cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: Moving LDAP tests to new integration module + re-enabling
Date Fri, 05 Dec 2014 14:15:34 GMT
Repository: cxf
Updated Branches:
  refs/heads/master d611a7a4b -> 7bf10fc3f


Moving LDAP tests to new integration module + re-enabling


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7bf10fc3
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7bf10fc3
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7bf10fc3

Branch: refs/heads/master
Commit: 7bf10fc3fb018d533409cc444c2d7b75144b9e23
Parents: d611a7a
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Dec 5 14:10:15 2014 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Dec 5 14:10:44 2014 +0000

----------------------------------------------------------------------
 .../org/apache/cxf/sts/ldap/LDAPClaimsTest.java | 337 ------------------
 .../sts-core/src/test/resources/ldap.properties |  21 --
 .../sts/sts-core/src/test/resources/ldap.xml    |  52 ---
 systests/kerberos/pom.xml                       |  13 +
 .../systest/kerberos/ldap/LDAPClaimsTest.java   | 346 +++++++++++++++++++
 systests/kerberos/src/test/resources/ldap.ldif  |  73 ++++
 .../kerberos/src/test/resources/ldap.properties |  21 ++
 systests/kerberos/src/test/resources/ldap.xml   |  52 +++
 8 files changed, 505 insertions(+), 410 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/7bf10fc3/services/sts/sts-core/src/test/java/org/apache/cxf/sts/ldap/LDAPClaimsTest.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/ldap/LDAPClaimsTest.java
b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/ldap/LDAPClaimsTest.java
deleted file mode 100644
index f302c0a..0000000
--- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/ldap/LDAPClaimsTest.java
+++ /dev/null
@@ -1,337 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.sts.ldap;
-
-import java.io.InputStream;
-import java.net.URI;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-
-import javax.naming.NamingEnumeration;
-import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.SearchControls;
-
-import org.apache.cxf.helpers.CastUtils;
-import org.apache.cxf.rt.security.claims.Claim;
-import org.apache.cxf.rt.security.claims.ClaimCollection;
-import org.apache.cxf.sts.claims.ClaimTypes;
-import org.apache.cxf.sts.claims.ClaimsParameters;
-import org.apache.cxf.sts.claims.LdapClaimsHandler;
-import org.apache.cxf.sts.claims.ProcessedClaim;
-import org.apache.cxf.sts.claims.ProcessedClaimCollection;
-import org.apache.cxf.ws.security.sts.provider.STSException;
-import org.apache.wss4j.common.principal.CustomTokenPrincipal;
-import org.junit.BeforeClass;
-import org.springframework.context.support.ClassPathXmlApplicationContext;
-import org.springframework.ldap.core.AttributesMapper;
-import org.springframework.ldap.core.LdapTemplate;
-import org.springframework.ldap.filter.AndFilter;
-import org.springframework.ldap.filter.EqualsFilter;
-import org.springframework.util.Assert;
-
-public class LDAPClaimsTest {
-
-    private static ClassPathXmlApplicationContext appContext;
-    private static Properties props;
-
-    @BeforeClass
-    public static void setUpLdap() throws Exception {
-        appContext = new ClassPathXmlApplicationContext("ldap.xml");
-        props = new Properties();
-
-        InputStream is = null;
-        try {
-            is = LDAPClaimsTest.class.getResourceAsStream("/ldap.properties");
-            props.load(is);
-        } catch (Exception e) {
-            e.printStackTrace();
-        } finally {
-            if (is != null) {
-                is.close();
-            }
-        }
-    }
-
-
-    @org.junit.Test
-    @org.junit.Ignore
-    public void testRetrieveClaims() throws Exception {
-        LdapClaimsHandler claimsHandler = (LdapClaimsHandler)appContext.getBean("testClaimsHandler");
-
-        String user = props.getProperty("claimUser");
-        Assert.notNull(user, "Property 'claimUser' not configured");
-
-        ClaimCollection requestedClaims = createRequestClaimCollection();
-
-        List<URI> expectedClaims = new ArrayList<URI>();
-        expectedClaims.add(ClaimTypes.FIRSTNAME);
-        expectedClaims.add(ClaimTypes.LASTNAME);
-        expectedClaims.add(ClaimTypes.EMAILADDRESS);
-       
-        ClaimsParameters params = new ClaimsParameters();
-        params.setPrincipal(new CustomTokenPrincipal(user));
-        ProcessedClaimCollection retrievedClaims = 
-            claimsHandler.retrieveClaimValues(requestedClaims, params);
-
-        Assert.isTrue(
-                      retrievedClaims.size() == expectedClaims.size(), 
-                      "Retrieved number of claims [" + retrievedClaims.size() 
