cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf-fediz git commit: Adding LDAP tests
Date Wed, 26 Oct 2016 13:40:40 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 747223b34 -> b64475085


Adding LDAP tests


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/b6447508
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/b6447508
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/b6447508

Branch: refs/heads/master
Commit: b644750857574375cac135960adf1f559948dc17
Parents: 747223b
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Oct 26 14:40:21 2016 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Oct 26 14:40:21 2016 +0100

----------------------------------------------------------------------
 .../src/main/webapp/WEB-INF/endpoints/ldap.xml  |   6 +-
 systests/ldap/pom.xml                           | 300 +++++++++++++++++++
 .../cxf/fediz/integrationtests/LDAPTest.java    | 274 +++++++++++++++++
 .../ldap/src/test/resources/clienttrust.jks     | Bin 0 -> 1512 bytes
 .../ldap/src/test/resources/fediz_config.xml    |  61 ++++
 systests/ldap/src/test/resources/ldap.jaas      |   8 +
 systests/ldap/src/test/resources/ldap.ldif      |  69 +++++
 systests/ldap/src/test/resources/server.jks     | Bin 0 -> 3859 bytes
 .../src/test/resources/sts/cxf-transport.xml    |  88 ++++++
 systests/ldap/src/test/resources/sts/ldap.xml   | 117 ++++++++
 systests/pom.xml                                |   1 +
 11 files changed, 921 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b6447508/services/sts/src/main/webapp/WEB-INF/endpoints/ldap.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/endpoints/ldap.xml b/services/sts/src/main/webapp/WEB-INF/endpoints/ldap.xml
index 8b36f86..57c5efc 100644
--- a/services/sts/src/main/webapp/WEB-INF/endpoints/ldap.xml
+++ b/services/sts/src/main/webapp/WEB-INF/endpoints/ldap.xml
@@ -37,8 +37,8 @@
     <bean id="contextSource"
         class="org.springframework.ldap.core.support.LdapContextSource">
         <property name="url" value="ldap://localhost:389/" />
-        <property name="userDn" value="uid=admin,ou=system" />
-        <property name="password" value="secret" />
+        <property name="userDn" value="uid=admin,dc=fediz,dc=org" />
+        <property name="password" value="ldap_su" />
     </bean>
 
     <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
@@ -48,7 +48,7 @@
     <util:map id="claimsToLdapAttributeMapping">
         <entry
             key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
-            value="givenName" />
+            value="givenname" />
         <entry
             key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
             value="sn" />

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b6447508/systests/ldap/pom.xml
----------------------------------------------------------------------
diff --git a/systests/ldap/pom.xml b/systests/ldap/pom.xml
new file mode 100644
index 0000000..299f5d9
--- /dev/null
+++ b/systests/ldap/pom.xml
@@ -0,0 +1,300 @@
+<?xml version="1.0"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.apache.cxf.fediz</groupId>
+        <artifactId>fediz-systests</artifactId>
+        <version>1.3.2-SNAPSHOT</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+    <groupId>org.apache.cxf.fediz.systests</groupId>
+    <artifactId>fediz-systests-ldap</artifactId>
+    <name>Apache Fediz LDAP Systests</name>
+    <packaging>jar</packaging>
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+    </properties>
+    <dependencies>
+        <dependency>
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-core</artifactId>
+            <version>${tomcat7.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-logging-juli</artifactId>
+            <version>${tomcat7.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.jdt.core.compiler</groupId>
+            <artifactId>ecj</artifactId>
+            <version>${ecj.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-jasper</artifactId>
+            <version>${tomcat7.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <version>${junit.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf.fediz</groupId>
+            <artifactId>fediz-tomcat7</artifactId>
+            <version>${project.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf.fediz.systests</groupId>
+            <artifactId>fediz-systests-tests</artifactId>
+            <version>${project.version}</version>
+            <type>test-jar</type>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+            <version>${slf4j.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-jdk14</artifactId>
+            <version>${slf4j.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.hsqldb</groupId>
+            <artifactId>hsqldb</artifactId>
