cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf-fediz git commit: Enabled custom authentication test
Date Thu, 26 Jan 2017 11:34:14 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master c38f6b781 -> 307bf80a1


Enabled custom authentication test


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/307bf80a
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/307bf80a
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/307bf80a

Branch: refs/heads/master
Commit: 307bf80a1f23c278f5b37dfe9ea2ac56ccba4483
Parents: c38f6b7
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Jan 26 11:33:59 2017 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Jan 26 11:33:59 2017 +0000

----------------------------------------------------------------------
 .../sts/src/main/webapp/WEB-INF/fediz-sts.xml   |  1 +
 systests/idp/pom.xml                            | 44 ++++++++++++
 .../src/test/java/custom/CustomUTValidator.java | 76 ++++++++++++++++++++
 .../apache/cxf/fediz/systests/idp/IdpTest.java  |  1 -
 systests/idp/src/test/resources/file.xml        | 66 +++++++++++++++++
 5 files changed, 187 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/307bf80a/services/sts/src/main/webapp/WEB-INF/fediz-sts.xml
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/fediz-sts.xml b/services/sts/src/main/webapp/WEB-INF/fediz-sts.xml
index fe8ba7d..2ab33d2 100644
--- a/services/sts/src/main/webapp/WEB-INF/fediz-sts.xml
+++ b/services/sts/src/main/webapp/WEB-INF/fediz-sts.xml
@@ -58,6 +58,7 @@
         <property name="tokenValidators" ref="transportTokenValidators" />
         <property name="eventListener" ref="loggerListener" />
         <property name="delegationHandlers" ref="delegationHandlers" />
+        <property name="allowCustomContent" value="true" />
     </bean>
 
     <bean id="transportValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation">

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/307bf80a/systests/idp/pom.xml
----------------------------------------------------------------------
diff --git a/systests/idp/pom.xml b/systests/idp/pom.xml
index 66eddcb..15e8e58 100644
--- a/systests/idp/pom.xml
+++ b/systests/idp/pom.xml
@@ -71,6 +71,12 @@
             <scope>test</scope>
         </dependency>
         <dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-rt-bindings-soap</artifactId>
+            <version>${cxf.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
             <groupId>org.apache.cxf.fediz.systests</groupId>
             <artifactId>fediz-systests-tests</artifactId>
             <version>${project.version}</version>
@@ -207,6 +213,44 @@
                             </resources>              
                         </configuration>            
                     </execution>
+                    <execution>
+                        <id>copy-customised-sts-configp</id>
+                        <phase>generate-test-sources</phase>
+                        <goals>
+                            <goal>copy-resources</goal>
+                        </goals>
+                        <configuration>
+                            <outputDirectory>${basedir}/target/tomcat/idp/webapps/fediz-idp-sts/WEB-INF/endpoints</outputDirectory>
+                            <resources>          
+                                <resource>
+                                    <directory>${basedir}/src/test/resources</directory>
+                                    <includes>
+                                        <include>file.xml</include>
+                                    </includes>
+                                    <filtering>false</filtering>
+                                </resource>
+                            </resources>              
+                        </configuration>            
+                    </execution>
+                    <execution>
+                        <id>copy-custom-validator</id>
+                        <phase>process-test-classes</phase>
+                        <goals>
+                            <goal>copy-resources</goal>
+                        </goals>
+                        <configuration>
+                            <outputDirectory>${basedir}/target/tomcat/idp/webapps/fediz-idp-sts/WEB-INF/classes/custom</outputDirectory>
+                            <resources>          
+                                <resource>
+                                    <directory>${basedir}/target/test-classes/custom</directory>
+                                    <includes>
+                                        <include>CustomUTValidator.class</include>
+                                    </includes>
+                                    <filtering>false</filtering>
+                                </resource>
+                            </resources>              
+                        </configuration>            
+                    </execution>
                 </executions>
             </plugin>
             <plugin>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/307bf80a/systests/idp/src/test/java/custom/CustomUTValidator.java
----------------------------------------------------------------------
diff --git a/systests/idp/src/test/java/custom/CustomUTValidator.java b/systests/idp/src/test/java/custom/CustomUTValidator.java
new file mode 100644
index 0000000..a623411
--- /dev/null
+++ b/systests/idp/src/test/java/custom/CustomUTValidator.java
@@ -0,0 +1,76 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package custom;
+
+import javax.xml.soap.SOAPException;
+import javax.xml.soap.SOAPMessage;
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor;
+import org.apache.cxf.binding.soap.saaj.SAAJUtils;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.XMLUtils;
+import org.apache.wss4j.dom.handler.RequestData;
+import org.apache.wss4j.dom.validate.Credential;
+import org.apache.wss4j.dom.validate.UsernameTokenValidator;
+import org.apache.wss4j.dom.validate.Validator;
+
+/**
+ * A Validator that checks for a custom "realm" parameter in the RST request and only allows

