You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/10/10 15:23:01 UTC
[cxf-fediz] 02/02: Missing files from last commit
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 1.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git
commit 019f145294b9ab2903f59f1ce0c95049a999a684
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Tue Oct 10 16:21:23 2017 +0100
Missing files from last commit
---
.../fediz/integrationtests/TokenExpiryTest.java | 157 +++++++++++++++++++++
.../fediz/integrationtests/TokenExpiryTest.java | 142 +++++++++++++++++++
.../integrationtests/AbstractExpiryTests.java | 144 +++++++++++++++++++
3 files changed, 443 insertions(+)
diff --git a/systests/cxf/src/test/java/org/apache/cxf/fediz/integrationtests/TokenExpiryTest.java b/systests/cxf/src/test/java/org/apache/cxf/fediz/integrationtests/TokenExpiryTest.java
new file mode 100644
index 0000000..3fe9365
--- /dev/null
+++ b/systests/cxf/src/test/java/org/apache/cxf/fediz/integrationtests/TokenExpiryTest.java
@@ -0,0 +1,157 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.integrationtests;
+
+import java.io.File;
+
+import org.apache.catalina.LifecycleState;
+import org.apache.catalina.connector.Connector;
+import org.apache.catalina.startup.Tomcat;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+
+/**
+ * Some token expiry tests
+ */
+public class TokenExpiryTest extends AbstractExpiryTests {
+
+ static String idpHttpsPort;
+ static String rpHttpsPort;
+
+ private static Tomcat idpServer;
+ private static Tomcat rpServer;
+
+ @BeforeClass
+ public static void init() {
+ idpHttpsPort = System.getProperty("idp.https.port");
+ // idpHttpsPort = "12345";
+ Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
+ rpHttpsPort = System.getProperty("rp.https.port");
+ Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
+
+ initIdp();
+ initRp();
+ }
+
+ private static void initIdp() {
+ try {
+ idpServer = new Tomcat();
+ idpServer.setPort(0);
+ String currentDir = new File(".").getCanonicalPath();
+ idpServer.setBaseDir(currentDir + File.separator + "target");
+
+ idpServer.getHost().setAppBase("tomcat/idp/webapps");
+ idpServer.getHost().setAutoDeploy(true);
+ idpServer.getHost().setDeployOnStartup(true);
+
+ Connector httpsConnector = new Connector();
+ httpsConnector.setPort(Integer.parseInt(idpHttpsPort));
+ httpsConnector.setSecure(true);
+ httpsConnector.setScheme("https");
+ httpsConnector.setAttribute("keyAlias", "mytomidpkey");
+ httpsConnector.setAttribute("keystorePass", "tompass");
+ httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
+ httpsConnector.setAttribute("truststorePass", "tompass");
+ httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
+ httpsConnector.setAttribute("clientAuth", "want");
+ // httpsConnector.setAttribute("clientAuth", "false");
+ httpsConnector.setAttribute("sslProtocol", "TLS");
+ httpsConnector.setAttribute("SSLEnabled", true);
+
+ idpServer.getService().addConnector(httpsConnector);
+
+ idpServer.addWebapp("/fediz-idp-sts", "fediz-idp-sts");
+ idpServer.addWebapp("/fediz-idp", "fediz-idp");
+
+ idpServer.start();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ private static void initRp() {
+ try {
+ rpServer = new Tomcat();
+ rpServer.setPort(0);
+ String currentDir = new File(".").getCanonicalPath();
+ rpServer.setBaseDir(currentDir + File.separator + "target");
+
+ rpServer.getHost().setAppBase("tomcat/rp/webapps");
+ rpServer.getHost().setAutoDeploy(true);
+ rpServer.getHost().setDeployOnStartup(true);
+
+ Connector httpsConnector = new Connector();
+ httpsConnector.setPort(Integer.parseInt(rpHttpsPort));
+ httpsConnector.setSecure(true);
+ httpsConnector.setScheme("https");
+ httpsConnector.setAttribute("keyAlias", "mytomidpkey");
+ httpsConnector.setAttribute("keystorePass", "tompass");
+ httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
+ httpsConnector.setAttribute("truststorePass", "tompass");
+ httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
+ // httpsConnector.setAttribute("clientAuth", "false");
+ httpsConnector.setAttribute("clientAuth", "want");
+ httpsConnector.setAttribute("sslProtocol", "TLS");
+ httpsConnector.setAttribute("SSLEnabled", true);
+
+ rpServer.getService().addConnector(httpsConnector);
+
+ rpServer.addWebapp("/fedizhelloworld", "cxfWebappExpiry");
+
+ rpServer.start();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ @AfterClass
+ public static void cleanup() {
+ shutdownServer(idpServer);
+ shutdownServer(rpServer);
+ }
+
+ private static void shutdownServer(Tomcat server) {
+ try {
+ if (server != null && server.getServer() != null
+ && server.getServer().getState() != LifecycleState.DESTROYED) {
+ if (server.getServer().getState() != LifecycleState.STOPPED) {
+ server.stop();
+ }
+ server.destroy();
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ public String getIdpHttpsPort() {
+ return idpHttpsPort;
+ }
+
+ public String getRpHttpsPort() {
+ return rpHttpsPort;
+ }
+
+ public String getServletContextName() {
+ return "fedizhelloworld";
+ }
+
+}
