You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2018/08/27 13:19:38 UTC
[cxf-fediz] branch 1.4.x-fixes updated (f56b655 -> 9279230)
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a change to branch 1.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git.
from f56b655 Merge pull request #29 from nachtfisch/FEDIZ-224
new b4cb584 FEDIZ-224 - Adding SAML SSO Spring system tests
new 9279230 Fixing test
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
systests/samlsso/pom.xml | 28 +++++++++++++++++
.../cxf/fediz/systests/samlsso}/SpringTest.java | 25 ++++++++++++---
.../samlsso/src/test/resources/fediz_config.xml | 36 ++++++++++++++++++++++
.../src/test/resources/realma/entities-realma.xml | 34 ++++++++++++++++++++
4 files changed, 118 insertions(+), 5 deletions(-)
copy systests/{spring/src/test/java/org/apache/cxf/fediz/integrationtests => samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso}/SpringTest.java (89%)
[cxf-fediz] 01/02: FEDIZ-224 - Adding SAML SSO Spring system tests
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 1.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git
commit b4cb584ca079567c4501ddd3c1b32c87abebc890
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Mon Aug 27 12:57:55 2018 +0100
FEDIZ-224 - Adding SAML SSO Spring system tests
---
systests/samlsso/pom.xml | 28 ++++
.../cxf/fediz/systests/samlsso/SpringTest.java | 183 +++++++++++++++++++++
.../samlsso/src/test/resources/fediz_config.xml | 36 ++++
.../src/test/resources/realma/entities-realma.xml | 34 ++++
4 files changed, 281 insertions(+)
diff --git a/systests/samlsso/pom.xml b/systests/samlsso/pom.xml
index 6d27e34..d067b1b 100644
--- a/systests/samlsso/pom.xml
+++ b/systests/samlsso/pom.xml
@@ -92,6 +92,24 @@
</dependencies>
<build>
+ <testResources>
+ <testResource>
+ <directory>src/test/resources</directory>
+ <filtering>true</filtering>
+ <includes>
+ <include>**/*.xml</include>
+ </includes>
+ </testResource>
+ <testResource>
+ <directory>src/test/resources</directory>
+ <filtering>false</filtering>
+ <includes>
+ <include>**/*.jks</include>
+ <include>**/*.cert</include>
+ <include>**/*.properties</include>
+ </includes>
+ </testResource>
+ </testResources>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
@@ -107,6 +125,7 @@
<portNames>
<portName>idp.https.port</portName>
<portName>rp.https.port</portName>
+ <portName>rp.spring.https.port</portName>
</portNames>
</configuration>
</execution>
@@ -158,6 +177,14 @@
<outputDirectory>target/test-classes</outputDirectory>
<includes>**/*.jks</includes>
</artifactItem>
+ <artifactItem>
+ <groupId>org.apache.cxf.fediz.systests.webapps</groupId>
+ <artifactId>fediz-systests-webapps-spring</artifactId>
+ <version>${project.version}</version>
+ <type>war</type>
+ <overWrite>true</overWrite>
+ <outputDirectory>target/tomcat/rp/webapps/fediz-systests-webapps-spring</outputDirectory>
+ </artifactItem>
</artifactItems>
<outputAbsoluteArtifactFilename>true</outputAbsoluteArtifactFilename>
<overWriteSnapshots>true</overWriteSnapshots>
@@ -208,6 +235,7 @@
<wt.headless>true</wt.headless>
<idp.https.port>${idp.https.port}</idp.https.port>
<rp.https.port>${rp.https.port}</rp.https.port>
+ <rp.spring.https.port>${rp.spring.https.port}</rp.spring.https.port>
<java.util.logging.config.file>${basedir}/target/test-classes/logging.properties</java.util.logging.config.file>
</systemPropertyVariables>
<includes>
diff --git a/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/SpringTest.java b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/SpringTest.java
new file mode 100644
index 0000000..4a6458c
--- /dev/null
+++ b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/SpringTest.java
@@ -0,0 +1,183 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.systests.samlsso;
+
+import java.io.File;
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+
+import org.apache.catalina.LifecycleException;
+import org.apache.catalina.LifecycleState;
+import org.apache.catalina.connector.Connector;
+import org.apache.catalina.startup.Tomcat;
+import org.apache.cxf.fediz.systests.common.AbstractTests;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Ignore;
+
+/**
+ * Some tests for SAML SSO with the Spring (4) plugin, invoking on the Fediz IdP configured for SAML SSO.