+ * authentication if the value is equal to "custom-realm".
+ */
+public class CustomUTValidator implements Validator {
+
+    public Credential validate(Credential credential, RequestData data) throws WSSecurityException
{
+        if (credential == null || credential.getUsernametoken() == null) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential");
+        }
+        
+        // Need to use SAAJ to get the SOAP Body as we are just using the UsernameTokenInterceptor
+        SOAPMessage soapMessage = getSOAPMessage((SoapMessage)data.getMsgContext());
+        try {
+            Element soapBody = SAAJUtils.getBody(soapMessage);
+        
+            if (soapBody != null) {
+                // Find custom Element in the SOAP Body
+                Element realm = XMLUtils.findElement(soapBody, "realm", "http://cxf.apache.org/custom");
+                if (realm != null) {
+                    String realmStr = realm.getTextContent();
+                    if ("custom-realm".equals(realmStr)) {
+        
+                        UsernameTokenValidator validator = new UsernameTokenValidator();
+                        return validator.validate(credential, data);
+                    }
+                }
+            }
+        } catch (SOAPException ex) {
+            // ignore
+        }
+        
+        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential");
+    }
+
+    private SOAPMessage getSOAPMessage(SoapMessage msg) {
+        SAAJInInterceptor.INSTANCE.handleMessage(msg);
+        return msg.getContent(SOAPMessage.class);
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/307bf80a/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
----------------------------------------------------------------------
diff --git a/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java b/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
index 1e58d82..3b05f09 100644
--- a/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
+++ b/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
@@ -917,7 +917,6 @@ public class IdpTest {
     
     // Test a custom parameter that gets passed through to the STS
     @org.junit.Test
-    @org.junit.Ignore
     public void testCustomParameter() throws Exception {
         String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/federation?";
         url += "wa=wsignin1.0";

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/307bf80a/systests/idp/src/test/resources/file.xml
----------------------------------------------------------------------
diff --git a/systests/idp/src/test/resources/file.xml b/systests/idp/src/test/resources/file.xml
new file mode 100644
index 0000000..d532aee
--- /dev/null
+++ b/systests/idp/src/test/resources/file.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:util="http://www.springframework.org/schema/util"
+    xmlns:jaxws="http://cxf.apache.org/jaxws"
+    xsi:schemaLocation="
+        http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
+        http://www.springframework.org/schema/util
+        http://www.springframework.org/schema/util/spring-util-4.3.xsd
+        http://cxf.apache.org/jaxws
+        http://cxf.apache.org/schemas/jaxws.xsd">
+
+    <import resource="../data/userClaims.xml" />
+    <import resource="../data/passwords.xml" />
+
+    <bean id="upCallBackHandlerRealmA"
+        class="org.apache.cxf.fediz.service.sts.UsernamePasswordCallbackHandler">
+        <property name="passwords" ref="REALMA" />
+    </bean>
+
+    <bean id="upCallBackHandlerRealmB"
+        class="org.apache.cxf.fediz.service.sts.UsernamePasswordCallbackHandler">
+        <property name="passwords" ref="REALMB" />
+    </bean>
+
+    <jaxws:endpoint id="transportSTSRealmAUT"
+        implementor="#transportSTSProviderBean" address="/REALMA/STSServiceTransportUT"
+        wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+        xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+        serviceName="ns1:SecurityTokenService" endpointName="ns1:TransportUT_Port">
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler" value-ref="upCallBackHandlerRealmA"
/>
+            <entry key="ws-security.ut.validator" value="custom.CustomUTValidator"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+
+    <jaxws:endpoint id="transportSTSRealmBUT"
+        implementor="#transportSTSProviderBean" address="/REALMB/STSServiceTransportUT"
+        wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl"
+        xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+        serviceName="ns1:SecurityTokenService" endpointName="ns1:TransportUT_Port">
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler" value-ref="upCallBackHandlerRealmB"
/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+
+</beans>


Mime
View raw message