You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2018/07/24 11:49:49 UTC
[cxf-fediz] branch 1.4.x-fixes updated (5a2606b -> 949c1ea)
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a change to branch 1.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git.
from 5a2606b FEDIZ-222 - Only process the SAML Response for the SAML protocol
new db5f7b1 Upgrading HSQLDB
new 3177f80 FEDIZ-222 - Enabling system tests
new 949c1ea Checkstyle fix
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
pom.xml | 2 +-
.../org/apache/cxf/fediz/systests/idp/IdpTest.java | 15 ++++++----
.../src/test/resources/realma/entities-realma.xml | 2 +-
.../integrationtests/AbstractExpiryTests.java | 6 ++--
.../cxf/fediz/integrationtests/AbstractTests.java | 32 +++++++++------------
.../cxf/fediz/integrationtests/HTTPTestUtils.java | 33 ++++++++++++++--------
6 files changed, 51 insertions(+), 39 deletions(-)
[cxf-fediz] 03/03: Checkstyle fix
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 1.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git
commit 949c1ea0bf5fb097b8077c6081711542dc2fe862
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Tue Jul 24 12:49:40 2018 +0100
Checkstyle fix
---
.../org/apache/cxf/fediz/integrationtests/AbstractExpiryTests.java | 6 ++++--
.../java/org/apache/cxf/fediz/integrationtests/HTTPTestUtils.java | 3 ++-
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractExpiryTests.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractExpiryTests.java
index d2c6ce0..48ec3c3 100644
--- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractExpiryTests.java
+++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractExpiryTests.java
@@ -117,7 +117,8 @@ public abstract class AbstractExpiryTests {
CookieManager cookieManager = new CookieManager();
// 1. Login
- HTTPTestUtils.loginWithCookieManager(url, user, password, getIdpHttpsPort(), "signinresponseform", cookieManager);
+ HTTPTestUtils.loginWithCookieManager(url, user, password, getIdpHttpsPort(),
+ "signinresponseform", cookieManager);
// 2. Sign out of the service (but not the Idp)
final WebClient webClient = new WebClient();
@@ -127,7 +128,8 @@ public abstract class AbstractExpiryTests {
webClient.close();
// 3. Sign back in to the service provider. This time it will get a new IdP token due to wfresh=0.
- HTTPTestUtils.loginWithCookieManager(url, user, password, getIdpHttpsPort(), "signinresponseform", cookieManager);
+ HTTPTestUtils.loginWithCookieManager(url, user, password, getIdpHttpsPort(),
+ "signinresponseform", cookieManager);
}
private void verifyApplication(String user, String bodyTextContent) {
diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/HTTPTestUtils.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/HTTPTestUtils.java
index eae6911..7d45e6d 100644
--- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/HTTPTestUtils.java
+++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/HTTPTestUtils.java
@@ -67,7 +67,8 @@ public final class HTTPTestUtils {
}
public static String loginWithCookieManager(String url, String user, String password,
- String idpPort, String formName, CookieManager cookieManager) throws IOException {
+ String idpPort, String formName,
+ CookieManager cookieManager) throws IOException {
final WebClient webClient = new WebClient();
webClient.setCookieManager(cookieManager);
webClient.getOptions().setUseInsecureSSL(true);
[cxf-fediz] 01/03: Upgrading HSQLDB
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 1.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git
commit db5f7b1fdf35fe5033e9e490d57e4c0abbea3e72
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Tue Jul 24 11:10:59 2018 +0100
Upgrading HSQLDB
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 76a578b..057ef3b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -50,7 +50,7 @@
<easymock.version>3.4</easymock.version>
<ecj.version>4.6.1</ecj.version>
