You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2018/08/27 13:19:39 UTC
[cxf-fediz] 01/02: FEDIZ-224 - Adding SAML SSO Spring system tests
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 1.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git
commit b4cb584ca079567c4501ddd3c1b32c87abebc890
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Mon Aug 27 12:57:55 2018 +0100
FEDIZ-224 - Adding SAML SSO Spring system tests
---
systests/samlsso/pom.xml | 28 ++++
.../cxf/fediz/systests/samlsso/SpringTest.java | 183 +++++++++++++++++++++
.../samlsso/src/test/resources/fediz_config.xml | 36 ++++
.../src/test/resources/realma/entities-realma.xml | 34 ++++
4 files changed, 281 insertions(+)
diff --git a/systests/samlsso/pom.xml b/systests/samlsso/pom.xml
index 6d27e34..d067b1b 100644
--- a/systests/samlsso/pom.xml
+++ b/systests/samlsso/pom.xml
@@ -92,6 +92,24 @@
</dependencies>
<build>
+ <testResources>
+ <testResource>
+ <directory>src/test/resources</directory>
+ <filtering>true</filtering>
+ <includes>
+ <include>**/*.xml</include>
+ </includes>
+ </testResource>
+ <testResource>
+ <directory>src/test/resources</directory>
+ <filtering>false</filtering>
+ <includes>
+ <include>**/*.jks</include>
+ <include>**/*.cert</include>
+ <include>**/*.properties</include>
+ </includes>
+ </testResource>
+ </testResources>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
@@ -107,6 +125,7 @@
<portNames>
<portName>idp.https.port</portName>
<portName>rp.https.port</portName>
+ <portName>rp.spring.https.port</portName>
</portNames>
</configuration>
</execution>
@@ -158,6 +177,14 @@
<outputDirectory>target/test-classes</outputDirectory>
<includes>**/*.jks</includes>
</artifactItem>
+ <artifactItem>
+ <groupId>org.apache.cxf.fediz.systests.webapps</groupId>
+ <artifactId>fediz-systests-webapps-spring</artifactId>
+ <version>${project.version}</version>
+ <type>war</type>
+ <overWrite>true</overWrite>
+ <outputDirectory>target/tomcat/rp/webapps/fediz-systests-webapps-spring</outputDirectory>
+ </artifactItem>
</artifactItems>
<outputAbsoluteArtifactFilename>true</outputAbsoluteArtifactFilename>
<overWriteSnapshots>true</overWriteSnapshots>
@@ -208,6 +235,7 @@
<wt.headless>true</wt.headless>
<idp.https.port>${idp.https.port}</idp.https.port>
<rp.https.port>${rp.https.port}</rp.https.port>
+ <rp.spring.https.port>${rp.spring.https.port}</rp.spring.https.port>
<java.util.logging.config.file>${basedir}/target/test-classes/logging.properties</java.util.logging.config.file>
</systemPropertyVariables>
<includes>
diff --git a/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/SpringTest.java b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/SpringTest.java
new file mode 100644
index 0000000..4a6458c
--- /dev/null
+++ b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/SpringTest.java
@@ -0,0 +1,183 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.systests.samlsso;
+
+import java.io.File;
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+
+import org.apache.catalina.LifecycleException;
+import org.apache.catalina.LifecycleState;
+import org.apache.catalina.connector.Connector;
+import org.apache.catalina.startup.Tomcat;
+import org.apache.cxf.fediz.systests.common.AbstractTests;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Ignore;
+
+/**
+ * Some tests for SAML SSO with the Spring (4) plugin, invoking on the Fediz IdP configured for SAML SSO.
