Repository: cxf Updated Branches: refs/heads/master 29f0620a9 -> 6233ee16b
Some more kerberos stuff Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6233ee16 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6233ee16 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6233ee16 Branch: refs/heads/master Commit: 6233ee16bd88430f18e60f1733d0a89472b83a76 Parents: 89dda2e Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Wed Dec 3 11:34:50 2014 +0000 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Wed Dec 3 11:35:07 2014 +0000 ---------------------------------------------------------------------- services/sts/systests/advanced/pom.xml | 6 - .../systest/sts/kerberos/KerberosTokenTest.java | 137 ------------------- .../cxf/systest/sts/kerberos/cxf-client.xml | 67 --------- .../wssec/kerberos/KerberosTokenTest.java | 8 +- .../kerberos/wssec/spnego/SpnegoTokenTest.java | 6 +- 5 files changed, 7 insertions(+), 217 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/6233ee16/services/sts/systests/advanced/pom.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/pom.xml b/services/sts/systests/advanced/pom.xml index 385e53a..cae3751 100644 --- a/services/sts/systests/advanced/pom.xml +++ b/services/sts/systests/advanced/pom.xml @@ -90,12 +90,6 @@ <scope>test</scope> </dependency> <dependency> - <groupId>org.apache.directory.server</groupId> - <artifactId>apacheds-kerberos-shared</artifactId> - <version>1.5.7</version> - <scope>test</scope> - </dependency> - <dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-rt-databinding-jaxb</artifactId> <version>${project.version}</version> http://git-wip-us.apache.org/repos/asf/cxf/blob/6233ee16/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/KerberosTokenTest.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/KerberosTokenTest.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/KerberosTokenTest.java deleted file mode 100644 index 2227056..0000000 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/KerberosTokenTest.java +++ /dev/null @@ -1,137 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.systest.sts.kerberos; - -import java.net.URL; -import java.util.Arrays; -import java.util.Collection; - -import javax.xml.namespace.QName; -import javax.xml.ws.BindingProvider; -import javax.xml.ws.Service; - -import org.apache.cxf.Bus; -import org.apache.cxf.bus.spring.SpringBusFactory; -import org.apache.cxf.systest.sts.common.SecurityTestUtil; -import org.apache.cxf.systest.sts.common.TestParam; -import org.apache.cxf.systest.sts.common.TokenTestUtils; -import org.apache.cxf.systest.sts.deployment.STSServer; -import org.apache.cxf.systest.sts.deployment.StaxSTSServer; -import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; -import org.example.contract.doubleit.DoubleItPortType; -import org.junit.BeforeClass; -import org.junit.runner.RunWith; -import org.junit.runners.Parameterized.Parameters; - -/** - * In this test, a CXF client requests a SAML2 HOK Assertion from the STS, which has a policy of requiring - * a KerberosToken over the TransportBinding. The CXF client retrieves a service ticket from the KDC and - * inserts it into the security header of the request. The STS validates the ticket using the - * KerberosTokenValidator. - * - * The tests are @Ignored by default, as a KDC is needed. To replicate the test scenario, set up a KDC with - * user principal "alice" (keytab in "/etc/alice.keytab"), and host service "b...@service.ws.apache.org" - * (keytab in "/etc/bob.keytab"). - */ -@RunWith(value = org.junit.runners.Parameterized.class) -@org.junit.Ignore -public class KerberosTokenTest extends AbstractBusClientServerTestBase { - - static final String STSPORT = allocatePort(STSServer.class); - static final String STAX_STSPORT = allocatePort(StaxSTSServer.class); - - private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt"; - private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService"); - - private static final String PORT = allocatePort(Server.class); - - final TestParam test; - - public KerberosTokenTest(TestParam type) { - this.test = type; - } - - @BeforeClass - public static void startServers() throws Exception { - assertTrue( - "Server