Repository: cxf Updated Branches: refs/heads/master d611a7a4b -> 7bf10fc3f
Moving LDAP tests to new integration module + re-enabling Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7bf10fc3 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7bf10fc3 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7bf10fc3 Branch: refs/heads/master Commit: 7bf10fc3fb018d533409cc444c2d7b75144b9e23 Parents: d611a7a Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Fri Dec 5 14:10:15 2014 +0000 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Fri Dec 5 14:10:44 2014 +0000 ---------------------------------------------------------------------- .../org/apache/cxf/sts/ldap/LDAPClaimsTest.java | 337 ------------------ .../sts-core/src/test/resources/ldap.properties | 21 -- .../sts/sts-core/src/test/resources/ldap.xml | 52 --- systests/kerberos/pom.xml | 13 + .../systest/kerberos/ldap/LDAPClaimsTest.java | 346 +++++++++++++++++++ systests/kerberos/src/test/resources/ldap.ldif | 73 ++++ .../kerberos/src/test/resources/ldap.properties | 21 ++ systests/kerberos/src/test/resources/ldap.xml | 52 +++ 8 files changed, 505 insertions(+), 410 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/7bf10fc3/services/sts/sts-core/src/test/java/org/apache/cxf/sts/ldap/LDAPClaimsTest.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/ldap/LDAPClaimsTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/ldap/LDAPClaimsTest.java deleted file mode 100644 index f302c0a..0000000 --- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/ldap/LDAPClaimsTest.java +++ /dev/null @@ -1,337 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.sts.ldap; - -import java.io.InputStream; -import java.net.URI; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.Properties; - -import javax.naming.NamingEnumeration; -import javax.naming.NamingException; -import javax.naming.directory.Attribute; -import javax.naming.directory.Attributes; -import javax.naming.directory.SearchControls; - -import org.apache.cxf.helpers.CastUtils; -import org.apache.cxf.rt.security.claims.Claim; -import org.apache.cxf.rt.security.claims.ClaimCollection; -import org.apache.cxf.sts.claims.ClaimTypes; -import org.apache.cxf.sts.claims.ClaimsParameters; -import org.apache.cxf.sts.claims.LdapClaimsHandler; -import org.apache.cxf.sts.claims.ProcessedClaim; -import org.apache.cxf.sts.claims.ProcessedClaimCollection; -import org.apache.cxf.ws.security.sts.provider.STSException; -import org.apache.wss4j.common.principal.CustomTokenPrincipal; -import org.junit.BeforeClass; -import org.springframework.context.support.ClassPathXmlApplicationContext; -import org.springframework.ldap.core.AttributesMapper; -import org.springframework.ldap.core.LdapTemplate; -import org.springframework.ldap.filter.AndFilter; -import org.springframework.ldap.filter.EqualsFilter; -import org.springframework.util.Assert; - -public class LDAPClaimsTest { - - private static ClassPathXmlApplicationContext appContext; - private static Properties props; - - @BeforeClass - public static void setUpLdap() throws Exception { - appContext = new ClassPathXmlApplicationContext("ldap.xml"); - props = new Properties(); - - InputStream is = null; - try { - is = LDAPClaimsTest.class.getResourceAsStream("/ldap.properties"); - props.load(is); - } catch (Exception e) { - e.printStackTrace(); - } finally { - if (is != null) { - is.close(); - } - } - } - - - @org.junit.Test - @org.junit.Ignore - public void testRetrieveClaims() throws Exception { - LdapClaimsHandler claimsHandler = (LdapClaimsHandler)appContext.getBean("testClaimsHandler"); - - String user = props.getProperty("claimUser"); - Assert.notNull(user, "Property 'claimUser' not configured"); - - ClaimCollection requestedClaims = createRequestClaimCollection(); - - List<URI> expectedClaims = new