-                      + "] doesn't match with expected [" + expectedClaims.size() + "]"
-        );
-
-        for (ProcessedClaim c : retrievedClaims) {
-            if (expectedClaims.contains(c.getClaimType())) {
-                expectedClaims.remove(c.getClaimType());
-            } else {
-                Assert.isTrue(false, "Claim '" + c.getClaimType() + "' not requested");
-            }
-        }
-
-    }
-
-    @org.junit.Test
-    @org.junit.Ignore
-    public void testMultiUserBaseDNs() throws Exception {
-        LdapClaimsHandler claimsHandler = (LdapClaimsHandler)appContext.getBean("testClaimsHandlerMultipleUserBaseDNs");
-
-        String user = props.getProperty("claimUser");
-        Assert.notNull(user, "Property 'claimUser' not configured");
-        String otherUser = props.getProperty("otherClaimUser");
-        Assert.notNull(otherUser, "Property 'otherClaimUser' not configured");
-
-        ClaimCollection requestedClaims = createRequestClaimCollection();
-
-        List<URI> expectedClaims = new ArrayList<URI>();
-        expectedClaims.add(ClaimTypes.FIRSTNAME);
-        expectedClaims.add(ClaimTypes.LASTNAME);
-        expectedClaims.add(ClaimTypes.EMAILADDRESS);
-       
-        // First user
-        ClaimsParameters params = new ClaimsParameters();
-        params.setPrincipal(new CustomTokenPrincipal(user));
-        ProcessedClaimCollection retrievedClaims = 
-            claimsHandler.retrieveClaimValues(requestedClaims, params);
-
-        Assert.isTrue(
-                      retrievedClaims.size() == expectedClaims.size(), 
-                      "Retrieved number of claims [" + retrievedClaims.size() 
-                      + "] doesn't match with expected [" + expectedClaims.size() + "]"
-        );
-
-        for (ProcessedClaim c : retrievedClaims) {
-            if (expectedClaims.contains(c.getClaimType())) {
-                expectedClaims.remove(c.getClaimType());
-            } else {
-                Assert.isTrue(false, "Claim '" + c.getClaimType() + "' not requested");
-            }
-        }
-        
-        // Second user
-        params.setPrincipal(new CustomTokenPrincipal(otherUser));
-        retrievedClaims = claimsHandler.retrieveClaimValues(requestedClaims, params);
-
-        expectedClaims.add(ClaimTypes.FIRSTNAME);
-        expectedClaims.add(ClaimTypes.LASTNAME);
-        expectedClaims.add(ClaimTypes.EMAILADDRESS);
-        
-        Assert.isTrue(
-                      retrievedClaims.size() == expectedClaims.size(), 
-                      "Retrieved number of claims [" + retrievedClaims.size() 
-                      + "] doesn't match with expected [" + expectedClaims.size() + "]"
-        );
-
-        for (ProcessedClaim c : retrievedClaims) {
-            if (expectedClaims.contains(c.getClaimType())) {
-                expectedClaims.remove(c.getClaimType());
-            } else {
-                Assert.isTrue(false, "Claim '" + c.getClaimType() + "' not requested");
-            }
-        }
-    }
-
-    @org.junit.Test(expected = STSException.class)
-    @org.junit.Ignore
-    public void testRetrieveClaimsWithUnsupportedMandatoryClaimType() throws Exception {
-        LdapClaimsHandler claimsHandler = (LdapClaimsHandler)appContext.getBean("testClaimsHandler");
-
-        String user = props.getProperty("claimUser");
-        Assert.notNull(user, "Property 'claimUser' not configured");
-
-        ClaimCollection requestedClaims = createRequestClaimCollection();
-        // add unsupported but mandatory claim
-        Claim claim = new Claim();
-        claim.setClaimType(ClaimTypes.GENDER);
-        claim.setOptional(false);
-        requestedClaims.add(claim);
-
-        ClaimsParameters params = new ClaimsParameters();
-        params.setPrincipal(new CustomTokenPrincipal(user));
-        claimsHandler.retrieveClaimValues(requestedClaims, params);
-    }
-
-    @org.junit.Test
-    @org.junit.Ignore
-    public void testRetrieveClaimsWithUnsupportedOptionalClaimType() throws Exception {
-        LdapClaimsHandler claimsHandler = (LdapClaimsHandler)appContext.getBean("testClaimsHandler");
-
-        String user = props.getProperty("claimUser");
-        Assert.notNull(user, "Property 'claimUser' not configured");
-
-        ClaimCollection requestedClaims = createRequestClaimCollection();
-        // add unsupported but optional unsupported claim
-        Claim claim = new Claim();
-        claim.setClaimType(ClaimTypes.GENDER);
-        claim.setOptional(true);
-        requestedClaims.add(claim);
-
-        // Gender is not expected to be returned because not supported
-        List<URI> expectedClaims = new ArrayList<URI>();
