cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [08/10] cxf-fediz git commit: Refactor of systests
Date Wed, 12 Jul 2017 09:49:38 GMT
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cc76fc31/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/JettyUtils.java
----------------------------------------------------------------------
diff --git a/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/JettyUtils.java b/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/JettyUtils.java
deleted file mode 100644
index 43b1207..0000000
--- a/systests/jetty9/src/test/java/org/apache/cxf/fediz/integrationtests/JettyUtils.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.integrationtests;
-
-import org.eclipse.jetty.server.Server;
-import org.eclipse.jetty.util.resource.Resource;
-import org.eclipse.jetty.xml.XmlConfiguration;
-
-public final class JettyUtils {
-
-    private static Server rpServer;
-
-    private JettyUtils() {
-    }
-
-    public static void initRpServer() {
-        initRpServer("rp-server.xml");
-    }
-
-    public static void initRpServer(String configurationFile) {
-        if (rpServer == null) {
-            try {
-                Resource testServerConfig = Resource.newSystemResource(configurationFile);
-                XmlConfiguration configuration = new XmlConfiguration(testServerConfig.getInputStream());
-                rpServer = (Server)configuration.configure();
-
-            } catch (Exception e) {
-                e.printStackTrace();
-            }
-        }
-    }
-
-    public static void startRpServer() {
-        if (rpServer != null && !rpServer.isStarted()) {
-            try {
-                rpServer.start();
-            } catch (Exception e) {
-                e.printStackTrace();
-            }
-        }
-    }
-
-    public static void stopRpServer() {
-        if (rpServer != null && rpServer.isStarted()) {
-            try {
-                rpServer.stop();
-            } catch (Exception e) {
-                e.printStackTrace();
-            }
-        }
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cc76fc31/systests/jetty9/src/test/java/org/apache/cxf/fediz/systests/jetty9/ClientCertificatePreAuthSpringTest.java
----------------------------------------------------------------------
diff --git a/systests/jetty9/src/test/java/org/apache/cxf/fediz/systests/jetty9/ClientCertificatePreAuthSpringTest.java b/systests/jetty9/src/test/java/org/apache/cxf/fediz/systests/jetty9/ClientCertificatePreAuthSpringTest.java
new file mode 100644
index 0000000..9bd1bd3
--- /dev/null
+++ b/systests/jetty9/src/test/java/org/apache/cxf/fediz/systests/jetty9/ClientCertificatePreAuthSpringTest.java
@@ -0,0 +1,155 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.systests.jetty9;
+
+import java.io.File;
+
+import org.apache.catalina.LifecycleState;
+import org.apache.catalina.connector.Connector;
+import org.apache.catalina.startup.Tomcat;
+import org.apache.cxf.fediz.systests.common.AbstractClientCertTests;
+import org.eclipse.jetty.server.Server;
+import org.eclipse.jetty.util.resource.Resource;
+import org.eclipse.jetty.xml.XmlConfiguration;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+
+/**
+ * In this test-case, the IdP is set up to require client authentication, rather than authenticating using a
+ * username + password, or via Kerberos.
+ */
+public class ClientCertificatePreAuthSpringTest extends AbstractClientCertTests {
+
+    static String idpHttpsPort;
+    static String rpHttpsPort;
+
+    private static Server rpServer;
+    private static Tomcat idpServer;
+
+    @BeforeClass
+    public static void init() {
+        System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
+        System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true");
+        System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
+
+        idpHttpsPort = System.getProperty("idp.https.port");
+        Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
+        rpHttpsPort = System.getProperty("rp.https.port");
+        Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
+
+        initIdp();
+
+        try {
+            Resource testServerConfig = Resource.newSystemResource("rp-client-cert-server.xml");
+            XmlConfiguration configuration = new XmlConfiguration(testServerConfig.getInputStream());
+            rpServer = (Server)configuration.configure();
+            rpServer.start();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+
+    @AfterClass
+    public static void cleanup() {
+        try {
+            if (idpServer != null && idpServer.getServer() != null
+                && idpServer.getServer().getState() != LifecycleState.DESTROYED) {
+                if (idpServer.getServer().getState() != LifecycleState.STOPPED) {
+                    idpServer.stop();
+                }
+                idpServer.destroy();
+            }
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+
+        if (rpServer != null && rpServer.isStarted()) {
+            try {
+                rpServer.stop();
+            } catch (Exception e) {
+                e.printStackTrace();
+            }
+        }
+    }
+
+    private static void initIdp() {
+        try {
+            idpServer = new Tomcat();
+            idpServer.setPort(0);
+            String currentDir = new File(".").getCanonicalPath();
+            String baseDir = currentDir + File.separator + "target";
+            idpServer.setBaseDir(baseDir);
+
+            idpServer.getHost().setAppBase("tomcat/idp/webapps");
+            idpServer.getHost().setAutoDeploy(true);
+            idpServer.getHost().setDeployOnStartup(true);
+
+            Connector httpsConnector = new Connector();
+            httpsConnector.setPort(Integer.parseInt(idpHttpsPort));
+            httpsConnector.setSecure(true);
+            httpsConnector.setScheme("https");
+            //httpsConnector.setAttribute("keyAlias", keyAlias);
+            httpsConnector.setAttribute("keystorePass", "tompass");
+            httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
+            httpsConnector.setAttribute("truststorePass", "tompass");
+            httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
+            httpsConnector.setAttribute("clientAuth", "want");
+            // httpsConnector.setAttribute("clientAuth", "false");
+            httpsConnector.setAttribute("sslProtocol", "TLS");
+            httpsConnector.setAttribute("SSLEnabled", true);
+
+            idpServer.getService().addConnector(httpsConnector);
+
+            File stsWebapp = new File(baseDir + File.separator + idpServer.getHost().getAppBase(), "fediz-idp-sts");
+            idpServer.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
+
+            File idpWebapp = new File(baseDir + File.separator + idpServer.getHost().getAppBase(), "fediz-idp");
+            idpServer.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
+
+            idpServer.start();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+
+
+    @Override
+    public String getIdpHttpsPort() {
+        return idpHttpsPort;
+    }
+
+    @Override
+    public String getRpHttpsPort() {
+        return rpHttpsPort;
+    }
+
+    @Override
+    public String getServletContextName() {
+        return "fedizspringhelloworld";
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cc76fc31/systests/jetty9/src/test/java/org/apache/cxf/fediz/systests/jetty9/ClientCertificateTest.java
----------------------------------------------------------------------
diff --git a/systests/jetty9/src/test/java/org/apache/cxf/fediz/systests/jetty9/ClientCertificateTest.java b/systests/jetty9/src/test/java/org/apache/cxf/fediz/systests/jetty9/ClientCertificateTest.java
new file mode 100644
index 0000000..79d1d4d
--- /dev/null
+++ b/systests/jetty9/src/test/java/org/apache/cxf/fediz/systests/jetty9/ClientCertificateTest.java
@@ -0,0 +1,155 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.systests.jetty9;
+
+import java.io.File;
+
+import org.apache.catalina.LifecycleState;
+import org.apache.catalina.connector.Connector;
+import org.apache.catalina.startup.Tomcat;
+import org.apache.cxf.fediz.systests.common.AbstractClientCertTests;
+import org.eclipse.jetty.server.Server;
+import org.eclipse.jetty.util.resource.Resource;
+import org.eclipse.jetty.xml.XmlConfiguration;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+
+/**
+ * In this test-case, the IdP is set up to require client authentication, rather than authenticating using a
+ * username + password, or via Kerberos.