ArrayList<URI>(); - expectedClaims.add(ClaimTypes.FIRSTNAME); - expectedClaims.add(ClaimTypes.LASTNAME); - expectedClaims.add(ClaimTypes.EMAILADDRESS); - - ClaimsParameters params = new ClaimsParameters(); - params.setPrincipal(new CustomTokenPrincipal(user)); - ProcessedClaimCollection retrievedClaims = - claimsHandler.retrieveClaimValues(requestedClaims, params); - - Assert.isTrue( - retrievedClaims.size() == expectedClaims.size(), - "Retrieved number of claims [" + retrievedClaims.size() - + "] doesn't match with expected [" + expectedClaims.size() + "]" - ); - - for (ProcessedClaim c : retrievedClaims) { - if (expectedClaims.contains(c.getClaimType())) { - expectedClaims.remove(c.getClaimType()); - } else { - Assert.isTrue(false, "Claim '" + c.getClaimType() + "' not requested"); - } - } - - } - - @org.junit.Test - @org.junit.Ignore - public void testMultiUserBaseDNs() throws Exception { - LdapClaimsHandler claimsHandler = (LdapClaimsHandler)appContext.getBean("testClaimsHandlerMultipleUserBaseDNs"); - - String user = props.getProperty("claimUser"); - Assert.notNull(user, "Property 'claimUser' not configured"); - String otherUser = props.getProperty("otherClaimUser"); - Assert.notNull(otherUser, "Property 'otherClaimUser' not configured"); - - ClaimCollection requestedClaims = createRequestClaimCollection(); - - List<URI> expectedClaims = new ArrayList<URI>(); - expectedClaims.add(ClaimTypes.FIRSTNAME); - expectedClaims.add(ClaimTypes.LASTNAME); - expectedClaims.add(ClaimTypes.EMAILADDRESS); - - // First user - ClaimsParameters params = new ClaimsParameters(); - params.setPrincipal(new CustomTokenPrincipal(user)); - ProcessedClaimCollection retrievedClaims = - claimsHandler.retrieveClaimValues(requestedClaims, params); - - Assert.isTrue( - retrievedClaims.size() == expectedClaims.size(), - "Retrieved number of claims [" + retrievedClaims.size() - + "] doesn't match with expected [" + expectedClaims.size() + "]" - ); - - for (ProcessedClaim c : retrievedClaims) { - if (expectedClaims.contains(c.getClaimType())) { - expectedClaims.remove(c.getClaimType()); - } else { - Assert.isTrue(false, "Claim '" + c.getClaimType() + "' not requested"); - } - } - - // Second user - params.setPrincipal(new CustomTokenPrincipal(otherUser)); - retrievedClaims = claimsHandler.retrieveClaimValues(requestedClaims, params); - - expectedClaims.add(ClaimTypes.FIRSTNAME); - expectedClaims.add(ClaimTypes.LASTNAME); - expectedClaims.add(ClaimTypes.EMAILADDRESS); - - Assert.isTrue( - retrievedClaims.size() == expectedClaims.size(), - "Retrieved number of claims [" + retrievedClaims.size() - + "] doesn't match with expected [" + expectedClaims.size() + "]" - ); - - for (ProcessedClaim c : retrievedClaims) { - if (expectedClaims.contains(c.getClaimType())) { - expectedClaims.remove(c.getClaimType()); - } else { - Assert.isTrue(false, "Claim '" + c.getClaimType() + "' not requested"); - } - } - } - - @org.junit.Test(expected = STSException.class) - @org.junit.Ignore - public void testRetrieveClaimsWithUnsupportedMandatoryClaimType() throws Exception { - LdapClaimsHandler claimsHandler = (LdapClaimsHandler)appContext.getBean("testClaimsHandler"); - - String user = props.getProperty("claimUser"); - Assert.notNull(user, "Property 'claimUser' not configured"); - - ClaimCollection requestedClaims = createRequestClaimCollection(); - // add unsupported but mandatory claim - Claim claim = new Claim(); - claim.setClaimType(ClaimTypes.GENDER); - claim.setOptional(false); - requestedClaims.add(claim); - - ClaimsParameters params = new ClaimsParameters(); - params.setPrincipal(new CustomTokenPrincipal(user)); - claimsHandler.retrieveClaimValues(requestedClaims, params); - } - - @org.junit.Test - @org.junit.Ignore - public void testRetrieveClaimsWithUnsupportedOptionalClaimType() throws Exception { - LdapClaimsHandler claimsHandler = (LdapClaimsHandler)appContext.getBean("testClaimsHandler"); - - String