You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/04/13 15:01:09 UTC
[1/5] cxf-fediz git commit: FEDIZ-200 - Make one of logoutEndpoint or
logoutEndpointConstraint mandatory in the IDP
Repository: cxf-fediz
Updated Branches:
refs/heads/1.2.x-fixes 66f1ffa4f -> bf5f471d4
FEDIZ-200 - Make one of logoutEndpoint or logoutEndpointConstraint mandatory in the IDP
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/30e0d900
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/30e0d900
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/30e0d900
Branch: refs/heads/1.2.x-fixes
Commit: 30e0d900e3eb77f0417cd41708f2340c11310d25
Parents: 66f1ffa
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Apr 13 13:01:12 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Apr 13 14:50:03 2017 +0100
----------------------------------------------------------------------
.../core/processor/FederationProcessorImpl.java | 7 +
.../core/federation/FederationLogoutTest.java | 46 +-
.../idp/beans/EndpointAddressValidator.java | 128 +++++
.../fediz/service/idp/domain/Application.java | 35 +-
.../cxf/fediz/service/idp/domain/Idp.java | 15 +-
.../idp/service/jpa/ApplicationDAOJPAImpl.java | 6 +-
.../idp/service/jpa/ApplicationEntity.java | 20 +
.../service/idp/service/jpa/IdpDAOJPAImpl.java | 6 +-
.../service/idp/service/jpa/IdpEntity.java | 12 +-
.../idp/src/main/resources/entities-realma.xml | 14 +
.../WEB-INF/federation-validate-request.xml | 23 +-
.../apache/cxf/fediz/systests/idp/IdpTest.java | 533 ++++++++++++++++++-
.../test/resources/realma/entities-realma.xml | 2 +
.../test/resources/realma/entities-realma.xml | 1 +
14 files changed, 794 insertions(+), 54 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/30e0d900/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
index fbf7600..646f267 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/FederationProcessorImpl.java
@@ -538,6 +538,13 @@ public class FederationProcessorImpl extends AbstractFedizProcessor {
sb.append(URLEncoder.encode(logoutRedirectTo, "UTF-8"));
}
+ String realm = resolveWTRealm(request, config);
+ LOG.debug("wtrealm={}", realm);
+
+ // add wtrealm parameter
+ sb.append('&').append(FederationConstants.PARAM_TREALM).append('=').append(URLEncoder
+ .encode(realm, "UTF-8"));
+
redirectURL = redirectURL + "?" + sb.toString();
} catch (Exception ex) {
LOG.error("Failed to create SignInRequest", ex);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/30e0d900/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationLogoutTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationLogoutTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationLogoutTest.java
index 36a6d96..fd2163e 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationLogoutTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationLogoutTest.java
@@ -105,8 +105,9 @@ public class FederationLogoutTest {
Assert.assertTrue(logoutHandler.canHandleRequest(req));
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
- String expectedRedirectToIdP =
- "http://url_to_the_issuer?wa=wsignout1.0&wreply=https%3A%2F%2Flocalhost%2Fsecure%2Flogout%2Findex.html";
+ String expectedRedirectToIdP =
+ "http://url_to_the_issuer?wa=wsignout1.0&wreply=https%3A%2F%2Flocalhost%2Fsecure%2Flogout%2Findex.html"
+ + "&wtrealm=target+realm";
resp.sendRedirect(expectedRedirectToIdP);
EasyMock.expectLastCall();
EasyMock.replay(resp);
@@ -119,7 +120,7 @@ public class FederationLogoutTest {
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION)).andReturn(null).anyTimes();
- EasyMock.expect(req.getParameter(FederationConstants.PARAM_REPLY)).andReturn(REPLY_URI).anyTimes();
+ EasyMock.expect(req.getParameter(FederationConstants.PARAM_REPLY)).andReturn(REPLY_URL).anyTimes();
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(LOGOUT_URL));
EasyMock.expect(req.getRequestURI()).andReturn(LOGOUT_URI);
EasyMock.expect(req.getContextPath()).andReturn(LOGOUT_URI);
@@ -129,8 +130,9 @@ public class FederationLogoutTest {
Assert.assertTrue(logoutHandler.canHandleRequest(req));
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
- String expectedRedirectToIdP =
- "http://url_to_the_issuer?wa=wsignout1.0&wreply=https%3A%2F%2Flocalhost%2Fsecure%2Flogout%2Fwreply.html";
+ String expectedRedirectToIdP =
+ "http://url_to_the_issuer?wa=wsignout1.0&wreply=" + URLEncoder.encode(REPLY_URL, "UTF-8")
+ + "&wtrealm=target+realm";
resp.sendRedirect(expectedRedirectToIdP);
EasyMock.expectLastCall();
EasyMock.replay(resp);
@@ -153,14 +155,15 @@ public class FederationLogoutTest {
Assert.assertTrue(logoutHandler.canHandleRequest(req));
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
- String expectedRedirectToIdP =
- "http://url_to_the_issuer?wa=wsignout1.0&wreply=https%3A%2F%2Flocalhost%2Fsecure%2Flogout%2Findex.html";
+ String expectedRedirectToIdP =
+ "http://url_to_the_issuer?wa=wsignout1.0&wreply=https%3A%2F%2Flocalhost%2Fsecure%2Flogout%2Findex.html"
+ + "&wtrealm=target+realm";
resp.sendRedirect(expectedRedirectToIdP);
EasyMock.expectLastCall();
EasyMock.replay(resp);
logoutHandler.handleRequest(req, resp);
}
-
+
@org.junit.Test
public void testSignoutCustomURLWithNoConfiguredConstraint() throws Exception {
FedizContext config = getFederationConfigurator().getFedizContext("ROOT2");
@@ -177,8 +180,9 @@ public class FederationLogoutTest {
Assert.assertTrue(logoutHandler.canHandleRequest(req));
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
- String expectedRedirectToIdP =
- "http://url_to_the_issuer?wa=wsignout1.0&wreply=https%3A%2F%2Flocalhost%2Fsecure%2Flogout%2Findex.html";
+ String expectedRedirectToIdP =
+ "http://url_to_the_issuer?wa=wsignout1.0&wreply=https%3A%2F%2Flocalhost%2Fsecure%2Flogout%2Findex.html"
+ + "&wtrealm=target+realm";
resp.sendRedirect(expectedRedirectToIdP);
EasyMock.expectLastCall();
EasyMock.replay(resp);
@@ -202,8 +206,9 @@ public class FederationLogoutTest {
Assert.assertTrue(logoutHandler.canHandleRequest(req));
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
- String expectedRedirectToIdP =
- "http://url_to_the_issuer?wa=wsignout1.0&wreply=https%3A%2F%2Flocalhost%2Fsecure%2Findex.html";
+ String expectedRedirectToIdP =
+ "http://url_to_the_issuer?wa=wsignout1.0&wreply=https%3A%2F%2Flocalhost%2Fsecure%2Findex.html"
+ + "&wtrealm=target+realm";
resp.sendRedirect(expectedRedirectToIdP);
EasyMock.expectLastCall();
EasyMock.replay(resp);
@@ -217,7 +222,7 @@ public class FederationLogoutTest {
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION))
.andReturn(FederationConstants.ACTION_SIGNOUT).anyTimes();
- EasyMock.expect(req.getParameter(FederationConstants.PARAM_REPLY)).andReturn(REPLY_URI).anyTimes();
+ EasyMock.expect(req.getParameter(FederationConstants.PARAM_REPLY)).andReturn(REPLY_URL).anyTimes();
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer("https://localhost/fedizhelloworld/secure"));
EasyMock.expect(req.getRequestURI()).andReturn("/secure");
EasyMock.expect(req.getContextPath()).andReturn("/secure");
@@ -227,8 +232,9 @@ public class FederationLogoutTest {
Assert.assertTrue(logoutHandler.canHandleRequest(req));
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
- String expectedRedirectToIdP =
- "http://url_to_the_issuer?wa=wsignout1.0&wreply=https%3A%2F%2Flocalhost%2Fsecure%2Fwreply.html";
+ String expectedRedirectToIdP =
+ "http://url_to_the_issuer?wa=wsignout1.0&wreply=" + URLEncoder.encode(REPLY_URL, "UTF-8")
+ + "&wtrealm=target+realm";
resp.sendRedirect(expectedRedirectToIdP);
EasyMock.expectLastCall();
EasyMock.replay(resp);
@@ -252,8 +258,9 @@ public class FederationLogoutTest {
Assert.assertTrue(logoutHandler.canHandleRequest(req));
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
- String expectedRedirectToIdP =
- "http://url_to_the_issuer?wa=wsignout1.0&wreply=https%3A%2F%2Flocalhost%2Fsecure%2Findex.html";
+ String expectedRedirectToIdP =
+ "http://url_to_the_issuer?wa=wsignout1.0&wreply=https%3A%2F%2Flocalhost%2Fsecure%2Findex.html"
+ + "&wtrealm=target+realm";
resp.sendRedirect(expectedRedirectToIdP);
EasyMock.expectLastCall();
EasyMock.replay(resp);
@@ -277,8 +284,9 @@ public class FederationLogoutTest {
Assert.assertTrue(logoutHandler.canHandleRequest(req));
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
- String expectedRedirectToIdP =
- "http://url_to_the_issuer?wa=wsignout1.0&wreply=https%3A%2F%2Flocalhost%2Fsecure%2Findex.html";
+ String expectedRedirectToIdP =
+ "http://url_to_the_issuer?wa=wsignout1.0&wreply=https%3A%2F%2Flocalhost%2Fsecure%2Findex.html"
+ + "&wtrealm=target+realm";
resp.sendRedirect(expectedRedirectToIdP);
EasyMock.expectLastCall();
EasyMock.replay(resp);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/30e0d900/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/EndpointAddressValidator.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/EndpointAddressValidator.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/EndpointAddressValidator.java
new file mode 100644
index 0000000..536a2e6
--- /dev/null
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/EndpointAddressValidator.java
@@ -0,0 +1,128 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.fediz.service.idp.beans;
+
+import java.util.regex.Matcher;
+
+import org.apache.cxf.fediz.service.idp.domain.Application;
+import org.apache.cxf.fediz.service.idp.domain.Idp;
+import org.apache.cxf.fediz.service.idp.util.WebUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Component;
+import org.springframework.webflow.execution.RequestContext;
+
+/**
+ * This class is responsible to validate the 'wreply' parameter for WS-Federation, or else the
+ * AssertionConsumer URL address for SAML SSO, by comparing it to a regular expression.