+ */
+public class ClientCertificateTest extends AbstractClientCertTests {
+
+    static String idpHttpsPort;
+    static String rpHttpsPort;
+
+    private static Server rpServer;
+    private static Tomcat idpServer;
+
+    @BeforeClass
+    public static void init() {
+        System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
+        System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true");
+        System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
+
+        idpHttpsPort = System.getProperty("idp.https.port");
+        Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
+        rpHttpsPort = System.getProperty("rp.https.port");
+        Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
+
+        initIdp();
+
+        try {
+            Resource testServerConfig = Resource.newSystemResource("rp-client-cert-server.xml");
+            XmlConfiguration configuration = new XmlConfiguration(testServerConfig.getInputStream());
+            rpServer = (Server)configuration.configure();
+            rpServer.start();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+
+    @AfterClass
+    public static void cleanup() {
+        try {
+            if (idpServer != null && idpServer.getServer() != null
+                && idpServer.getServer().getState() != LifecycleState.DESTROYED) {
+                if (idpServer.getServer().getState() != LifecycleState.STOPPED) {
+                    idpServer.stop();
+                }
+                idpServer.destroy();
+            }
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+
+        if (rpServer != null && rpServer.isStarted()) {
+            try {
+                rpServer.stop();
+            } catch (Exception e) {
+                e.printStackTrace();
+            }
+        }
+    }
+
+    private static void initIdp() {
+        try {
+            idpServer = new Tomcat();
+            idpServer.setPort(0);
+            String currentDir = new File(".").getCanonicalPath();
+            String baseDir = currentDir + File.separator + "target";
+            idpServer.setBaseDir(baseDir);
+
+            idpServer.getHost().setAppBase("tomcat/idp/webapps");
+            idpServer.getHost().setAutoDeploy(true);
+            idpServer.getHost().setDeployOnStartup(true);
+
+            Connector httpsConnector = new Connector();
+            httpsConnector.setPort(Integer.parseInt(idpHttpsPort));
+            httpsConnector.setSecure(true);
+            httpsConnector.setScheme("https");
+            //httpsConnector.setAttribute("keyAlias", keyAlias);
+            httpsConnector.setAttribute("keystorePass", "tompass");
+            httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
+            httpsConnector.setAttribute("truststorePass", "tompass");
+            httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
+            httpsConnector.setAttribute("clientAuth", "want");
+            // httpsConnector.setAttribute("clientAuth", "false");
+            httpsConnector.setAttribute("sslProtocol", "TLS");
+            httpsConnector.setAttribute("SSLEnabled", true);
+
+            idpServer.getService().addConnector(httpsConnector);
+
+            File stsWebapp = new File(baseDir + File.separator + idpServer.getHost().getAppBase(), "fediz-idp-sts");
+            idpServer.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
+
+            File idpWebapp = new File(baseDir + File.separator + idpServer.getHost().getAppBase(), "fediz-idp");
+            idpServer.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
+
+            idpServer.start();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+
+
+    @Override
+    public String getIdpHttpsPort() {
+        return idpHttpsPort;
+    }
+
+    @Override
+    public String getRpHttpsPort() {
+        return rpHttpsPort;
+    }
+
+    @Override
+    public String getServletContextName() {
+        return "fedizhelloworld";
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cc76fc31/systests/jetty9/src/test/java/org/apache/cxf/fediz/systests/jetty9/HOKCallbackHandler.java
----------------------------------------------------------------------
diff --git a/systests/jetty9/src/test/java/org/apache/cxf/fediz/systests/jetty9/HOKCallbackHandler.java b/systests/jetty9/src/test/java/org/apache/cxf/fediz/systests/jetty9/HOKCallbackHandler.java
new file mode 100644
index 0000000..1b44dda
--- /dev/null
+++ b/systests/jetty9/src/test/java/org/apache/cxf/fediz/systests/jetty9/HOKCallbackHandler.java
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.systests.jetty9;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.cxf.fediz.core.spi.WReqCallback;
+
+public class HOKCallbackHandler implements CallbackHandler {
+
+    static final String HOK_WREQ =
+        "<RequestSecurityToken xmlns=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\">"
+        + "<KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</KeyType>"
+        + "</RequestSecurityToken>";
+
+    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+        for (int i = 0; i < callbacks.length; i++) {
+            if (callbacks[i] instanceof WReqCallback) {
+                WReqCallback callback = (WReqCallback) callbacks[i];
+                callback.setWreq(HOK_WREQ);
+            } else {
+                throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
+            }
+        }
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cc76fc31/systests/jetty9/src/test/java/org/apache/cxf/fediz/systests/jetty9/JettyPreAuthSpringTest.java
----------------------------------------------------------------------
diff --git a/systests/jetty9/src/test/java/org/apache/cxf/fediz/systests/jetty9/JettyPreAuthSpringTest.java b/systests/jetty9/src/test/java/org/apache/cxf/fediz/systests/jetty9/JettyPreAuthSpringTest.java
new file mode 100644
index 0000000..20384d8
--- /dev/null
+++ b/systests/jetty9/src/test/java/org/apache/cxf/fediz/systests/jetty9/JettyPreAuthSpringTest.java
@@ -0,0 +1,143 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.systests.jetty9;
+
+
+
+import java.io.File;
+
+import org.apache.catalina.LifecycleState;
+import org.apache.catalina.connector.Connector;
+import org.apache.catalina.startup.Tomcat;
+import org.apache.cxf.fediz.systests.common.AbstractTests;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Ignore;
+
+
+public class JettyPreAuthSpringTest extends AbstractTests {
+
+    static String idpHttpsPort;
+    static String rpHttpsPort;
+
+    private static Tomcat idpServer;
+
+    @BeforeClass
+    public static void init() {
+        System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
+        System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true");
+        System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
+
+        idpHttpsPort = System.getProperty("idp.https.port");
+        Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
+        rpHttpsPort = System.getProperty("rp.https.port");
+        Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
+
+        initIdp();
+
+        JettyUtils.initRpServer();
+        JettyUtils.startRpServer();
+    }
+
+    @AfterClass
+    public static void cleanup() {
+        try {
+            if (idpServer != null && idpServer.getServer() != null
+                && idpServer.getServer().getState() != LifecycleState.DESTROYED) {
+                if (idpServer.getServer().getState() != LifecycleState.STOPPED) {
+                    idpServer.stop();
+                }
+                idpServer.destroy();
+            }
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+
+        JettyUtils.stopRpServer();
+    }
+
+    private static void initIdp() {
+        try {
+            idpServer = new Tomcat();
+            idpServer.setPort(0);
+            String currentDir = new File(".").getCanonicalPath();
+            String baseDir = currentDir + File.separator + "target";
+            idpServer.setBaseDir(baseDir);
+
+            idpServer.getHost().setAppBase("tomcat/idp/webapps");
+            idpServer.getHost().setAutoDeploy(true);
+            idpServer.getHost().setDeployOnStartup(true);
+
+            Connector httpsConnector = new Connector();