user = props.getProperty("claimUser"); - Assert.notNull(user, "Property 'claimUser' not configured"); - - ClaimCollection requestedClaims = createRequestClaimCollection(); - // add unsupported but optional unsupported claim - Claim claim = new Claim(); - claim.setClaimType(ClaimTypes.GENDER); - claim.setOptional(true); - requestedClaims.add(claim); - - // Gender is not expected to be returned because not supported - List<URI> expectedClaims = new ArrayList<URI>(); - expectedClaims.add(ClaimTypes.FIRSTNAME); - expectedClaims.add(ClaimTypes.LASTNAME); - expectedClaims.add(ClaimTypes.EMAILADDRESS); - - ClaimsParameters params = new ClaimsParameters(); - params.setPrincipal(new CustomTokenPrincipal(user)); - ProcessedClaimCollection retrievedClaims = - claimsHandler.retrieveClaimValues(requestedClaims, params); - - Assert.isTrue( - retrievedClaims.size() == expectedClaims.size(), - "Retrieved number of claims [" + retrievedClaims.size() - + "] doesn't match with expected [" + expectedClaims.size() + "]" - ); - - for (ProcessedClaim c : retrievedClaims) { - if (expectedClaims.contains(c.getClaimType())) { - expectedClaims.remove(c.getClaimType()); - } else { - Assert.isTrue(false, "Claim '" + c.getClaimType() + "' not requested"); - } - } - } - - private ClaimCollection createRequestClaimCollection() { - ClaimCollection claims = new ClaimCollection(); - Claim claim = new Claim(); - claim.setClaimType(ClaimTypes.FIRSTNAME); - claim.setOptional(true); - claims.add(claim); - claim = new Claim(); - claim.setClaimType(ClaimTypes.LASTNAME); - claim.setOptional(true); - claims.add(claim); - claim = new Claim(); - claim.setClaimType(ClaimTypes.EMAILADDRESS); - claim.setOptional(true); - claims.add(claim); - return claims; - } - - @org.junit.Test - public void testSupportedClaims() throws Exception { - - Map<String, String> mapping - = CastUtils.cast((Map<?, ?>)appContext.getBean("claimsToLdapAttributeMapping")); - - LdapClaimsHandler cHandler = new LdapClaimsHandler(); - cHandler.setClaimsLdapAttributeMapping(mapping); - - List<URI> supportedClaims = cHandler.getSupportedClaimTypes(); - - Assert.isTrue( - mapping.size() == supportedClaims.size(), - "Supported claims and claims/ldap attribute mapping size different" - ); - - for (String claim : mapping.keySet()) { - Assert.isTrue( - supportedClaims.contains(new URI(claim)), - "Claim '" + claim + "' not listed in supported list" - ); - } - } - - - @org.junit.Test - @org.junit.Ignore - public void testLdapTemplate() throws Exception { - - try { - LdapTemplate ldap = (LdapTemplate)appContext.getBean("ldapTemplate"); - - String user = props.getProperty("claimUser"); - Assert.notNull(user, "Property 'claimUser' not configured"); - - String dn = null; - - AndFilter filter = new AndFilter(); - filter.and(new EqualsFilter("objectclass", "person")).and(new EqualsFilter("cn", user)); - - //find DN of user - AttributesMapper mapper = - new AttributesMapper() { - public Object mapFromAttributes(Attributes attrs) throws NamingException { - return attrs.get("distinguishedName").get(); - } - }; - @SuppressWarnings("rawtypes") - List users = - ldap.search( - "OU=users,DC=emea,DC=mycompany,DC=com", - filter.toString(), - SearchControls.SUBTREE_SCOPE, - mapper - ); - - Assert.isTrue(users.size() == 1, "Only one user expected"); - dn = (String)users.get(0); - - // get attributes - AttributesMapper mapper2 = - new AttributesMapper() { - public Object mapFromAttributes(Attributes attrs) throws NamingException { - Map<String, String> map = new HashMap<String, String>(); - NamingEnumeration<? extends Attribute> attrEnum = attrs.getAll(); - while (attrEnum.hasMore()) { - Attribute att = attrEnum.next(); - System.out.println(att.toString()); - } - - map.put("cn", (String)attrs.get("cn").get()); - map.put("mail", (String)attrs.get("mail").get()); - map.put("sn", (String)attrs.get("sn").get()); - map.put("givenName", (String)attrs.get("givenName").get()); - return