Repository: cxf Updated Branches: refs/heads/master d1b8ff637 -> dd421381b
Adding custom parameter REST test for the STS Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/dd421381 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/dd421381 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/dd421381 Branch: refs/heads/master Commit: dd421381bcf61ead2a66311f1caf9ebdfcbf06c4 Parents: d1b8ff6 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Tue Apr 4 13:15:51 2017 +0100 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Tue Apr 4 13:15:51 2017 +0100 ---------------------------------------------------------------------- services/sts/systests/advanced/pom.xml | 5 + .../systest/sts/custom/CustomParameterTest.java | 129 +++++++++++++++++++ .../cxf/systest/sts/custom/cxf-sts-common.xml | 4 + .../apache/cxf/systest/sts/custom/cxf-sts.xml | 20 ++- 4 files changed, 157 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/dd421381/services/sts/systests/advanced/pom.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/pom.xml b/services/sts/systests/advanced/pom.xml index e2bb566..419f44c 100644 --- a/services/sts/systests/advanced/pom.xml +++ b/services/sts/systests/advanced/pom.xml @@ -138,6 +138,11 @@ <artifactId>hazelcast-spring</artifactId> <version>${cxf.hazelcast.version}</version> </dependency> + <dependency> + <groupId>com.fasterxml.jackson.jaxrs</groupId> + <artifactId>jackson-jaxrs-json-provider</artifactId> + <scope>test</scope> + </dependency> </dependencies> <build> <testSourceDirectory>${basedir}/src/test/java</testSourceDirectory> http://git-wip-us.apache.org/repos/asf/cxf/blob/dd421381/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomParameterTest.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomParameterTest.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomParameterTest.java index f6ff291..96122ba 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomParameterTest.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomParameterTest.java @@ -20,19 +20,40 @@ package org.apache.cxf.systest.sts.custom; import java.net.URL; import java.util.HashMap; +import java.util.List; import java.util.Map; +import javax.security.auth.callback.CallbackHandler; +import javax.ws.rs.core.Response; +import javax.xml.bind.JAXBElement; import javax.xml.namespace.QName; +import javax.xml.transform.dom.DOMSource; import javax.xml.ws.BindingProvider; import javax.xml.ws.Service; +import org.w3c.dom.Element; + import org.apache.cxf.Bus; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.jaxrs.client.WebClient; import org.apache.cxf.rt.security.SecurityConstants; +import org.apache.cxf.staxutils.W3CDOMStreamWriter; import org.apache.cxf.systest.sts.common.SecurityTestUtil; import org.apache.cxf.systest.sts.common.TokenTestUtils; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; +import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType; +import org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType; import org.apache.cxf.ws.security.trust.STSClient; +import org.apache.cxf.ws.security.trust.STSUtils; +import org.apache.wss4j.common.crypto.Crypto; +import org.apache.wss4j.common.crypto.CryptoFactory; +import org.apache.wss4j.common.saml.SamlAssertionWrapper; +import org.apache.wss4j.common.util.DOM2Writer; +import org.apache.wss4j.dom.WSDocInfo; +import org.apache.wss4j.dom.engine.WSSecurityEngineResult; +import org.apache.wss4j.dom.handler.RequestData; +import org.apache.wss4j.dom.processor.Processor; +import org.apache.wss4j.dom.processor.SAMLTokenProcessor; import org.example.contract.doubleit.DoubleItPortType; import org.junit.BeforeClass; @@ -49,6 +70,9 @@ public class CustomParameterTest extends AbstractBusClientServerTestBase { private static final String PORT = allocatePort(Server.class); + private static final String SAML2_TOKEN_TYPE = + "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"; + @BeforeClass public static void startServers() throws Exception { @@ -262,6 +286,111 @@ public class CustomParameterTest extends AbstractBusClientServerTestBase { bus.shutdown(true); } + @org.junit.Test + public void testCustomParameterToRESTInterface() throws Exception { + + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = CustomParameterTest.class.getResource("cxf-client.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + String address = "https://localhost:" + STSPORT + "/SecurityTokenServiceREST/token"; + WebClient client = WebClient.create(address, busFile.toString()); + + client.type("application/xml").accept("application/xml"); + + // Create RequestSecurityToken + W3CDOMStreamWriter writer = new W3CDOMStreamWriter(); + String namespace = STSUtils.WST_NS_05_12; + writer.writeStartElement("wst", "RequestSecurityToken", namespace); + writer.writeNamespace("wst", namespace); + + writer.writeStartElement("wst", "RequestType", namespace); + writer.writeCharacters(namespace + "/Issue"); + writer.writeEndElement(); + + writer.writeStartElement("wst", "TokenType", namespace); + writer.writeCharacters(SAML2_TOKEN_TYPE); + writer.writeEndElement(); + + writer.writeStartElement("wst", "Claims", namespace); + writer.writeAttribute("Dialect", "http://schemas.xmlsoap.org/ws/2005/05/identity"); + writer.writeStartElement("ic", "ClaimType", "http://schemas.xmlsoap.org/ws/2005/05/identity"); + writer.writeAttribute("Uri", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"); + writer.writeEndElement(); + writer.writeEndElement(); + + // Add custom content to the RST + writer.writeStartElement("", "realm", "http://cxf.apache.org/custom"); + writer.writeCharacters("custom-realm"); + writer.writeEndElement(); + + writer.writeEndElement(); + + Response response = client.post(new DOMSource(writer.getDocument().getDocumentElement())); + + RequestSecurityTokenResponseType securityResponse = + response.readEntity(RequestSecurityTokenResponseType.class); + + Element assertion = validateSAMLSecurityTokenResponse(securityResponse, true); + assertTrue(DOM2Writer.nodeToString(assertion).contains("admin-user")); + + bus.shutdown(true); + } + + private Element validateSAMLSecurityTokenResponse( + RequestSecurityTokenResponseType securityResponse, boolean saml2 + ) throws Exception { + RequestedSecurityTokenType requestedSecurityToken = getRequestedSecurityToken(securityResponse); + assertNotNull(requestedSecurityToken); + + // Process the token + List<WSSecurityEngineResult> results = + processToken((Element)requestedSecurityToken.getAny()); + + assertTrue(results != null && results.size() == 1); + SamlAssertionWrapper assertion = + (SamlAssertionWrapper)results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION); + assertTrue(assertion != null); + if (saml2) { + assertTrue(assertion.getSaml2() != null && assertion.getSaml1() == null); + } else { + assertTrue(assertion.getSaml2() == null && assertion.getSaml1() != null); + } + assertTrue(assertion.isSigned()); + + return (Element)results.get(0).get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT); + } + + private RequestedSecurityTokenType getRequestedSecurityToken(RequestSecurityTokenResponseType securityResponse) { + for (Object obj : securityResponse.getAny()) { + if (obj instanceof JAXBElement<?>) { + JAXBElement<?> jaxbElement = (JAXBElement<?>)obj; + if ("RequestedSecurityToken".equals(jaxbElement.getName().getLocalPart())) { + return (RequestedSecurityTokenType)jaxbElement.getValue(); + } + } + } + return null; + } + + private List<WSSecurityEngineResult> processToken(Element assertionElement) + throws Exception { + RequestData requestData = new RequestData(); + requestData.setDisableBSPEnforcement(true); + CallbackHandler callbackHandler = new org.apache.cxf.systest.sts.common.CommonCallbackHandler(); + requestData.setCallbackHandler(callbackHandler); + Crypto crypto = CryptoFactory.getInstance("serviceKeystore.properties"); + requestData.setDecCrypto(crypto); + requestData.setSigVerCrypto(crypto); + requestData.setWsDocInfo(new WSDocInfo(assertionElement.getOwnerDocument())); + + Processor processor = new SAMLTokenProcessor(); + return processor.handleToken(assertionElement, requestData); + } + private static void doubleIt(DoubleItPortType port, int numToDouble) { int resp = port.doubleIt(numToDouble); assertEquals(numToDouble * 2, resp); http://git-wip-us.apache.org/repos/asf/cxf/blob/dd421381/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-sts-common.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-sts-common.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-sts-common.xml index 84bd04b..26984d8 100644 --- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-sts-common.xml +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-sts-common.xml @@ -126,4 +126,8 @@ <property name="issuer" value="${issuer}"/> <property name="encryptionUsername" value="${encryption.username}"/> </bean> + + <bean id="restSTS" class="org.apache.cxf.sts.rest.RESTSecurityTokenServiceImpl"> + <property name="issueSingleOperation" ref="transportIssueDelegate" /> + </bean> </beans> http://git-wip-us.apache.org/repos/asf/cxf/blob/dd421381/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-sts.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-sts.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-sts.xml index 521716c..a951e4d 100644 --- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-sts.xml +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-sts.xml @@ -17,7 +17,7 @@ specific language governing permissions and limitations under the License. --> -<beans xmlns="http://www.springframework.org/schema/beans" xmlns:cxf="http://cxf.apache.org/core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation=" http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/transports/http-jetty/configuration http://c xf.apache.org/schemas/configuration/http-jetty.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd"> +<beans xmlns="http://www.springframework.org/schema/beans" xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxrs="http://cxf.apache.org/jaxrs" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation=" http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/transports/htt p-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd"> <import resource="./cxf-sts-common.xml" /> @@ -32,6 +32,24 @@ <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/> </jaxws:properties> </jaxws:endpoint> + + <bean id="jsonProvider" class="com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider" /> + + <jaxrs:server id="stsRESTService" + depends-on="ClientAuthHttpsSettings" + address="https://localhost:${testutil.ports.custom.STSServer}/SecurityTokenServiceREST"> + <jaxrs:serviceBeans> + <ref bean="restSTS" /> + </jaxrs:serviceBeans> + <jaxrs:providers> + <ref bean="jsonProvider" /> + </jaxrs:providers> + <jaxrs:extensionMappings> + <entry key="json" value="application/json;charset=UTF-8" /> + <entry key="xml" value="application/xml;charset=UTF-8" /> + </jaxrs:extensionMappings> + </jaxrs:server> + <httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf"> <httpj:engine port="${testutil.ports.custom.STSServer}"> <httpj:tlsServerParameters>