cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject git commit: [FEDIZ-19] - Applying Logout tests
Date Wed, 17 Sep 2014 10:27:19 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master bf2cbeaf3 -> 02a0b82a1


[FEDIZ-19] - Applying Logout tests


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/02a0b82a
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/02a0b82a
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/02a0b82a

Branch: refs/heads/master
Commit: 02a0b82a14cf8f39e8573e2630f7999927612de0
Parents: bf2cbea
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Sep 17 11:27:02 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Sep 17 11:27:02 2014 +0100

----------------------------------------------------------------------
 .../federation/FederationTest.java              |  10 ++
 systests/tests/pom.xml                          |  12 --
 .../fediz/integrationtests/AbstractTests.java   |  84 +++++++--
 .../fediz/integrationtests/HTTPTestUtils.java   | 169 +++++--------------
 4 files changed, 121 insertions(+), 154 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/02a0b82a/systests/cxf/src/test/java/org/apache/cxf/fediz/integrationtests/federation/FederationTest.java
----------------------------------------------------------------------
diff --git a/systests/cxf/src/test/java/org/apache/cxf/fediz/integrationtests/federation/FederationTest.java
b/systests/cxf/src/test/java/org/apache/cxf/fediz/integrationtests/federation/FederationTest.java
index 8dbbcb5..84b91df 100644
--- a/systests/cxf/src/test/java/org/apache/cxf/fediz/integrationtests/federation/FederationTest.java
+++ b/systests/cxf/src/test/java/org/apache/cxf/fediz/integrationtests/federation/FederationTest.java
@@ -223,6 +223,16 @@ public class FederationTest extends AbstractTests {
 
     }
 
+    @org.junit.Test
+    public void testRPLogout() throws Exception {
+        //
+    }
+    
+    @org.junit.Test
+    public void testIdPLogout() throws Exception {
+        //
+    }
+    
     public String getServletContextName() {
         return "fedizhelloworld";
     }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/02a0b82a/systests/tests/pom.xml
----------------------------------------------------------------------
diff --git a/systests/tests/pom.xml b/systests/tests/pom.xml
index b245187..950046a 100644
--- a/systests/tests/pom.xml
+++ b/systests/tests/pom.xml
@@ -45,18 +45,6 @@
             <version>${project.version}</version>
         </dependency>
         <dependency>
-            <groupId>org.apache.httpcomponents</groupId>
-            <artifactId>httpclient</artifactId>
-            <version>${httpclient.version}</version>
-        </dependency>
-<!--
-        <dependency>
-            <groupId>net.htmlparser.jericho</groupId>
-            <artifactId>jericho-html</artifactId>
-            <version>${jericho.version}</version>
-        </dependency>
--->
-        <dependency>
             <groupId>net.sourceforge.htmlunit</groupId>
             <artifactId>htmlunit</artifactId>
             <version>${htmlunit.version}</version>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/02a0b82a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
----------------------------------------------------------------------
diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
index 2327bf3..4d68e36 100644
--- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
+++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
@@ -19,11 +19,14 @@
 
 package org.apache.cxf.fediz.integrationtests;
 
+import com.gargoylesoftware.htmlunit.CookieManager;
 import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
 import com.gargoylesoftware.htmlunit.WebClient;
+import com.gargoylesoftware.htmlunit.html.HtmlPage;
 import com.gargoylesoftware.htmlunit.xml.XmlPage;
 
 import org.apache.cxf.fediz.core.ClaimTypes;
+import org.apache.cxf.fediz.core.FederationConstants;
 import org.junit.Assert;
 
 public abstract class AbstractTests {
@@ -300,24 +303,81 @@ public abstract class AbstractTests {
         final String xmlContent = rpPage.asXml();
         Assert.assertTrue(xmlContent.startsWith("<EntityDescriptor"));
     }
-    /*
+    
     @org.junit.Test
-    public void testAliceLogout() throws Exception {
-        // Authenticate as "alice"
+    public void testRPLogout() throws Exception {
+
         String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
         String user = "alice";
         String password = "ecila";
+
+        CookieManager cookieManager = new CookieManager();
         
