Return-Path: 
 <commits-return-39306-apmail-cxf-commits-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-commits-archive@www.apache.org
Delivered-To: apmail-cxf-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id C1A21186F2
	for <apmail-cxf-commits-archive@www.apache.org>;
 Thu, 26 Nov 2015 15:02:15 +0000 (UTC)
Received: (qmail 65288 invoked by uid 500); 26 Nov 2015 15:01:56 -0000
Delivered-To: apmail-cxf-commits-archive@cxf.apache.org
Received: (qmail 65229 invoked by uid 500); 26 Nov 2015 15:01:56 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 65192 invoked by uid 99); 26 Nov 2015 15:01:56 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org)
 (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 26 Nov 2015 15:01:56 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at
 git1-us-west.apache.org, from userid 33)
	id 7A4BAE2C33; Thu, 26 Nov 2015 15:01:56 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: coheigea@apache.org
To: commits@cxf.apache.org
Message-Id: <9ceb1f7774a9483ca2fe06bd6d9cb4f9@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: cxf git commit: Adding more SAML/JMS tests
Date: Thu, 26 Nov 2015 15:01:56 +0000 (UTC)

Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes ac40bcfa8 -> 365cbd07b


Adding more SAML/JMS tests


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/365cbd07
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/365cbd07
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/365cbd07

Branch: refs/heads/3.1.x-fixes
Commit: 365cbd07b67cdae4dd29089c1d9bd04fe6a76ed8
Parents: ac40bcf
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Nov 26 14:53:53 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Nov 26 14:56:56 2015 +0000

----------------------------------------------------------------------
 .../systest/jms/security/JMSWSSecurityTest.java | 122 ++++++++++++++++++-
 1 file changed, 121 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/365cbd07/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/JMSWSSecurityTest.java
----------------------------------------------------------------------
diff --git a/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/JMSWSSecurityTest.java b/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/JMSWSSecurityTest.java
index fc8ffb2..cfaf711 100644
--- a/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/JMSWSSecurityTest.java
+++ b/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/JMSWSSecurityTest.java
@@ -26,6 +26,7 @@ import java.util.List;
 import java.util.Map;
 
 import javax.xml.namespace.QName;
+import javax.xml.ws.soap.SOAPFaultException;
 
 import org.apache.cxf.BusFactory;
 import org.apache.cxf.endpoint.Client;
@@ -112,7 +113,7 @@ public class JMSWSSecurityTest extends AbstractBusClientServerTestBase {
     }
     
     @Test
-    public void testUnsignedSAML2AudienceRestrictionToken() throws Exception {
+    public void testUnsignedSAML2AudienceRestrictionTokenURI() throws Exception {
         QName serviceName = new QName("http://cxf.apache.org/hello_world_jms", "HelloWorldService");
         QName portName = new QName("http://cxf.apache.org/hello_world_jms", "HelloWorldPort");
         URL wsdl = getWSDLURL("/wsdl/jms_test.wsdl");
@@ -150,5 +151,124 @@ public class JMSWSSecurityTest extends AbstractBusClientServerTestBase {
         ((java.io.Closeable)greeter).close();
     }
     
+    @Test
+    public void testUnsignedSAML2AudienceRestrictionTokenBadURI() throws Exception {
+        QName serviceName = new QName("http://cxf.apache.org/hello_world_jms", "HelloWorldService");
+        QName portName = new QName("http://cxf.apache.org/hello_world_jms", "HelloWorldPort");
+        URL wsdl = getWSDLURL("/wsdl/jms_test.wsdl");
+        HelloWorldService service = new HelloWorldService(wsdl, serviceName);
+
+        HelloWorldPortType greeter = service.getPort(portName, HelloWorldPortType.class);
+        
+        SamlCallbackHandler callbackHandler = new SamlCallbackHandler();
+        callbackHandler.setSignAssertion(true);
+        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
+        
+        ConditionsBean conditions = new ConditionsBean();
+        conditions.setTokenPeriodMinutes(5);
+        List<String> audiences = new ArrayList<>();
+        audiences.add("jms:jndi:dynamicQueues/test.jmstransport.text.bad");
+        AudienceRestrictionBean audienceRestrictionBean = new AudienceRestrictionBean();
+        audienceRestrictionBean.setAudienceURIs(audiences);
+        conditions.setAudienceRestrictions(Collections.singletonList(audienceRestrictionBean));
+        
+        callbackHandler.setConditions(conditions);
+        
+        Map<String, Object> outProperties = new HashMap<String, Object>();
+        outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_UNSIGNED);
+        outProperties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler);
+        
+        WSS4JOutInterceptor outInterceptor = new WSS4JOutInterceptor(outProperties);
+        Client client = ClientProxy.getClient(greeter);
+        client.getOutInterceptors().add(outInterceptor);
+        
+        try {
+            greeter.sayHi();
+            fail("Failure expected on a bad audience restriction");
+        } catch (SOAPFaultException ex) {
+            // expected
+        }
+
+        ((java.io.Closeable)greeter).close();
+    }
+    
+    @Test
+    public void testUnsignedSAML2AudienceRestrictionTokenServiceName() throws Exception {
+        QName serviceName = new QName("http://cxf.apache.org/hello_world_jms", "HelloWorldService");
+        QName portName = new QName("http://cxf.apache.org/hello_world_jms", "HelloWorldPort");
+        URL wsdl = getWSDLURL("/wsdl/jms_test.wsdl");
+        HelloWorldService service = new HelloWorldService(wsdl, serviceName);
 
