cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject git commit: [FEDIZ-86] - Adding a Tomcat system test + support for the Jetty plugin + test
Date Wed, 03 Sep 2014 15:24:03 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master e37619325 -> a4b86cc6b


[FEDIZ-86] - Adding a Tomcat system test + support for the Jetty plugin + test


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/a4b86cc6
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/a4b86cc6
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/a4b86cc6

Branch: refs/heads/master
Commit: a4b86cc6b6574b3bb0cf8ae838f8fd18c7ad7311
Parents: e376193
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Sep 3 16:23:30 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Sep 3 16:23:30 2014 +0100

----------------------------------------------------------------------
 .../fediz/core/servlet/FederationFilter.java    |  4 +-
 .../fediz/jetty/FederationAuthenticator.java    | 63 +++++++++++++++---
 .../cxf/fediz/integrationtests/JettyTest.java   | 68 ++++++++++++++++++++
 .../cxf/fediz/integrationtests/TomcatTest.java  | 66 +++++++++++++++++++
 4 files changed, 189 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a4b86cc6/plugins/core/src/main/java/org/apache/cxf/fediz/core/servlet/FederationFilter.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/servlet/FederationFilter.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/servlet/FederationFilter.java
index 728cc23..ff90004 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/servlet/FederationFilter.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/servlet/FederationFilter.java
@@ -53,8 +53,8 @@ public class FederationFilter implements Filter {
             HttpServletRequest hrequest = (HttpServletRequest)request;
             Principal p = hrequest.getUserPrincipal();
             FedizPrincipal fedPrinc = (FedizPrincipal)p;
-            Element el = (Element)fedPrinc.getLoginToken();
-            if (el != null) {
+            if (fedPrinc != null && fedPrinc.getLoginToken() != null) {
+                Element el = (Element)fedPrinc.getLoginToken();
                 try {
                     SecurityTokenThreadLocal.setToken(el);
                     chain.doFilter(request, response);

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a4b86cc6/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
----------------------------------------------------------------------
diff --git a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
b/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
index ac09cc5..9b8033c 100644
--- a/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
+++ b/plugins/jetty/src/main/java/org/apache/cxf/fediz/jetty/FederationAuthenticator.java
@@ -22,6 +22,7 @@ package org.apache.cxf.fediz.jetty;
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
+import java.io.PrintWriter;
 import java.io.UnsupportedEncodingException;
 import java.security.cert.X509Certificate;
 import java.util.Map;
@@ -34,6 +35,8 @@ import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 import javax.xml.bind.JAXBException;
 
+import org.w3c.dom.Document;
+
 import org.apache.cxf.fediz.core.FederationConstants;
 import org.apache.cxf.fediz.core.SAMLSSOConstants;
 import org.apache.cxf.fediz.core.config.FederationProtocol;
@@ -46,6 +49,7 @@ import org.apache.cxf.fediz.core.processor.FedizProcessorFactory;
 import org.apache.cxf.fediz.core.processor.FedizRequest;
 import org.apache.cxf.fediz.core.processor.FedizResponse;
 import org.apache.cxf.fediz.core.processor.RedirectionResponse;
+import org.apache.wss4j.common.util.DOM2Writer;
 import org.eclipse.jetty.http.HttpMethods;
 import org.eclipse.jetty.http.MimeTypes;
 import org.eclipse.jetty.security.ServerAuthException;
@@ -147,6 +151,43 @@ public class FederationAuthenticator extends LoginAuthenticator {
     /* ------------------------------------------------------------ */
     public Authentication validateRequest(ServletRequest req, ServletResponse res, boolean
mandatory)
         throws ServerAuthException {
+        
+        HttpServletRequest request = (HttpServletRequest)req;
+        HttpServletResponse response = (HttpServletResponse)res;
+
+        HttpSession session = request.getSession(true);
+        
+        String contextName = request.getSession().getServletContext().getContextPath();
+        if (contextName == null || contextName.isEmpty()) {
+            contextName = "/";
+        }
+        FedizContext fedConfig = getContextConfiguration(contextName);
+        
+        // Check to see if it is a metadata request
+        try {
+            if (request.getRequestURL().indexOf(FederationConstants.METADATA_PATH_URI) !=
-1
+                || request.getRequestURL().indexOf(getMetadataURI(fedConfig)) != -1) {
+                if (LOG.isDebugEnabled()) {
+                    LOG.debug("Metadata document requested");
+                }
+                response.setContentType("text/xml");
+                PrintWriter out = response.getWriter();
+                
+                FedizProcessor wfProc = 
+                    FedizProcessorFactory.newFedizProcessor(fedConfig.getProtocol());
+                try {
+                    Document metadata = wfProc.getMetaData(fedConfig);
+                    out.write(DOM2Writer.nodeToString(metadata));
+                    return Authentication.SEND_CONTINUE;
+                } catch (Exception ex) {
+                    LOG.warn("Failed to get metadata document: " + ex.getMessage());
+                    response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+                    return Authentication.SEND_FAILURE;
+                }            
+            }
+        } catch (IOException e) {
+            throw new ServerAuthException(e);
+        }
 