-        expectedClaims.add(ClaimTypes.FIRSTNAME);
-        expectedClaims.add(ClaimTypes.LASTNAME);
-        expectedClaims.add(ClaimTypes.EMAILADDRESS);
-        
-        ClaimsParameters params = new ClaimsParameters();
-        params.setPrincipal(new CustomTokenPrincipal(user));
-        ProcessedClaimCollection retrievedClaims = 
-            claimsHandler.retrieveClaimValues(requestedClaims, params);
-
-        Assert.isTrue(
-                      retrievedClaims.size() == expectedClaims.size(), 
-                      "Retrieved number of claims [" + retrievedClaims.size() 
-                      + "] doesn't match with expected [" + expectedClaims.size() + "]"
-        );
-
-        for (ProcessedClaim c : retrievedClaims) {
-            if (expectedClaims.contains(c.getClaimType())) {
-                expectedClaims.remove(c.getClaimType());
-            } else {
-                Assert.isTrue(false, "Claim '" + c.getClaimType() + "' not requested");
-            }
-        }
-    }
-
-    private ClaimCollection createRequestClaimCollection() {
-        ClaimCollection claims = new ClaimCollection();
-        Claim claim = new Claim();
-        claim.setClaimType(ClaimTypes.FIRSTNAME);
-        claim.setOptional(true);
-        claims.add(claim);
-        claim = new Claim();
-        claim.setClaimType(ClaimTypes.LASTNAME);
-        claim.setOptional(true);
-        claims.add(claim);
-        claim = new Claim();
-        claim.setClaimType(ClaimTypes.EMAILADDRESS);
-        claim.setOptional(true);
-        claims.add(claim);
-        return claims;
-    }
-
-    @org.junit.Test    
-    public void testSupportedClaims() throws Exception {
-
-        Map<String, String> mapping 
-            = CastUtils.cast((Map<?, ?>)appContext.getBean("claimsToLdapAttributeMapping"));
-
-        LdapClaimsHandler cHandler = new LdapClaimsHandler();
-        cHandler.setClaimsLdapAttributeMapping(mapping);
-
-        List<URI> supportedClaims = cHandler.getSupportedClaimTypes();
-
-        Assert.isTrue(
-                      mapping.size() == supportedClaims.size(), 
-                      "Supported claims and claims/ldap attribute mapping size different"
-        );
-
-        for (String claim : mapping.keySet()) {
-            Assert.isTrue(
-                          supportedClaims.contains(new URI(claim)), 
-                          "Claim '" + claim + "' not listed in supported list"
-            );
-        }
-    }
-
-
-    @org.junit.Test
-    @org.junit.Ignore    
-    public void testLdapTemplate() throws Exception {
-
-        try {
-            LdapTemplate ldap = (LdapTemplate)appContext.getBean("ldapTemplate");
-
-            String user = props.getProperty("claimUser");
-            Assert.notNull(user, "Property 'claimUser' not configured");
-
-            String dn = null;
-
-            AndFilter filter = new AndFilter();
-            filter.and(new EqualsFilter("objectclass", "person")).and(new EqualsFilter("cn",
user));
-
-            //find DN of user
-            AttributesMapper mapper = 
-                new AttributesMapper() {
-                    public Object mapFromAttributes(Attributes attrs) throws NamingException
{
-                        return attrs.get("distinguishedName").get();
-                    }
-                };
-            @SuppressWarnings("rawtypes")
-            List users = 
-                ldap.search(
-                            "OU=users,DC=emea,DC=mycompany,DC=com", 
-                            filter.toString(), 
-                            SearchControls.SUBTREE_SCOPE,
-                            mapper
-                );
-
-            Assert.isTrue(users.size() == 1, "Only one user expected");
-            dn = (String)users.get(0);
-
-            // get attributes
-            AttributesMapper mapper2 = 
-                new AttributesMapper() {
-                    public Object mapFromAttributes(Attributes attrs) throws NamingException
{
-                        Map<String, String> map = new HashMap<String, String>();
-                        NamingEnumeration<? extends Attribute> attrEnum = attrs.getAll();
-                        while (attrEnum.hasMore()) {
-                            Attribute att = attrEnum.next();
-                            System.out.println(att.toString());
-                        }
-    
-                        map.put("cn", (String)attrs.get("cn").get());
-                        map.put("mail", (String)attrs.get("mail").get());
-                        map.put("sn", (String)attrs.get("sn").get());
-                        map.put("givenName", (String)attrs.get("givenName").get());
-                        return map;