+ */
+@Component
+public class EndpointAddressValidator {
+
+ private static final Logger LOG = LoggerFactory.getLogger(EndpointAddressValidator.class);
+
+ public boolean isValidSigninAddress(RequestContext context, String endpointAddress, String realm)
+ throws Exception {
+ if (endpointAddress == null) {
+ return true;
+ }
+
+ Idp idpConfig = (Idp) WebUtils.getAttributeFromFlowScope(context, "idpConfig");
+ Application serviceConfig = idpConfig.findApplication(realm);
+ if (serviceConfig == null) {
+ LOG.warn("No service config found for " + realm);
+ return false;
+ }
+
+ return validateSigninEndpointAddress(serviceConfig, endpointAddress);
+ }
+
+ public boolean isValidSignoutAddress(RequestContext context, String endpointAddress, String realm)
+ throws Exception {
+ System.out.println("EA: " + endpointAddress + " " + realm);
+ if (endpointAddress == null) {
+ return true;
+ }
+
+ Idp idpConfig = (Idp) WebUtils.getAttributeFromFlowScope(context, "idpConfig");
+ if (idpConfig.isDisableLogoutAddressValidation()) {
+ return true;
+ }
+
+ Application serviceConfig = idpConfig.findApplication(realm);
+ if (serviceConfig == null) {
+ LOG.warn("No service config found for " + realm);
+ return false;
+ }
+
+ return validateSignoutEndpointAddress(serviceConfig, endpointAddress);
+ }
+
+ private boolean validateSigninEndpointAddress(Application serviceConfig, String endpointAddress) {
+ if (serviceConfig.getPassiveRequestorEndpoint() == null
+ && serviceConfig.getCompiledPassiveRequestorEndpointConstraint() == null) {
+ LOG.error("Either the 'passiveRequestorEndpoint' or the 'passiveRequestorEndpointConstraint' "
+ + "configuration values must be specified for the application");
+ } else if (serviceConfig.getPassiveRequestorEndpoint() != null
+ && serviceConfig.getPassiveRequestorEndpoint().equals(endpointAddress)) {
+ LOG.debug("The supplied endpoint address {} matches the configured passive requestor endpoint value",
+ endpointAddress);
+ return true;
+ } else if (serviceConfig.getCompiledPassiveRequestorEndpointConstraint() != null) {
+ Matcher matcher =
+ serviceConfig.getCompiledPassiveRequestorEndpointConstraint().matcher(endpointAddress);
+ if (matcher.matches()) {
+ return true;
+ } else {
+ LOG.error("The endpointAddress value of {} does not match any of the passive requestor values",
+ endpointAddress);
+ }
+ }
+
+ return false;
+ }
+
+ private boolean validateSignoutEndpointAddress(Application serviceConfig, String endpointAddress) {
+ System.out.println("HERE");
+ if (serviceConfig.getLogoutEndpoint() == null
+ && serviceConfig.getCompiledLogoutEndpointConstraint() == null) {
+ LOG.error("Either the 'logoutEndpoint' or the 'logoutEndpointConstraint' "
+ + "configuration values must be specified for the application");
+ } else if (serviceConfig.getLogoutEndpoint() != null
+ && serviceConfig.getLogoutEndpoint().equals(endpointAddress)) {
+ LOG.debug("The supplied endpoint address {} matches the configured logout endpoint value",
+ endpointAddress);
+ return true;
+ } else if (serviceConfig.getCompiledLogoutEndpointConstraint() != null) {
+ Matcher matcher =
+ serviceConfig.getCompiledLogoutEndpointConstraint().matcher(endpointAddress);
+ if (matcher.matches()) {
+ return true;
+ } else {
+ LOG.error("The endpointAddress value of {} does not match any of the logout address values",
+ endpointAddress);
+ }
+ }
+
+ System.out.println("RET FALSE");
+
+ return false;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/30e0d900/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java
index 43c7e8a..fca01e1 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java
@@ -34,6 +34,7 @@ import javax.xml.bind.annotation.XmlType;
@XmlType(propOrder = {"realm", "role", "serviceDisplayName", "serviceDescription", "protocol",
"tokenType", "lifeTime", "encryptionCertificate", "requestedClaims",
"policyNamespace", "passiveRequestorEndpoint", "passiveRequestorEndpointConstraint", "id" })
+ "logoutEndpoint", "logoutEndpointConstraint"})
public class Application implements Serializable {
private static final long serialVersionUID = 5644327504861846964L;
@@ -90,8 +91,13 @@ public class Application implements Serializable {
// A regular expression constraint on the passiveRequestorEndpoint
private String passiveRequestorEndpointConstraint;
private Pattern compiledPassiveRequestorEndpointConstraint;
-
-
+
+ private String logoutEndpoint;
+
+ // A regular expression constraint on the logoutEndpoint
+ private String logoutEndpointConstraint;
+ private Pattern compiledLogoutEndpointConstraint;
+
@XmlAttribute
public int getId() {
return id;
@@ -216,4 +222,29 @@ public class Application implements Serializable {
public Pattern getCompiledPassiveRequestorEndpointConstraint() {
return compiledPassiveRequestorEndpointConstraint;
}
+
+ public String getLogoutEndpoint() {
+ return logoutEndpoint;
+ }
+
+ public void setLogoutEndpoint(String logoutEndpoint) {
+ this.logoutEndpoint = logoutEndpoint;
+ }
+
+ public String getLogoutEndpointConstraint() {
+ return logoutEndpointConstraint;
+ }
+
+ public void setLogoutEndpointConstraint(String logoutEndpointConstraint) {
+ this.logoutEndpointConstraint = logoutEndpointConstraint;
+ if (logoutEndpointConstraint != null) {
+ compiledLogoutEndpointConstraint = Pattern.compile(logoutEndpointConstraint);
+ } else {
+ compiledLogoutEndpointConstraint = null;
+ }
+ }
+
+ public Pattern getCompiledLogoutEndpointConstraint() {
+ return compiledLogoutEndpointConstraint;
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/30e0d900/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java
index 389348b..bc4fe27 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java
@@ -35,7 +35,8 @@ import javax.xml.bind.annotation.XmlType;
@XmlType(propOrder = {"realm", "uri", "serviceDisplayName", "serviceDescription", "idpUrl", "stsUrl",
"certificate", "certificatePassword", "provideIdpList", "useCurrentIdp", "hrds",
"rpSingleSignOutConfirmation", "supportedProtocols", "tokenTypesOffered", "claimTypesOffered",
- "authenticationURIs", "applications", "trustedIdps", "id", "rpSingleSignOutCleanupConfirmation" })
+ "authenticationURIs", "applications", "trustedIdps", "id", "rpSingleSignOutCleanupConfirmation",
+ "disableLogoutAddressValidation"})
public class Idp implements Serializable {
private static final long serialVersionUID = -5570301342547139039L;
@@ -117,7 +118,9 @@ public class Idp implements Serializable {
// Is explicit confirmation required when the "cleanup" URL is called
private boolean rpSingleSignOutCleanupConfirmation;
-
+
+ private boolean disableLogoutAddressValidation;
+
@XmlAttribute
public int getId() {
return id;
@@ -301,4 +304,12 @@ public class Idp implements Serializable {
this.rpSingleSignOutCleanupConfirmation = rpSingleSignOutCleanupConfirmation;
}
+ public boolean isDisableLogoutAddressValidation() {
+ return disableLogoutAddressValidation;
+ }
+
+ public void setDisableLogoutAddressValidation(boolean disableLogoutAddressValidation) {
+ this.disableLogoutAddressValidation = disableLogoutAddressValidation;
+ }
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/30e0d900/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationDAOJPAImpl.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationDAOJPAImpl.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationDAOJPAImpl.java
index 4829764..5f56a4d 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationDAOJPAImpl.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationDAOJPAImpl.java
@@ -201,6 +201,8 @@ public class ApplicationDAOJPAImpl implements ApplicationDAO {
entity.setPolicyNamespace(application.getPolicyNamespace());
entity.setPassiveRequestorEndpoint(application.getPassiveRequestorEndpoint());
entity.setPassiveRequestorEndpointConstraint(application.getPassiveRequestorEndpointConstraint());
+ entity.setLogoutEndpoint(application.getLogoutEndpoint());
+ entity.setLogoutEndpointConstraint(entity.getLogoutEndpointConstraint());
}
public static Application entity2domain(ApplicationEntity entity, List<String> expandList) {
@@ -217,7 +219,9 @@ public class ApplicationDAOJPAImpl implements ApplicationDAO {
application.setPolicyNamespace(entity.getPolicyNamespace());
application.setPassiveRequestorEndpoint(entity.getPassiveRequestorEndpoint());
application.setPassiveRequestorEndpointConstraint(entity.getPassiveRequestorEndpointConstraint());
-
+ application.setLogoutEndpoint(entity.getLogoutEndpoint());
+ application.setLogoutEndpointConstraint(entity.getLogoutEndpointConstraint());
+
if (expandList != null && (expandList.contains("all") || expandList.contains("claims"))) {
for (ApplicationClaimEntity item : entity.getRequestedClaims()) {
RequestClaim claim = entity2domain(item);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/30e0d900/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationEntity.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationEntity.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationEntity.java
index e450132..7175a7d 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationEntity.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/ApplicationEntity.java
@@ -85,6 +85,11 @@ public class ApplicationEntity {
// A regular expression constraint on the passiveRequestorEndpoint
private String passiveRequestorEndpointConstraint;
+ private String logoutEndpoint;
+
+ // A regular expression constraint on the logoutEndpoint
+ private String logoutEndpointConstraint;
+
public int getId() {
return id;
@@ -190,4 +195,19 @@ public class ApplicationEntity {
this.passiveRequestorEndpointConstraint = passiveRequestorEndpointConstraint;
}
+ public String getLogoutEndpoint() {
+ return logoutEndpoint;
+ }
+
+ public void setLogoutEndpoint(String logoutEndpoint) {
+ this.logoutEndpoint = logoutEndpoint;
+ }
+
+ public String getLogoutEndpointConstraint() {
+ return logoutEndpointConstraint;
+ }
+
+ public void setLogoutEndpointConstraint(String logoutEndpointConstraint) {
+ this.logoutEndpointConstraint = logoutEndpointConstraint;
