cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/2] git commit: Adding a JAX-RS kerberos credential delegation test
Date Thu, 07 Aug 2014 10:56:13 GMT
Repository: cxf
Updated Branches:
  refs/heads/master df669c623 -> 69fc87a74


Adding a JAX-RS kerberos credential delegation test


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/69fc87a7
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/69fc87a7
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/69fc87a7

Branch: refs/heads/master
Commit: 69fc87a74d26521065c61d968e2ea5a44af927a7
Parents: 89f74ab
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Aug 7 11:55:33 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Aug 7 11:55:53 2014 +0100

----------------------------------------------------------------------
 .../kerberos/JAXRSIntermediaryPortTypeImpl.java | 77 ++++++++++++++++++++
 .../kerberos/KerberosDelegationTokenTest.java   | 27 +++++++
 .../kerberos/cxf-intermediary-jaxrs-client.xml  | 43 +++++++++++
 .../systest/sts/kerberos/cxf-intermediary.xml   | 12 ++-
 .../apache/cxf/systest/sts/kerberos/jaxrs.xml   | 26 +++++++
 5 files changed, 184 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/69fc87a7/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/JAXRSIntermediaryPortTypeImpl.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/JAXRSIntermediaryPortTypeImpl.java
b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/JAXRSIntermediaryPortTypeImpl.java
new file mode 100644
index 0000000..639e8c7
--- /dev/null
+++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/JAXRSIntermediaryPortTypeImpl.java
@@ -0,0 +1,77 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.kerberos;
+
+import java.net.URL;
+import java.util.Map;
+
+import javax.jws.WebService;
+import javax.xml.namespace.QName;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.Service;
+
+import org.apache.cxf.feature.Features;
+import org.apache.cxf.jaxrs.security.KerberosAuthenticationFilter.KerberosSecurityContext;
+import org.apache.cxf.phase.PhaseInterceptorChain;
+import org.apache.cxf.security.SecurityContext;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.example.contract.doubleit.DoubleItPortType;
+import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSException;
+
+@WebService(targetNamespace = "http://www.example.org/contract/DoubleIt", 
+            serviceName = "DoubleItService", 
+            endpointInterface = "org.example.contract.doubleit.DoubleItPortType")
+@Features(features = "org.apache.cxf.feature.LoggingFeature")              
+public class JAXRSIntermediaryPortTypeImpl extends AbstractBusClientServerTestBase implements
DoubleItPortType {
+    
+    private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
+    private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
+    
+    public int doubleIt(int numberToDouble) {
+        URL wsdl = JAXRSIntermediaryPortTypeImpl.class.getResource("DoubleIt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2Port");
+        DoubleItPortType transportPort = 
+            service.getPort(portQName, DoubleItPortType.class);
+        try {
+            updateAddressPort(transportPort, KerberosDelegationTokenTest.PORT);
+        } catch (Exception ex) {
+            ex.printStackTrace();
+        }
+        
+        // Retrieve delegated credential + set it on the outbound message
+        SecurityContext securityContext = 
+            PhaseInterceptorChain.getCurrentMessage().get(SecurityContext.class);
+        if (securityContext instanceof KerberosSecurityContext) {
+            KerberosSecurityContext ksc = (KerberosSecurityContext)securityContext;
+            try {
+                GSSCredential delegatedCredential = ksc.getGSSContext().getDelegCred();
+                Map<String, Object> context = ((BindingProvider)transportPort).getRequestContext();
+                context.put(SecurityConstants.DELEGATED_CREDENTIAL, delegatedCredential);
+            } catch (GSSException e) {
+                e.printStackTrace();
+            }
+        }
+        
+        return transportPort.doubleIt(numberToDouble);
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/69fc87a7/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/KerberosDelegationTokenTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/KerberosDelegationTokenTest.java
b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/KerberosDelegationTokenTest.java
index 17c33a0..c1fbb4c 100644
--- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/KerberosDelegationTokenTest.java
+++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/KerberosDelegationTokenTest.java
@@ -19,6 +19,7 @@
 package org.apache.cxf.systest.sts.kerberos;
 
