This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git


The following commit(s) were added to refs/heads/master by this push:
     new 46984c3  FEDIZ-224 - Adding SAML SSO Spring system tests
46984c3 is described below

commit 46984c3d10d218eea6f5c40f381e7303aec9ce33
Author: Colm O hEigeartaigh <cohei...@apache.org>
AuthorDate: Mon Aug 27 12:57:55 2018 +0100

    FEDIZ-224 - Adding SAML SSO Spring system tests
---
 systests/samlsso/pom.xml                           |  28 ++++
 .../cxf/fediz/systests/samlsso/SpringTest.java     | 183 +++++++++++++++++++++
 .../samlsso/src/test/resources/fediz_config.xml    |  36 ++++
 .../src/test/resources/realma/entities-realma.xml  |  34 ++++
 4 files changed, 281 insertions(+)

diff --git a/systests/samlsso/pom.xml b/systests/samlsso/pom.xml
index 08eb8b3..ccd3e06 100644
--- a/systests/samlsso/pom.xml
+++ b/systests/samlsso/pom.xml
@@ -86,6 +86,24 @@
 
     </dependencies>
     <build>
+         <testResources>
+            <testResource>
+                <directory>src/test/resources</directory>
+                <filtering>true</filtering>
+                <includes>
+                    <include>**/*.xml</include>
+                </includes>
+            </testResource>
+            <testResource>
+                <directory>src/test/resources</directory>
+                <filtering>false</filtering>
+                <includes>
+                    <include>**/*.jks</include>
+                    <include>**/*.cert</include>
+                    <include>**/*.properties</include>
+                </includes>
+            </testResource>
+        </testResources>
         <plugins>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
@@ -101,6 +119,7 @@
                             <portNames>
                                 <portName>idp.https.port</portName>
                                 <portName>rp.https.port</portName>
+                                <portName>rp.spring.https.port</portName>
                             </portNames>
                         </configuration>
                     </execution>
@@ -152,6 +171,14 @@
                                     
<outputDirectory>target/test-classes</outputDirectory>
                                     <includes>**/*.jks</includes>
                                 </artifactItem>
+                                <artifactItem>
+                                    
<groupId>org.apache.cxf.fediz.systests.webapps</groupId>
+                                    
<artifactId>fediz-systests-webapps-spring</artifactId>
+                                    <version>${project.version}</version>
+                                    <type>war</type>
+                                    <overWrite>true</overWrite>
+                                    
<outputDirectory>target/tomcat/rp/webapps/fediz-systests-webapps-spring</outputDirectory>
+                                </artifactItem>
                             </artifactItems>
                             
<outputAbsoluteArtifactFilename>true</outputAbsoluteArtifactFilename>
                             <overWriteSnapshots>true</overWriteSnapshots>
@@ -202,6 +229,7 @@
                                 <wt.headless>true</wt.headless>
                                 
<idp.https.port>${idp.https.port}</idp.https.port>
                                 <rp.https.port>${rp.https.port}</rp.https.port>
+                                
<rp.spring.https.port>${rp.spring.https.port}</rp.spring.https.port>
                                 
<java.util.logging.config.file>${basedir}/target/test-classes/logging.properties</java.util.logging.config.file>
                             </systemPropertyVariables>
                             <includes>
diff --git 
a/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/SpringTest.java
 
