You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/01/26 12:04:31 UTC
cxf-fediz git commit: Fixing last commit
Repository: cxf-fediz
Updated Branches:
refs/heads/master 307bf80a1 -> 83746b8cc
Fixing last commit
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/83746b8c
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/83746b8c
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/83746b8c
Branch: refs/heads/master
Commit: 83746b8cc0542633052a8d08907bbedd8815b9a0
Parents: 307bf80
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Jan 26 12:04:23 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Jan 26 12:04:23 2017 +0000
----------------------------------------------------------------------
systests/custom/pom.xml | 283 +++++++++++++++++++
.../src/test/java/custom/CustomUTValidator.java | 76 +++++
.../systests/custom/CustomParametersTest.java | 208 ++++++++++++++
systests/custom/src/test/resources/file.xml | 66 +++++
.../src/test/resources/logging.properties | 54 ++++
.../resources/realma/security-up-config.xml | 98 +++++++
systests/idp/pom.xml | 57 ----
.../src/test/java/custom/CustomUTValidator.java | 76 -----
.../apache/cxf/fediz/systests/idp/IdpTest.java | 62 ----
systests/idp/src/test/resources/file.xml | 66 -----
.../resources/realma/security-up-config.xml | 98 -------
systests/pom.xml | 1 +
12 files changed, 786 insertions(+), 359 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/83746b8c/systests/custom/pom.xml
----------------------------------------------------------------------
diff --git a/systests/custom/pom.xml b/systests/custom/pom.xml
new file mode 100644
index 0000000..e80d836
--- /dev/null
+++ b/systests/custom/pom.xml
@@ -0,0 +1,283 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.cxf.fediz</groupId>
+ <artifactId>fediz-systests</artifactId>
+ <version>1.4.0-SNAPSHOT</version>
+ <relativePath>../pom.xml</relativePath>
+ </parent>
+ <groupId>org.apache.cxf.fediz.systests</groupId>
+ <artifactId>fediz-systests-custom</artifactId>
+ <name>Apache Fediz Custom Systests</name>
+ <packaging>jar</packaging>
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+ </properties>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.tomcat.embed</groupId>
+ <artifactId>tomcat-embed-core</artifactId>
+ <version>${tomcat7.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.tomcat.embed</groupId>
+ <artifactId>tomcat-embed-logging-juli</artifactId>
+ <version>${tomcat7.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jdt.core.compiler</groupId>
+ <artifactId>ecj</artifactId>
+ <version>${ecj.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.tomcat.embed</groupId>
+ <artifactId>tomcat-embed-jasper</artifactId>
+ <version>${tomcat7.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>${junit.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf.fediz</groupId>
+ <artifactId>fediz-tomcat7</artifactId>
+ <version>${project.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-bindings-soap</artifactId>
+ <version>${cxf.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf.fediz.systests</groupId>
+ <artifactId>fediz-systests-tests</artifactId>
+ <version>${project.version}</version>
+ <type>test-jar</type>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf.fediz.systests</groupId>
+ <artifactId>fediz-systests-tests</artifactId>
+ <version>${project.version}</version>
+ <classifier>tests</classifier>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-jdk14</artifactId>
+ <version>${slf4j.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.hsqldb</groupId>
+ <artifactId>hsqldb</artifactId>
+ <version>${hsqldb.version}</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>build-helper-maven-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>reserve-network-port</id>
+ <goals>
+ <goal>reserve-network-port</goal>
+ </goals>
+ <phase>initialize</phase>
+ <configuration>
+ <portNames>
+ <portName>idp.https.port</portName>
+ <portName>rp.https.port</portName>
+ </portNames>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-dependency-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>copy-idp-sts</id>
+ <phase>generate-resources</phase>
+ <goals>
+ <goal>unpack</goal>
+ </goals>
+ <configuration>
+ <artifactItems>
+ <artifactItem>
+ <groupId>org.apache.cxf.fediz</groupId>
+ <artifactId>fediz-idp</artifactId>
+ <version>${project.version}</version>
+ <type>war</type>
+ <overWrite>true</overWrite>
+ <outputDirectory>target/tomcat/idp/webapps/fediz-idp</outputDirectory>
+ </artifactItem>
+ <artifactItem>
+ <groupId>org.apache.cxf.fediz</groupId>
+ <artifactId>fediz-idp-sts</artifactId>
+ <version>${project.version}</version>
