Improve testing of STS intermediary caching # Conflicts: # services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryCachingPortTypeImpl.java # services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryTransformationCachingTest.java
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b87d7081 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b87d7081 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b87d7081 Branch: refs/heads/3.1.x-fixes Commit: b87d708115d8b3ee47020939ddbf7f7d37860aae Parents: 6c70b02 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Wed May 24 17:52:06 2017 +0100 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Wed May 24 17:53:31 2017 +0100 ---------------------------------------------------------------------- .../DoubleItPortTypeImpl.java | 70 ++++++++++++++++++++ .../IntermediaryCachingPortTypeImpl.java | 6 +- .../IntermediaryTransformationCachingTest.java | 62 ++++++++++------- .../cxf-intermediary-caching.xml | 4 -- .../intermediary_transformation/cxf-service.xml | 3 +- 5 files changed, 113 insertions(+), 32 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/b87d7081/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/DoubleItPortTypeImpl.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/DoubleItPortTypeImpl.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/DoubleItPortTypeImpl.java new file mode 100644 index 0000000..42c02f5 --- /dev/null +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/DoubleItPortTypeImpl.java @@ -0,0 +1,70 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.systest.sts.intermediary_transformation; + +import java.security.Principal; +import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; + +import javax.annotation.Resource; +import javax.jws.WebService; +import javax.xml.ws.WebServiceContext; + +import org.apache.cxf.feature.Features; +import org.example.contract.doubleit.DoubleItPortType; +import org.junit.Assert; + +@WebService(targetNamespace = "http://www.example.org/contract/DoubleIt", + serviceName = "DoubleItService", + endpointInterface = "org.example.contract.doubleit.DoubleItPortType") +@Features(features = "org.apache.cxf.feature.LoggingFeature") +/** + * A PortType implementation that only allows a user call it twice. This is to test the caching logic + * of the intermediary. + */ +public class DoubleItPortTypeImpl implements DoubleItPortType { + + @Resource + WebServiceContext wsContext; + + private Map<String, Integer> userCount = new ConcurrentHashMap<>(); + + public int doubleIt(int numberToDouble) { + Principal pr = wsContext.getUserPrincipal(); + + Assert.assertNotNull("Principal must not be null", pr); + Assert.assertNotNull("Principal.getName() must not return null", pr.getName()); + + // Test caching logic here + updateCache(pr.getName()); + + return numberToDouble * 2; + } + + private void updateCache(String user) { + if (userCount.containsKey(user)) { + if (userCount.get(user) > 2) { + throw new RuntimeException("Only two iterations allowed"); + } + userCount.put(user, userCount.get(user) + 1); + } else { + userCount.put(user, 1); + } + } +} http://git-wip-us.apache.org/repos/asf/cxf/blob/b87d7081/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryCachingPortTypeImpl.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryCachingPortTypeImpl.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryCachingPortTypeImpl.java index add6aeb..e764864 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryCachingPortTypeImpl.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryCachingPortTypeImpl.java @@ -91,9 +91,9 @@ public class IntermediaryCachingPortTypeImpl extends AbstractBusClientServerTest Assert.assertNotNull("Principal must not be null", pr); Assert.assertNotNull("Principal.getName() must not return null", pr.getName()); // Assert.assertTrue("Principal must be alice", pr.getName().contains("alice")); - - // Disable the STSClient after the first invocation - if (i > 0) { + + // Disable the STSClient after the second invocation + if (i > 1) { BindingProvider p = (BindingProvider)transportPort; STSClient stsClient = new STSClient(null); stsClient.setOnBehalfOf(new ReceivedTokenCallbackHandler()); http://git-wip-us.apache.org/repos/asf/cxf/blob/b87d7081/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryTransformationCachingTest.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryTransformationCachingTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryTransformationCachingTest.java index 31a3958..2aa6db1 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryTransformationCachingTest.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/intermediary_transformation/IntermediaryTransformationCachingTest.java @@ -37,11 +37,10 @@ import org.junit.BeforeClass; /** * In this test case, a CXF client sends a Username Token via (1-way) TLS to a STS instance, and - * receives a (HOK) SAML 1.1 Assertion. This is then sent via (1-way) TLS to an Intermediary - * service provider. The intermediary service provider validates the token, and then the - * Intermediary client uses delegation to dispatch the received token (via OnBehalfOf) to another - * STS instance. After this point, the STSClient is disabled, meaning that the Intermediary client must rely - * on its cache to get tokens. The retrieved token is sent to the service provider via (2-way) TLS. + * service provider. The intermediary service provider validates the token, and then the + * Intermediary client uses delegation to dispatch the received token (via OnBehalfOf) to another + * STS