map; - } - }; - ldap.lookup(dn, new String[] {"cn", "mail", "sn", "givenName", "c"}, mapper2); - } catch (Exception e) { - e.printStackTrace(); - } - - - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/7bf10fc3/services/sts/sts-core/src/test/resources/ldap.properties ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/test/resources/ldap.properties b/services/sts/sts-core/src/test/resources/ldap.properties deleted file mode 100644 index 7ca488b..0000000 --- a/services/sts/sts-core/src/test/resources/ldap.properties +++ /dev/null @@ -1,21 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -claimUser=alice -otherClaimUser=bob \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cxf/blob/7bf10fc3/services/sts/sts-core/src/test/resources/ldap.xml ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/test/resources/ldap.xml b/services/sts/sts-core/src/test/resources/ldap.xml deleted file mode 100644 index 1d395f8..0000000 --- a/services/sts/sts-core/src/test/resources/ldap.xml +++ /dev/null @@ -1,52 +0,0 @@ -<?xml version="1.0"?> -<!-- - - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. - ---> -<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation=" http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd"> - <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource"> - <property name="url" value="ldap://mycompany.com:389"/> - <property name="userDn" value="CN=test,OU=svcUID,OU=users,DC=emea,DC=mycompany,DC=com"/> - <property name="password" value="changeit"/> - </bean> - <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate"> - <constructor-arg ref="contextSource"/> - </bean> - <util:map id="claimsToLdapAttributeMapping"> - <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" value="givenName"/> - <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" value="sn"/> - <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" value="mail"/> - <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country" value="c"/> - </util:map> - <bean id="testClaimsHandler" class="org.apache.cxf.sts.claims.LdapClaimsHandler"> - <property name="ldapTemplate" ref="ldapTemplate" /> - <property name="claimsLdapAttributeMapping" ref="claimsToLdapAttributeMapping" /> - <property name="userBaseDN" value="OU=users,DC=emea,DC=mycompany,DC=com" /> - </bean> - <bean id="testClaimsHandlerMultipleUserBaseDNs" class="org.apache.cxf.sts.claims.LdapClaimsHandler"> - <property name="ldapTemplate" ref="ldapTemplate" /> - <property name="claimsLdapAttributeMapping" ref="claimsToLdapAttributeMapping" /> - <property name="userBaseDNs"> - <list> - <value>OU=users,DC=emea,DC=mycompany,DC=com</value> - <value>OU=other-users,DC=emea,DC=mycompany,DC=com</value> - </list> - </property> - </bean> -</beans> http://git-wip-us.apache.org/repos/asf/cxf/blob/7bf10fc3/systests/kerberos/pom.xml ---------------------------------------------------------------------- diff --git a/systests/kerberos/pom.xml b/systests/kerberos/pom.xml index 719af69..07aeac6 100644 --- a/systests/kerberos/pom.xml +++ b/systests/kerberos/pom.xml @@ -281,6 +281,19 @@ <version>2.4</version> <scope>test</scope> </dependency> + <dependency> + <groupId>org.springframework.ldap</groupId> + <artifactId>spring-ldap-core</artifactId> + <version>${cxf.spring.ldap.version}</version> + <scope>test</scope> + <exclusions> + <exclusion> + <groupId>commons-logging</groupId> + <artifactId>commons-logging</artifactId> + </exclusion> + </exclusions> + </dependency> + </dependencies> <profiles> <profile> http://git-wip-us.apache.org/repos/asf/cxf/blob/7bf10fc3/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java ---------------------------------------------------------------------- diff --git