cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/2] cxf git commit: Some more kerberos stuff
Date Wed, 03 Dec 2014 11:41:56 GMT
Some more kerberos stuff


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/892913e7
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/892913e7
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/892913e7

Branch: refs/heads/3.0.x-fixes
Commit: 892913e71e5bed58419c953ca551a3d13bd7b22d
Parents: 1314a59
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Dec 3 11:34:50 2014 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Dec 3 11:36:07 2014 +0000

----------------------------------------------------------------------
 services/sts/systests/advanced/pom.xml          |   6 -
 .../systest/sts/kerberos/KerberosTokenTest.java | 137 -------------------
 .../cxf/systest/sts/kerberos/cxf-client.xml     |  67 ---------
 .../wssec/kerberos/KerberosTokenTest.java       |   8 +-
 .../kerberos/wssec/spnego/SpnegoTokenTest.java  |   6 +-
 5 files changed, 7 insertions(+), 217 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/892913e7/services/sts/systests/advanced/pom.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/pom.xml b/services/sts/systests/advanced/pom.xml
index 446c21f..8af3813 100644
--- a/services/sts/systests/advanced/pom.xml
+++ b/services/sts/systests/advanced/pom.xml
@@ -90,12 +90,6 @@
             <scope>test</scope>
         </dependency>
         <dependency>
-            <groupId>org.apache.directory.server</groupId>
-            <artifactId>apacheds-kerberos-shared</artifactId>
-            <version>1.5.7</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
             <groupId>org.apache.cxf</groupId>
             <artifactId>cxf-rt-databinding-jaxb</artifactId>
             <version>${project.version}</version>

http://git-wip-us.apache.org/repos/asf/cxf/blob/892913e7/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/KerberosTokenTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/KerberosTokenTest.java
b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/KerberosTokenTest.java
deleted file mode 100644
index 2227056..0000000
--- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/KerberosTokenTest.java
+++ /dev/null
@@ -1,137 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.systest.sts.kerberos;
-
-import java.net.URL;
-import java.util.Arrays;
-import java.util.Collection;
-
-import javax.xml.namespace.QName;
-import javax.xml.ws.BindingProvider;
-import javax.xml.ws.Service;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.bus.spring.SpringBusFactory;
-import org.apache.cxf.systest.sts.common.SecurityTestUtil;
-import org.apache.cxf.systest.sts.common.TestParam;
-import org.apache.cxf.systest.sts.common.TokenTestUtils;
-import org.apache.cxf.systest.sts.deployment.STSServer;
-import org.apache.cxf.systest.sts.deployment.StaxSTSServer;
-import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
-import org.example.contract.doubleit.DoubleItPortType;
-import org.junit.BeforeClass;
-import org.junit.runner.RunWith;
-import org.junit.runners.Parameterized.Parameters;
-
-/**
- * In this test, a CXF client requests a SAML2 HOK Assertion from the STS, which has a policy
of requiring
- * a KerberosToken over the TransportBinding. The CXF client retrieves a service ticket from
the KDC and
- * inserts it into the security header of the request. The STS validates the ticket using
the 
- * KerberosTokenValidator.
- * 
- * The tests are @Ignored by default, as a KDC is needed. To replicate the test scenario,
set up a KDC with 
- * user principal "alice" (keytab in "/etc/alice.keytab"), and host service "bob@service.ws.apache.org"