<ehcache.version>2.10.5</ehcache.version>
- <hsqldb.version>2.3.4</hsqldb.version>
+ <hsqldb.version>2.3.6</hsqldb.version>
<htmlunit.version>2.24</htmlunit.version>
<jackson.version>2.8.10</jackson.version>
<javassist.version>3.19.0-GA</javassist.version>
[cxf-fediz] 02/03: FEDIZ-222 - Enabling system tests
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 1.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git
commit 3177f8083b43d945fb7db031ed863b4966649d38
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Tue Jul 24 12:13:08 2018 +0100
FEDIZ-222 - Enabling system tests
---
.../org/apache/cxf/fediz/systests/idp/IdpTest.java | 15 ++++++----
.../src/test/resources/realma/entities-realma.xml | 2 +-
.../integrationtests/AbstractExpiryTests.java | 4 +--
.../cxf/fediz/integrationtests/AbstractTests.java | 32 ++++++++++------------
.../cxf/fediz/integrationtests/HTTPTestUtils.java | 32 ++++++++++++++--------
5 files changed, 47 insertions(+), 38 deletions(-)
diff --git a/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
index 6946759..f401742 100644
--- a/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
+++ b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
@@ -1725,7 +1725,8 @@ public class IdpTest {
// Check Response
HtmlForm responseForm = signoutPage.getFormByName("samlsignoutresponseform");
- Assert.assertEquals("https://localhost:8080/logout", responseForm.getActionAttribute());
+ String logoutResponseURL = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/logout";
+ Assert.assertEquals(logoutResponseURL, responseForm.getActionAttribute());
String responseValue = responseForm.getInputByName("SAMLResponse").getAttributeNS(null, "value");
Assert.assertNotNull(responseValue);
String receivedRelayState = responseForm.getInputByName("RelayState").getAttributeNS(null, "value");
@@ -1737,7 +1738,7 @@ public class IdpTest {
LogoutResponse logoutResponse = (LogoutResponse)OpenSAMLUtil.fromDom(responseDoc.getDocumentElement());
Assert.assertNotNull(logoutResponse);
- Assert.assertEquals("https://localhost:8080/logout", logoutResponse.getDestination());
+ Assert.assertEquals(logoutResponseURL, logoutResponse.getDestination());
String expectedIssuer = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml";
Assert.assertEquals(expectedIssuer, logoutResponse.getIssuer().getValue());
String success = "urn:oasis:names:tc:SAML:2.0:status:Success";
@@ -1855,7 +1856,8 @@ public class IdpTest {
// Check Response
HtmlForm responseForm = idpPage.getFormByName("samlsignoutresponseform");
- Assert.assertEquals("https://localhost:8080/logout", responseForm.getActionAttribute());
+ String logoutResponseURL = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/logout";
+ Assert.assertEquals(logoutResponseURL, responseForm.getActionAttribute());
String responseValue = responseForm.getInputByName("SAMLResponse").getAttributeNS(null, "value");
Assert.assertNotNull(responseValue);
String receivedRelayState = responseForm.getInputByName("RelayState").getAttributeNS(null, "value");
@@ -1867,7 +1869,7 @@ public class IdpTest {
LogoutResponse logoutResponse = (LogoutResponse)OpenSAMLUtil.fromDom(responseDoc.getDocumentElement());
Assert.assertNotNull(logoutResponse);
- Assert.assertEquals("https://localhost:8080/logout", logoutResponse.getDestination());
+ Assert.assertEquals(logoutResponseURL, logoutResponse.getDestination());
String expectedIssuer = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml";
Assert.assertEquals(expectedIssuer, logoutResponse.getIssuer().getValue());
String success = "urn:oasis:names:tc:SAML:2.0:status:Requester";
@@ -1988,7 +1990,8 @@ public class IdpTest {
// Check Response
HtmlForm responseForm = signoutPage.getFormByName("samlsignoutresponseform");
- Assert.assertEquals("https://localhost:8080/logout", responseForm.getActionAttribute());
+ String logoutResponseURL = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/logout";