+            httpsConnector.setPort(Integer.parseInt(idpHttpsPort));
+            httpsConnector.setSecure(true);
+            httpsConnector.setScheme("https");
+            //httpsConnector.setAttribute("keyAlias", keyAlias);
+            httpsConnector.setAttribute("keystorePass", "tompass");
+            httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
+            httpsConnector.setAttribute("truststorePass", "tompass");
+            httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
+            httpsConnector.setAttribute("clientAuth", "want");
+            // httpsConnector.setAttribute("clientAuth", "false");
+            httpsConnector.setAttribute("sslProtocol", "TLS");
+            httpsConnector.setAttribute("SSLEnabled", true);
+
+            idpServer.getService().addConnector(httpsConnector);
+
+            File stsWebapp = new File(baseDir + File.separator + idpServer.getHost().getAppBase(), "fediz-idp-sts");
+            idpServer.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
+
+            File idpWebapp = new File(baseDir + File.separator + idpServer.getHost().getAppBase(), "fediz-idp");
+            idpServer.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
+
+            idpServer.start();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+
+
+    @Override
+    public String getIdpHttpsPort() {
+        return idpHttpsPort;
+    }
+
+    @Override
+    public String getRpHttpsPort() {
+        return rpHttpsPort;
+    }
+
+    @Override
+    public String getServletContextName() {
+        return "fedizspringhelloworld";
+    }
+
+    @Ignore("This tests is currently failing on Jetty")
+    @Override
+    public void testConcurrentRequests() throws Exception {
+        // super.testConcurrentRequests();
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cc76fc31/systests/jetty9/src/test/java/org/apache/cxf/fediz/systests/jetty9/JettyTest.java
----------------------------------------------------------------------
diff --git a/systests/jetty9/src/test/java/org/apache/cxf/fediz/systests/jetty9/JettyTest.java b/systests/jetty9/src/test/java/org/apache/cxf/fediz/systests/jetty9/JettyTest.java
new file mode 100644
index 0000000..66ff334
--- /dev/null
+++ b/systests/jetty9/src/test/java/org/apache/cxf/fediz/systests/jetty9/JettyTest.java
@@ -0,0 +1,142 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.systests.jetty9;
+
+import java.io.File;
+
+import org.apache.catalina.LifecycleState;
+import org.apache.catalina.connector.Connector;
+import org.apache.catalina.startup.Tomcat;
+import org.apache.cxf.fediz.systests.common.AbstractTests;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Ignore;
+
+
+public class JettyTest extends AbstractTests {
+
+    static String idpHttpsPort;
+    static String rpHttpsPort;
+
+    private static Tomcat idpServer;
+
+    @BeforeClass
+    public static void init() {
+        System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
+        System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true");
+        System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "debug");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", "debug");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
+
+        idpHttpsPort = System.getProperty("idp.https.port");
+        Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
+        rpHttpsPort = System.getProperty("rp.https.port");
+        Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
+
+        initIdp();
+
+        JettyUtils.initRpServer();
+        JettyUtils.startRpServer();
+    }
+
+    @AfterClass
+    public static void cleanup() {
+        try {
+            if (idpServer != null && idpServer.getServer() != null
+                && idpServer.getServer().getState() != LifecycleState.DESTROYED) {
+                if (idpServer.getServer().getState() != LifecycleState.STOPPED) {
+                    idpServer.stop();
+                }
+                idpServer.destroy();
+            }
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+
+        JettyUtils.stopRpServer();
+    }
+
+    private static void initIdp() {
+        try {
+            idpServer = new Tomcat();
+            idpServer.setPort(0);
+            String currentDir = new File(".").getCanonicalPath();
+            String baseDir = currentDir + File.separator + "target";
+            idpServer.setBaseDir(baseDir);
+
+            idpServer.getHost().setAppBase("tomcat/idp/webapps");
+            idpServer.getHost().setAutoDeploy(true);
+            idpServer.getHost().setDeployOnStartup(true);
+
+            Connector httpsConnector = new Connector();
+            httpsConnector.setPort(Integer.parseInt(idpHttpsPort));
+            httpsConnector.setSecure(true);
+            httpsConnector.setScheme("https");
+            //httpsConnector.setAttribute("keyAlias", keyAlias);
+            httpsConnector.setAttribute("keystorePass", "tompass");
+            httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
+            httpsConnector.setAttribute("truststorePass", "tompass");
+            httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
+            httpsConnector.setAttribute("clientAuth", "want");
+            // httpsConnector.setAttribute("clientAuth", "false");
+            httpsConnector.setAttribute("sslProtocol", "TLS");
+            httpsConnector.setAttribute("SSLEnabled", true);
+
+            idpServer.getService().addConnector(httpsConnector);
+
+            File stsWebapp = new File(baseDir + File.separator + idpServer.getHost().getAppBase(), "fediz-idp-sts");
+            idpServer.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
+
+            File idpWebapp = new File(baseDir + File.separator + idpServer.getHost().getAppBase(), "fediz-idp");
+            idpServer.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
+
+            idpServer.start();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+
+    @Override
+    public String getIdpHttpsPort() {
+        return idpHttpsPort;
+    }
+
+    @Override
+    public String getRpHttpsPort() {
+        return rpHttpsPort;
+    }
+
+    @Override
+    public String getServletContextName() {
+        return "fedizhelloworld";
+    }
+
+    @Ignore("This tests is currently failing on Jetty")
+    @Override
+    public void testConcurrentRequests() throws Exception {
+        // super.testConcurrentRequests();
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cc76fc31/systests/jetty9/src/test/java/org/apache/cxf/fediz/systests/jetty9/JettyUtils.java
----------------------------------------------------------------------
diff --git a/systests/jetty9/src/test/java/org/apache/cxf/fediz/systests/jetty9/JettyUtils.java b/systests/jetty9/src/test/java/org/apache/cxf/fediz/systests/jetty9/JettyUtils.java
new file mode 100644
index 0000000..3cab12e
--- /dev/null
+++ b/systests/jetty9/src/test/java/org/apache/cxf/fediz/systests/jetty9/JettyUtils.java
@@ -0,0 +1,70 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.systests.jetty9;
+
+import org.eclipse.jetty.server.Server;
+import org.eclipse.jetty.util.resource.Resource;
+import org.eclipse.jetty.xml.XmlConfiguration;
+
+public final class JettyUtils {
+
+    private static Server rpServer;
+
+    private JettyUtils() {
+    }
+
+    public static void initRpServer() {
+        initRpServer("rp-server.xml");
+    }
+
+    public static void initRpServer(String configurationFile) {
+        if (rpServer == null) {
+            try {
+                Resource testServerConfig = Resource.newSystemResource(configurationFile);
+                XmlConfiguration configuration = new XmlConfiguration(testServerConfig.getInputStream());
+                rpServer = (Server)configuration.configure();
+
+            } catch (Exception e) {
+                e.printStackTrace();
+            }
+        }
+    }
+
+    public static void startRpServer() {
+        if (rpServer != null && !rpServer.isStarted()) {
+            try {
+                rpServer.start();
+            } catch (Exception e) {
+                e.printStackTrace();
+            }
+        }
+    }
+
+    public static void stopRpServer() {
+        if (rpServer != null && rpServer.isStarted()) {