a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java new file mode 100644 index 0000000..a29d581 --- /dev/null +++ b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/ldap/LDAPClaimsTest.java @@ -0,0 +1,346 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.kerberos.ldap; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.InputStream; +import java.net.URI; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; +import java.util.Properties; + +import org.apache.commons.io.IOUtils; +import org.apache.cxf.helpers.CastUtils; +import org.apache.cxf.rt.security.claims.Claim; +import org.apache.cxf.rt.security.claims.ClaimCollection; +import org.apache.cxf.sts.claims.ClaimTypes; +import org.apache.cxf.sts.claims.ClaimsParameters; +import org.apache.cxf.sts.claims.LdapClaimsHandler; +import org.apache.cxf.sts.claims.ProcessedClaim; +import org.apache.cxf.sts.claims.ProcessedClaimCollection; +import org.apache.cxf.ws.security.sts.provider.STSException; +import org.apache.directory.server.annotations.CreateLdapServer; +import org.apache.directory.server.annotations.CreateTransport; +import org.apache.directory.server.core.annotations.ApplyLdifFiles; +import org.apache.directory.server.core.annotations.CreateDS; +import org.apache.directory.server.core.annotations.CreateIndex; +import org.apache.directory.server.core.annotations.CreatePartition; +import org.apache.directory.server.core.integ.AbstractLdapTestUnit; +import org.apache.directory.server.core.integ.FrameworkRunner; +import org.apache.wss4j.common.principal.CustomTokenPrincipal; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.runner.RunWith; +import org.springframework.context.support.ClassPathXmlApplicationContext; +import org.springframework.util.Assert; + +@RunWith(FrameworkRunner.class) + +//Define the DirectoryService +@CreateDS(name = "LDAPClaimsTest-class", + enableAccessControl = false, + allowAnonAccess = false, + enableChangeLog = true, + partitions = { + @CreatePartition( + name = "example", + suffix = "dc=example,dc=com", + indexes = { + @CreateIndex(attribute = "objectClass"), + @CreateIndex(attribute = "dc"), + @CreateIndex(attribute = "ou") + } + ) } +) + +@CreateLdapServer( + transports = { + @CreateTransport(protocol = "LDAP") + } +) + +//Inject an file containing entries +@ApplyLdifFiles("ldap.ldif") + +public class LDAPClaimsTest extends AbstractLdapTestUnit { + + private static Properties props; + private static boolean portUpdated; + + private ClassPathXmlApplicationContext appContext; + + @BeforeClass + public static void startServers() throws Exception { + props = new Properties(); + + InputStream is = null; + try { + is = LDAPClaimsTest.class.getResourceAsStream("/ldap.properties"); + props.load(is); + } catch (Exception e) { + e.printStackTrace(); + } finally { + if (is != null) { + is.close(); + } + } + } + + @Before + public void updatePort() throws Exception { + if (!portUpdated) { + String basedir = System.getProperty("basedir"); + if (basedir == null) { + basedir = new File(".").getCanonicalPath(); + } + + // Read in ldap.xml and substitute in the correct port + File f = new File(basedir + "/src/test/resources/ldap.xml"); + + FileInputStream inputStream = new FileInputStream(f); + String content = IOUtils.toString(inputStream, "UTF-8"); + inputStream.close(); + content = content.replaceAll("portno", "" + super.getLdapServer().getPort()); + + File f2 = new File(basedir + "/target/test-classes/ldapport.xml"); + FileOutputStream outputStream = new FileOutputStream(f2); + IOUtils.write(content, outputStream, "UTF-8"); + outputStream.close(); + + portUpdated = true; + } + + appContext = new ClassPathXmlApplicationContext("ldapport.xml"); + } + + @org.junit.Test + public void testRetrieveClaims() throws Exception { + LdapClaimsHandler claimsHandler = (LdapClaimsHandler)appContext.getBean("testClaimsHandler"); + + String