+            <version>${hsqldb.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.directory.server</groupId>
+            <artifactId>apacheds-core-annotations</artifactId>
+            <version>${apacheds.version}</version>
+            <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>bouncycastle</groupId>
+                    <artifactId>bcprov-jdk15</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.directory.server</groupId>
+            <artifactId>apacheds-core-integ</artifactId>
+            <version>${apacheds.version}</version>
+            <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>bouncycastle</groupId>
+                    <artifactId>bcprov-jdk15</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.directory.server</groupId>
+            <artifactId>apacheds-protocol-shared</artifactId>
+            <version>${apacheds.version}</version>
+            <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>bouncycastle</groupId>
+                    <artifactId>bcprov-jdk15</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+            <version>${commons.io.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk15on</artifactId>
+            <scope>test</scope>
+            <version>${bcprov.version}</version>
+        </dependency>
+
+    </dependencies>
+    <build>
+        <testResources>
+            <testResource>
+                <directory>src/test/resources</directory>
+                <filtering>true</filtering>
+                <includes>
+                    <include>**/fediz_config*.xml</include>
+                </includes>
+            </testResource>
+            <testResource>
+                <directory>src/test/resources</directory>
+                <filtering>false</filtering>
+                <excludes>
+                    <exclude>**/fediz_config*.xml</exclude>
+                </excludes>
+            </testResource>
+        </testResources>
+        <plugins>
+            <plugin>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>build-helper-maven-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>reserve-network-port</id>
+                        <goals>
+                            <goal>reserve-network-port</goal>
+                        </goals>
+                        <phase>initialize</phase>
+                        <configuration>
+                            <portNames>
+                                <portName>idp.https.port</portName>
+                                <portName>rp.https.port</portName>
+                            </portNames>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>copy-idp-sts</id>
+                        <phase>generate-resources</phase>
+                        <goals>
+                            <goal>unpack</goal>
+                        </goals>
+                        <configuration>
+                            <artifactItems>
+                                <artifactItem>
+                                    <groupId>org.apache.cxf.fediz</groupId>
+                                    <artifactId>fediz-idp</artifactId>
+                                    <version>${project.version}</version>
+                                    <type>war</type>
+                                    <overWrite>true</overWrite>
+                                    <outputDirectory>target/tomcat/idp/webapps/fediz-idp</outputDirectory>
+                                </artifactItem>
+                                <artifactItem>
+                                    <groupId>org.apache.cxf.fediz</groupId>
+                                    <artifactId>fediz-idp-sts</artifactId>
+                                    <version>${project.version}</version>
+                                    <type>war</type>
+                                    <overWrite>true</overWrite>
+                                    <outputDirectory>target/tomcat/idp/webapps/fediz-idp-sts</outputDirectory>
+                                </artifactItem>
+                                <artifactItem>
+                                    <groupId>org.apache.cxf.fediz.systests.webapps</groupId>
+                                    <artifactId>fediz-systests-webapps-simple</artifactId>
+                                    <version>${project.version}</version>
+                                    <type>war</type>
+                                    <overWrite>true</overWrite>
+                                    <outputDirectory>target/tomcat/rp/webapps/simpleWebapp</outputDirectory>
+                                </artifactItem>
+                            </artifactItems>
+                            <outputAbsoluteArtifactFilename>true</outputAbsoluteArtifactFilename>
+                            <overWriteSnapshots>true</overWriteSnapshots>
