You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/01/25 10:55:35 UTC
cxf git commit: Fixing STS custom content tests
Repository: cxf
Updated Branches:
refs/heads/master 60a0ab978 -> 6094d8154
Fixing STS custom content tests
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6094d815
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6094d815
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6094d815
Branch: refs/heads/master
Commit: 6094d8154b685338c7af18ab4dc4ee90c0c3e2f1
Parents: 60a0ab9
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Jan 25 10:55:23 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Jan 25 10:55:23 2017 +0000
----------------------------------------------------------------------
.../systest/sts/custom/CustomParameterTest.java | 57 ++++++++++++++++++--
.../systest/sts/custom/CustomUTValidator.java | 40 +++++++++-----
2 files changed, 82 insertions(+), 15 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/6094d815/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomParameterTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomParameterTest.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomParameterTest.java
index 3ddae05..03b0f0a 100644
--- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomParameterTest.java
+++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomParameterTest.java
@@ -37,7 +37,7 @@ import org.example.contract.doubleit.DoubleItPortType;
import org.junit.BeforeClass;
/**
- * This test sends a custom WS-Trust parameter indicating the "realm" of the user, which is interpreted by the
+ * This test sends a custom parameter indicating the "realm" of the user, which is interpreted by the
* STS's CustomUTValidator.
*/
public class CustomParameterTest extends AbstractBusClientServerTestBase {
@@ -72,8 +72,8 @@ public class CustomParameterTest extends AbstractBusClientServerTestBase {
stopAllServers();
}
+
@org.junit.Test
- @org.junit.Ignore
public void testCustomParameterInRST() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
@@ -96,8 +96,50 @@ public class CustomParameterTest extends AbstractBusClientServerTestBase {
stsClient.setWsdlLocation("https://localhost:" + STSPORT + "/SecurityTokenService/UT?wsdl");
stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}UT_Port");
+
+ Map<String, Object> properties = new HashMap<>();
+ properties.put("security.username", "alice");
+ properties.put("security.callback-handler", "org.apache.cxf.systest.sts.common.CommonCallbackHandler");
+ properties.put("security.sts.token.username", "myclientkey");
+ properties.put("security.sts.token.properties", "clientKeystore.properties");
+ properties.put("security.sts.token.usecert", "true");
+ stsClient.setProperties(properties);
+
+ ((BindingProvider)transportClaimsPort).getRequestContext().put(SecurityConstants.STS_CLIENT, stsClient);
+
+ // Successful test
+
// Add custom content to the RST
stsClient.setCustomContent("<realm xmlns=\"http://cxf.apache.org/custom\">custom-realm</realm>");
+ doubleIt(transportClaimsPort, 25);
+
+ ((java.io.Closeable)transportClaimsPort).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
+ public void testCustomParameterInRST2() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = CustomParameterTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = CustomParameterTest.class.getResource("DoubleIt.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItTransportCustomParameterPort");
+ DoubleItPortType transportClaimsPort =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(transportClaimsPort, PORT);
+
+ TokenTestUtils.updateSTSPort((BindingProvider)transportClaimsPort, STSPORT);
+
+ STSClient stsClient = new STSClient(bus);
+ stsClient.setWsdlLocation("https://localhost:" + STSPORT + "/SecurityTokenService/UT?wsdl");
+ stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
+ stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}UT_Port");
Map<String, Object> properties = new HashMap<>();
properties.put("security.username", "alice");
@@ -109,7 +151,16 @@ public class CustomParameterTest extends AbstractBusClientServerTestBase {
((BindingProvider)transportClaimsPort).getRequestContext().put(SecurityConstants.STS_CLIENT, stsClient);
- doubleIt(transportClaimsPort, 25);
+ // Failing test
+
+ // Add custom content to the RST
+ stsClient.setCustomContent("<realm xmlns=\"http://cxf.apache.org/custom\">custom-unknown-realm</realm>");
+ try {
+ doubleIt(transportClaimsPort, 25);
+ fail("Failure expected on the wrong realm");
+ } catch (Exception ex) {
+ // expected
+ }
((java.io.Closeable)transportClaimsPort).close();
bus.shutdown(true);
http://git-wip-us.apache.org/repos/asf/cxf/blob/6094d815/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomUTValidator.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomUTValidator.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomUTValidator.java
index 1e5f2de..fd4e8f4 100644
--- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomUTValidator.java
+++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomUTValidator.java
@@ -19,13 +19,17 @@
package org.apache.cxf.systest.sts.custom;
-import org.w3c.dom.Document;
+import javax.xml.soap.SOAPException;
+import javax.xml.soap.SOAPMessage;
+
import org.w3c.dom.Element;
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor;
+import org.apache.cxf.binding.soap.saaj.SAAJUtils;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.handler.RequestData;
-import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.wss4j.dom.validate.Credential;
import org.apache.wss4j.dom.validate.UsernameTokenValidator;
import org.apache.wss4j.dom.validate.Validator;
@@ -41,20 +45,32 @@ public class CustomUTValidator implements Validator {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential");
}
- // Find custom Element in the SOAP Body
- Document doc = credential.getUsernametoken().getElement().getOwnerDocument();
- Element soapBody = WSSecurityUtil.findBodyElement(doc);
- Element realm = XMLUtils.findElement(soapBody, "realm", "http://cxf.apache.org/custom");
- if (realm != null) {
- String realmStr = realm.getTextContent();
- if ("custom-realm".equals(realmStr)) {
-
- UsernameTokenValidator validator = new UsernameTokenValidator();
- return validator.validate(credential, data);
+ // Need to use SAAJ to get the SOAP Body as we are just using the UsernameTokenInterceptor
+ SOAPMessage soapMessage = getSOAPMessage((SoapMessage)data.getMsgContext());
+ try {
+ Element soapBody = SAAJUtils.getBody(soapMessage);
+
+ if (soapBody != null) {
+ // Find custom Element in the SOAP Body
+ Element realm = XMLUtils.findElement(soapBody, "realm", "http://cxf.apache.org/custom");
+ if (realm != null) {
+ String realmStr = realm.getTextContent();
+ if ("custom-realm".equals(realmStr)) {
+
+ UsernameTokenValidator validator = new UsernameTokenValidator();
+ return validator.validate(credential, data);
+ }
+ }
}
+ } catch (SOAPException ex) {
+ // ignore
}
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential");
}
+ private SOAPMessage getSOAPMessage(SoapMessage msg) {
+ SAAJInInterceptor.INSTANCE.handleMessage(msg);
+ return msg.getContent(SOAPMessage.class);
+ }
}