Adding a SAML SSO Metadata test
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/da352523 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/da352523 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/da352523 Branch: refs/heads/master Commit: da352523c42bf69ab743f75a5216a03e26a20bef Parents: 4bc0c5e Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Thu Apr 16 14:08:19 2015 +0100 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Thu Apr 16 14:08:19 2015 +0100 ---------------------------------------------------------------------- systests/rs-security/pom.xml | 5 ++ .../samlsso/KeystorePasswordCallback.java | 56 +++++++++++++++ .../jaxrs/security/samlsso/MetadataServer.java | 57 ++++++++++++++++ .../jaxrs/security/samlsso/MetadataTest.java | 72 ++++++++++++++++++++ .../systest/jaxrs/security/samlsso/client.xml | 38 +++++++++++ .../jaxrs/security/samlsso/metadata-server.xml | 60 ++++++++++++++++ 6 files changed, 288 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/da352523/systests/rs-security/pom.xml ---------------------------------------------------------------------- diff --git a/systests/rs-security/pom.xml b/systests/rs-security/pom.xml index 21fdf6b..7eaadbc 100644 --- a/systests/rs-security/pom.xml +++ b/systests/rs-security/pom.xml @@ -73,6 +73,11 @@ </dependency> <dependency> <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-rs-security-sso-saml</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.apache.cxf</groupId> <artifactId>cxf-rt-rs-security-oauth2-jose</artifactId> <version>${project.version}</version> </dependency> http://git-wip-us.apache.org/repos/asf/cxf/blob/da352523/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/KeystorePasswordCallback.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/KeystorePasswordCallback.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/KeystorePasswordCallback.java new file mode 100644 index 0000000..e90554c --- /dev/null +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/KeystorePasswordCallback.java @@ -0,0 +1,56 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.jaxrs.security.samlsso; + +import java.io.IOException; + +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.UnsupportedCallbackException; + +import org.apache.wss4j.common.ext.WSPasswordCallback; + +/** + */ + +public class KeystorePasswordCallback implements CallbackHandler { + + public KeystorePasswordCallback() { + } + + /** + * It attempts to get the password from the private + * alias/passwords map. + */ + public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { + for (int i = 0; i < callbacks.length; i++) { + WSPasswordCallback pc = (WSPasswordCallback)callbacks[i]; + if ("alice".equals(pc.getIdentifier())) { + pc.setPassword("password"); + } else if ("bob".equals(pc.getIdentifier())) { + pc.setPassword("password"); + } else { + pc.setPassword("abcd!1234"); + } + } + } + + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/da352523/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/MetadataServer.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/MetadataServer.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/MetadataServer.java new file mode 100644 index 0000000..83cc84a --- /dev/null +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/MetadataServer.java @@ -0,0 +1,57 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.jaxrs.security.samlsso; + +import org.apache.cxf.Bus; +import org.apache.cxf.BusFactory; +import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.testutil.common.AbstractBusTestServerBase; +import org.apache.cxf.testutil.common.TestUtil; + +public class MetadataServer extends AbstractBusTestServerBase { + public static final String PORT = TestUtil.getPortNumber("jaxrs-saml"); + private static final String SERVER_CONFIG_FILE = + "org/apache/cxf/systest/jaxrs/security/samlsso/metadata-server.xml"; + + protected void run() { + SpringBusFactory bf = new SpringBusFactory(); + Bus springBus = bf.createBus(SERVER_CONFIG_FILE); + BusFactory.setDefaultBus(springBus); + setBus(springBus); + + try { + new MetadataServer(); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + public static void main(String[] args) { + try { + MetadataServer s = new MetadataServer(); + s.start(); + } catch (Exception ex) { + ex.printStackTrace(); + System.exit(-1); + } finally { + System.out.println("done!"); + } + } +} http://git-wip-us.apache.org/repos/asf/cxf/blob/da352523/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/MetadataTest.