+                            <overWriteIfNewer>true</overWriteIfNewer>
+                            <stripVersion>true</stripVersion>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <artifactId>maven-resources-plugin</artifactId>
+                <version>2.7</version>
+                <executions>
+                    <execution>
+                        <id>copy-entities-to-sts</id>
+                        <phase>generate-test-sources</phase>
+                        <goals>
+                            <goal>copy-resources</goal>
+                        </goals>
+                        <configuration>
+                            <outputDirectory>${basedir}/target/tomcat/idp/webapps/fediz-idp-sts/WEB-INF</outputDirectory>
+                            <resources>          
+                                <resource>
+                                    <directory>${basedir}/src/test/resources/sts</directory>
+                                    <includes>
+                                        <include>cxf-transport.xml</include>
+                                    </includes>
+                                    <filtering>true</filtering>
+                                </resource>
+                            </resources>              
+                        </configuration>            
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <artifactId>maven-failsafe-plugin</artifactId>
+                <inherited>true</inherited>
+                <executions>
+                    <execution>
+                        <id>integration-test</id>
+                        <phase>integration-test</phase>
+                        <goals>
+                            <goal>integration-test</goal>
+                        </goals>
+                        <configuration>
+                            <skip>${skipTests}</skip>
+                            <systemPropertyVariables>
+                                <wt.headless>true</wt.headless>
+                                <idp.https.port>${idp.https.port}</idp.https.port>
+                                <rp.https.port>${rp.https.port}</rp.https.port>
+                            </systemPropertyVariables>
+                            <includes>
+                                <include>**/integrationtests/**</include>
+                            </includes>
+                            <argLine>-Xms512m -Xmx1024m
+                                -XX:MaxPermSize=256m</argLine>
+                        </configuration>
+                    </execution>
+                    <execution>
+                        <id>verify</id>
+                        <phase>verify</phase>
+                        <goals>
+                            <goal>verify</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <inherited>true</inherited>
+                <configuration>
+                    <excludes>
+                        <exclude>**/integrationtests/**</exclude>
+                    </excludes>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+</project>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b6447508/systests/ldap/src/test/java/org/apache/cxf/fediz/integrationtests/LDAPTest.java
----------------------------------------------------------------------
diff --git a/systests/ldap/src/test/java/org/apache/cxf/fediz/integrationtests/LDAPTest.java
b/systests/ldap/src/test/java/org/apache/cxf/fediz/integrationtests/LDAPTest.java
new file mode 100644
index 0000000..906d431
--- /dev/null
+++ b/systests/ldap/src/test/java/org/apache/cxf/fediz/integrationtests/LDAPTest.java
@@ -0,0 +1,274 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.integrationtests;
+
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.LifecycleException;
+import org.apache.catalina.LifecycleState;
+import org.apache.catalina.connector.Connector;
+import org.apache.catalina.startup.Tomcat;
+import org.apache.commons.io.IOUtils;
+import org.apache.cxf.fediz.core.ClaimTypes;
+import org.apache.cxf.fediz.tomcat7.FederationAuthenticator;
+import org.apache.directory.server.annotations.CreateLdapServer;
+import org.apache.directory.server.annotations.CreateTransport;
+import org.apache.directory.server.core.annotations.ApplyLdifFiles;
+import org.apache.directory.server.core.annotations.CreateDS;
+import org.apache.directory.server.core.annotations.CreateIndex;
+import org.apache.directory.server.core.annotations.CreatePartition;
+import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
+import org.apache.directory.server.core.integ.FrameworkRunner;
+import org.apache.wss4j.dom.engine.WSSConfig;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+/**
+ * A test that configures the STS to authenticate user (and retrieve claims) from an LDAP
backend.