+ <type>war</type>
+ <overWrite>true</overWrite>
+ <outputDirectory>target/tomcat/idp/webapps/fediz-idp-sts</outputDirectory>
+ </artifactItem>
+ <artifactItem>
+ <groupId>org.apache.cxf.fediz.systests</groupId>
+ <artifactId>fediz-systests-tests</artifactId>
+ <version>${project.version}</version>
+ <classifier>tests</classifier>
+ <type>jar</type>
+ <overWrite>true</overWrite>
+ <outputDirectory>target/test-classes</outputDirectory>
+ <includes>**/*.jks</includes>
+ </artifactItem>
+ </artifactItems>
+ <outputAbsoluteArtifactFilename>true</outputAbsoluteArtifactFilename>
+ <overWriteSnapshots>true</overWriteSnapshots>
+ <overWriteIfNewer>true</overWriteIfNewer>
+ <stripVersion>true</stripVersion>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <artifactId>maven-resources-plugin</artifactId>
+ <version>2.7</version>
+ <executions>
+ <execution>
+ <id>copy-customised-spring-sec-to-idp</id>
+ <phase>generate-test-sources</phase>
+ <goals>
+ <goal>copy-resources</goal>
+ </goals>
+ <configuration>
+ <outputDirectory>${basedir}/target/tomcat/idp/webapps/fediz-idp/WEB-INF/config</outputDirectory>
+ <resources>
+ <resource>
+ <directory>${basedir}/src/test/resources/realma</directory>
+ <includes>
+ <include>security-up-config.xml</include>
+ </includes>
+ <filtering>false</filtering>
+ </resource>
+ </resources>
+ </configuration>
+ </execution>
+ <execution>
+ <id>copy-customised-sts-config</id>
+ <phase>generate-test-sources</phase>
+ <goals>
+ <goal>copy-resources</goal>
+ </goals>
+ <configuration>
+ <outputDirectory>${basedir}/target/tomcat/idp/webapps/fediz-idp-sts/WEB-INF/endpoints</outputDirectory>
+ <resources>
+ <resource>
+ <directory>${basedir}/src/test/resources</directory>
+ <includes>
+ <include>file.xml</include>
+ </includes>
+ <filtering>false</filtering>
+ </resource>
+ </resources>
+ </configuration>
+ </execution>
+ <execution>
+ <id>copy-custom-validator</id>
+ <phase>process-test-classes</phase>
+ <goals>
+ <goal>copy-resources</goal>
+ </goals>
+ <configuration>
+ <outputDirectory>${basedir}/target/tomcat/idp/webapps/fediz-idp-sts/WEB-INF/classes/custom</outputDirectory>
+ <resources>
+ <resource>
+ <directory>${basedir}/target/test-classes/custom</directory>
+ <includes>
+ <include>CustomUTValidator.class</include>
+ </includes>
+ <filtering>false</filtering>
+ </resource>
+ </resources>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <artifactId>maven-failsafe-plugin</artifactId>
+ <inherited>true</inherited>
+ <executions>
+ <execution>
+ <id>integration-test</id>
+ <phase>integration-test</phase>
+ <goals>
+ <goal>integration-test</goal>
+ </goals>
+ <configuration>
+ <skip>${skipTests}</skip>
+ <systemPropertyVariables>
+ <wt.headless>true</wt.headless>
+ <idp.https.port>${idp.https.port}</idp.https.port>
+ <rp.https.port>${rp.https.port}</rp.https.port>
+ <java.util.logging.config.file>${basedir}/target/test-classes/logging.properties</java.util.logging.config.file>
+ </systemPropertyVariables>
+ <includes>
+ <include>**/idp/**</include>
+ </includes>
+ <argLine>-Xms512m -Xmx1024m -XX:MaxPermSize=256m </argLine>
+ <!--argLine>-Xms512m -Xmx1024m -XX:MaxPermSize=256m -Xdebug -Xrunjdwp:transport=dt_socket,address=8000,server=y,suspend=y</argLine-->
+ </configuration>
+ </execution>
+ <execution>
+ <id>verify</id>
+ <phase>verify</phase>
+ <goals>
+ <goal>verify</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <inherited>true</inherited>
+ <configuration>
+ <excludes>
+ <exclude>**/custom/**</exclude>
+ </excludes>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/83746b8c/systests/custom/src/test/java/custom/CustomUTValidator.java
----------------------------------------------------------------------
diff --git a/systests/custom/src/test/java/custom/CustomUTValidator.java b/systests/custom/src/test/java/custom/CustomUTValidator.java
new file mode 100644
index 0000000..a623411
--- /dev/null
+++ b/systests/custom/src/test/java/custom/CustomUTValidator.java
@@ -0,0 +1,76 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package custom;
+
+import javax.xml.soap.SOAPException;
+import javax.xml.soap.SOAPMessage;
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor;
+import org.apache.cxf.binding.soap.saaj.SAAJUtils;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.XMLUtils;
+import org.apache.wss4j.dom.handler.RequestData;
+import org.apache.wss4j.dom.validate.Credential;
+import org.apache.wss4j.dom.validate.UsernameTokenValidator;
+import org.apache.wss4j.dom.validate.Validator;
+
+/**
+ * A Validator that checks for a custom "realm" parameter in the RST request and only allows
+ * authentication if the value is equal to "custom-realm".