failed to launch", - // run the server in the same process - // set this to false to fork - launchServer(Server.class, true) - ); - assertTrue( - "Server failed to launch", - // run the server in the same process - // set this to false to fork - launchServer(STSServer.class, true) - ); - assertTrue( - "Server failed to launch", - // run the server in the same process - // set this to false to fork - launchServer(StaxSTSServer.class, true) - ); - } - - @Parameters(name = "{0}") - public static Collection<TestParam[]> data() { - - return Arrays.asList(new TestParam[][] {{new TestParam(PORT, false, STSPORT)}, - {new TestParam(PORT, true, STSPORT)}, - {new TestParam(PORT, false, STAX_STSPORT)}, - {new TestParam(PORT, true, STAX_STSPORT)}, - }); - } - - @org.junit.AfterClass - public static void cleanup() throws Exception { - SecurityTestUtil.cleanup(); - stopAllServers(); - } - - @org.junit.Test - public void testKerberosToken() throws Exception { - - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = KerberosTokenTest.class.getResource("cxf-client.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - URL wsdl = KerberosTokenTest.class.getResource("DoubleIt.wsdl"); - Service service = Service.create(wsdl, SERVICE_QNAME); - QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2Port"); - DoubleItPortType transportSaml2Port = - service.getPort(portQName, DoubleItPortType.class); - updateAddressPort(transportSaml2Port, test.getPort()); - - TokenTestUtils.updateSTSPort((BindingProvider)transportSaml2Port, test.getStsPort()); - - doubleIt(transportSaml2Port, 25); - - ((java.io.Closeable)transportSaml2Port).close(); - bus.shutdown(true); - } - - private static void doubleIt(DoubleItPortType port, int numToDouble) { - int resp = port.doubleIt(numToDouble); - assertEquals(numToDouble * 2 , resp); - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/6233ee16/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/kerberos/cxf-client.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/kerberos/cxf-client.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/kerberos/cxf-client.xml deleted file mode 100644 index f56e41c..0000000 --- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/kerberos/cxf-client.xml +++ /dev/null @@ -1,67 +0,0 @@ -<?xml version="1.0"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---> -<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:cxf="http://cxf.apache.org/core" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:sec="http://cxf.apache.org/configuration/security" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd"> - <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> - <cxf:bus> - <cxf:features> - <cxf:logging/> - </cxf:features> - </cxf:bus> - <bean class="org.apache.cxf.ws.security.kerberos.KerberosClient" id="kerberosClient"> - <constructor-arg ref="cxf"/> - <property name="contextName" value="alice"/> - <property name="serviceName" value="b...@service.ws.apache.org"/> - </bean> - <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2Port" createdFromAPI="true"> - <jaxws:properties> - <entry key="ws-security.username" value="myclientkey"/> - <entry key="ws-security.signature.properties" value="clientKeystore.properties"/> - <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/> - <entry key="ws-security.sts.client"> - <bean class="org.apache.cxf.ws.security.trust.STSClient"> - <constructor-arg ref="cxf"/> - <property name="wsdlLocation" value="https://localhost:${testutil.ports.STSServer}/SecurityTokenService/Kerberos?wsdl"/> - <property name="serviceName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"/> - <property name="endpointName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Kerberos_Port"/> - <property name="properties"> - <map> - <entry key="ws-security.username" value="alice"/> - <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/> - <entry key="ws-security.sts.token.username" value="myclientkey"/> - <entry key="ws-security.sts.token.properties" value="clientKeystore.properties"/> - <entry key="ws-security.sts.token.usecert" value="true"/> - <entry key="ws-security.kerberos.client" value-ref="kerberosClient"/> - </map> - </property> - </bean> - </entry> - </jaxws:properties> - </jaxws:client> - <http:conduit name="https://localhost:.