-        CloseableHttpClient httpClient = 
-            HTTPTestUtils.sendHttpGetForSignIn(url, user, password, 200, 200, Integer.parseInt(getIdpHttpsPort()));
+        // 1. Login
+        HTTPTestUtils.loginWithCookieManager(url, user, password, getIdpHttpsPort(), cookieManager);
         
-        String logoutUrl = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/logout";
-        String logoutResponse = 
-            HTTPTestUtils.sendHttpGetForSignOut(httpClient, logoutUrl, 200, 200, Integer.parseInt(getIdpHttpsPort()));
+        // 2. Now we should have a cookie from the RP and IdP and should be able to do
+        // subsequent requests without authenticate again. Lets test this first.
+        WebClient webClient = new WebClient();
+        webClient.setCookieManager(cookieManager);
+        webClient.getOptions().setUseInsecureSSL(true);
+        final HtmlPage rpPage = webClient.getPage(url);
+        Assert.assertEquals("WS Federation Systests Examples", rpPage.getTitleText());
+
+        // 3. now we logout from RP
+        String rpLogoutUrl = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/logout";
+
+        HTTPTestUtils.logout(rpLogoutUrl, cookieManager);
+
+        // 4. now we try to access the RP and idp without authentication but with the existing
cookies
+        // to see if we are really logged out
+        String rpUrl = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
+
+        webClient = new WebClient();
+        webClient.setCookieManager(cookieManager);
+        webClient.getOptions().setUseInsecureSSL(true);
+        webClient.getOptions().setThrowExceptionOnFailingStatusCode(false);
+        final HtmlPage idpPage = webClient.getPage(rpUrl);
+
+        Assert.assertEquals(401, idpPage.getWebResponse().getStatusCode());
+    }
+    
+    @org.junit.Test
+    public void testIdPLogout() throws Exception {
+
+        String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
+        String user = "alice";
+        String password = "ecila";
+
+        CookieManager cookieManager = new CookieManager();
+        
+        // 1. Login
+        HTTPTestUtils.loginWithCookieManager(url, user, password, getIdpHttpsPort(), cookieManager);
+       
+        // 2. Now we should have a cookie from the RP and IdP and should be able to do
+        // subsequent requests without authenticate again. Lets test this first.
+        WebClient webClient = new WebClient();
+        webClient.setCookieManager(cookieManager);
+        webClient.getOptions().setUseInsecureSSL(true);
+        final HtmlPage rpPage = webClient.getPage(url);
+        Assert.assertEquals("WS Federation Systests Examples", rpPage.getTitleText());
         
-        Assert.assertTrue(logoutResponse.contains("IDP SignOut Response Page"));
-        Assert.assertTrue(logoutResponse.contains("Logout status of RP"));
-        Assert.assertTrue(logoutResponse.contains("wsignoutcleanup1.0"));
+        // 3. now we logout from IdP
+        String idpLogoutUrl = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?wa="
+            + FederationConstants.ACTION_SIGNOUT; //todo logout url on idp?!?
+
+        HTTPTestUtils.logout(idpLogoutUrl, cookieManager);
+
+        // 4. now we try to access the RP and idp without authentication but with the existing
cookies
+        // to see if we are really logged out
+        String rpUrl = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
+
+        webClient = new WebClient();
+        webClient.setCookieManager(cookieManager);
+        webClient.getOptions().setUseInsecureSSL(true);
+        webClient.getOptions().setThrowExceptionOnFailingStatusCode(false);
+        final HtmlPage idpPage = webClient.getPage(rpUrl);
+
+        Assert.assertEquals(401, idpPage.getWebResponse().getStatusCode());
     }
-    */
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/02a0b82a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/HTTPTestUtils.java
----------------------------------------------------------------------
diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/HTTPTestUtils.java
b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/HTTPTestUtils.java
index 586d1db..d05fed6 100644
--- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/HTTPTestUtils.java
+++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/HTTPTestUtils.java
@@ -21,7 +21,10 @@ package org.apache.cxf.fediz.integrationtests;
 
 import java.io.IOException;
 