- * (keytab in "/etc/bob.keytab").
- */
-@RunWith(value = org.junit.runners.Parameterized.class)
-@org.junit.Ignore
-public class KerberosTokenTest extends AbstractBusClientServerTestBase {
-    
-    static final String STSPORT = allocatePort(STSServer.class);
-    static final String STAX_STSPORT = allocatePort(StaxSTSServer.class);
-    
-    private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
-    private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
-
-    private static final String PORT = allocatePort(Server.class);
-    
-    final TestParam test;
-    
-    public KerberosTokenTest(TestParam type) {
-        this.test = type;
-    }
-    
-    @BeforeClass
-    public static void startServers() throws Exception {
-        assertTrue(
-                   "Server failed to launch",
-                   // run the server in the same process
-                   // set this to false to fork
-                   launchServer(Server.class, true)
-        );
-        assertTrue(
-                   "Server failed to launch",
-                   // run the server in the same process
-                   // set this to false to fork
-                   launchServer(STSServer.class, true)
-        );
-        assertTrue(
-                   "Server failed to launch",
-                   // run the server in the same process
-                   // set this to false to fork
-                   launchServer(StaxSTSServer.class, true)
-        );
-    }
-    
-    @Parameters(name = "{0}")
-    public static Collection<TestParam[]> data() {
-       
-        return Arrays.asList(new TestParam[][] {{new TestParam(PORT, false, STSPORT)},
-                                                {new TestParam(PORT, true, STSPORT)},
-                                                {new TestParam(PORT, false, STAX_STSPORT)},
-                                                {new TestParam(PORT, true, STAX_STSPORT)},
-        });
-    }
-    
-    @org.junit.AfterClass
-    public static void cleanup() throws Exception {
-        SecurityTestUtil.cleanup();
-        stopAllServers();
-    }
-
-    @org.junit.Test
-    public void testKerberosToken() throws Exception {
-
-        SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = KerberosTokenTest.class.getResource("cxf-client.xml");
-
-        Bus bus = bf.createBus(busFile.toString());
-        SpringBusFactory.setDefaultBus(bus);
-        SpringBusFactory.setThreadDefaultBus(bus);
-        
-        URL wsdl = KerberosTokenTest.class.getResource("DoubleIt.wsdl");
-        Service service = Service.create(wsdl, SERVICE_QNAME);
-        QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2Port");
-        DoubleItPortType transportSaml2Port = 
-            service.getPort(portQName, DoubleItPortType.class);
-        updateAddressPort(transportSaml2Port, test.getPort());
-        
-        TokenTestUtils.updateSTSPort((BindingProvider)transportSaml2Port, test.getStsPort());
-
-        doubleIt(transportSaml2Port, 25);
-        
-        ((java.io.Closeable)transportSaml2Port).close();
-        bus.shutdown(true);
-    }
-    
-    private static void doubleIt(DoubleItPortType port, int numToDouble) {
-        int resp = port.doubleIt(numToDouble);
-        assertEquals(numToDouble * 2 , resp);
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/892913e7/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/kerberos/cxf-client.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/kerberos/cxf-client.xml
b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/kerberos/cxf-client.xml
deleted file mode 100644
index f56e41c..0000000
--- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/kerberos/cxf-client.xml
+++ /dev/null
@@ -1,67 +0,0 @@
-<?xml version="1.0"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
- 
- http://www.apache.org/licenses/LICENSE-2.0
- 
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:cxf="http://cxf.apache.org/core" xmlns:http="http://cxf.apache.org/transports/http/configuration"
xmlns:sec="http://cxf.apache.org/configuration/security" xsi:schemaLocation=" http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://cxf.apache.org/core
http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd
http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
-    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
-    <cxf:bus>
-        <cxf:features>
-            <cxf:logging/>
-        </cxf:features>
-    </cxf:bus>
-    <bean class="org.apache.cxf.ws.security.kerberos.KerberosClient" id="kerberosClient">
-        <constructor-arg ref="cxf"/>
-        <property name="contextName" value="alice"/>
-        <property name="serviceName" value="bob@service.ws.apache.org"/>
-    </bean>
-    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2Port"
createdFromAPI="true">
-        <jaxws:properties>
-            <entry key="ws-security.username" value="myclientkey"/>
-            <entry key="ws-security.signature.properties" value="clientKeystore.properties"/>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
-            <entry key="ws-security.sts.client">
-                <bean class="org.apache.cxf.ws.security.trust.STSClient">
-                    <constructor-arg ref="cxf"/>
-                    <property name="wsdlLocation" value="https://localhost:${testutil.ports.STSServer}/SecurityTokenService/Kerberos?wsdl"/>
-                    <property name="serviceName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"/>
-                    <property name="endpointName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Kerberos_Port"/>
-                    <property name="properties">
-                        <map>
-                            <entry key="ws-security.username" value="alice"/>
-                            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
-                            <entry key="ws-security.sts.token.username" value="myclientkey"/>
-                            <entry key="ws-security.sts.token.properties" value="clientKeystore.properties"/>
-                            <entry key="ws-security.sts.token.usecert" value="true"/>
-                            <entry key="ws-security.kerberos.client" value-ref="kerberosClient"/>
-                        </map>
-                    </property>
-                </bean>
-            </entry>
-        </jaxws:properties>
-    </jaxws:client>
-    <http:conduit name="https://localhost:.*">
-        <http:tlsClientParameters disableCNCheck="true">
-            <sec:trustManagers>
-                <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
-            </sec:trustManagers>
-            <sec:keyManagers keyPassword="skpass">
-                <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
-            </sec:keyManagers>
-        </http:tlsClientParameters>
-    </http:conduit>
-</beans>