+ */
+public class SpringTest extends AbstractTests {
+
+ static String idpHttpsPort;
+ static String rpHttpsPort;
+
+ private static Tomcat idpServer;
+ private static Tomcat rpServer;
+
+ @BeforeClass
+ public static void init() throws Exception {
+ System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
+
+ System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true");
+
+ System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "debug");
+
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", "debug");
+
+ idpHttpsPort = System.getProperty("idp.https.port");
+ Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
+ rpHttpsPort = System.getProperty("rp.spring.https.port");
+ Assert.assertNotNull("Property 'rp.spring.https.port' null", rpHttpsPort);
+
+ idpServer = startServer(true, idpHttpsPort);
+ rpServer = startServer(false, rpHttpsPort);
+ }
+
+ @AfterClass
+ public static void cleanup() {
+ shutdownServer(idpServer);
+ shutdownServer(rpServer);
+ }
+
+ private static void shutdownServer(Tomcat server) {
+ try {
+ if (server != null && server.getServer() != null
+ && server.getServer().getState() != LifecycleState.DESTROYED) {
+ if (server.getServer().getState() != LifecycleState.STOPPED) {
+ server.stop();
+ }
+ server.destroy();
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ private static Tomcat startServer(boolean idp, String port)
+ throws ServletException, LifecycleException, IOException {
+ Tomcat server = new Tomcat();
+ server.setPort(0);
+ String currentDir = new File(".").getCanonicalPath();
+ String baseDir = currentDir + File.separator + "target";
+ server.setBaseDir(baseDir);
+
+ if (idp) {
+ server.getHost().setAppBase("tomcat/idp/webapps");
+ } else {
+ server.getHost().setAppBase("tomcat/rp/webapps");
+ }
+ server.getHost().setAutoDeploy(true);
+ server.getHost().setDeployOnStartup(true);
+
+ Connector httpsConnector = new Connector();
+ httpsConnector.setPort(Integer.parseInt(port));
+ httpsConnector.setSecure(true);
+ httpsConnector.setScheme("https");
+ httpsConnector.setAttribute("keyAlias", "mytomidpkey");
+ httpsConnector.setAttribute("keystorePass", "tompass");
+ httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
+ httpsConnector.setAttribute("truststorePass", "tompass");
+ httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
+ httpsConnector.setAttribute("clientAuth", "want");
+ // httpsConnector.setAttribute("clientAuth", "false");
+ httpsConnector.setAttribute("sslProtocol", "TLS");
+ httpsConnector.setAttribute("SSLEnabled", true);
+
+ server.getService().addConnector(httpsConnector);
+
+ if (idp) {
+ File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
+ server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
+
+ File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
+ server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
+ } else {
+ File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(),
+ "fediz-systests-webapps-spring");
+ server.addWebapp("/fedizhelloworldspring", rpWebapp.getAbsolutePath());
+ }
+
+ server.start();
+
+ return server;
+ }
+
+ @Override
+ public String getIdpHttpsPort() {
+ return idpHttpsPort;
+ }
+
+ @Override
+ public String getRpHttpsPort() {
+ return rpHttpsPort;
+ }
+
+ @Override
+ public String getServletContextName() {
+ return "fedizhelloworldspring";
+ }
+
+ @Override
+ protected boolean isWSFederation() {
+ return false;
+ }
+
+ @Ignore("This tests is currently failing on Spring")
+ @Override
+ public void testConcurrentRequests() throws Exception {
+ // super.testConcurrentRequests();
+ }
+
+ @Ignore("This tests is currently failing on Spring")
+ public void testRPLogout() throws Exception {
+ //
+ }
+
+ @Override
+ @org.junit.Test
+ public void testCSRFAttack() throws Exception {
+ String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ + "/j_spring_fediz_security_check";
+ csrfAttackTest(url);
+ }
+
+ @Override
+ @org.junit.Test
+ public void testCSRFAttack2() throws Exception {
+ String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ + "/j_spring_fediz_security_check";
+ csrfAttackTest2(url);
+ }
+
+}
diff --git a/systests/samlsso/src/test/resources/fediz_config.xml b/systests/samlsso/src/test/resources/fediz_config.xml
index 232ee80..c0f7da2 100644
--- a/systests/samlsso/src/test/resources/fediz_config.xml
