You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2018/08/27 16:34:46 UTC
[cxf-fediz] branch master updated (46984c3 -> 59597c2)
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git.
from 46984c3 FEDIZ-224 - Adding SAML SSO Spring system tests
new 2f0c60c Adding SAML SSO system tests for CXF
new 59597c2 FEDIZ-227 - Support SAML SSO in the Jetty plugin
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../cxf/fediz/jetty9/FederationAuthenticator.java | 24 ++++--
systests/samlsso/pom.xml | 90 +++++++++++++++++++++-
.../cxf/fediz/systests/samlsso/CXFTest.java} | 49 ++++++------
.../cxf/fediz/systests/samlsso}/JettyTest.java | 22 ++++--
.../cxf/fediz/systests/samlsso}/JettyUtils.java | 2 +-
.../samlsso/src/test/resources/fediz_config.xml | 71 +++++++++++++++++
.../src/test/resources/rp-server.xml} | 14 ++--
7 files changed, 225 insertions(+), 47 deletions(-)
copy systests/{spring/src/test/java/org/apache/cxf/fediz/systests/spring/Spring3Test.java => samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/CXFTest.java} (80%)
copy systests/{jetty9/src/test/java/org/apache/cxf/fediz/systests/jetty9 => samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso}/JettyTest.java (88%)
copy systests/{jetty9/src/test/java/org/apache/cxf/fediz/systests/jetty9 => samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso}/JettyUtils.java (97%)
copy systests/{jetty9/src/test/resources/rp-expiry-server.xml => samlsso/src/test/resources/rp-server.xml} (92%)
[cxf-fediz] 02/02: FEDIZ-227 - Support SAML SSO in the Jetty plugin
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git
commit 59597c2ba48b094d9ec15c5edd5785aa06049c96
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Mon Aug 27 17:34:27 2018 +0100
FEDIZ-227 - Support SAML SSO in the Jetty plugin
---
.../cxf/fediz/jetty9/FederationAuthenticator.java | 24 +++-
systests/samlsso/pom.xml | 61 ++++++++-
.../cxf/fediz/systests/samlsso/JettyTest.java | 144 +++++++++++++++++++++
.../cxf/fediz/systests/samlsso/JettyUtils.java | 70 ++++++++++
.../samlsso/src/test/resources/fediz_config.xml | 36 ++++++
systests/samlsso/src/test/resources/rp-server.xml | 111 ++++++++++++++++
6 files changed, 439 insertions(+), 7 deletions(-)
diff --git a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationAuthenticator.java b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationAuthenticator.java
index 23837a1..dc25950 100644
--- a/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationAuthenticator.java
+++ b/plugins/jetty9/src/main/java/org/apache/cxf/fediz/jetty9/FederationAuthenticator.java
@@ -37,6 +37,7 @@ import javax.servlet.http.HttpSession;
import javax.xml.bind.JAXBException;
import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.RequestState;
import org.apache.cxf.fediz.core.SAMLSSOConstants;
import org.apache.cxf.fediz.core.config.FederationProtocol;
import org.apache.cxf.fediz.core.config.FedizConfigurator;
@@ -266,8 +267,9 @@ public class FederationAuthenticator extends LoginAuthenticator {
FedizRequest wfReq = new FedizRequest();
wfReq.setAction(action);
wfReq.setResponseToken(responseToken);
- wfReq.setState(request.getParameter("RelayState"));
+ wfReq.setState(getState(request));
wfReq.setRequest(request);
+ wfReq.setRequestState((RequestState) session.getAttribute(J_CONTEXT));
X509Certificate[] certs =
(X509Certificate[])request.getAttribute("javax.servlet.request.X509Certificate");
@@ -282,10 +284,10 @@ public class FederationAuthenticator extends LoginAuthenticator {
String nuri;
synchronized (session) {
// Check the context
- String savedContext = (String) session.getAttribute(J_CONTEXT);
- String receivedContext = request.getParameter(FederationConstants.PARAM_CONTEXT);
- if (savedContext == null || !savedContext.equals(receivedContext)) {
- LOG.warn("The received wctx parameter does not match the saved value");
+ RequestState savedRequestState = (RequestState) session.getAttribute(J_CONTEXT);
+ String receivedContext = getState(request);
+ if (savedRequestState == null || !savedRequestState.getState().equals(receivedContext)) {
+ LOG.warn("The received wctx/RelayState parameter does not match the saved value");
response.sendError(HttpServletResponse.SC_FORBIDDEN);