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/30e0d900/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpDAOJPAImpl.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpDAOJPAImpl.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpDAOJPAImpl.java
index c553400..502568f 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpDAOJPAImpl.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpDAOJPAImpl.java
@@ -294,7 +294,8 @@ public class IdpDAOJPAImpl implements IdpDAO {
entity.setUseCurrentIdp(idp.isUseCurrentIdp());
entity.setRpSingleSignOutConfirmation(idp.isRpSingleSignOutConfirmation());
entity.setRpSingleSignOutCleanupConfirmation(idp.isRpSingleSignOutCleanupConfirmation());
-
+ entity.setDisableLogoutAddressValidation(idp.isDisableLogoutAddressValidation());
+
entity.getAuthenticationURIs().clear();
for (Map.Entry<String, String> item : idp.getAuthenticationURIs().entrySet()) {
entity.getAuthenticationURIs().put(item.getKey(), item.getValue());
@@ -328,7 +329,8 @@ public class IdpDAOJPAImpl implements IdpDAO {
idp.setUseCurrentIdp(entity.isUseCurrentIdp());
idp.setRpSingleSignOutConfirmation(entity.isRpSingleSignOutConfirmation());
idp.setRpSingleSignOutCleanupConfirmation(entity.isRpSingleSignOutCleanupConfirmation());
-
+ idp.setDisableLogoutAddressValidation(entity.isDisableLogoutAddressValidation());
+
if (expandList != null && (expandList.contains("all") || expandList.contains("applications"))) {
for (ApplicationEntity item : entity.getApplications()) {
Application application = ApplicationDAOJPAImpl.entity2domain(item, expandList);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/30e0d900/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpEntity.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpEntity.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpEntity.java
index 1eda135..0ea23f4 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpEntity.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpEntity.java
@@ -134,9 +134,11 @@ public class IdpEntity {
// ServiceDescription
private String serviceDescription;
-
+
private boolean rpSingleSignOutCleanupConfirmation;
+ private boolean disableLogoutAddressValidation;
+
public int getId() {
return id;
@@ -298,4 +300,12 @@ public class IdpEntity {
this.rpSingleSignOutCleanupConfirmation = rpSingleSignOutCleanupConfirmation;
}
+ public boolean isDisableLogoutAddressValidation() {
+ return disableLogoutAddressValidation;
+ }
+
+ public void setDisableLogoutAddressValidation(boolean disableLogoutAddressValidation) {
+ this.disableLogoutAddressValidation = disableLogoutAddressValidation;
+ }
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/30e0d900/services/idp/src/main/resources/entities-realma.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/resources/entities-realma.xml b/services/idp/src/main/resources/entities-realma.xml
index 2965df9..cdb116f 100644
--- a/services/idp/src/main/resources/entities-realma.xml
+++ b/services/idp/src/main/resources/entities-realma.xml
@@ -105,6 +105,20 @@
<property name="lifeTime" value="3600" />
<property name="passiveRequestorEndpointConstraint"
value="https://localhost:?(\d)*/.*" />
+ <property name="logoutEndpointConstraint" value="https://localhost:?(\d)*/.*" />
+ </bean>
+
+ <bean id="srv-oidc" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity">
+ <property name="realm" value="urn:org:apache:cxf:fediz:oidc" />
+ <property name="protocol" value="http://docs.oasis-open.org/wsfed/federation/200706" />
+ <property name="serviceDisplayName" value="OIDC Provider" />
+ <property name="serviceDescription" value="OpenID Connect Provider" />
+ <property name="role" value="ApplicationServiceType" />
+ <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
+ <property name="lifeTime" value="3600" />
+ <property name="passiveRequestorEndpointConstraint" value="https://localhost:?(\d)*/fediz-oidc/.*" />
+ <property name="logoutEndpointConstraint" value="https://localhost:?(\d)*/.*" />
+>>>>>>> 5eba7a0... FEDIZ-200 - Make one of logoutEndpoint or logoutEndpointConstraint mandatory in the IDP
</bean>
<bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/30e0d900/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml
index 733d5d3..d37b13a 100644
--- a/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml
@@ -40,7 +40,7 @@
</on-entry>
<if
test="requestParameters.wa == 'wsignout1.0' or requestParameters.wa == 'wsignoutcleanup1.0'"
- then="selectSignOutProcess" />
+ then="validateWReplyForSignout" />
<if
test="requestParameters.wa == 'wsignin1.0'" then="selectWsFedProcess"
else="selectSAMLProcess" />
@@ -63,15 +63,16 @@
</decision-state>
<action-state id="validateWReplyForSignout">
- <evaluate expression="commonsURLValidator.isValid(flowRequestContext, flowScope.wreply)"/>
+ <on-entry>
+ <evaluate expression="@org.apache.cxf.fediz.service.idp.util.WebUtils@getHttpHeader(flowRequestContext, 'Referer')" result="flowScope.wreply"/>
+ </on-entry>
+ <evaluate expression="commonsURLValidator.isValid(flowRequestContext, flowScope.wreply)
+ and endpointAddressValidator.isValidSignoutAddress(flowRequestContext, flowScope.wreply, flowScope.wtrealm)"/>
<transition on="yes" to="selectSignOutProcess" />
- <transition on="no" to="viewBadRequest" />
+ <transition on="no" to="viewBadRequestAndLogout" />
</action-state>
<decision-state id="selectSignOutProcess">
- <on-entry>
- <evaluate expression="@org.apache.cxf.fediz.service.idp.util.WebUtils@getHttpHeader(flowRequestContext, 'Referer')" result="flowScope.wreply"/>
- </on-entry>
<if
test="requestParameters.wa == 'wsignout1.0' and flowScope.idpConfig.rpSingleSignOutConfirmation == true
or requestParameters.wa == 'wsignoutcleanup1.0' and flowScope.idpConfig.rpSingleSignOutCleanupConfirmation == true"
@@ -185,6 +186,16 @@
</on-entry>
</end-state>
+ <end-state id="viewBadRequestAndLogout" view="genericerror">
+ <on-entry>
+ <evaluate expression="homeRealmReminder.removeCookie(flowRequestContext)" />
+ <evaluate expression="logoutAction.submit(flowRequestContext)" />
+ <evaluate
+ expression="externalContext.nativeResponse.setStatus(400,flowRequestContext.currentTransition.toString())" />
+ <!--<set name="requestScope.reason" value="flowRequestContext.currentTransition" />-->
+ </on-entry>
+ </end-state>
+
<!-- abnormal exit point : Http 500 Internal Server Error -->
<end-state id="scInternalServerError" view="genericerror">
<on-entry>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/30e0d900/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
----------------------------------------------------------------------
diff --git a/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java b/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
index b0e5816..61d10ff 100644
--- a/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
+++ b/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
@@ -84,7 +84,7 @@ public class IdpTest {
WSSConfig.init();
}
- private static Tomcat startServer(boolean idp, String port)
+ private static Tomcat startServer(boolean idp, String port)
throws ServletException, LifecycleException, IOException {
Tomcat server = new Tomcat();
server.setPort(0);
@@ -127,7 +127,7 @@ public class IdpTest {
public static void cleanup() {
shutdownServer(idpServer);
}
-
+
private static void shutdownServer(Tomcat server) {
try {
if (server != null && server.getServer() != null
@@ -190,7 +190,7 @@ public class IdpTest {
Assert.assertNotNull(wresult);
}
-
+
@org.junit.Test
public void testSuccessfulSSOInvokeOnIdP() throws Exception {
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?";
@@ -206,7 +206,7 @@ public class IdpTest {
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.addRequestHeader("Authorization", "Basic " + Base64.encode((user + ":" + password).getBytes()));
-
+
//
// First invocation
//
@@ -228,14 +228,14 @@ public class IdpTest {
}
Assert.assertNotNull(wresult);
-
+
//
// Second invocation - change the credentials to make sure the session is set up correctly
- //
+ //
webClient.removeRequestHeader("Authorization");
webClient.addRequestHeader("Authorization", "Basic " + Base64.encode(("mallory" + ":" + password).getBytes()));
-
+
webClient.getOptions().setJavaScriptEnabled(false);
idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
@@ -253,6 +253,7 @@ public class IdpTest {
}
Assert.assertNotNull(wresult);
+
}
@Test
@@ -420,7 +421,7 @@ public class IdpTest {
Assert.assertEquals(ex.getStatusCode(), 400);
}
}
-
+
// Send an unknown wa value
@org.junit.Test
public void testBadWa() throws Exception {
@@ -448,7 +449,7 @@ public class IdpTest {
Assert.assertEquals(ex.getStatusCode(), 400);
}
}
-
+
// Send an unknown whr value
@org.junit.Test
public void testBadWHR() throws Exception {
@@ -476,7 +477,7 @@ public class IdpTest {
Assert.assertEquals(ex.getStatusCode(), 500);
}
}
-
+
// Send an unknown wtrealm value
@org.junit.Test
public void testBadWtRealm() throws Exception {
@@ -504,7 +505,7 @@ public class IdpTest {
Assert.assertEquals(ex.getStatusCode(), 400);
}
}
-
+
// Send an malformed wreply value
@org.junit.Test
public void testMalformedWReply() throws Exception {
@@ -532,7 +533,7 @@ public class IdpTest {
Assert.assertEquals(ex.getStatusCode(), 400);
}
}
-
+
// Send a bad wreply value
@org.junit.Test
public void testBadWReply() throws Exception {
@@ -540,7 +541,7 @@ public class IdpTest {
url += "wa=wsignin1.0";
url += "&whr=urn:org:apache:cxf:fediz:idp:realm-A";
url += "&wtrealm=urn:org:apache:cxf:fediz:fedizhelloworld";
- String wreply = "https://www.apache.org:" + getRpHttpsPort() + "/"
+ String wreply = "https://www.apache.org:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
url += "&wreply=" + wreply;
@@ -561,7 +562,7 @@ public class IdpTest {
Assert.assertEquals(ex.getStatusCode(), 400);
}
}
-
+
@org.junit.Test
public void testValidWReplyWrongApplication() throws Exception {
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?";
@@ -588,7 +589,7 @@ public class IdpTest {
Assert.assertEquals(ex.getStatusCode(), 400);
