Repository: cxf-fediz Updated Branches: refs/heads/master 747223b34 -> b64475085
Adding LDAP tests Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/b6447508 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/b6447508 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/b6447508 Branch: refs/heads/master Commit: b644750857574375cac135960adf1f559948dc17 Parents: 747223b Author: Colm O hEigeartaigh <[email protected]> Authored: Wed Oct 26 14:40:21 2016 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Wed Oct 26 14:40:21 2016 +0100 ---------------------------------------------------------------------- .../src/main/webapp/WEB-INF/endpoints/ldap.xml | 6 +- systests/ldap/pom.xml | 300 +++++++++++++++++++ .../cxf/fediz/integrationtests/LDAPTest.java | 274 +++++++++++++++++ .../ldap/src/test/resources/clienttrust.jks | Bin 0 -> 1512 bytes .../ldap/src/test/resources/fediz_config.xml | 61 ++++ systests/ldap/src/test/resources/ldap.jaas | 8 + systests/ldap/src/test/resources/ldap.ldif | 69 +++++ systests/ldap/src/test/resources/server.jks | Bin 0 -> 3859 bytes .../src/test/resources/sts/cxf-transport.xml | 88 ++++++ systests/ldap/src/test/resources/sts/ldap.xml | 117 ++++++++ systests/pom.xml | 1 + 11 files changed, 921 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b6447508/services/sts/src/main/webapp/WEB-INF/endpoints/ldap.xml ---------------------------------------------------------------------- diff --git a/services/sts/src/main/webapp/WEB-INF/endpoints/ldap.xml b/services/sts/src/main/webapp/WEB-INF/endpoints/ldap.xml index 8b36f86..57c5efc 100644 --- a/services/sts/src/main/webapp/WEB-INF/endpoints/ldap.xml +++ b/services/sts/src/main/webapp/WEB-INF/endpoints/ldap.xml @@ -37,8 +37,8 @@ <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource"> <property name="url" value="ldap://localhost:389/"; /> - <property name="userDn" value="uid=admin,ou=system" /> - <property name="password" value="secret" /> + <property name="userDn" value="uid=admin,dc=fediz,dc=org" /> + <property name="password" value="ldap_su" /> </bean> <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate"> @@ -48,7 +48,7 @@ <util:map id="claimsToLdapAttributeMapping"> <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; - value="givenName" /> + value="givenname" /> <entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; value="sn" /> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b6447508/systests/ldap/pom.xml ---------------------------------------------------------------------- diff --git a/systests/ldap/pom.xml b/systests/ldap/pom.xml new file mode 100644 index 0000000..299f5d9 --- /dev/null +++ b/systests/ldap/pom.xml @@ -0,0 +1,300 @@ +<?xml version="1.0"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd";> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>org.apache.cxf.fediz</groupId> + <artifactId>fediz-systests</artifactId> + <version>1.3.2-SNAPSHOT</version> + <relativePath>../pom.xml</relativePath> + </parent> + <groupId>org.apache.cxf.fediz.systests</groupId> + <artifactId>fediz-systests-ldap</artifactId> + <name>Apache Fediz LDAP Systests</name> + <packaging>jar</packaging> + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding> + </properties> + <dependencies> + <dependency> + <groupId>org.apache.tomcat.embed</groupId> + <artifactId>tomcat-embed-core</artifactId> + <version>${tomcat7.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.apache.tomcat.embed</groupId> + <artifactId>tomcat-embed-logging-juli</artifactId> + <version>${tomcat7.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.eclipse.jdt.core.compiler</groupId> + <artifactId>ecj</artifactId> + <version>${ecj.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.apache.tomcat.embed</groupId> + <artifactId>tomcat-embed-jasper</artifactId> + <version>${tomcat7.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <version>${junit.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.apache.cxf.fediz</groupId> + <artifactId>fediz-tomcat7</artifactId> + <version>${project.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.apache.cxf.fediz.systests</groupId> + <artifactId>fediz-systests-tests</artifactId> + <version>${project.version}</version> + <type>test-jar</type> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-api</artifactId> + <version>${slf4j.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-jdk14</artifactId> + <version>${slf4j.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.hsqldb</groupId> + <artifactId>hsqldb</artifactId> + <version>${hsqldb.