+ ) throws Exception {
+ SimpleBatchSTSClient stsClient = new SimpleBatchSTSClient(bus);
+ stsClient.setWsdlLocation(wsdlLocation);
+ stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
+ stsClient.setEndpointName(port);
+
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put(SecurityConstants.USERNAME, "alice");
+ properties.put(
+ SecurityConstants.CALLBACK_HANDLER,
+ "org.apache.cxf.systest.sts.common.CommonCallbackHandler"
+ );
+ properties.put(SecurityConstants.STS_TOKEN_PROPERTIES, "serviceKeystore.properties");
+
+ stsClient.setProperties(properties);
+ stsClient.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
+
+ return stsClient.validateBatchSecurityTokens(requestList, action, requestType);
+ }
+
+
}
Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SimpleBatchSTSClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SimpleBatchSTSClient.java?rev=1325788&r1=1325787&r2=1325788&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SimpleBatchSTSClient.java (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SimpleBatchSTSClient.java Fri Apr 13 14:41:48 2012
@@ -526,32 +526,33 @@ public class SimpleBatchSTSClient implem
return null;
}
- public List<SecurityToken> requestBatchSecurityTokens(BatchRequest batchRequest) throws Exception {
+ public List<SecurityToken> requestBatchSecurityTokens(
+ List<BatchRequest> batchRequestList, String action, String requestType
+ ) throws Exception {
createClient();
BindingOperationInfo boi = findOperation("/RST/RequestCollection");
client.getRequestContext().putAll(ctx);
- client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, batchRequest.getAction());
+ client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, action);
W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
writer.writeStartElement("wst", "RequestSecurityTokenCollection", namespace);
writer.writeNamespace("wst", namespace);
- List<String> tokenTypes = batchRequest.getTokenTypes();
- for (int i = 0; i < tokenTypes.size(); i++) {
+ for (BatchRequest batchRequest : batchRequestList) {
writer.writeStartElement("wst", "RequestSecurityToken", namespace);
writer.writeNamespace("wst", namespace);
- addRequestType(batchRequest.getRequestType(), writer);
+ addRequestType(requestType, writer);
if (enableAppliesTo) {
- addAppliesTo(writer, batchRequest.getAppliesTo().get(i));
+ addAppliesTo(writer, batchRequest.getAppliesTo());
}
- writeKeyType(writer, batchRequest.getKeyTypes().get(i));
+ writeKeyType(writer, batchRequest.getKeyType());
addLifetime(writer);
- addTokenType(writer, tokenTypes.get(i));
+ addTokenType(writer, batchRequest.getTokenType());
writer.writeEndElement();
}
@@ -574,6 +575,75 @@ public class SimpleBatchSTSClient implem
return tokens;
}
+
+ protected List<SecurityToken> validateBatchSecurityTokens(
+ List<BatchRequest> batchRequestList, String action, String requestType
+ ) throws Exception {
+ createClient();
+ BindingOperationInfo boi = findOperation("/RST/RequestCollection");
+
+ client.getRequestContext().putAll(ctx);
+ client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, action);
+
+ W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
+ writer.writeStartElement("wst", "RequestSecurityTokenCollection", namespace);
+ writer.writeNamespace("wst", namespace);
+
+ for (BatchRequest batchRequest : batchRequestList) {
+ writer.writeStartElement("wst", "RequestSecurityToken", namespace);
+ writer.writeNamespace("wst", namespace);
+
+ addRequestType(requestType, writer);
+
+ addTokenType(writer, batchRequest.getTokenType());
+
+ writer.writeStartElement("wst", "ValidateTarget", namespace);
+
+ Element el = batchRequest.getValidateTarget();
+ StaxUtils.copy(el, writer);
+
+ writer.writeEndElement();
+
+ writer.writeEndElement();
+ }
+ writer.writeEndElement();
+
+ Object obj[] = client.invoke(boi, new DOMSource(writer.getDocument().getDocumentElement()));
+
+ Element responseCollection = getDocumentElement((DOMSource)obj[0]);
+ Node child = responseCollection.getFirstChild();
+ List<SecurityToken> tokens = new ArrayList<SecurityToken>();
+ while (child != null) {
+ if (child instanceof Element
+ && "RequestSecurityTokenResponse".equals(((Element)child).getLocalName())) {
+ Element rstrChild = DOMUtils.getFirstElement((Element)child);