return Authentication.UNAUTHENTICATED;
}
@@ -459,6 +461,16 @@ public class FederationAuthenticator extends LoginAuthenticator {
return null;
}
+ private String getState(ServletRequest request) {
+ if (request.getParameter(FederationConstants.PARAM_CONTEXT) != null) {
+ return request.getParameter(FederationConstants.PARAM_CONTEXT);
+ } else if (request.getParameter(SAMLSSOConstants.RELAY_STATE) != null) {
+ return request.getParameter(SAMLSSOConstants.RELAY_STATE);
+ }
+
+ return null;
+ }
+
/* ------------------------------------------------------------ */
public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory,
User validatedUser) throws ServerAuthException {
@@ -503,7 +515,7 @@ public class FederationAuthenticator extends LoginAuthenticator {
}
synchronized (session) {
- session.setAttribute(J_CONTEXT, redirectionResponse.getRequestState().getState());
+ session.setAttribute(J_CONTEXT, redirectionResponse.getRequestState());
}
response.sendRedirect(redirectURL);
diff --git a/systests/samlsso/pom.xml b/systests/samlsso/pom.xml
index 42a7542..5f7accf 100644
--- a/systests/samlsso/pom.xml
+++ b/systests/samlsso/pom.xml
@@ -83,7 +83,40 @@
<version>${cxf.version}</version>
<scope>test</scope>
</dependency>
-
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-server</artifactId>
+ <version>${jetty9.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-security</artifactId>
+ <version>${jetty9.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-xml</artifactId>
+ <version>${jetty9.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-webapp</artifactId>
+ <version>${jetty9.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-annotations</artifactId>
+ <version>${jetty9.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf.fediz</groupId>
+ <artifactId>fediz-jetty9</artifactId>
+ <version>${project.version}</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<build>
<testResources>
@@ -121,6 +154,7 @@
<portName>rp.https.port</portName>
<portName>rp.spring.https.port</portName>
<portName>rp.cxf.https.port</portName>
+ <portName>rp.jetty.https.port</portName>
</portNames>
</configuration>
</execution>
@@ -195,6 +229,30 @@
<stripVersion>true</stripVersion>
</configuration>
</execution>
+ <execution>
+ <id>copy-jetty</id>
+ <phase>generate-resources</phase>
+ <goals>
+ <goal>copy</goal>
+ </goals>
+ <configuration>
+ <artifactItems>
+ <artifactItem>
+ <groupId>org.apache.cxf.fediz.systests.webapps</groupId>
+ <artifactId>fediz-systests-webapps-simple</artifactId>
+ <version>${project.version}</version>
+ <type>war</type>
+ <overWrite>true</overWrite>
+ <outputDirectory>target/rp/</outputDirectory>
+ </artifactItem>
+ </artifactItems>
+ <outputAbsoluteArtifactFilename>true</outputAbsoluteArtifactFilename>
+ <outputDirectory>target</outputDirectory>
+ <overWriteSnapshots>true</overWriteSnapshots>
+ <overWriteIfNewer>true</overWriteIfNewer>
+ <stripVersion>true</stripVersion>
+ </configuration>
+ </execution>
</executions>
</plugin>
<plugin>
@@ -259,6 +317,7 @@
<rp.https.port>${rp.https.port}</rp.https.port>
<rp.spring.https.port>${rp.spring.https.port}</rp.spring.https.port>
<rp.cxf.https.port>${rp.cxf.https.port}</rp.cxf.https.port>
+ <rp.jetty.https.port>${rp.jetty.https.port}</rp.jetty.https.port>
<java.util.logging.config.file>${basedir}/target/test-classes/logging.properties</java.util.logging.config.file>
</systemPropertyVariables>
<includes>
diff --git a/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/JettyTest.java b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/JettyTest.java
new file mode 100644
index 0000000..0e2096f
--- /dev/null
+++ b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/JettyTest.java
@@ -0,0 +1,144 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.systests.samlsso;
+
+import java.io.File;
+
+import org.apache.catalina.LifecycleState;
+import org.apache.catalina.connector.Connector;
+import org.apache.catalina.startup.Tomcat;
+import org.apache.cxf.fediz.systests.common.AbstractTests;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Ignore;
+
+/**
+ * Some tests for SAML SSO with the Jetty (9) plugin, invoking on the Fediz IdP configured for SAML SSO.