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.apache.directory.server</groupId> + <artifactId>apacheds-core-annotations</artifactId> + <version>${apacheds.version}</version> + <scope>test</scope> + <exclusions> + <exclusion> + <groupId>bouncycastle</groupId> + <artifactId>bcprov-jdk15</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>org.apache.directory.server</groupId> + <artifactId>apacheds-core-integ</artifactId> + <version>${apacheds.version}</version> + <scope>test</scope> + <exclusions> + <exclusion> + <groupId>bouncycastle</groupId> + <artifactId>bcprov-jdk15</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>org.apache.directory.server</groupId> + <artifactId>apacheds-protocol-shared</artifactId> + <version>${apacheds.version}</version> + <scope>test</scope> + <exclusions> + <exclusion> + <groupId>bouncycastle</groupId> + <artifactId>bcprov-jdk15</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>commons-io</groupId> + <artifactId>commons-io</artifactId> + <version>${commons.io.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.bouncycastle</groupId> + <artifactId>bcprov-jdk15on</artifactId> + <scope>test</scope> + <version>${bcprov.version}</version> + </dependency> + + </dependencies> + <build> + <testResources> + <testResource> + <directory>src/test/resources</directory> + <filtering>true</filtering> + <includes> + <include>**/fediz_config*.xml</include> + </includes> + </testResource> + <testResource> + <directory>src/test/resources</directory> + <filtering>false</filtering> + <excludes> + <exclude>**/fediz_config*.xml</exclude> + </excludes> + </testResource> + </testResources> + <plugins> + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>build-helper-maven-plugin</artifactId> + <executions> + <execution> + <id>reserve-network-port</id> + <goals> + <goal>reserve-network-port</goal> + </goals> + <phase>initialize</phase> + <configuration> + <portNames> + <portName>idp.https.port</portName> + <portName>rp.https.port</portName> + </portNames> + </configuration> + </execution> + </executions> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-dependency-plugin</artifactId> + <executions> + <execution> + <id>copy-idp-sts</id> + <phase>generate-resources</phase> + <goals> + <goal>unpack</goal> + </goals> + <configuration> + <artifactItems> + <artifactItem> + <groupId>org.apache.cxf.fediz</groupId> + <artifactId>fediz-idp</artifactId> + <version>${project.version}</version> + <type>war</type> + <overWrite>true</overWrite> + <outputDirectory>target/tomcat/idp/webapps/fediz-idp</outputDirectory> + </artifactItem> + <artifactItem> + <groupId>org.apache.cxf.fediz</groupId> + <artifactId>fediz-idp-sts</artifactId> + <version>${project.version}</version> + <type>war</type> + <overWrite>true</overWrite> + <outputDirectory>target/tomcat/idp/webapps/fediz-idp-sts</outputDirectory> + </artifactItem> + <artifactItem> + <groupId>org.apache.cxf.fediz.systests.webapps</groupId> + <artifactId>fediz-systests-webapps-simple</artifactId> + <version>${project.version}</version> + <type>war</type> + <overWrite>true</overWrite> + <outputDirectory>target/tomcat/rp/webapps/simpleWebapp</outputDirectory> + </artifactItem> + </artifactItems> + <outputAbsoluteArtifactFilename>true</outputAbsoluteArtifactFilename> + <overWriteSnapshots>true</overWriteSnapshots> + <overWriteIfNewer>true</overWriteIfNewer> + <stripVersion>true</stripVersion> + </configuration> + </execution> + </executions> + </plugin> + <plugin> + <artifactId>maven-resources-plugin</artifactId> + <version>2.7</version> + <executions> + <execution> + <id>copy-entities-to-sts</id> + <phase>generate-test-sources</phase> + <goals> + <goal>copy-resources</goal> + </goals> + <configuration> + <outputDirectory>${basedir}/target/tomcat/idp/webapps/fediz-idp-sts/WEB-INF</outputDirectory> + <resources> + <resource> + <directory>${basedir}/src/test/resources/sts</directory> + <includes> + <include>cxf-transport.xml</include> + </includes> + <filtering>true</filtering> + </resource> + </resources> + </configuration> + </execution> + </executions> + </plugin> + <plugin> + <artifactId>maven-failsafe-plugin</artifactId> + <inherited>true</inherited> + <executions> + <execution> + <id>integration-test</id> + <phase>integration-test</phase> + <goals> + <goal>integration-test</goal> + </goals> + <configuration> + <skip>${skipTests}</skip> + <systemPropertyVariables> + <wt.headless>true</wt.headless> + <idp.https.port>${idp.https.port}</idp.https.port> + <rp.https.port>${rp.https.port}</rp.https.port> + </systemPropertyVariables> + <includes> + <include>**/integrationtests/**</include> + </includes> + <argLine>-Xms512m -Xmx1024m + -XX:MaxPermSize=256m</argLine> + </configuration> + </execution> + <execution> + <id>verify</id> + <phase>verify</phase> + <goals> + <goal>verify</goal> + </goals> + </execution> + </executions> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-surefire-plugin</artifactId> + <inherited>true</inherited> + <configuration> + <excludes> + <exclude>**/integrationtests/**</exclude> + </excludes> + </configuration> + </plugin> + </plugins> + </build> +</project> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b6447508/systests/ldap/src/test/java/org/apache/cxf/fediz/integrationtests/LDAPTest.java ---------------------------------------------------------------------- diff --git a/systests/ldap/src/test/java/org/apache/cxf/fediz/integrationtests/LDAPTest.java b/systests/ldap/src/test/java/org/apache/cxf/fediz/integrationtests/LDAPTest.java new file mode 100644 index 0000000..906d431 --- /dev/null +++ b/systests/ldap/src/test/java/org/apache/cxf/fediz/integrationtests/LDAPTest.java @@ -0,0 +1,274 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.fediz.integrationtests; + + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.IOException; + +import javax.servlet.ServletException; + +import org.apache.catalina.Context; +import org.apache.catalina.LifecycleException; +import org.apache.catalina.LifecycleState; +import org.apache.catalina.connector.Connector; +import org.apache.catalina.startup.Tomcat; +import org.apache.commons.io.IOUtils; +import org.apache.cxf.fediz.core.ClaimTypes; +import org.apache.cxf.fediz.tomcat7.FederationAuthenticator; +import org.apache.directory.server.annotations.CreateLdapServer; +import org.apache.directory.server.annotations.CreateTransport; +import org.apache.directory.server.core.annotations.ApplyLdifFiles; +import org.apache.directory.server.core.annotations.CreateDS; +import org.apache.directory.server.core.annotations.CreateIndex; +import org.apache.directory.server.core.annotations.CreatePartition; +import org.apache.directory.server.core.integ.AbstractLdapTestUnit; +import org.apache.directory.server.core.integ.FrameworkRunner; +import org.apache.wss4j.dom.engine.WSSConfig; +import org.junit.After; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; + +/** + * A test that configures the STS to authenticate user (and retrieve claims) from an LDAP backend. + */ + +@RunWith(FrameworkRunner.class) + +//Define the DirectoryService +@CreateDS(name = "LDAPTest-class", + enableAccessControl = false, + allowAnonAccess = false, + enableChangeLog = true, + partitions = { + @CreatePartition( + name = "fediz", + suffix = "dc=fediz,dc=org", + indexes = { + @CreateIndex(attribute = "objectClass"), + @CreateIndex(attribute = "dc"), + @CreateIndex(attribute = "ou") + } + ) } + ) + +@CreateLdapServer( + transports = { + @CreateTransport(protocol = "LDAP", address = "localhost") + } + ) + +//Inject an file containing entries +@ApplyLdifFiles("ldap.ldif") + +public class LDAPTest extends AbstractLdapTestUnit { + + static String idpHttpsPort; + static String rpHttpsPort; + + private static Tomcat idpServer; + private static Tomcat rpServer; + private static boolean portUpdated; + + @Before + public void init() throws Exception { + System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog"); + System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true"); + System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "info"); + System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", "info"); + System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info"); + System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info"); + System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info"); + System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info"); + + idpHttpsPort = System.getProperty("idp.https.port"); + Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort); + rpHttpsPort = System.getProperty("rp.https.port"); + Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort); + + WSSConfig.init(); + + updatePort(); + + idpServer = startServer(true, idpHttpsPort); + rpServer = startServer(false, rpHttpsPort); + } + + public void updatePort() throws Exception { + if (!portUpdated) { + String basedir = System.getProperty("basedir"); + if (basedir == null) { + basedir = new File(".").getCanonicalPath(); + } + + // Read in ldap.xml and substitute in the correct port + File f = new File(basedir + "/src/test/resources/sts/ldap.xml"); + + FileInputStream inputStream = new