-                    }
-                };
-            ldap.lookup(dn, new String[] {"cn", "mail", "sn", "givenName", "c"}, mapper2);
-        } catch (Exception e) {
-            e.printStackTrace();
-        }
-
-
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/7bf10fc3/services/sts/sts-core/src/test/resources/ldap.properties
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/resources/ldap.properties b/services/sts/sts-core/src/test/resources/ldap.properties
deleted file mode 100644
index 7ca488b..0000000
--- a/services/sts/sts-core/src/test/resources/ldap.properties
+++ /dev/null
@@ -1,21 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
-claimUser=alice
-otherClaimUser=bob
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/7bf10fc3/services/sts/sts-core/src/test/resources/ldap.xml
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/test/resources/ldap.xml b/services/sts/sts-core/src/test/resources/ldap.xml
deleted file mode 100644
index 1d395f8..0000000
--- a/services/sts/sts-core/src/test/resources/ldap.xml
+++ /dev/null
@@ -1,52 +0,0 @@
-<?xml version="1.0"?>
-<!--
-
-    Licensed to the Apache Software Foundation (ASF) under one
-    or more contributor license agreements. See the NOTICE file
-    distributed with this work for additional information
-    regarding copyright ownership. The ASF licenses this file
-    to you under the Apache License, Version 2.0 (the
-    "License"); you may not use this file except in compliance
-    with the License. You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-    Unless required by applicable law or agreed to in writing,
-    software distributed under the License is distributed on an
-    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-    KIND, either express or implied. See the License for the
-    specific language governing permissions and limitations
-    under the License.
-
--->
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation="         http://www.springframework.org/schema/util
        http://www.springframework.org/schema/util/spring-util-2.0.xsd          http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
-    <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
-        <property name="url" value="ldap://mycompany.com:389"/>
-        <property name="userDn" value="CN=test,OU=svcUID,OU=users,DC=emea,DC=mycompany,DC=com"/>
-        <property name="password" value="changeit"/>
-    </bean>
-    <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
-        <constructor-arg ref="contextSource"/>
-    </bean>
-    <util:map id="claimsToLdapAttributeMapping">
-        <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" value="givenName"/>
-        <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" value="sn"/>
-        <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
value="mail"/>
-        <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country" value="c"/>
-    </util:map>
-    <bean id="testClaimsHandler" class="org.apache.cxf.sts.claims.LdapClaimsHandler">
-        <property name="ldapTemplate" ref="ldapTemplate" />
-        <property name="claimsLdapAttributeMapping" ref="claimsToLdapAttributeMapping"
/>
-        <property name="userBaseDN" value="OU=users,DC=emea,DC=mycompany,DC=com" />
-    </bean>
-    <bean id="testClaimsHandlerMultipleUserBaseDNs" class="org.apache.cxf.sts.claims.LdapClaimsHandler">
-        <property name="ldapTemplate" ref="ldapTemplate" />
-        <property name="claimsLdapAttributeMapping" ref="claimsToLdapAttributeMapping"
/>
-        <property name="userBaseDNs">
-            <list>
-                <value>OU=users,DC=emea,DC=mycompany,DC=com</value>
-                <value>OU=other-users,DC=emea,DC=mycompany,DC=com</value>
-            </list>
-        </property>
-    </bean>
-</beans>

http://git-wip-us.apache.org/repos/asf/cxf/blob/7bf10fc3/systests/kerberos/pom.xml
----------------------------------------------------------------------
diff --git a/systests/kerberos/pom.xml b/systests/kerberos/pom.xml
index 719af69..07aeac6 100644
--- a/systests/kerberos/pom.xml
+++ b/systests/kerberos/pom.xml
@@ -281,6 +281,19 @@
             <version>2.4</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.ldap</groupId>
+            <artifactId>spring-ldap-core</artifactId>
+            <version>${cxf.spring.ldap.version}</version>
+            <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>commons-logging</groupId>
+                    <artifactId>commons-logging</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
     </dependencies>
     <profiles>
         <profile>

http://git-wip-us.apache.org/repos/asf/cxf/blob/7bf10fc3/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java