}
}
-
+
@org.junit.Test
public void testWReplyExactMatchingSuccess() throws Exception {
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?";
@@ -610,14 +611,14 @@ public class IdpTest {
webClient.getOptions().setJavaScriptEnabled(false);
webClient.getPage(url);
}
-
+
@org.junit.Test
public void testWReplyExactMatchingFailure() throws Exception {
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?";
url += "wa=wsignin1.0";
url += "&whr=urn:org:apache:cxf:fediz:idp:realm-A";
url += "&wtrealm=urn:org:apache:cxf:fediz:fedizhelloworld3";
- String wreply = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ String wreply = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/secure/fedservlet/blah";
url += "&wreply=" + wreply;
@@ -638,7 +639,7 @@ public class IdpTest {
Assert.assertEquals(ex.getStatusCode(), 400);
}
}
-
+
@org.junit.Test
public void testNoEndpointAddressOrConstraint() throws Exception {
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?";
@@ -666,8 +667,8 @@ public class IdpTest {
Assert.assertEquals(ex.getStatusCode(), 400);
}
}
-
- // Send a bad wreply value. This will pass the reg ex validation but fail the commons-validator
+
+ // Send a bad wreply value. This will pass the reg ex validation but fail the commons-validator
// validation
@org.junit.Test
public void testWReplyWithDoubleSlashes() throws Exception {
@@ -675,7 +676,7 @@ public class IdpTest {
url += "wa=wsignin1.0";
url += "&whr=urn:org:apache:cxf:fediz:idp:realm-A";
url += "&wtrealm=urn:org:apache:cxf:fediz:fedizhelloworld";
- String wreply = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ String wreply = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/secure//fedservlet";
url += "&wreply=" + wreply;
@@ -697,4 +698,494 @@ public class IdpTest {
}
}
+ @Test
+ public void testIdPLogout() throws Exception {
+
+ // 1. First let's login to the IdP
+ String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?";
+ url += "wa=wsignin1.0";
+ url += "&whr=urn:org:apache:cxf:fediz:idp:realm-A";
+ url += "&wtrealm=urn:org:apache:cxf:fediz:fedizhelloworld";
+ String wreply = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
+ url += "&wreply=" + wreply;
+
+ String user = "alice";
+ String password = "ecila";
+
+ CookieManager cookieManager = new CookieManager();
+
+ WebClient webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getCredentialsProvider().setCredentials(
+ new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
+ new UsernamePasswordCredentials(user, password));
+
+ webClient.getOptions().setJavaScriptEnabled(false);
+ HtmlPage idpPage = webClient.getPage(url);
+ webClient.getOptions().setJavaScriptEnabled(true);
+ Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
+ webClient.close();
+
+ // 2. now we logout from IdP
+ String idpLogoutUrl = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?wa="
+ + FederationConstants.ACTION_SIGNOUT;
+
+ webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ idpPage = webClient.getPage(idpLogoutUrl);
+
+ Assert.assertEquals("IDP SignOut Confirmation Response Page", idpPage.getTitleText());
+
+ HtmlForm form = idpPage.getFormByName("signoutconfirmationresponseform");
+ HtmlSubmitInput button = form.getInputByName("_eventId_submit");
+ button.click();
+
+ webClient.close();
+
+ // 3. now we try to access the idp without authentication but with the existing cookies
+ // to see if we are really logged out
+ webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getOptions().setThrowExceptionOnFailingStatusCode(false);
+ idpPage = webClient.getPage(url);
+
+ Assert.assertEquals(401, idpPage.getWebResponse().getStatusCode());
+
+ webClient.close();
+ }
+
+ @Test
+ public void testIdPLogoutCleanup() throws Exception {
+
+ // 1. First let's login to the IdP
+ String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?";
+ url += "wa=wsignin1.0";
+ url += "&whr=urn:org:apache:cxf:fediz:idp:realm-A";
+ url += "&wtrealm=urn:org:apache:cxf:fediz:fedizhelloworld";
+ String wreply = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
+ url += "&wreply=" + wreply;
+
+ String user = "alice";
+ String password = "ecila";
+
+ CookieManager cookieManager = new CookieManager();
+
+ WebClient webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getCredentialsProvider().setCredentials(
+ new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
+ new UsernamePasswordCredentials(user, password));
+
+ webClient.getOptions().setJavaScriptEnabled(false);
+ HtmlPage idpPage = webClient.getPage(url);
+ webClient.getOptions().setJavaScriptEnabled(true);
+ Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
+ webClient.close();
+
+ // 2. now we logout from IdP
+ String idpLogoutUrl = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?wa="
+ + FederationConstants.ACTION_SIGNOUT_CLEANUP;
+
+ webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ idpPage = webClient.getPage(idpLogoutUrl);
+
+ Assert.assertEquals("IDP SignOut Response Page", idpPage.getTitleText());
+
+ webClient.close();
+
+ // 3. now we try to access the idp without authentication but with the existing cookies
+ // to see if we are really logged out
+ webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getOptions().setThrowExceptionOnFailingStatusCode(false);
+ idpPage = webClient.getPage(url);
+
+ Assert.assertEquals(401, idpPage.getWebResponse().getStatusCode());
+
+ webClient.close();
+ }
+
+ @Test
+ public void testIdPLogoutCleanupWithBadWReply() throws Exception {
+
+ // 1. First let's login to the IdP
+ String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?";
+ url += "wa=wsignin1.0";
+ url += "&whr=urn:org:apache:cxf:fediz:idp:realm-A";
+ url += "&wtrealm=urn:org:apache:cxf:fediz:fedizhelloworld";
+ String wreply = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
+ url += "&wreply=" + wreply;
+
+ String user = "alice";
+ String password = "ecila";
+
+ CookieManager cookieManager = new CookieManager();
+
+ WebClient webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getCredentialsProvider().setCredentials(
+ new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
+ new UsernamePasswordCredentials(user, password));
+
+ webClient.getOptions().setJavaScriptEnabled(false);
+ HtmlPage idpPage = webClient.getPage(url);
+ webClient.getOptions().setJavaScriptEnabled(true);
+ Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
+ webClient.close();
+
+ // 2. now we logout from IdP using a bad wreply
+ String badWReply = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ + "/secure//fedservlet";
+ String idpLogoutUrl = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?wa="
+ + FederationConstants.ACTION_SIGNOUT_CLEANUP;
+ idpLogoutUrl += "&wreply=" + badWReply;
+
+ webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ try {
+ webClient.getPage(idpLogoutUrl);
+ Assert.fail("Failure expected on a bad wreply value");
+ } catch (FailingHttpStatusCodeException ex) {
+ Assert.assertEquals(ex.getStatusCode(), 400);
+ }
+
+ webClient.close();
+
+ // 3. now we try to access the idp without authentication but with the existing cookies
+ // to see if we are really logged out. Even though an error was thrown on a bad wreply, we should still
+ // be logged out
+ webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getOptions().setThrowExceptionOnFailingStatusCode(false);
+ idpPage = webClient.getPage(url);
+
+ Assert.assertEquals(401, idpPage.getWebResponse().getStatusCode());
+
+ webClient.close();
+ }
+
+ @Test
+ public void testIdPLogoutWithWreplyConstraint() throws Exception {
+
+ // 1. First let's login to the IdP
+ String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?";
+ url += "wa=wsignin1.0";
+ url += "&whr=urn:org:apache:cxf:fediz:idp:realm-A";
+ url += "&wtrealm=urn:org:apache:cxf:fediz:fedizhelloworld";
+ String wreply = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
+ url += "&wreply=" + wreply;
+
+ String user = "alice";
+ String password = "ecila";
+
+ CookieManager cookieManager = new CookieManager();
+
+ WebClient webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getCredentialsProvider().setCredentials(
+ new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
+ new UsernamePasswordCredentials(user, password));
+
+ webClient.getOptions().setJavaScriptEnabled(false);
+ HtmlPage idpPage = webClient.getPage(url);
+ webClient.getOptions().setJavaScriptEnabled(true);
+ Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
+ webClient.close();
+
+ // 2. now we logout from IdP
+ String logoutWReply = "https://localhost:12345";
+ String idpLogoutUrl = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?wa="
+ + FederationConstants.ACTION_SIGNOUT + "&wreply=" + logoutWReply
+ + "&wtrealm=urn:org:apache:cxf:fediz:fedizhelloworld";
+
+ webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ idpPage = webClient.getPage(idpLogoutUrl);
+
+ Assert.assertEquals("IDP SignOut Confirmation Response Page", idpPage.getTitleText());
+
+ HtmlForm form = idpPage.getFormByName("signoutconfirmationresponseform");
+ HtmlSubmitInput button = form.getInputByName("_eventId_submit");
+ button.click();
+
+ webClient.close();
+
+ // 3. now we try to access the idp without authentication but with the existing cookies
+ // to see if we are really logged out
+ webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getOptions().setThrowExceptionOnFailingStatusCode(false);
+ idpPage = webClient.getPage(url);
+
+ Assert.assertEquals(401, idpPage.getWebResponse().getStatusCode());
+
+ webClient.close();
+ }
+
+ @Test
+ public void testIdPLogoutWithWreplyBadAddress() throws Exception {
+
+ // 1. First let's login to the IdP
+ String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?";
+ url += "wa=wsignin1.0";
+ url += "&whr=urn:org:apache:cxf:fediz:idp:realm-A";
+ url += "&wtrealm=urn:org:apache:cxf:fediz:fedizhelloworld";
+ String wreply = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
+ url += "&wreply=" + wreply;
+
+ String user = "alice";
+ String password = "ecila";
+
