Author: coheigea
Date: Tue Apr 12 12:29:10 2011
New Revision: 1091384
URL: http://svn.apache.org/viewvc?rev=1091384&view=rev
Log:
[CXF-3432] - Added a test for the last commit.
Modified:
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml
cxf/trunk/systests/ws-security/src/test/resources/wsdl_systest_wssec/saml/DoubleItSaml.wsdl
Modified:
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java?rev=1091384&r1=1091383&r2=1091384&view=diff
==============================================================================
---
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
(original)
+++
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
Tue Apr 12 12:29:10 2011
@@ -29,6 +29,7 @@ import javax.xml.ws.BindingProvider;
import org.apache.cxf.Bus;
import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler;
import org.apache.cxf.systest.ws.saml.server.Server;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
@@ -76,8 +77,7 @@ public class SamlTokenTest extends Abstr
}
((BindingProvider)saml1Port).getRequestContext().put(
- "ws-security.saml-callback-handler",
- new org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler()
+ "ws-security.saml-callback-handler", new SamlCallbackHandler()
);
try {
saml1Port.doubleIt(BigInteger.valueOf(25));
@@ -87,8 +87,7 @@ public class SamlTokenTest extends Abstr
}
((BindingProvider)saml1Port).getRequestContext().put(
- "ws-security.saml-callback-handler",
- new
org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler(false)
+ "ws-security.saml-callback-handler", new SamlCallbackHandler(false)
);
BigInteger result = saml1Port.doubleIt(BigInteger.valueOf(25));
assert result.equals(BigInteger.valueOf(50));
@@ -110,7 +109,7 @@ public class SamlTokenTest extends Abstr
DoubleItService service = new DoubleItService();
DoubleItPortType saml2Port = service.getDoubleItSaml2SymmetricPort();
-
+
try {
saml2Port.doubleIt(BigInteger.valueOf(25));
fail("Expected failure on an invocation with no SAML Assertion");
@@ -119,8 +118,7 @@ public class SamlTokenTest extends Abstr
}
((BindingProvider)saml2Port).getRequestContext().put(
- "ws-security.saml-callback-handler",
- new
org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler(false)
+ "ws-security.saml-callback-handler", new SamlCallbackHandler(false)
);
try {
saml2Port.doubleIt(BigInteger.valueOf(25));
@@ -130,12 +128,45 @@ public class SamlTokenTest extends Abstr
}
((BindingProvider)saml2Port).getRequestContext().put(
- "ws-security.saml-callback-handler",
- new org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler()
+ "ws-security.saml-callback-handler", new SamlCallbackHandler()
);
BigInteger result = saml2Port.doubleIt(BigInteger.valueOf(25));
assert result.equals(BigInteger.valueOf(50));
}
+
+ /**
+ * Some negative tests. Send a sender-vouches assertion as a
SupportingToken...this will
+ * fail as the provider will demand that there is a signature covering
both the assertion
+ * and the message body.
