Adding more SAML/JMS tests
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6995cfef Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6995cfef Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6995cfef Branch: refs/heads/3.0.x-fixes Commit: 6995cfeffeb30e0ffcdb088cc518524a27074420 Parents: 24f4557 Author: Colm O hEigeartaigh <[email protected]> Authored: Thu Nov 26 14:53:53 2015 +0000 Committer: Colm O hEigeartaigh <[email protected]> Committed: Thu Nov 26 15:21:06 2015 +0000 ---------------------------------------------------------------------- .../systest/jms/security/JMSWSSecurityTest.java | 122 ++++++++++++++++++- 1 file changed, 121 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/6995cfef/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/JMSWSSecurityTest.java ---------------------------------------------------------------------- diff --git a/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/JMSWSSecurityTest.java b/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/JMSWSSecurityTest.java index 9273bd7..3ced836 100644 --- a/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/JMSWSSecurityTest.java +++ b/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/JMSWSSecurityTest.java @@ -26,6 +26,7 @@ import java.util.List; import java.util.Map; import javax.xml.namespace.QName; +import javax.xml.ws.soap.SOAPFaultException; import org.apache.cxf.BusFactory; import org.apache.cxf.endpoint.Client; @@ -112,7 +113,7 @@ public class JMSWSSecurityTest extends AbstractBusClientServerTestBase { } @Test - public void testUnsignedSAML2AudienceRestrictionToken() throws Exception { + public void testUnsignedSAML2AudienceRestrictionTokenURI() throws Exception { QName serviceName = new QName("http://cxf.apache.org/hello_world_jms";, "HelloWorldService"); QName portName = new QName("http://cxf.apache.org/hello_world_jms";, "HelloWorldPort"); URL wsdl = getWSDLURL("/wsdl/jms_test.wsdl"); @@ -150,5 +151,124 @@ public class JMSWSSecurityTest extends AbstractBusClientServerTestBase { ((java.io.Closeable)greeter).close(); } + @Test + public void testUnsignedSAML2AudienceRestrictionTokenBadURI() throws Exception { + QName serviceName = new QName("http://cxf.apache.org/hello_world_jms";, "HelloWorldService"); + QName portName = new QName("http://cxf.apache.org/hello_world_jms";, "HelloWorldPort"); + URL wsdl = getWSDLURL("/wsdl/jms_test.wsdl"); + HelloWorldService service = new HelloWorldService(wsdl, serviceName); + + HelloWorldPortType greeter = service.getPort(portName, HelloWorldPortType.class); + + SamlCallbackHandler callbackHandler = new SamlCallbackHandler(); + callbackHandler.setSignAssertion(true); + callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER); + + ConditionsBean conditions = new ConditionsBean(); + conditions.setTokenPeriodMinutes(5); + List<String> audiences = new ArrayList<>(); + audiences.add("jms:jndi:dynamicQueues/test.jmstransport.text.bad"); + AudienceRestrictionBean audienceRestrictionBean = new AudienceRestrictionBean(); + audienceRestrictionBean.setAudienceURIs(audiences); + conditions.setAudienceRestrictions(Collections.singletonList(audienceRestrictionBean)); + + callbackHandler.setConditions(conditions); + + Map<String, Object> outProperties = new HashMap<String, Object>(); + outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_UNSIGNED); + outProperties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler); + + WSS4JOutInterceptor outInterceptor = new WSS4JOutInterceptor(outProperties); + Client client = ClientProxy.getClient(greeter); + client.getOutInterceptors().add(outInterceptor); + + try { + greeter.sayHi(); + fail("Failure expected on a bad audience restriction"); + } catch (SOAPFaultException ex) { + // expected + } + + ((java.io.Closeable)greeter).close(); + } + + @Test + public void testUnsignedSAML2AudienceRestrictionTokenServiceName() throws Exception { + QName serviceName = new QName("http://cxf.apache.org/hello_world_jms";, "HelloWorldService"); + QName portName = new QName("http://cxf.apache.org/hello_world_jms";, "HelloWorldPort"); + URL wsdl = getWSDLURL("/wsdl/jms_test.wsdl"); + HelloWorldService service = new HelloWorldService(wsdl, serviceName); + + String response = new String("Bonjour"); + HelloWorldPortType greeter = service.getPort(portName, HelloWorldPortType.class); + + SamlCallbackHandler callbackHandler = new SamlCallbackHandler(); + callbackHandler.setSignAssertion(true); + callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER); + + ConditionsBean conditions = new ConditionsBean(); + conditions.setTokenPeriodMinutes(5); + List<String> audiences = new ArrayList<>(); + audiences.add("{http://cxf.apache.org/hello_world_jms}HelloWorldService";); + AudienceRestrictionBean audienceRestrictionBean = new AudienceRestrictionBean(); + audienceRestrictionBean.setAudienceURIs(audiences); + conditions.setAudienceRestrictions(Collections.singletonList(audienceRestrictionBean)); + + callbackHandler.setConditions(conditions); + + Map<String, Object> outProperties = new HashMap<String, Object>(); + outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_UNSIGNED); + outProperties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler); + + WSS4JOutInterceptor outInterceptor = new WSS4JOutInterceptor(outProperties); + Client client = ClientProxy.getClient(greeter); + client.getOutInterceptors().add(outInterceptor); + + String reply = greeter.sayHi(); + assertNotNull("no response received from service", reply); + assertEquals(response, reply); + + ((java.io.Closeable)greeter).close(); + } + + @Test + public void testUnsignedSAML2AudienceRestrictionTokenBadServiceName() throws Exception { + QName serviceName = new QName("http://cxf.apache.org/hello_world_jms";, "HelloWorldService"); + QName portName = new QName("http://cxf.apache.org/hello_world_jms";, "HelloWorldPort"); + URL wsdl = getWSDLURL("/wsdl/jms_test.wsdl"); + HelloWorldService service = new HelloWorldService(wsdl, serviceName); + + HelloWorldPortType greeter = service.getPort(portName, HelloWorldPortType.class); + + SamlCallbackHandler callbackHandler = new SamlCallbackHandler(); + callbackHandler.setSignAssertion(true); + callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER); + + ConditionsBean conditions = new ConditionsBean(); + conditions.setTokenPeriodMinutes(5); + List<String> audiences = new ArrayList<>(); + audiences.add("{http://cxf.apache.org/hello_world_jms}BadHelloWorldService";); + AudienceRestrictionBean audienceRestrictionBean = new AudienceRestrictionBean(); + audienceRestrictionBean.setAudienceURIs(audiences); + conditions.setAudienceRestrictions(Collections.singletonList(audienceRestrictionBean)); + + callbackHandler.setConditions(conditions); + + Map<String, Object> outProperties = new HashMap<String, Object>(); + outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_UNSIGNED); + outProperties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler); + + WSS4JOutInterceptor outInterceptor = new WSS4JOutInterceptor(outProperties); + Client client = ClientProxy.getClient(greeter); + client.getOutInterceptors().add(outInterceptor); + + try { + greeter.sayHi(); + fail("Failure expected on a bad audience restriction"); + } catch (SOAPFaultException ex) { + // expected + } + ((java.io.Closeable)greeter).close(); + } }