 import java.net.URL;
+import java.util.Map;
 
 import javax.xml.namespace.QName;
 import javax.xml.ws.BindingProvider;
@@ -26,11 +27,14 @@ import javax.xml.ws.Service;
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.cxf.systest.sts.common.SecurityTestUtil;
 import org.apache.cxf.systest.sts.common.TokenTestUtils;
 import org.apache.cxf.systest.sts.deployment.STSServer;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.transport.http.auth.SpnegoAuthSupplier;
 import org.example.contract.doubleit.DoubleItPortType;
+import org.ietf.jgss.GSSName;
 import org.junit.BeforeClass;
 
 /**
@@ -106,6 +110,29 @@ public class KerberosDelegationTokenTest extends AbstractBusClientServerTestBase
         bus.shutdown(true);
     }
     
+    @org.junit.Test
+    public void testKerberosTokenJAXRS() throws Exception {
+        
+        final String configLocation = "org/apache/cxf/systest/sts/kerberos/cxf-intermediary-jaxrs-client.xml";
+        final String address = "https://localhost:" + INTERMEDIARY_PORT + "/doubleit/services/doubleit-rs";
+        final int numToDouble = 35;  
+
+        WebClient client = WebClient.create(address, configLocation);
+        client.type("text/plain").accept("text/plain");
+        
+        Map<String, Object> requestContext = WebClient.getConfig(client).getRequestContext();
+        requestContext.put("auth.spnego.useKerberosOid", "true");
+        requestContext.put("auth.spnego.requireCredDelegation", "true");
+        
+        SpnegoAuthSupplier authSupplier = new SpnegoAuthSupplier();
+        authSupplier.setServicePrincipalName("bob@service.ws.apache.org");
+        authSupplier.setServiceNameType(GSSName.NT_HOSTBASED_SERVICE);
+        WebClient.getConfig(client).getHttpConduit().setAuthSupplier(authSupplier);
+        
+        int resp = client.post(numToDouble, Integer.class);
+        org.junit.Assert.assertEquals(2 * numToDouble, resp);
+    }
+    
     private static void doubleIt(DoubleItPortType port, int numToDouble) {
         int resp = port.doubleIt(numToDouble);
         assertEquals(numToDouble * 2 , resp);

http://git-wip-us.apache.org/repos/asf/cxf/blob/69fc87a7/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/kerberos/cxf-intermediary-jaxrs-client.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/kerberos/cxf-intermediary-jaxrs-client.xml
b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/kerberos/cxf-intermediary-jaxrs-client.xml
new file mode 100644
index 0000000..f992249
--- /dev/null
+++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/kerberos/cxf-intermediary-jaxrs-client.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:cxf="http://cxf.apache.org/core" xmlns:http="http://cxf.apache.org/transports/http/configuration"
xmlns:sec="http://cxf.apache.org/configuration/security" xsi:schemaLocation=" http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://cxf.apache.org/core
http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd
http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
+    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+    <cxf:bus>
+        <cxf:features>
+            <cxf:logging/>
+        </cxf:features>
+    </cxf:bus>
+    
+    <http:conduit name="https://localhost:.*">
+        <http:tlsClientParameters disableCNCheck="true">
+            <sec:trustManagers>
+                <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
+            </sec:trustManagers>
+            <sec:keyManagers keyPassword="skpass">
+                <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
+            </sec:keyManagers>
+        </http:tlsClientParameters>
+        <http:authorization>
+            <sec:AuthorizationType>Negotiate</sec:AuthorizationType>
+            <sec:Authorization>alice</sec:Authorization>
+        </http:authorization>
+    </http:conduit>
+    
+</beans>