http://git-wip-us.apache.org/repos/asf/cxf/blob/892913e7/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/kerberos/KerberosTokenTest.java
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/kerberos/KerberosTokenTest.java
b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/kerberos/KerberosTokenTest.java
index f9b8468..ccac694 100644
--- a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/kerberos/KerberosTokenTest.java
+++ b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/kerberos/KerberosTokenTest.java
@@ -48,6 +48,7 @@ import org.apache.directory.server.core.integ.FrameworkRunner;
 import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
 import org.apache.wss4j.dom.WSSConfig;
 import org.example.contract.doubleit.DoubleItPortType;
+import org.junit.Assert;
 import org.junit.BeforeClass;
 import org.junit.runner.RunWith;
 
@@ -133,7 +134,6 @@ public class KerberosTokenTest extends AbstractLdapTestUnit {
         outputStream.close();
         
         System.setProperty("java.security.krb5.conf", f2.getPath());
-        System.setProperty("sun.security.krb5.debug", "false");
     }
     
     @BeforeClass
@@ -153,7 +153,7 @@ public class KerberosTokenTest extends AbstractLdapTestUnit {
                 basedir += "/..";
             }
 
-            System.setProperty("sun.security.krb5.debug", "true");
+            // System.setProperty("sun.security.krb5.debug", "true");
             System.setProperty("java.security.auth.login.config", 
                                basedir + "/kerberos/src/test/resources/kerberos.jaas");
             
@@ -449,7 +449,7 @@ public class KerberosTokenTest extends AbstractLdapTestUnit {
             SecurityTestUtil.enableStreaming(kerberosPort);
         }
         
-        kerberosPort.doubleIt(25);
+        Assert.assertEquals(50, kerberosPort.doubleIt(25));
         
         ((java.io.Closeable)kerberosPort).close();
         bus.shutdown(true);
@@ -479,7 +479,7 @@ public class KerberosTokenTest extends AbstractLdapTestUnit {
             SecurityTestUtil.enableStreaming(kerberosPort);
         }
         
-        kerberosPort.doubleIt(25);
+        Assert.assertEquals(50, kerberosPort.doubleIt(25));
         
         ((java.io.Closeable)kerberosPort).close();
         bus.shutdown(true);

http://git-wip-us.apache.org/repos/asf/cxf/blob/892913e7/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/SpnegoTokenTest.java
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/SpnegoTokenTest.java
b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/SpnegoTokenTest.java
index 37394eb..6003d40 100644
--- a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/SpnegoTokenTest.java
+++ b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/SpnegoTokenTest.java
@@ -45,6 +45,7 @@ import org.apache.directory.server.core.integ.FrameworkRunner;
 import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
 import org.apache.wss4j.dom.WSSConfig;
 import org.example.contract.doubleit.DoubleItPortType;
+import org.junit.Assert;
 import org.junit.BeforeClass;
 import org.junit.runner.RunWith;
 
@@ -126,7 +127,6 @@ public class SpnegoTokenTest extends AbstractLdapTestUnit {
         outputStream.close();
         
         System.setProperty("java.security.krb5.conf", f2.getPath());
-        System.setProperty("sun.security.krb5.debug", "false");
     }
     
     @BeforeClass
@@ -145,7 +145,7 @@ public class SpnegoTokenTest extends AbstractLdapTestUnit {
                 basedir += "/..";
             }
 
-            System.setProperty("sun.security.krb5.debug", "true");
+            // System.setProperty("sun.security.krb5.debug", "true");
             System.setProperty("java.security.auth.login.config", 
                                basedir + "/kerberos/src/test/resources/kerberos.jaas");
             
@@ -261,7 +261,7 @@ public class SpnegoTokenTest extends AbstractLdapTestUnit {
             SecurityTestUtil.enableStreaming(kerberosPort);
         }
         
-        kerberosPort.doubleIt(25);
+        Assert.assertEquals(50, kerberosPort.doubleIt(25));
         
         ((java.io.Closeable)kerberosPort).close();
         bus.shutdown(true);


Mime
View raw message