+            try {
+                rpServer.stop();
+            } catch (Exception e) {
+                e.printStackTrace();
+            }
+        }
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cc76fc31/systests/jetty9/src/test/resources/fediz_config_client_cert.xml
----------------------------------------------------------------------
diff --git a/systests/jetty9/src/test/resources/fediz_config_client_cert.xml b/systests/jetty9/src/test/resources/fediz_config_client_cert.xml
index e8bd2d1..6b62e33 100644
--- a/systests/jetty9/src/test/resources/fediz_config_client_cert.xml
+++ b/systests/jetty9/src/test/resources/fediz_config_client_cert.xml
@@ -53,7 +53,7 @@
 				<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" optional="true" />
             </claimTypesRequested>
             <authenticationType>http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/Ssl</authenticationType>
-            <request type="Class">org.apache.cxf.fediz.integrationtests.HOKCallbackHandler</request>
+            <request type="Class">org.apache.cxf.fediz.systests.jetty9.HOKCallbackHandler</request>
         </protocol>
         <logoutURL>/secure/logout</logoutURL>
         <logoutRedirectTo>/index.html</logoutRedirectTo>
@@ -89,7 +89,7 @@
 				<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" optional="true" />
             </claimTypesRequested>
             <authenticationType>http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/Ssl</authenticationType>
-            <request type="Class">org.apache.cxf.fediz.integrationtests.HOKCallbackHandler</request>
+            <request type="Class">org.apache.cxf.fediz.systests.jetty9.HOKCallbackHandler</request>
         </protocol>
         <logoutURL>/secure/logout</logoutURL>
         <logoutRedirectTo>/index.html</logoutRedirectTo>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cc76fc31/systests/kerberos/pom.xml
----------------------------------------------------------------------
diff --git a/systests/kerberos/pom.xml b/systests/kerberos/pom.xml
index b06824d..e508ff8 100644
--- a/systests/kerberos/pom.xml
+++ b/systests/kerberos/pom.xml
@@ -224,7 +224,7 @@
                                 <java.util.logging.config.file>${basedir}/target/test-classes/logging.properties</java.util.logging.config.file>
                             </systemPropertyVariables>
                             <includes>
-                                <include>**/integrationtests/**</include>
+                                <include>**/systests/**</include>
                             </includes>
                             <argLine>-Xms512m -Xmx1024m
                                 -XX:MaxPermSize=256m</argLine>
@@ -239,16 +239,6 @@
                     </execution>
                 </executions>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-surefire-plugin</artifactId>
-                <inherited>true</inherited>
-                <configuration>
-                    <excludes>
-                        <exclude>**/integrationtests/**</exclude>
-                    </excludes>
-                </configuration>
-            </plugin>
         </plugins>
     </build>
 </project>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cc76fc31/systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosClientPasswordCallback.java
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosClientPasswordCallback.java b/systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosClientPasswordCallback.java
deleted file mode 100644
index e1da412..0000000
--- a/systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosClientPasswordCallback.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.integrationtests;
-
-import java.io.IOException;
-
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-
-/**
- * A CallbackHandler implementation for the kerberos client.
- */
-public class KerberosClientPasswordCallback implements CallbackHandler {
-
-    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
-        for (int i = 0; i < callbacks.length; i++) {
-            if (callbacks[i] instanceof NameCallback) {
-                NameCallback nameCallback = (NameCallback)callbacks[i];
-                nameCallback.setName("alice");
-            } else if (callbacks[i] instanceof PasswordCallback) {
-                PasswordCallback passwordCallback = (PasswordCallback)callbacks[i];
-                passwordCallback.setPassword("alice".toCharArray());
-            }
-        }
-    }
-
-
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cc76fc31/systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosServicePasswordCallback.java
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosServicePasswordCallback.java b/systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosServicePasswordCallback.java
deleted file mode 100644
index 39be74b..0000000
--- a/systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosServicePasswordCallback.java
+++ /dev/null
@@ -1,58 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.integrationtests;
-
-import java.io.IOException;
-
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-
-import org.apache.wss4j.common.kerberos.KerberosContextAndServiceNameCallback;
-
-/**
- *  A CallbackHandler implementation for the kerberos service.
- */
-public class KerberosServicePasswordCallback implements CallbackHandler {
-
-    public KerberosServicePasswordCallback() {
-    }
-
-    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
-        for (int i = 0; i < callbacks.length; i++) {
-            if (callbacks[i] instanceof KerberosContextAndServiceNameCallback) {
-                KerberosContextAndServiceNameCallback pc =
-                    (KerberosContextAndServiceNameCallback)callbacks[i];
-                pc.setContextName("bob");
-                pc.setServiceName("bob@service.ws.apache.org");
-            } else if (callbacks[i] instanceof NameCallback) {
-                NameCallback nameCallback = (NameCallback)callbacks[i];
-                nameCallback.setName("bob");
-            } else if (callbacks[i] instanceof PasswordCallback) {
-                PasswordCallback passwordCallback = (PasswordCallback)callbacks[i];
-                passwordCallback.setPassword("bob".toCharArray());
-            }
-        }
-    }
-
-
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cc76fc31/systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosTest.java
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosTest.java b/systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosTest.java
deleted file mode 100644
index 93092ce..0000000
--- a/systests/kerberos/src/test/java/org/apache/cxf/fediz/integrationtests/KerberosTest.java
+++ /dev/null
@@ -1,342 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.fediz.integrationtests;
-
-
-import java.io.File;
-import java.io.IOException;
-import java.security.PrivilegedExceptionAction;
-
-import javax.security.auth.Subject;
-import javax.security.auth.login.LoginContext;
-import javax.servlet.ServletException;
-
-import com.gargoylesoftware.htmlunit.WebClient;
-import com.gargoylesoftware.htmlunit.html.HtmlForm;
-import com.gargoylesoftware.htmlunit.html.HtmlPage;
-import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
-
-import org.apache.catalina.Context;
-import org.apache.catalina.LifecycleException;
-import org.apache.catalina.LifecycleState;
-import org.apache.catalina.connector.Connector;
-import org.apache.catalina.startup.Tomcat;
-import org.apache.cxf.fediz.core.ClaimTypes;
-import org.apache.cxf.fediz.tomcat8.FederationAuthenticator;
-import org.apache.kerby.kerberos.kerb.server.SimpleKdcServer;
-import org.apache.wss4j.dom.engine.WSSConfig;
-import org.apache.xml.security.utils.Base64;
-import org.ietf.jgss.GSSContext;
-import org.ietf.jgss.GSSException;
-import org.ietf.jgss.GSSManager;
-import org.ietf.jgss.GSSName;
-import org.ietf.jgss.Oid;
-import org.junit.AfterClass;
-import org.junit.Assert;
-import org.junit.BeforeClass;
-
-/**
- * A test that sends a Kerberos ticket to the IdP for authentication. The IdP must be configured
- * to validate the Kerberos ticket, and in turn get a delegation token to authenticate to the
- * STS + retrieve claims etc.
