Fixing merge
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/d71f3286 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/d71f3286 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/d71f3286 Branch: refs/heads/1.2.x-fixes Commit: d71f3286cd12e2540ee520a4d3f0611e74a4bfaa Parents: 219cb39 Author: Colm O hEigeartaigh <[email protected]> Authored: Fri Jun 10 13:54:11 2016 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Fri Jun 10 13:54:11 2016 +0100 ---------------------------------------------------------------------- .../AudienceRestrictionTest.java | 10 +- .../AudienceRestrictionTest.java | 210 ------------------- .../test/resources/fediz_config_aud_restr.xml | 61 ------ 3 files changed, 4 insertions(+), 277 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d71f3286/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/AudienceRestrictionTest.java ---------------------------------------------------------------------- diff --git a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/AudienceRestrictionTest.java b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/AudienceRestrictionTest.java index d9822cb..654a4f6 100644 --- a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/AudienceRestrictionTest.java +++ b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/AudienceRestrictionTest.java @@ -39,7 +39,7 @@ import org.apache.catalina.LifecycleState; import org.apache.catalina.connector.Connector; import org.apache.catalina.startup.Tomcat; import org.apache.commons.io.IOUtils; -import org.apache.cxf.fediz.tomcat7.FederationAuthenticator; +import org.apache.cxf.fediz.tomcat.FederationAuthenticator; import org.apache.http.auth.AuthScope; import org.apache.http.auth.UsernamePasswordCredentials; import org.junit.AfterClass; @@ -129,9 +129,9 @@ public class AudienceRestrictionTest { content = content.replaceAll("\\$\\{idp.https.port\\}", "" + idpHttpsPort); File f2 = new File(baseDir + "/test-classes/fediz_config_aud_restr.xml"); - try (FileOutputStream outputStream = new FileOutputStream(f2)) { - IOUtils.write(content, outputStream, "UTF-8"); - } + FileOutputStream outputStream = new FileOutputStream(f2); + IOUtils.write(content, outputStream, "UTF-8"); + outputStream.close(); } FederationAuthenticator fa = new FederationAuthenticator(); @@ -203,8 +203,6 @@ public class AudienceRestrictionTest { } catch (FailingHttpStatusCodeException ex) { Assert.assertEquals(ex.getStatusCode(), 401); } - - webClient.close(); } } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d71f3286/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/AudienceRestrictionTest.java ---------------------------------------------------------------------- diff --git a/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/AudienceRestrictionTest.java b/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/AudienceRestrictionTest.java deleted file mode 100644 index 673b868..0000000 --- a/systests/tomcat8/src/test/java/org/apache/cxf/fediz/integrationtests/AudienceRestrictionTest.java +++ /dev/null @@ -1,210 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.fediz.integrationtests; - - -import java.io.File; -import java.io.FileInputStream; -import java.io.FileOutputStream; -import java.io.IOException; - -import javax.servlet.ServletException; - -import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException; -import com.gargoylesoftware.htmlunit.WebClient; -import com.gargoylesoftware.htmlunit.html.HtmlForm; -import com.gargoylesoftware.htmlunit.html.HtmlPage; -import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput; - -import org.apache.catalina.Context; -import org.apache.catalina.LifecycleException; -import org.apache.catalina.LifecycleState; -import org.apache.catalina.connector.Connector; -import org.apache.catalina.startup.Tomcat; -import org.apache.commons.io.IOUtils; -import org.apache.cxf.fediz.tomcat8.FederationAuthenticator; -import org.apache.http.auth.AuthScope; -import org.apache.http.auth.UsernamePasswordCredentials; -import org.junit.AfterClass; -import org.junit.Assert; -import org.junit.BeforeClass; - -/** - * A test to make sure that audience restriction validation is working correctly in the plugin. - */ -public class AudienceRestrictionTest { - - static String idpHttpsPort; - static String rpHttpsPort; - - private static Tomcat idpServer; - private static Tomcat rpServer; - - @BeforeClass - public static void init() throws Exception { - System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog"); - System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true"); - System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "info"); - System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", "info"); - System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info"); - System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info"); - System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info"); - System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info"); - - idpHttpsPort = System.getProperty("idp.https.port"); - Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort); - rpHttpsPort = System.getProperty("rp.https.port"); - Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort); - - idpServer = startServer(true, idpHttpsPort); - rpServer = startServer(false, rpHttpsPort); - } - - private static Tomcat startServer(boolean idp, String port) - throws ServletException, LifecycleException, IOException { - Tomcat server = new Tomcat(); - server.setPort(0); - String currentDir = new File(".").getCanonicalPath(); - String baseDir = currentDir + File.separator + "target"; - server.setBaseDir(baseDir); - - if (idp) { - server.getHost().setAppBase("tomcat/idp/webapps"); - } else { - server.getHost().setAppBase("tomcat/rp/webapps"); - } - server.getHost().setAutoDeploy(true); - server.getHost().setDeployOnStartup(true); - - Connector httpsConnector = new