b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java
new file mode 100644
index 0000000..a29d581
--- /dev/null
+++ b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java
@@ -0,0 +1,346 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.kerberos.ldap;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.InputStream;
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.cxf.helpers.CastUtils;
+import org.apache.cxf.rt.security.claims.Claim;
+import org.apache.cxf.rt.security.claims.ClaimCollection;
+import org.apache.cxf.sts.claims.ClaimTypes;
+import org.apache.cxf.sts.claims.ClaimsParameters;
+import org.apache.cxf.sts.claims.LdapClaimsHandler;
+import org.apache.cxf.sts.claims.ProcessedClaim;
+import org.apache.cxf.sts.claims.ProcessedClaimCollection;
+import org.apache.cxf.ws.security.sts.provider.STSException;
+import org.apache.directory.server.annotations.CreateLdapServer;
+import org.apache.directory.server.annotations.CreateTransport;
+import org.apache.directory.server.core.annotations.ApplyLdifFiles;
+import org.apache.directory.server.core.annotations.CreateDS;
+import org.apache.directory.server.core.annotations.CreateIndex;
+import org.apache.directory.server.core.annotations.CreatePartition;
+import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
+import org.apache.directory.server.core.integ.FrameworkRunner;
+import org.apache.wss4j.common.principal.CustomTokenPrincipal;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.runner.RunWith;
+import org.springframework.context.support.ClassPathXmlApplicationContext;
+import org.springframework.util.Assert;
+
+@RunWith(FrameworkRunner.class)
+
+//Define the DirectoryService
+@CreateDS(name = "LDAPClaimsTest-class",
+  enableAccessControl = false,
+  allowAnonAccess = false,
+  enableChangeLog = true,
+  partitions = {
+        @CreatePartition(
+            name = "example",
+            suffix = "dc=example,dc=com",
+            indexes = {
+                @CreateIndex(attribute = "objectClass"),
+                @CreateIndex(attribute = "dc"),
+                @CreateIndex(attribute = "ou")
+            }
+        ) }
+)
+
+@CreateLdapServer(
+  transports = {
+        @CreateTransport(protocol = "LDAP")
+        }
+)
+
+//Inject an file containing entries
+@ApplyLdifFiles("ldap.ldif")
+
+public class LDAPClaimsTest extends AbstractLdapTestUnit {
+
+    private static Properties props;
+    private static boolean portUpdated;
+    
+    private ClassPathXmlApplicationContext appContext;
+    
+    @BeforeClass
+    public static void startServers() throws Exception {
+        props = new Properties();
+
+        InputStream is = null;
+        try {
+            is = LDAPClaimsTest.class.getResourceAsStream("/ldap.properties");
+            props.load(is);
+        } catch (Exception e) {
+            e.printStackTrace();
+        } finally {
+            if (is != null) {
+                is.close();
+            }
+        }
+    }
+
+    @Before
+    public void updatePort() throws Exception {
+        if (!portUpdated) {
+            String basedir = System.getProperty("basedir");
+            if (basedir == null) {
+                basedir = new File(".").getCanonicalPath();
+            }
+            
+            // Read in ldap.xml and substitute in the correct port
+            File f = new File(basedir + "/src/test/resources/ldap.xml");
+            
+            FileInputStream inputStream = new FileInputStream(f);
+            String content = IOUtils.toString(inputStream, "UTF-8");
+            inputStream.close();
+            content = content.replaceAll("portno", "" + super.getLdapServer().getPort());
+            
+            File f2 = new File(basedir + "/target/test-classes/ldapport.xml");
+            FileOutputStream outputStream = new FileOutputStream(f2);
+            IOUtils.write(content, outputStream, "UTF-8");
+            outputStream.close();
+            
+            portUpdated = true;
+        }
+        
+        appContext = new ClassPathXmlApplicationContext("ldapport.xml");
+    }
+
+    @org.junit.Test
+    public void testRetrieveClaims() throws Exception {
+        LdapClaimsHandler claimsHandler = (LdapClaimsHandler)appContext.getBean("testClaimsHandler");
+
+        String user = props.getProperty("claimUser");
+        Assert.notNull(user, "Property 'claimUser' not configured");
+
+        ClaimCollection requestedClaims = createRequestClaimCollection();
+
+        List<URI> expectedClaims = new ArrayList<URI>();
+        expectedClaims.add(ClaimTypes.FIRSTNAME);
+        expectedClaims.add(ClaimTypes.LASTNAME);
+        expectedClaims.add(ClaimTypes.EMAILADDRESS);