+ */
+ @org.junit.Test
+ public void testSaml2OverSymmetricSupporting() throws Exception {
+
+ if (!unrestrictedPoliciesInstalled) {
+ return;
+ }
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ DoubleItService service = new DoubleItService();
+
+ DoubleItPortType saml2Port =
service.getDoubleItSaml2SymmetricSupportingPort();
+
+ ((BindingProvider)saml2Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", new SamlCallbackHandler()
+ );
+
+ try {
+ saml2Port.doubleIt(BigInteger.valueOf(25));
+ fail("Expected failure on an invocation with an unsigned SAML SV
Assertion");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ assert ex.getMessage().contains("Assertion fails sender-vouches
requirements");
+ }
+ }
@org.junit.Test
public void testSaml2OverAsymmetric() throws Exception {
@@ -163,8 +194,7 @@ public class SamlTokenTest extends Abstr
}
((BindingProvider)saml2Port).getRequestContext().put(
- "ws-security.saml-callback-handler",
- new
org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler(false)
+ "ws-security.saml-callback-handler", new SamlCallbackHandler(false)
);
try {
saml2Port.doubleIt(BigInteger.valueOf(25));
@@ -174,8 +204,7 @@ public class SamlTokenTest extends Abstr
}
((BindingProvider)saml2Port).getRequestContext().put(
- "ws-security.saml-callback-handler",
- new org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler()
+ "ws-security.saml-callback-handler", new SamlCallbackHandler()
);
BigInteger result = saml2Port.doubleIt(BigInteger.valueOf(25));
assert result.equals(BigInteger.valueOf(50));
@@ -196,8 +225,7 @@ public class SamlTokenTest extends Abstr
DoubleItPortType saml1Port =
service.getDoubleItSaml1SelfSignedTransportPort();
((BindingProvider)saml1Port).getRequestContext().put(
- "ws-security.saml-callback-handler",
- new
org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler(false)
+ "ws-security.saml-callback-handler", new SamlCallbackHandler(false)
);
BigInteger result = saml1Port.doubleIt(BigInteger.valueOf(25));
assert result.equals(BigInteger.valueOf(50));
@@ -222,8 +250,7 @@ public class SamlTokenTest extends Abstr
DoubleItPortType saml2Port =
service.getDoubleItSaml2SymmetricProtectionPort();
((BindingProvider)saml2Port).getRequestContext().put(
- "ws-security.saml-callback-handler",
- new org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler()
+ "ws-security.saml-callback-handler", new SamlCallbackHandler()
);
BigInteger result = saml2Port.doubleIt(BigInteger.valueOf(25));
assert result.equals(BigInteger.valueOf(50));
Modified:
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java?rev=1091384&r1=1091383&r2=1091384&view=diff
==============================================================================
---
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java
(original)
+++
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java
Tue Apr 12 12:29:10 2011
@@ -39,6 +39,7 @@ import org.opensaml.common.SAMLVersion;
*/
public class SamlCallbackHandler implements CallbackHandler {
private boolean saml2 = true;
+ private String confirmationMethod = SAML2Constants.CONF_SENDER_VOUCHES;
public SamlCallbackHandler() {
//
@@ -48,6 +49,10 @@ public class SamlCallbackHandler impleme
this.saml2 = saml2;
}
+ public void setConfirmationMethod(String confirmationMethod) {
+ this.confirmationMethod = confirmationMethod;
+ }
+
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof SAMLCallback) {
@@ -60,8 +65,7 @@ public class SamlCallbackHandler impleme
callback.setIssuer("sts");
String subjectName = "uid=sts-client,o=mock-sts.com";
String subjectQualifier = "www.mock-sts.com";
- String confirmationMethod = SAML2Constants.CONF_SENDER_VOUCHES;
- if (!saml2) {
+ if (!saml2 &&
SAML2Constants.CONF_SENDER_VOUCHES.equals(confirmationMethod)) {
confirmationMethod = SAML1Constants.CONF_SENDER_VOUCHES;
}
SubjectBean subjectBean =
Modified:
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml?rev=1091384&r1=1091383&r2=1091384&view=diff
==============================================================================
---
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml
(original)
+++
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml
Tue Apr 12 12:29:10 2011
@@ -59,9 +59,20 @@
value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
<entry key="ws-security.encryption.username" value="bob"/>
</jaxws:properties>
- </jaxws:client>