+ CookieManager cookieManager = new CookieManager();
+
+ WebClient webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getCredentialsProvider().setCredentials(
+ new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
+ new UsernamePasswordCredentials(user, password));
+
+ webClient.getOptions().setJavaScriptEnabled(false);
+ HtmlPage idpPage = webClient.getPage(url);
+ webClient.getOptions().setJavaScriptEnabled(true);
+ Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
+ webClient.close();
+
+ // 2. now we logout from IdP
+ String logoutWReply = "https://localhost:123456";
+ String idpLogoutUrl = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?wa="
+ + FederationConstants.ACTION_SIGNOUT + "&wreply=" + logoutWReply
+ + "&wtrealm=urn:org:apache:cxf:fediz:fedizhelloworld";
+
+ webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ try {
+ webClient.getPage(idpLogoutUrl);
+ Assert.fail("Failure expected on a non-matching wreply address");
+ } catch (FailingHttpStatusCodeException ex) {
+ Assert.assertEquals(ex.getStatusCode(), 400);
+ }
+
+ webClient.close();
+ }
+
+ @Test
+ public void testIdPLogoutWithNoRealm() throws Exception {
+
+ // 1. First let's login to the IdP
+ String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?";
+ url += "wa=wsignin1.0";
+ url += "&whr=urn:org:apache:cxf:fediz:idp:realm-A";
+ url += "&wtrealm=urn:org:apache:cxf:fediz:fedizhelloworld";
+ String wreply = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
+ url += "&wreply=" + wreply;
+
+ String user = "alice";
+ String password = "ecila";
+
+ CookieManager cookieManager = new CookieManager();
+
+ WebClient webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getCredentialsProvider().setCredentials(
+ new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
+ new UsernamePasswordCredentials(user, password));
+
+ webClient.getOptions().setJavaScriptEnabled(false);
+ HtmlPage idpPage = webClient.getPage(url);
+ webClient.getOptions().setJavaScriptEnabled(true);
+ Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
+ webClient.close();
+
+ // 2. now we logout from IdP
+ String logoutWReply = "https://localhost:12345";
+ String idpLogoutUrl = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?wa="
+ + FederationConstants.ACTION_SIGNOUT + "&wreply=" + logoutWReply;
+
+ webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ try {
+ webClient.getPage(idpLogoutUrl);
+ Assert.fail("Failure expected on a non-matching wreply address");
+ } catch (FailingHttpStatusCodeException ex) {
+ Assert.assertEquals(ex.getStatusCode(), 400);
+ }
+
+ webClient.close();
+ }
+
+ @Test
+ public void testIdPLogoutWithWreplyAddress() throws Exception {
+
+ // 1. First let's login to the IdP
+ String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?";
+ url += "wa=wsignin1.0";
+ url += "&whr=urn:org:apache:cxf:fediz:idp:realm-A";
+ url += "&wtrealm=urn:org:apache:cxf:fediz:fedizhelloworld3";
+ String wreply = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
+ url += "&wreply=" + wreply;
+
+ String user = "alice";
+ String password = "ecila";
+
+ CookieManager cookieManager = new CookieManager();
+
+ WebClient webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getCredentialsProvider().setCredentials(
+ new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
+ new UsernamePasswordCredentials(user, password));
+
+ webClient.getOptions().setJavaScriptEnabled(false);
+ HtmlPage idpPage = webClient.getPage(url);
+ webClient.getOptions().setJavaScriptEnabled(true);
+ Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
+ webClient.close();
+
+ // 2. now we logout from IdP
+ String logoutWReply = "https://localhost:12345";
+ String idpLogoutUrl = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?wa="
+ + FederationConstants.ACTION_SIGNOUT + "&wreply=" + logoutWReply
+ + "&wtrealm=urn:org:apache:cxf:fediz:fedizhelloworld3";
+
+ webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ idpPage = webClient.getPage(idpLogoutUrl);
+
+ Assert.assertEquals("IDP SignOut Confirmation Response Page", idpPage.getTitleText());
+
+ HtmlForm form = idpPage.getFormByName("signoutconfirmationresponseform");
+ HtmlSubmitInput button = form.getInputByName("_eventId_submit");
+ button.click();
+
+ webClient.close();
+
+ // 3. now we try to access the idp without authentication but with the existing cookies
+ // to see if we are really logged out
+ webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getOptions().setThrowExceptionOnFailingStatusCode(false);
+ idpPage = webClient.getPage(url);
+
+ Assert.assertEquals(401, idpPage.getWebResponse().getStatusCode());
+
+ webClient.close();
+ }
+
+ @Test
+ public void testIdPLogoutWithBadAddress() throws Exception {
+
+ // 1. First let's login to the IdP
+ String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?";
+ url += "wa=wsignin1.0";
+ url += "&whr=urn:org:apache:cxf:fediz:idp:realm-A";
+ url += "&wtrealm=urn:org:apache:cxf:fediz:fedizhelloworld3";
+ String wreply = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
+ url += "&wreply=" + wreply;
+
+ String user = "alice";
+ String password = "ecila";
+
+ CookieManager cookieManager = new CookieManager();
+
+ WebClient webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getCredentialsProvider().setCredentials(
+ new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
+ new UsernamePasswordCredentials(user, password));
+
+ webClient.getOptions().setJavaScriptEnabled(false);
+ HtmlPage idpPage = webClient.getPage(url);
+ webClient.getOptions().setJavaScriptEnabled(true);
+ Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
+ webClient.close();
+
+ // 2. now we logout from IdP
+ String logoutWReply = "https://localhost:123456";
+ String idpLogoutUrl = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?wa="
+ + FederationConstants.ACTION_SIGNOUT + "&wreply=" + logoutWReply
+ + "&wtrealm=urn:org:apache:cxf:fediz:fedizhelloworld3";
+
+ webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ try {
+ webClient.getPage(idpLogoutUrl);
+ Assert.fail("Failure expected on a non-matching wreply address");
+ } catch (FailingHttpStatusCodeException ex) {
+ Assert.assertEquals(ex.getStatusCode(), 400);
+ }
+
+ webClient.close();
+ }
+
+ @Test
+ public void testIdPLogoutWithNoConfiguredConstraint() throws Exception {
+
+ // 1. First let's login to the IdP
+ String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?";
+ url += "wa=wsignin1.0";
+ url += "&whr=urn:org:apache:cxf:fediz:idp:realm-A";
+ url += "&wtrealm=urn:org:apache:cxf:fediz:fedizhelloworld2";
+ String wreply = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure2/fedservlet";
+ url += "&wreply=" + wreply;
+
+ String user = "alice";
+ String password = "ecila";
+
+ CookieManager cookieManager = new CookieManager();
+
+ WebClient webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getCredentialsProvider().setCredentials(
+ new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
+ new UsernamePasswordCredentials(user, password));
+
+ webClient.getOptions().setJavaScriptEnabled(false);
+ HtmlPage idpPage = webClient.getPage(url);
+ webClient.getOptions().setJavaScriptEnabled(true);
+ Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
+ webClient.close();
+
+ // 2. now we logout from IdP
+ String logoutWReply = "https://localhost:12345";
+ String idpLogoutUrl = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?wa="
+ + FederationConstants.ACTION_SIGNOUT + "&wreply=" + logoutWReply
+ + "&wtrealm=urn:org:apache:cxf:fediz:fedizhelloworld2";
+
+ webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ try {
+ webClient.getPage(idpLogoutUrl);
+ Assert.fail("Failure expected on a non-matching wreply address");
+ } catch (FailingHttpStatusCodeException ex) {
+ Assert.assertEquals(ex.getStatusCode(), 400);
+ }
+
+ webClient.close();
+ }
+
+>>>>>>> 5eba7a0... FEDIZ-200 - Make one of logoutEndpoint or logoutEndpointConstraint mandatory in the IDP
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/30e0d900/systests/idp/src/test/resources/realma/entities-realma.xml
----------------------------------------------------------------------
diff --git a/systests/idp/src/test/resources/realma/entities-realma.xml b/systests/idp/src/test/resources/realma/entities-realma.xml
index 76008b1..51ca9df 100644
--- a/systests/idp/src/test/resources/realma/entities-realma.xml
+++ b/systests/idp/src/test/resources/realma/entities-realma.xml
@@ -108,6 +108,7 @@
<property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
<property name="lifeTime" value="3600" />
<property name="passiveRequestorEndpointConstraint" value="https://localhost:(\d)*/(\w)*helloworld(\w)*/secure/.*"/>
+ <property name="logoutEndpointConstraint" value="https://localhost:(\d)*" />
</bean>
<bean id="srv-fedizhelloworld2" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity">
@@ -132,6 +133,7 @@
<property name="lifeTime" value="3600" />
<property name="passiveRequestorEndpoint"
value="https://localhost:${rp.https.port}/fedizhelloworld/secure/fedservlet" />
+ <property name="logoutEndpoint" value="https://localhost:12345" />
</bean>
<bean id="srv-fedizhelloworld4" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity">
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/30e0d900/systests/tomcat7/src/test/resources/realma/entities-realma.xml
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/resources/realma/entities-realma.xml b/systests/tomcat7/src/test/resources/realma/entities-realma.xml
index f947274..95bfc9d 100644
--- a/systests/tomcat7/src/test/resources/realma/entities-realma.xml
+++ b/systests/tomcat7/src/test/resources/realma/entities-realma.xml
@@ -106,6 +106,7 @@
<property name="lifeTime" value="3600" />
<property name="passiveRequestorEndpointConstraint"
value="https://localhost:(\d)*/(\w)*helloworld(\w)*/secure/.*" />
+ <property name="logoutEndpointConstraint" value="https://localhost:?(\d)*/.*" />
</bean>
<bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
[4/5] cxf-fediz git commit: Fixing tests
Posted by co...@apache.org.
