cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [cxf-fediz] branch 1.4.x-fixes updated: Refactoring OIDC tests to make it easier to subclass them
Date Wed, 30 May 2018 16:22:29 GMT
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch 1.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git


The following commit(s) were added to refs/heads/1.4.x-fixes by this push:
     new dff5eb0  Refactoring OIDC tests to make it easier to subclass them
dff5eb0 is described below

commit dff5eb0c0fab3d76c92eb34f44d600eb340001f3
Author: Colm O hEigeartaigh <coheigea@apache.org>
AuthorDate: Wed May 30 16:27:38 2018 +0100

    Refactoring OIDC tests to make it easier to subclass them
---
 systests/oidc/pom.xml                              |   8 +-
 .../oidc/{OIDCTest.java => AbstractOIDCTest.java}  | 199 ++++-----------------
 .../cxf/fediz/systests/oidc/OIDCTomcatTest.java    | 157 ++++++++++++++++
 .../{fediz_config.xml => fediz_config_tomcat.xml}  |   2 +-
 .../src/test/resources/realma/entities-realma.xml  |   2 +-
 5 files changed, 201 insertions(+), 167 deletions(-)

diff --git a/systests/oidc/pom.xml b/systests/oidc/pom.xml
index 1dce972..a535cb2 100644
--- a/systests/oidc/pom.xml
+++ b/systests/oidc/pom.xml
@@ -169,7 +169,7 @@
                                     <version>${project.version}</version>
                                     <type>war</type>
                                     <overWrite>true</overWrite>
-                                    <outputDirectory>target/tomcat/rp/webapps/fediz-oidc</outputDirectory>
+                                    <outputDirectory>target/tomcat/rp/webapps/fediz-oidc-tomcat</outputDirectory>
                                 </artifactItem>
                                 <artifactItem>
                                     <groupId>org.apache.cxf.fediz.systests</groupId>
@@ -195,7 +195,7 @@
                           <goal>copy-dependencies</goal>
                         </goals>
                         <configuration>
-                            <outputDirectory>${basedir}/target/tomcat/rp/webapps/fediz-oidc/WEB-INF/lib</outputDirectory>
+                            <outputDirectory>${basedir}/target/tomcat/rp/webapps/fediz-oidc-tomcat/WEB-INF/lib</outputDirectory>
                              <includeScope>compile</includeScope>
                         </configuration>
                     </execution>
@@ -230,7 +230,7 @@
                             <goal>copy-resources</goal>
                         </goals>
                         <configuration>
-                            <outputDirectory>${basedir}/target/tomcat/rp/webapps/fediz-oidc/WEB-INF</outputDirectory>
+                            <outputDirectory>${basedir}/target/tomcat/rp/webapps/fediz-oidc-tomcat/WEB-INF</outputDirectory>
                             <resources>          
                                 <resource>
                                     <directory>${basedir}/src/test/resources/oidc</directory>
@@ -258,7 +258,7 @@
                         <configuration>
                             <tasks>
                                 <delete>
-                                    <fileset dir="${basedir}/target/tomcat/rp/webapps/fediz-oidc/META-INF"
includes="context.xml" />
+                                    <fileset dir="${basedir}/target/tomcat/rp/webapps/fediz-oidc-tomcat/META-INF"
includes="context.xml" />
                                 </delete>
                             </tasks>
                         </configuration>
diff --git a/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
b/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/AbstractOIDCTest.java
similarity index 85%
rename from systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
rename to systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/AbstractOIDCTest.java
index 2ea4b63..ed27506 100644
--- a/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
+++ b/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/AbstractOIDCTest.java
@@ -20,9 +20,6 @@
 package org.apache.cxf.fediz.systests.oidc;
 
 
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
 import java.io.IOException;
 import java.net.URL;
 import java.nio.charset.StandardCharsets;
@@ -39,8 +36,6 @@ import java.util.List;
 import java.util.Locale;
 import java.util.TimeZone;
 
-import javax.servlet.ServletException;
-
 import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
 import com.gargoylesoftware.htmlunit.HttpMethod;
 import com.gargoylesoftware.htmlunit.UnexpectedPage;
@@ -59,14 +54,9 @@ import com.gargoylesoftware.htmlunit.html.HtmlTextInput;
 import com.gargoylesoftware.htmlunit.util.NameValuePair;
 import com.gargoylesoftware.htmlunit.util.WebConnectionWrapper;
 
