Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id EFBBF18FBF for ; Mon, 8 Feb 2016 16:34:53 +0000 (UTC) Received: (qmail 96363 invoked by uid 500); 8 Feb 2016 16:34:44 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 96239 invoked by uid 500); 8 Feb 2016 16:34:44 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 95979 invoked by uid 99); 8 Feb 2016 16:34:44 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 08 Feb 2016 16:34:44 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id E4E56E0A1F; Mon, 8 Feb 2016 16:34:43 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: coheigea@apache.org To: commits@cxf.apache.org Date: Mon, 08 Feb 2016 16:34:48 -0000 Message-Id: <44479a8f2cb24f70984ae1d01e912435@git.apache.org> In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [6/6] cxf git commit: Adding claims test Adding claims test Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/276a6072 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/276a6072 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/276a6072 Branch: refs/heads/master Commit: 276a6072cb2f98803333eb56ed06422f682d7722 Parents: ddc0034 Author: Colm O hEigeartaigh Authored: Mon Feb 8 12:17:57 2016 +0000 Committer: Colm O hEigeartaigh Committed: Mon Feb 8 16:34:01 2016 +0000 ---------------------------------------------------------------------- .../cxf/systest/sts/rest/RESTUnitTest.java | 65 ++++++++++++++++++++ 1 file changed, 65 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/276a6072/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java index e0ed538..65c0cf3 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java @@ -31,6 +31,9 @@ import org.w3c.dom.Element; import org.apache.cxf.Bus; import org.apache.cxf.bus.spring.SpringBusFactory; import org.apache.cxf.jaxrs.client.WebClient; +import org.apache.cxf.rt.security.claims.Claim; +import org.apache.cxf.rt.security.claims.ClaimCollection; +import org.apache.cxf.rt.security.saml.utils.SAMLUtils; import org.apache.cxf.systest.sts.common.SecurityTestUtil; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType; @@ -329,6 +332,68 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase { } @org.junit.Test + public void testIssueSAML2TokenClaims() throws Exception { + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = RESTUnitTest.class.getResource("cxf-client.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token"; + WebClient client = WebClient.create(address, busFile.toString()); + + client.type("application/xml").accept("application/xml"); + client.path("saml2.0"); + + // First check that the role isn't usually in the generated token + + Response response = client.get(); + Document assertionDoc = response.readEntity(Document.class); + assertNotNull(assertionDoc); + + // Process the token + List results = processToken(assertionDoc.getDocumentElement()); + + assertTrue(results != null && results.size() == 1); + SamlAssertionWrapper assertion = + (SamlAssertionWrapper)results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION); + assertTrue(assertion != null); + assertTrue(assertion.getSaml2() != null && assertion.getSaml1() == null); + assertTrue(assertion.isSigned()); + + ClaimCollection claims = SAMLUtils.getClaims(assertion); + assertEquals(1, claims.size()); + Claim claim = claims.get(0); + String role = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; + assertNotEquals(claim.getClaimType().toString(), role); + + // Now get another token specifying the role + client.query("claim", role); + response = client.get(); + assertionDoc = response.readEntity(Document.class); + assertNotNull(assertionDoc); + + // Process the token + results = processToken(assertionDoc.getDocumentElement()); + + assertTrue(results != null && results.size() == 1); + assertion = + (SamlAssertionWrapper)results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION); + assertTrue(assertion != null); + assertTrue(assertion.getSaml2() != null && assertion.getSaml1() == null); + assertTrue(assertion.isSigned()); + + claims = SAMLUtils.getClaims(assertion); + assertEquals(1, claims.size()); + claim = claims.get(0); + assertEquals(claim.getClaimType().toString(), role); + assertEquals("ordinary-user", claim.getValues().get(0)); + + bus.shutdown(true); + } + + @org.junit.Test @org.junit.Ignore public void testIssueJWTToken() throws Exception { SpringBusFactory bf = new SpringBusFactory();