Fixing tests
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/229c2b90
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/229c2b90
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/229c2b90
Branch: refs/heads/1.2.x-fixes
Commit: 229c2b90cd5e97fa2f21272351b3abedcbe37d90
Parents: 80fd043
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Apr 13 15:18:20 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Apr 13 15:18:20 2017 +0100
----------------------------------------------------------------------
.../core/federation/FederationLogoutTest.java | 113 ++++++++++---------
1 file changed, 57 insertions(+), 56 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/229c2b90/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationLogoutTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationLogoutTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationLogoutTest.java
index fd2163e..c1cb25b 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationLogoutTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationLogoutTest.java
@@ -46,31 +46,32 @@ public class FederationLogoutTest {
private static final String LOGOUT_URL = "https://localhost/fedizhelloworld/secure/logout";
private static final String LOGOUT_URI = "/secure/logout";
private static final String REPLY_URI = "/wreply.html";
- private static final String REPLY_URL = "https://localhost/fedizhelloworld/secure/wreply.html";
+ private static final String REPLY_URL = "https://localhost/secure/wreply.html";
+ private static final String BAD_REPLY_URI = "/secure/badreply.html";
private static final String BAD_REPLY_URL = "https://localhost/fedizhelloworld/secure/badreply.html";
-
+
private static final String CONFIG_FILE = "fediz_test_config_logout.xml";
-
+
private static FedizConfigurator configurator;
private static DocumentBuilderFactory docBuilderFactory;
-
+
static {
docBuilderFactory = DocumentBuilderFactory.newInstance();
docBuilderFactory.setNamespaceAware(true);
}
-
-
+
+
@BeforeClass
public static void init() {
getFederationConfigurator();
Assert.assertNotNull(configurator);
}
-
+
@AfterClass
public static void cleanup() {
SecurityTestUtil.cleanup();
}
-
+
private static FedizConfigurator getFederationConfigurator() {
if (configurator != null) {
@@ -88,11 +89,11 @@ public class FederationLogoutTest {
return null;
}
}
-
+
@org.junit.Test
public void testSignoutCustomURL() throws Exception {
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION)).andReturn(null).anyTimes();
EasyMock.expect(req.getParameter(FederationConstants.PARAM_REPLY)).andReturn(null);
@@ -100,10 +101,10 @@ public class FederationLogoutTest {
EasyMock.expect(req.getRequestURI()).andReturn(LOGOUT_URI);
EasyMock.expect(req.getContextPath()).andReturn(LOGOUT_URI);
EasyMock.replay(req);
-
+
LogoutHandler logoutHandler = new LogoutHandler(config);
Assert.assertTrue(logoutHandler.canHandleRequest(req));
-
+
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
String expectedRedirectToIdP =
"http://url_to_the_issuer?wa=wsignout1.0&wreply=https%3A%2F%2Flocalhost%2Fsecure%2Flogout%2Findex.html"
@@ -113,47 +114,47 @@ public class FederationLogoutTest {
EasyMock.replay(resp);
logoutHandler.handleRequest(req, resp);
}
-
+
@org.junit.Test
public void testSignoutCustomURLWithWReply() throws Exception {
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION)).andReturn(null).anyTimes();
- EasyMock.expect(req.getParameter(FederationConstants.PARAM_REPLY)).andReturn(REPLY_URL).anyTimes();
+ EasyMock.expect(req.getParameter(FederationConstants.PARAM_REPLY)).andReturn(REPLY_URI).anyTimes();
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(LOGOUT_URL));
EasyMock.expect(req.getRequestURI()).andReturn(LOGOUT_URI);
EasyMock.expect(req.getContextPath()).andReturn(LOGOUT_URI);
EasyMock.replay(req);
-
+
LogoutHandler logoutHandler = new LogoutHandler(config);
Assert.assertTrue(logoutHandler.canHandleRequest(req));
-
+
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
String expectedRedirectToIdP =
- "http://url_to_the_issuer?wa=wsignout1.0&wreply=" + URLEncoder.encode(REPLY_URL, "UTF-8")
+ "http://url_to_the_issuer?wa=wsignout1.0&wreply=https%3A%2F%2Flocalhost%2Fsecure%2Flogout%2Fwreply.html"
+ "&wtrealm=target+realm";
resp.sendRedirect(expectedRedirectToIdP);
EasyMock.expectLastCall();
EasyMock.replay(resp);
logoutHandler.handleRequest(req, resp);
}
-
+
@org.junit.Test
public void testSignoutCustomURLWithBadWReply() throws Exception {
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION)).andReturn(null).anyTimes();
- EasyMock.expect(req.getParameter(FederationConstants.PARAM_REPLY)).andReturn(BAD_REPLY_URL).anyTimes();
+ EasyMock.expect(req.getParameter(FederationConstants.PARAM_REPLY)).andReturn(BAD_REPLY_URI).anyTimes();
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(LOGOUT_URL));
EasyMock.expect(req.getRequestURI()).andReturn(LOGOUT_URI);
EasyMock.expect(req.getContextPath()).andReturn(LOGOUT_URI);
EasyMock.replay(req);
-
+
LogoutHandler logoutHandler = new LogoutHandler(config);
Assert.assertTrue(logoutHandler.canHandleRequest(req));
-
+
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
String expectedRedirectToIdP =
"http://url_to_the_issuer?wa=wsignout1.0&wreply=https%3A%2F%2Flocalhost%2Fsecure%2Flogout%2Findex.html"
@@ -167,7 +168,7 @@ public class FederationLogoutTest {
@org.junit.Test
public void testSignoutCustomURLWithNoConfiguredConstraint() throws Exception {
FedizContext config = getFederationConfigurator().getFedizContext("ROOT2");
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION)).andReturn(null).anyTimes();
EasyMock.expect(req.getParameter(FederationConstants.PARAM_REPLY)).andReturn(REPLY_URI).anyTimes();
@@ -175,10 +176,10 @@ public class FederationLogoutTest {
EasyMock.expect(req.getRequestURI()).andReturn(LOGOUT_URI);
EasyMock.expect(req.getContextPath()).andReturn(LOGOUT_URI);
EasyMock.replay(req);
-
+
LogoutHandler logoutHandler = new LogoutHandler(config);
Assert.assertTrue(logoutHandler.canHandleRequest(req));
-
+
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
String expectedRedirectToIdP =
"http://url_to_the_issuer?wa=wsignout1.0&wreply=https%3A%2F%2Flocalhost%2Fsecure%2Flogout%2Findex.html"
@@ -188,11 +189,11 @@ public class FederationLogoutTest {
EasyMock.replay(resp);
logoutHandler.handleRequest(req, resp);
}
-
+
@org.junit.Test
public void testSignoutAction() throws Exception {
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION))
.andReturn(FederationConstants.ACTION_SIGNOUT).anyTimes();
@@ -201,10 +202,10 @@ public class FederationLogoutTest {
EasyMock.expect(req.getRequestURI()).andReturn("/secure");
EasyMock.expect(req.getContextPath()).andReturn("/secure");
EasyMock.replay(req);
-
+
LogoutHandler logoutHandler = new LogoutHandler(config);
Assert.assertTrue(logoutHandler.canHandleRequest(req));
-
+
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
String expectedRedirectToIdP =
"http://url_to_the_issuer?wa=wsignout1.0&wreply=https%3A%2F%2Flocalhost%2Fsecure%2Findex.html"
@@ -214,23 +215,23 @@ public class FederationLogoutTest {
EasyMock.replay(resp);
logoutHandler.handleRequest(req, resp);
}
-
+
@org.junit.Test
public void testSignoutActionWithWReply() throws Exception {
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION))
.andReturn(FederationConstants.ACTION_SIGNOUT).anyTimes();
- EasyMock.expect(req.getParameter(FederationConstants.PARAM_REPLY)).andReturn(REPLY_URL).anyTimes();
+ EasyMock.expect(req.getParameter(FederationConstants.PARAM_REPLY)).andReturn(REPLY_URI).anyTimes();
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer("https://localhost/fedizhelloworld/secure"));
EasyMock.expect(req.getRequestURI()).andReturn("/secure");
EasyMock.expect(req.getContextPath()).andReturn("/secure");
EasyMock.replay(req);
-
+
LogoutHandler logoutHandler = new LogoutHandler(config);
Assert.assertTrue(logoutHandler.canHandleRequest(req));
-
+
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
String expectedRedirectToIdP =
"http://url_to_the_issuer?wa=wsignout1.0&wreply=" + URLEncoder.encode(REPLY_URL, "UTF-8")
@@ -240,23 +241,23 @@ public class FederationLogoutTest {
EasyMock.replay(resp);
logoutHandler.handleRequest(req, resp);
}
-
+
@org.junit.Test
public void testSignoutActionWithBadWReply() throws Exception {
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION))
.andReturn(FederationConstants.ACTION_SIGNOUT).anyTimes();
- EasyMock.expect(req.getParameter(FederationConstants.PARAM_REPLY)).andReturn(BAD_REPLY_URL).anyTimes();
+ EasyMock.expect(req.getParameter(FederationConstants.PARAM_REPLY)).andReturn(BAD_REPLY_URI).anyTimes();
EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer("https://localhost/fedizhelloworld/secure"));
EasyMock.expect(req.getRequestURI()).andReturn("/secure");
EasyMock.expect(req.getContextPath()).andReturn("/secure");
EasyMock.replay(req);
-
+
LogoutHandler logoutHandler = new LogoutHandler(config);
Assert.assertTrue(logoutHandler.canHandleRequest(req));
-
+
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
String expectedRedirectToIdP =
"http://url_to_the_issuer?wa=wsignout1.0&wreply=https%3A%2F%2Flocalhost%2Fsecure%2Findex.html"
@@ -266,11 +267,11 @@ public class FederationLogoutTest {
EasyMock.replay(resp);
logoutHandler.handleRequest(req, resp);
}
-
+
@org.junit.Test
public void testSignoutActionWithNoConfiguredConstraint() throws Exception {
FedizContext config = getFederationConfigurator().getFedizContext("ROOT2");
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION))
.andReturn(FederationConstants.ACTION_SIGNOUT).anyTimes();
@@ -279,10 +280,10 @@ public class FederationLogoutTest {
EasyMock.expect(req.getRequestURI()).andReturn("/secure");