+ */
+public class JettyTest extends AbstractTests {
+
+ static String idpHttpsPort;
+ static String rpHttpsPort;
+
+ private static Tomcat idpServer;
+
+ @BeforeClass
+ public static void init() {
+ idpHttpsPort = System.getProperty("idp.https.port");
+ Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
+ rpHttpsPort = System.getProperty("rp.jetty.https.port");
+ Assert.assertNotNull("Property 'rp.jetty.https.port' null", rpHttpsPort);
+
+ initIdp();
+
+ JettyUtils.initRpServer();
+ JettyUtils.startRpServer();
+ }
+
+ @AfterClass
+ public static void cleanup() {
+ try {
+ if (idpServer != null && idpServer.getServer() != null
+ && idpServer.getServer().getState() != LifecycleState.DESTROYED) {
+ if (idpServer.getServer().getState() != LifecycleState.STOPPED) {
+ idpServer.stop();
+ }
+ idpServer.destroy();
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+
+ JettyUtils.stopRpServer();
+ }
+
+ private static void initIdp() {
+ try {
+ idpServer = new Tomcat();
+ idpServer.setPort(0);
+ String currentDir = new File(".").getCanonicalPath();
+ String baseDir = currentDir + File.separator + "target";
+ idpServer.setBaseDir(baseDir);
+
+ idpServer.getHost().setAppBase("tomcat/idp/webapps");
+ idpServer.getHost().setAutoDeploy(true);
+ idpServer.getHost().setDeployOnStartup(true);
+
+ Connector httpsConnector = new Connector();
+ httpsConnector.setPort(Integer.parseInt(idpHttpsPort));
+ httpsConnector.setSecure(true);
+ httpsConnector.setScheme("https");
+ httpsConnector.setAttribute("keyAlias", "mytomidpkey");
+ httpsConnector.setAttribute("keystorePass", "tompass");
+ httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
+ httpsConnector.setAttribute("truststorePass", "tompass");
+ httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
+ httpsConnector.setAttribute("clientAuth", "want");
+ // httpsConnector.setAttribute("clientAuth", "false");
+ httpsConnector.setAttribute("sslProtocol", "TLS");
+ httpsConnector.setAttribute("SSLEnabled", true);
+
+ idpServer.getService().addConnector(httpsConnector);
+
+ File stsWebapp = new File(baseDir + File.separator + idpServer.getHost().getAppBase(), "fediz-idp-sts");
+ idpServer.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
+
+ File idpWebapp = new File(baseDir + File.separator + idpServer.getHost().getAppBase(), "fediz-idp");
+ idpServer.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
+
+ idpServer.start();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ @Override
+ public String getIdpHttpsPort() {
+ return idpHttpsPort;
+ }
+
+ @Override
+ public String getRpHttpsPort() {
+ return rpHttpsPort;
+ }
+
+ @Override
+ public String getServletContextName() {
+ return "fedizhelloworldjetty";
+ }
+
+ @Override
+ protected boolean isWSFederation() {
+ return false;
+ }
+
+ @Ignore("This tests is currently failing on Jetty")
+ @Override
+ public void testConcurrentRequests() throws Exception {
+ // super.testConcurrentRequests();
+ }
+
+ @Ignore("This tests is currently failing on Jetty")
+ public void testRPLogout() throws Exception {
+ //
+ }
+
+}
diff --git a/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/JettyUtils.java b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/JettyUtils.java
new file mode 100644
index 0000000..3986d15
--- /dev/null
+++ b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/JettyUtils.java
@@ -0,0 +1,70 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.systests.samlsso;
+
+import org.eclipse.jetty.server.Server;
+import org.eclipse.jetty.util.resource.Resource;
+import org.eclipse.jetty.xml.XmlConfiguration;
+
+public final class JettyUtils {
