Adding a test for CXF-7314
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/43203821 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/43203821 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/43203821 Branch: refs/heads/3.1.x-fixes Commit: 432038214b8aba9afadb1d326ab057f867022ee2 Parents: 2f735ea Author: Colm O hEigeartaigh <[email protected]> Authored: Thu May 11 12:56:27 2017 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Thu May 11 12:57:14 2017 +0100 ---------------------------------------------------------------------- .../custom_onbehalfof/CustomOnBehalfOfTest.java | 38 +++++++++++++-- .../LocalBSTTokenValidator.java | 38 +++++++++++++++ .../LocalDoubleItPortTypeImpl.java | 51 ++++++++++++++++++++ .../SAMLDoubleItPortTypeImpl.java | 51 ++++++++++++++++++++ .../systest/sts/custom_onbehalfof/DoubleIt.wsdl | 4 +- .../sts/custom_onbehalfof/cxf-client.xml | 42 +++++++++------- .../sts/custom_onbehalfof/cxf-service.xml | 15 +++++- 7 files changed, 213 insertions(+), 26 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/43203821/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/CustomOnBehalfOfTest.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/CustomOnBehalfOfTest.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/CustomOnBehalfOfTest.java index 7844e83..3fccdae 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/CustomOnBehalfOfTest.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/CustomOnBehalfOfTest.java @@ -34,12 +34,14 @@ import org.example.contract.doubleit.DoubleItPortType; import org.junit.BeforeClass; /** - * In this test case, a CXF client requests a Security Token from an STS, passing a username that + * In these test cases, a CXF client requests a Security Token from an STS, passing a username that * it has obtained from an unknown client as an "OnBehalfOf" element. This username is obtained * by parsing the SecurityConstants.USERNAME property. The client then invokes on the service - * provider using the returned (custom BinarySecurityToken) token from the STS. The service - * provider dispatches the received BinarySecurityToken to the STS for validation, and receives - * a transformed SAML Token in response. + * provider using the returned (custom BinarySecurityToken) token from the STS. + * + * In the first test-case, the service provider dispatches the received BinarySecurityToken to the STS + * for validation, and receives a transformed SAML Token in response. In the second test-case, the + * service just validates the Token locally. */ public class CustomOnBehalfOfTest extends AbstractBusClientServerTestBase { @@ -73,7 +75,7 @@ public class CustomOnBehalfOfTest extends AbstractBusClientServerTestBase { } @org.junit.Test - public void testUsernameOnBehalfOf() throws Exception { + public void testUsernameOnBehalfOfSTS() throws Exception { SpringBusFactory bf = new SpringBusFactory(); URL busFile = CustomOnBehalfOfTest.class.getResource("cxf-client.xml"); @@ -98,6 +100,32 @@ public class CustomOnBehalfOfTest extends AbstractBusClientServerTestBase { bus.shutdown(true); } + @org.junit.Test + public void testUsernameOnBehalfOfLocal() throws Exception { + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = CustomOnBehalfOfTest.class.getResource("cxf-client.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + URL wsdl = CustomOnBehalfOfTest.class.getResource("DoubleIt.wsdl"); + Service service = Service.create(wsdl, SERVICE_QNAME); + QName portQName = new QName(NAMESPACE, "DoubleItTransportCustomBSTLocalPort"); + DoubleItPortType transportPort = + service.getPort(portQName, DoubleItPortType.class); + updateAddressPort(transportPort, PORT); + + // Transport port + ((BindingProvider)transportPort).getRequestContext().put( + SecurityConstants.USERNAME, "alice" + ); + doubleIt(transportPort, 25); + + ((java.io.Closeable)transportPort).close(); + bus.shutdown(true); + } + private static void doubleIt(DoubleItPortType port, int numToDouble) { int resp = port.doubleIt(numToDouble); assertEquals(numToDouble * 2, resp); http://git-wip-us.apache.org/repos/asf/cxf/blob/43203821/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/LocalBSTTokenValidator.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/LocalBSTTokenValidator.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/LocalBSTTokenValidator.java new file mode 100644 index 0000000..b673ffa --- /dev/null +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/LocalBSTTokenValidator.java @@ -0,0 +1,38 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.systest.sts.custom_onbehalfof; + +import org.apache.wss4j.common.ext.WSSecurityException; +import org.apache.wss4j.common.principal.CustomTokenPrincipal; +import org.apache.wss4j.dom.handler.RequestData; +import org.apache.wss4j.dom.validate.Credential; +import org.apache.wss4j.dom.validate.Validator; + +/** + * This class just mocks a local validation of a custom BinarySecurityToken + */ +public class LocalBSTTokenValidator implements Validator { + + public Credential validate(Credential credential, RequestData data) throws WSSecurityException { + Credential validatedCredential = credential; + validatedCredential.setPrincipal(new CustomTokenPrincipal("Custom")); + return validatedCredential; + } + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/43203821/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/LocalDoubleItPortTypeImpl.