Author: veithen
Date: Sat Apr 10 13:13:36 2010
New Revision: 932716
URL: http://svn.apache.org/viewvc?rev=932716&view=rev
Log:
Added a systest for URL based authentication with Spring Security and JAX-RS
(using HTTP session to store the authentication token).
Added:
cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/LoginService.java
(with props)
cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/SpringUrlBasedAuthJaxrsTest.java
(with props)
cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_url_based_auth_jaxrs/
cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_url_based_auth_jaxrs/WEB-INF/
cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_url_based_auth_jaxrs/WEB-INF/beans.xml
(with props)
cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_url_based_auth_jaxrs/WEB-INF/web.xml
(with props)
Added:
cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/LoginService.java
URL:
http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/LoginService.java?rev=932716&view=auto
==============================================================================
---
cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/LoginService.java
(added)
+++
cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/LoginService.java
Sat Apr 10 13:13:36 2010
@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.security;
+
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+
+import org.springframework.security.Authentication;
+import org.springframework.security.AuthenticationException;
+import org.springframework.security.AuthenticationManager;
+import org.springframework.security.context.SecurityContextHolder;
+import
org.springframework.security.providers.UsernamePasswordAuthenticationToken;
+
+...@path("/login")
+public class LoginService {
+ private AuthenticationManager authenticationManager;
+
+ public void setAuthenticationManager(AuthenticationManager
authenticationManager) {
+ this.authenticationManager = authenticationManager;
+ }
+
+ @GET
+ @Produces("text/plain")
+ public String login(@QueryParam("user") String user,
@QueryParam("password") String password) {
+ Authentication authentication = new
UsernamePasswordAuthenticationToken(user, password);
+ try {
+ SecurityContextHolder.getContext().setAuthentication(
+ authenticationManager.authenticate(authentication));
+ return "OK";
+ } catch (AuthenticationException ex) {
+ return "FAILED: " + ex.getMessage();
+ }
+ }
+}
Propchange:
cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/LoginService.java
------------------------------------------------------------------------------
svn:eol-style = native
Added:
cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/SpringUrlBasedAuthJaxrsTest.java
URL:
http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/SpringUrlBasedAuthJaxrsTest.java?rev=932716&view=auto
==============================================================================
---
cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/SpringUrlBasedAuthJaxrsTest.java
(added)
+++
cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/SpringUrlBasedAuthJaxrsTest.java
Sat Apr 10 13:13:36 2010
@@ -0,0 +1,77 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.security;
+
+import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.cxf.testutil.common.AbstractClientServerTestBase;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+/**
+ * Systest for URL based authentication with JAX-RS. Scenario:
+ * <ul>
+ * <li>Authentication is handled in a JAX-RS resource (see {...@link
LoginService}).
+ * <li>The Spring Security servlet filters are used to store the authentication
+ * token in the HTTP session and retrieve it during subsequent requests.
+ * <li>Method security is used to protect access to resources.
+ * </ul>
+ * This scenario is supported out of the box by Spring Security and CXF and
+ * doesn't need any additional integration.
+ */
+public class SpringUrlBasedAuthJaxrsTest extends AbstractClientServerTestBase {
+ public static class SpringServer extends AbstractSpringServer {
+ public SpringServer() {
+ super("/security_spring_url_based_auth_jaxrs");
+ }
+
+ public static void main(String args[]) {
+ try {
+ SpringServer s = new SpringServer();
+ s.start();
+ } catch (Exception ex) {
+ ex.printStackTrace();
+ System.exit(-1);
+ } finally {
+ System.out.println("done!");
+ }
+ }
+ }
+
+ @BeforeClass
+ public static void beforeClass() throws Exception {
+ assertTrue(launchServer(SpringServer.class));
+ }
+
+ @Test
+ public void testUnauthenticated() {
+ WebClient client = WebClient.create("http://localhost:9080/greeting";);
+ assertEquals(500, client.accept("text/plain").get().getStatus());
+ }
+
+// @Test
+ // TODO: this doesn't work yet because WebClient doesn't support cookies;
+ // need to rewrite this with Apache HttpClient
+ public void testAuthenticated() {
+ WebClient client = WebClient.create("http://localhost:9080/";);
+ client.path("/login").query("user", "joe").query("password",
"password").accept("text/plain");
+ assertEquals("OK", client.get(String.class));
+ client.back(true);
+
assertTrue(client.path("/greeting").accept("text/plain").get(String.class).contains("joe"));