+
+ private static Server rpServer;
+
+ private JettyUtils() {
+ }
+
+ public static void initRpServer() {
+ initRpServer("rp-server.xml");
+ }
+
+ public static void initRpServer(String configurationFile) {
+ if (rpServer == null) {
+ try {
+ Resource testServerConfig = Resource.newSystemResource(configurationFile);
+ XmlConfiguration configuration = new XmlConfiguration(testServerConfig.getInputStream());
+ rpServer = (Server)configuration.configure();
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+ }
+
+ public static void startRpServer() {
+ if (rpServer != null && !rpServer.isStarted()) {
+ try {
+ rpServer.start();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+ }
+
+ public static void stopRpServer() {
+ if (rpServer != null && rpServer.isStarted()) {
+ try {
+ rpServer.stop();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+ }
+
+}
diff --git a/systests/samlsso/src/test/resources/fediz_config.xml b/systests/samlsso/src/test/resources/fediz_config.xml
index ea03a5b..1e0144a 100644
--- a/systests/samlsso/src/test/resources/fediz_config.xml
+++ b/systests/samlsso/src/test/resources/fediz_config.xml
@@ -128,5 +128,41 @@
<logoutURL>/secure/logout</logoutURL>
<logoutRedirectTo>/index.html</logoutRedirectTo>
</contextConfig>
+ <contextConfig name="/fedizhelloworldjetty">
+ <audienceUris>
+ <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
+ </audienceUris>
+ <certificateStores>
+ <trustManager>
+ <keyStore file="clienttrust.jks"
+ password="storepass" type="JKS" />
+ </trustManager>
+ </certificateStores>
+ <trustedIssuers>
+ <issuer certificateValidation="PeerTrust" />
+ </trustedIssuers>
+ <maximumClockSkew>1000</maximumClockSkew>
+ <signingKey keyAlias="realma" keyPassword="realma">
+ <keyStore file="stsrealm_a.jks" password="storepass" type="JKS" />
+ </signingKey>
+ <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:type="samlProtocolType" version="1.0.0">
+ <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
+ <signRequest>true</signRequest>
+ <issuer>https://localhost:${idp.https.port}/fediz-idp/saml</issuer>
+ <roleDelimiter>,</roleDelimiter>
+ <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+ <disableDeflateEncoding>true</disableDeflateEncoding>
+ <claimTypesRequested>
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" optional="false" />
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" optional="true" />
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" optional="true" />
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" optional="true" />
+ </claimTypesRequested>
+ <disableClientAddressCheck>true</disableClientAddressCheck>
+ </protocol>
+ <logoutURL>/secure/logout</logoutURL>
+ <logoutRedirectTo>/index.html</logoutRedirectTo>
+ </contextConfig>
</FedizConfig>
diff --git a/systests/samlsso/src/test/resources/rp-server.xml b/systests/samlsso/src/test/resources/rp-server.xml
new file mode 100644
index 0000000..31ff812
--- /dev/null
+++ b/systests/samlsso/src/test/resources/rp-server.xml
@@ -0,0 +1,111 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd">
+
+<Configure id="RPServer" class="org.eclipse.jetty.server.Server">
+
+ <Call class="org.eclipse.jetty.util.log.Log" name="getRootLogger">
+ <Call name="setDebugEnabled">
+ <Arg type="boolean">true</Arg>
+ </Call>
+ </Call>
+
+ <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
+ <Set name="KeyStorePath">./target/test-classes/server.jks</Set>
+ <Set name="KeyStorePassword">tompass</Set>
+ <Set name="KeyManagerPassword">tompass</Set>
+ </New>
+
+ <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