+ */
+public class CustomUTValidator implements Validator {
+
+ public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
+ if (credential == null || credential.getUsernametoken() == null) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential");
+ }
+
+ // Need to use SAAJ to get the SOAP Body as we are just using the UsernameTokenInterceptor
+ SOAPMessage soapMessage = getSOAPMessage((SoapMessage)data.getMsgContext());
+ try {
+ Element soapBody = SAAJUtils.getBody(soapMessage);
+
+ if (soapBody != null) {
+ // Find custom Element in the SOAP Body
+ Element realm = XMLUtils.findElement(soapBody, "realm", "http://cxf.apache.org/custom");
+ if (realm != null) {
+ String realmStr = realm.getTextContent();
+ if ("custom-realm".equals(realmStr)) {
+
+ UsernameTokenValidator validator = new UsernameTokenValidator();
+ return validator.validate(credential, data);
+ }
+ }
+ }
+ } catch (SOAPException ex) {
+ // ignore
+ }
+
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential");
+ }
+
+ private SOAPMessage getSOAPMessage(SoapMessage msg) {
+ SAAJInInterceptor.INSTANCE.handleMessage(msg);
+ return msg.getContent(SOAPMessage.class);
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/83746b8c/systests/custom/src/test/java/org/apache/cxf/fediz/systests/custom/CustomParametersTest.java
----------------------------------------------------------------------
diff --git a/systests/custom/src/test/java/org/apache/cxf/fediz/systests/custom/CustomParametersTest.java b/systests/custom/src/test/java/org/apache/cxf/fediz/systests/custom/CustomParametersTest.java
new file mode 100644
index 0000000..9a33dc7
--- /dev/null
+++ b/systests/custom/src/test/java/org/apache/cxf/fediz/systests/custom/CustomParametersTest.java
@@ -0,0 +1,208 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.systests.custom;
+
+import java.io.File;
+import java.io.IOException;
+import java.net.URLEncoder;
+
+import javax.servlet.ServletException;
+
+import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
+import com.gargoylesoftware.htmlunit.WebClient;
+import com.gargoylesoftware.htmlunit.html.DomElement;
+import com.gargoylesoftware.htmlunit.html.DomNodeList;
+import com.gargoylesoftware.htmlunit.html.HtmlPage;
+
+import org.apache.catalina.LifecycleException;
+import org.apache.catalina.LifecycleState;
+import org.apache.catalina.connector.Connector;
+import org.apache.catalina.startup.Tomcat;
+import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.wss4j.dom.engine.WSSConfig;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+
+/**
+ * Some tests invoking directly on the IdP and sending custom parameters
+ */
+public class CustomParametersTest {
+
+ static String idpHttpsPort;
+ static String rpHttpsPort;
+
+ private static Tomcat idpServer;
+
+ @BeforeClass
+ public static void init() throws Exception {
+ System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
+ System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true");
+ System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "info");
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", "info");
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
+
+ idpHttpsPort = System.getProperty("idp.https.port");
+ Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
+ rpHttpsPort = System.getProperty("rp.https.port");
+ Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
+
+ idpServer = startServer(true, idpHttpsPort);
+
+ WSSConfig.init();
+ }
+
+ private static Tomcat startServer(boolean idp, String port)
+ throws ServletException, LifecycleException, IOException {
+ Tomcat server = new Tomcat();
+ server.setPort(0);
+ String currentDir = new File(".").getCanonicalPath();
+ String baseDir = currentDir + File.separator + "target";
+ server.setBaseDir(baseDir);
+
+ server.getHost().setAppBase("tomcat/idp/webapps");
+ server.getHost().setAutoDeploy(true);
+ server.getHost().setDeployOnStartup(true);
+
+ Connector httpsConnector = new Connector();
+ httpsConnector.setPort(Integer.parseInt(port));
+ httpsConnector.setSecure(true);
+ httpsConnector.setScheme("https");
+ //httpsConnector.setAttribute("keyAlias", keyAlias);
+ httpsConnector.setAttribute("keystorePass", "tompass");
+ httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
+ httpsConnector.setAttribute("truststorePass", "tompass");
+ httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
+ httpsConnector.setAttribute("clientAuth", "want");
+ // httpsConnector.setAttribute("clientAuth", "false");
+ httpsConnector.setAttribute("sslProtocol", "TLS");
+ httpsConnector.setAttribute("SSLEnabled", true);
+
+ server.getService().addConnector(httpsConnector);
+
+ File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
+ server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
+
+ File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
+ server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
+
+ server.start();
+
+ return server;
+ }
+
+ @AfterClass
+ public static void cleanup() {
+ shutdownServer(idpServer);
+ }
+
+ private static void shutdownServer(Tomcat server) {
+ try {
+ if (server != null && server.getServer() != null
+ && server.getServer().getState() != LifecycleState.DESTROYED) {
+ if (server.getServer().getState() != LifecycleState.STOPPED) {
+ server.stop();