- *
- * This test uses an Apache Kerby instance as the KDC
- */
-public class KerberosTest extends org.junit.Assert {
-
-    static String idpHttpsPort;
-    static String rpHttpsPort;
-
-    private static Tomcat idpServer;
-    private static Tomcat rpServer;
-    
-    private static SimpleKdcServer kerbyServer;
-
-    @BeforeClass
-    public static void init() throws Exception {
-        System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
-        System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true");
-        System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "info");
-        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", "info");
-        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
-        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
-        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
-        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
-
-        idpHttpsPort = System.getProperty("idp.https.port");
-        Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
-        rpHttpsPort = System.getProperty("rp.https.port");
-        Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
-
-        WSSConfig.init();
-        
-        String basedir = System.getProperty("basedir");
-        if (basedir == null) {
-            basedir = new File(".").getCanonicalPath();
-        }
-
-        // System.setProperty("sun.security.krb5.debug", "true");
-        System.setProperty("java.security.auth.login.config", basedir + "/target/test-classes/kerberos.jaas");
-        System.setProperty("java.security.krb5.conf", basedir + "/target/krb5.conf");
-
-        kerbyServer = new SimpleKdcServer();
-
-        kerbyServer.setKdcRealm("service.ws.apache.org");
-        kerbyServer.setAllowUdp(false);
-        kerbyServer.setWorkDir(new File(basedir + "/target"));
-
-        //kerbyServer.setInnerKdcImpl(new NettyKdcServerImpl(kerbyServer.getKdcSetting()));
-
-        kerbyServer.init();
-
-        // Create principals
-        String alice = "alice@service.ws.apache.org";
-        String bob = "bob/service.ws.apache.org@service.ws.apache.org";
-
-        kerbyServer.createPrincipal(alice, "alice");
-        kerbyServer.createPrincipal(bob, "bob");
-
-        kerbyServer.start();
-
-        idpServer = startServer(true, idpHttpsPort);
-        rpServer = startServer(false, rpHttpsPort);
-    }
-
-    private static Tomcat startServer(boolean idp, String port)
-        throws ServletException, LifecycleException, IOException {
-        Tomcat server = new Tomcat();
-        server.setPort(0);
-        String currentDir = new File(".").getCanonicalPath();
-        String baseDir = currentDir + File.separator + "target";
-        server.setBaseDir(baseDir);
-
-        if (idp) {
-            server.getHost().setAppBase("tomcat/idp/webapps");
-        } else {
-            server.getHost().setAppBase("tomcat/rp/webapps");
-        }
-        server.getHost().setAutoDeploy(true);
-        server.getHost().setDeployOnStartup(true);
-
-        Connector httpsConnector = new Connector();
-        httpsConnector.setPort(Integer.parseInt(port));
-        httpsConnector.setSecure(true);
-        httpsConnector.setScheme("https");
-        //httpsConnector.setAttribute("keyAlias", keyAlias);
-        httpsConnector.setAttribute("keystorePass", "tompass");
-        httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
-        httpsConnector.setAttribute("truststorePass", "tompass");
-        httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
-        httpsConnector.setAttribute("clientAuth", "want");
-        // httpsConnector.setAttribute("clientAuth", "false");
-        httpsConnector.setAttribute("sslProtocol", "TLS");
-        httpsConnector.setAttribute("SSLEnabled", true);
-
-        server.getService().addConnector(httpsConnector);
-
-        if (idp) {
-            File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
-            server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
-
-            File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
-            server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
-        } else {
-            File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
-            Context cxt = server.addWebapp("/fedizhelloworld", rpWebapp.getAbsolutePath());
-
-            FederationAuthenticator fa = new FederationAuthenticator();
-            fa.setConfigFile(currentDir + File.separator + "target" + File.separator
-                             + "test-classes" + File.separator + "fediz_config.xml");
-            cxt.getPipeline().addValve(fa);
-        }
-
-        server.start();
-
-        return server;
-    }
-
-    @AfterClass
-    public static void cleanup() {
-        shutdownServer(idpServer);
-        shutdownServer(rpServer);
-    }
-
-    private static void shutdownServer(Tomcat server) {
-        try {
-            if (server != null && server.getServer() != null
-                && server.getServer().getState() != LifecycleState.DESTROYED) {
-                if (server.getServer().getState() != LifecycleState.STOPPED) {
-                    server.stop();
-                }
-                server.destroy();
-            }
-        } catch (Exception e) {
-            e.printStackTrace();
-        }
-    }
-
-    public String getIdpHttpsPort() {
-        return idpHttpsPort;
-    }
-
-    public String getRpHttpsPort() {
-        return rpHttpsPort;
-    }
-
-    public String getServletContextName() {
-        return "fedizhelloworld";
-    }
-
-    @org.junit.Test
-    public void testKerberos() throws Exception {
-        String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
-        // Get a Kerberos Ticket +  Base64 encode it
-        String ticket = getEncodedKerberosTicket(false);
-
-        final WebClient webClient = new WebClient();
-        webClient.getOptions().setUseInsecureSSL(true);
-
-        webClient.getOptions().setJavaScriptEnabled(false);
-        webClient.addRequestHeader("Authorization", "Negotiate " + ticket);
-        final HtmlPage idpPage = webClient.getPage(url);
-        webClient.getOptions().setJavaScriptEnabled(true);
-        Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
-        final HtmlForm form = idpPage.getFormByName("signinresponseform");
-        final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
-
-        final HtmlPage rpPage = button.click();
-        Assert.assertEquals("WS Federation Systests Examples", rpPage.getTitleText());
-
-        final String bodyTextContent = rpPage.getBody().getTextContent();
-        String user = "alice";
-        Assert.assertTrue("Principal not " + user,
-                          bodyTextContent.contains("userPrincipal=" + user));
-        Assert.assertTrue("User " + user + " does not have role Admin",
-                          bodyTextContent.contains("role:Admin=false"));
-        Assert.assertTrue("User " + user + " does not have role Manager",