*"> - <http:tlsClientParameters disableCNCheck="true"> - <sec:trustManagers> - <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/> - </sec:trustManagers> - <sec:keyManagers keyPassword="skpass"> - <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/> - </sec:keyManagers> - </http:tlsClientParameters> - </http:conduit> -</beans> http://git-wip-us.apache.org/repos/asf/cxf/blob/6233ee16/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/kerberos/KerberosTokenTest.java ---------------------------------------------------------------------- diff --git a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/kerberos/KerberosTokenTest.java b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/kerberos/KerberosTokenTest.java index f9b8468..ccac694 100644 --- a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/kerberos/KerberosTokenTest.java +++ b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/kerberos/KerberosTokenTest.java @@ -48,6 +48,7 @@ import org.apache.directory.server.core.integ.FrameworkRunner; import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor; import org.apache.wss4j.dom.WSSConfig; import org.example.contract.doubleit.DoubleItPortType; +import org.junit.Assert; import org.junit.BeforeClass; import org.junit.runner.RunWith; @@ -133,7 +134,6 @@ public class KerberosTokenTest extends AbstractLdapTestUnit { outputStream.close(); System.setProperty("java.security.krb5.conf", f2.getPath()); - System.setProperty("sun.security.krb5.debug", "false"); } @BeforeClass @@ -153,7 +153,7 @@ public class KerberosTokenTest extends AbstractLdapTestUnit { basedir += "/.."; } - System.setProperty("sun.security.krb5.debug", "true"); + // System.setProperty("sun.security.krb5.debug", "true"); System.setProperty("java.security.auth.login.config", basedir + "/kerberos/src/test/resources/kerberos.jaas"); @@ -449,7 +449,7 @@ public class KerberosTokenTest extends AbstractLdapTestUnit { SecurityTestUtil.enableStreaming(kerberosPort); } - kerberosPort.doubleIt(25); + Assert.assertEquals(50, kerberosPort.doubleIt(25)); ((java.io.Closeable)kerberosPort).close(); bus.shutdown(true); @@ -479,7 +479,7 @@ public class KerberosTokenTest extends AbstractLdapTestUnit { SecurityTestUtil.enableStreaming(kerberosPort); } - kerberosPort.doubleIt(25); + Assert.assertEquals(50, kerberosPort.doubleIt(25)); ((java.io.Closeable)kerberosPort).close(); bus.shutdown(true); http://git-wip-us.apache.org/repos/asf/cxf/blob/6233ee16/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/SpnegoTokenTest.java ---------------------------------------------------------------------- diff --git a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/SpnegoTokenTest.java b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/SpnegoTokenTest.java index 37394eb..6003d40 100644 --- a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/SpnegoTokenTest.java +++ b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/SpnegoTokenTest.java @@ -45,6 +45,7 @@ import org.apache.directory.server.core.integ.FrameworkRunner; import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor; import org.apache.wss4j.dom.WSSConfig; import org.example.contract.doubleit.DoubleItPortType; +import org.junit.Assert; import org.junit.BeforeClass; import org.junit.runner.RunWith; @@ -126,7 +127,6 @@ public class SpnegoTokenTest extends AbstractLdapTestUnit { outputStream.close(); System.setProperty("java.security.krb5.conf", f2.getPath()); - System.setProperty("sun.security.krb5.debug", "false"); } @BeforeClass @@ -145,7 +145,7 @@ public class SpnegoTokenTest extends AbstractLdapTestUnit { basedir += "/.."; } - System.setProperty("sun.security.krb5.debug", "true"); + // System.setProperty("sun.security.krb5.debug", "true"); System.setProperty("java.security.auth.login.config", basedir + "/kerberos/src/test/resources/kerberos.jaas"); @@ -261,7 +261,7 @@ public class SpnegoTokenTest extends AbstractLdapTestUnit { SecurityTestUtil.enableStreaming(kerberosPort); } - kerberosPort.doubleIt(25); + Assert.assertEquals(50, kerberosPort.doubleIt(25)); ((java.io.Closeable)kerberosPort).close(); bus.shutdown(true);