FileInputStream(f); + String content = IOUtils.toString(inputStream, "UTF-8"); + inputStream.close(); + content = content.replaceAll("portno", "" + super.getLdapServer().getPort()); + + File f2 = new File(basedir + "/target/tomcat/idp/webapps/fediz-idp-sts/WEB-INF/endpoints/ldap.xml"); + try (FileOutputStream outputStream = new FileOutputStream(f2)) { + IOUtils.write(content, outputStream, "UTF-8"); + } + + // Read in ldap.jaas and substitute in the correct port + f = new File(basedir + "/src/test/resources/ldap.jaas"); + + inputStream = new FileInputStream(f); + content = IOUtils.toString(inputStream, "UTF-8"); + inputStream.close(); + content = content.replaceAll("portno", "" + super.getLdapServer().getPort()); + + f2 = new File(basedir + "/target/test-classes/ldap.jaas"); + try (FileOutputStream outputStream = new FileOutputStream(f2)) { + IOUtils.write(content, outputStream, "UTF-8"); + } + + portUpdated = true; + } + + System.setProperty("java.security.auth.login.config", "target/test-classes/ldap.jaas"); + } + + private static Tomcat startServer(boolean idp, String port) + throws ServletException, LifecycleException, IOException { + Tomcat server = new Tomcat(); + server.setPort(0); + String currentDir = new File(".").getCanonicalPath(); + String baseDir = currentDir + File.separator + "target"; + server.setBaseDir(baseDir); + + if (idp) { + server.getHost().setAppBase("tomcat/idp/webapps"); + } else { + server.getHost().setAppBase("tomcat/rp/webapps"); + } + server.getHost().setAutoDeploy(true); + server.getHost().setDeployOnStartup(true); + + Connector httpsConnector = new Connector(); + httpsConnector.setPort(Integer.parseInt(port)); + httpsConnector.setSecure(true); + httpsConnector.setScheme("https"); + //httpsConnector.setAttribute("keyAlias", keyAlias); + httpsConnector.setAttribute("keystorePass", "tompass"); + httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks"); + httpsConnector.setAttribute("truststorePass", "tompass"); + httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks"); + httpsConnector.setAttribute("clientAuth", "want"); + // httpsConnector.setAttribute("clientAuth", "false"); + httpsConnector.setAttribute("sslProtocol", "TLS"); + httpsConnector.setAttribute("SSLEnabled", true); + + server.getService().addConnector(httpsConnector); + + if (idp) { + File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts"); + server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath()); + + File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp"); + server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath()); + } else { + File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp"); + Context cxt = server.addWebapp("/fedizhelloworld", rpWebapp.getAbsolutePath()); + + FederationAuthenticator fa = new FederationAuthenticator(); + fa.setConfigFile(currentDir + File.separator + "target" + File.separator + + "test-classes" + File.separator + "fediz_config.xml"); + cxt.getPipeline().addValve(fa); + } + + server.start(); + + return server; + } + + @After + public void cleanup() { + shutdownServer(idpServer); + shutdownServer(rpServer); + } + + private static void shutdownServer(Tomcat server) { + try { + if (server != null && server.getServer() != null + && server.getServer().getState() != LifecycleState.DESTROYED) { + if (server.getServer().getState() != LifecycleState.STOPPED) { + server.stop(); + } + server.destroy(); + } + } catch (Exception e) { + e.printStackTrace(); + } + } + + public String getIdpHttpsPort() { + return idpHttpsPort; + } + + public String getRpHttpsPort() { + return rpHttpsPort; + } + + public String getServletContextName() { + return "fedizhelloworld"; + } + + @Test + public void testLDAP() throws Exception { + String url = "https://localhost:"; + getRpHttpsPort() + "/" + getServletContextName() + + "/secure/fedservlet"; + String user = "alice"; + String password = "ecila"; + + final String bodyTextContent = + HTTPTestUtils.login(url, user, password, getIdpHttpsPort()); + + Assert.assertTrue("Principal not " + user, + bodyTextContent.contains("userPrincipal=" + user)); + Assert.assertTrue("User " + user + " does not have role Admin", + bodyTextContent.contains("role:Admin=false")); + Assert.assertTrue("User " + user + " does not have role Manager", + bodyTextContent.contains("role:Manager=false")); + Assert.assertTrue("User " + user + " must have role User", + bodyTextContent.contains("role:User=true")); + + String claim = ClaimTypes.FIRSTNAME.toString(); + Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'", + bodyTextContent.contains(claim + "=Alice")); + claim = ClaimTypes.LASTNAME.toString(); + Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'", + bodyTextContent.contains(claim + "=Smith")); + claim = ClaimTypes.EMAILADDRESS.toString(); + Assert.assertTrue("User " + user + " claim " + claim + " is not '[email protected]'", + bodyTextContent.contains(claim + "[email protected]")); + + } + + +} http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b6447508/systests/ldap/src/test/resources/clienttrust.jks ---------------------------------------------------------------------- diff --git a/systests/ldap/src/test/resources/clienttrust.jks b/systests/ldap/src/test/resources/clienttrust.jks new file mode 100644 index 0000000..c3ad459 Binary files /dev/null and b/systests/ldap/src/test/resources/clienttrust.jks differ http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b6447508/systests/ldap/src/test/resources/fediz_config.xml ---------------------------------------------------------------------- diff --git a/systests/ldap/src/test/resources/fediz_config.xml b/systests/ldap/src/test/resources/fediz_config.xml new file mode 100644 index 0000000..dc30ea6 --- /dev/null +++ b/systests/ldap/src/test/resources/fediz_config.xml @@ -0,0 +1,61 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<!-- Place in Tomcat conf folder or other location as designated in this sample's webapp/META-INF/context.xml file. + Keystore referenced below must have IDP STS' public cert included in it. This example re-uses the Tomcat SSL + keystore (tomcat-rp.jks) for this task; alternatively you may wish to use a Fediz-specific keystore instead. +--> +<FedizConfig> + <contextConfig name="/fedizhelloworld"> + <audienceUris> + <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem> + </audienceUris> + <certificateStores> + <trustManager> + <keyStore file="test-classes/clienttrust.jks" + password="storepass" type="JKS" /> + </trustManager> + </certificateStores> + <trustedIssuers> + <issuer certificateValidation="PeerTrust" /> + </trustedIssuers> + <maximumClockSkew>1000</maximumClockSkew> + <signingKey keyAlias="mytomidpkey" keyPassword="tompass"> + <keyStore file="test-classes/server.jks" password="tompass" type="JKS" /> + </signingKey> + <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:type="federationProtocolType" version="1.0.0"> + <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm> + <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer> + <roleDelimiter>,</roleDelimiter> + <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI> + <freshness>10</freshness> + <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-A</homeRealm> + <claimTypesRequested> + <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; optional="false" /> + <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; optional="true" /> + <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; optional="true" /> + <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; optional="true" /> + </claimTypesRequested> + </protocol> + <logoutURL>/secure/logout</logoutURL> + <logoutRedirectTo>/index.html</logoutRedirectTo> + </contextConfig> +</FedizConfig> + http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b6447508/systests/ldap/src/test/resources/ldap.jaas ---------------------------------------------------------------------- diff --git a/systests/ldap/src/test/resources/ldap.jaas b/systests/ldap/src/test/resources/ldap.jaas new file mode 100644 index 0000000..1b11e06 --- /dev/null +++ b/systests/ldap/src/test/resources/ldap.jaas @@ -0,0 +1,8 @@ +LDAP { + com.sun.security.auth.module.LdapLoginModule REQUIRED + userProvider="ldap://localhost:portno/"; + authIdentity="cn={USERNAME},ou=users,dc=fediz,dc=org" + useSSL=false + debug=true; +}; + http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b6447508/systests/ldap/src/test/resources/ldap.ldif ---------------------------------------------------------------------- diff --git a/systests/ldap/src/test/resources/ldap.ldif b/systests/ldap/src/test/resources/ldap.ldif new file mode 100644 index 0000000..e2483ad --- /dev/null +++ b/systests/ldap/src/test/resources/ldap.ldif @@ -0,0 +1,69 @@ +dn: dc=fediz,dc=org +dc: fediz +objectClass: top +objectClass: domain + +dn: ou=users,dc=fediz,dc=org +objectClass: organizationalUnit +objectClass: top +ou: users + +dn: ou=groups,dc=fediz,dc=org +objectClass: top +objectClass: organizationalUnit +ou: groups + +dn: cn=User,ou=groups,dc=fediz,dc=org +objectClass: groupOfNames +objectClass: top +cn: User +member: cn=alice,ou=users,dc=fediz,dc=org +member: cn=bob,ou=users,dc=fediz,dc=org +description: This is a User + +dn: cn=Manager,ou=groups,dc=fediz,dc=org +objectClass: groupOfNames +objectClass: top +cn: Manager +businessCategory: widgets +member: cn=bob,ou=users,dc=fediz,dc=org +description: The boss + +# Web server identity/service principal. +dn: cn=bob,ou=users,dc=fediz,dc=org +objectclass: top +objectclass: person +objectclass: inetOrgPerson +objectclass: organizationalPerson +cn: bob +sn: Windsor +uid: bob +mail: [email protected] +givenname: bob +userpassword: bob + +# User / client principal. +dn: cn=alice,ou=users,dc=fediz,dc=org +objectclass: top +objectclass: person +objectclass: inetOrgPerson +objectclass: organizationalPerson +cn: alice +sn: Smith +uid: alice +givenname: Alice +userpassword: ecila +mail: [email protected] + +dn: uid=admin,dc=fediz,dc=org +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +cn: system administrator +sn: administrator +displayName: Directory Superuser +uid: admin +userPassword:: e1NTSEF9c2UyV0ZiWHowL2RjSkVuTWgvOWNOZnIzUXU4YUg1R1gvM2E1OFE9P + Q== + http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b6447508/systests/ldap/src/test/resources/server.jks ---------------------------------------------------------------------- diff --git a/systests/ldap/src/test/resources/server.jks b/systests/ldap/src/test/resources/server.jks new file mode 100644 index 0000000..c9c2ce2 Binary files /dev/null and b/systests/ldap/src/test/resources/server.jks differ http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b6447508/systests/ldap/src/test/resources/sts/cxf-transport.xml ---------------------------------------------------------------------- diff --git a/systests/ldap/src/test/resources/sts/cxf-transport.xml b/systests/ldap/src/test/resources/sts/cxf-transport.xml new file mode 100644 index 0000000..bf9bd1e --- /dev/null +++ b/systests/ldap/src/test/resources/sts/cxf-transport.xml @@ -0,0 +1,88 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans"; + xmlns:cxf="http://cxf.apache.org/core"; + xmlns:jaxws="http://cxf.apache.org/jaxws"; + xmlns:test="http://apache.org/hello_world_soap_http"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xmlns:util="http://www.springframework.org/schema/util"; + xmlns:http="http://cxf.apache.org/transports/http/configuration"; + xmlns:sec="http://cxf.apache.org/configuration/security"; + xsi:schemaLocation=" + http://cxf.apache.org/core + http://cxf.apache.org/schemas/core.xsd + http://www.springframework.org/schema/beans + http://www.springframework.org/schema/beans/spring-beans-2.0.xsd + http://cxf.apache.org/jaxws + http://cxf.apache.org/schemas/jaxws.xsd + http://www.springframework.org/schema/util + http://www.springframework.org/schema/util/spring-util-2.0.xsd + http://cxf.apache.org/transports/http/configuration + http://cxf.apache.org/schemas/configuration/http-conf.xsd + http://cxf.apache.org/configuration/security + http://cxf.apache.org/schemas/configuration/security.xsd";> + + <import resource="classpath:META-INF/cxf/cxf.xml" /> + + <import resource="data/realms.xml" /> + <import resource="fediz-sts.xml" /> + + <!-- Per default the resource <file.xml> is imported. + If built with Maven Profile 'ldap', the resource <ldap.xml> is imported --> + <import resource="./endpoints/ldap.xml" /> + + <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> + <property name="location" value="classpath:./sts.properties"/> + </bean> + + <bean id="customRealmParser" class="org.apache.cxf.fediz.service.sts.realms.UriRealmParser" > + <property name="realmMap" ref="realms" /> + </bean> + + <bean id="samlRealmCodec" + class="org.apache.cxf.fediz.service.sts.realms.SamlRealmCodec" /> + + <bean id="transportSTSProperties" class="org.apache.cxf.sts.StaticSTSProperties"> + <property name="callbackHandlerClass" value="${callback.handler}" /> + <property name="issuer" value="${issuer}" /> + <property name="realmParser" ref="customRealmParser" /> + <property name="signatureCryptoProperties" value="${signature.properties}" /> + <property name="relationships" ref="relationships" /> + <property name="samlRealmCodec" ref="samlRealmCodec" /> + </bean> + + <jaxws:endpoint id="transportSTSRealmA" implementor="#transportSTSProviderBean" + address="/REALMA/STSServiceTransport" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl" + xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; + serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Port"> + <jaxws:properties> + </jaxws:properties> + </jaxws:endpoint> + + <jaxws:endpoint