b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/SpringTest.java
new file mode 100644
index 0000000..4a6458c
--- /dev/null
+++ 
b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/samlsso/SpringTest.java
@@ -0,0 +1,183 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.systests.samlsso;
+
+import java.io.File;
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+
+import org.apache.catalina.LifecycleException;
+import org.apache.catalina.LifecycleState;
+import org.apache.catalina.connector.Connector;
+import org.apache.catalina.startup.Tomcat;
+import org.apache.cxf.fediz.systests.common.AbstractTests;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Ignore;
+
+/**
+ * Some tests for SAML SSO with the Spring (4) plugin, invoking on the Fediz 
IdP configured for SAML SSO.
+ */
+public class SpringTest extends AbstractTests {
+
+    static String idpHttpsPort;
+    static String rpHttpsPort;
+
+    private static Tomcat idpServer;
+    private static Tomcat rpServer;
+
+    @BeforeClass
+    public static void init() throws Exception {
+        System.setProperty("org.apache.commons.logging.Log", 
"org.apache.commons.logging.impl.SimpleLog");
+
+        
System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true");
+
+        
System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", 
"debug");
+
+        
System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient",
 "debug");
+
+        idpHttpsPort = System.getProperty("idp.https.port");
+        Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
+        rpHttpsPort = System.getProperty("rp.spring.https.port");
+        Assert.assertNotNull("Property 'rp.spring.https.port' null", 
rpHttpsPort);
+
+        idpServer = startServer(true, idpHttpsPort);
+        rpServer = startServer(false, rpHttpsPort);
+    }
+
+    @AfterClass
+    public static void cleanup() {
+        shutdownServer(idpServer);
+        shutdownServer(rpServer);
+    }
+
+    private static void shutdownServer(Tomcat server) {
+        try {
+            if (server != null && server.getServer() != null
+                && server.getServer().getState() != LifecycleState.DESTROYED) {
+                if (server.getServer().getState() != LifecycleState.STOPPED) {
+                    server.stop();
+                }
+                server.destroy();
+            }
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+
+    private static Tomcat startServer(boolean idp, String port)
+        throws ServletException, LifecycleException, IOException {
+        Tomcat server = new Tomcat();
+        server.setPort(0);
+        String currentDir = new File(".").getCanonicalPath();
+        String baseDir = currentDir + File.separator + "target";
+        server.setBaseDir(baseDir);
+
+        if (idp) {
+            server.getHost().setAppBase("tomcat/idp/webapps");
+        } else {
+            server.getHost().setAppBase("tomcat/rp/webapps");
+        }
+        server.getHost().setAutoDeploy(true);
+        server.getHost().setDeployOnStartup(true);
+
+        Connector httpsConnector = new Connector();
+        httpsConnector.setPort(Integer.parseInt(port));
+        httpsConnector.setSecure(true);
+        httpsConnector.setScheme("https");
+        httpsConnector.setAttribute("keyAlias", "mytomidpkey");
+        httpsConnector.setAttribute("keystorePass", "tompass");
+        httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
+        httpsConnector.setAttribute("truststorePass", "tompass");
+        httpsConnector.setAttribute("truststoreFile", 
"test-classes/server.jks");
+        httpsConnector.setAttribute("clientAuth", "want");
+        // httpsConnector.setAttribute("clientAuth", "false");
+        httpsConnector.setAttribute("sslProtocol", "TLS");
+        httpsConnector.setAttribute("SSLEnabled", true);
+
+        server.getService().addConnector(httpsConnector);
+
+        if (idp) {
+            File stsWebapp = new File(baseDir + File.separator + 
server.getHost().getAppBase(), "fediz-idp-sts");
+            server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
+
+            File idpWebapp = new File(baseDir + File.separator + 
server.getHost().getAppBase(), "fediz-idp");
+            server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
+        } else {
+            File rpWebapp = new File(baseDir + File.separator + 
server.getHost().getAppBase(),
+                                     "fediz-systests-webapps-spring");
+            server.addWebapp("/fedizhelloworldspring", 
rpWebapp.getAbsolutePath());
+        }
+
+        server.start();
+
+        return server;
+    }
+
+    @Override
+    public String getIdpHttpsPort() {
+        return idpHttpsPort;
+    }
+
+    @Override
+    public String getRpHttpsPort() {
+        return rpHttpsPort;
+    }
+
+    @Override
+    public String getServletContextName() {
+        return "fedizhelloworldspring";
+    }
+
+    @Override
+    protected boolean isWSFederation() {
+        return false;
+    }
+
+    @Ignore("This tests is currently failing on Spring")
+    @Override
+    public void testConcurrentRequests() throws Exception {
+        // super.testConcurrentRequests();
+    }
+
+    @Ignore("This tests is currently failing on Spring")
+    public void testRPLogout() throws Exception {
+        //
+    }
+
+    @Override
+    @org.junit.Test
+    public void testCSRFAttack() throws Exception {
+        String url = "https://localhost:"; + getRpHttpsPort() + "/" + 
getServletContextName()
+            + "/j_spring_fediz_security_check";
+        csrfAttackTest(url);
+    }
+
+    @Override
+    @org.junit.Test
+    public void testCSRFAttack2() throws Exception {
+        String url = "https://localhost:"; + getRpHttpsPort() + "/" + 
getServletContextName()
+            + "/j_spring_fediz_security_check";
+        csrfAttackTest2(url);
+    }
+
+}
diff --git a/systests/samlsso/src/test/resources/fediz_config.xml 
b/systests/samlsso/src/test/resources/fediz_config.xml
index 232ee80..c0f7da2 100644
--- a/systests/samlsso/src/test/resources/fediz_config.xml
+++ b/systests/samlsso/src/test/resources/fediz_config.xml
@@ -57,5 +57,41 @@
         <logoutURL>/secure/logout</logoutURL>
         <logoutRedirectTo>/index.html</logoutRedirectTo>
     </contextConfig>
+    <contextConfig name="/fedizhelloworldspring">
+               <audienceUris>
+                       
<audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
+               </audienceUris>
+               <certificateStores>
+                       <trustManager>
+                               <keyStore file="test-classes/clienttrust.jks" 
password="storepass" type="JKS" />
+                       </trustManager>
+               </certificateStores>
+               <trustedIssuers>
+                       <issuer certificateValidation="PeerTrust" />
+               </trustedIssuers>
+               <maximumClockSkew>1000</maximumClockSkew>
+               <signingKey keyAlias="realma" keyPassword="realma">
+            <keyStore file="test-classes/stsrealm_a.jks" password="storepass" 
type="JKS" />
+        </signingKey>
+               <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+                       xsi:type="samlProtocolType" version="1.0.0">
+                       
<realm>urn:org:apache:cxf:fediz:fedizhelloworldspring</realm>
+            <signRequest>true</signRequest>
+            <issuer>https://localhost:${idp.https.port}/fediz-idp/saml</issuer>
+                       <roleDelimiter>,</roleDelimiter>
+                       
<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+            <reply>/j_spring_fediz_security_check</reply>
+            <disableDeflateEncoding>true</disableDeflateEncoding>
+                       <homeRealm 
type="String">urn:org:apache:cxf:fediz:idp:realm-A</homeRealm>
+                       <claimTypesRequested>
+                               <claimType 
type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; 
optional="false" />
+                               <claimType 
type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; 
optional="true" />
+                               <claimType 
type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; 
optional="true" />
+                               <claimType 
type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; 
optional="true" />
+                       </claimTypesRequested>
+               </protocol>
+        <logoutURL>/secure/logout</logoutURL>
+        <logoutRedirectTo>/index.html</logoutRedirectTo>
+       </contextConfig>
 </FedizConfig>
 