+        String response = new String("Bonjour");
+        HelloWorldPortType greeter = service.getPort(portName, HelloWorldPortType.class);
+        
+        SamlCallbackHandler callbackHandler = new SamlCallbackHandler();
+        callbackHandler.setSignAssertion(true);
+        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
+        
+        ConditionsBean conditions = new ConditionsBean();
+        conditions.setTokenPeriodMinutes(5);
+        List<String> audiences = new ArrayList<>();
+        audiences.add("{http://cxf.apache.org/hello_world_jms}HelloWorldService");
+        AudienceRestrictionBean audienceRestrictionBean = new AudienceRestrictionBean();
+        audienceRestrictionBean.setAudienceURIs(audiences);
+        conditions.setAudienceRestrictions(Collections.singletonList(audienceRestrictionBean));
+        
+        callbackHandler.setConditions(conditions);
+        
+        Map<String, Object> outProperties = new HashMap<String, Object>();
+        outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_UNSIGNED);
+        outProperties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler);
+        
+        WSS4JOutInterceptor outInterceptor = new WSS4JOutInterceptor(outProperties);
+        Client client = ClientProxy.getClient(greeter);
+        client.getOutInterceptors().add(outInterceptor);
+        
+        String reply = greeter.sayHi();
+        assertNotNull("no response received from service", reply);
+        assertEquals(response, reply);
+
+        ((java.io.Closeable)greeter).close();
+    }
+    
+    @Test
+    public void testUnsignedSAML2AudienceRestrictionTokenBadServiceName() throws Exception {
+        QName serviceName = new QName("http://cxf.apache.org/hello_world_jms", "HelloWorldService");
+        QName portName = new QName("http://cxf.apache.org/hello_world_jms", "HelloWorldPort");
+        URL wsdl = getWSDLURL("/wsdl/jms_test.wsdl");
+        HelloWorldService service = new HelloWorldService(wsdl, serviceName);
+
+        HelloWorldPortType greeter = service.getPort(portName, HelloWorldPortType.class);
+        
+        SamlCallbackHandler callbackHandler = new SamlCallbackHandler();
+        callbackHandler.setSignAssertion(true);
+        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
+        
+        ConditionsBean conditions = new ConditionsBean();
+        conditions.setTokenPeriodMinutes(5);
+        List<String> audiences = new ArrayList<>();
+        audiences.add("{http://cxf.apache.org/hello_world_jms}BadHelloWorldService");
+        AudienceRestrictionBean audienceRestrictionBean = new AudienceRestrictionBean();
+        audienceRestrictionBean.setAudienceURIs(audiences);
+        conditions.setAudienceRestrictions(Collections.singletonList(audienceRestrictionBean));
+        
+        callbackHandler.setConditions(conditions);
+        
+        Map<String, Object> outProperties = new HashMap<String, Object>();
+        outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_UNSIGNED);
+        outProperties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler);
+        
+        WSS4JOutInterceptor outInterceptor = new WSS4JOutInterceptor(outProperties);
+        Client client = ClientProxy.getClient(greeter);
+        client.getOutInterceptors().add(outInterceptor);
+        
+        try {
+            greeter.sayHi();
+            fail("Failure expected on a bad audience restriction");
+        } catch (SOAPFaultException ex) {
+            // expected
+        }
+
+        ((java.io.Closeable)greeter).close();
+    }
 }