+ }
+ server.destroy();
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ public String getIdpHttpsPort() {
+ return idpHttpsPort;
+ }
+
+ public String getRpHttpsPort() {
+ return rpHttpsPort;
+ }
+
+ public String getServletContextName() {
+ return "fedizhelloworld";
+ }
+
+ // Test a custom parameter that gets passed through to the STS
+ @org.junit.Test
+ public void testCustomParameter() throws Exception {
+ String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?";
+ url += "wa=wsignin1.0";
+ url += "&whr=urn:org:apache:cxf:fediz:idp:realm-A";
+ url += "&wtrealm=urn:org:apache:cxf:fediz:fedizhelloworld";
+ String wreply = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
+ url += "&wreply=" + wreply;
+
+ String user = "alice";
+ String password = "ecila";
+
+ // Successful test
+ WebClient webClient = new WebClient();
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getCredentialsProvider().setCredentials(
+ new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
+ new UsernamePasswordCredentials(user, password));
+
+ webClient.getOptions().setJavaScriptEnabled(false);
+
+ String authUrl = url + "&auth_realm="
+ + URLEncoder.encode("<realm xmlns=\"http://cxf.apache.org/custom\">custom-realm</realm>", "UTF-8");
+ HtmlPage idpPage = webClient.getPage(authUrl);
+ webClient.getOptions().setJavaScriptEnabled(true);
+ Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
+
+ // Parse the form to get the token (wresult)
+ DomNodeList<DomElement> results = idpPage.getElementsByTagName("input");
+
+ String wresult = null;
+ for (DomElement result : results) {
+ if ("wresult".equals(result.getAttributeNS(null, "name"))) {
+ wresult = result.getAttributeNS(null, "value");
+ break;
+ }
+ }
+
+ Assert.assertNotNull(wresult);
+
+ webClient.close();
+
+ // Unsuccessful test
+ webClient = new WebClient();
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getCredentialsProvider().setCredentials(
+ new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
+ new UsernamePasswordCredentials(user, password));
+
+ webClient.getOptions().setJavaScriptEnabled(false);
+ authUrl = url + "&auth_realm="
+ + URLEncoder.encode("<realm xmlns=\"http://cxf.apache.org/custom\">unknown-realm</realm>", "UTF-8");
+ try {
+ webClient.getPage(authUrl);
+ Assert.fail("Failure expected on a bad auth_realm value");
+ } catch (FailingHttpStatusCodeException ex) {
+ Assert.assertEquals(ex.getStatusCode(), 401);
+ }
+
+ webClient.close();
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/83746b8c/systests/custom/src/test/resources/file.xml
----------------------------------------------------------------------
diff --git a/systests/custom/src/test/resources/file.xml b/systests/custom/src/test/resources/file.xml
new file mode 100644
index 0000000..d532aee
--- /dev/null
+++ b/systests/custom/src/test/resources/file.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xmlns:jaxws="http://cxf.apache.org/jaxws"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
+ http://www.springframework.org/schema/util
+ http://www.springframework.org/schema/util/spring-util-4.3.xsd
+ http://cxf.apache.org/jaxws
+ http://cxf.apache.org/schemas/jaxws.xsd">
+
+ <import resource="../data/userClaims.xml" />
+ <import resource="../data/passwords.xml" />
+
+ <bean id="upCallBackHandlerRealmA"
+ class="org.apache.cxf.fediz.service.sts.UsernamePasswordCallbackHandler">
+ <property name="passwords" ref="REALMA" />
+ </bean>
+
+ <bean id="upCallBackHandlerRealmB"
+ class="org.apache.cxf.fediz.service.sts.UsernamePasswordCallbackHandler">
+ <property name="passwords" ref="REALMB" />
+ </bean>
+
+ <jaxws:endpoint id="transportSTSRealmAUT"
+ implementor="#transportSTSProviderBean" address="/REALMA/STSServiceTransportUT"
+ wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+ xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ serviceName="ns1:SecurityTokenService" endpointName="ns1:TransportUT_Port">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler" value-ref="upCallBackHandlerRealmA" />
+ <entry key="ws-security.ut.validator" value="custom.CustomUTValidator"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+
+ <jaxws:endpoint id="transportSTSRealmBUT"
+ implementor="#transportSTSProviderBean" address="/REALMB/STSServiceTransportUT"
+ wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+ xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ serviceName="ns1:SecurityTokenService" endpointName="ns1:TransportUT_Port">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler" value-ref="upCallBackHandlerRealmB" />
+ </jaxws:properties>
+ </jaxws:endpoint>
+
+</beans>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/83746b8c/systests/custom/src/test/resources/logging.properties
----------------------------------------------------------------------
diff --git a/systests/custom/src/test/resources/logging.properties b/systests/custom/src/test/resources/logging.properties
new file mode 100644
index 0000000..0d8d902
--- /dev/null
+++ b/systests/custom/src/test/resources/logging.properties
@@ -0,0 +1,54 @@
+############################################################
+# Default Logging Configuration File
+#
+# You can use a different file by specifying a filename
+# with the java.util.logging.config.file system property.
