You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2019/01/21 16:00:23 UTC
[cxf] branch 3.2.x-fixes updated: Adding an Ignore'd test for
WSS-640
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/3.2.x-fixes by this push:
new adc5b7d Adding an Ignore'd test for WSS-640
adc5b7d is described below
commit adc5b7d3ed71a70d44700c6d59a54f0e9139ab8c
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Mon Jan 21 15:51:28 2019 +0000
Adding an Ignore'd test for WSS-640
(cherry picked from commit aafc2b8ebce7143a0b19591404b5db29224f4595)
---
.../apache/cxf/systest/ws/saml/SamlTokenTest.java | 53 ++++++++++++++++++++++
.../apache/cxf/systest/ws/saml/DoubleItSaml.wsdl | 23 +++++++++-
.../org/apache/cxf/systest/ws/saml/client.xml | 6 +++
.../org/apache/cxf/systest/ws/saml/server.xml | 7 +++
.../org/apache/cxf/systest/ws/saml/stax-server.xml | 9 ++++
5 files changed, 97 insertions(+), 1 deletion(-)
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
index 7ff4718..d7a9558 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
@@ -358,6 +358,59 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase {
bus.shutdown(true);
}
+ // Re-enable once we pick up WSS4J 2.2.3 (https://issues.apache.org/jira/browse/WSS-640)
+ @org.junit.Test
+ @org.junit.Ignore
+ public void testSaml2OverSymmetricSoap12() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SamlTokenTest.class.getResource("client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ BusFactory.setDefaultBus(bus);
+ BusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSaml2SymmetricSoap12Port");
+ DoubleItPortType saml2Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(saml2Port, test.getPort());
+
+ if (test.isStreaming()) {
+ SecurityTestUtil.enableStreaming(saml2Port);
+ }
+
+ try {
+ saml2Port.doubleIt(25);
+ fail("Expected failure on an invocation with no SAML Assertion");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ assertTrue(ex.getMessage().contains("No SAML CallbackHandler available"));
+ }
+
+ ((BindingProvider)saml2Port).getRequestContext().put(
+ SecurityConstants.SAML_CALLBACK_HANDLER, new SamlCallbackHandler(false)
+ );
+ try {
+ saml2Port.doubleIt(25);
+ fail("Expected failure on an invocation with a SAML1 Assertion");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ assertTrue(ex.getMessage().contains("Wrong SAML Version")
+ || ex.getMessage().contains("enforces SamlVersion20Profile11 but we got 1.1"));
+ }
+
+ SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler();
+ samlCallbackHandler.setSignAssertion(true);
+ ((BindingProvider)saml2Port).getRequestContext().put(
+ SecurityConstants.SAML_CALLBACK_HANDLER, samlCallbackHandler
+ );
+ int result = saml2Port.doubleIt(25);
+ assertTrue(result == 50);
+
+ ((java.io.Closeable)saml2Port).close();
+ bus.shutdown(true);
+ }
+
// Some negative tests. Send a sender-vouches assertion as a SupportingToken...this will
// fail as the provider will demand that there is a signature covering both the assertion
// and the message body.
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl
index 706f8a07..ab1cf08 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl
@@ -17,7 +17,7 @@
specific language governing permissions and limitations
under the License.
-->
-<wsdl:definitions xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="http://www.example.org/contract/DoubleIt" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsaws="http://www.w3.org/2005/08/addressing" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" xmlns:saml2="urn:oasi [...]
+<wsdl:definitions xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:tns="http://www.example.org/contract/DoubleIt" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsaws="http://www.w3.org/2005/08/addressing" xmlns:sp="http://docs.oasis-open.or [...]