+ <Set name="secureScheme">https</Set>
+ <Set name="securePort"><Property name="jetty.ssl.port" default="${rp.jetty.https.port}" /></Set>
+ </New>
+
+ <New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
+ <Arg><Ref refid="httpConfig"/></Arg>
+ <Call name="addCustomizer">
+ <Arg>
+ <New class="org.eclipse.jetty.server.SecureRequestCustomizer">
+ </New>
+ </Arg>
+ </Call>
+ </New>
+
+ <Call id="sslConnector" name="addConnector">
+ <Arg>
+ <New class="org.eclipse.jetty.server.ServerConnector">
+ <Arg name="server"><Ref refid="RPServer" /></Arg>
+ <Arg name="factories">
+ <Array type="org.eclipse.jetty.server.ConnectionFactory">
+ <Item>
+ <New class="org.eclipse.jetty.server.SslConnectionFactory">
+ <Arg name="next">http/1.1</Arg>
+ <Arg name="sslContextFactory"><Ref refid="sslContextFactory"/></Arg>
+ </New>
+ </Item>
+ <Item>
+ <New class="org.eclipse.jetty.server.HttpConnectionFactory">
+ <Arg name="config"><Ref refid="sslHttpConfig"/></Arg>
+ </New>
+ </Item>
+ </Array>
+ </Arg>
+ <Set name="host">localhost</Set>
+ <Set name="port">${rp.jetty.https.port}</Set>
+ <Set name="idleTimeout">30000</Set>
+ </New>
+ </Arg>
+ </Call>
+
+ <Set name="handler">
+ <New class="org.eclipse.jetty.server.handler.HandlerList">
+ <Set name="handlers">
+ <Array type="org.eclipse.jetty.server.Handler">
+ <Item>
+ <New class="org.eclipse.jetty.webapp.WebAppContext">
+ <Set name="contextPath">/fedizhelloworldjetty</Set>
+ <Set name="war">./target/rp/fediz-systests-webapps-simple.war</Set>
+ <!--Set name="war">./target/jetty/rp/webapps/simpleWebapp</Set>-->
+ <Set name="throwUnavailableOnStartupException">true</Set>
+
+ <Get name="securityHandler">
+ <Set name="authenticator">
+ <New class="org.apache.cxf.fediz.jetty9.FederationAuthenticator">
+ <Set name="configFile">./target/test-classes/fediz_config.xml</Set>
+ </New>
+ </Set>
+ </Get>
+ </New>
+ </Item>
+d
+ </Array>
+ </Set>
+ </New>
+ </Set>
+
+ <Call name="addBean">
+ <Arg>
+ <New class="org.apache.cxf.fediz.jetty9.FederationLoginService">
+ <Set name="name">WSFED</Set>
+ </New>
+ </Arg>
+ </Call>
+
+</Configure>
[cxf-fediz] 01/02: Adding SAML SSO system tests for CXF
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git
commit 2f0c60c39d9be96375c56929487ee60976d1eeb8
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Mon Aug 27 15:19:43 2018 +0100
Adding SAML SSO system tests for CXF
---
systests/samlsso/pom.xml | 29 ++++
.../apache/cxf/fediz/systests/samlsso/CXFTest.java | 160 +++++++++++++++++++++
.../samlsso/src/test/resources/fediz_config.xml | 35 +++++
3 files changed, 224 insertions(+)
diff --git a/systests/samlsso/pom.xml b/systests/samlsso/pom.xml
index ccd3e06..42a7542 100644
--- a/systests/samlsso/pom.xml
+++ b/systests/samlsso/pom.xml
@@ -120,6 +120,7 @@
<portName>idp.https.port</portName>
<portName>rp.https.port</portName>
<portName>rp.spring.https.port</portName>
+ <portName>rp.cxf.https.port</portName>
</portNames>
</configuration>
</execution>
@@ -179,6 +180,14 @@
<overWrite>true</overWrite>
<outputDirectory>target/tomcat/rp/webapps/fediz-systests-webapps-spring</outputDirectory>
</artifactItem>
+ <artifactItem>
+ <groupId>org.apache.cxf.fediz.systests.webapps</groupId>
+ <artifactId>fediz-systests-webapps-cxf</artifactId>
+ <version>${project.version}</version>
+ <type>war</type>
+ <overWrite>true</overWrite>
+ <outputDirectory>target/tomcat/rp/webapps/fediz-systests-webapps-cxf</outputDirectory>
+ </artifactItem>
</artifactItems>
<outputAbsoluteArtifactFilename>true</outputAbsoluteArtifactFilename>
<overWriteSnapshots>true</overWriteSnapshots>
@@ -211,6 +220,25 @@
</resources>