+       
+        ClaimsParameters params = new ClaimsParameters();
+        params.setPrincipal(new CustomTokenPrincipal(user));
+        ProcessedClaimCollection retrievedClaims = 
+            claimsHandler.retrieveClaimValues(requestedClaims, params);
+
+        Assert.isTrue(
+                      retrievedClaims.size() == expectedClaims.size(), 
+                      "Retrieved number of claims [" + retrievedClaims.size() 
+                      + "] doesn't match with expected [" + expectedClaims.size() + "]"
+        );
+
+        for (ProcessedClaim c : retrievedClaims) {
+            if (expectedClaims.contains(c.getClaimType())) {
+                expectedClaims.remove(c.getClaimType());
+            } else {
+                Assert.isTrue(false, "Claim '" + c.getClaimType() + "' not requested");
+            }
+        }
+    }
+
+    @org.junit.Test
+    public void testMultiUserBaseDNs() throws Exception {
+        LdapClaimsHandler claimsHandler = (LdapClaimsHandler)appContext.getBean("testClaimsHandlerMultipleUserBaseDNs");
+
+        String user = props.getProperty("claimUser");
+        Assert.notNull(user, "Property 'claimUser' not configured");
+        String otherUser = props.getProperty("otherClaimUser");
+        Assert.notNull(otherUser, "Property 'otherClaimUser' not configured");
+
+        ClaimCollection requestedClaims = createRequestClaimCollection();
+
+        List<URI> expectedClaims = new ArrayList<URI>();
+        expectedClaims.add(ClaimTypes.FIRSTNAME);
+        expectedClaims.add(ClaimTypes.LASTNAME);
+        expectedClaims.add(ClaimTypes.EMAILADDRESS);
+       
+        // First user
+        ClaimsParameters params = new ClaimsParameters();
+        params.setPrincipal(new CustomTokenPrincipal(user));
+        ProcessedClaimCollection retrievedClaims = 
+            claimsHandler.retrieveClaimValues(requestedClaims, params);
+
+        Assert.isTrue(
+                      retrievedClaims.size() == expectedClaims.size(), 
+                      "Retrieved number of claims [" + retrievedClaims.size() 
+                      + "] doesn't match with expected [" + expectedClaims.size() + "]"
+        );
+
+        for (ProcessedClaim c : retrievedClaims) {
+            if (expectedClaims.contains(c.getClaimType())) {
+                expectedClaims.remove(c.getClaimType());
+            } else {
+                Assert.isTrue(false, "Claim '" + c.getClaimType() + "' not requested");
+            }
+        }
+        
+        // Second user
+        params.setPrincipal(new CustomTokenPrincipal(otherUser));
+        retrievedClaims = claimsHandler.retrieveClaimValues(requestedClaims, params);
+
+        expectedClaims.add(ClaimTypes.FIRSTNAME);
+        expectedClaims.add(ClaimTypes.LASTNAME);
+        expectedClaims.add(ClaimTypes.EMAILADDRESS);
+        
+        Assert.isTrue(
+                      retrievedClaims.size() == expectedClaims.size(), 
+                      "Retrieved number of claims [" + retrievedClaims.size() 
+                      + "] doesn't match with expected [" + expectedClaims.size() + "]"
+        );
+
+        for (ProcessedClaim c : retrievedClaims) {
+            if (expectedClaims.contains(c.getClaimType())) {
+                expectedClaims.remove(c.getClaimType());
+            } else {
+                Assert.isTrue(false, "Claim '" + c.getClaimType() + "' not requested");
+            }
+        }
+    }
+
+    @org.junit.Test(expected = STSException.class)
+    public void testRetrieveClaimsWithUnsupportedMandatoryClaimType() throws Exception {
+        LdapClaimsHandler claimsHandler = (LdapClaimsHandler)appContext.getBean("testClaimsHandler");
+
+        String user = props.getProperty("claimUser");
+        Assert.notNull(user, "Property 'claimUser' not configured");
+
+        ClaimCollection requestedClaims = createRequestClaimCollection();
+        // add unsupported but mandatory claim
+        Claim claim = new Claim();
+        claim.setClaimType(ClaimTypes.GENDER);
+        claim.setOptional(false);
+        requestedClaims.add(claim);
+
+        ClaimsParameters params = new ClaimsParameters();
+        params.setPrincipal(new CustomTokenPrincipal(user));
+        ProcessedClaimCollection processedClaim = 
+            claimsHandler.retrieveClaimValues(requestedClaims, params);
+        
+        for (Claim requestedClaim : requestedClaims) {
+            URI claimType = requestedClaim.getClaimType();
+            boolean found = false;
+            if (!requestedClaim.isOptional()) {
+                for (ProcessedClaim c : processedClaim) {
+                    if (c.getClaimType().equals(claimType)) {