<wsdl:import location="src/test/resources/DoubleItLogical.wsdl" namespace="http://www.example.org/contract/DoubleIt"/>
<wsdl:binding name="DoubleItSaml1TransportBinding" type="tns:DoubleItPortType">
<wsp:PolicyReference URI="#DoubleItSaml1TransportPolicy"/>
@@ -143,6 +143,24 @@
</wsdl:fault>
</wsdl:operation>
</wsdl:binding>
+ <wsdl:binding name="DoubleItSaml2SymmetricSoap12Binding" type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItSaml2SymmetricPolicy"/>
+ <soap12:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+ <wsdl:operation name="DoubleIt">
+ <soap12:operation soapAction=""/>
+ <wsdl:input>
+ <soap12:body use="literal"/>
+ <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap12:body use="literal"/>
+ <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+ </wsdl:output>
+ <wsdl:fault name="DoubleItFault">
+ <soap12:body use="literal" name="DoubleItFault"/>
+ </wsdl:fault>
+ </wsdl:operation>
+ </wsdl:binding>
<wsdl:binding name="DoubleItSaml2SymmetricSupportingBinding" type="tns:DoubleItPortType">
<wsp:PolicyReference URI="#DoubleItSaml2SymmetricSupportingPolicy"/>
<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
@@ -349,6 +367,9 @@
<wsdl:port name="DoubleItSaml2SymmetricPort" binding="tns:DoubleItSaml2SymmetricBinding">
<soap:address location="http://localhost:9001/DoubleItSaml2Symmetric"/>
</wsdl:port>
+ <wsdl:port name="DoubleItSaml2SymmetricSoap12Port" binding="tns:DoubleItSaml2SymmetricSoap12Binding">
+ <soap:address location="http://localhost:9001/DoubleItSaml2SymmetricSoap12"/>
+ </wsdl:port>
<wsdl:port name="DoubleItSaml2SymmetricSupportingPort" binding="tns:DoubleItSaml2SymmetricSupportingBinding">
<soap:address location="http://localhost:9001/DoubleItSaml2Symmetric"/>
</wsdl:port>
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client.xml
index d418c92..1357dd4 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client.xml
@@ -48,6 +48,12 @@
<entry key="security.encryption.username" value="bob"/>
</jaxws:properties>
</jaxws:client>
+ <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSaml2SymmetricSoap12Port" createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="security.encryption.properties" value="bob.properties"/>
+ <entry key="security.encryption.username" value="bob"/>
+ </jaxws:properties>
+ </jaxws:client>
<jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSaml2SymmetricSupportingPort" createdFromAPI="true">
<jaxws:properties>
<entry key="security.encryption.properties" value="bob.properties"/>
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml
index 401f5a7..bf5cae6 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml
@@ -69,6 +69,13 @@
<entry key="ws-security.saml2.validator" value="org.apache.cxf.systest.ws.saml.CustomSaml2Validator"/>
</jaxws:properties>
</jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverSymmetricSoap12" address="http://localhost:${testutil.ports.saml.Server}/DoubleItSaml2SymmetricSoap12" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2SymmetricSoap12Port" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
+ <jaxws:properties>
+ <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+ <entry key="security.signature.properties" value="bob.properties"/>
+ <entry key="ws-security.saml2.validator" value="org.apache.cxf.systest.ws.saml.CustomSaml2Validator"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
<jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverAsymmetric" address="http://localhost:${testutil.ports.saml.Server}/DoubleItSaml2Asymmetric" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2AsymmetricPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
<jaxws:properties>
<entry key="security.username" value="bob"/>
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml
index 040a14f..09e4cec 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml
@@ -74,6 +74,15 @@
<entry key="ws-security.enable.streaming" value="true"/>
</jaxws:properties>
</jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverSymmetricSoap12" address="http://localhost:${testutil.ports.saml.StaxServer}/DoubleItSaml2SymmetricSoap12" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2SymmetricSoap12Port" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
+ <jaxws:properties>
+ <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+ <entry key="security.signature.properties" value="bob.properties"/>
+ <!--<entry key="ws-security.saml2.validator"
+ value="org.apache.cxf.systest.ws.saml.CustomSaml2Validator"/>-->
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
<jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverAsymmetric" address="http://localhost:${testutil.ports.saml.StaxServer}/DoubleItSaml2Asymmetric" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2AsymmetricPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
<jaxws:properties>
<entry key="security.username" value="bob"/>