cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From veit...@apache.org
Subject svn commit: r932716 - in /cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test: java/org/apache/cxf/systest/security/ resources/security_spring_url_based_auth_jaxrs/ resources/security_spring_url_based_auth_jaxrs/WEB-INF/
Date Sat, 10 Apr 2010 13:13:37 GMT
Author: veithen
Date: Sat Apr 10 13:13:36 2010
New Revision: 932716

URL: http://svn.apache.org/viewvc?rev=932716&view=rev
Log:
Added a systest for URL based authentication with Spring Security and JAX-RS (using HTTP session
to store the authentication token).

Added:
    cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/LoginService.java
  (with props)
    cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/SpringUrlBasedAuthJaxrsTest.java
  (with props)
    cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_url_based_auth_jaxrs/
    cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_url_based_auth_jaxrs/WEB-INF/
    cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_url_based_auth_jaxrs/WEB-INF/beans.xml
  (with props)
    cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_url_based_auth_jaxrs/WEB-INF/web.xml
  (with props)

Added: cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/LoginService.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/LoginService.java?rev=932716&view=auto
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/LoginService.java
(added)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/LoginService.java
Sat Apr 10 13:13:36 2010
@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.security;
+
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+
+import org.springframework.security.Authentication;
+import org.springframework.security.AuthenticationException;
+import org.springframework.security.AuthenticationManager;
+import org.springframework.security.context.SecurityContextHolder;
+import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
+
+@Path("/login")
+public class LoginService {
+    private AuthenticationManager authenticationManager;
+    
+    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
+        this.authenticationManager = authenticationManager;
+    }
+
+    @GET
+    @Produces("text/plain")
+    public String login(@QueryParam("user") String user, @QueryParam("password") String password)
{
+        Authentication authentication = new UsernamePasswordAuthenticationToken(user, password);
+        try {
+            SecurityContextHolder.getContext().setAuthentication(
+                    authenticationManager.authenticate(authentication));
+            return "OK";
+        } catch (AuthenticationException ex) {
+            return "FAILED: " + ex.getMessage();
+        }
+    }
+}

Propchange: cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/LoginService.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/SpringUrlBasedAuthJaxrsTest.java
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/SpringUrlBasedAuthJaxrsTest.java?rev=932716&view=auto
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/SpringUrlBasedAuthJaxrsTest.java
(added)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/SpringUrlBasedAuthJaxrsTest.java
Sat Apr 10 13:13:36 2010
@@ -0,0 +1,77 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.security;
+
+import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.cxf.testutil.common.AbstractClientServerTestBase;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+/**
+ * Systest for URL based authentication with JAX-RS. Scenario:
+ * <ul>
+ * <li>Authentication is handled in a JAX-RS resource (see {@link LoginService}).
+ * <li>The Spring Security servlet filters are used to store the authentication
+ * token in the HTTP session and retrieve it during subsequent requests.
+ * <li>Method security is used to protect access to resources.
+ * </ul>
+ * This scenario is supported out of the box by Spring Security and CXF and
+ * doesn't need any additional integration.
+ */
+public class SpringUrlBasedAuthJaxrsTest extends AbstractClientServerTestBase {
+    public static class SpringServer extends AbstractSpringServer {
+        public SpringServer() {
+            super("/security_spring_url_based_auth_jaxrs");
+        }
+        
+        public static void main(String args[]) {
+            try {
+                SpringServer s = new SpringServer();
+                s.start();
+            } catch (Exception ex) {
+                ex.printStackTrace();
+                System.exit(-1);
+            } finally {
+                System.out.println("done!");
+            }
+        }
+    }
+    
+    @BeforeClass
+    public static void beforeClass() throws Exception {
+        assertTrue(launchServer(SpringServer.class));
+    }
+    
+    @Test
+    public void testUnauthenticated() {
+        WebClient client = WebClient.create("http://localhost:9080/greeting");
+        assertEquals(500, client.accept("text/plain").get().getStatus());
+    }
+    
+//    @Test
+    // TODO: this doesn't work yet because WebClient doesn't support cookies;
+    //       need to rewrite this with Apache HttpClient
+    public void testAuthenticated() {
+        WebClient client = WebClient.create("http://localhost:9080/");
+        client.path("/login").query("user", "joe").query("password", "password").accept("text/plain");
+        assertEquals("OK", client.get(String.class));
+        client.back(true);
+        assertTrue(client.path("/greeting").accept("text/plain").get(String.class).contains("joe"));
+    }
+}