-import org.apache.catalina.Context;
-import org.apache.catalina.LifecycleException;
 import org.apache.catalina.LifecycleState;
-import org.apache.catalina.connector.Connector;
 import org.apache.catalina.startup.Tomcat;
 import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.io.IOUtils;
-import org.apache.cxf.fediz.tomcat8.FederationAuthenticator;
 import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
 import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
@@ -74,126 +64,18 @@ import org.apache.cxf.rs.security.jose.jwt.JwtToken;
 import org.apache.http.auth.AuthScope;
 import org.apache.http.auth.UsernamePasswordCredentials;
 import org.apache.wss4j.common.util.Loader;
-import org.junit.AfterClass;
 import org.junit.Assert;
-import org.junit.BeforeClass;
 
 /**
  * Some OIDC tests.
  */
-public class OIDCTest {
-
-    static String idpHttpsPort;
-    static String rpHttpsPort;
-
-    private static Tomcat idpServer;
-    private static Tomcat rpServer;
+abstract class AbstractOIDCTest {
 
     private static String storedClientId;
     private static String storedClient2Id;
     private static String storedClientPassword;
 
-    @BeforeClass
-    public static void init() throws Exception {
-        System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
-        System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true");
-        System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "info");
-        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient",
"info");
-        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow",
"info");
-        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web",
"info");
-        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz",
"info");
-        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
-
-        idpHttpsPort = System.getProperty("idp.https.port");
-        Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
-        rpHttpsPort = System.getProperty("rp.https.port");
-        Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
-
-        idpServer = startServer(true, idpHttpsPort);
-        rpServer = startServer(false, rpHttpsPort);
-
-        loginToClientsPage(rpHttpsPort, idpHttpsPort);
-    }
-
-    private static Tomcat startServer(boolean idp, String port)
-        throws ServletException, LifecycleException, IOException {
-        Tomcat server = new Tomcat();
-        server.setPort(0);
-        String currentDir = new File(".").getCanonicalPath();
-        String baseDir = currentDir + File.separator + "target";
-        server.setBaseDir(baseDir);
-
-        if (idp) {
-            server.getHost().setAppBase("tomcat/idp/webapps");
-        } else {
-            server.getHost().setAppBase("tomcat/rp/webapps");
-        }
-        server.getHost().setAutoDeploy(true);
-        server.getHost().setDeployOnStartup(true);
-
-        Connector httpsConnector = new Connector();
-        httpsConnector.setPort(Integer.parseInt(port));
-        httpsConnector.setSecure(true);
-        httpsConnector.setScheme("https");
-        httpsConnector.setAttribute("keyAlias", "mytomidpkey");
-        httpsConnector.setAttribute("keystorePass", "tompass");
-        httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
-        httpsConnector.setAttribute("truststorePass", "tompass");
-        httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
-        httpsConnector.setAttribute("clientAuth", "want");
-        // httpsConnector.setAttribute("clientAuth", "false");
-        httpsConnector.setAttribute("sslProtocol", "TLS");
-        httpsConnector.setAttribute("SSLEnabled", true);
-
-        server.getService().addConnector(httpsConnector);
-
-        if (idp) {
-            File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(),
"fediz-idp-sts");
-            server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
-
-            File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(),
"fediz-idp");
-            server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
-        } else {
-            File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(),
"fediz-oidc");
-            Context cxt = server.addWebapp("/fediz-oidc", rpWebapp.getAbsolutePath());
-
-            // Substitute the IDP port. Necessary if running the test in eclipse where port
filtering doesn't seem
-            // to work
-            File f = new File(currentDir + "/src/test/resources/fediz_config.xml");
-            FileInputStream inputStream = new FileInputStream(f);
-            String content = IOUtils.toString(inputStream, "UTF-8");
-            inputStream.close();
-            if (content.contains("idp.https.port")) {
-                content = content.replaceAll("\\$\\{idp.https.port\\}", "" + idpHttpsPort);
-
-                File f2 = new File(baseDir + "/test-classes/fediz_config.xml");
-                try (FileOutputStream outputStream = new FileOutputStream(f2)) {
-                    IOUtils.write(content, outputStream, "UTF-8");
-                }
-            }
-
-            FederationAuthenticator fa = new FederationAuthenticator();
-            fa.setConfigFile(currentDir + File.separator + "target" + File.separator
-                             + "test-classes" + File.separator + "fediz_config.xml");
-            cxt.getPipeline().addValve(fa);
-        }
-
-        server.start();
-
-        return server;
-    }
-
-    @AfterClass
-    public static void cleanup() throws Exception {
-        try {
-            loginToClientsPageAndDeleteClient(rpHttpsPort, idpHttpsPort);
-        } finally {
-            shutdownServer(idpServer);
-            shutdownServer(rpServer);
-        }
-    }
-
-    private static void shutdownServer(Tomcat server) {
+    protected static void shutdownServer(Tomcat server) {
         try {
             if (server != null && server.getServer() != null
                 && server.getServer().getState() != LifecycleState.DESTROYED) {
@@ -207,21 +89,15 @@ public class OIDCTest {
         }
     }
 