+ */
+
+@RunWith(FrameworkRunner.class)
+
+//Define the DirectoryService
+@CreateDS(name = "LDAPTest-class",
+        enableAccessControl = false,
+        allowAnonAccess = false,
+        enableChangeLog = true,
+        partitions = {
+      @CreatePartition(
+          name = "fediz",
+          suffix = "dc=fediz,dc=org",
+          indexes = {
+              @CreateIndex(attribute = "objectClass"),
+              @CreateIndex(attribute = "dc"),
+              @CreateIndex(attribute = "ou")
+          }
+      ) }
+  )
+
+@CreateLdapServer(
+  transports = {
+      @CreateTransport(protocol = "LDAP", address = "localhost")
+      }
+  )
+
+//Inject an file containing entries
+@ApplyLdifFiles("ldap.ldif")
+
+public class LDAPTest extends AbstractLdapTestUnit {
+
+    static String idpHttpsPort;
+    static String rpHttpsPort;
+    
+    private static Tomcat idpServer;
+    private static Tomcat rpServer;
+    private static boolean portUpdated;
+    
+    @Before
+    public void init() throws Exception {
+        System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
+        System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true");
+        System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient",
"info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow",
"info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web",
"info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz",
"info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
 
+        
+        idpHttpsPort = System.getProperty("idp.https.port");
+        Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
+        rpHttpsPort = System.getProperty("rp.https.port");
+        Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
+
+        WSSConfig.init();
+        
+        updatePort();
+        
+        idpServer = startServer(true, idpHttpsPort);
+        rpServer = startServer(false, rpHttpsPort);
+    }
+    
+    public void updatePort() throws Exception {
+        if (!portUpdated) {
+            String basedir = System.getProperty("basedir");
+            if (basedir == null) {
+                basedir = new File(".").getCanonicalPath();
+            }
+            
+            // Read in ldap.xml and substitute in the correct port
+            File f = new File(basedir + "/src/test/resources/sts/ldap.xml");
+            
+            FileInputStream inputStream = new FileInputStream(f);
+            String content = IOUtils.toString(inputStream, "UTF-8");
+            inputStream.close();
+            content = content.replaceAll("portno", "" + super.getLdapServer().getPort());
+            
+            File f2 = new File(basedir + "/target/tomcat/idp/webapps/fediz-idp-sts/WEB-INF/endpoints/ldap.xml");
+            try (FileOutputStream outputStream = new FileOutputStream(f2)) {
+                IOUtils.write(content, outputStream, "UTF-8");
+            }
+            
+            // Read in ldap.jaas and substitute in the correct port
+            f = new File(basedir + "/src/test/resources/ldap.jaas");
+            
+            inputStream = new FileInputStream(f);
+            content = IOUtils.toString(inputStream, "UTF-8");
+            inputStream.close();
+            content = content.replaceAll("portno", "" + super.getLdapServer().getPort());
+            
+            f2 = new File(basedir + "/target/test-classes/ldap.jaas");
+            try (FileOutputStream outputStream = new FileOutputStream(f2)) {
+                IOUtils.write(content, outputStream, "UTF-8");
+            }
+            
+            portUpdated = true;
+        }
+        
+        System.setProperty("java.security.auth.login.config", "target/test-classes/ldap.jaas");
+    }
+    
+    private static Tomcat startServer(boolean idp, String port) 
+        throws ServletException, LifecycleException, IOException {
+        Tomcat server = new Tomcat();
+        server.setPort(0);
+        String currentDir = new File(".").getCanonicalPath();
+        String baseDir = currentDir + File.separator + "target";
+        server.setBaseDir(baseDir);
+
+        if (idp) {
+            server.getHost().setAppBase("tomcat/idp/webapps");
+        } else {
+            server.getHost().setAppBase("tomcat/rp/webapps");
+        }
+        server.getHost().setAutoDeploy(true);
+        server.getHost().setDeployOnStartup(true);
+
+        Connector httpsConnector = new Connector();
+        httpsConnector.setPort(Integer.parseInt(port));
+        httpsConnector.setSecure(true);
+        httpsConnector.setScheme("https");
+        //httpsConnector.setAttribute("keyAlias", keyAlias);
+        httpsConnector.setAttribute("keystorePass", "tompass");
+        httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
+        httpsConnector.setAttribute("truststorePass", "tompass");
