cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [3/3] git commit: Adding some unit tests for the SAMLUtils methods
Date Thu, 13 Mar 2014 15:42:21 GMT
Adding some unit tests for the SAMLUtils methods


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/760e4bd3
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/760e4bd3
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/760e4bd3

Branch: refs/heads/master
Commit: 760e4bd32b9dceedd664bd9f0a11422ffe3a4107
Parents: 2c0d2a8
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Mar 13 15:40:59 2014 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Mar 13 15:42:11 2014 +0000

----------------------------------------------------------------------
 .../cxf/rt/security/saml/SAMLClaimsTest.java    | 212 +++++++++++++++++++
 .../rt/security/saml/SamlCallbackHandler.java   |  99 +++++++++
 2 files changed, 311 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/760e4bd3/rt/security/src/test/java/org/apache/cxf/rt/security/saml/SAMLClaimsTest.java
----------------------------------------------------------------------
diff --git a/rt/security/src/test/java/org/apache/cxf/rt/security/saml/SAMLClaimsTest.java
b/rt/security/src/test/java/org/apache/cxf/rt/security/saml/SAMLClaimsTest.java
new file mode 100644
index 0000000..7238deb
--- /dev/null
+++ b/rt/security/src/test/java/org/apache/cxf/rt/security/saml/SAMLClaimsTest.java
@@ -0,0 +1,212 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rt.security.saml;
+
+import java.net.URI;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Set;
+
+import org.w3c.dom.Document;
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.rt.security.claims.Claim;
+import org.apache.cxf.rt.security.claims.ClaimCollection;
+import org.apache.cxf.rt.security.claims.SAMLClaim;
+import org.apache.wss4j.common.saml.SAMLCallback;
+import org.apache.wss4j.common.saml.SAMLUtil;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.common.saml.bean.AttributeBean;
+import org.apache.wss4j.common.saml.builder.SAML2Constants;
+import org.junit.Assert;
+
+public class SAMLClaimsTest extends Assert {
+
+    @org.junit.Test
+    public void testSAML2Claims() throws Exception {
+        AttributeBean attributeBean = new AttributeBean();
+        attributeBean.setQualifiedName(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT);
+        attributeBean.setNameFormat(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
+        attributeBean.addAttributeValue("employee");
+        
+        SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler();
+        samlCallbackHandler.setAttributes(Collections.singletonList(attributeBean));
+        
+        // Create the SAML Assertion via the CallbackHandler
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
+        SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
+        
+        Document doc = DOMUtils.newDocument();
+        samlAssertion.toDOM(doc);
+        
+        ClaimCollection claims = SAMLUtils.getClaims(samlAssertion);
+        assertEquals(claims.getDialect().toString(),
+                "http://schemas.xmlsoap.org/ws/2005/05/identity");
+        assertEquals(1, claims.size());
+        
+        // Check Claim values
+        Claim claim = claims.get(0);
+        assertEquals(claim.getClaimType(), URI.create(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT));
+        assertEquals(1, claim.getValues().size());
+        assertTrue(claim.getValues().contains("employee"));
+        
+        // Check SAMLClaim values
+        assertTrue(claim instanceof SAMLClaim);
+        assertEquals(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT, ((SAMLClaim)claim).getName());
+        assertEquals(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED, ((SAMLClaim)claim).getNameFormat());
+        
+        // Check roles
+        Set<Principal> roles = 
+                SAMLUtils.parseRolesFromClaims(claims, 
+                        SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT, 
+                        SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
+        assertEquals(1, roles.size());
+        Principal p = roles.iterator().next();
+        assertEquals("employee", p.getName());
+    }
+    
+    @org.junit.Test
+    public void testSAML2MultipleRoles() throws Exception {
+        AttributeBean attributeBean = new AttributeBean();
+        attributeBean.setQualifiedName(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT);