-    public String getIdpHttpsPort() {
-        return idpHttpsPort;
-    }
+    protected abstract String getIdpHttpsPort();
 
-    public String getRpHttpsPort() {
-        return rpHttpsPort;
-    }
+    protected abstract String getRpHttpsPort();
 
-    public String getServletContextName() {
-        return "fedizhelloworld";
-    }
+    protected abstract String getServletContextName();
 
     // Runs as BeforeClass: Login to the OIDC Clients page + create two new clients
-    private static void loginToClientsPage(String rpPort, String idpPort) throws Exception
{
-        String url = "https://localhost:" + rpPort + "/fediz-oidc/console/clients";
+    protected static void loginToClientsPage(String rpPort, String idpPort, String servletContext)
throws Exception {
+        String url = "https://localhost:" + rpPort + "/" + servletContext + "/console/clients";
         String user = "alice";
         String password = "ecila";
 
@@ -295,8 +171,9 @@ public class OIDCTest {
     }
 
     // Runs as AfterClass: Login to the OIDC Clients page + delete the created clients!
-    private static void loginToClientsPageAndDeleteClient(String rpPort, String idpPort)
throws Exception {
-        String url = "https://localhost:" + rpPort + "/fediz-oidc/console/clients";
+    protected static void loginToClientsPageAndDeleteClient(String rpPort, String idpPort,

+                                                            String servletContext) throws
Exception {
+        String url = "https://localhost:" + rpPort + "/" + servletContext + "/console/clients";
         String user = "alice";
         String password = "ecila";
 
@@ -344,7 +221,7 @@ public class OIDCTest {
     // Test that we managed to create the clients ok
     @org.junit.Test
     public void testCreatedClients() throws Exception {
-        String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients";
+        String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/console/clients";
         String user = "alice";
         String password = "ecila";
 
@@ -386,7 +263,7 @@ public class OIDCTest {
     // Test that "bob" can't see the clients created by "alice"
     @org.junit.Test
     public void testRegisteredClientsAsBob() throws Exception {
-        String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients";
+        String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/console/clients";
         String user = "bob";
         String password = "bob";
 
@@ -408,7 +285,7 @@ public class OIDCTest {
     @org.junit.Test
     public void testOIDCLoginForClient1() throws Exception {
 
-        String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
+        String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/idp/authorize?";
         url += "client_id=" + storedClientId;
         url += "&response_type=code";
         url += "&scope=openid";
@@ -422,7 +299,7 @@ public class OIDCTest {
 
         // Now use the code to get an IdToken
 
-        url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/oauth2/token";
+        url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/oauth2/token";
         WebRequest request = new WebRequest(new URL(url), HttpMethod.POST);
 
         request.setRequestParameters(new ArrayList<NameValuePair>());
@@ -445,7 +322,7 @@ public class OIDCTest {
     @org.junit.Test
     public void testOIDCLoginForClient2() throws Exception {
 
-        String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
+        String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/idp/authorize?";
         url += "client_id=" + storedClient2Id;
         url += "&response_type=code";
         url += "&scope=openid";
@@ -459,7 +336,7 @@ public class OIDCTest {
 
         // Now use the code to get an IdToken
 
-        url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/oauth2/token";
+        url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/oauth2/token";
         WebRequest request = new WebRequest(new URL(url), HttpMethod.POST);
 
         request.setRequestParameters(new ArrayList<NameValuePair>());
@@ -482,7 +359,7 @@ public class OIDCTest {
     @org.junit.Test
     public void testUsingCodeForOtherClient() throws Exception {
         // Get the code for the first client
-        String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
+        String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/idp/authorize?";
         url += "client_id=" + storedClientId;
         url += "&response_type=code";
         url += "&scope=openid";
@@ -495,7 +372,7 @@ public class OIDCTest {
         Assert.assertNotNull(authorizationCode);
 