+        httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
+        httpsConnector.setAttribute("clientAuth", "want");
+        // httpsConnector.setAttribute("clientAuth", "false");
+        httpsConnector.setAttribute("sslProtocol", "TLS");
+        httpsConnector.setAttribute("SSLEnabled", true);
+
+        server.getService().addConnector(httpsConnector);
+
+        if (idp) {
+            File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(),
"fediz-idp-sts");
+            server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
+    
+            File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(),
"fediz-idp");
+            server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
+        } else {
+            File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(),
"simpleWebapp");
+            Context cxt = server.addWebapp("/fedizhelloworld", rpWebapp.getAbsolutePath());
+            
+            FederationAuthenticator fa = new FederationAuthenticator();
+            fa.setConfigFile(currentDir + File.separator + "target" + File.separator
+                             + "test-classes" + File.separator + "fediz_config.xml");
+            cxt.getPipeline().addValve(fa);
+        }
+
+        server.start();
+
+        return server;
+    }
+    
+    @After
+    public void cleanup() {
+        shutdownServer(idpServer);
+        shutdownServer(rpServer);
+    }
+    
+    private static void shutdownServer(Tomcat server) {
+        try {
+            if (server != null && server.getServer() != null
+                && server.getServer().getState() != LifecycleState.DESTROYED) {
+                if (server.getServer().getState() != LifecycleState.STOPPED) {
+                    server.stop();
+                }
+                server.destroy();
+            }
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+
+    public String getIdpHttpsPort() {
+        return idpHttpsPort;
+    }
+
+    public String getRpHttpsPort() {
+        return rpHttpsPort;
+    }
+    
+    public String getServletContextName() {
+        return "fedizhelloworld";
+    }
+    
+    @Test
+    public void testLDAP() throws Exception {
+        String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+            + "/secure/fedservlet";
+        String user = "alice";
+        String password = "ecila";
+
+        final String bodyTextContent =
+            HTTPTestUtils.login(url, user, password, getIdpHttpsPort());
+
+        Assert.assertTrue("Principal not " + user,
+                          bodyTextContent.contains("userPrincipal=" + user));
+        Assert.assertTrue("User " + user + " does not have role Admin",
+                          bodyTextContent.contains("role:Admin=false"));
+        Assert.assertTrue("User " + user + " does not have role Manager",
+                          bodyTextContent.contains("role:Manager=false"));
+        Assert.assertTrue("User " + user + " must have role User",
+                          bodyTextContent.contains("role:User=true"));
+
+        String claim = ClaimTypes.FIRSTNAME.toString();
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'",
+                          bodyTextContent.contains(claim + "=Alice"));
+        claim = ClaimTypes.LASTNAME.toString();
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'",
+                          bodyTextContent.contains(claim + "=Smith"));
+        claim = ClaimTypes.EMAILADDRESS.toString();
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
+                          bodyTextContent.contains(claim + "=alice@realma.org"));
+
+    }
+    
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b6447508/systests/ldap/src/test/resources/clienttrust.jks
----------------------------------------------------------------------
diff --git a/systests/ldap/src/test/resources/clienttrust.jks b/systests/ldap/src/test/resources/clienttrust.jks
new file mode 100644
index 0000000..c3ad459
Binary files /dev/null and b/systests/ldap/src/test/resources/clienttrust.jks differ

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b6447508/systests/ldap/src/test/resources/fediz_config.xml
----------------------------------------------------------------------
diff --git a/systests/ldap/src/test/resources/fediz_config.xml b/systests/ldap/src/test/resources/fediz_config.xml
new file mode 100644
index 0000000..dc30ea6
--- /dev/null
+++ b/systests/ldap/src/test/resources/fediz_config.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<!-- Place in Tomcat conf folder or other location as designated in this sample's webapp/META-INF/context.xml
file. 
+     Keystore referenced below must have IDP STS' public cert included in it.  This example
re-uses the Tomcat SSL 
+     keystore (tomcat-rp.jks) for this task; alternatively you may wish to use a Fediz-specific
keystore instead. 