+ Assert.assertEquals(logoutResponseURL, responseForm.getActionAttribute());
String responseValue = responseForm.getInputByName("SAMLResponse").getAttributeNS(null, "value");
Assert.assertNotNull(responseValue);
String receivedRelayState = responseForm.getInputByName("RelayState").getAttributeNS(null, "value");
@@ -2000,7 +2003,7 @@ public class IdpTest {
LogoutResponse logoutResponse = (LogoutResponse)OpenSAMLUtil.fromDom(responseDoc.getDocumentElement());
Assert.assertNotNull(logoutResponse);
- Assert.assertEquals("https://localhost:8080/logout", logoutResponse.getDestination());
+ Assert.assertEquals(logoutResponseURL, logoutResponse.getDestination());
String expectedIssuer = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml";
Assert.assertEquals(expectedIssuer, logoutResponse.getIssuer().getValue());
String success = "urn:oasis:names:tc:SAML:2.0:status:Requester";
diff --git a/systests/samlsso/src/test/resources/realma/entities-realma.xml b/systests/samlsso/src/test/resources/realma/entities-realma.xml
index 7bbc430..8d9623b 100644
--- a/systests/samlsso/src/test/resources/realma/entities-realma.xml
+++ b/systests/samlsso/src/test/resources/realma/entities-realma.xml
@@ -158,7 +158,7 @@
<property name="role" value="ApplicationServiceType" />
<property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
<property name="lifeTime" value="3600" />
- <property name="logoutEndpoint" value="https://localhost:8080/logout" />
+ <property name="logoutEndpoint" value="https://localhost:${rp.https.port}/fedizhelloworld/secure/logout" />
<property name="passiveRequestorEndpointConstraint"
value="https://localhost:(\d)*/(\w)*helloworld(\w)*/secure/.*" />
<property name="validatingCertificate" value="realma.cert" />
diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractExpiryTests.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractExpiryTests.java
index e2cf4b6..d2c6ce0 100644
--- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractExpiryTests.java
+++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractExpiryTests.java
@@ -117,7 +117,7 @@ public abstract class AbstractExpiryTests {
CookieManager cookieManager = new CookieManager();
// 1. Login
- HTTPTestUtils.loginWithCookieManager(url, user, password, getIdpHttpsPort(), cookieManager);
+ HTTPTestUtils.loginWithCookieManager(url, user, password, getIdpHttpsPort(), "signinresponseform", cookieManager);
// 2. Sign out of the service (but not the Idp)
final WebClient webClient = new WebClient();
@@ -127,7 +127,7 @@ public abstract class AbstractExpiryTests {
webClient.close();
// 3. Sign back in to the service provider. This time it will get a new IdP token due to wfresh=0.
- HTTPTestUtils.loginWithCookieManager(url, user, password, getIdpHttpsPort(), cookieManager);
+ HTTPTestUtils.loginWithCookieManager(url, user, password, getIdpHttpsPort(), "signinresponseform", cookieManager);
}
private void verifyApplication(String user, String bodyTextContent) {
diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
index 087ac24..cd70e3a 100644
--- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
+++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
@@ -403,10 +403,6 @@ public abstract class AbstractTests {
@Test
public void testRPLogout() throws Exception {
- if (!isWSFederation()) {
- return;
- }
-
String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/secure/fedservlet";
String user = "alice";
@@ -415,7 +411,7 @@ public abstract class AbstractTests {
CookieManager cookieManager = new CookieManager();
// 1. Login
- HTTPTestUtils.loginWithCookieManager(url, user, password, getIdpHttpsPort(), cookieManager);
+ HTTPTestUtils.loginWithCookieManager(url, user, password, getIdpHttpsPort(), getLoginFormName(), cookieManager);
// 2. Now we should have a cookie from the RP and IdP and should be able to do
// subsequent requests without authenticate again. Lets test this first.