-                          bodyTextContent.contains("role:Manager=false"));
-        Assert.assertTrue("User " + user + " must have role User",
-                          bodyTextContent.contains("role:User=true"));
-
-        String claim = ClaimTypes.FIRSTNAME.toString();
-        Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'",
-                          bodyTextContent.contains(claim + "=Alice"));
-        claim = ClaimTypes.LASTNAME.toString();
-        Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'",
-                          bodyTextContent.contains(claim + "=Smith"));
-        claim = ClaimTypes.EMAILADDRESS.toString();
-        Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
-                          bodyTextContent.contains(claim + "=alice@realma.org"));
-
-        webClient.close();
-    }
-
-    // To get this test to work, uncomment the "spnego" configuration in the STS's kerberos.xml
-    @org.junit.Test
-    @org.junit.Ignore
-    public void testSpnego() throws Exception {
-        String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
-        // Get a Kerberos Ticket +  Base64 encode it
-        String ticket = getEncodedKerberosTicket(true);
-
-        final WebClient webClient = new WebClient();
-        webClient.getOptions().setUseInsecureSSL(true);
-
-        webClient.getOptions().setJavaScriptEnabled(false);
-        webClient.addRequestHeader("Authorization", "Negotiate " + ticket);
-        final HtmlPage idpPage = webClient.getPage(url);
-        webClient.getOptions().setJavaScriptEnabled(true);
-        Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
-        final HtmlForm form = idpPage.getFormByName("signinresponseform");
-        final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
-
-        final HtmlPage rpPage = button.click();
-        Assert.assertEquals("WS Federation Systests Examples", rpPage.getTitleText());
-
-        final String bodyTextContent = rpPage.getBody().getTextContent();
-        String user = "alice";
-        Assert.assertTrue("Principal not " + user,
-                          bodyTextContent.contains("userPrincipal=" + user));
-        Assert.assertTrue("User " + user + " does not have role Admin",
-                          bodyTextContent.contains("role:Admin=false"));
-        Assert.assertTrue("User " + user + " does not have role Manager",
-                          bodyTextContent.contains("role:Manager=false"));
-        Assert.assertTrue("User " + user + " must have role User",
-                          bodyTextContent.contains("role:User=true"));
-
-        String claim = ClaimTypes.FIRSTNAME.toString();
-        Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'",
-                          bodyTextContent.contains(claim + "=Alice"));
-        claim = ClaimTypes.LASTNAME.toString();
-        Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'",
-                          bodyTextContent.contains(claim + "=Smith"));
-        claim = ClaimTypes.EMAILADDRESS.toString();
-        Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
-                          bodyTextContent.contains(claim + "=alice@realma.org"));
-
-        webClient.close();
-    }
-
-    private String getEncodedKerberosTicket(boolean spnego) throws Exception {
-
-        Oid kerberos5Oid = null;
-        if (spnego) {
-            kerberos5Oid = new Oid("1.3.6.1.5.5.2");
-        } else {
-            kerberos5Oid = new Oid("1.2.840.113554.1.2.2");
-        }
-
-        GSSManager manager = GSSManager.getInstance();
-        GSSName serverName = manager.createName("bob@service.ws.apache.org",
-                                                GSSName.NT_HOSTBASED_SERVICE);
-
-        GSSContext context = manager
-                .createContext(serverName.canonicalize(kerberos5Oid), kerberos5Oid,
-                               null, GSSContext.DEFAULT_LIFETIME);
-
-        context.requestCredDeleg(true);
-
-        final byte[] token = new byte[0];
-
-        String contextName = "alice";
-        LoginContext lc = new LoginContext(contextName, new KerberosClientPasswordCallback());
-        lc.login();
-
-        byte[] ticket = (byte[])Subject.doAs(lc.getSubject(), new CreateServiceTicketAction(context, token));
-        return Base64.encode(ticket);
-    }
-
-    private final class CreateServiceTicketAction implements PrivilegedExceptionAction<byte[]> {
-        private final GSSContext context;
-        private final byte[] token;
-
-        private CreateServiceTicketAction(GSSContext context, byte[] token) {
-            this.context = context;
-            this.token = token;
-        }
-
-        public byte[] run() throws GSSException {
-            return context.initSecContext(token, 0, token.length);
-        }
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cc76fc31/systests/kerberos/src/test/java/org/apache/cxf/fediz/systests/kerberos/KerberosClientPasswordCallback.java
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/java/org/apache/cxf/fediz/systests/kerberos/KerberosClientPasswordCallback.java b/systests/kerberos/src/test/java/org/apache/cxf/fediz/systests/kerberos/KerberosClientPasswordCallback.java
new file mode 100644
index 0000000..b634498
--- /dev/null
+++ b/systests/kerberos/src/test/java/org/apache/cxf/fediz/systests/kerberos/KerberosClientPasswordCallback.java
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.systests.kerberos;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+/**
+ * A CallbackHandler implementation for the kerberos client.
+ */
+public class KerberosClientPasswordCallback implements CallbackHandler {
+
+    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+        for (int i = 0; i < callbacks.length; i++) {
+            if (callbacks[i] instanceof NameCallback) {
+                NameCallback nameCallback = (NameCallback)callbacks[i];
+                nameCallback.setName("alice");
+            } else if (callbacks[i] instanceof PasswordCallback) {
+                PasswordCallback passwordCallback = (PasswordCallback)callbacks[i];
+                passwordCallback.setPassword("alice".toCharArray());
+            }
+        }
+    }
+
+
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cc76fc31/systests/kerberos/src/test/java/org/apache/cxf/fediz/systests/kerberos/KerberosServicePasswordCallback.java
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/java/org/apache/cxf/fediz/systests/kerberos/KerberosServicePasswordCallback.java b/systests/kerberos/src/test/java/org/apache/cxf/fediz/systests/kerberos/KerberosServicePasswordCallback.java
new file mode 100644
index 0000000..6e7f69f
--- /dev/null
+++ b/systests/kerberos/src/test/java/org/apache/cxf/fediz/systests/kerberos/KerberosServicePasswordCallback.java
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.systests.kerberos;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.wss4j.common.kerberos.KerberosContextAndServiceNameCallback;
+
+/**
+ *  A CallbackHandler implementation for the kerberos service.
