Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 4059618029 for ; Mon, 8 Feb 2016 16:40:43 +0000 (UTC) Received: (qmail 24785 invoked by uid 500); 8 Feb 2016 16:40:43 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 24714 invoked by uid 500); 8 Feb 2016 16:40:43 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 24464 invoked by uid 99); 8 Feb 2016 16:40:43 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 08 Feb 2016 16:40:43 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id EA6A5E0946; Mon, 8 Feb 2016 16:40:42 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: coheigea@apache.org To: commits@cxf.apache.org Date: Mon, 08 Feb 2016 16:40:44 -0000 Message-Id: In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [3/6] cxf git commit: Adding claims test Adding claims test Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/bc025f0f Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/bc025f0f Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/bc025f0f Branch: refs/heads/3.1.x-fixes Commit: bc025f0fe4acf7191430230080318346272543e1 Parents: 01956cc Author: Colm O hEigeartaigh Authored: Mon Feb 8 12:17:57 2016 +0000 Committer: Colm O hEigeartaigh Committed: Mon Feb 8 16:35:17 2016 +0000 ---------------------------------------------------------------------- .../cxf/systest/sts/rest/RESTUnitTest.java | 65 ++++++++++++++++++++ 1 file changed, 65 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/bc025f0f/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java index e0ed538..65c0cf3 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/RESTUnitTest.java @@ -31,6 +31,9 @@ import org.w3c.dom.Element; import org.apache.cxf.Bus; import org.apache.cxf.bus.spring.SpringBusFactory; import org.apache.cxf.jaxrs.client.WebClient; +import org.apache.cxf.rt.security.claims.Claim; +import org.apache.cxf.rt.security.claims.ClaimCollection; +import org.apache.cxf.rt.security.saml.utils.SAMLUtils; import org.apache.cxf.systest.sts.common.SecurityTestUtil; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType; @@ -329,6 +332,68 @@ public class RESTUnitTest extends AbstractBusClientServerTestBase { } @org.junit.Test + public void testIssueSAML2TokenClaims() throws Exception { + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = RESTUnitTest.class.getResource("cxf-client.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token"; + WebClient client = WebClient.create(address, busFile.toString()); + + client.type("application/xml").accept("application/xml"); + client.path("saml2.0"); + + // First check that the role isn't usually in the generated token + + Response response = client.get(); + Document assertionDoc = response.readEntity(Document.class); + assertNotNull(assertionDoc); + + // Process the token + List results = processToken(assertionDoc.getDocumentElement()); + + assertTrue(results != null && results.size() == 1); + SamlAssertionWrapper assertion = + (SamlAssertionWrapper)results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION); + assertTrue(assertion != null); + assertTrue(assertion.getSaml2() != null && assertion.getSaml1() == null); + assertTrue(assertion.isSigned()); + + ClaimCollection claims = SAMLUtils.getClaims(assertion); + assertEquals(1, claims.size()); + Claim claim = claims.get(0); + String role = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; + assertNotEquals(claim.getClaimType().toString(), role); + + // Now get another token specifying the role + client.query("claim", role); + response = client.get(); + assertionDoc = response.readEntity(Document.class); + assertNotNull(assertionDoc); + + // Process the token + results = processToken(assertionDoc.getDocumentElement()); + + assertTrue(results != null && results.size() == 1); + assertion = + (SamlAssertionWrapper)results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION); + assertTrue(assertion != null); + assertTrue(assertion.getSaml2() != null && assertion.getSaml1() == null); + assertTrue(assertion.isSigned()); + + claims = SAMLUtils.getClaims(assertion); + assertEquals(1, claims.size()); + claim = claims.get(0); + assertEquals(claim.getClaimType().toString(), role); + assertEquals("ordinary-user", claim.getValues().get(0)); + + bus.shutdown(true); + } + + @org.junit.Test @org.junit.Ignore public void testIssueJWTToken() throws Exception { SpringBusFactory bf = new SpringBusFactory();