+-->
+<FedizConfig>
+    <contextConfig name="/fedizhelloworld">
+        <audienceUris>
+            <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
+        </audienceUris>
+        <certificateStores>
+            <trustManager>
+                <keyStore file="test-classes/clienttrust.jks"
+                          password="storepass" type="JKS" />
+            </trustManager>
+        </certificateStores>
+        <trustedIssuers>
+            <issuer certificateValidation="PeerTrust" />
+        </trustedIssuers>
+        <maximumClockSkew>1000</maximumClockSkew>
+        <signingKey keyAlias="mytomidpkey" keyPassword="tompass">
+            <keyStore file="test-classes/server.jks" password="tompass" type="JKS" />
+        </signingKey>
+        <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+            xsi:type="federationProtocolType" version="1.0.0">
+            <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
+            <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
+            <roleDelimiter>,</roleDelimiter>
+            <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+            <freshness>10</freshness>
+            <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-A</homeRealm>
+            <claimTypesRequested>
+                <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
optional="false" />
+				<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
optional="true" />
+				<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" optional="true"
/>
+				<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
optional="true" />
+            </claimTypesRequested>
+        </protocol>
+        <logoutURL>/secure/logout</logoutURL>
+        <logoutRedirectTo>/index.html</logoutRedirectTo>
+    </contextConfig>
+</FedizConfig>
+

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b6447508/systests/ldap/src/test/resources/ldap.jaas
----------------------------------------------------------------------
diff --git a/systests/ldap/src/test/resources/ldap.jaas b/systests/ldap/src/test/resources/ldap.jaas
new file mode 100644
index 0000000..1b11e06
--- /dev/null
+++ b/systests/ldap/src/test/resources/ldap.jaas
@@ -0,0 +1,8 @@
+LDAP {
+    com.sun.security.auth.module.LdapLoginModule REQUIRED
+    userProvider="ldap://localhost:portno/"
+    authIdentity="cn={USERNAME},ou=users,dc=fediz,dc=org"
+    useSSL=false
+    debug=true;
+};
+

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b6447508/systests/ldap/src/test/resources/ldap.ldif
----------------------------------------------------------------------
diff --git a/systests/ldap/src/test/resources/ldap.ldif b/systests/ldap/src/test/resources/ldap.ldif
new file mode 100644
index 0000000..e2483ad
--- /dev/null
+++ b/systests/ldap/src/test/resources/ldap.ldif
@@ -0,0 +1,69 @@
+dn: dc=fediz,dc=org
+dc: fediz
+objectClass: top
+objectClass: domain
+
+dn: ou=users,dc=fediz,dc=org
+objectClass: organizationalUnit
+objectClass: top
+ou: users
+
+dn: ou=groups,dc=fediz,dc=org
+objectClass: top
+objectClass: organizationalUnit
+ou: groups
+
+dn: cn=User,ou=groups,dc=fediz,dc=org
+objectClass: groupOfNames
+objectClass: top
+cn: User
+member: cn=alice,ou=users,dc=fediz,dc=org
+member: cn=bob,ou=users,dc=fediz,dc=org
+description: This is a User
+
+dn: cn=Manager,ou=groups,dc=fediz,dc=org
+objectClass: groupOfNames
+objectClass: top
+cn: Manager
+businessCategory: widgets
+member: cn=bob,ou=users,dc=fediz,dc=org
+description: The boss
+
+# Web server identity/service principal.
+dn: cn=bob,ou=users,dc=fediz,dc=org
+objectclass: top
+objectclass: person
+objectclass: inetOrgPerson
+objectclass: organizationalPerson
+cn: bob
+sn: Windsor
+uid: bob
+mail: bobwindsor@realma.org
+givenname: bob
+userpassword: bob
+
+# User / client principal.