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/LocalDoubleItPortTypeImpl.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/LocalDoubleItPortTypeImpl.java new file mode 100644 index 0000000..295ea75 --- /dev/null +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/LocalDoubleItPortTypeImpl.java @@ -0,0 +1,51 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.systest.sts.custom_onbehalfof; + +import java.security.Principal; + +import javax.annotation.Resource; +import javax.jws.WebService; +import javax.xml.ws.WebServiceContext; + +import org.apache.cxf.feature.Features; +import org.example.contract.doubleit.DoubleItPortType; +import org.junit.Assert; + +@WebService(targetNamespace = "http://www.example.org/contract/DoubleIt";, + serviceName = "DoubleItService", + endpointInterface = "org.example.contract.doubleit.DoubleItPortType") +@Features(features = "org.apache.cxf.feature.LoggingFeature") +public class LocalDoubleItPortTypeImpl implements DoubleItPortType { + + @Resource + WebServiceContext wsContext; + + public int doubleIt(int numberToDouble) { + Principal pr = wsContext.getUserPrincipal(); + + Assert.assertNotNull("Principal must not be null", pr); + Assert.assertNotNull("Principal.getName() must not return null", pr.getName()); + + Assert.assertTrue(pr.getName().contains("Custom")); + + return numberToDouble * 2; + } + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/43203821/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/SAMLDoubleItPortTypeImpl.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/SAMLDoubleItPortTypeImpl.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/SAMLDoubleItPortTypeImpl.java new file mode 100644 index 0000000..d9fca2a --- /dev/null +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/SAMLDoubleItPortTypeImpl.java @@ -0,0 +1,51 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.systest.sts.custom_onbehalfof; + +import java.security.Principal; + +import javax.annotation.Resource; +import javax.jws.WebService; +import javax.xml.ws.WebServiceContext; + +import org.apache.cxf.feature.Features; +import org.example.contract.doubleit.DoubleItPortType; +import org.junit.Assert; + +@WebService(targetNamespace = "http://www.example.org/contract/DoubleIt";, + serviceName = "DoubleItService", + endpointInterface = "org.example.contract.doubleit.DoubleItPortType") +@Features(features = "org.apache.cxf.feature.LoggingFeature") +public class SAMLDoubleItPortTypeImpl implements DoubleItPortType { + + @Resource + WebServiceContext wsContext; + + public int doubleIt(int numberToDouble) { + Principal pr = wsContext.getUserPrincipal(); + + Assert.assertNotNull("Principal must not be null", pr); + Assert.assertNotNull("Principal.getName() must not return null", pr.getName()); + + Assert.assertTrue(pr.getName().contains("alice")); + + return numberToDouble * 2; + } + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/43203821/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom_onbehalfof/DoubleIt.wsdl ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom_onbehalfof/DoubleIt.wsdl b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom_onbehalfof/DoubleIt.wsdl index e75b972..e3768f2 100644 --- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom_onbehalfof/DoubleIt.wsdl +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom_onbehalfof/DoubleIt.wsdl @@ -38,6 +38,9 @@ <wsdl:port name="DoubleItTransportCustomBSTPort" binding="tns:DoubleItTransportBSTBinding"> <soap:address location="https://localhost:8081/doubleit/services/doubleittransportcustombst"/> </wsdl:port> + <wsdl:port name="DoubleItTransportCustomBSTLocalPort" binding="tns:DoubleItTransportBSTBinding"> + <soap:address location="https://localhost:8081/doubleit/services/doubleittransportcustombstlocal"/> + </wsdl:port> </wsdl:service> <wsp:Policy wsu:Id="DoubleItBindingTransportBSTPolicy"> <wsp:ExactlyOne> @@ -72,7 +75,6 @@ <sp:IssuedToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";> <sp:RequestSecurityTokenTemplate> <t:TokenType>http://custom.apache.org/token</t:TokenType> - <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</t:KeyType> </sp:RequestSecurityTokenTemplate> <wsp:Policy> <sp:RequireInternalReference/> http://git-wip-us.apache.org/repos/asf/cxf/blob/43203821/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom_onbehalfof/cxf-client.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom_onbehalfof/cxf-client.