         if (!mandatory) {
             return new DeferredAuthentication(this);
@@ -158,21 +199,11 @@ public class FederationAuthenticator extends LoginAuthenticator {
             LOG.warn("Unsupported encoding '" + this.encoding + "'", ex);
         }
         
-        HttpServletRequest request = (HttpServletRequest)req;
-        HttpServletResponse response = (HttpServletResponse)res;
         String uri = request.getRequestURI();
         if (uri == null) {
             uri = URIUtil.SLASH;
         }
 
-        HttpSession session = request.getSession(true);
-        
-        String contextName = request.getSession().getServletContext().getContextPath();
-        if (contextName == null || contextName.isEmpty()) {
-            contextName = "/";
-        }
-        FedizContext fedConfig = getContextConfiguration(contextName);
-
         try {
             String action = request.getParameter(FederationConstants.PARAM_ACTION);
             String responseToken = getResponseToken(request, fedConfig);
@@ -391,6 +422,18 @@ public class FederationAuthenticator extends LoginAuthenticator {
         }
         return null;
     }
+    
+    private String getMetadataURI(FedizContext fedConfig) {
+        if (fedConfig.getProtocol().getMetadataURI() != null) {
+            return fedConfig.getProtocol().getMetadataURI();
+        } else if (fedConfig.getProtocol() instanceof FederationProtocol) {
+            return FederationConstants.METADATA_PATH_URI;
+        } else if (fedConfig.getProtocol() instanceof SAMLProtocol) {
+            return SAMLSSOConstants.FEDIZ_SAML_METADATA_PATH_URI;
+        }
+        
+        return FederationConstants.METADATA_PATH_URI;
+    }
 
     /* ------------------------------------------------------------ */
     public boolean secureResponse(ServletRequest req, ServletResponse res, boolean mandatory,

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a4b86cc6/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyTest.java
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyTest.java
b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyTest.java
index eb99243..0646e17 100644
--- a/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyTest.java
+++ b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyTest.java
@@ -19,6 +19,22 @@
 
 package org.apache.cxf.fediz.integrationtests;
 
+import java.io.File;
+import java.io.FileInputStream;
+import java.security.KeyStore;
+
+import javax.net.ssl.SSLContext;
+
+import org.apache.http.HttpEntity;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.conn.ssl.SSLContextBuilder;
+import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.impl.client.LaxRedirectStrategy;
+import org.apache.http.util.EntityUtils;
 import org.junit.AfterClass;
 import org.junit.Assert;
 import org.junit.BeforeClass;
@@ -73,4 +89,56 @@ public class JettyTest extends AbstractTests {
         return "fedizhelloworld";
     }
     