+dn: cn=alice,ou=users,dc=fediz,dc=org
+objectclass: top
+objectclass: person
+objectclass: inetOrgPerson
+objectclass: organizationalPerson
+cn: alice
+sn: Smith
+uid: alice
+givenname: Alice
+userpassword: ecila
+mail: alice@realma.org
+
+dn: uid=admin,dc=fediz,dc=org
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+cn: system administrator
+sn: administrator
+displayName: Directory Superuser
+uid: admin
+userPassword:: e1NTSEF9c2UyV0ZiWHowL2RjSkVuTWgvOWNOZnIzUXU4YUg1R1gvM2E1OFE9P
+ Q==
+

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b6447508/systests/ldap/src/test/resources/server.jks
----------------------------------------------------------------------
diff --git a/systests/ldap/src/test/resources/server.jks b/systests/ldap/src/test/resources/server.jks
new file mode 100644
index 0000000..c9c2ce2
Binary files /dev/null and b/systests/ldap/src/test/resources/server.jks differ

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b6447508/systests/ldap/src/test/resources/sts/cxf-transport.xml
----------------------------------------------------------------------
diff --git a/systests/ldap/src/test/resources/sts/cxf-transport.xml b/systests/ldap/src/test/resources/sts/cxf-transport.xml
new file mode 100644
index 0000000..bf9bd1e
--- /dev/null
+++ b/systests/ldap/src/test/resources/sts/cxf-transport.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:cxf="http://cxf.apache.org/core"
+    xmlns:jaxws="http://cxf.apache.org/jaxws"
+    xmlns:test="http://apache.org/hello_world_soap_http"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:util="http://www.springframework.org/schema/util"
+    xmlns:http="http://cxf.apache.org/transports/http/configuration"
+    xmlns:sec="http://cxf.apache.org/configuration/security"
+    xsi:schemaLocation="
+        http://cxf.apache.org/core
+        http://cxf.apache.org/schemas/core.xsd
+        http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+        http://cxf.apache.org/jaxws
+        http://cxf.apache.org/schemas/jaxws.xsd
+        http://www.springframework.org/schema/util
+        http://www.springframework.org/schema/util/spring-util-2.0.xsd
+        http://cxf.apache.org/transports/http/configuration
+        http://cxf.apache.org/schemas/configuration/http-conf.xsd
+        http://cxf.apache.org/configuration/security
+        http://cxf.apache.org/schemas/configuration/security.xsd">
+
+    <import resource="classpath:META-INF/cxf/cxf.xml" />
+
+    <import resource="data/realms.xml" />
+    <import resource="fediz-sts.xml" />
+    
+    <!-- Per default the resource <file.xml> is imported.
+         If built with Maven Profile 'ldap', the resource <ldap.xml> is imported -->
+    <import resource="./endpoints/ldap.xml" />
+    
+    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
+        <property name="location" value="classpath:./sts.properties"/>
+    </bean>
+    
+    <bean id="customRealmParser" class="org.apache.cxf.fediz.service.sts.realms.UriRealmParser"
>
+        <property name="realmMap" ref="realms" />
+    </bean>
+    
+    <bean id="samlRealmCodec"
+        class="org.apache.cxf.fediz.service.sts.realms.SamlRealmCodec" />
+    
+    <bean id="transportSTSProperties" class="org.apache.cxf.sts.StaticSTSProperties">
+        <property name="callbackHandlerClass" value="${callback.handler}" />
+        <property name="issuer" value="${issuer}" />
+        <property name="realmParser" ref="customRealmParser" />
+        <property name="signatureCryptoProperties" value="${signature.properties}" />
+        <property name="relationships" ref="relationships" />
+        <property name="samlRealmCodec" ref="samlRealmCodec" />
+    </bean>
+    
+    <jaxws:endpoint id="transportSTSRealmA" implementor="#transportSTSProviderBean"
+        address="/REALMA/STSServiceTransport" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+        xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+        serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Port">
+        <jaxws:properties>
+        </jaxws:properties>
+    </jaxws:endpoint>
+
+    <jaxws:endpoint id="transportSTSRealmB" implementor="#transportSTSProviderBean"
+        address="/REALMB/STSServiceTransport" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+        xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+        serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Port">
+        <jaxws:properties>
+        </jaxws:properties>
+    </jaxws:endpoint>
+    
+</beans>
+

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b6447508/systests/ldap/src/test/resources/sts/ldap.xml