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom_onbehalfof/cxf-client.xml index ce57506..2cca10f 100644 --- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom_onbehalfof/cxf-client.xml +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom_onbehalfof/cxf-client.xml @@ -25,28 +25,34 @@ </cxf:features> </cxf:bus> <bean id="delegationCallbackHandler" class="org.apache.cxf.ws.security.trust.delegation.WSSUsernameCallbackHandler"/> + <bean id="stsClient" class="org.apache.cxf.ws.security.trust.STSClient"> + <constructor-arg ref="cxf"/> + <property name="wsdlLocation" value="https://localhost:${testutil.ports.custom_onbehalfof.STSServer}/SecurityTokenService/Transport?wsdl"/> + <property name="serviceName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"/> + <property name="endpointName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port"/> + <property name="onBehalfOf" ref="delegationCallbackHandler"/> + <property name="properties"> + <map> + <entry key="security.username" value="alice"/> + <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/> + <entry key="security.sts.token.username" value="myclientkey"/> + <entry key="security.sts.token.properties" value="clientKeystore.properties"/> + <entry key="security.sts.token.usecert" value="true"/> + </map> + </property> + </bean> + <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportCustomBSTPort"; createdFromAPI="true"> <jaxws:properties> - <entry key="security.sts.client"> - <bean class="org.apache.cxf.ws.security.trust.STSClient"> - <constructor-arg ref="cxf"/> - <property name="wsdlLocation" value="https://localhost:${testutil.ports.custom_onbehalfof.STSServer}/SecurityTokenService/Transport?wsdl"/> - <property name="serviceName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"/> - <property name="endpointName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port"/> - <property name="onBehalfOf" ref="delegationCallbackHandler"/> - <property name="properties"> - <map> - <entry key="security.username" value="alice"/> - <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/> - <entry key="security.sts.token.username" value="myclientkey"/> - <entry key="security.sts.token.properties" value="clientKeystore.properties"/> - <entry key="security.sts.token.usecert" value="true"/> - </map> - </property> - </bean> - </entry> + <entry key="security.sts.client" value-ref="stsClient"/> </jaxws:properties> </jaxws:client> + <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportCustomBSTLocalPort"; createdFromAPI="true"> + <jaxws:properties> + <entry key="security.sts.client" value-ref="stsClient"/> + </jaxws:properties> + </jaxws:client> + <http:conduit name="https://localhost:.*";> <http:tlsClientParameters disableCNCheck="true"> <sec:keyManagers keyPassword="ckpass"> http://git-wip-us.apache.org/repos/asf/cxf/blob/43203821/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom_onbehalfof/cxf-service.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom_onbehalfof/cxf-service.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom_onbehalfof/cxf-service.xml index b136cf4..e67da07 100644 --- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom_onbehalfof/cxf-service.xml +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom_onbehalfof/cxf-service.xml @@ -19,7 +19,7 @@ --> <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:cxf="http://cxf.apache.org/core"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:sec="http://cxf.apache.org/configuration/security"; xmlns:http="http://cxf.apache.org/transports/http/configuration"; xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"; xmlns:jaxws="http://cxf.apache.org/jaxws"; xsi:schemaLocation=" http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd";> <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> - <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt"; id="doubleittransportbst" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportCustomBSTPort" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.custom_onbehalfof.Server}/doubleit/services/doubleittransportcustombst"; wsdlLocation="org/apache/cxf/systest/sts/custom_onbehalfof/DoubleIt.wsdl"> + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt"; id="doubleittransportbst" implementor="org.apache.cxf.systest.sts.custom_onbehalfof.SAMLDoubleItPortTypeImpl" endpointName="s:DoubleItTransportCustomBSTPort" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.custom_onbehalfof.Server}/doubleit/services/doubleittransportcustombst"; wsdlLocation="org/apache/cxf/systest/sts/custom_onbehalfof/DoubleIt.wsdl"> <jaxws:properties> <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/> <entry key="security.signature.properties" value="serviceKeystore.properties"/> @@ -43,6 +43,17 @@ </entry> </jaxws:properties> </jaxws:endpoint> + + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt"; id="doubleittransportbstlocal" implementor="org.apache.cxf.systest.sts.custom_onbehalfof.LocalDoubleItPortTypeImpl" endpointName="s:DoubleItTransportCustomBSTLocalPort" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.custom_onbehalfof.Server}/doubleit/services/doubleittransportcustombstlocal"; wsdlLocation="org/apache/cxf/systest/sts/custom_onbehalfof/DoubleIt.wsdl"> + <jaxws:properties> + <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/> + <entry key="security.signature.properties" value="serviceKeystore.properties"/> + <entry key="ws-security.bst.validator"> + <bean class="org.apache.cxf.systest.sts.custom_onbehalfof.LocalBSTTokenValidator"/> + </entry> + </jaxws:properties> + </jaxws:endpoint> + <httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf"> <httpj:engine port="${testutil.ports.custom_onbehalfof.Server}"> <httpj:tlsServerParameters> @@ -52,7 +63,7 @@ <sec:trustManagers> <sec:keyStore type="jks" password="stsspass" resource="keys/stsstore.jks"/> </sec:trustManagers> - <sec:clientAuthentication want="true" required="true"/> + <sec:clientAuthentication want="true" required="false"/> </httpj:tlsServerParameters> </httpj:engine> </httpj:engine-factory>