user = props.getProperty("claimUser"); + Assert.notNull(user, "Property 'claimUser' not configured"); + + ClaimCollection requestedClaims = createRequestClaimCollection(); + + List<URI> expectedClaims = new ArrayList<URI>(); + expectedClaims.add(ClaimTypes.FIRSTNAME); + expectedClaims.add(ClaimTypes.LASTNAME); + expectedClaims.add(ClaimTypes.EMAILADDRESS); + + ClaimsParameters params = new ClaimsParameters(); + params.setPrincipal(new CustomTokenPrincipal(user)); + ProcessedClaimCollection retrievedClaims = + claimsHandler.retrieveClaimValues(requestedClaims, params); + + Assert.isTrue( + retrievedClaims.size() == expectedClaims.size(), + "Retrieved number of claims [" + retrievedClaims.size() + + "] doesn't match with expected [" + expectedClaims.size() + "]" + ); + + for (ProcessedClaim c : retrievedClaims) { + if (expectedClaims.contains(c.getClaimType())) { + expectedClaims.remove(c.getClaimType()); + } else { + Assert.isTrue(false, "Claim '" + c.getClaimType() + "' not requested"); + } + } + } + + @org.junit.Test + public void testMultiUserBaseDNs() throws Exception { + LdapClaimsHandler claimsHandler = (LdapClaimsHandler)appContext.getBean("testClaimsHandlerMultipleUserBaseDNs"); + + String user = props.getProperty("claimUser"); + Assert.notNull(user, "Property 'claimUser' not configured"); + String otherUser = props.getProperty("otherClaimUser"); + Assert.notNull(otherUser, "Property 'otherClaimUser' not configured"); + + ClaimCollection requestedClaims = createRequestClaimCollection(); + + List<URI> expectedClaims = new ArrayList<URI>(); + expectedClaims.add(ClaimTypes.FIRSTNAME); + expectedClaims.add(ClaimTypes.LASTNAME); + expectedClaims.add(ClaimTypes.EMAILADDRESS); + + // First user + ClaimsParameters params = new ClaimsParameters(); + params.setPrincipal(new CustomTokenPrincipal(user)); + ProcessedClaimCollection retrievedClaims = + claimsHandler.retrieveClaimValues(requestedClaims, params); + + Assert.isTrue( + retrievedClaims.size() == expectedClaims.size(), + "Retrieved number of claims [" + retrievedClaims.size() + + "] doesn't match with expected [" + expectedClaims.size() + "]" + ); + + for (ProcessedClaim c : retrievedClaims) { + if (expectedClaims.contains(c.getClaimType())) { + expectedClaims.remove(c.getClaimType()); + } else { + Assert.isTrue(false, "Claim '" + c.getClaimType() + "' not requested"); + } + } + + // Second user + params.setPrincipal(new CustomTokenPrincipal(otherUser)); + retrievedClaims = claimsHandler.retrieveClaimValues(requestedClaims, params); + + expectedClaims.add(ClaimTypes.FIRSTNAME); + expectedClaims.add(ClaimTypes.LASTNAME); + expectedClaims.add(ClaimTypes.EMAILADDRESS); + + Assert.isTrue( + retrievedClaims.size() == expectedClaims.size(), + "Retrieved number of claims [" + retrievedClaims.size() + + "] doesn't match with expected [" + expectedClaims.size() + "]" + ); + + for (ProcessedClaim c : retrievedClaims) { + if (expectedClaims.contains(c.getClaimType())) { + expectedClaims.remove(c.getClaimType()); + } else { + Assert.isTrue(false, "Claim '" + c.getClaimType() + "' not requested"); + } + } + } + + @org.junit.Test(expected = STSException.class) + public void testRetrieveClaimsWithUnsupportedMandatoryClaimType() throws Exception { + LdapClaimsHandler claimsHandler = (LdapClaimsHandler)appContext.getBean("testClaimsHandler"); + + String user = props.getProperty("claimUser"); + Assert.notNull(user, "Property 'claimUser' not configured"); + + ClaimCollection requestedClaims = createRequestClaimCollection(); + // add unsupported but mandatory claim + Claim claim = new Claim(); + claim.setClaimType(ClaimTypes.GENDER); + claim.setOptional(false); + requestedClaims.add(claim); + + ClaimsParameters params = new ClaimsParameters(); + params.setPrincipal(new CustomTokenPrincipal(user)); + ProcessedClaimCollection processedClaim = + claimsHandler.retrieveClaimValues(requestedClaims, params); + + for (Claim requestedClaim : requestedClaims) { + URI claimType = requestedClaim.getClaimType(); + boolean found = false; + if (!requestedClaim.isOptional()) { + for (ProcessedClaim c : processedClaim) { + if (c.getClaimType().equals(claimType)) { + found = true; + break; + } + } + if (!found) { + throw new STSException("Mandatory claim '" + claim.getClaimType() + "' not found"); + } + } + } + } + + @org.junit.Test + public void testRetrieveClaimsWithUnsupportedOptionalClaimType() throws Exception { + LdapClaimsHandler claimsHandler = (LdapClaimsHandler)appContext.getBean("testClaimsHandler"); + + String user = props.getProperty("claimUser"); + Assert.notNull(user, "Property 'claimUser' not configured"); + + ClaimCollection requestedClaims = createRequestClaimCollection(); + // add unsupported but optional unsupported claim + Claim claim = new Claim(); + claim.setClaimType(ClaimTypes.GENDER); + claim.setOptional(true); + requestedClaims.add(claim); + + // Gender is not expected to be returned because not supported + List<URI> expectedClaims = new ArrayList<URI>(); + expectedClaims.add(ClaimTypes.FIRSTNAME); + expectedClaims.add(ClaimTypes.LASTNAME); + expectedClaims.add(ClaimTypes.EMAILADDRESS); + + ClaimsParameters params = new ClaimsParameters(); + params.setPrincipal(new CustomTokenPrincipal(user)); + ProcessedClaimCollection retrievedClaims = + claimsHandler.retrieveClaimValues(requestedClaims, params); + + Assert.isTrue( + retrievedClaims.size() == expectedClaims.size(), + "Retrieved number of claims [" + retrievedClaims.size() + + "] doesn't match with expected [" + expectedClaims.size() + "]" + ); + + for (ProcessedClaim c : retrievedClaims) { + if (expectedClaims.contains(c.getClaimType())) { + expectedClaims.remove(c.getClaimType()); + } else { + Assert.isTrue(false, "Claim '" + c.getClaimType() + "' not requested"); + } + } + } + + @org.junit.Test + public void testSupportedClaims() throws Exception { + + Map<String, String> mapping + = CastUtils.cast((Map<?, ?>)appContext.getBean("claimsToLdapAttributeMapping")); + + LdapClaimsHandler cHandler = new LdapClaimsHandler(); + cHandler.setClaimsLdapAttributeMapping(mapping); + + List<URI> supportedClaims = cHandler.getSupportedClaimTypes(); + + Assert.isTrue( + mapping.size() == supportedClaims.size(), + "Supported claims and claims/ldap attribute mapping size different" + ); + + for (String claim : mapping.keySet()) { + Assert.isTrue( + supportedClaims.contains(new URI(claim)), + "Claim '" + claim + "' not listed in supported list" + ); + } + } + + private ClaimCollection createRequestClaimCollection() { + ClaimCollection claims = new ClaimCollection(); + Claim claim = new Claim(); + claim.setClaimType(ClaimTypes.FIRSTNAME); + claim.setOptional(true); + claims.add(claim); + claim = new Claim(); + claim.setClaimType(ClaimTypes.LASTNAME); + claim.setOptional(true); + claims.add(claim); + claim = new Claim(); + claim.setClaimType(ClaimTypes.EMAILADDRESS); + claim.setOptional(true); + claims.add(claim); + return claims; + } + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/7bf10fc3/systests/kerberos/src/test/resources/ldap.ldif ---------------------------------------------------------------------- diff --git a/systests/kerberos/src/test/resources/ldap.ldif b/systests/kerberos/src/test/resources/ldap.ldif new file mode 100644 index 0000000..bdb6a83 --- /dev/null +++ b/systests/kerberos/src/test/resources/ldap.ldif @@ -0,0 +1,73 @@ +dn: dc=example,dc=com +dc: example +objectClass: top +objectClass: domain + +dn: ou=users,dc=example,dc=com +objectClass: organizationalUnit +objectClass: top +ou: users + +dn: ou=other-users,dc=example,dc=com +objectClass: organizationalUnit +objectClass: top +ou: other-users + +dn: ou=groups,dc=example,dc=com +objectClass: top +objectClass: organizationalUnit +ou: groups + +dn: cn=employee,ou=groups,dc=example,dc=com +objectClass: groupOfNames +objectClass: top +cn: employee +member: cn=alice,ou=users,dc=example,dc=com +member: cn=bob,ou=other-users,dc=example,dc=com +description: This is an employee + +dn: cn=boss,ou=groups,dc=example,dc=com +objectClass: groupOfNames +objectClass: top +cn: boss +member: cn=alice,ou=users,dc=example,dc=com +description: The boss + +# Web server identity/service principal. +dn: cn=bob,ou=other-users,dc=example,dc=com +objectclass: top +objectclass: person +objectclass: inetOrgPerson +objectclass: organizationalPerson +cn: bob +sn: green +uid: bob +mail: b...@users.apache.org +givenname: bob2 +userpassword: security + +# User / client principal. +dn: cn=alice,ou=users,dc=example,dc=com +objectclass: top +objectclass: person +objectclass: inetOrgPerson +objectclass: organizationalPerson +cn: alice +sn: smith +uid: alice +mail: al...@users.apache.org +givenname: alice2 +userpassword: security + +dn: uid=admin,dc=example,dc=com +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +cn: system administrator +sn: administrator +displayName: Directory Superuser +uid: admin +userPassword:: e1NTSEF9c2UyV0ZiWHowL2RjSkVuTWgvOWNOZnIzUXU4YUg1R1gvM2E1OFE9P + Q== + http://git-wip-us.apache.org/repos/asf/cxf/blob/7bf10fc3/systests/kerberos/src/test/resources/ldap.properties ---------------------------------------------------------------------- diff --git a/systests/kerberos/src/test/resources/ldap.properties b/systests/kerberos/src/test/resources/ldap.properties new file mode 100644 index 0000000..7ca488b --- /dev/null +++ b/systests/kerberos/src/test/resources/ldap.properties @@ -0,0 +1,21 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +claimUser=alice +otherClaimUser=bob \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cxf/blob/7bf10fc3/systests/kerberos/src/test/resources/ldap.xml ---------------------------------------------------------------------- diff --git a/systests/kerberos/src/test/resources/ldap.xml b/systests/kerberos/src/test/resources/ldap.xml new file mode 100644 index 0000000..6cf0396 --- /dev/null +++ b/systests/kerberos/src/test/resources/ldap.xml @@ -0,0 +1,52 @@ +<?xml version="1.0"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. + +--> +<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation=" http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd"> + <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource"> + <property name="url" value="ldap://localhost:portno"/> + <property name="userDn" value="UID=admin,DC=example,DC=com"/> + <property name="password" value="ldap_su"/> + </bean> + <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate"> + <constructor-arg ref="contextSource"/> + </bean> + <util:map id="claimsToLdapAttributeMapping"> + <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" value="givenname"/> + <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" value="sn"/> + <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" value="mail"/> + <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country" value="c"/> + </util:map> + <bean id="testClaimsHandler" class="org.apache.cxf.sts.claims.LdapClaimsHandler"> + <property name="ldapTemplate" ref="ldapTemplate" /> + <property name="claimsLdapAttributeMapping" ref="claimsToLdapAttributeMapping" /> + <property name="userBaseDN" value="OU=users,DC=example,DC=com" /> + </bean> + <bean id="testClaimsHandlerMultipleUserBaseDNs" class="org.apache.cxf.sts.claims.LdapClaimsHandler"> + <property name="ldapTemplate" ref="ldapTemplate" /> + <property name="claimsLdapAttributeMapping" ref="claimsToLdapAttributeMapping" /> + <property name="userBaseDNs"> + <list> + <value>OU=users,DC=example,DC=com</value> + <value>OU=other-users,DC=example,DC=com</value> + </list> + </property> + </bean> +</beans>