----------------------------------------------------------------------
diff --git a/systests/ldap/src/test/resources/sts/ldap.xml b/systests/ldap/src/test/resources/sts/ldap.xml
new file mode 100644
index 0000000..aff850f
--- /dev/null
+++ b/systests/ldap/src/test/resources/sts/ldap.xml
@@ -0,0 +1,117 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:util="http://www.springframework.org/schema/util"
+    xmlns:jaxws="http://cxf.apache.org/jaxws"
+    xsi:schemaLocation="
+        http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+        http://www.springframework.org/schema/util
+        http://www.springframework.org/schema/util/spring-util-2.0.xsd
+        http://cxf.apache.org/jaxws
+        http://cxf.apache.org/schemas/jaxws.xsd">
+
+    <util:list id="claimHandlerList">
+        <ref bean="userClaimsHandler" />
+        <ref bean="groupClaimsHandler" />
+    </util:list>
+
+    <bean id="contextSource"
+        class="org.springframework.ldap.core.support.LdapContextSource">
+        <property name="url" value="ldap://localhost:portno/" />
+        <property name="userDn" value="uid=admin,dc=fediz,dc=org" />
+        <property name="password" value="ldap_su" />
+    </bean>
+
+    <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
+        <constructor-arg ref="contextSource" />
+    </bean>
+
+    <util:map id="claimsToLdapAttributeMapping">
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
+            value="givenname" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
+            value="sn" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
+            value="mail" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country"
+            value="c" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode"
+            value="postalCode" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress"
+            value="postalAddress" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality"
+            value="town" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince"
+            value="st" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender"
+            value="gender" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth"
+            value="dateofbirth" />
+        <entry
+            key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
+            value="member" />
+    </util:map>
+
+    <bean id="userClaimsHandler" class="org.apache.cxf.sts.claims.LdapClaimsHandler">
+        <property name="ldapTemplate" ref="ldapTemplate" />
+        <property name="claimsLdapAttributeMapping" ref="claimsToLdapAttributeMapping"
/>
+        <property name="userBaseDN" value="ou=users,dc=fediz,dc=org" />
+        <property name="userNameAttribute" value="uid" />
+    </bean>
+
+    <util:map id="appliesToScopeMapping">
+        <entry key="urn:org:apache:cxf:fediz:fedizhelloworld"
+            value="Example" />
+    </util:map>
+
+    <bean id="groupClaimsHandler" class="org.apache.cxf.sts.claims.LdapGroupClaimsHandler">
+        <property name="ldapTemplate" ref="ldapTemplate" />
+        <property name="userBaseDN" value="ou=users,dc=fediz,dc=org" />
+        <property name="groupBaseDN" value="ou=groups,dc=fediz,dc=org" />
+        <property name="appliesToScopeMapping" ref="appliesToScopeMapping" />
+        <property name="userNameAttribute" value="uid" />
+    </bean>
+
+    <jaxws:endpoint id="transportSTS1" implementor="#transportSTSProviderBean"
+        address="/REALMA/STSServiceTransportUT" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+        xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+        serviceName="ns1:SecurityTokenService" endpointName="ns1:TransportUT_Port">
+        <jaxws:properties>
+            <entry key="ws-security.ut.validator">
+                <bean class="org.apache.wss4j.dom.validate.JAASUsernameTokenValidator">
+                    <property name="contextName" value="LDAP" />
+                </bean>
+            </entry>
+        </jaxws:properties>
+    </jaxws:endpoint>
+	
+</beans>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b6447508/systests/pom.xml
----------------------------------------------------------------------
diff --git a/systests/pom.xml b/systests/pom.xml
index 0bd659e..ada0cf2 100644
--- a/systests/pom.xml
+++ b/systests/pom.xml
@@ -42,6 +42,7 @@
       <module>cxf</module>
       <module>federation</module>
       <module>kerberos</module>
+      <module>ldap</module>
       <module>oidc</module>
       <module>samlsso</module>
    </modules>


Mime
View raw message