diff --git a/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/TokenExpiryTest.java b/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/TokenExpiryTest.java
new file mode 100644
index 0000000..cd01cdd
--- /dev/null
+++ b/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/TokenExpiryTest.java
@@ -0,0 +1,142 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.integrationtests;
+
+import java.io.File;
+
+import org.apache.catalina.LifecycleState;
+import org.apache.catalina.connector.Connector;
+import org.apache.catalina.startup.Tomcat;
+import org.eclipse.jetty.server.Server;
+import org.eclipse.jetty.util.resource.Resource;
+import org.eclipse.jetty.xml.XmlConfiguration;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+
+/**
+ * Some token expiry tests
+ */
+public class TokenExpiryTest extends AbstractExpiryTests {
+
+ static String idpHttpsPort;
+ static String rpHttpsPort;
+
+ private static Tomcat idpServer;
+ private static Server rpServer;
+
+ @BeforeClass
+ public static void init() {
+ idpHttpsPort = System.getProperty("idp.https.port");
+ Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
+ rpHttpsPort = System.getProperty("rp.https.port");
+ Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
+
+ initIdp();
+
+ try {
+ Resource testServerConfig = Resource.newSystemResource("rp-expiry-server.xml");
+ XmlConfiguration configuration = new XmlConfiguration(testServerConfig.getInputStream());
+ rpServer = (Server)configuration.configure();
+ rpServer.start();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ @AfterClass
+ public static void cleanup() {
+ try {
+ if (idpServer != null && idpServer.getServer() != null
+ && idpServer.getServer().getState() != LifecycleState.DESTROYED) {
+ if (idpServer.getServer().getState() != LifecycleState.STOPPED) {
+ idpServer.stop();
+ }
+ idpServer.destroy();
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+
+ if (rpServer != null && rpServer.isStarted()) {
+ try {
+ rpServer.stop();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+ }
+
+ private static void initIdp() {
+ try {
+ idpServer = new Tomcat();
+ idpServer.setPort(0);
+ String currentDir = new File(".").getCanonicalPath();
+ String baseDir = currentDir + File.separator + "target";
+ idpServer.setBaseDir(baseDir);
+
+ idpServer.getHost().setAppBase("tomcat/idp/webapps");
+ idpServer.getHost().setAutoDeploy(true);
+ idpServer.getHost().setDeployOnStartup(true);
+
+ Connector httpsConnector = new Connector();
+ httpsConnector.setPort(Integer.parseInt(idpHttpsPort));
+ httpsConnector.setSecure(true);
+ httpsConnector.setScheme("https");
+ httpsConnector.setAttribute("keyAlias", "mytomidpkey");
+ httpsConnector.setAttribute("keystorePass", "tompass");
+ httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
+ httpsConnector.setAttribute("truststorePass", "tompass");
+ httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
+ httpsConnector.setAttribute("clientAuth", "want");
+ // httpsConnector.setAttribute("clientAuth", "false");
+ httpsConnector.setAttribute("sslProtocol", "TLS");
+ httpsConnector.setAttribute("SSLEnabled", true);
+
+ idpServer.getService().addConnector(httpsConnector);
+
+ File stsWebapp = new File(baseDir + File.separator + idpServer.getHost().getAppBase(), "fediz-idp-sts");
+ idpServer.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
+
+ File idpWebapp = new File(baseDir + File.separator + idpServer.getHost().getAppBase(), "fediz-idp");
+ idpServer.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
+
+ idpServer.start();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ @Override
+ public String getIdpHttpsPort() {
+ return idpHttpsPort;
+ }
+
+ @Override
+ public String getRpHttpsPort() {
+ return rpHttpsPort;
+ }
+
+ @Override
+ public String getServletContextName() {
+ return "fedizhelloworld_wfresh";
+ }
+
+}
diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractExpiryTests.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractExpiryTests.java
new file mode 100644
index 0000000..e2cf4b6
--- /dev/null
+++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractExpiryTests.java
@@ -0,0 +1,144 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.integrationtests;
+
+import com.gargoylesoftware.htmlunit.CookieManager;
+import com.gargoylesoftware.htmlunit.WebClient;
+import com.gargoylesoftware.htmlunit.html.HtmlForm;
+import com.gargoylesoftware.htmlunit.html.HtmlPage;
+import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
+
+import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.wss4j.dom.engine.WSSConfig;
+import org.junit.Assert;
+import org.junit.Test;
+
+/**
+ * Some tests for token expiry
+ */
+public abstract class AbstractExpiryTests {
+
+ static {
+ WSSConfig.init();
+ }
+
+ public AbstractExpiryTests() {
+ super();
+ }
+
+ public abstract String getServletContextName();
+
+ public abstract String getIdpHttpsPort();
+
+ public abstract String getRpHttpsPort();
+
+ // A test to make sure that when a token expires (+ the plugin is configured to enforce token expiration), that the
+ // redirect back to the IdP works properly.