+ */
+public class KerberosServicePasswordCallback implements CallbackHandler {
+
+    public KerberosServicePasswordCallback() {
+    }
+
+    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+        for (int i = 0; i < callbacks.length; i++) {
+            if (callbacks[i] instanceof KerberosContextAndServiceNameCallback) {
+                KerberosContextAndServiceNameCallback pc =
+                    (KerberosContextAndServiceNameCallback)callbacks[i];
+                pc.setContextName("bob");
+                pc.setServiceName("bob@service.ws.apache.org");
+            } else if (callbacks[i] instanceof NameCallback) {
+                NameCallback nameCallback = (NameCallback)callbacks[i];
+                nameCallback.setName("bob");
+            } else if (callbacks[i] instanceof PasswordCallback) {
+                PasswordCallback passwordCallback = (PasswordCallback)callbacks[i];
+                passwordCallback.setPassword("bob".toCharArray());
+            }
+        }
+    }
+
+
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cc76fc31/systests/kerberos/src/test/java/org/apache/cxf/fediz/systests/kerberos/KerberosTest.java
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/java/org/apache/cxf/fediz/systests/kerberos/KerberosTest.java b/systests/kerberos/src/test/java/org/apache/cxf/fediz/systests/kerberos/KerberosTest.java
new file mode 100644
index 0000000..134fb8b
--- /dev/null
+++ b/systests/kerberos/src/test/java/org/apache/cxf/fediz/systests/kerberos/KerberosTest.java
@@ -0,0 +1,342 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.systests.kerberos;
+
+
+import java.io.File;
+import java.io.IOException;
+import java.security.PrivilegedExceptionAction;
+
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginContext;
+import javax.servlet.ServletException;
+
+import com.gargoylesoftware.htmlunit.WebClient;
+import com.gargoylesoftware.htmlunit.html.HtmlForm;
+import com.gargoylesoftware.htmlunit.html.HtmlPage;
+import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.LifecycleException;
+import org.apache.catalina.LifecycleState;
+import org.apache.catalina.connector.Connector;
+import org.apache.catalina.startup.Tomcat;
+import org.apache.cxf.fediz.core.ClaimTypes;
+import org.apache.cxf.fediz.tomcat8.FederationAuthenticator;
+import org.apache.kerby.kerberos.kerb.server.SimpleKdcServer;
+import org.apache.wss4j.dom.engine.WSSConfig;
+import org.apache.xml.security.utils.Base64;
+import org.ietf.jgss.GSSContext;
+import org.ietf.jgss.GSSException;
+import org.ietf.jgss.GSSManager;
+import org.ietf.jgss.GSSName;
+import org.ietf.jgss.Oid;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+
+/**
+ * A test that sends a Kerberos ticket to the IdP for authentication. The IdP must be configured
+ * to validate the Kerberos ticket, and in turn get a delegation token to authenticate to the
+ * STS + retrieve claims etc.
+ *
+ * This test uses an Apache Kerby instance as the KDC
+ */
+public class KerberosTest extends org.junit.Assert {
+
+    static String idpHttpsPort;
+    static String rpHttpsPort;
+
+    private static Tomcat idpServer;
+    private static Tomcat rpServer;
+    
+    private static SimpleKdcServer kerbyServer;
+
+    @BeforeClass
+    public static void init() throws Exception {
+        System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
+        System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true");
+        System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
+
+        idpHttpsPort = System.getProperty("idp.https.port");
+        Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
+        rpHttpsPort = System.getProperty("rp.https.port");
+        Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
+
+        WSSConfig.init();
+        
+        String basedir = System.getProperty("basedir");
+        if (basedir == null) {
+            basedir = new File(".").getCanonicalPath();
+        }
+
+        // System.setProperty("sun.security.krb5.debug", "true");
+        System.setProperty("java.security.auth.login.config", basedir + "/target/test-classes/kerberos.jaas");
+        System.setProperty("java.security.krb5.conf", basedir + "/target/krb5.conf");
+
+        kerbyServer = new SimpleKdcServer();
+
+        kerbyServer.setKdcRealm("service.ws.apache.org");
+        kerbyServer.setAllowUdp(false);
+        kerbyServer.setWorkDir(new File(basedir + "/target"));
+
+        //kerbyServer.setInnerKdcImpl(new NettyKdcServerImpl(kerbyServer.getKdcSetting()));
+
+        kerbyServer.init();
+
+        // Create principals
+        String alice = "alice@service.ws.apache.org";
+        String bob = "bob/service.ws.apache.org@service.ws.apache.org";
+
+        kerbyServer.createPrincipal(alice, "alice");
+        kerbyServer.createPrincipal(bob, "bob");
+
+        kerbyServer.start();
+
+        idpServer = startServer(true, idpHttpsPort);
+        rpServer = startServer(false, rpHttpsPort);
+    }
+
+    private static Tomcat startServer(boolean idp, String port)
+        throws ServletException, LifecycleException, IOException {
+        Tomcat server = new Tomcat();
+        server.setPort(0);
+        String currentDir = new File(".").getCanonicalPath();
+        String baseDir = currentDir + File.separator + "target";
+        server.setBaseDir(baseDir);
+
+        if (idp) {
+            server.getHost().setAppBase("tomcat/idp/webapps");
+        } else {
+            server.getHost().setAppBase("tomcat/rp/webapps");
+        }
+        server.getHost().setAutoDeploy(true);
+        server.getHost().setDeployOnStartup(true);
+
+        Connector httpsConnector = new Connector();
+        httpsConnector.setPort(Integer.parseInt(port));
+        httpsConnector.setSecure(true);
+        httpsConnector.setScheme("https");
+        //httpsConnector.setAttribute("keyAlias", keyAlias);
+        httpsConnector.setAttribute("keystorePass", "tompass");
+        httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
+        httpsConnector.setAttribute("truststorePass", "tompass");
+        httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
+        httpsConnector.setAttribute("clientAuth", "want");
+        // httpsConnector.setAttribute("clientAuth", "false");
+        httpsConnector.setAttribute("sslProtocol", "TLS");
+        httpsConnector.setAttribute("SSLEnabled", true);
+
+        server.getService().addConnector(httpsConnector);
+
+        if (idp) {
+            File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
+            server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
+
+            File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
+            server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
+        } else {
+            File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
+            Context cxt = server.addWebapp("/fedizhelloworld", rpWebapp.getAbsolutePath());
+
+            FederationAuthenticator fa = new FederationAuthenticator();
+            fa.setConfigFile(currentDir + File.separator + "target" + File.separator
+                             + "test-classes" + File.separator + "fediz_config.xml");
+            cxt.getPipeline().addValve(fa);
+        }
+
+        server.start();
+
+        return server;
+    }
+
+    @AfterClass
+    public static void cleanup() {
+        shutdownServer(idpServer);
+        shutdownServer(rpServer);
+    }
+
+    private static void shutdownServer(Tomcat server) {
+        try {
+            if (server != null && server.getServer() != null
+                && server.getServer().getState() != LifecycleState.DESTROYED) {
+                if (server.getServer().getState() != LifecycleState.STOPPED) {
+                    server.stop();
+                }
+                server.destroy();
+            }
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+
+    public String getIdpHttpsPort() {
+        return idpHttpsPort;
+    }
+
+    public String getRpHttpsPort() {
+        return rpHttpsPort;
+    }
+
+    public String getServletContextName() {
+        return "fedizhelloworld";
+    }
+
+    @org.junit.Test
+    public void testKerberos() throws Exception {
+        String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