+++ b/systests/samlsso/src/test/resources/fediz_config.xml
@@ -57,5 +57,41 @@
<logoutURL>/secure/logout</logoutURL>
<logoutRedirectTo>/index.html</logoutRedirectTo>
</contextConfig>
+ <contextConfig name="/fedizhelloworldspring">
+ <audienceUris>
+ <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
+ </audienceUris>
+ <certificateStores>
+ <trustManager>
+ <keyStore file="test-classes/clienttrust.jks" password="storepass" type="JKS" />
+ </trustManager>
+ </certificateStores>
+ <trustedIssuers>
+ <issuer certificateValidation="PeerTrust" />
+ </trustedIssuers>
+ <maximumClockSkew>1000</maximumClockSkew>
+ <signingKey keyAlias="realma" keyPassword="realma">
+ <keyStore file="test-classes/stsrealm_a.jks" password="storepass" type="JKS" />
+ </signingKey>
+ <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:type="samlProtocolType" version="1.0.0">
+ <realm>urn:org:apache:cxf:fediz:fedizhelloworldspring</realm>
+ <signRequest>true</signRequest>
+ <issuer>https://localhost:${idp.https.port}/fediz-idp/saml</issuer>
+ <roleDelimiter>,</roleDelimiter>
+ <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+ <reply>/j_spring_fediz_security_check</reply>
+ <disableDeflateEncoding>true</disableDeflateEncoding>
+ <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-A</homeRealm>
+ <claimTypesRequested>
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" optional="false" />
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" optional="true" />
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" optional="true" />
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" optional="true" />
+ </claimTypesRequested>
+ </protocol>
+ <logoutURL>/secure/logout</logoutURL>
+ <logoutRedirectTo>/index.html</logoutRedirectTo>
+ </contextConfig>
</FedizConfig>
diff --git a/systests/samlsso/src/test/resources/realma/entities-realma.xml b/systests/samlsso/src/test/resources/realma/entities-realma.xml
index 8d9623b..9989758 100644
--- a/systests/samlsso/src/test/resources/realma/entities-realma.xml
+++ b/systests/samlsso/src/test/resources/realma/entities-realma.xml
@@ -118,6 +118,7 @@
<property name="applications">
<util:list>
<ref bean="srv-fedizhelloworld" />
+ <ref bean="srv-spring-fedizhelloworld" />
</util:list>
</property>
<!--
@@ -164,6 +165,18 @@
<property name="validatingCertificate" value="realma.cert" />
</bean>
+ <bean id="srv-spring-fedizhelloworld" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity">
+ <property name="realm" value="urn:org:apache:cxf:fediz:fedizhelloworldspring" />
+ <property name="protocol" value="urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser" />
+ <property name="serviceDisplayName" value="Fedizhelloworld" />
+ <property name="serviceDescription" value="Web Application to illustrate SAML SSO" />
+ <property name="role" value="ApplicationServiceType" />
+ <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
+ <property name="lifeTime" value="3600" />
+ <property name="passiveRequestorEndpointConstraint" value="https://localhost:?(\d)*/.*" />
+ <property name="validatingCertificate" value="realma.cert" />
+ </bean>
+
<bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
<property name="application" ref="srv-fedizhelloworld" />
<property name="claim" ref="claim_role" />
@@ -185,6 +198,27 @@
<property name="optional" value="false" />
</bean>
+ <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
+ <property name="application" ref="srv-spring-fedizhelloworld" />
+ <property name="claim" ref="claim_role" />
+ <property name="optional" value="false" />
+ </bean>
+ <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
+ <property name="application" ref="srv-spring-fedizhelloworld" />
+ <property name="claim" ref="claim_givenname" />
+ <property name="optional" value="false" />
+ </bean>
+ <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
+ <property name="application" ref="srv-spring-fedizhelloworld" />
+ <property name="claim" ref="claim_surname" />
+ <property name="optional" value="false" />
+ </bean>
+ <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
+ <property name="application" ref="srv-spring-fedizhelloworld" />
+ <property name="claim" ref="claim_email" />
+ <property name="optional" value="false" />
+ </bean>
+
<bean id="claim_role"
class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
<property name="claimType"