Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id C2A8C200C09 for ; Wed, 25 Jan 2017 11:55:37 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id C1372160B50; Wed, 25 Jan 2017 10:55:37 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id E5EB1160B4E for ; Wed, 25 Jan 2017 11:55:36 +0100 (CET) Received: (qmail 84855 invoked by uid 500); 25 Jan 2017 10:55:36 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 84846 invoked by uid 99); 25 Jan 2017 10:55:36 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 25 Jan 2017 10:55:36 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id D10CADFA69; Wed, 25 Jan 2017 10:55:35 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: coheigea@apache.org To: commits@cxf.apache.org Message-Id: <0f1ac120a57c4a59a5630443f8ea4fe8@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: cxf git commit: Fixing STS custom content tests Date: Wed, 25 Jan 2017 10:55:35 +0000 (UTC) archived-at: Wed, 25 Jan 2017 10:55:37 -0000 Repository: cxf Updated Branches: refs/heads/master 60a0ab978 -> 6094d8154 Fixing STS custom content tests Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6094d815 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6094d815 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6094d815 Branch: refs/heads/master Commit: 6094d8154b685338c7af18ab4dc4ee90c0c3e2f1 Parents: 60a0ab9 Author: Colm O hEigeartaigh Authored: Wed Jan 25 10:55:23 2017 +0000 Committer: Colm O hEigeartaigh Committed: Wed Jan 25 10:55:23 2017 +0000 ---------------------------------------------------------------------- .../systest/sts/custom/CustomParameterTest.java | 57 ++++++++++++++++++-- .../systest/sts/custom/CustomUTValidator.java | 40 +++++++++----- 2 files changed, 82 insertions(+), 15 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/6094d815/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomParameterTest.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomParameterTest.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomParameterTest.java index 3ddae05..03b0f0a 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomParameterTest.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomParameterTest.java @@ -37,7 +37,7 @@ import org.example.contract.doubleit.DoubleItPortType; import org.junit.BeforeClass; /** - * This test sends a custom WS-Trust parameter indicating the "realm" of the user, which is interpreted by the + * This test sends a custom parameter indicating the "realm" of the user, which is interpreted by the * STS's CustomUTValidator. */ public class CustomParameterTest extends AbstractBusClientServerTestBase { @@ -72,8 +72,8 @@ public class CustomParameterTest extends AbstractBusClientServerTestBase { stopAllServers(); } + @org.junit.Test - @org.junit.Ignore public void testCustomParameterInRST() throws Exception { SpringBusFactory bf = new SpringBusFactory(); @@ -96,8 +96,50 @@ public class CustomParameterTest extends AbstractBusClientServerTestBase { stsClient.setWsdlLocation("https://localhost:" + STSPORT + "/SecurityTokenService/UT?wsdl"); stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"); stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}UT_Port"); + + Map properties = new HashMap<>(); + properties.put("security.username", "alice"); + properties.put("security.callback-handler", "org.apache.cxf.systest.sts.common.CommonCallbackHandler"); + properties.put("security.sts.token.username", "myclientkey"); + properties.put("security.sts.token.properties", "clientKeystore.properties"); + properties.put("security.sts.token.usecert", "true"); + stsClient.setProperties(properties); + + ((BindingProvider)transportClaimsPort).getRequestContext().put(SecurityConstants.STS_CLIENT, stsClient); + + // Successful test + // Add custom content to the RST stsClient.setCustomContent("custom-realm"); + doubleIt(transportClaimsPort, 25); + + ((java.io.Closeable)transportClaimsPort).close(); + bus.shutdown(true); + } + + @org.junit.Test + public void testCustomParameterInRST2() throws Exception { + + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = CustomParameterTest.class.getResource("cxf-client.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + URL wsdl = CustomParameterTest.class.getResource("DoubleIt.wsdl"); + Service service = Service.create(wsdl, SERVICE_QNAME); + QName portQName = new QName(NAMESPACE, "DoubleItTransportCustomParameterPort"); + DoubleItPortType transportClaimsPort = + service.getPort(portQName, DoubleItPortType.class); + updateAddressPort(transportClaimsPort, PORT); + + TokenTestUtils.updateSTSPort((BindingProvider)transportClaimsPort, STSPORT); + + STSClient stsClient = new STSClient(bus); + stsClient.setWsdlLocation("https://localhost:" + STSPORT + "/SecurityTokenService/UT?wsdl"); + stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"); + stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}UT_Port"); Map properties = new HashMap<>(); properties.put("security.username", "alice"); @@ -109,7 +151,16 @@ public class CustomParameterTest extends AbstractBusClientServerTestBase { ((BindingProvider)transportClaimsPort).getRequestContext().put(SecurityConstants.STS_CLIENT, stsClient); - doubleIt(transportClaimsPort, 25); + // Failing test + + // Add custom content to the RST + stsClient.setCustomContent("custom-unknown-realm"); + try { + doubleIt(transportClaimsPort, 25); + fail("Failure expected on the wrong realm"); + } catch (Exception ex) { + // expected + } ((java.io.Closeable)transportClaimsPort).close(); bus.shutdown(true); http://git-wip-us.apache.org/repos/asf/cxf/blob/6094d815/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomUTValidator.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomUTValidator.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomUTValidator.java index 1e5f2de..fd4e8f4 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomUTValidator.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomUTValidator.java @@ -19,13 +19,17 @@ package org.apache.cxf.systest.sts.custom; -import org.w3c.dom.Document; +import javax.xml.soap.SOAPException; +import javax.xml.soap.SOAPMessage; + import org.w3c.dom.Element; +import org.apache.cxf.binding.soap.SoapMessage; +import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor; +import org.apache.cxf.binding.soap.saaj.SAAJUtils; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.util.XMLUtils; import org.apache.wss4j.dom.handler.RequestData; -import org.apache.wss4j.dom.util.WSSecurityUtil; import org.apache.wss4j.dom.validate.Credential; import org.apache.wss4j.dom.validate.UsernameTokenValidator; import org.apache.wss4j.dom.validate.Validator; @@ -41,20 +45,32 @@ public class CustomUTValidator implements Validator { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential"); } - // Find custom Element in the SOAP Body - Document doc = credential.getUsernametoken().getElement().getOwnerDocument(); - Element soapBody = WSSecurityUtil.findBodyElement(doc); - Element realm = XMLUtils.findElement(soapBody, "realm", "http://cxf.apache.org/custom"); - if (realm != null) { - String realmStr = realm.getTextContent(); - if ("custom-realm".equals(realmStr)) { - - UsernameTokenValidator validator = new UsernameTokenValidator(); - return validator.validate(credential, data); + // Need to use SAAJ to get the SOAP Body as we are just using the UsernameTokenInterceptor + SOAPMessage soapMessage = getSOAPMessage((SoapMessage)data.getMsgContext()); + try { + Element soapBody = SAAJUtils.getBody(soapMessage); + + if (soapBody != null) { + // Find custom Element in the SOAP Body + Element realm = XMLUtils.findElement(soapBody, "realm", "http://cxf.apache.org/custom"); + if (realm != null) { + String realmStr = realm.getTextContent(); + if ("custom-realm".equals(realmStr)) { + + UsernameTokenValidator validator = new UsernameTokenValidator(); + return validator.validate(credential, data); + } + } } + } catch (SOAPException ex) { + // ignore } throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential"); } + private SOAPMessage getSOAPMessage(SoapMessage msg) { + SAAJInInterceptor.INSTANCE.handleMessage(msg); + return msg.getContent(SOAPMessage.class); + } }