         // Now try and get a token for the second client
-        url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/oauth2/token";
+        url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/oauth2/token";
         WebRequest request = new WebRequest(new URL(url), HttpMethod.POST);
 
         request.setRequestParameters(new ArrayList<NameValuePair>());
@@ -515,7 +392,7 @@ public class OIDCTest {
     @org.junit.Test
     public void testBadClientId() throws Exception {
 
-        String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
+        String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/idp/authorize?";
         url += "client_id=" + storedClientId + 2;
         url += "&response_type=code";
         url += "&scope=openid";
@@ -534,7 +411,7 @@ public class OIDCTest {
     @org.junit.Test
     public void testEmptyClientId() throws Exception {
 
-        String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
+        String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/idp/authorize?";
         url += "client_id=";
         url += "&response_type=code";
         url += "&scope=openid";
@@ -553,7 +430,7 @@ public class OIDCTest {
     @org.junit.Test
     public void testIncorrectRedirectURI() throws Exception {
 
-        String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
+        String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/idp/authorize?";
         url += "client_id=" + storedClientId;
         url += "&response_type=code";
         url += "&scope=openid";
@@ -572,7 +449,7 @@ public class OIDCTest {
 
     @org.junit.Test
     public void testCreateClientWithInvalidRegistrationURI() throws Exception {
-        String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients";
+        String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/console/clients";
         String user = "alice";
         String password = "ecila";
 
@@ -596,7 +473,7 @@ public class OIDCTest {
 
     @org.junit.Test
     public void testCreateClientWithRegistrationURIFragment() throws Exception {
-        String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients";
+        String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/console/clients";
         String user = "alice";
         String password = "ecila";
 
@@ -620,7 +497,7 @@ public class OIDCTest {
 
     @org.junit.Test
     public void testCreateClientWithInvalidAudienceURI() throws Exception {
-        String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients";
+        String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/console/clients";
         String user = "alice";
         String password = "ecila";
 
@@ -644,7 +521,7 @@ public class OIDCTest {
 
     @org.junit.Test
     public void testCreateClientWithInvalidLogoutURI() throws Exception {
-        String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients";
+        String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/console/clients";
         String user = "alice";
         String password = "ecila";
 
@@ -668,7 +545,7 @@ public class OIDCTest {
 
     @org.junit.Test
     public void testCreateClientWithAudienceURIFragment() throws Exception {
-        String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients";
+        String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/console/clients";
         String user = "alice";
         String password = "ecila";
 
@@ -692,7 +569,7 @@ public class OIDCTest {
 
     @org.junit.Test
     public void testClientCredentialsSTS() throws Exception {
-        String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/oauth2/token";
+        String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/oauth2/token";
         WebRequest request = new WebRequest(new URL(url), HttpMethod.POST);
 
         request.setRequestParameters(new ArrayList<NameValuePair>());
@@ -713,7 +590,7 @@ public class OIDCTest {
 
     @org.junit.Test
     public void testCreateClientWithSupportedTLD() throws Exception {
-        String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients";
+        String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/console/clients";
         String user = "alice";
         String password = "ecila";
 
@@ -753,7 +630,7 @@ public class OIDCTest {
     @org.junit.Test
     public void testLogout() throws Exception {
         // 1. Log in
-        String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
+        String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/idp/authorize?";
         url += "client_id=" + storedClientId;
         url += "&response_type=code";
         url += "&scope=openid";
@@ -781,7 +658,7 @@ public class OIDCTest {
         Assert.assertNotNull(authorizationCode);
 
         // 3. Log out
-        String logoutUrl = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/logout?";
+        String logoutUrl = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/idp/logout?";
         logoutUrl += "client_id=" + storedClientId;
 
         webClient.getOptions().setJavaScriptEnabled(false);
@@ -806,7 +683,7 @@ public class OIDCTest {
     @org.junit.Test
     public void testLogoutViaTokenHint() throws Exception {
         // 1. Log in
-        String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
+        String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/idp/authorize?";
         url += "client_id=" + storedClientId;
         url += "&response_type=code";
         url += "&scope=openid";
@@ -824,7 +701,7 @@ public class OIDCTest {
         String data = storedClientId + ":" + storedClientPassword;
         String authorizationHeader = "Basic " + Base64.encodeBase64String(data.getBytes(StandardCharsets.UTF_8));
         webClient2.addRequestHeader("Authorization", authorizationHeader);
-        String tokenUrl = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/oauth2/token";
+        String tokenUrl = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/oauth2/token";
         WebRequest request = new WebRequest(new URL(tokenUrl), HttpMethod.POST);
 
         request.setRequestParameters(new ArrayList<NameValuePair>());
@@ -844,7 +721,7 @@ public class OIDCTest {
         webClient2.close();
 