instance. The retrieved token is sent to the service provider via (2-way) TLS. The STSClient is disabled + * after two invocations, meaning that the Intermediary client must rely on its cache to get tokens. */ public class IntermediaryTransformationCachingTest extends AbstractBusClientServerTestBase { @@ -93,35 +92,50 @@ public class IntermediaryTransformationCachingTest extends AbstractBusClientServ URL wsdl = IntermediaryTransformationCachingTest.class.getResource("DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML1EndorsingPort"); - DoubleItPortType transportPort = + DoubleItPortType alicePort = service.getPort(portQName, DoubleItPortType.class); - updateAddressPort(transportPort, PORT); - - TokenTestUtils.updateSTSPort((BindingProvider)transportPort, STSPORT); + updateAddressPort(alicePort, PORT); + + TokenTestUtils.updateSTSPort((BindingProvider)alicePort, STSPORT); + + ((BindingProvider)alicePort).getRequestContext().put(SecurityConstants.USERNAME, "alice"); - ((BindingProvider)transportPort).getRequestContext().put(SecurityConstants.USERNAME, "alice"); - // Make initial successful invocation (for "alice") - doubleIt(transportPort, 25); + doubleIt(alicePort, 25); - // Make another invocation - this should work as the intermediary caches the token - // even though its STSClient is disabled after the first invocation - doubleIt(transportPort, 30); - - transportPort = service.getPort(portQName, DoubleItPortType.class); - updateAddressPort(transportPort, PORT); - TokenTestUtils.updateSTSPort((BindingProvider)transportPort, STSPORT); + // Make another successful invocation for "bob" + DoubleItPortType bobPort = service.getPort(portQName, DoubleItPortType.class); + updateAddressPort(bobPort, PORT); + TokenTestUtils.updateSTSPort((BindingProvider)bobPort, STSPORT); + + ((BindingProvider)bobPort).getRequestContext().put(SecurityConstants.USERNAME, "bob"); + doubleIt(bobPort, 30); - ((BindingProvider)transportPort).getRequestContext().put(SecurityConstants.USERNAME, "bob"); + // Make another invocation for "bob" - this should work as the intermediary caches the token + // even though its STSClient is disabled after the second invocation + doubleIt(bobPort, 35); - // Make invocation for "bob"...this should fail as the intermediary's STS client is disabled + // Make another invocation for "alice" - this should work as the intermediary caches the token + // even though its STSClient is disabled after the first invocation + doubleIt(alicePort, 40); + + // Now make an invocation for "myservicekey" + DoubleItPortType servicePort = service.getPort(portQName, DoubleItPortType.class); + updateAddressPort(servicePort, PORT); + TokenTestUtils.updateSTSPort((BindingProvider)servicePort, STSPORT); + + ((BindingProvider)servicePort).getRequestContext().put(SecurityConstants.USERNAME, "myservicekey"); + + // Make invocation for "myservicekey"...this should fail as the intermediary's STS client is disabled try { - doubleIt(transportPort, 35); + doubleIt(servicePort, 45); } catch (SOAPFaultException ex) { // expected } - - ((java.io.Closeable)transportPort).close(); + + ((java.io.Closeable)alicePort).close(); + ((java.io.Closeable)bobPort).close(); + ((java.io.Closeable)servicePort).close(); bus.shutdown(true); } http://git-wip-us.apache.org/repos/asf/cxf/blob/b87d7081/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml index 5690484..a35b93b 100644 --- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-intermediary-caching.xml @@ -42,7 +42,6 @@ </httpj:engine> </httpj:engine-factory> <bean id="delegationCallbackHandler" class="org.apache.cxf.ws.security.trust.delegation.ReceivedTokenCallbackHandler"/> - <bean id="defaultTokenStore" class="org.apache.cxf.ws.security.tokenstore.MemoryTokenStore"/> <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2Port" createdFromAPI="true"> <jaxws:properties> <entry key="security.sts.client"> @@ -63,9 +62,6 @@ </property> </bean> </entry> - <entry key="org.apache.cxf.ws.security.tokenstore.TokenStore"> - <ref bean="defaultTokenStore"/> - </entry> <entry key="ws-security.cache.issued.token.in.endpoint" value="false"/> </jaxws:properties> </jaxws:client> http://git-wip-us.apache.org/repos/asf/cxf/blob/b87d7081/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-service.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-service.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-service.xml index 9bc424e..978c7b6 100644 --- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-service.xml +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/intermediary_transformation/cxf-service.xml @@ -24,7 +24,8 @@ <cxf:logging/> </cxf:features> </cxf:bus> - <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml2" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML2Port" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.intermediary_transformation.Server.2}/doubleit/services/doubleittransportsaml2" wsdlLocation="org/apache/cxf/systest/sts/intermediary_transformation/DoubleIt.wsdl"> + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml2" + implementor="org.apache.cxf.systest.sts.intermediary_transformation.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML2Port" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.intermediary_transformation.Server.2}/doubleit/services/doubleittransportsaml2" wsdlLocation="org/apache/cxf/systest/sts/intermediary_transformation/DoubleIt.wsdl"> <jaxws:properties> <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/> <entry key="security.signature.properties" value="serviceKeystore.properties"/>