@@ -430,7 +426,7 @@ public abstract class AbstractTests {
String rpLogoutUrl = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/secure/logout";
- HTTPTestUtils.logout(rpLogoutUrl, cookieManager);
+ HTTPTestUtils.logout(rpLogoutUrl, cookieManager, isWSFederation());
// 4. now we try to access the RP and idp without authentication but with the existing cookies
// to see if we are really logged out
@@ -462,7 +458,7 @@ public abstract class AbstractTests {
CookieManager cookieManager = new CookieManager();
// 1. Login
- HTTPTestUtils.loginWithCookieManager(url, user, password, getIdpHttpsPort(), cookieManager);
+ HTTPTestUtils.loginWithCookieManager(url, user, password, getIdpHttpsPort(), getLoginFormName(), cookieManager);
// 2. Now we should have a cookie from the RP and IdP and should be able to do
// subsequent requests without authenticate again. Lets test this first.
@@ -477,7 +473,7 @@ public abstract class AbstractTests {
String rpLogoutUrl = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/secure/fedservlet?wa=" + FederationConstants.ACTION_SIGNOUT;
- HTTPTestUtils.logout(rpLogoutUrl, cookieManager);
+ HTTPTestUtils.logout(rpLogoutUrl, cookieManager, isWSFederation());
// 4. now we try to access the RP and idp without authentication but with the existing cookies
// to see if we are really logged out
@@ -509,7 +505,7 @@ public abstract class AbstractTests {
CookieManager cookieManager = new CookieManager();
// 1. Login
- HTTPTestUtils.loginWithCookieManager(url, user, password, getIdpHttpsPort(), cookieManager);
+ HTTPTestUtils.loginWithCookieManager(url, user, password, getIdpHttpsPort(), getLoginFormName(), cookieManager);
// 2. Now we should have a cookie from the RP and IdP and should be able to do
// subsequent requests without authenticate again. Lets test this first.
@@ -524,7 +520,7 @@ public abstract class AbstractTests {
String idpLogoutUrl = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?wa="
+ FederationConstants.ACTION_SIGNOUT; //todo logout url on idp?!?
- HTTPTestUtils.logout(idpLogoutUrl, cookieManager);
+ HTTPTestUtils.logout(idpLogoutUrl, cookieManager, isWSFederation());
// 4. now we try to access the RP and idp without authentication but with the existing cookies
// to see if we are really logged out
@@ -556,7 +552,7 @@ public abstract class AbstractTests {
CookieManager cookieManager = new CookieManager();
// 1. Login
- HTTPTestUtils.loginWithCookieManager(url, user, password, getIdpHttpsPort(), cookieManager);
+ HTTPTestUtils.loginWithCookieManager(url, user, password, getIdpHttpsPort(), getLoginFormName(), cookieManager);
// 2. Now we should have a cookie from the RP and IdP and should be able to do
// subsequent requests without authenticate again. Lets test this first.
@@ -702,7 +698,7 @@ public abstract class AbstractTests {
CookieManager cookieManager = new CookieManager();
// 1. Login
- HTTPTestUtils.loginWithCookieManager(url, user, password, getIdpHttpsPort(), cookieManager);
+ HTTPTestUtils.loginWithCookieManager(url, user, password, getIdpHttpsPort(), getLoginFormName(), cookieManager);
// 2. Now we should have a cookie from the RP and IdP and should be able to do
// subsequent requests without authenticate again. Lets test this first.