+# For example java -Djava.util.logging.config.file=myfile
+############################################################
+
+############################################################
+# Global properties
+############################################################
+
+# "handlers" specifies a comma separated list of log Handler
+# classes. These handlers will be installed during VM startup.
+# Note that these classes must be on the system classpath.
+# By default we only configure a ConsoleHandler, which will only
+# show messages at the WARNING and above levels.
+#handlers= java.util.logging.ConsoleHandler
+#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler
+
+# Default global logging level.
+# This specifies which kinds of events are logged across
+# all loggers. For any given facility this global level
+# can be overridden by a facility specific level
+# Note that the ConsoleHandler also has a separate level
+# setting to limit messages printed to the console.
+.level= INFO
+
+############################################################
+# Handler specific properties.
+# Describes specific configuration info for Handlers.
+############################################################
+
+# default file output is in user's home directory.
+java.util.logging.FileHandler.pattern = %h/java%u.log
+java.util.logging.FileHandler.limit = 50000
+java.util.logging.FileHandler.count = 1
+java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
+
+# Limit the message that are printed on the console to WARNING and above.
+java.util.logging.ConsoleHandler.level = WARNING
+java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
+
+
+############################################################
+# Facility specific properties.
+# Provides extra control for each logger.
+############################################################
+
+# For example, set the com.xyz.foo logger to only log SEVERE
+# messages:
+#com.xyz.foo.level = SEVERE
+org.apache.ws.security.level = FINEST
+org.apache.cxf.fediz.level = FINEST
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/83746b8c/systests/custom/src/test/resources/realma/security-up-config.xml
----------------------------------------------------------------------
diff --git a/systests/custom/src/test/resources/realma/security-up-config.xml b/systests/custom/src/test/resources/realma/security-up-config.xml
new file mode 100644
index 0000000..5227fd2
--- /dev/null
+++ b/systests/custom/src/test/resources/realma/security-up-config.xml
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:security="http://www.springframework.org/schema/security"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
+ http://www.springframework.org/schema/context
+ http://www.springframework.org/schema/context/spring-context-4.3.xsd
+ http://www.springframework.org/schema/security
+ http://www.springframework.org/schema/security/spring-security-3.2.xsd
+ http://www.springframework.org/schema/util
+ http://www.springframework.org/schema/util/spring-util-4.3.xsd
+ ">
+
+ <!-- DISABLE in production as it might log confidential information about the user -->
+ <!-- <security:debug /> -->
+
+ <bean id="requestContextFilter" class="org.springframework.web.filter.RequestContextFilter"/>
+
+ <!-- HTTP/BA entry point for WS-Federation -->
+ <security:http pattern="/federation/up/**" use-expressions="true">
+ <security:intercept-url requires-channel="https" pattern="/federation/up/login*" access="isAnonymous() or isAuthenticated()" />
+ <security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" />
+ <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
+ <security:custom-filter before="BASIC_AUTH_FILTER" ref="requestContextFilter"/>
+
+ <security:http-basic />
+ <!--security:form-login login-page='/federation/up/login'
+ login-processing-url="/federation/up/login.do"
+ authentication-failure-url="/federation/up/login?error"
+ default-target-url="/"
+ username-parameter="username"
+ password-parameter="password"
+ /-->
+ <security:logout logout-url="/federation/up/logout"
+ logout-success-url="/federation/up/login?out"
+ delete-cookies="FEDIZ_HOME_REALM,JSESSIONID"
+ invalidate-session="true"
+ />
+ </security:http>
+
+ <!-- HTTP/BA entry point for SAML SSO -->
+ <security:http pattern="/saml/up/**" use-expressions="true">
+ <security:intercept-url requires-channel="https" pattern="/saml/up/login*" access="isAnonymous() or isAuthenticated()" />
+ <security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" />