+        // Get a Kerberos Ticket +  Base64 encode it
+        String ticket = getEncodedKerberosTicket(false);
+
+        final WebClient webClient = new WebClient();
+        webClient.getOptions().setUseInsecureSSL(true);
+
+        webClient.getOptions().setJavaScriptEnabled(false);
+        webClient.addRequestHeader("Authorization", "Negotiate " + ticket);
+        final HtmlPage idpPage = webClient.getPage(url);
+        webClient.getOptions().setJavaScriptEnabled(true);
+        Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
+
+        final HtmlForm form = idpPage.getFormByName("signinresponseform");
+        final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
+
+        final HtmlPage rpPage = button.click();
+        Assert.assertEquals("WS Federation Systests Examples", rpPage.getTitleText());
+
+        final String bodyTextContent = rpPage.getBody().getTextContent();
+        String user = "alice";
+        Assert.assertTrue("Principal not " + user,
+                          bodyTextContent.contains("userPrincipal=" + user));
+        Assert.assertTrue("User " + user + " does not have role Admin",
+                          bodyTextContent.contains("role:Admin=false"));
+        Assert.assertTrue("User " + user + " does not have role Manager",
+                          bodyTextContent.contains("role:Manager=false"));
+        Assert.assertTrue("User " + user + " must have role User",
+                          bodyTextContent.contains("role:User=true"));
+
+        String claim = ClaimTypes.FIRSTNAME.toString();
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'",
+                          bodyTextContent.contains(claim + "=Alice"));
+        claim = ClaimTypes.LASTNAME.toString();
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'",
+                          bodyTextContent.contains(claim + "=Smith"));
+        claim = ClaimTypes.EMAILADDRESS.toString();
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
+                          bodyTextContent.contains(claim + "=alice@realma.org"));
+
+        webClient.close();
+    }
+
+    // To get this test to work, uncomment the "spnego" configuration in the STS's kerberos.xml
+    @org.junit.Test
+    @org.junit.Ignore
+    public void testSpnego() throws Exception {
+        String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
+        // Get a Kerberos Ticket +  Base64 encode it
+        String ticket = getEncodedKerberosTicket(true);
+
+        final WebClient webClient = new WebClient();
+        webClient.getOptions().setUseInsecureSSL(true);
+
+        webClient.getOptions().setJavaScriptEnabled(false);
+        webClient.addRequestHeader("Authorization", "Negotiate " + ticket);
+        final HtmlPage idpPage = webClient.getPage(url);
+        webClient.getOptions().setJavaScriptEnabled(true);
+        Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
+
+        final HtmlForm form = idpPage.getFormByName("signinresponseform");
+        final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
+
+        final HtmlPage rpPage = button.click();
+        Assert.assertEquals("WS Federation Systests Examples", rpPage.getTitleText());
+
+        final String bodyTextContent = rpPage.getBody().getTextContent();
+        String user = "alice";
+        Assert.assertTrue("Principal not " + user,
+                          bodyTextContent.contains("userPrincipal=" + user));
+        Assert.assertTrue("User " + user + " does not have role Admin",
+                          bodyTextContent.contains("role:Admin=false"));
+        Assert.assertTrue("User " + user + " does not have role Manager",
+                          bodyTextContent.contains("role:Manager=false"));
+        Assert.assertTrue("User " + user + " must have role User",
+                          bodyTextContent.contains("role:User=true"));
+
+        String claim = ClaimTypes.FIRSTNAME.toString();
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'",
+                          bodyTextContent.contains(claim + "=Alice"));
+        claim = ClaimTypes.LASTNAME.toString();
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'",
+                          bodyTextContent.contains(claim + "=Smith"));
+        claim = ClaimTypes.EMAILADDRESS.toString();
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
+                          bodyTextContent.contains(claim + "=alice@realma.org"));
+
+        webClient.close();
+    }
+
+    private String getEncodedKerberosTicket(boolean spnego) throws Exception {
+
+        Oid kerberos5Oid = null;
+        if (spnego) {
+            kerberos5Oid = new Oid("1.3.6.1.5.5.2");
+        } else {
+            kerberos5Oid = new Oid("1.2.840.113554.1.2.2");
+        }
+
+        GSSManager manager = GSSManager.getInstance();
+        GSSName serverName = manager.createName("bob@service.ws.apache.org",
+                                                GSSName.NT_HOSTBASED_SERVICE);
+
+        GSSContext context = manager
+                .createContext(serverName.canonicalize(kerberos5Oid), kerberos5Oid,
+                               null, GSSContext.DEFAULT_LIFETIME);
+
+        context.requestCredDeleg(true);
+
+        final byte[] token = new byte[0];
+
+        String contextName = "alice";
+        LoginContext lc = new LoginContext(contextName, new KerberosClientPasswordCallback());
+        lc.login();
+
+        byte[] ticket = (byte[])Subject.doAs(lc.getSubject(), new CreateServiceTicketAction(context, token));
+        return Base64.encode(ticket);
+    }
+
+    private final class CreateServiceTicketAction implements PrivilegedExceptionAction<byte[]> {
+        private final GSSContext context;
+        private final byte[] token;
+
+        private CreateServiceTicketAction(GSSContext context, byte[] token) {
+            this.context = context;
+            this.token = token;
+        }
+
+        public byte[] run() throws GSSException {
+            return context.initSecContext(token, 0, token.length);
+        }
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cc76fc31/systests/kerberos/src/test/resources/sts/kerberos.xml
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/resources/sts/kerberos.xml b/systests/kerberos/src/test/resources/sts/kerberos.xml
index 8aab500..e39dd6d 100644
--- a/systests/kerberos/src/test/resources/sts/kerberos.xml
+++ b/systests/kerberos/src/test/resources/sts/kerberos.xml
@@ -51,7 +51,7 @@
     </bean>
     
     <bean id="kerberosCallbackHandler" 
-          class="org.apache.cxf.fediz.integrationtests.KerberosServicePasswordCallback" />
+          class="org.apache.cxf.fediz.systests.kerberos.KerberosServicePasswordCallback" />
           
     <bean id="kerberosValidator" class="org.apache.wss4j.dom.validate.KerberosTokenValidator">
         <property name="contextName" value="bob"/>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/cc76fc31/systests/ldap/pom.xml
----------------------------------------------------------------------
diff --git a/systests/ldap/pom.xml b/systests/ldap/pom.xml
index ecec25e..fd1c5e8 100644
--- a/systests/ldap/pom.xml
+++ b/systests/ldap/pom.xml
@@ -239,7 +239,7 @@
                                 <java.util.logging.config.file>${basedir}/target/test-classes/logging.properties</java.util.logging.config.file>
                             </systemPropertyVariables>
                             <includes>
-                                <include>**/integrationtests/**</include>
+                                <include>**/systests/**</include>
                             </includes>
                             <argLine>-Xms512m -Xmx1024m
                                 -XX:MaxPermSize=256m</argLine>
@@ -254,16 +254,6 @@
                     </execution>
                 </executions>
             </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-surefire-plugin</artifactId>
-                <inherited>true</inherited>
-                <configuration>
-                    <excludes>
-                        <exclude>**/integrationtests/**</exclude>
-                    </excludes>
-                </configuration>
-            </plugin>
         </plugins>
     </build>
 </project>


Mime
View raw message