Propchange: cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/java/org/apache/cxf/systest/security/SpringUrlBasedAuthJaxrsTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_url_based_auth_jaxrs/WEB-INF/beans.xml
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_url_based_auth_jaxrs/WEB-INF/beans.xml?rev=932716&view=auto
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_url_based_auth_jaxrs/WEB-INF/beans.xml
(added)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_url_based_auth_jaxrs/WEB-INF/beans.xml
Sat Apr 10 13:13:36 2010
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+  
+  http://www.apache.org/licenses/LICENSE-2.0
+  
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns:security="http://www.springframework.org/schema/security"
+       xmlns:jaxrs="http://cxf.apache.org/jaxrs"
+       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+                           http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd
+                           http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd">
+
+    <import resource="classpath:META-INF/cxf/cxf.xml"/>
+    <import resource="classpath*:META-INF/cxf/cxf-*.xml"/>
+    <import resource="classpath:META-INF/cxf/cxf-servlet.xml"/>
+
+    <security:global-method-security secured-annotations="enabled"/>
+    
+    <security:authentication-provider>
+        <security:user-service>
+            <security:user name="joe" password="password" authorities="ROLE_USER"/>
+            <security:user name="bob" password="password" authorities="ROLE_USER"/>
+        </security:user-service>
+    </security:authentication-provider>
+
+    <security:authentication-manager alias="authenticationManager"/>
+    
+    <bean id="springSecurityFilterChain" class="org.springframework.security.util.FilterChainProxy">
+        <security:filter-chain-map path-type="ant">
+            <security:filter-chain filters="httpSessionContextIntegrationFilter,securityContextHolderAwareRequestFilter"
pattern="/**"/>
+        </security:filter-chain-map>
+    </bean>
+    
+    <!-- HttpSessionContextIntegrationFilter will store the authentication token in the
HTTP session and
+         retrieve it during subsequent requests -->
+    <bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSessionContextIntegrationFilter">
+        <!-- If forceEagerSessionCreation is not set to true, then no cookie will be returned
by /login,
+             probably because CXF flushes the response before the filter stores the authentication
token
+             in the session -->
+        <property name="forceEagerSessionCreation" value="true"/>
+    </bean>
+    
+    <!-- We need this filter to support javax.ws.rs.core.SecurityContext -->
+    <bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter">
+        <property name="wrapperClass" value="org.springframework.security.wrapper.SecurityContextHolderAwareRequestWrapper"/>
+    </bean>
+    
+    <jaxrs:server address="/">
+        <jaxrs:serviceBeans>
+            <bean class="org.apache.cxf.systest.security.LoginService">
+                <property name="authenticationManager" ref="authenticationManager"/>
+            </bean>
+            <bean class="org.apache.cxf.systest.security.GreeterService"/>
+        </jaxrs:serviceBeans>
+    </jaxrs:server>
+</beans>

Propchange: cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_url_based_auth_jaxrs/WEB-INF/beans.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Added: cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_url_based_auth_jaxrs/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_url_based_auth_jaxrs/WEB-INF/web.xml?rev=932716&view=auto
==============================================================================
--- cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_url_based_auth_jaxrs/WEB-INF/web.xml
(added)
+++ cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_url_based_auth_jaxrs/WEB-INF/web.xml
Sat Apr 10 13:13:36 2010
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE web-app
+    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
+    "http://java.sun.com/dtd/web-app_2_3.dtd">
+<!--
+	Licensed to the Apache Software Foundation (ASF) under one
+	or more contributor license agreements. See the NOTICE file
+	distributed with this work for additional information
+	regarding copyright ownership. The ASF licenses this file
+	to you under the Apache License, Version 2.0 (the
+	"License"); you may not use this file except in compliance
+	with the License. You may obtain a copy of the License at
+	
+	http://www.apache.org/licenses/LICENSE-2.0
+	
+	Unless required by applicable law or agreed to in writing,
+	software distributed under the License is distributed on an
+	"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+	KIND, either express or implied. See the License for the
+	specific language governing permissions and limitations
+	under the License.
+-->
+<!-- START SNIPPET: webxml -->
+<web-app>
+	<context-param>
+		<param-name>contextConfigLocation</param-name>
+		<param-value>WEB-INF/beans.xml</param-value>
+	</context-param>
+
+	<listener>
+		<listener-class>
+			org.springframework.web.context.ContextLoaderListener
+		</listener-class>
+	</listener>
+
+    <filter>
+      <filter-name>springSecurityFilterChain</filter-name>
+      <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+    </filter>
+  
+    <filter-mapping>
+      <filter-name>springSecurityFilterChain</filter-name>
+      <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
+	<servlet>
+		<servlet-name>CXFServlet</servlet-name>
+		<display-name>CXF Servlet</display-name>
+		<servlet-class>
+			org.apache.cxf.transport.servlet.CXFServlet
+		</servlet-class>
+		<load-on-startup>1</load-on-startup>
+	</servlet>
+
+	<servlet-mapping>
+		<servlet-name>CXFServlet</servlet-name>
+		<url-pattern>/*</url-pattern>
+	</servlet-mapping>
+</web-app>
+<!-- END SNIPPET: webxml -->

Propchange: cxf/sandbox/veithen/cxf-spring-security/cxf-systests-spring-security/src/test/resources/security_spring_url_based_auth_jaxrs/WEB-INF/web.xml
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message