+                        found = true;
+                        break;
+                    }
+                }
+                if (!found) {
+                    throw new STSException("Mandatory claim '" + claim.getClaimType() + "'
not found");
+                }
+            }
+        }
+    }
+    
+    @org.junit.Test
+    public void testRetrieveClaimsWithUnsupportedOptionalClaimType() throws Exception {
+        LdapClaimsHandler claimsHandler = (LdapClaimsHandler)appContext.getBean("testClaimsHandler");
+
+        String user = props.getProperty("claimUser");
+        Assert.notNull(user, "Property 'claimUser' not configured");
+
+        ClaimCollection requestedClaims = createRequestClaimCollection();
+        // add unsupported but optional unsupported claim
+        Claim claim = new Claim();
+        claim.setClaimType(ClaimTypes.GENDER);
+        claim.setOptional(true);
+        requestedClaims.add(claim);
+
+        // Gender is not expected to be returned because not supported
+        List<URI> expectedClaims = new ArrayList<URI>();
+        expectedClaims.add(ClaimTypes.FIRSTNAME);
+        expectedClaims.add(ClaimTypes.LASTNAME);
+        expectedClaims.add(ClaimTypes.EMAILADDRESS);
+        
+        ClaimsParameters params = new ClaimsParameters();
+        params.setPrincipal(new CustomTokenPrincipal(user));
+        ProcessedClaimCollection retrievedClaims = 
+            claimsHandler.retrieveClaimValues(requestedClaims, params);
+
+        Assert.isTrue(
+                      retrievedClaims.size() == expectedClaims.size(), 
+                      "Retrieved number of claims [" + retrievedClaims.size() 
+                      + "] doesn't match with expected [" + expectedClaims.size() + "]"
+        );
+
+        for (ProcessedClaim c : retrievedClaims) {
+            if (expectedClaims.contains(c.getClaimType())) {
+                expectedClaims.remove(c.getClaimType());
+            } else {
+                Assert.isTrue(false, "Claim '" + c.getClaimType() + "' not requested");
+            }
+        }
+    }
+    
+    @org.junit.Test    
+    public void testSupportedClaims() throws Exception {
+
+        Map<String, String> mapping 
+            = CastUtils.cast((Map<?, ?>)appContext.getBean("claimsToLdapAttributeMapping"));
+
+        LdapClaimsHandler cHandler = new LdapClaimsHandler();
+        cHandler.setClaimsLdapAttributeMapping(mapping);
+
+        List<URI> supportedClaims = cHandler.getSupportedClaimTypes();
+
+        Assert.isTrue(
+                      mapping.size() == supportedClaims.size(), 
+                      "Supported claims and claims/ldap attribute mapping size different"
+        );
+
+        for (String claim : mapping.keySet()) {
+            Assert.isTrue(
+                          supportedClaims.contains(new URI(claim)), 
+                          "Claim '" + claim + "' not listed in supported list"
+            );
+        }
+    }
+
+    private ClaimCollection createRequestClaimCollection() {
+        ClaimCollection claims = new ClaimCollection();
+        Claim claim = new Claim();
+        claim.setClaimType(ClaimTypes.FIRSTNAME);
+        claim.setOptional(true);
+        claims.add(claim);
+        claim = new Claim();
+        claim.setClaimType(ClaimTypes.LASTNAME);
+        claim.setOptional(true);
+        claims.add(claim);
+        claim = new Claim();
+        claim.setClaimType(ClaimTypes.EMAILADDRESS);
+        claim.setOptional(true);
+        claims.add(claim);
+        return claims;
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/7bf10fc3/systests/kerberos/src/test/resources/ldap.ldif
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/resources/ldap.ldif b/systests/kerberos/src/test/resources/ldap.ldif
new file mode 100644
index 0000000..bdb6a83
--- /dev/null
+++ b/systests/kerberos/src/test/resources/ldap.ldif
@@ -0,0 +1,73 @@
+dn: dc=example,dc=com
+dc: example
+objectClass: top
+objectClass: domain
+
+dn: ou=users,dc=example,dc=com
+objectClass: organizationalUnit
+objectClass: top
+ou: users
+
+dn: ou=other-users,dc=example,dc=com
+objectClass: organizationalUnit
+objectClass: top
+ou: other-users
+
+dn: ou=groups,dc=example,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: groups
+
+dn: cn=employee,ou=groups,dc=example,dc=com
+objectClass: groupOfNames
+objectClass: top
+cn: employee
+member: cn=alice,ou=users,dc=example,dc=com
+member: cn=bob,ou=other-users,dc=example,dc=com
+description: This is an employee
+
+dn: cn=boss,ou=groups,dc=example,dc=com
+objectClass: groupOfNames
+objectClass: top
+cn: boss
+member: cn=alice,ou=users,dc=example,dc=com
+description: The boss
+
+# Web server identity/service principal.