+ while (rstrChild != null) {
+ if ("Status".equals(rstrChild.getLocalName())) {
+ Element e2 =
+ DOMUtils.getFirstChildWithName(rstrChild, rstrChild.getNamespaceURI(), "Code");
+ String s = DOMUtils.getContent(e2);
+ if (!s.endsWith("/status/valid")) {
+ throw new TrustException(LOG, "VALIDATION_FAILED");
+ }
+
+ } else if ("RequestedSecurityToken".equals(rstrChild.getLocalName())) {
+ Element requestedSecurityTokenElement = DOMUtils.getFirstElement(rstrChild);
+ String id = findID(null, null, requestedSecurityTokenElement);
+ if (StringUtils.isEmpty(id)) {
+ throw new TrustException("NO_ID", LOG);
+ }
+ SecurityToken requestedSecurityToken = new SecurityToken(id);
+ requestedSecurityToken.setToken(requestedSecurityTokenElement);
+ tokens.add(requestedSecurityToken);
+ }
+ rstrChild = DOMUtils.getNextElement(rstrChild);
+ }
+ }
+ child = child.getNextSibling();
+ }
+
+ return tokens;
+ }
protected byte[] writeElementsForRSTSymmetricKey(W3CDOMStreamWriter writer,
boolean wroteKeySize) throws Exception {
Modified: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/batch/cxf-sts.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/batch/cxf-sts.xml?rev=1325788&r1=1325787&r2=1325788&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/batch/cxf-sts.xml (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/batch/cxf-sts.xml Fri Apr 13 14:41:48 2012
@@ -153,6 +153,14 @@
depends-on="ClientAuthHttpsSettings" serviceName="ns1:SecurityTokenService"
endpointName="ns1:Transport_Port">
</jaxws:endpoint>
+
+ <jaxws:endpoint id="localSTS2" implementor="#transportSTSProviderBean"
+ address="https://localhost:${testutil.ports.STSServer}/SecurityTokenService/Transport2"
+ wsdlLocation="src/test/resources/org/apache/cxf/systest/sts/batch/ws-trust-1.4-service.wsdl"
+ xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ depends-on="ClientAuthHttpsSettings" serviceName="ns1:SecurityTokenService"
+ endpointName="ns1:Transport_Port2">
+ </jaxws:endpoint>
<httpj:engine-factory id="ClientAuthHttpsSettings"
bus="cxf">
Modified: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/batch/ws-trust-1.4-service.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/batch/ws-trust-1.4-service.wsdl?rev=1325788&r1=1325787&r2=1325788&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/batch/ws-trust-1.4-service.wsdl (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/batch/ws-trust-1.4-service.wsdl Fri Apr 13 14:41:48 2012
@@ -179,12 +179,99 @@
<soap:body use="literal" />
</wsdl:output>
</wsdl:operation>
+ <wsdl:operation name="RequestCollection">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/BatchValidate" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
+
+ <wsdl:binding name="Transport_Binding_2" type="wstrust:STS">
+ <wsp:PolicyReference URI="#Transport_policy" />
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http" />
+ <wsdl:operation name="Issue">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" />
+ <wsdl:input>
+ <wsp:PolicyReference
+ URI="#Input_policy" />
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <wsp:PolicyReference
+ URI="#Output_policy" />
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Validate">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate" />
+ <wsdl:input>
+ <wsp:PolicyReference
+ URI="#Input_policy" />
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <wsp:PolicyReference
+ URI="#Output_policy" />
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Cancel">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Renew">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="KeyExchangeToken">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="RequestCollection">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/BatchValidate" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
</wsdl:binding>
<wsdl:service name="SecurityTokenService">
<wsdl:port name="Transport_Port" binding="tns:Transport_Binding">
<soap:address location="https://localhost:8084/SecurityTokenService/Transport" />
</wsdl:port>
+ <wsdl:port name="Transport_Port2" binding="tns:Transport_Binding_2">
+ <soap:address location="https://localhost:8084/SecurityTokenService/Transport2" />
+ </wsdl:port>
</wsdl:service>
<wsp:Policy wsu:Id="Transport_policy">