EasyMock.expect(req.getContextPath()).andReturn("/secure");
EasyMock.replay(req);
-
+
LogoutHandler logoutHandler = new LogoutHandler(config);
Assert.assertTrue(logoutHandler.canHandleRequest(req));
-
+
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
String expectedRedirectToIdP =
"http://url_to_the_issuer?wa=wsignout1.0&wreply=https%3A%2F%2Flocalhost%2Fsecure%2Findex.html"
@@ -292,11 +293,11 @@ public class FederationLogoutTest {
EasyMock.replay(resp);
logoutHandler.handleRequest(req, resp);
}
-
+
@org.junit.Test
public void testSignoutCleanupWithWReply() throws Exception {
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
HttpSession session = EasyMock.createMock(HttpSession.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION))
@@ -304,10 +305,10 @@ public class FederationLogoutTest {
EasyMock.expect(req.getSession()).andReturn(session);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_REPLY)).andReturn(REPLY_URL).anyTimes();
EasyMock.replay(req);
-
+
LogoutHandler logoutHandler = new LogoutHandler(config);
Assert.assertTrue(logoutHandler.canHandleRequest(req));
-
+
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
String expectedRedirect = URLEncoder.encode(REPLY_URL, "UTF-8");
resp.sendRedirect(expectedRedirect);
@@ -315,11 +316,11 @@ public class FederationLogoutTest {
EasyMock.replay(resp);
logoutHandler.handleRequest(req, resp);
}
-
+
@org.junit.Test
public void testSignoutCleanupWithBadWReply() throws Exception {
FedizContext config = getFederationConfigurator().getFedizContext("ROOT");
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
HttpSession session = EasyMock.createMock(HttpSession.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION))
@@ -327,10 +328,10 @@ public class FederationLogoutTest {
EasyMock.expect(req.getSession()).andReturn(session);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_REPLY)).andReturn(BAD_REPLY_URL).anyTimes();
EasyMock.replay(req);
-
+
LogoutHandler logoutHandler = new LogoutHandler(config);
Assert.assertTrue(logoutHandler.canHandleRequest(req));
-
+
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
resp.setContentType("image/jpeg");
ServletOutputStream outputStream = EasyMock.createMock(ServletOutputStream.class);
@@ -339,11 +340,11 @@ public class FederationLogoutTest {
EasyMock.replay(resp);
logoutHandler.handleRequest(req, resp);
}
-
+
@org.junit.Test
public void testSignoutCleanupWithNoConfiguredConstraint() throws Exception {
FedizContext config = getFederationConfigurator().getFedizContext("ROOT2");
-
+
HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
HttpSession session = EasyMock.createMock(HttpSession.class);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION))
@@ -351,10 +352,10 @@ public class FederationLogoutTest {
EasyMock.expect(req.getSession()).andReturn(session);
EasyMock.expect(req.getParameter(FederationConstants.PARAM_REPLY)).andReturn(REPLY_URL).anyTimes();
EasyMock.replay(req);
-
+
LogoutHandler logoutHandler = new LogoutHandler(config);
Assert.assertTrue(logoutHandler.canHandleRequest(req));
-
+
HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
resp.setContentType("image/jpeg");
ServletOutputStream outputStream = EasyMock.createMock(ServletOutputStream.class);
[5/5] cxf-fediz git commit: Fixing merge
Posted by co...@apache.org.
Fixing merge
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/bf5f471d
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/bf5f471d
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/bf5f471d
Branch: refs/heads/1.2.x-fixes
Commit: bf5f471d45f147bae346b45f0cf45ac20f53a1e5
Parents: 229c2b9
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Apr 13 16:01:00 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Apr 13 16:01:00 2017 +0100
----------------------------------------------------------------------
.../idp/beans/EndpointAddressValidator.java | 5 +++
.../fediz/service/idp/domain/Application.java | 4 +-
.../cxf/fediz/service/idp/domain/Idp.java | 2 +-
.../idp/src/main/resources/entities-realma.xml | 1 -
.../WEB-INF/federation-validate-request.xml | 14 +++++--
.../apache/cxf/fediz/systests/idp/IdpTest.java | 40 +++-----------------
6 files changed, 24 insertions(+), 42 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf5f471d/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/EndpointAddressValidator.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/EndpointAddressValidator.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/EndpointAddressValidator.java
index 83299cb..3e3d09c 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/EndpointAddressValidator.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/EndpointAddressValidator.java
@@ -64,6 +64,11 @@ public class EndpointAddressValidator {
return true;
}
+ if (realm == null) {
+ LOG.warn("No service config found for " + realm);
+ return false;
+ }
+
Application serviceConfig = idpConfig.findApplication(realm);
if (serviceConfig == null) {
LOG.warn("No service config found for " + realm);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf5f471d/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java
index fca01e1..b90b831 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Application.java
@@ -33,8 +33,8 @@ import javax.xml.bind.annotation.XmlType;
@XmlRootElement(name = "application", namespace = "http://org.apache.cxf.fediz/")
@XmlType(propOrder = {"realm", "role", "serviceDisplayName", "serviceDescription", "protocol",
"tokenType", "lifeTime", "encryptionCertificate", "requestedClaims",
- "policyNamespace", "passiveRequestorEndpoint", "passiveRequestorEndpointConstraint", "id" })
- "logoutEndpoint", "logoutEndpointConstraint"})
+ "policyNamespace", "passiveRequestorEndpoint", "passiveRequestorEndpointConstraint", "id",
+ "logoutEndpoint", "logoutEndpointConstraint" })
public class Application implements Serializable {
private static final long serialVersionUID = 5644327504861846964L;
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf5f471d/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java
index bc4fe27..53e4ab9 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java
@@ -36,7 +36,7 @@ import javax.xml.bind.annotation.XmlType;
"certificate", "certificatePassword", "provideIdpList", "useCurrentIdp", "hrds",
"rpSingleSignOutConfirmation", "supportedProtocols", "tokenTypesOffered", "claimTypesOffered",
"authenticationURIs", "applications", "trustedIdps", "id", "rpSingleSignOutCleanupConfirmation",
- "disableLogoutAddressValidation"})
+ "disableLogoutAddressValidation" })
public class Idp implements Serializable {
private static final long serialVersionUID = -5570301342547139039L;
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf5f471d/services/idp/src/main/resources/entities-realma.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/resources/entities-realma.xml b/services/idp/src/main/resources/entities-realma.xml
index cdb116f..7d1490a 100644
--- a/services/idp/src/main/resources/entities-realma.xml
+++ b/services/idp/src/main/resources/entities-realma.xml
@@ -118,7 +118,6 @@
<property name="lifeTime" value="3600" />
<property name="passiveRequestorEndpointConstraint" value="https://localhost:?(\d)*/fediz-oidc/.*" />
<property name="logoutEndpointConstraint" value="https://localhost:?(\d)*/.*" />
->>>>>>> 5eba7a0... FEDIZ-200 - Make one of logoutEndpoint or logoutEndpointConstraint mandatory in the IDP
</bean>
<bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf5f471d/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml
index d37b13a..246657d 100644
--- a/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/federation-validate-request.xml
@@ -40,7 +40,7 @@
</on-entry>
<if
test="requestParameters.wa == 'wsignout1.0' or requestParameters.wa == 'wsignoutcleanup1.0'"
- then="validateWReplyForSignout" />
+ then="parseLogoutWreply" />
<if
test="requestParameters.wa == 'wsignin1.0'" then="selectWsFedProcess"
else="selectSAMLProcess" />
@@ -62,10 +62,18 @@
then="viewBadRequest" else="signinResponse" />
</decision-state>
- <action-state id="validateWReplyForSignout">
+ <action-state id="parseLogoutWreply">
<on-entry>
- <evaluate expression="@org.apache.cxf.fediz.service.idp.util.WebUtils@getHttpHeader(flowRequestContext, 'Referer')" result="flowScope.wreply"/>
+ <evaluate expression="@org.apache.cxf.fediz.service.idp.util.WebUtils@getHttpHeader(flowRequestContext, 'Referer')" result="flowScope.referer"/>
</on-entry>
+ <evaluate expression="flowScope.referer == null" />
+ <transition on="yes" to="validateWReplyForSignout" />
+ <transition on="no" to="validateWReplyForSignout" >
+ <set name="flowScope.wreply" value="flowScope.referer" />
+ </transition>
+ </action-state>
+
+ <action-state id="validateWReplyForSignout">
<evaluate expression="commonsURLValidator.isValid(flowRequestContext, flowScope.wreply)
and endpointAddressValidator.isValidSignoutAddress(flowRequestContext, flowScope.wreply, flowScope.wtrealm)"/>
<transition on="yes" to="selectSignOutProcess" />
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf5f471d/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
----------------------------------------------------------------------
diff --git a/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java b/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
index 70ccbc1..2b40e30 100644
--- a/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
+++ b/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
@@ -29,11 +29,14 @@ import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
+import com.gargoylesoftware.htmlunit.CookieManager;
import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