+import com.gargoylesoftware.htmlunit.CookieManager;
 import com.gargoylesoftware.htmlunit.WebClient;
+import com.gargoylesoftware.htmlunit.html.DomElement;
+import com.gargoylesoftware.htmlunit.html.DomNodeList;
 import com.gargoylesoftware.htmlunit.html.HtmlForm;
 import com.gargoylesoftware.htmlunit.html.HtmlPage;
 import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
@@ -72,145 +75,51 @@ public final class HTTPTestUtils {
 
         return rpPage.getBody().getTextContent();
     }
+    
+    public static String loginWithCookieManager(String url, String user, String password,

+                                                String idpPort, CookieManager cookieManager)
throws IOException {
+        final WebClient webClient = new WebClient();
+        webClient.setCookieManager(cookieManager);
+        webClient.getOptions().setUseInsecureSSL(true);
+        webClient.getCredentialsProvider().setCredentials(
+            new AuthScope("localhost", Integer.parseInt(idpPort)),
+            new UsernamePasswordCredentials(user, password));
 
-    /**
-     * Same as sendHttpGet above, except that we return the HttpClient so that it can
-     * subsequently be re-used (for e.g. logout)
-    public static CloseableHttpClient sendHttpGetForSignIn(String url, String user, String
password, 
-                                                           int returnCodeIDP, int returnCodeRP,
int idpPort)
-        throws Exception {
-
-        CloseableHttpClient httpClient = null;
-        CredentialsProvider credsProvider = new BasicCredentialsProvider();
-        credsProvider.setCredentials(
-                                     new AuthScope("localhost", idpPort), 
-                                     new UsernamePasswordCredentials(user, password));
-
-        KeyStore trustStore  = KeyStore.getInstance(KeyStore.getDefaultType());
-        FileInputStream instream = new FileInputStream(new File("./target/test-classes/client.jks"));
-        try {
-            trustStore.load(instream, "clientpass".toCharArray());
-        } finally {
-            try {
-                instream.close();
-            } catch (Exception ex) {
-                ex.printStackTrace();
-            }
-        }
-
-        SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
-        sslContextBuilder.loadTrustMaterial(trustStore, new TrustSelfSignedStrategy());
-        sslContextBuilder.loadKeyMaterial(trustStore, "clientpass".toCharArray());
+        webClient.getOptions().setJavaScriptEnabled(false);
+        final HtmlPage idpPage = webClient.getPage(url);
+        webClient.getOptions().setJavaScriptEnabled(true);
+        Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
 
-        SSLContext sslContext = sslContextBuilder.build();
-        SSLConnectionSocketFactory sslSocketFactory = 
-            new SSLConnectionSocketFactory(sslContext);
+        final HtmlForm form = idpPage.getFormByName("signinresponseform");
+        final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
 
-        HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
-        httpClientBuilder.setDefaultCredentialsProvider(credsProvider);
-        httpClientBuilder.setSSLSocketFactory(sslSocketFactory);
-        httpClientBuilder.setRedirectStrategy(new LaxRedirectStrategy());
+        final HtmlPage rpPage = button.click();
+        Assert.assertEquals("WS Federation Systests Examples", rpPage.getTitleText());
 
-        httpClient = httpClientBuilder.build();
+        return rpPage.getBody().getTextContent();
+    }
+    
+    public static void logout(String url, CookieManager cookieManager) throws IOException
{
+        final WebClient webClient = new WebClient();
+        webClient.setCookieManager(cookieManager);
+        webClient.getOptions().setUseInsecureSSL(true);
+        final HtmlPage idpPage = webClient.getPage(url);
 
-        HttpGet httpget = new HttpGet(url);
+        Assert.assertEquals("IDP SignOut Confirmation Response Page", idpPage.getTitleText());
 
-        HttpResponse response = httpClient.execute(httpget);
-        HttpEntity entity = response.getEntity();
+        final HtmlForm form = idpPage.getFormByName("signoutconfirmationresponseform");
+        final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
+        final HtmlPage idpLogoutPage = button.click();
 
-        Assert.assertTrue("IDP HTTP Response code: " + response.getStatusLine().getStatusCode()
-                          + " [Expected: " + returnCodeIDP + "]",
-                          returnCodeIDP == response.getStatusLine().getStatusCode());
+        DomNodeList<DomElement> images = idpLogoutPage.getElementsByTagName("img");
+        Assert.assertEquals(1, images.getLength());
+        for (int i = 0; i < images.size(); i++) {
+            DomElement domElement = images.get(i);
+            String imgSrc = domElement.getAttribute("src");
 