</configuration>
</execution>
+ <execution>
+ <id>copy-resources</id>
+ <phase>pre-integration-test</phase>
+ <goals>
+ <goal>copy-resources</goal>
+ </goals>
+ <configuration>
+ <outputDirectory>${basedir}/target/tomcat/rp/webapps/fediz-systests-webapps-cxf/WEB-INF/classes/</outputDirectory>
+ <resources>
+ <resource>
+ <directory>${basedir}/target/test-classes</directory>
+ <includes>
+ <include>fediz_config.xml</include>
+ </includes>
+ <filtering>true</filtering>
+ </resource>
+ </resources>
+ </configuration>
+ </execution>
</executions>
</plugin>
<plugin>
@@ -230,6 +258,7 @@
<idp.https.port>${idp.https.port}</idp.https.port>
<rp.https.port>${rp.https.port}</rp.https.port>
<rp.spring.https.port>${rp.spring.https.port}</rp.spring.https.port>
+ <rp.cxf.https.port>${rp.cxf.https.port}</rp.cxf.https.port>
<java.util.logging.config.file>${basedir}/target/test-classes/logging.properties</java.util.logging.config.file>
</systemPropertyVariables>
<includes>
diff --git a/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/CXFTest.java b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/CXFTest.java
new file mode 100644
index 0000000..a6db304
--- /dev/null
+++ b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/CXFTest.java
@@ -0,0 +1,160 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.systests.samlsso;
+
+import java.io.File;
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+
+import org.apache.catalina.LifecycleException;
+import org.apache.catalina.LifecycleState;
+import org.apache.catalina.connector.Connector;
+import org.apache.catalina.startup.Tomcat;
+import org.apache.cxf.fediz.systests.common.AbstractTests;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Ignore;
+
+/**
+ * Some tests for SAML SSO with the CXF plugin, invoking on the Fediz IdP configured for SAML SSO.
+ */
+public class CXFTest extends AbstractTests {
+
+ static String idpHttpsPort;
+ static String rpHttpsPort;
+
+ private static Tomcat idpServer;
+ private static Tomcat rpServer;
+
+ @BeforeClass
+ public static void init() throws Exception {
+ System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
+
+ System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true");
+
+ System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "debug");
+
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", "debug");
+
+ idpHttpsPort = System.getProperty("idp.https.port");
+ Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
+ rpHttpsPort = System.getProperty("rp.cxf.https.port");
+ Assert.assertNotNull("Property 'rp.cxf.https.port' null", rpHttpsPort);
+
+ idpServer = startServer(true, idpHttpsPort);
+ rpServer = startServer(false, rpHttpsPort);
+ }
+
+ @AfterClass
+ public static void cleanup() {
+ shutdownServer(idpServer);
+ shutdownServer(rpServer);
+ }
+
+ private static void shutdownServer(Tomcat server) {
+ try {
+ if (server != null && server.getServer() != null
+ && server.getServer().getState() != LifecycleState.DESTROYED) {
+ if (server.getServer().getState() != LifecycleState.STOPPED) {
+ server.stop();
+ }
+ server.destroy();
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ private static Tomcat startServer(boolean idp, String port)
+ throws ServletException, LifecycleException, IOException {
+ Tomcat server = new Tomcat();
+ server.setPort(0);
+ String currentDir = new File(".").getCanonicalPath();
+ String baseDir = currentDir + File.separator + "target";
+ server.setBaseDir(baseDir);
+
+ if (idp) {
+ server.getHost().setAppBase("tomcat/idp/webapps");
+ } else {
+ server.getHost().setAppBase("tomcat/rp/webapps");
+ }