@@ -770,7 +766,7 @@ public abstract class AbstractTests {
if (getTokenName().equals(result.getAttributeNS(null, "name"))) {
// Now modify the Signature
String value = result.getAttributeNS(null, "value");
-
+
if (isWSFederation()) {
value = entity + value;
value = value.replace("alice", reference);
@@ -781,13 +777,13 @@ public abstract class AbstractTests {
InputStream inputStream = new ByteArrayInputStream(deflatedToken);
Document responseDoc = StaxUtils.read(new InputStreamReader(inputStream, "UTF-8"));
-
+
// Modify SignatureValue to include the entity
String signatureNamespace = "http://www.w3.org/2000/09/xmldsig#";
Node signatureValue =
responseDoc.getElementsByTagNameNS(signatureNamespace, "SignatureValue").item(0);
signatureValue.setTextContent(reference + signatureValue.getTextContent());
-
+
// Re-encode response
String responseMessage = DOM2Writer.nodeToString(responseDoc);
result.setAttributeNS(null, "value", Base64Utility.encode((entity + responseMessage).getBytes()));
@@ -843,7 +839,7 @@ public abstract class AbstractTests {
if (getTokenName().equals(result.getAttributeNS(null, "name"))) {
// Now modify the Signature
String value = result.getAttributeNS(null, "value");
-
+
if (isWSFederation()) {
value = entity + value;
value = value.replace("alice", reference);
@@ -854,13 +850,13 @@ public abstract class AbstractTests {
InputStream inputStream = new ByteArrayInputStream(deflatedToken);
Document responseDoc = StaxUtils.read(new InputStreamReader(inputStream, "UTF-8"));
-
+
// Modify SignatureValue to include the entity
String signatureNamespace = "http://www.w3.org/2000/09/xmldsig#";
Node signatureValue =
responseDoc.getElementsByTagNameNS(signatureNamespace, "SignatureValue").item(0);
signatureValue.setTextContent(reference + signatureValue.getTextContent());
-
+
// Re-encode response
String responseMessage = DOM2Writer.nodeToString(responseDoc);
result.setAttributeNS(null, "value", Base64Utility.encode((entity + responseMessage).getBytes()));
diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/HTTPTestUtils.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/HTTPTestUtils.java
index b2305c9..eae6911 100644
--- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/HTTPTestUtils.java
+++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/HTTPTestUtils.java
@@ -67,7 +67,7 @@ public final class HTTPTestUtils {
}
public static String loginWithCookieManager(String url, String user, String password,
- String idpPort, CookieManager cookieManager) throws IOException {
+ String idpPort, String formName, CookieManager cookieManager) throws IOException {
final WebClient webClient = new WebClient();
webClient.setCookieManager(cookieManager);
webClient.getOptions().setUseInsecureSSL(true);
@@ -80,7 +80,7 @@ public final class HTTPTestUtils {
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
- final HtmlForm form = idpPage.getFormByName("signinresponseform");
+ final HtmlForm form = idpPage.getFormByName(formName);
final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
final HtmlPage rpPage = button.click();
@@ -91,7 +91,7 @@ public final class HTTPTestUtils {
return rpPage.getBody().getTextContent();
}
- public static void logout(String url, CookieManager cookieManager) throws IOException {
+ public static void logout(String url, CookieManager cookieManager, boolean wsfed) throws IOException {
final WebClient webClient = new WebClient();
webClient.setCookieManager(cookieManager);
webClient.getOptions().setUseInsecureSSL(true);
@@ -101,16 +101,26 @@ public final class HTTPTestUtils {
final HtmlForm form = idpPage.getFormByName("signoutconfirmationresponseform");
final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
- final HtmlPage idpLogoutPage = button.click();
- DomNodeList<DomElement> images = idpLogoutPage.getElementsByTagName("img");
- Assert.assertEquals(1, images.getLength());
- for (int i = 0; i < images.size(); i++) {
- DomElement domElement = images.get(i);
- String imgSrc = domElement.getAttribute("src");
+ webClient.getOptions().setJavaScriptEnabled(false);
+ final HtmlPage idpLogoutPage = button.click();
+ webClient.getOptions().setJavaScriptEnabled(true);
- //we should get a fault if the image isn't available.
- webClient.getPage(imgSrc);
+ if (wsfed) {
+ DomNodeList<DomElement> images = idpLogoutPage.getElementsByTagName("img");
+ Assert.assertEquals(1, images.getLength());
+ for (int i = 0; i < images.size(); i++) {
+ DomElement domElement = images.get(i);
+ String imgSrc = domElement.getAttribute("src");
+
+ //we should get a fault if the image isn't available.
+ webClient.getPage(imgSrc);
+ }
+ } else {
+ // For SAML SSO we will be redirected back to the RP
+ HtmlForm responseForm = idpLogoutPage.getFormByName("samlsignoutresponseform");
+ HtmlSubmitInput button2 = responseForm.getInputByName("_eventId_submit");
+ button2.click();
}
// webClient.close();