cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: Improve testing of STS intermediary caching
Date Wed, 24 May 2017 16:52:20 GMT
Repository: cxf
Updated Branches:
  refs/heads/master c255034b2 -> 07093d2f5


Improve testing of STS intermediary caching


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/07093d2f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/07093d2f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/07093d2f

Branch: refs/heads/master
Commit: 07093d2f50f8e37b10b45f5e24e4b1e71dec352e
Parents: c255034
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed May 24 17:52:06 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed May 24 17:52:06 2017 +0100

----------------------------------------------------------------------
 .../DoubleItPortTypeImpl.java                   | 70 ++++++++++++++++++++
 .../IntermediaryCachingPortTypeImpl.java        |  4 +-
 .../IntermediaryTransformationCachingTest.java  | 49 +++++++++-----
 .../cxf-intermediary-caching.xml                |  4 --
 .../intermediary_transformation/cxf-service.xml |  3 +-
 5 files changed, 106 insertions(+), 24 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/07093d2f/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/DoubleItPortTypeImpl.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/DoubleItPortTypeImpl.java
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/DoubleItPortTypeImpl.java
new file mode 100644
index 0000000..42c02f5
--- /dev/null
+++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/DoubleItPortTypeImpl.java
@@ -0,0 +1,70 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.intermediary_transformation;
+
+import java.security.Principal;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+import javax.annotation.Resource;
+import javax.jws.WebService;
+import javax.xml.ws.WebServiceContext;
+
+import org.apache.cxf.feature.Features;
+import org.example.contract.doubleit.DoubleItPortType;
+import org.junit.Assert;
+
+@WebService(targetNamespace = "http://www.example.org/contract/DoubleIt",
+            serviceName = "DoubleItService",
+            endpointInterface = "org.example.contract.doubleit.DoubleItPortType")
+@Features(features = "org.apache.cxf.feature.LoggingFeature")
+/**
+ * A PortType implementation that only allows a user call it twice. This is to test the caching
logic
+ * of the intermediary.
+ */
+public class DoubleItPortTypeImpl implements DoubleItPortType {
+
+    @Resource
+    WebServiceContext wsContext;
+    
+    private Map<String, Integer> userCount = new ConcurrentHashMap<>();
+
+    public int doubleIt(int numberToDouble) {
+        Principal pr = wsContext.getUserPrincipal();
+
+        Assert.assertNotNull("Principal must not be null", pr);
+        Assert.assertNotNull("Principal.getName() must not return null", pr.getName());
+        
+        // Test caching logic here
+        updateCache(pr.getName());
+        
+        return numberToDouble * 2;
+    }
+
+    private void updateCache(String user) {
+        if (userCount.containsKey(user)) {
+            if (userCount.get(user) > 2) {
+                throw new RuntimeException("Only two iterations allowed");
+            }
+            userCount.put(user, userCount.get(user) + 1);
+        } else {
+            userCount.put(user, 1);
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/07093d2f/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryCachingPortTypeImpl.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryCachingPortTypeImpl.java
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryCachingPortTypeImpl.java
index d7922a5..65cade9 100644
--- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryCachingPortTypeImpl.java
+++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryCachingPortTypeImpl.java
@@ -92,8 +92,8 @@ public class IntermediaryCachingPortTypeImpl extends AbstractBusClientServerTest
         Assert.assertNotNull("Principal.getName() must not return null", pr.getName());
         // Assert.assertTrue("Principal must be alice", pr.getName().contains("alice"));
 
-        // Disable the STSClient after the first invocation
-        if (i > 0) {
+        // Disable the STSClient after the second invocation
+        if (i > 1) {
             BindingProvider p = (BindingProvider)transportPort;
             STSClient stsClient = new STSClient(null);
             stsClient.setOnBehalfOf(new ReceivedTokenCallbackHandler());

http://git-wip-us.apache.org/repos/asf/cxf/blob/07093d2f/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryTransformationCachingTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryTransformationCachingTest.java
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryTransformationCachingTest.java
index 0a26e1d..68eab44 100644
--- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryTransformationCachingTest.java
+++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryTransformationCachingTest.java
@@ -40,8 +40,8 @@ import org.junit.BeforeClass;
  * receives a (HOK) SAML 1.1 Assertion. This is then sent via (1-way) TLS to an Intermediary
  * service provider. The intermediary service provider validates the token, and then the
  * Intermediary client uses delegation to dispatch the received token (via OnBehalfOf) to
another
- * STS instance. After this point, the STSClient is disabled, meaning that the Intermediary
client must rely
- * on its cache to get tokens. The retrieved token is sent to the service provider via (2-way)
TLS.
+ * STS instance. The retrieved token is sent to the service provider via (2-way) TLS. The
STSClient is disabled
+ * after two invocations, meaning that the Intermediary client must rely on its cache to
get tokens. 
  */
 public class IntermediaryTransformationCachingTest extends AbstractBusClientServerTestBase
{
 