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/MetadataTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/MetadataTest.java new file mode 100644 index 0000000..5bb7eec --- /dev/null +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/MetadataTest.java @@ -0,0 +1,72 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.jaxrs.security.samlsso; + +import java.net.URL; +import java.security.cert.X509Certificate; + +import javax.ws.rs.core.Response; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.apache.cxf.jaxrs.client.WebClient; +import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; +import org.apache.xml.security.signature.XMLSignature; +import org.apache.xml.security.utils.Constants; +import org.junit.BeforeClass; + +/** + * Test the SAML SSO Metadata service + */ +public class MetadataTest extends AbstractBusClientServerTestBase { + public static final String PORT = MetadataServer.PORT; + + @BeforeClass + public static void startServers() throws Exception { + assertTrue("server did not launch correctly", + launchServer(MetadataServer.class, true)); + } + + @org.junit.Test + public void testGetMetadata() throws Exception { + URL busFile = MetadataTest.class.getResource("client.xml"); + + String address = "https://localhost:" + PORT + "/sso/metadata"; + WebClient client = WebClient.create(address, busFile.toString()); + client.accept("text/xml"); + + Response response = client.get(); + assertEquals(response.getStatus(), 200); + Document doc = response.readEntity(Document.class); + assertEquals("EntityDescriptor", doc.getDocumentElement().getLocalName()); + + // Now validate the signature + Element signature = + (Element)doc.getElementsByTagNameNS(Constants.SignatureSpecNS, "Signature").item(0); + assertNotNull(signature); + XMLSignature signatureElem = new XMLSignature(signature, ""); + doc.getDocumentElement().setIdAttributeNS(null, "ID", true); + + X509Certificate signingCert = signatureElem.getKeyInfo().getX509Certificate(); + assertNotNull(signingCert); + assertTrue(signatureElem.checkSignatureValue(signingCert)); + } + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/da352523/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/client.xml ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/client.xml b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/client.xml new file mode 100644 index 0000000..13eaea1 --- /dev/null +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/client.xml @@ -0,0 +1,38 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xmlns:sec="http://cxf.apache.org/configuration/security" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/policy http://cxf.apache.org/schemas/poli cy.xsd"> + <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> + <cxf:bus> + <cxf:features> + <cxf:logging/> + </cxf:features> + </cxf:bus> + <http:conduit name="https://localhost.*"> + <http:client ConnectionTimeout="3000000" ReceiveTimeout="3000000"/> + <http:tlsClientParameters disableCNCheck="true"> + <sec:keyManagers keyPassword="password"> + <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks"/> + </sec:keyManagers> + <sec:trustManagers> + <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/> + </sec:trustManagers> + </http:tlsClientParameters> + </http:conduit> +</beans> http://git-wip-us.apache.org/repos/asf/cxf/blob/da352523/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/metadata-server.xml ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/metadata-server.xml b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/metadata-server.xml new file mode 100644 index 0000000..4560069 --- /dev/null +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/samlsso/metadata-server.xml @@ -0,0 +1,60 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxrs="http://cxf.apache.org/jaxrs" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation=" http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd "> + <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> + <cxf:bus> + <cxf:features> + <cxf:logging/> + </cxf:features> + </cxf:bus> + <httpj:engine-factory id="port-9095-tls-config"> + <httpj:engine port="${testutil.ports.jaxrs-saml}"> + <httpj:tlsServerParameters> + <sec:keyManagers keyPassword="password"> + <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks"/> + </sec:keyManagers> + <sec:trustManagers> + <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/> + </sec:trustManagers> + <sec:clientAuthentication want="true" required="true"/> + </httpj:tlsServerParameters> + </httpj:engine> + </httpj:engine-factory> + + <bean id="metadataBean" class="org.apache.cxf.rs.security.saml.sso.MetadataService"> + <property name="serviceAddress" + value="https://localhost:${testutil.ports.jaxrs-saml}/saml-roles"/> + <property name="logoutServiceAddress" + value="https://localhost:${testutil.ports.jaxrs-saml}/sso/logout"/> + <property name="signatureUsername" value="alice"/> + <property name="signaturePropertiesFile" + value="org/apache/cxf/systest/jaxrs/security/alice.properties"/> + <property name="callbackHandlerClass" + value="org.apache.cxf.systest.jaxrs.security.samlsso.KeystorePasswordCallback"/> + </bean> + + <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-saml}/sso" + depends-on="port-9095-tls-config" > + <jaxrs:serviceBeans> + <ref bean="metadataBean"/> + </jaxrs:serviceBeans> + </jaxrs:server> + +</beans>