+ */
+public class SpringTest extends AbstractTests {
+
+ static String idpHttpsPort;
+ static String rpHttpsPort;
+
+ private static Tomcat idpServer;
+ private static Tomcat rpServer;
+
+ @BeforeClass
+ public static void init() throws Exception {
+ System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
+
+ System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true");
+
+ System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "debug");
+
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", "debug");
+
+ idpHttpsPort = System.getProperty("idp.https.port");
+ Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
+ rpHttpsPort = System.getProperty("rp.spring.https.port");
+ Assert.assertNotNull("Property 'rp.spring.https.port' null", rpHttpsPort);
+
+ idpServer = startServer(true, idpHttpsPort);
+ rpServer = startServer(false, rpHttpsPort);
+ }
+
+ @AfterClass
+ public static void cleanup() {
+ shutdownServer(idpServer);
+ shutdownServer(rpServer);
+ }
+
+ private static void shutdownServer(Tomcat server) {
+ try {
+ if (server != null && server.getServer() != null
+ && server.getServer().getState() != LifecycleState.DESTROYED) {
+ if (server.getServer().getState() != LifecycleState.STOPPED) {
+ server.stop();
+ }
+ server.destroy();
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ private static Tomcat startServer(boolean idp, String port)
+ throws ServletException, LifecycleException, IOException {
+ Tomcat server = new Tomcat();
+ server.setPort(0);
+ String currentDir = new File(".").getCanonicalPath();
+ String baseDir = currentDir + File.separator + "target";
+ server.setBaseDir(baseDir);
+
+ if (idp) {
+ server.getHost().setAppBase("tomcat/idp/webapps");
+ } else {
+ server.getHost().setAppBase("tomcat/rp/webapps");
+ }
+ server.getHost().setAutoDeploy(true);
+ server.getHost().setDeployOnStartup(true);
+
+ Connector httpsConnector = new Connector();
+ httpsConnector.setPort(Integer.parseInt(port));
+ httpsConnector.setSecure(true);
+ httpsConnector.setScheme("https");
+ httpsConnector.setAttribute("keyAlias", "mytomidpkey");
+ httpsConnector.setAttribute("keystorePass", "tompass");
+ httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
+ httpsConnector.setAttribute("truststorePass", "tompass");
+ httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
+ httpsConnector.setAttribute("clientAuth", "want");
+ // httpsConnector.setAttribute("clientAuth", "false");
+ httpsConnector.setAttribute("sslProtocol", "TLS");
+ httpsConnector.setAttribute("SSLEnabled", true);
+
+ server.getService().addConnector(httpsConnector);
+
+ if (idp) {
+ File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
+ server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
+
+ File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
+ server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
+ } else {
+ File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(),
+ "fediz-systests-webapps-spring");
+ server.addWebapp("/fedizhelloworldspring", rpWebapp.getAbsolutePath());
+ }
+
+ server.start();
+
+ return server;
+ }
+
+ @Override
+ public String getIdpHttpsPort() {
+ return idpHttpsPort;
+ }
+
+ @Override
+ public String getRpHttpsPort() {
+ return rpHttpsPort;
+ }
+
+ @Override
+ public String getServletContextName() {
+ return "fedizhelloworldspring";
+ }
+
+ @Override
+ protected boolean isWSFederation() {
+ return false;
+ }
+
+ @Ignore("This tests is currently failing on Spring")
+ @Override
+ public void testConcurrentRequests() throws Exception {
+ // super.testConcurrentRequests();
+ }
+
+ @Ignore("This tests is currently failing on Spring")
+ public void testRPLogout() throws Exception {
+ //
+ }
+
+ @Override
+ @org.junit.Test
+ public void testCSRFAttack() throws Exception {
+ String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ + "/j_spring_fediz_security_check";
+ csrfAttackTest(url);
+ }
+
+ @Override
+ @org.junit.Test
+ public void testCSRFAttack2() throws Exception {
+ String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ + "/j_spring_fediz_security_check";
+ csrfAttackTest2(url);
+ }
+
+}
diff --git a/systests/samlsso/src/test/resources/fediz_config.xml b/systests/samlsso/src/test/resources/fediz_config.xml
index 232ee80..c0f7da2 100644
--- a/systests/samlsso/src/test/resources/fediz_config.xml
+++ b/systests/samlsso/src/test/resources/fediz_config.xml
@@ -57,5 +57,41 @@
<logoutURL>/secure/logout</logoutURL>
<logoutRedirectTo>/index.html</logoutRedirectTo>
</contextConfig>
+ <contextConfig name="/fedizhelloworldspring">
+ <audienceUris>
+ <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
+ </audienceUris>
+ <certificateStores>
+ <trustManager>
+ <keyStore file="test-classes/clienttrust.jks" password="storepass" type="JKS" />
+ </trustManager>
+ </certificateStores>
+ <trustedIssuers>
+ <issuer certificateValidation="PeerTrust" />