+dn: cn=bob,ou=other-users,dc=example,dc=com
+objectclass: top
+objectclass: person
+objectclass: inetOrgPerson
+objectclass: organizationalPerson
+cn: bob
+sn: green
+uid: bob
+mail: bob@users.apache.org
+givenname: bob2
+userpassword: security
+
+# User / client principal.
+dn: cn=alice,ou=users,dc=example,dc=com
+objectclass: top
+objectclass: person
+objectclass: inetOrgPerson
+objectclass: organizationalPerson
+cn: alice
+sn: smith
+uid: alice
+mail: alice@users.apache.org
+givenname: alice2
+userpassword: security
+
+dn: uid=admin,dc=example,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: system administrator
+sn: administrator
+displayName: Directory Superuser
+uid: admin
+userPassword:: e1NTSEF9c2UyV0ZiWHowL2RjSkVuTWgvOWNOZnIzUXU4YUg1R1gvM2E1OFE9P
+ Q==
+

http://git-wip-us.apache.org/repos/asf/cxf/blob/7bf10fc3/systests/kerberos/src/test/resources/ldap.properties
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/resources/ldap.properties b/systests/kerberos/src/test/resources/ldap.properties
new file mode 100644
index 0000000..7ca488b
--- /dev/null
+++ b/systests/kerberos/src/test/resources/ldap.properties
@@ -0,0 +1,21 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+claimUser=alice
+otherClaimUser=bob
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/7bf10fc3/systests/kerberos/src/test/resources/ldap.xml
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/resources/ldap.xml b/systests/kerberos/src/test/resources/ldap.xml
new file mode 100644
index 0000000..6cf0396
--- /dev/null
+++ b/systests/kerberos/src/test/resources/ldap.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0"?>
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements. See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership. The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License. You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied. See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation="         http://www.springframework.org/schema/util
        http://www.springframework.org/schema/util/spring-util-2.0.xsd          http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
+    <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
+        <property name="url" value="ldap://localhost:portno"/>
+        <property name="userDn" value="UID=admin,DC=example,DC=com"/>
+        <property name="password" value="ldap_su"/>
+    </bean>
+    <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
+        <constructor-arg ref="contextSource"/>
+    </bean>
+    <util:map id="claimsToLdapAttributeMapping">
+        <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" value="givenname"/>
+        <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" value="sn"/>
+        <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
value="mail"/>
+        <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country" value="c"/>
+    </util:map>
+    <bean id="testClaimsHandler" class="org.apache.cxf.sts.claims.LdapClaimsHandler">
+        <property name="ldapTemplate" ref="ldapTemplate" />
+        <property name="claimsLdapAttributeMapping" ref="claimsToLdapAttributeMapping"
/>
+        <property name="userBaseDN" value="OU=users,DC=example,DC=com" />
+    </bean>
+    <bean id="testClaimsHandlerMultipleUserBaseDNs" class="org.apache.cxf.sts.claims.LdapClaimsHandler">
+        <property name="ldapTemplate" ref="ldapTemplate" />
+        <property name="claimsLdapAttributeMapping" ref="claimsToLdapAttributeMapping"
/>
+        <property name="userBaseDNs">
+            <list>
+                <value>OU=users,DC=example,DC=com</value>
+                <value>OU=other-users,DC=example,DC=com</value>
+            </list>
+        </property>
+    </bean>
+</beans>


Mime
View raw message