Repository: cxf Updated Branches: refs/heads/2.6.x-fixes 185d7dbc3 -> 7aa3f2da2
Re-enabling SAML tests Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/38d0447c Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/38d0447c Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/38d0447c Branch: refs/heads/2.6.x-fixes Commit: 38d0447c78d55862842b32c04c90382cb0808e4d Parents: 185d7db Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Thu Jun 15 17:54:17 2017 +0100 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Thu Jun 15 17:54:17 2017 +0100 ---------------------------------------------------------------------- .../wssec/examples/saml/SamlTokenTest.java | 89 ++++++++++---------- .../wssec/examples/saml/server/server.xml | 6 ++ 2 files changed, 50 insertions(+), 45 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/38d0447c/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java ---------------------------------------------------------------------- diff --git a/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java b/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java index c25b7cb..4f0eab9 100644 --- a/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java +++ b/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java @@ -37,18 +37,17 @@ import org.apache.cxf.ws.security.trust.STSClient; import org.example.contract.doubleit.DoubleItPortType; import org.junit.BeforeClass; -import org.junit.Ignore; /** * A set of tests for SAML Tokens using policies defined in the OASIS spec: * "WS-SecurityPolicy Examples Version 1.0". */ -@Ignore("invalid") +//@Ignore("invalid") public class SamlTokenTest extends AbstractBusClientServerTestBase { static final String PORT = allocatePort(Server.class); static final String PORT2 = allocatePort(Server.class, 2); static final String STS_PORT = allocatePort(STSServer.class); - + private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt"; private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService"); @@ -67,7 +66,7 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { launchServer(STSServer.class, true) ); } - + @org.junit.AfterClass public static void cleanup() throws Exception { SecurityTestUtil.cleanup(); @@ -90,16 +89,16 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItBearerPort"); - DoubleItPortType samlPort = + DoubleItPortType samlPort = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(samlPort, PORT); - + samlPort.doubleIt(25); - + ((java.io.Closeable)samlPort).close(); bus.shutdown(true); } - + /** * 2.3.1.2 (WSS1.0) SAML1.1 Assertion (Sender Vouches) over SSL */ @@ -116,16 +115,16 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTLSSenderVouchesPort"); - DoubleItPortType samlPort = + DoubleItPortType samlPort = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(samlPort, PORT2); - + samlPort.doubleIt(25); - + ((java.io.Closeable)samlPort).close(); bus.shutdown(true); } - + /** * 2.3.1.3 (WSS1.0) SAML1.1 Assertion (HK) over SSL */ @@ -142,16 +141,16 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTLSHOKSignedEndorsingPort"); - DoubleItPortType samlPort = + DoubleItPortType samlPort = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(samlPort, PORT2); - + samlPort.doubleIt(25); - + ((java.io.Closeable)samlPort).close(); bus.shutdown(true); } - + /** * 2.3.1.4 (WSS1.0) SAML1.1 Sender Vouches with X.509 Certificates, Sign, Optional Encrypt */ @@ -168,16 +167,16 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSignedPort"); - DoubleItPortType samlPort = + DoubleItPortType samlPort = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(samlPort, PORT); - + samlPort.doubleIt(25); - + ((java.io.Closeable)samlPort).close(); bus.shutdown(true); } - + /** * 2.3.1.5 (WSS1.0) SAML1.1 Holder of Key, Sign, Optional Encrypt */ @@ -194,17 +193,17 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricInitiatorPort"); - DoubleItPortType samlPort = + DoubleItPortType samlPort = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(samlPort, PORT); - + samlPort.doubleIt(25); - + ((java.io.Closeable)samlPort).close(); bus.shutdown(true); } - - + + /** * 2.3.2.1 (WSS1.1) SAML 2.0 Bearer */ @@ -221,16 +220,16 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSaml2BearerPort"); - DoubleItPortType samlPort = + DoubleItPortType samlPort = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(samlPort, PORT); - + samlPort.doubleIt(25); - + ((java.io.Closeable)samlPort).close(); bus.shutdown(true); } - + /** * 2.3.2.2 (WSS1.1) SAML2.0 Sender Vouches over SSL */ @@ -247,16 +246,16 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTLSSenderVouchesSaml2Port"); - DoubleItPortType samlPort = + DoubleItPortType samlPort = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(samlPort, PORT2); - + samlPort.doubleIt(25); - + ((java.io.Closeable)samlPort).close(); bus.shutdown(true); } - + /** * 2.3.2.3 (WSS1.1) SAML2.0 HoK over SSL */ @@ -273,16 +272,16 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTLSHOKSignedEndorsingSaml2Port"); - DoubleItPortType samlPort = + DoubleItPortType samlPort = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(samlPort, PORT2); - + samlPort.doubleIt(25); - + ((java.io.Closeable)samlPort).close(); bus.shutdown(true); } - + /** * 2.3.2.4 (WSS1.1) SAML1.1/2.0 Sender Vouches with X.509 Certificate, Sign, Encrypt */ @@ -299,16 +298,16 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricSVPort"); - DoubleItPortType samlPort = + DoubleItPortType samlPort = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(samlPort, PORT); - + samlPort.doubleIt(25); - + ((java.io.Closeable)samlPort).close(); bus.shutdown(true); } - + /** * 2.3.2.5 (WSS1.1) SAML1.1/2.0 Holder of Key, Sign, Encrypt */ @@ -325,17 +324,17 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricIssuedTokenPort"); - DoubleItPortType samlPort = + DoubleItPortType samlPort = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(samlPort, PORT); updateSTSPort((BindingProvider)samlPort, STS_PORT); - + samlPort.doubleIt(25); - + ((java.io.Closeable)samlPort).close(); bus.shutdown(true); } - + private static void updateSTSPort(BindingProvider p, String port) { STSClient stsClient = (STSClient)p.getRequestContext().get(SecurityConstants.STS_CLIENT); if (stsClient != null) { http://git-wip-us.apache.org/repos/asf/cxf/blob/38d0447c/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server/server.xml ---------------------------------------------------------------------- diff --git a/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server/server.xml b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server/server.xml index 98346a4..3d8f70c 100644 --- a/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server/server.xml +++ b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server/server.xml @@ -43,6 +43,10 @@ </cxf:features> </cxf:bus> + <bean id="allowUnsignedBearerAssertions" class="org.apache.ws.security.validate.SamlAssertionValidator"> + <property name="requireBearerSignature" value="false" /> + </bean> + <jaxws:endpoint id="Bearer" address="http://localhost:${testutil.ports.Server}/DoubleItSamlBearer" @@ -52,6 +56,7 @@ implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl"> <jaxws:properties> + <entry key="ws-security.saml1.validator" value-ref="allowUnsignedBearerAssertions"/> </jaxws:properties> </jaxws:endpoint> @@ -131,6 +136,7 @@ <entry key="ws-security.signature.properties" value="bob.properties"/> <entry key="ws-security.encryption.username" value="useReqSigCert"/> <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/> + <entry key="ws-security.saml2.validator" value-ref="allowUnsignedBearerAssertions"/> </jaxws:properties> </jaxws:endpoint>