+ @Test
+ public void testPluginTokenExpiry() throws Exception {
+ String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ + "/secure/fedservlet";
+ String user = "alice";
+ String password = "ecila";
+
+ // 1. Login
+ final WebClient webClient = new WebClient();
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getCredentialsProvider().setCredentials(
+ new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
+ new UsernamePasswordCredentials(user, password));
+
+ webClient.getOptions().setJavaScriptEnabled(false);
+ HtmlPage idpPage = webClient.getPage(url);
+ webClient.getOptions().setJavaScriptEnabled(true);
+ Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
+
+ HtmlForm form = idpPage.getFormByName("signinresponseform");
+ HtmlSubmitInput button = form.getInputByName("_eventId_submit");
+
+ HtmlPage rpPage = button.click();
+ Assert.assertTrue("WS Federation Systests Examples".equals(rpPage.getTitleText())
+ || "WS Federation Systests Spring Examples".equals(rpPage.getTitleText()));
+
+ String bodyTextContent = rpPage.getBody().getTextContent();
+ verifyApplication(user, bodyTextContent);
+
+ // 2. Sleep to expire the token
+ System.out.println("Sleeping...");
+ Thread.sleep(8L * 1000L);
+
+ // 3. Now invoke again on the endpoint
+ webClient.getOptions().setJavaScriptEnabled(false);
+ idpPage = webClient.getPage(url);
+ webClient.getOptions().setJavaScriptEnabled(true);
+ Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
+
+ form = idpPage.getFormByName("signinresponseform");
+ button = form.getInputByName("_eventId_submit");
+
+ rpPage = button.click();
+ Assert.assertTrue("WS Federation Systests Examples".equals(rpPage.getTitleText())
+ || "WS Federation Systests Spring Examples".equals(rpPage.getTitleText()));
+
+ bodyTextContent = rpPage.getBody().getTextContent();
+ verifyApplication(user, bodyTextContent);
+
+ webClient.close();
+ }
+
+ // Test what happens when the IdP token expires. This is "mocked" by setting wfresh to "0" in the
+ // plugin configuration.
+ @org.junit.Test
+ public void testIdPTokenExpiry() throws Exception {
+ // 1. Login
+ String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ + "/secure/fedservlet";
+ String user = "alice";
+ String password = "ecila";
+
+ CookieManager cookieManager = new CookieManager();
+
+ // 1. Login
+ HTTPTestUtils.loginWithCookieManager(url, user, password, getIdpHttpsPort(), cookieManager);
+
+ // 2. Sign out of the service (but not the Idp)
+ final WebClient webClient = new WebClient();
+ webClient.setCookieManager(cookieManager);
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getPage(url + "?wa=wsignoutcleanup1.0");
+ webClient.close();
+
+ // 3. Sign back in to the service provider. This time it will get a new IdP token due to wfresh=0.
+ HTTPTestUtils.loginWithCookieManager(url, user, password, getIdpHttpsPort(), cookieManager);
+ }
+
+ private void verifyApplication(String user, String bodyTextContent) {
+ Assert.assertTrue("Principal not " + user,
+ bodyTextContent.contains("userPrincipal=" + user));
+ Assert.assertTrue("User " + user + " does not have role Admin",
+ bodyTextContent.contains("role:Admin=false"));
+ Assert.assertTrue("User " + user + " does not have role Manager",
+ bodyTextContent.contains("role:Manager=false"));
+ Assert.assertTrue("User " + user + " must have role User",
+ bodyTextContent.contains("role:User=true"));
+ }
+
+}
--
To stop receiving notification emails like this one, please contact
"commits@cxf.apache.org" <co...@cxf.apache.org>.