+ server.getHost().setAutoDeploy(true);
+ server.getHost().setDeployOnStartup(true);
+
+ Connector httpsConnector = new Connector();
+ httpsConnector.setPort(Integer.parseInt(port));
+ httpsConnector.setSecure(true);
+ httpsConnector.setScheme("https");
+ httpsConnector.setAttribute("keyAlias", "mytomidpkey");
+ httpsConnector.setAttribute("keystorePass", "tompass");
+ httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
+ httpsConnector.setAttribute("truststorePass", "tompass");
+ httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
+ httpsConnector.setAttribute("clientAuth", "want");
+ // httpsConnector.setAttribute("clientAuth", "false");
+ httpsConnector.setAttribute("sslProtocol", "TLS");
+ httpsConnector.setAttribute("SSLEnabled", true);
+
+ server.getService().addConnector(httpsConnector);
+
+ if (idp) {
+ File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
+ server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
+
+ File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
+ server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
+ } else {
+ File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(),
+ "fediz-systests-webapps-cxf");
+ server.addWebapp("/fedizhelloworldcxf", rpWebapp.getAbsolutePath());
+ }
+
+ server.start();
+
+ return server;
+ }
+
+ @Override
+ public String getIdpHttpsPort() {
+ return idpHttpsPort;
+ }
+
+ @Override
+ public String getRpHttpsPort() {
+ return rpHttpsPort;
+ }
+
+ @Override
+ public String getServletContextName() {
+ return "fedizhelloworldcxf";
+ }
+
+ @Override
+ protected boolean isWSFederation() {
+ return false;
+ }
+
+ @Ignore("This tests is currently failing on CXF")
+ public void testRPLogout() throws Exception {
+ //
+ }
+}
diff --git a/systests/samlsso/src/test/resources/fediz_config.xml b/systests/samlsso/src/test/resources/fediz_config.xml
index c0f7da2..ea03a5b 100644
--- a/systests/samlsso/src/test/resources/fediz_config.xml
+++ b/systests/samlsso/src/test/resources/fediz_config.xml
@@ -93,5 +93,40 @@
<logoutURL>/secure/logout</logoutURL>
<logoutRedirectTo>/index.html</logoutRedirectTo>
</contextConfig>
+ <contextConfig name="/fedizhelloworldcxf">
+ <audienceUris>
+ <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
+ </audienceUris>
+ <certificateStores>
+ <trustManager>
+ <keyStore file="test-classes/clienttrust.jks"
+ password="storepass" type="JKS" />
+ </trustManager>
+ </certificateStores>
+ <trustedIssuers>
+ <issuer certificateValidation="PeerTrust" />
+ </trustedIssuers>
+ <maximumClockSkew>1000</maximumClockSkew>
+ <signingKey keyAlias="realma" keyPassword="realma">
+ <keyStore file="test-classes/stsrealm_a.jks" password="storepass" type="JKS" />
+ </signingKey>
+ <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:type="samlProtocolType" version="1.0.0">
+ <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
+ <signRequest>true</signRequest>
+ <issuer>https://localhost:${idp.https.port}/fediz-idp/saml</issuer>
+ <roleDelimiter>,</roleDelimiter>
+ <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+ <disableDeflateEncoding>true</disableDeflateEncoding>
+ <claimTypesRequested>
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role" optional="false" />
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" optional="true" />
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" optional="true" />
+ <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" optional="true" />
+ </claimTypesRequested>
+ </protocol>
+ <logoutURL>/secure/logout</logoutURL>
+ <logoutRedirectTo>/index.html</logoutRedirectTo>
+ </contextConfig>
</FedizConfig>