+ <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
+
+ <security:http-basic />
+ <!--security:form-login login-page='/federation/up/login'
+ login-processing-url="/federation/up/login.do"
+ authentication-failure-url="/federation/up/login?error"
+ default-target-url="/"
+ username-parameter="username"
+ password-parameter="password"
+ /-->
+ <security:logout logout-url="/saml/up/logout"
+ logout-success-url="/saml/up/login?out"
+ delete-cookies="FEDIZ_HOME_REALM,JSESSIONID"
+ invalidate-session="true"
+ />
+ </security:http>
+
+ <bean id="stsUPPortFilter" class="org.apache.cxf.fediz.service.idp.STSPortFilter">
+ <property name="authenticationProvider" ref="stsUPAuthProvider" />
+ </bean>
+
+ <!-- U/P Authentication Provider -->
+ <bean id="stsUPAuthProvider" class="org.apache.cxf.fediz.service.idp.STSUPAuthenticationProvider">
+ <property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts/${realm.STS_URI}/STSServiceTransportUT?wsdl" />
+ <property name="wsdlEndpoint" value="TransportUT_Port" />
+ <property name="wsdlService" value="SecurityTokenService" />
+ <property name="appliesTo" value="urn:fediz:idp" />
+ <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
+ <property name="customSTSParameter" value="auth_realm" />
+ </bean>
+
+</beans>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/83746b8c/systests/idp/pom.xml
----------------------------------------------------------------------
diff --git a/systests/idp/pom.xml b/systests/idp/pom.xml
index 15e8e58..64ea5e5 100644
--- a/systests/idp/pom.xml
+++ b/systests/idp/pom.xml
@@ -194,63 +194,6 @@
</resources>
</configuration>
</execution>
- <execution>
- <id>copy-customised-spring-sec-to-idp</id>
- <phase>generate-test-sources</phase>
- <goals>
- <goal>copy-resources</goal>
- </goals>
- <configuration>
- <outputDirectory>${basedir}/target/tomcat/idp/webapps/fediz-idp/WEB-INF/config</outputDirectory>
- <resources>
- <resource>
- <directory>${basedir}/src/test/resources/realma</directory>
- <includes>
- <include>security-up-config.xml</include>
- </includes>
- <filtering>false</filtering>
- </resource>
- </resources>
- </configuration>
- </execution>
- <execution>
- <id>copy-customised-sts-configp</id>
- <phase>generate-test-sources</phase>
- <goals>
- <goal>copy-resources</goal>
- </goals>
- <configuration>
- <outputDirectory>${basedir}/target/tomcat/idp/webapps/fediz-idp-sts/WEB-INF/endpoints</outputDirectory>
- <resources>
- <resource>
- <directory>${basedir}/src/test/resources</directory>
- <includes>
- <include>file.xml</include>
- </includes>
- <filtering>false</filtering>
- </resource>
- </resources>
- </configuration>
- </execution>
- <execution>
- <id>copy-custom-validator</id>
- <phase>process-test-classes</phase>
- <goals>
- <goal>copy-resources</goal>
- </goals>
- <configuration>
- <outputDirectory>${basedir}/target/tomcat/idp/webapps/fediz-idp-sts/WEB-INF/classes/custom</outputDirectory>
- <resources>
- <resource>
- <directory>${basedir}/target/test-classes/custom</directory>
- <includes>
- <include>CustomUTValidator.class</include>
- </includes>
- <filtering>false</filtering>
- </resource>
- </resources>
- </configuration>
- </execution>
</executions>
</plugin>
<plugin>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/83746b8c/systests/idp/src/test/java/custom/CustomUTValidator.java
----------------------------------------------------------------------
diff --git a/systests/idp/src/test/java/custom/CustomUTValidator.java b/systests/idp/src/test/java/custom/CustomUTValidator.java
deleted file mode 100644
index a623411..0000000
--- a/systests/idp/src/test/java/custom/CustomUTValidator.java
+++ /dev/null
@@ -1,76 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package custom;
-
-import javax.xml.soap.SOAPException;
-import javax.xml.soap.SOAPMessage;
-
-import org.w3c.dom.Element;
-
-import org.apache.cxf.binding.soap.SoapMessage;
-import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor;
-import org.apache.cxf.binding.soap.saaj.SAAJUtils;
-import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.util.XMLUtils;
-import org.apache.wss4j.dom.handler.RequestData;
-import org.apache.wss4j.dom.validate.Credential;
-import org.apache.wss4j.dom.validate.UsernameTokenValidator;
-import org.apache.wss4j.dom.validate.Validator;
-
-/**
- * A Validator that checks for a custom "realm" parameter in the RST request and only allows
- * authentication if the value is equal to "custom-realm".
