You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/12/08 11:46:18 UTC
[1/2] cxf-fediz git commit: Fixing ForceAuthn SAML SSO tests
Repository: cxf-fediz
Updated Branches:
refs/heads/master d4f862d93 -> bd0511cab
Fixing ForceAuthn SAML SSO tests
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/bf460dd0
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/bf460dd0
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/bf460dd0
Branch: refs/heads/master
Commit: bf460dd06658df18a348dff3ccb4bf13a8786b17
Parents: d4f862d
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Dec 8 11:15:43 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Dec 8 11:15:43 2016 +0000
----------------------------------------------------------------------
.../apache/cxf/fediz/systests/idp/IdpTest.java | 45 +++++++++++++++++++-
1 file changed, 44 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf460dd0/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
----------------------------------------------------------------------
diff --git a/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
index 186fb41..00a8b78 100644
--- a/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
+++ b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
@@ -38,6 +38,7 @@ import javax.servlet.ServletException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+import com.gargoylesoftware.htmlunit.CookieManager;
import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
import com.gargoylesoftware.htmlunit.HttpMethod;
import com.gargoylesoftware.htmlunit.WebClient;
@@ -546,6 +547,8 @@ public class IdpTest {
String password = "ecila";
final WebClient webClient = new WebClient();
+ CookieManager cookieManager = new CookieManager();
+ webClient.setCookieManager(cookieManager);
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
@@ -595,8 +598,27 @@ public class IdpTest {
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue(parsedResponse.contains(claim));
-
+
webClient.close();
+
+ //
+ // Third invocation - create a new WebClient with no credentials (but with the same CookieManager)
+ // ...this should fail
+ //
+
+ WebClient newWebClient = new WebClient();
+ newWebClient.setCookieManager(cookieManager);
+ newWebClient.getOptions().setUseInsecureSSL(true);
+ newWebClient.getOptions().setJavaScriptEnabled(false);
+
+ try {
+ newWebClient.getPage(url);
+ Assert.fail("Failure expected on no credentials");
+ } catch (FailingHttpStatusCodeException ex) {
+ Assert.assertEquals(ex.getStatusCode(), 401);
+ }
+
+ newWebClient.close();
}
@org.junit.Test
@@ -654,6 +676,8 @@ public class IdpTest {
String password = "ecila";
final WebClient webClient = new WebClient();
+ CookieManager cookieManager = new CookieManager();
+ webClient.setCookieManager(cookieManager);
webClient.getOptions().setUseInsecureSSL(true);
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
@@ -705,6 +729,25 @@ public class IdpTest {
Assert.assertTrue(parsedResponse.contains(claim));
webClient.close();
+
+ //
+ // Third invocation - create a new WebClient with no credentials (but with the same CookieManager)
+ // ...this should fail
+ //
+
+ WebClient newWebClient = new WebClient();
+ newWebClient.setCookieManager(cookieManager);
+ newWebClient.getOptions().setUseInsecureSSL(true);
+ newWebClient.getOptions().setJavaScriptEnabled(false);
+
+ try {
+ newWebClient.getPage(url);
+ Assert.fail("Failure expected on no credentials");
+ } catch (FailingHttpStatusCodeException ex) {
+ Assert.assertEquals(ex.getStatusCode(), 401);
+ }
+
+ newWebClient.close();
}
//
[2/2] cxf-fediz git commit: Fixing ForceAuthn
Posted by co...@apache.org.
Fixing ForceAuthn
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/bd0511ca
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/bd0511ca
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/bd0511ca
Branch: refs/heads/master
Commit: bd0511cabcc7fe1163eb83af2df7a7d59ac1184f
Parents: bf460dd
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Dec 8 11:46:09 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Dec 8 11:46:09 2016 +0000
----------------------------------------------------------------------
.../idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bd0511ca/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
index e385a25..c4adbe5 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
@@ -94,7 +94,8 @@
<action-state id="wfreshParserRemoteAction">
<evaluate
- expression="idpTokenExpiredAction.isTokenExpired(flowScope.home_realm, flowRequestContext)" />
+ expression="idpTokenExpiredAction.isTokenExpired(flowScope.home_realm, flowRequestContext)
+ or authnRequestParser.isForceAuthentication(flowRequestContext)" />
<transition on="yes" to="redirectToTrustedIDP" />
<transition on="no" to="validateWReply" >
<set name="flowScope.idpToken" value="externalContext.sessionMap[flowScope.home_realm]" />