Connector(); - httpsConnector.setPort(Integer.parseInt(port)); - httpsConnector.setSecure(true); - httpsConnector.setScheme("https"); - //httpsConnector.setAttribute("keyAlias", keyAlias); - httpsConnector.setAttribute("keystorePass", "tompass"); - httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks"); - httpsConnector.setAttribute("truststorePass", "tompass"); - httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks"); - httpsConnector.setAttribute("clientAuth", "want"); - // httpsConnector.setAttribute("clientAuth", "false"); - httpsConnector.setAttribute("sslProtocol", "TLS"); - httpsConnector.setAttribute("SSLEnabled", true); - - server.getService().addConnector(httpsConnector); - - if (idp) { - File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts"); - server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath()); - - File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp"); - server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath()); - } else { - File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp"); - Context cxt = server.addWebapp("/fedizhelloworld", rpWebapp.getAbsolutePath()); - - // Substitute the IDP port. Necessary if running the test in eclipse where port filtering doesn't seem - // to work - File f = new File(currentDir + "/src/test/resources/fediz_config_aud_restr.xml"); - FileInputStream inputStream = new FileInputStream(f); - String content = IOUtils.toString(inputStream, "UTF-8"); - inputStream.close(); - if (content.contains("idp.https.port")) { - content = content.replaceAll("\\$\\{idp.https.port\\}", "" + idpHttpsPort); - - File f2 = new File(baseDir + "/test-classes/fediz_config_aud_restr.xml"); - try (FileOutputStream outputStream = new FileOutputStream(f2)) { - IOUtils.write(content, outputStream, "UTF-8"); - } - } - - FederationAuthenticator fa = new FederationAuthenticator(); - fa.setConfigFile(currentDir + File.separator + "target" + File.separator - + "test-classes" + File.separator + "fediz_config_aud_restr.xml"); - cxt.getPipeline().addValve(fa); - } - - server.start(); - - return server; - } - - @AfterClass - public static void cleanup() { - shutdownServer(idpServer); - shutdownServer(rpServer); - } - - private static void shutdownServer(Tomcat server) { - try { - if (server != null && server.getServer() != null - && server.getServer().getState() != LifecycleState.DESTROYED) { - if (server.getServer().getState() != LifecycleState.STOPPED) { - server.stop(); - } - server.destroy(); - } - } catch (Exception e) { - e.printStackTrace(); - } - } - - public String getIdpHttpsPort() { - return idpHttpsPort; - } - - public String getRpHttpsPort() { - return rpHttpsPort; - } - - public String getServletContextName() { - return "fedizhelloworld"; - } - - @org.junit.Test - public void testSAMLTokenWithNonMatchingAudienceRestriction() throws Exception { - String url = "https://localhost:"; + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet"; - String user = "alice"; - String password = "ecila"; - - final WebClient webClient = new WebClient(); - webClient.getOptions().setUseInsecureSSL(true); - webClient.getCredentialsProvider().setCredentials( - new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())), - new UsernamePasswordCredentials(user, password)); - - webClient.getOptions().setJavaScriptEnabled(false); - final HtmlPage idpPage = webClient.getPage(url); - webClient.getOptions().setJavaScriptEnabled(true); - Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); - - final HtmlForm form = idpPage.getFormByName("signinresponseform"); - final HtmlSubmitInput button = form.getInputByName("_eventId_submit"); - - try { - button.click(); - Assert.fail("Failure expected on a bad audience restriction value"); - } catch (FailingHttpStatusCodeException ex) { - Assert.assertEquals(ex.getStatusCode(), 401); - } - - webClient.close(); - } - -} http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/d71f3286/systests/tomcat8/src/test/resources/fediz_config_aud_restr.xml ---------------------------------------------------------------------- diff --git a/systests/tomcat8/src/test/resources/fediz_config_aud_restr.xml b/systests/tomcat8/src/test/resources/fediz_config_aud_restr.xml deleted file mode 100644 index 8a663bf..0000000 --- a/systests/tomcat8/src/test/resources/fediz_config_aud_restr.xml +++ /dev/null @@ -1,61 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---> -<!-- Place in Tomcat conf folder or other location as designated in this sample's webapp/META-INF/context.xml file. - Keystore referenced below must have IDP STS' public cert included in it. This example re-uses the Tomcat SSL - keystore (tomcat-rp.jks) for this task; alternatively you may wish to use a Fediz-specific keystore instead. ---> -<FedizConfig> - <contextConfig name="/fedizhelloworld"> - <audienceUris> - <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld2</audienceItem> - </audienceUris> - <certificateStores> - <trustManager> - <keyStore file="test-classes/clienttrust.jks" - password="storepass" type="JKS" /> - </trustManager> - </certificateStores> - <trustedIssuers> - <issuer certificateValidation="PeerTrust" /> - </trustedIssuers> - <maximumClockSkew>1000</maximumClockSkew> - <signingKey keyAlias="mytomidpkey" keyPassword="tompass"> - <keyStore file="test-classes/server.jks" password="tompass" type="JKS" /> - </signingKey> - <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; - xsi:type="federationProtocolType" version="1.0.0"> - <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm> - <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer> - <roleDelimiter>,</roleDelimiter> - <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI> - <freshness>10</freshness> - <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-A</homeRealm> - <claimTypesRequested> - <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; optional="false" /> - <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; optional="true" /> - <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; optional="true" /> - <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; optional="true" /> - </claimTypesRequested> - </protocol> - <logoutURL>/secure/logout</logoutURL> - <logoutRedirectTo>/index.html</logoutRedirectTo> - </contextConfig> -</FedizConfig> -