+ </jaxws:client>
+
+ <jaxws:client
name="{http://WSSec/saml}DoubleItSaml2SymmetricSupportingPort";
+ createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
+
value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+ <entry key="ws-security.encryption.properties"
+
value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ </jaxws:properties>
+ </jaxws:client>
- <jaxws:client name="{http://WSSec/saml}DoubleItSaml2AsymmetricPort";
+ <jaxws:client name="{http://WSSec/saml}DoubleItSaml2AsymmetricPort";
createdFromAPI="true">
<jaxws:properties>
<entry key="ws-security.encryption.username" value="alice"/>
@@ -73,9 +84,9 @@
<entry key="ws-security.signature.properties"
value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/>
</jaxws:properties>
- </jaxws:client>
+ </jaxws:client>
- <jaxws:client
name="{http://WSSec/saml}DoubleItSaml1SelfSignedTransportPort";
+ <jaxws:client
name="{http://WSSec/saml}DoubleItSaml1SelfSignedTransportPort";
createdFromAPI="true">
<jaxws:properties>
<entry key="ws-security.callback-handler"
@@ -85,9 +96,9 @@
value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/>
<entry key="ws-security.self-sign-saml-assertion" value="true"/>
</jaxws:properties>
- </jaxws:client>
+ </jaxws:client>
- <jaxws:client
name="{http://WSSec/saml}DoubleItSaml2SymmetricProtectionPort";
+ <jaxws:client
name="{http://WSSec/saml}DoubleItSaml2SymmetricProtectionPort";
createdFromAPI="true">
<jaxws:properties>
<entry key="ws-security.callback-handler"
@@ -96,6 +107,6 @@
value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
<entry key="ws-security.encryption.username" value="bob"/>
</jaxws:properties>
- </jaxws:client>
+ </jaxws:client>
</beans>
Modified:
cxf/trunk/systests/ws-security/src/test/resources/wsdl_systest_wssec/saml/DoubleItSaml.wsdl
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/wsdl_systest_wssec/saml/DoubleItSaml.wsdl?rev=1091384&r1=1091383&r2=1091384&view=diff
==============================================================================
---
cxf/trunk/systests/ws-security/src/test/resources/wsdl_systest_wssec/saml/DoubleItSaml.wsdl
(original)
+++
cxf/trunk/systests/ws-security/src/test/resources/wsdl_systest_wssec/saml/DoubleItSaml.wsdl
Tue Apr 12 12:29:10 2011
@@ -129,6 +129,25 @@
</wsdl:fault>
</wsdl:operation>
</wsdl:binding>
+ <wsdl:binding name="DoubleItSaml2SymmetricSupportingBinding"
type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItSaml2SymmetricSupportingPolicy" />
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http"; />
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction="" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ <wsp:PolicyReference
URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ <wsp:PolicyReference
URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+ </wsdl:output>
+ <wsdl:fault name="DoubleItFault">
+ <soap:body use="literal" name="DoubleItFault" />
+ </wsdl:fault>
+ </wsdl:operation>
+ </wsdl:binding>
<wsdl:binding name="DoubleItSaml2AsymmetricBinding"
type="tns:DoubleItPortType">
<wsp:PolicyReference URI="#DoubleItSaml2AsymmetricPolicy" />
<soap:binding style="document"
@@ -175,6 +194,10 @@
<wsdl:port name="DoubleItSaml2SymmetricPort"
binding="tns:DoubleItSaml2SymmetricBinding">
<soap:address
location="http://localhost:9001/DoubleItSaml2Symmetric"; />
</wsdl:port>
+ <wsdl:port name="DoubleItSaml2SymmetricSupportingPort"
+ binding="tns:DoubleItSaml2SymmetricSupportingBinding">
+ <soap:address
location="http://localhost:9001/DoubleItSaml2Symmetric"; />
+ </wsdl:port>
<wsdl:port name="DoubleItSaml2AsymmetricPort"
binding="tns:DoubleItSaml2AsymmetricBinding">
<soap:address
location="http://localhost:9001/DoubleItSaml2Asymmetric"; />
</wsdl:port>
@@ -310,6 +333,56 @@
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
+ <wsp:Policy wsu:Id="DoubleItSaml2SymmetricSupportingPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";>
+ <wsp:Policy>
+ <sp:WssX509V3Token10 />
+ <sp:RequireThumbprintReference />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:SupportingTokens>
+ <wsp:Policy>
+ <sp:SamlToken
+
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+ <sp:WssSamlV20Token11/>
+ </wsp:Policy>
+ </sp:SamlToken>
+ </wsp:Policy>
+ </sp:SupportingTokens>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
<wsp:Policy wsu:Id="DoubleItSaml2AsymmetricPolicy">
<wsp:ExactlyOne>
<wsp:All>