-        if (response.getStatusLine().getStatusCode() != 200) {
-            return null;
+            //we should get a fault if the image isn't available.
+            webClient.getPage(imgSrc);
         }
-
-        //            Redirect to a POST is not supported without user interaction
-        //            http://www.ietf.org/rfc/rfc2616.txt
-        //            If the 301 status code is received in response to a request other
-        //            than GET or HEAD, the user agent MUST NOT automatically redirect the
-        //            request unless it can be confirmed by the user, since this might
-        //            change the conditions under which the request was issued.
-
-        Source source = new Source(EntityUtils.toString(entity));
-        List <NameValuePair> nvps = new ArrayList <NameValuePair>();
-        FormFields formFields = source.getFormFields();
-
-        List<Element> forms = source.getAllElements(HTMLElementName.FORM);
-        Assert.assertEquals("Only one form expected but got " + forms.size(), 1, forms.size());
-        String postUrl = forms.get(0).getAttributeValue("action");
-
-        Assert.assertNotNull("Form field 'wa' not found", formFields.get("wa"));
-        Assert.assertNotNull("Form field 'wresult' not found", formFields.get("wresult"));
-
-        for (FormField formField : formFields) {
-            if (formField.getUserValueCount() != 0) {
-                nvps.add(new BasicNameValuePair(formField.getName(),
-                                                formField.getValues().get(0)));
-            }
-        } 
-        HttpPost httppost = new HttpPost(postUrl);
-        httppost.setEntity(new UrlEncodedFormEntity(nvps, Consts.UTF_8));
-
-        response = httpClient.execute(httppost);
-
-        entity = response.getEntity();
-        Assert.assertTrue("RP HTTP Response code: " + response.getStatusLine().getStatusCode()
-                          + " [Expected: " + returnCodeRP + "]",
-                          returnCodeRP == response.getStatusLine().getStatusCode());
-
-        String responseStr = EntityUtils.toString(entity);
-        Assert.assertTrue("Principal not " + user, responseStr.indexOf("userPrincipal=" +
user) > 0);
-
-        return httpClient;
     }
 
-    public static String sendHttpGetForSignOut(CloseableHttpClient httpClient, String url,
-                                               int returnCodeIDP, int returnCodeRP, int idpPort)
-        throws Exception {
-        try {
-            // logout to service provider
-            HttpGet httpget = new HttpGet(url);
-
-            HttpResponse response = httpClient.execute(httpget);
-            HttpEntity entity = response.getEntity();
-
-            String parsedEntity = EntityUtils.toString(entity);
-            Assert.assertTrue(parsedEntity.contains("Logout from the following realms"));
-            Source source = new Source(parsedEntity);
-            List <NameValuePair> nvps = new ArrayList <NameValuePair>();
-            FormFields formFields = source.getFormFields();
-
-            List<Element> forms = source.getAllElements(HTMLElementName.FORM);
-            Assert.assertEquals("Only one form expected but got " + forms.size(), 1, forms.size());
-            String postUrl = forms.get(0).getAttributeValue("action");
-
-            Assert.assertNotNull("Form field 'wa' not found", formFields.get("wa"));
-
-            for (FormField formField : formFields) {
-                if (formField.getUserValueCount() != 0) {
-                    nvps.add(new BasicNameValuePair(formField.getName(),
-                                                    formField.getValues().get(0)));
-                }
-            } 
-
-            // Now send logout form to IdP
-            nvps.add(new BasicNameValuePair("_eventId_submit", "Logout"));
-
-            HttpPost httppost = 
-                new HttpPost("https://localhost:" + idpPort + "/" + postUrl);
-            httppost.setEntity(new UrlEncodedFormEntity(nvps, Consts.UTF_8));
-
-            response = httpClient.execute(httppost);
-            entity = response.getEntity();
-
-            return EntityUtils.toString(entity);
-        } finally {
-            if (httpClient != null) {
-                httpClient.close();
-            }
-        }
-    }
-    */
 }


Mime
View raw message