id="transportSTSRealmB" implementor="#transportSTSProviderBean" + address="/REALMB/STSServiceTransport" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl" + xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; + serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Port"> + <jaxws:properties> + </jaxws:properties> + </jaxws:endpoint> + +</beans> + http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b6447508/systests/ldap/src/test/resources/sts/ldap.xml ---------------------------------------------------------------------- diff --git a/systests/ldap/src/test/resources/sts/ldap.xml b/systests/ldap/src/test/resources/sts/ldap.xml new file mode 100644 index 0000000..aff850f --- /dev/null +++ b/systests/ldap/src/test/resources/sts/ldap.xml @@ -0,0 +1,117 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xmlns:util="http://www.springframework.org/schema/util"; + xmlns:jaxws="http://cxf.apache.org/jaxws"; + xsi:schemaLocation=" + http://www.springframework.org/schema/beans + http://www.springframework.org/schema/beans/spring-beans-2.0.xsd + http://www.springframework.org/schema/util + http://www.springframework.org/schema/util/spring-util-2.0.xsd + http://cxf.apache.org/jaxws + http://cxf.apache.org/schemas/jaxws.xsd";> + + <util:list id="claimHandlerList"> + <ref bean="userClaimsHandler" /> + <ref bean="groupClaimsHandler" /> + </util:list> + + <bean id="contextSource" + class="org.springframework.ldap.core.support.LdapContextSource"> + <property name="url" value="ldap://localhost:portno/"; /> + <property name="userDn" value="uid=admin,dc=fediz,dc=org" /> + <property name="password" value="ldap_su" /> + </bean> + + <bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate"> + <constructor-arg ref="contextSource" /> + </bean> + + <util:map id="claimsToLdapAttributeMapping"> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"; + value="givenname" /> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"; + value="sn" /> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"; + value="mail" /> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country"; + value="c" /> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode"; + value="postalCode" /> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress"; + value="postalAddress" /> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality"; + value="town" /> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince"; + value="st" /> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender"; + value="gender" /> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth"; + value="dateofbirth" /> + <entry + key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"; + value="member" /> + </util:map> + + <bean id="userClaimsHandler" class="org.apache.cxf.sts.claims.LdapClaimsHandler"> + <property name="ldapTemplate" ref="ldapTemplate" /> + <property name="claimsLdapAttributeMapping" ref="claimsToLdapAttributeMapping" /> + <property name="userBaseDN" value="ou=users,dc=fediz,dc=org" /> + <property name="userNameAttribute" value="uid" /> + </bean> + + <util:map id="appliesToScopeMapping"> + <entry key="urn:org:apache:cxf:fediz:fedizhelloworld" + value="Example" /> + </util:map> + + <bean id="groupClaimsHandler" class="org.apache.cxf.sts.claims.LdapGroupClaimsHandler"> + <property name="ldapTemplate" ref="ldapTemplate" /> + <property name="userBaseDN" value="ou=users,dc=fediz,dc=org" /> + <property name="groupBaseDN" value="ou=groups,dc=fediz,dc=org" /> + <property name="appliesToScopeMapping" ref="appliesToScopeMapping" /> + <property name="userNameAttribute" value="uid" /> + </bean> + + <jaxws:endpoint id="transportSTS1" implementor="#transportSTSProviderBean" + address="/REALMA/STSServiceTransportUT" wsdlLocation="/WEB-INF/wsdl/ws-trust-1.4-service.wsdl" + xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; + serviceName="ns1:SecurityTokenService" endpointName="ns1:TransportUT_Port"> + <jaxws:properties> + <entry key="ws-security.ut.validator"> + <bean class="org.apache.wss4j.dom.validate.JAASUsernameTokenValidator"> + <property name="contextName" value="LDAP" /> + </bean> + </entry> + </jaxws:properties> + </jaxws:endpoint> + +</beans> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/b6447508/systests/pom.xml ---------------------------------------------------------------------- diff --git a/systests/pom.xml b/systests/pom.xml index 0bd659e..ada0cf2 100644 --- a/systests/pom.xml +++ b/systests/pom.xml @@ -42,6 +42,7 @@ <module>cxf</module> <module>federation</module> <module>kerberos</module> + <module>ldap</module> <module>oidc</module> <module>samlsso</module> </modules>