diff --git a/systests/samlsso/src/test/resources/realma/entities-realma.xml 
b/systests/samlsso/src/test/resources/realma/entities-realma.xml
index 8d9623b..9989758 100644
--- a/systests/samlsso/src/test/resources/realma/entities-realma.xml
+++ b/systests/samlsso/src/test/resources/realma/entities-realma.xml
@@ -118,6 +118,7 @@
         <property name="applications">
             <util:list>
                 <ref bean="srv-fedizhelloworld" />
+                <ref bean="srv-spring-fedizhelloworld" />
             </util:list>
         </property>
         <!--
@@ -164,6 +165,18 @@
         <property name="validatingCertificate" value="realma.cert" />
     </bean>
     
+     <bean id="srv-spring-fedizhelloworld" 
class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationEntity">
+        <property name="realm" 
value="urn:org:apache:cxf:fediz:fedizhelloworldspring" />
+        <property name="protocol" 
value="urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser" />
+        <property name="serviceDisplayName" value="Fedizhelloworld" />
+        <property name="serviceDescription" value="Web Application to 
illustrate SAML SSO" />
+        <property name="role" value="ApplicationServiceType" />
+        <property name="tokenType" 
value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
 />
+        <property name="lifeTime" value="3600" />
+        <property name="passiveRequestorEndpointConstraint" 
value="https://localhost:?(\d)*/.*" />
+        <property name="validatingCertificate" value="realma.cert" />
+    </bean>
+    
     <bean 
class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
         <property name="application" ref="srv-fedizhelloworld" />
         <property name="claim" ref="claim_role" />
@@ -185,6 +198,27 @@
         <property name="optional" value="false" />
     </bean>
     
+    <bean 
class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
+        <property name="application" ref="srv-spring-fedizhelloworld" />
+        <property name="claim" ref="claim_role" />
+        <property name="optional" value="false" />
+    </bean>
+    <bean 
class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
+        <property name="application" ref="srv-spring-fedizhelloworld" />
+        <property name="claim" ref="claim_givenname" />
+        <property name="optional" value="false" />
+    </bean>
+    <bean 
class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
+        <property name="application" ref="srv-spring-fedizhelloworld" />
+        <property name="claim" ref="claim_surname" />
+        <property name="optional" value="false" />
+    </bean>
+    <bean 
class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">
+        <property name="application" ref="srv-spring-fedizhelloworld" />
+        <property name="claim" ref="claim_email" />
+        <property name="optional" value="false" />
+    </bean>
+    
     <bean id="claim_role"
         class="org.apache.cxf.fediz.service.idp.service.jpa.ClaimEntity">
         <property name="claimType"

Reply via email to