You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cxf.apache.org by co...@apache.org on 2016/12/08 11:46:18 UTC

[1/2] cxf-fediz git commit: Fixing ForceAuthn SAML SSO tests

Repository: cxf-fediz
Updated Branches:
  refs/heads/master d4f862d93 -> bd0511cab


Fixing ForceAuthn SAML SSO tests


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/bf460dd0
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/bf460dd0
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/bf460dd0

Branch: refs/heads/master
Commit: bf460dd06658df18a348dff3ccb4bf13a8786b17
Parents: d4f862d
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Dec 8 11:15:43 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Dec 8 11:15:43 2016 +0000

----------------------------------------------------------------------
 .../apache/cxf/fediz/systests/idp/IdpTest.java  | 45 +++++++++++++++++++-
 1 file changed, 44 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bf460dd0/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
----------------------------------------------------------------------
diff --git a/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
index 186fb41..00a8b78 100644
--- a/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
+++ b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
@@ -38,6 +38,7 @@ import javax.servlet.ServletException;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
+import com.gargoylesoftware.htmlunit.CookieManager;
 import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
 import com.gargoylesoftware.htmlunit.HttpMethod;
 import com.gargoylesoftware.htmlunit.WebClient;
@@ -546,6 +547,8 @@ public class IdpTest {
         String password = "ecila";
 
         final WebClient webClient = new WebClient();
+        CookieManager cookieManager = new CookieManager();
+        webClient.setCookieManager(cookieManager);
         webClient.getOptions().setUseInsecureSSL(true);
         webClient.getCredentialsProvider().setCredentials(
             new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
@@ -595,8 +598,27 @@ public class IdpTest {
         Assert.assertTrue(parsedResponse.contains(claim));
         claim = ClaimTypes.EMAILADDRESS.toString();
         Assert.assertTrue(parsedResponse.contains(claim));
-
+        
         webClient.close();
+        
+        //
+        // Third invocation - create a new WebClient with no credentials (but with the same CookieManager)
+        // ...this should fail
+        //
+        
+        WebClient newWebClient = new WebClient();
+        newWebClient.setCookieManager(cookieManager);
+        newWebClient.getOptions().setUseInsecureSSL(true);
+        newWebClient.getOptions().setJavaScriptEnabled(false);
+        
+        try {
+            newWebClient.getPage(url);
+            Assert.fail("Failure expected on no credentials");
+        }  catch (FailingHttpStatusCodeException ex) {
+            Assert.assertEquals(ex.getStatusCode(), 401);
+        }
+        
+        newWebClient.close();
     }
     
     @org.junit.Test
@@ -654,6 +676,8 @@ public class IdpTest {
         String password = "ecila";
 
         final WebClient webClient = new WebClient();
+        CookieManager cookieManager = new CookieManager();
+        webClient.setCookieManager(cookieManager);
         webClient.getOptions().setUseInsecureSSL(true);
         webClient.getCredentialsProvider().setCredentials(
             new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
@@ -705,6 +729,25 @@ public class IdpTest {
         Assert.assertTrue(parsedResponse.contains(claim));
 
         webClient.close();
+        
+        //
+        // Third invocation - create a new WebClient with no credentials (but with the same CookieManager)
+        // ...this should fail
+        //
+        
+        WebClient newWebClient = new WebClient();
+        newWebClient.setCookieManager(cookieManager);
+        newWebClient.getOptions().setUseInsecureSSL(true);
+        newWebClient.getOptions().setJavaScriptEnabled(false);
+        
+        try {
+            newWebClient.getPage(url);
+            Assert.fail("Failure expected on no credentials");
+        }  catch (FailingHttpStatusCodeException ex) {
+            Assert.assertEquals(ex.getStatusCode(), 401);
+        }
+        
+        newWebClient.close();
     }
     
     //

[2/2] cxf-fediz git commit: Fixing ForceAuthn

Posted by co...@apache.org.

Fixing ForceAuthn


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/bd0511ca
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/bd0511ca
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/bd0511ca

Branch: refs/heads/master
Commit: bd0511cabcc7fe1163eb83af2df7a7d59ac1184f
Parents: bf460dd
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Dec 8 11:46:09 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Dec 8 11:46:09 2016 +0000

----------------------------------------------------------------------
 .../idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml     | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bd0511ca/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
index e385a25..c4adbe5 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/saml-signin-request.xml
@@ -94,7 +94,8 @@
     
     <action-state id="wfreshParserRemoteAction">
         <evaluate
-            expression="idpTokenExpiredAction.isTokenExpired(flowScope.home_realm, flowRequestContext)" />
+            expression="idpTokenExpiredAction.isTokenExpired(flowScope.home_realm, flowRequestContext)
+                        or authnRequestParser.isForceAuthentication(flowRequestContext)" />
         <transition on="yes" to="redirectToTrustedIDP" />
         <transition on="no" to="validateWReply" >
             <set name="flowScope.idpToken" value="externalContext.sessionMap[flowScope.home_realm]" />