+ </trustedIssuers>
+ <maximumClockSkew>1000</maximumClockSkew>
+ <signingKey keyAlias="realma" keyPassword="realma">
+ <keyStore file="test-classes/stsrealm_a.jks" password="storepass" type="JKS" />
+ </signingKey>
+ <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:type="samlProtocolType" version="1.0.0">
+ <realm>urn:org:apache:cxf:fediz:fedizhelloworldspring</realm>
+ <signRequest>true</signRequest>
+ <issuer>https://localhost:${idp.https.port}/fediz-idp/saml</issuer>
+ <roleDelimiter>,</roleDelimiter>
+ <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+ <reply>/j_spring_fediz_security_check</reply>
+ <disableDeflateEncoding>true</disableDeflateEncoding>
+ <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-A</homeRealm>
+ <claimTypesRequested>
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" optional="false" />
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" optional="true" />
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" optional="true" />
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" optional="true" />
+ </claimTypesRequested>
+ </protocol>
+ <logoutURL>/secure/logout</logoutURL>
+ <logoutRedirectTo>/index.html</logoutRedirectTo>
+ </contextConfig>
</FedizConfig>
diff --git a/systests/samlsso/src/test/resources/realma/entities-realma.xml b/systests/samlsso/src/test/resources/realma/entities-realma.xml
index 8d9623b..9989758 100644
--- a/systests/samlsso/src/test/resources/realma/entities-realma.xml
+++ b/systests/samlsso/src/test/resources/realma/entities-realma.xml
@@ -118,6 +118,7 @@
<property name="applications">
<util:list>
<ref bean="srv-fedizhelloworld" />
+ <ref bean="srv-spring-fedizhelloworld" />
</util:list>
</property>
<!--
@@ -164,6 +165,18 @@
<property name="validatingCertificate" value="realma.cert" />
</bean>
+ <bean id="srv-spring-fedizhelloworld" class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity">
+ <property name="realm" value="urn:org:apache:cxf:fediz:fedizhelloworldspring" />
+ <property name="protocol" value="urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser" />
+ <property name="serviceDisplayName" value="Fedizhelloworld" />
+ <property name="serviceDescription" value="Web Application to illustrate SAML SSO" />
+ <property name="role" value="ApplicationServiceType" />
+ <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" />
+ <property name="lifeTime" value="3600" />
+ <property name="passiveRequestorEndpointConstraint" value="https://localhost:?(\d)*/.*" />
+ <property name="validatingCertificate" value="realma.cert" />
+ </bean>
+
<bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
<property name="application" ref="srv-fedizhelloworld" />
<property name="claim" ref="claim_role" />
@@ -185,6 +198,27 @@
<property name="optional" value="false" />
</bean>
+ <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
+ <property name="application" ref="srv-spring-fedizhelloworld" />
+ <property name="claim" ref="claim_role" />
+ <property name="optional" value="false" />
+ </bean>
+ <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
+ <property name="application" ref="srv-spring-fedizhelloworld" />
+ <property name="claim" ref="claim_givenname" />
+ <property name="optional" value="false" />
+ </bean>
+ <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
+ <property name="application" ref="srv-spring-fedizhelloworld" />
+ <property name="claim" ref="claim_surname" />
+ <property name="optional" value="false" />
+ </bean>
+ <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
+ <property name="application" ref="srv-spring-fedizhelloworld" />
+ <property name="claim" ref="claim_email" />
+ <property name="optional" value="false" />
+ </bean>
+
<bean id="claim_role"
class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
<property name="claimType"
[cxf-fediz] 02/02: Fixing test
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 1.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git
commit 92792300624f8541e1a826af2d32e73b17945b77
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Mon Aug 27 14:19:28 2018 +0100
Fixing test
---
.../src/test/java/org/apache/cxf/fediz/systests/samlsso/SpringTest.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/SpringTest.java b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/SpringTest.java
index 4a6458c..a3ad21c 100644
--- a/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/SpringTest.java
+++ b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/SpringTest.java
@@ -28,7 +28,7 @@ import org.apache.catalina.LifecycleException;
import org.apache.catalina.LifecycleState;
import org.apache.catalina.connector.Connector;
import org.apache.catalina.startup.Tomcat;
-import org.apache.cxf.fediz.systests.common.AbstractTests;
+import org.apache.cxf.fediz.integrationtests.AbstractTests;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;