+        attributeBean.setNameFormat(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
+        attributeBean.addAttributeValue("employee");
+        attributeBean.addAttributeValue("boss");
+        
+        SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler();
+        samlCallbackHandler.setAttributes(Collections.singletonList(attributeBean));
+        
+        // Create the SAML Assertion via the CallbackHandler
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
+        SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
+        
+        Document doc = DOMUtils.newDocument();
+        samlAssertion.toDOM(doc);
+        
+        ClaimCollection claims = SAMLUtils.getClaims(samlAssertion);
+        assertEquals(claims.getDialect().toString(),
+                "http://schemas.xmlsoap.org/ws/2005/05/identity");
+        assertEquals(1, claims.size());
+        
+        // Check Claim values
+        Claim claim = claims.get(0);
+        assertEquals(claim.getClaimType(), URI.create(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT));
+        assertEquals(2, claim.getValues().size());
+        assertTrue(claim.getValues().contains("employee"));
+        assertTrue(claim.getValues().contains("boss"));
+        
+        // Check SAMLClaim values
+        assertTrue(claim instanceof SAMLClaim);
+        assertEquals(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT, ((SAMLClaim)claim).getName());
+        assertEquals(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED, ((SAMLClaim)claim).getNameFormat());
+        
+        // Check roles
+        Set<Principal> roles = 
+                SAMLUtils.parseRolesFromClaims(claims, 
+                        SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT, 
+                        SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
+        assertEquals(2, roles.size());
+    }
+    
+    @org.junit.Test
+    public void testSAML2MultipleClaims() throws Exception {
+        AttributeBean attributeBean = new AttributeBean();
+        attributeBean.setQualifiedName(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT);
+        attributeBean.setNameFormat(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
+        attributeBean.addAttributeValue("employee");
+        
+        AttributeBean attributeBean2 = new AttributeBean();
+        attributeBean2.setQualifiedName(
+                "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname");
+        attributeBean2.setNameFormat(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
+        attributeBean2.addAttributeValue("smith");
+        
+        SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler();
+        List<AttributeBean> attributes = new ArrayList<AttributeBean>();
+        attributes.add(attributeBean);
+        attributes.add(attributeBean2);
+        samlCallbackHandler.setAttributes(attributes);
+        
+        // Create the SAML Assertion via the CallbackHandler
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
+        SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
+        
+        Document doc = DOMUtils.newDocument();
+        samlAssertion.toDOM(doc);
+        
+        ClaimCollection claims = SAMLUtils.getClaims(samlAssertion);
+        assertEquals(claims.getDialect().toString(),
+                "http://schemas.xmlsoap.org/ws/2005/05/identity");
+        assertEquals(2, claims.size());
+        
+        // Check roles
+        Set<Principal> roles = 
+                SAMLUtils.parseRolesFromClaims(claims, 
+                        SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT, 
+                        SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
+        assertEquals(1, roles.size());
+        Principal p = roles.iterator().next();
+        assertEquals("employee", p.getName());
+    }
+    
+    @org.junit.Test
+    public void testSAML1Claims() throws Exception {
+        AttributeBean attributeBean = new AttributeBean();
+        attributeBean.setSimpleName("role");
+        attributeBean.setQualifiedName("http://schemas.xmlsoap.org/ws/2005/05/identity/claims");
+        attributeBean.addAttributeValue("employee");
+        
+        SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(false);
+        samlCallbackHandler.setAttributes(Collections.singletonList(attributeBean));
+        
+        // Create the SAML Assertion via the CallbackHandler
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
+        SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