import com.gargoylesoftware.htmlunit.WebClient;
import com.gargoylesoftware.htmlunit.html.DomElement;
import com.gargoylesoftware.htmlunit.html.DomNodeList;
+import com.gargoylesoftware.htmlunit.html.HtmlForm;
import com.gargoylesoftware.htmlunit.html.HtmlPage;
+import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
import com.gargoylesoftware.htmlunit.xml.XmlPage;
import org.apache.catalina.LifecycleException;
@@ -41,6 +44,7 @@ import org.apache.catalina.LifecycleState;
import org.apache.catalina.connector.Connector;
import org.apache.catalina.startup.Tomcat;
import org.apache.commons.io.IOUtils;
+import org.apache.cxf.fediz.core.FederationConstants;
import org.apache.cxf.fediz.core.util.DOMUtils;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
@@ -697,7 +701,7 @@ public class IdpTest {
Assert.assertEquals(ex.getStatusCode(), 400);
}
}
-
+
@Test
public void testIdPLogout() throws Exception {
@@ -725,7 +729,6 @@ public class IdpTest {
HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
- webClient.close();
// 2. now we logout from IdP
String idpLogoutUrl = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?wa="
@@ -742,8 +745,6 @@ public class IdpTest {
HtmlSubmitInput button = form.getInputByName("_eventId_submit");
button.click();
- webClient.close();
-
// 3. now we try to access the idp without authentication but with the existing cookies
// to see if we are really logged out
webClient = new WebClient();
@@ -754,7 +755,6 @@ public class IdpTest {
Assert.assertEquals(401, idpPage.getWebResponse().getStatusCode());
- webClient.close();
}
@Test
@@ -784,7 +784,6 @@ public class IdpTest {
HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
- webClient.close();
// 2. now we logout from IdP
String idpLogoutUrl = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?wa="
@@ -797,8 +796,6 @@ public class IdpTest {
Assert.assertEquals("IDP SignOut Response Page", idpPage.getTitleText());
- webClient.close();
-
// 3. now we try to access the idp without authentication but with the existing cookies
// to see if we are really logged out
webClient = new WebClient();
@@ -808,8 +805,6 @@ public class IdpTest {
idpPage = webClient.getPage(url);
Assert.assertEquals(401, idpPage.getWebResponse().getStatusCode());
-
- webClient.close();
}
@Test
@@ -839,7 +834,6 @@ public class IdpTest {
HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
- webClient.close();
// 2. now we logout from IdP using a bad wreply
String badWReply = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
@@ -858,8 +852,6 @@ public class IdpTest {
Assert.assertEquals(ex.getStatusCode(), 400);
}
- webClient.close();
-
// 3. now we try to access the idp without authentication but with the existing cookies
// to see if we are really logged out. Even though an error was thrown on a bad wreply, we should still
// be logged out
@@ -871,7 +863,6 @@ public class IdpTest {
Assert.assertEquals(401, idpPage.getWebResponse().getStatusCode());
- webClient.close();
}
@Test
@@ -901,7 +892,6 @@ public class IdpTest {
HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
- webClient.close();
// 2. now we logout from IdP
String logoutWReply = "https://localhost:12345";
@@ -920,8 +910,6 @@ public class IdpTest {
HtmlSubmitInput button = form.getInputByName("_eventId_submit");
button.click();
- webClient.close();
-
// 3. now we try to access the idp without authentication but with the existing cookies
// to see if we are really logged out
webClient = new WebClient();
@@ -931,8 +919,6 @@ public class IdpTest {
idpPage = webClient.getPage(url);
Assert.assertEquals(401, idpPage.getWebResponse().getStatusCode());
-
- webClient.close();
}
@Test
@@ -962,7 +948,6 @@ public class IdpTest {
HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
- webClient.close();
// 2. now we logout from IdP
String logoutWReply = "https://localhost:12345/badlogout";
@@ -980,7 +965,6 @@ public class IdpTest {
Assert.assertEquals(ex.getStatusCode(), 400);
}
- webClient.close();
}
@Test
@@ -1010,7 +994,6 @@ public class IdpTest {
HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
- webClient.close();
// 2. now we logout from IdP
String logoutWReply = "https://localhost:12345";
@@ -1027,7 +1010,6 @@ public class IdpTest {
Assert.assertEquals(ex.getStatusCode(), 400);
}
- webClient.close();
}
@Test
@@ -1057,7 +1039,6 @@ public class IdpTest {
HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
- webClient.close();
// 2. now we logout from IdP
String logoutWReply = "https://localhost:12345";
@@ -1076,8 +1057,6 @@ public class IdpTest {
HtmlSubmitInput button = form.getInputByName("_eventId_submit");
button.click();
- webClient.close();
-
// 3. now we try to access the idp without authentication but with the existing cookies
// to see if we are really logged out
webClient = new WebClient();
@@ -1087,8 +1066,6 @@ public class IdpTest {
idpPage = webClient.getPage(url);
Assert.assertEquals(401, idpPage.getWebResponse().getStatusCode());
-
- webClient.close();
}
@Test
@@ -1118,7 +1095,6 @@ public class IdpTest {
HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
- webClient.close();
// 2. now we logout from IdP
String logoutWReply = "https://localhost:12345/badlogout";
@@ -1135,8 +1111,6 @@ public class IdpTest {
} catch (FailingHttpStatusCodeException ex) {
Assert.assertEquals(ex.getStatusCode(), 400);
}
-
- webClient.close();
}
@Test
@@ -1166,7 +1140,6 @@ public class IdpTest {
HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
- webClient.close();
// 2. now we logout from IdP
String logoutWReply = "https://localhost:12345";
@@ -1183,9 +1156,6 @@ public class IdpTest {
} catch (FailingHttpStatusCodeException ex) {
Assert.assertEquals(ex.getStatusCode(), 400);
}
-
- webClient.close();
}
->>>>>>> 5eba7a0... FEDIZ-200 - Make one of logoutEndpoint or logoutEndpointConstraint mandatory in the IDP
}
[2/5] cxf-fediz git commit: Fixing tests
Posted by co...@apache.org.
Fixing tests
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/9009c94c
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/9009c94c
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/9009c94c
Branch: refs/heads/1.2.x-fixes
Commit: 9009c94c0de62d35013f74a4da4315d77b29e5b3
Parents: 30e0d90
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Apr 13 13:43:07 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Apr 13 14:50:06 2017 +0100
----------------------------------------------------------------------
.../src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/9009c94c/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
----------------------------------------------------------------------
diff --git a/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java b/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
index 61d10ff..70ccbc1 100644
--- a/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
+++ b/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
@@ -965,7 +965,7 @@ public class IdpTest {
webClient.close();
// 2. now we logout from IdP
- String logoutWReply = "https://localhost:123456";
+ String logoutWReply = "https://localhost:12345/badlogout";
String idpLogoutUrl = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?wa="
+ FederationConstants.ACTION_SIGNOUT + "&wreply=" + logoutWReply
+ "&wtrealm=urn:org:apache:cxf:fediz:fedizhelloworld";
@@ -1121,7 +1121,7 @@ public class IdpTest {
webClient.close();
// 2. now we logout from IdP
- String logoutWReply = "https://localhost:123456";
+ String logoutWReply = "https://localhost:12345/badlogout";
String idpLogoutUrl = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?wa="
+ FederationConstants.ACTION_SIGNOUT + "&wreply=" + logoutWReply
+ "&wtrealm=urn:org:apache:cxf:fediz:fedizhelloworld3";
[3/5] cxf-fediz git commit: Removing printlns
Posted by co...@apache.org.
Removing printlns
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/80fd043f
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/80fd043f
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/80fd043f
Branch: refs/heads/1.2.x-fixes
Commit: 80fd043f89b43b63346a0b4accad29fdc8e56d66
Parents: 9009c94
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Apr 13 13:43:46 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Apr 13 14:50:15 2017 +0100
----------------------------------------------------------------------
.../cxf/fediz/service/idp/beans/EndpointAddressValidator.java | 4 ----
1 file changed, 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/80fd043f/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/EndpointAddressValidator.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/EndpointAddressValidator.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/EndpointAddressValidator.java
index 536a2e6..83299cb 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/EndpointAddressValidator.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/EndpointAddressValidator.java
@@ -55,7 +55,6 @@ public class EndpointAddressValidator {
public boolean isValidSignoutAddress(RequestContext context, String endpointAddress, String realm)
throws Exception {
- System.out.println("EA: " + endpointAddress + " " + realm);
if (endpointAddress == null) {
return true;
}
@@ -99,7 +98,6 @@ public class EndpointAddressValidator {
}
private boolean validateSignoutEndpointAddress(Application serviceConfig, String endpointAddress) {
- System.out.println("HERE");
if (serviceConfig.getLogoutEndpoint() == null
&& serviceConfig.getCompiledLogoutEndpointConstraint() == null) {
LOG.error("Either the 'logoutEndpoint' or the 'logoutEndpointConstraint' "
@@ -120,8 +118,6 @@ public class EndpointAddressValidator {
}
}
- System.out.println("RET FALSE");
-
return false;
}