         // 2. Log out using the token hint
-        String logoutUrl = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/logout?";
+        String logoutUrl = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/idp/logout?";
         logoutUrl += "id_token_hint=" + idToken;
 
         webClient.getOptions().setJavaScriptEnabled(false);
@@ -869,7 +746,7 @@ public class OIDCTest {
     // Test that the form has the correct CSRF token in it when creating a client
     @org.junit.Test
     public void testCSRFClientRegistration() throws Exception {
-        String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients";
+        String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/console/clients";
         String user = "alice";
         String password = "ecila";
 
@@ -901,7 +778,7 @@ public class OIDCTest {
     @org.junit.Test
     public void testOIDCLoginForClient1WithRoles() throws Exception {
 
-        String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
+        String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/idp/authorize?";
         url += "client_id=" + storedClientId;
         url += "&response_type=code";
         url += "&scope=openid";
@@ -916,7 +793,7 @@ public class OIDCTest {
 
         // Now use the code to get an IdToken
 
-        url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/oauth2/token";
+        url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/oauth2/token";
         WebRequest request = new WebRequest(new URL(url), HttpMethod.POST);
 
         request.setRequestParameters(new ArrayList<NameValuePair>());
@@ -939,7 +816,7 @@ public class OIDCTest {
     @org.junit.Test
     public void testOIDCLoginForClient1WithRolesScope() throws Exception {
 
-        String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
+        String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
+ "/idp/authorize?";
         url += "client_id=" + storedClientId;
         url += "&response_type=code";
         url += "&scope=openid%20roles";
@@ -953,7 +830,7 @@ public class OIDCTest {
 
         // Now use the code to get an IdToken
 
-        url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/oauth2/token";
+        url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/oauth2/token";
         WebRequest request = new WebRequest(new URL(url), HttpMethod.POST);
 