+        
+        Document doc = DOMUtils.newDocument();
+        samlAssertion.toDOM(doc);
+        
+        ClaimCollection claims = SAMLUtils.getClaims(samlAssertion);
+        assertEquals(claims.getDialect().toString(),
+                "http://schemas.xmlsoap.org/ws/2005/05/identity");
+        assertEquals(1, claims.size());
+        
+        // Check Claim values
+        Claim claim = claims.get(0);
+        assertEquals(claim.getClaimType(), URI.create(SAMLClaim.SAML_ROLE_ATTRIBUTENAME_DEFAULT));
+        assertEquals(1, claim.getValues().size());
+        assertTrue(claim.getValues().contains("employee"));
+        
+        // Check SAMLClaim values
+        assertTrue(claim instanceof SAMLClaim);
+        assertEquals("role", ((SAMLClaim)claim).getName());
+        
+        // Check roles
+        Set<Principal> roles = SAMLUtils.parseRolesFromClaims(claims, "role", null);
+        assertEquals(1, roles.size());
+        Principal p = roles.iterator().next();
+        assertEquals("employee", p.getName());
+        
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/760e4bd3/rt/security/src/test/java/org/apache/cxf/rt/security/saml/SamlCallbackHandler.java
----------------------------------------------------------------------
diff --git a/rt/security/src/test/java/org/apache/cxf/rt/security/saml/SamlCallbackHandler.java
b/rt/security/src/test/java/org/apache/cxf/rt/security/saml/SamlCallbackHandler.java
new file mode 100644
index 0000000..ba8220a
--- /dev/null
+++ b/rt/security/src/test/java/org/apache/cxf/rt/security/saml/SamlCallbackHandler.java
@@ -0,0 +1,99 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rt.security.saml;
+
+import java.io.IOException;
+import java.util.Collections;
+import java.util.List;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.wss4j.common.saml.SAMLCallback;
+import org.apache.wss4j.common.saml.bean.AttributeBean;
+import org.apache.wss4j.common.saml.bean.AttributeStatementBean;
+import org.apache.wss4j.common.saml.bean.SubjectBean;
+import org.apache.wss4j.common.saml.builder.SAML1Constants;
+import org.apache.wss4j.common.saml.builder.SAML2Constants;
+import org.opensaml.common.SAMLVersion;
+
+/**
+ * A CallbackHandler instance to mock up a SAML Attribute Assertion.
+ */
+public class SamlCallbackHandler implements CallbackHandler {
+    private boolean saml2 = true;
+    private String confirmationMethod = SAML2Constants.CONF_BEARER;
+    private List<AttributeBean> attributes;
+    
+    public SamlCallbackHandler() {
+        //
+    }
+    
+    public SamlCallbackHandler(boolean saml2) {
+        this.saml2 = saml2;
+    }
+    
+    public void setConfirmationMethod(String confirmationMethod) {
+        this.confirmationMethod = confirmationMethod;
+    }
+    
+    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
+        for (int i = 0; i < callbacks.length; i++) {
+            if (callbacks[i] instanceof SAMLCallback) {
+                SAMLCallback callback = (SAMLCallback) callbacks[i];
+                if (saml2) {
+                    callback.setSamlVersion(SAMLVersion.VERSION_20);
+                } else {
+                    callback.setSamlVersion(SAMLVersion.VERSION_11);
+                }
+
+                callback.setIssuer("sts");
+                String subjectName = "uid=sts-client,o=mock-sts.com";
+                String subjectQualifier = "www.mock-sts.com";
+                if (!saml2 && SAML2Constants.CONF_SENDER_VOUCHES.equals(confirmationMethod))
{
+                    confirmationMethod = SAML1Constants.CONF_SENDER_VOUCHES;
+                }
+                SubjectBean subjectBean = 
+                    new SubjectBean(
+                        subjectName, subjectQualifier, confirmationMethod
+                    );
+                callback.setSubject(subjectBean);
+                
+                if (attributes != null) {
+                    AttributeStatementBean attrBean = new AttributeStatementBean();
+                    attrBean.setSubject(subjectBean);
+                    attrBean.setSamlAttributes(attributes);
+                    callback.setAttributeStatementData(Collections.singletonList(attrBean));
+                }
+                
+            }
+        }
+    }
+
+    public List<AttributeBean> getAttributes() {
+        return attributes;
+    }
+
+    public void setAttributes(List<AttributeBean> attributes) {
+        this.attributes = attributes;
+    }
+    
+}


Mime
View raw message