+    @org.junit.Test
+    public void testMetadata() throws Exception {
+        String url = "https://localhost:" + getRpHttpsPort() 
+            + "/fedizhelloworld/FederationMetadata/2007-06/FederationMetadata.xml";
+
+        CloseableHttpClient httpClient = null;
+        try {
+            KeyStore trustStore  = KeyStore.getInstance(KeyStore.getDefaultType());
+            FileInputStream instream = new FileInputStream(new File("./target/test-classes/client.jks"));
+            try {
+                trustStore.load(instream, "clientpass".toCharArray());
+            } finally {
+                try {
+                    instream.close();
+                } catch (Exception ex) {
+                    ex.printStackTrace();
+                }
+            }
+
+            SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
+            sslContextBuilder.loadTrustMaterial(trustStore, new TrustSelfSignedStrategy());
+            sslContextBuilder.loadKeyMaterial(trustStore, "clientpass".toCharArray());
+
+            SSLContext sslContext = sslContextBuilder.build();
+            SSLConnectionSocketFactory sslSocketFactory = 
+                new SSLConnectionSocketFactory(sslContext);
+
+            HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
+            httpClientBuilder.setSSLSocketFactory(sslSocketFactory);
+            httpClientBuilder.setRedirectStrategy(new LaxRedirectStrategy());
+
+            httpClient = httpClientBuilder.build();
+
+            HttpGet httpget = new HttpGet(url);
+
+            HttpResponse response = httpClient.execute(httpget);
+            HttpEntity entity = response.getEntity();
+
+            Assert.assertEquals(200, response.getStatusLine().getStatusCode());
+
+            String metadata = EntityUtils.toString(entity);
+            Assert.assertTrue(metadata.startsWith("<EntityDescriptor"));
+        } finally {
+            // When HttpClient instance is no longer needed,
+            // shut down the connection manager to ensure
+            // immediate deallocation of all system resources
+            if (httpClient != null) {
+                httpClient.close();
+            }
+        }
+    }
+    
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a4b86cc6/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
index 163c97b..b35bfd1 100644
--- a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
+++ b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
@@ -21,6 +21,10 @@ package org.apache.cxf.fediz.integrationtests;
 
 
 import java.io.File;
+import java.io.FileInputStream;
+import java.security.KeyStore;
+
+import javax.net.ssl.SSLContext;
 
 import org.apache.catalina.Context;
 import org.apache.catalina.LifecycleState;
@@ -28,6 +32,16 @@ import org.apache.catalina.connector.Connector;
 import org.apache.catalina.startup.Tomcat;
 import org.apache.cxf.fediz.core.ClaimTypes;
 import org.apache.cxf.fediz.tomcat.FederationAuthenticator;
+import org.apache.http.HttpEntity;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.conn.ssl.SSLContextBuilder;
+import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.impl.client.LaxRedirectStrategy;
+import org.apache.http.util.EntityUtils;
 import org.junit.AfterClass;
 import org.junit.Assert;
 import org.junit.BeforeClass;
@@ -205,4 +219,56 @@ public class TomcatTest extends AbstractTests {
 
     }
     
+    @org.junit.Test
+    public void testMetadata() throws Exception {
+        String url = "https://localhost:" + getRpHttpsPort() 
+            + "/fedizhelloworld/FederationMetadata/2007-06/FederationMetadata.xml";
+
+        CloseableHttpClient httpClient = null;
+        try {
+            KeyStore trustStore  = KeyStore.getInstance(KeyStore.getDefaultType());
+            FileInputStream instream = new FileInputStream(new File("./target/test-classes/client.jks"));
+            try {
+                trustStore.load(instream, "clientpass".toCharArray());
+            } finally {
+                try {
+                    instream.close();
+                } catch (Exception ex) {
+                    ex.printStackTrace();
+                }
+            }
+
+            SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
+            sslContextBuilder.loadTrustMaterial(trustStore, new TrustSelfSignedStrategy());
+            sslContextBuilder.loadKeyMaterial(trustStore, "clientpass".toCharArray());
+
+            SSLContext sslContext = sslContextBuilder.build();
+            SSLConnectionSocketFactory sslSocketFactory = 
+                new SSLConnectionSocketFactory(sslContext);
+
+            HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
+            httpClientBuilder.setSSLSocketFactory(sslSocketFactory);
+            httpClientBuilder.setRedirectStrategy(new LaxRedirectStrategy());
+
+            httpClient = httpClientBuilder.build();
+
+            HttpGet httpget = new HttpGet(url);
+
+            HttpResponse response = httpClient.execute(httpget);
+            HttpEntity entity = response.getEntity();
+
+            Assert.assertEquals(200, response.getStatusLine().getStatusCode());
+
+            String metadata = EntityUtils.toString(entity);
+            Assert.assertTrue(metadata.startsWith("<EntityDescriptor"));
+        } finally {
+            // When HttpClient instance is no longer needed,
+            // shut down the connection manager to ensure
+            // immediate deallocation of all system resources
+            if (httpClient != null) {
+                httpClient.close();
+            }
+        }
+    }
+    
 }


Mime
View raw message