cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject git commit: Avoiding some potential NPEs
Date Thu, 04 Sep 2014 19:29:44 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/1.1.x-fixes 89b8f99ea -> 6c8b46d70


Avoiding some potential NPEs


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/6c8b46d7
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/6c8b46d7
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/6c8b46d7

Branch: refs/heads/1.1.x-fixes
Commit: 6c8b46d70140151b300f5afef5ce12e2ac268f11
Parents: 89b8f99
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Sep 4 20:23:05 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Sep 4 20:29:33 2014 +0100

----------------------------------------------------------------------
 .../service/idp/STSAuthenticationProvider.java  | 12 +++++--
 .../fediz/integrationtests/KerberosTest.java    | 37 ++++++++++++++++++--
 2 files changed, 43 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6c8b46d7/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
index d189cf5..562c9e7 100644
--- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
+++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/STSAuthenticationProvider.java
@@ -147,12 +147,18 @@ public class STSAuthenticationProvider implements AuthenticationProvider
{
                 return null;
             }
             
-            sts.getProperties().put(SecurityConstants.KERBEROS_JAAS_CONTEXT_NAME, 
+            if (kerberosTokenValidator.getContextName() != null) {
+                sts.getProperties().put(SecurityConstants.KERBEROS_JAAS_CONTEXT_NAME, 
                                     kerberosTokenValidator.getContextName());
-            sts.getProperties().put(SecurityConstants.KERBEROS_SPN,
+            }
+            if (kerberosTokenValidator.getServiceName() != null) {
+                sts.getProperties().put(SecurityConstants.KERBEROS_SPN,
                                     kerberosTokenValidator.getServiceName());
-            sts.getProperties().put(SecurityConstants.CALLBACK_HANDLER, 
+            }
+            if (kerberosCallbackHandler != null) {
+                sts.getProperties().put(SecurityConstants.CALLBACK_HANDLER, 
                                     kerberosCallbackHandler);
+            }
             if (kerberosUsernameServiceNameForm) {
                 sts.getProperties().put(SecurityConstants.KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM,

                                         "true");

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/6c8b46d7/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosTest.java
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosTest.java
b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosTest.java
index c205ed8..cbd2d2b 100644
--- a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosTest.java
+++ b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosTest.java
@@ -222,7 +222,7 @@ public class KerberosTest {
     public void testKerberos() throws Exception {
         String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
         // Get a Kerberos Ticket +  Base64 encode it
-        String ticket = getEncodedKerberosTicket();
+        String ticket = getEncodedKerberosTicket(false);
         
         String response = sendHttpGet(url, ticket, 200, 200, Integer.parseInt(getIdpHttpsPort()));
 
@@ -244,12 +244,43 @@ public class KerberosTest {
     
     }
     
-    private String getEncodedKerberosTicket() throws Exception {
+    @org.junit.Test
+    public void testSpnego() throws Exception {
+        String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
+        // Get a Kerberos Ticket +  Base64 encode it
+        String ticket = getEncodedKerberosTicket(true);
+        
+        String response = sendHttpGet(url, ticket, 200, 200, Integer.parseInt(getIdpHttpsPort()));
+
+        String user = "alice";
+        Assert.assertTrue("Principal not " + user, response.indexOf("userPrincipal=" + user)
> 0);
+        Assert.assertTrue("User " + user + " does not have role Admin", response.indexOf("role:Admin=false")
> 0);
+        Assert.assertTrue("User " + user + " does not have role Manager", response.indexOf("role:Manager=false")
> 0);
+        Assert.assertTrue("User " + user + " must have role User", response.indexOf("role:User=true")
> 0);
+
+        String claim = ClaimTypes.FIRSTNAME.toString();
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'",
+                          response.indexOf(claim + "=Alice") > 0);
+        claim = ClaimTypes.LASTNAME.toString();
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'",
+                          response.indexOf(claim + "=Smith") > 0);
+        claim = ClaimTypes.EMAILADDRESS.toString();
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
+                          response.indexOf(claim + "=alice@realma.org") > 0);
+    
+    }
+    
+    private String getEncodedKerberosTicket(boolean spnego) throws Exception {
         
         System.setProperty("java.security.auth.login.config", "src/test/resources/kerberos.jaas");
         System.setProperty("org.apache.xml.security.ignoreLineBreaks", "true");
         
-        Oid kerberos5Oid = new Oid("1.2.840.113554.1.2.2");
+        Oid kerberos5Oid = null;
+        if (spnego) {
+            kerberos5Oid = new Oid("1.3.6.1.5.5.2");
+        } else {
+            kerberos5Oid = new Oid("1.2.840.113554.1.2.2");
+        }
         
         GSSManager manager = GSSManager.getInstance();
         GSSName serverName = manager.createName("bob@service.ws.apache.org", 


Mime
View raw message