@@ -93,35 +93,50 @@ public class IntermediaryTransformationCachingTest extends AbstractBusClientServ
         URL wsdl = IntermediaryTransformationCachingTest.class.getResource("DoubleIt.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML1EndorsingPort");
-        DoubleItPortType transportPort =
+        DoubleItPortType alicePort =
             service.getPort(portQName, DoubleItPortType.class);
-        updateAddressPort(transportPort, PORT);
+        updateAddressPort(alicePort, PORT);
 
-        TokenTestUtils.updateSTSPort((BindingProvider)transportPort, STSPORT);
+        TokenTestUtils.updateSTSPort((BindingProvider)alicePort, STSPORT);
 
-        ((BindingProvider)transportPort).getRequestContext().put(SecurityConstants.USERNAME,
"alice");
+        ((BindingProvider)alicePort).getRequestContext().put(SecurityConstants.USERNAME,
"alice");
 
         // Make initial successful invocation (for "alice")
-        doubleIt(transportPort, 25);
-
-        // Make another invocation - this should work as the intermediary caches the token
+        doubleIt(alicePort, 25);
+        
+        // Make another successful invocation for "bob"
+        DoubleItPortType bobPort = service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(bobPort, PORT);
+        TokenTestUtils.updateSTSPort((BindingProvider)bobPort, STSPORT);
+
+        ((BindingProvider)bobPort).getRequestContext().put(SecurityConstants.USERNAME, "bob");
+        doubleIt(bobPort, 30);
+
+        // Make another invocation for "bob" - this should work as the intermediary caches
the token
+        // even though its STSClient is disabled after the second invocation
+        doubleIt(bobPort, 35);
+        
+        // Make another invocation for "alice" - this should work as the intermediary caches
the token
         // even though its STSClient is disabled after the first invocation
-        doubleIt(transportPort, 30);
+        doubleIt(alicePort, 40);
 
-        transportPort = service.getPort(portQName, DoubleItPortType.class);
-        updateAddressPort(transportPort, PORT);
-        TokenTestUtils.updateSTSPort((BindingProvider)transportPort, STSPORT);
+        // Now make an invocation for "myservicekey"
+        DoubleItPortType servicePort = service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(servicePort, PORT);
+        TokenTestUtils.updateSTSPort((BindingProvider)servicePort, STSPORT);
 
-        ((BindingProvider)transportPort).getRequestContext().put(SecurityConstants.USERNAME,
"bob");
+        ((BindingProvider)servicePort).getRequestContext().put(SecurityConstants.USERNAME,
"myservicekey");
 
-        // Make invocation for "bob"...this should fail as the intermediary's STS client
is disabled
+        // Make invocation for "myservicekey"...this should fail as the intermediary's STS
client is disabled
         try {
-            doubleIt(transportPort, 35);
+            doubleIt(servicePort, 45);
         } catch (SOAPFaultException ex) {
             // expected
         }
 
-        ((java.io.Closeable)transportPort).close();
+        ((java.io.Closeable)alicePort).close();
+        ((java.io.Closeable)bobPort).close();
+        ((java.io.Closeable)servicePort).close();
         bus.shutdown(true);
     }
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/07093d2f/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml
b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml
index 0c274c9..dc6ebf4 100644
--- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml
+++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml
@@ -42,7 +42,6 @@
         </httpj:engine>
     </httpj:engine-factory>
     <bean id="delegationCallbackHandler" class="org.apache.cxf.ws.security.trust.delegation.ReceivedTokenCallbackHandler"/>
-    <bean id="defaultTokenStore" class="org.apache.cxf.ws.security.tokenstore.MemoryTokenStore"/>
     <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2Port"
createdFromAPI="true">
         <jaxws:properties>
             <entry key="security.sts.client">
@@ -63,9 +62,6 @@
                     </property>
                 </bean>
             </entry>
-            <entry key="org.apache.cxf.ws.security.tokenstore.TokenStore">
-                <ref bean="defaultTokenStore"/>
-            </entry>
             <entry key="ws-security.cache.issued.token.in.endpoint" value="false"/>
         </jaxws:properties>
     </jaxws:client>

http://git-wip-us.apache.org/repos/asf/cxf/blob/07093d2f/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-service.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-service.xml
b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-service.xml
index 71a87b1..01a1ae3 100644
--- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-service.xml
+++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-service.xml
@@ -24,7 +24,8 @@
             <cxf:logging/>
         </cxf:features>
     </cxf:bus>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml2"
implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML2Port"
serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.intermediary_transformation.Server.2}/doubleit/services/doubleittransportsaml2"
wsdlLocation="org/apache/cxf/systest/sts/intermediary_transformation/DoubleIt.wsdl">
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml2"

+                    implementor="org.apache.cxf.systest.sts.intermediary_transformation.DoubleItPortTypeImpl"
endpointName="s:DoubleItTransportSAML2Port" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings"
address="https://localhost:${testutil.ports.intermediary_transformation.Server.2}/doubleit/services/doubleittransportsaml2"
wsdlLocation="org/apache/cxf/systest/sts/intermediary_transformation/DoubleIt.wsdl">
         <jaxws:properties>
             <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
             <entry key="security.signature.properties" value="serviceKeystore.properties"/>


Mime
View raw message