+ }
+}
Propchange:
cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/SpringUrlBasedAuthJaxrsTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Added:
cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_url_based_auth_jaxrs/WEB-INF/beans.xml
URL:
http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_url_based_auth_jaxrs/WEB-INF/beans.xml?rev=932716&view=auto
==============================================================================
---
cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_url_based_auth_jaxrs/WEB-INF/beans.xml
(added)
+++
cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_url_based_auth_jaxrs/WEB-INF/beans.xml
Sat Apr 10 13:13:36 2010
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xmlns:security="http://www.springframework.org/schema/security";
+ xmlns:jaxrs="http://cxf.apache.org/jaxrs";
+ xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.4.xsd
+ http://cxf.apache.org/jaxrs
http://cxf.apache.org/schemas/jaxrs.xsd";>
+
+ <import resource="classpath:META-INF/cxf/cxf.xml"/>
+ <import resource="classpath*:META-INF/cxf/cxf-*.xml"/>
+ <import resource="classpath:META-INF/cxf/cxf-servlet.xml"/>
+
+ <security:global-method-security secured-annotations="enabled"/>
+
+ <security:authentication-provider>
+ <security:user-service>
+ <security:user name="joe" password="password"
authorities="ROLE_USER"/>
+ <security:user name="bob" password="password"
authorities="ROLE_USER"/>
+ </security:user-service>
+ </security:authentication-provider>
+
+ <security:authentication-manager alias="authenticationManager"/>
+
+ <bean id="springSecurityFilterChain"
class="org.springframework.security.util.FilterChainProxy">
+ <security:filter-chain-map path-type="ant">
+ <security:filter-chain
filters="httpSessionContextIntegrationFilter,securityContextHolderAwareRequestFilter"
pattern="/**"/>
+ </security:filter-chain-map>
+ </bean>
+
+ <!-- HttpSessionContextIntegrationFilter will store the authentication
token in the HTTP session and
+ retrieve it during subsequent requests -->
+ <bean id="httpSessionContextIntegrationFilter"
class="org.springframework.security.context.HttpSessionContextIntegrationFilter">
+ <!-- If forceEagerSessionCreation is not set to true, then no cookie
will be returned by /login,
+ probably because CXF flushes the response before the filter
stores the authentication token
+ in the session -->
+ <property name="forceEagerSessionCreation" value="true"/>
+ </bean>
+
+ <!-- We need this filter to support javax.ws.rs.core.SecurityContext -->
+ <bean id="securityContextHolderAwareRequestFilter"
class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter">
+ <property name="wrapperClass"
value="org.springframework.security.wrapper.SecurityContextHolderAwareRequestWrapper"/>
+ </bean>
+
+ <jaxrs:server address="/">
+ <jaxrs:serviceBeans>
+ <bean class="org.apache.cxf.systest.security.LoginService">
+ <property name="authenticationManager"
ref="authenticationManager"/>
+ </bean>
+ <bean class="org.apache.cxf.systest.security.GreeterService"/>
+ </jaxrs:serviceBeans>
+ </jaxrs:server>
+</beans>
Propchange:
cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_url_based_auth_jaxrs/WEB-INF/beans.xml
------------------------------------------------------------------------------
svn:eol-style = native
Added:
cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_url_based_auth_jaxrs/WEB-INF/web.xml
URL:
http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_url_based_auth_jaxrs/WEB-INF/web.xml?rev=932716&view=auto
==============================================================================
---
cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_url_based_auth_jaxrs/WEB-INF/web.xml
(added)
+++
cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_url_based_auth_jaxrs/WEB-INF/web.xml
Sat Apr 10 13:13:36 2010
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE web-app
+ PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
+ "http://java.sun.com/dtd/web-app_2_3.dtd";>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<!-- START SNIPPET: webxml -->
+<web-app>
+ <context-param>
+ <param-name>contextConfigLocation</param-name>
+ <param-value>WEB-INF/beans.xml</param-value>
+ </context-param>
+
+ <listener>
+ <listener-class>
+ org.springframework.web.context.ContextLoaderListener
+ </listener-class>
+ </listener>
+
+ <filter>
+ <filter-name>springSecurityFilterChain</filter-name>
+
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+ </filter>
+
+ <filter-mapping>
+ <filter-name>springSecurityFilterChain</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
+
+ <servlet>
+ <servlet-name>CXFServlet</servlet-name>
+ <display-name>CXF Servlet</display-name>
+ <servlet-class>
+ org.apache.cxf.transport.servlet.CXFServlet
+ </servlet-class>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>CXFServlet</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+</web-app>
+<!-- END SNIPPET: webxml -->
Propchange:
cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_url_based_auth_jaxrs/WEB-INF/web.xml
------------------------------------------------------------------------------
svn:eol-style = native