         request.setRequestParameters(new ArrayList<NameValuePair>());
diff --git a/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTomcatTest.java
b/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTomcatTest.java
new file mode 100644
index 0000000..062d5d2
--- /dev/null
+++ b/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTomcatTest.java
@@ -0,0 +1,157 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.systests.oidc;
+
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.LifecycleException;
+import org.apache.catalina.connector.Connector;
+import org.apache.catalina.startup.Tomcat;
+import org.apache.commons.io.IOUtils;
+import org.apache.cxf.fediz.tomcat8.FederationAuthenticator;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+
+/**
+ * Some OIDC tests where the OIDC is deployed and secured by the Fediz Tomcat plugin.
+ */
+public class OIDCTomcatTest extends AbstractOIDCTest {
+
+    static String idpHttpsPort;
+    static String rpHttpsPort;
+
+    private static Tomcat idpServer;
+    private static Tomcat rpServer;
+
+    @BeforeClass
+    public static void init() throws Exception {
+        idpHttpsPort = System.getProperty("idp.https.port");
+        Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
+        rpHttpsPort = System.getProperty("rp.https.port");
+        Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
+
+        idpServer = startServer(true, idpHttpsPort);
+        rpServer = startServer(false, rpHttpsPort);
+
+        loginToClientsPage(rpHttpsPort, idpHttpsPort, "fediz-oidc-tomcat");
+    }
+
+    private static Tomcat startServer(boolean idp, String port)
+        throws ServletException, LifecycleException, IOException {
+        Tomcat server = new Tomcat();
+        server.setPort(0);
+        String currentDir = new File(".").getCanonicalPath();
+        String baseDir = currentDir + File.separator + "target";
+        server.setBaseDir(baseDir);
+
+        if (idp) {
+            server.getHost().setAppBase("tomcat/idp/webapps");
+        } else {
+            server.getHost().setAppBase("tomcat/rp/webapps");
+        }
+        server.getHost().setAutoDeploy(true);
+        server.getHost().setDeployOnStartup(true);
+
+        Connector httpsConnector = new Connector();
+        httpsConnector.setPort(Integer.parseInt(port));
+        httpsConnector.setSecure(true);
+        httpsConnector.setScheme("https");
+        httpsConnector.setAttribute("keyAlias", "mytomidpkey");
+        httpsConnector.setAttribute("keystorePass", "tompass");
+        httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
+        httpsConnector.setAttribute("truststorePass", "tompass");
+        httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
+        httpsConnector.setAttribute("clientAuth", "want");
+        // httpsConnector.setAttribute("clientAuth", "false");
+        httpsConnector.setAttribute("sslProtocol", "TLS");
+        httpsConnector.setAttribute("SSLEnabled", true);
+
+        server.getService().addConnector(httpsConnector);
+
+        if (idp) {
+            File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(),
"fediz-idp-sts");
+            server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
+
+            File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(),
"fediz-idp");
+            server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
+        } else {
+            File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(),
"fediz-oidc-tomcat");
+            Context cxt = server.addWebapp("/fediz-oidc-tomcat", rpWebapp.getAbsolutePath());
+
+            // Substitute the IDP port. Necessary if running the test in eclipse where port
filtering doesn't seem
+            // to work
+            File f = new File(currentDir + "/src/test/resources/fediz_config_tomcat.xml");
+            FileInputStream inputStream = new FileInputStream(f);
+            String content = IOUtils.toString(inputStream, "UTF-8");
+            inputStream.close();
+            if (content.contains("idp.https.port")) {
+                content = content.replaceAll("\\$\\{idp.https.port\\}", "" + idpHttpsPort);
+
+                File f2 = new File(baseDir + "/test-classes/fediz_config_tomcat.xml");
+                try (FileOutputStream outputStream = new FileOutputStream(f2)) {
+                    IOUtils.write(content, outputStream, "UTF-8");
+                }
+            }
+
+            FederationAuthenticator fa = new FederationAuthenticator();
+            fa.setConfigFile(currentDir + File.separator + "target" + File.separator
+                             + "test-classes" + File.separator + "fediz_config_tomcat.xml");
+            cxt.getPipeline().addValve(fa);
+        }
+
+        server.start();
+
+        return server;
+    }
+
+    @AfterClass
+    public static void cleanup() throws Exception {
+        try {
+            loginToClientsPageAndDeleteClient(rpHttpsPort, idpHttpsPort, "fediz-oidc-tomcat");
+        } finally {
+            shutdownServer(idpServer);
+            shutdownServer(rpServer);
+        }
+    }
+
+    @Override
+    protected String getIdpHttpsPort() {
+        return idpHttpsPort;
+    }
+
+    @Override
+    protected String getRpHttpsPort() {
+        return rpHttpsPort;
+    }
+    
+    @Override
+    protected String getServletContextName() {
+        return "fediz-oidc-tomcat";
+    }
+
+}
diff --git a/systests/oidc/src/test/resources/fediz_config.xml b/systests/oidc/src/test/resources/fediz_config_tomcat.xml
similarity index 98%
rename from systests/oidc/src/test/resources/fediz_config.xml
rename to systests/oidc/src/test/resources/fediz_config_tomcat.xml
index 55c4def..4f7a22e 100644
--- a/systests/oidc/src/test/resources/fediz_config.xml
+++ b/systests/oidc/src/test/resources/fediz_config_tomcat.xml
@@ -23,7 +23,7 @@
      In Fediz 1.0, one keystore was used for SSL and the STS public certificate.
 -->
 <FedizConfig>
-	<contextConfig name="/fediz-oidc">
+	<contextConfig name="/fediz-oidc-tomcat">
 		<audienceUris>
 			<audienceItem>urn:org:apache:cxf:fediz:oidc</audienceItem>
 		</audienceUris>
diff --git a/systests/oidc/src/test/resources/realma/entities-realma.xml b/systests/oidc/src/test/resources/realma/entities-realma.xml
index a879dfb..79a29f8 100644
--- a/systests/oidc/src/test/resources/realma/entities-realma.xml
+++ b/systests/oidc/src/test/resources/realma/entities-realma.xml
@@ -119,7 +119,7 @@
         <property name="role" value="ApplicationServiceType" />
         <property name="tokenType" value="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
/>
         <property name="lifeTime" value="3600" />
-        <property name="passiveRequestorEndpointConstraint" value="https://localhost:?(\d)*/fediz-oidc/.*"
/>
+        <property name="passiveRequestorEndpointConstraint" value="https://localhost:?(\d)*/fediz-oidc.*/.*"
/>
     </bean>
     
     <bean class="org.apache.cxf.fediz.service.idp.service.jpa.ApplicationClaimEntity">

-- 
To stop receiving notification emails like this one, please contact
coheigea@apache.org.

Mime
View raw message