http://git-wip-us.apache.org/repos/asf/cxf/blob/69fc87a7/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/kerberos/cxf-intermediary.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/kerberos/cxf-intermediary.xml
b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/kerberos/cxf-intermediary.xml
index 0398a7e..cbd967d 100644
--- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/kerberos/cxf-intermediary.xml
+++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/kerberos/cxf-intermediary.xml
@@ -17,7 +17,7 @@
  specific language governing permissions and limitations
  under the License.
 -->
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:cxf="http://cxf.apache.org/core"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
xmlns:jaxws="http://cxf.apache.org/jaxws" xsi:schemaLocation="             http://cxf.apache.org/core
            http://cxf.apache.org/schemas/core.xsd             http://cxf.apache.org/configuration/security
            http://cxf.apache.org/schemas/configuration/security.xsd             http://cxf.apache.org/jaxws
            http://cxf.apache.org/schemas/jaxws.xsd             http://cxf.apache.org/transports/http/configuration
            http://cxf.apache.org/schemas/configuration/http-conf.xsd             http://cxf.apache.org/transports/http-jetty/configuration
            http://cxf.apache.org/schemas/configuration/http-jetty.xsd      
        http://www.springframework.org/schema/beans             http://www.springframework.org/schema/beans/spring-beans.xsd">
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:cxf="http://cxf.apache.org/core"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:jaxrs="http://cxf.apache.org/jaxrs" xsi:schemaLocation="
            http://cxf.apache.org/core             http://cxf.apache.org/schemas/core.xsd
            http://cxf.apache.org/configuration/security             http://cxf.apache.org/schemas/configuration/security.xsd
            http://cxf.apache.org/jaxws             http://cxf.apache.org/schemas/jaxws.xsd
    http://cxf.apache.org/jaxrs             http://cxf.apache.org/schemas/jaxrs.xsd      
 http://cxf.apache.org/transports/http/configuration             http://cxf.apache.org/schemas/configuration/http-conf.xsd
            http://cxf.ap
 ache.org/transports/http-jetty/configuration             http://cxf.apache.org/schemas/configuration/http-jetty.xsd
            http://www.springframework.org/schema/beans             http://www.springframework.org/schema/beans/spring-beans.xsd">
     <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
     <cxf:bus>
         <cxf:features>
@@ -36,6 +36,16 @@
         </jaxws:properties>
     </jaxws:endpoint>
     
+    <bean id="kerberosFilter" class="org.apache.cxf.jaxrs.security.KerberosAuthenticationFilter">
+       <property name="loginContextName" value="bob"/>
+    </bean>
+
+    <jaxrs:server modelRef="classpath:org/apache/cxf/systest/sts/kerberos/jaxrs.xml" depends-on="ClientAuthHttpsSettings"
address="https://localhost:${testutil.ports.Intermediary}/doubleit/services/doubleit-rs">
+        <jaxrs:providers>
+            <ref bean="kerberosFilter" />
+        </jaxrs:providers>
+    </jaxrs:server>
+    
     <bean class="org.apache.cxf.ws.security.kerberos.KerberosClient" id="kerberosClient">
         <constructor-arg ref="cxf"/>
         <property name="contextName" value="bob"/>

http://git-wip-us.apache.org/repos/asf/cxf/blob/69fc87a7/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/kerberos/jaxrs.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/kerberos/jaxrs.xml
b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/kerberos/jaxrs.xml
new file mode 100644
index 0000000..fbc256d
--- /dev/null
+++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/kerberos/jaxrs.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<model xmlns="http://cxf.apache.org/jaxrs">
+    <resource name="org.apache.cxf.systest.sts.kerberos.JAXRSIntermediaryPortTypeImpl"
path="/">
+        <operation name="doubleIt" verb="POST" path="/" consumes="text/plain" produces="text/plain">
+            <param name="numberToDouble" type="REQUEST_BODY"/>
+        </operation>
+    </resource>
+</model>


Mime
View raw message