- */
-public class CustomUTValidator implements Validator {
-
- public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
- if (credential == null || credential.getUsernametoken() == null) {
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential");
- }
-
- // Need to use SAAJ to get the SOAP Body as we are just using the UsernameTokenInterceptor
- SOAPMessage soapMessage = getSOAPMessage((SoapMessage)data.getMsgContext());
- try {
- Element soapBody = SAAJUtils.getBody(soapMessage);
-
- if (soapBody != null) {
- // Find custom Element in the SOAP Body
- Element realm = XMLUtils.findElement(soapBody, "realm", "http://cxf.apache.org/custom");
- if (realm != null) {
- String realmStr = realm.getTextContent();
- if ("custom-realm".equals(realmStr)) {
-
- UsernameTokenValidator validator = new UsernameTokenValidator();
- return validator.validate(credential, data);
- }
- }
- }
- } catch (SOAPException ex) {
- // ignore
- }
-
- throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential");
- }
-
- private SOAPMessage getSOAPMessage(SoapMessage msg) {
- SAAJInInterceptor.INSTANCE.handleMessage(msg);
- return msg.getContent(SOAPMessage.class);
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/83746b8c/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
----------------------------------------------------------------------
diff --git a/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java b/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
index 3b05f09..5330c4f 100644
--- a/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
+++ b/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
@@ -915,66 +915,4 @@ public class IdpTest {
webClient.close();
}
- // Test a custom parameter that gets passed through to the STS
- @org.junit.Test
- public void testCustomParameter() throws Exception {
- String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?";
- url += "wa=wsignin1.0";
- url += "&whr=urn:org:apache:cxf:fediz:idp:realm-A";
- url += "&wtrealm=urn:org:apache:cxf:fediz:fedizhelloworld";
- String wreply = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
- url += "&wreply=" + wreply;
-
- String user = "alice";
- String password = "ecila";
-
- // Successful test
- WebClient webClient = new WebClient();
- webClient.getOptions().setUseInsecureSSL(true);
- webClient.getCredentialsProvider().setCredentials(
- new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
- new UsernamePasswordCredentials(user, password));
-
- webClient.getOptions().setJavaScriptEnabled(false);
-
- String authUrl = url + "&auth_realm="
- + URLEncoder.encode("<realm xmlns=\"http://cxf.apache.org/custom\">custom-realm</realm>", "UTF-8");
- HtmlPage idpPage = webClient.getPage(authUrl);
- webClient.getOptions().setJavaScriptEnabled(true);
- Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
- // Parse the form to get the token (wresult)
- DomNodeList<DomElement> results = idpPage.getElementsByTagName("input");
-
- String wresult = null;
- for (DomElement result : results) {
- if ("wresult".equals(result.getAttributeNS(null, "name"))) {
- wresult = result.getAttributeNS(null, "value");
- break;
- }
- }
-
- Assert.assertNotNull(wresult);
-
- webClient.close();
-
- // Unsuccessful test
- webClient = new WebClient();
- webClient.getOptions().setUseInsecureSSL(true);
- webClient.getCredentialsProvider().setCredentials(
- new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
- new UsernamePasswordCredentials(user, password));
-
- webClient.getOptions().setJavaScriptEnabled(false);
- authUrl = url + "&auth_realm="
- + URLEncoder.encode("<realm xmlns=\"http://cxf.apache.org/custom\">unknown-realm</realm>", "UTF-8");
- try {
- webClient.getPage(authUrl);
- Assert.fail("Failure expected on a bad auth_realm value");
- } catch (FailingHttpStatusCodeException ex) {
- Assert.assertEquals(ex.getStatusCode(), 401);
- }
-
- webClient.close();
- }
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/83746b8c/systests/idp/src/test/resources/file.xml
----------------------------------------------------------------------
diff --git a/systests/idp/src/test/resources/file.xml b/systests/idp/src/test/resources/file.xml
deleted file mode 100644
index d532aee..0000000
--- a/systests/idp/src/test/resources/file.xml
+++ /dev/null
@@ -1,66 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:jaxws="http://cxf.apache.org/jaxws"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
- http://www.springframework.org/schema/util
- http://www.springframework.org/schema/util/spring-util-4.3.xsd
- http://cxf.apache.org/jaxws
- http://cxf.apache.org/schemas/jaxws.xsd">
-
- <import resource="../data/userClaims.xml" />
- <import resource="../data/passwords.xml" />
-
- <bean id="upCallBackHandlerRealmA"
- class="org.apache.cxf.fediz.service.sts.UsernamePasswordCallbackHandler">
- <property name="passwords" ref="REALMA" />
- </bean>
-
- <bean id="upCallBackHandlerRealmB"
- class="org.apache.cxf.fediz.service.sts.UsernamePasswordCallbackHandler">
- <property name="passwords" ref="REALMB" />
- </bean>
-
- <jaxws:endpoint id="transportSTSRealmAUT"
- implementor="#transportSTSProviderBean" address="/REALMA/STSServiceTransportUT"
- wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
- xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
- serviceName="ns1:SecurityTokenService" endpointName="ns1:TransportUT_Port">
- <jaxws:properties>
- <entry key="ws-security.callback-handler" value-ref="upCallBackHandlerRealmA" />
- <entry key="ws-security.ut.validator" value="custom.CustomUTValidator"/>
- </jaxws:properties>
- </jaxws:endpoint>
-
- <jaxws:endpoint id="transportSTSRealmBUT"
- implementor="#transportSTSProviderBean" address="/REALMB/STSServiceTransportUT"
- wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
- xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
- serviceName="ns1:SecurityTokenService" endpointName="ns1:TransportUT_Port">
- <jaxws:properties>
- <entry key="ws-security.callback-handler" value-ref="upCallBackHandlerRealmB" />
- </jaxws:properties>
- </jaxws:endpoint>
-
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/83746b8c/systests/idp/src/test/resources/realma/security-up-config.xml
----------------------------------------------------------------------
diff --git a/systests/idp/src/test/resources/realma/security-up-config.xml b/systests/idp/src/test/resources/realma/security-up-config.xml
deleted file mode 100644
index 5227fd2..0000000
--- a/systests/idp/src/test/resources/realma/security-up-config.xml
+++ /dev/null
@@ -1,98 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:security="http://www.springframework.org/schema/security"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xsi:schemaLocation="
- http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
- http://www.springframework.org/schema/context
- http://www.springframework.org/schema/context/spring-context-4.3.xsd
- http://www.springframework.org/schema/security
- http://www.springframework.org/schema/security/spring-security-3.2.xsd
- http://www.springframework.org/schema/util
- http://www.springframework.org/schema/util/spring-util-4.3.xsd
- ">
-
- <!-- DISABLE in production as it might log confidential information about the user -->
- <!-- <security:debug /> -->
-
- <bean id="requestContextFilter" class="org.springframework.web.filter.RequestContextFilter"/>
-
- <!-- HTTP/BA entry point for WS-Federation -->
- <security:http pattern="/federation/up/**" use-expressions="true">
- <security:intercept-url requires-channel="https" pattern="/federation/up/login*" access="isAnonymous() or isAuthenticated()" />
- <security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" />
- <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
- <security:custom-filter before="BASIC_AUTH_FILTER" ref="requestContextFilter"/>
-
- <security:http-basic />
- <!--security:form-login login-page='/federation/up/login'
- login-processing-url="/federation/up/login.do"
- authentication-failure-url="/federation/up/login?error"
- default-target-url="/"
- username-parameter="username"
- password-parameter="password"
- /-->
- <security:logout logout-url="/federation/up/logout"
- logout-success-url="/federation/up/login?out"
- delete-cookies="FEDIZ_HOME_REALM,JSESSIONID"
- invalidate-session="true"
- />
- </security:http>
-
- <!-- HTTP/BA entry point for SAML SSO -->
- <security:http pattern="/saml/up/**" use-expressions="true">
- <security:intercept-url requires-channel="https" pattern="/saml/up/login*" access="isAnonymous() or isAuthenticated()" />
- <security:custom-filter after="CHANNEL_FILTER" ref="stsUPPortFilter" />
- <security:custom-filter after="SERVLET_API_SUPPORT_FILTER" ref="entitlementsEnricher" />
-
- <security:http-basic />
- <!--security:form-login login-page='/federation/up/login'
- login-processing-url="/federation/up/login.do"
- authentication-failure-url="/federation/up/login?error"
- default-target-url="/"
- username-parameter="username"
- password-parameter="password"
- /-->
- <security:logout logout-url="/saml/up/logout"
- logout-success-url="/saml/up/login?out"
- delete-cookies="FEDIZ_HOME_REALM,JSESSIONID"
- invalidate-session="true"
- />
- </security:http>
-
- <bean id="stsUPPortFilter" class="org.apache.cxf.fediz.service.idp.STSPortFilter">
- <property name="authenticationProvider" ref="stsUPAuthProvider" />
- </bean>
-
- <!-- U/P Authentication Provider -->
- <bean id="stsUPAuthProvider" class="org.apache.cxf.fediz.service.idp.STSUPAuthenticationProvider">
- <property name="wsdlLocation" value="https://localhost:0/fediz-idp-sts/${realm.STS_URI}/STSServiceTransportUT?wsdl" />
- <property name="wsdlEndpoint" value="TransportUT_Port" />
- <property name="wsdlService" value="SecurityTokenService" />
- <property name="appliesTo" value="urn:fediz:idp" />
- <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
- <property name="customSTSParameter" value="auth_realm" />
- </bean>
-
-</beans>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/83746b8c/systests/pom.xml
----------------------------------------------------------------------
diff --git a/systests/pom.xml b/systests/pom.xml
index bda108c..e3d651e 100644
--- a/systests/pom.xml
+++ b/systests/pom.xml
@@ -33,6 +33,7 @@
<modules>
<module>tests</module>
<module>idp</module>
+ <module>custom</module>
<module>webapps</module>
<module>jetty8</module>
<module>jetty9</module>