This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/3.2.x-fixes by this push:
new adc5b7d Adding an Ignore'd test for WSS-640
adc5b7d is described below
commit adc5b7d3ed71a70d44700c6d59a54f0e9139ab8c
Author: Colm O hEigeartaigh <cohei...@apache.org>
AuthorDate: Mon Jan 21 15:51:28 2019 +0000
Adding an Ignore'd test for WSS-640
(cherry picked from commit aafc2b8ebce7143a0b19591404b5db29224f4595)
---
.../apache/cxf/systest/ws/saml/SamlTokenTest.java | 53 ++++++++++++++++++++++
.../apache/cxf/systest/ws/saml/DoubleItSaml.wsdl | 23 +++++++++-
.../org/apache/cxf/systest/ws/saml/client.xml | 6 +++
.../org/apache/cxf/systest/ws/saml/server.xml | 7 +++
.../org/apache/cxf/systest/ws/saml/stax-server.xml | 9 ++++
5 files changed, 97 insertions(+), 1 deletion(-)
diff --git
a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
index 7ff4718..d7a9558 100644
---
a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
+++
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
@@ -358,6 +358,59 @@ public class SamlTokenTest extends
AbstractBusClientServerTestBase {
bus.shutdown(true);
}
+ // Re-enable once we pick up WSS4J 2.2.3
(https://issues.apache.org/jira/browse/WSS-640)
+ @org.junit.Test
+ @org.junit.Ignore
+ public void testSaml2OverSymmetricSoap12() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SamlTokenTest.class.getResource("client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ BusFactory.setDefaultBus(bus);
+ BusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE,
"DoubleItSaml2SymmetricSoap12Port");
+ DoubleItPortType saml2Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(saml2Port, test.getPort());
+
+ if (test.isStreaming()) {
+ SecurityTestUtil.enableStreaming(saml2Port);
+ }
+
+ try {
+ saml2Port.doubleIt(25);
+ fail("Expected failure on an invocation with no SAML Assertion");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ assertTrue(ex.getMessage().contains("No SAML CallbackHandler
available"));
+ }
+
+ ((BindingProvider)saml2Port).getRequestContext().put(
+ SecurityConstants.SAML_CALLBACK_HANDLER, new
SamlCallbackHandler(false)
+ );
+ try {
+ saml2Port.doubleIt(25);
+ fail("Expected failure on an invocation with a SAML1 Assertion");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ assertTrue(ex.getMessage().contains("Wrong SAML Version")
+ || ex.getMessage().contains("enforces
SamlVersion20Profile11 but we got 1.1"));
+ }
+
+ SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler();
+ samlCallbackHandler.setSignAssertion(true);
+ ((BindingProvider)saml2Port).getRequestContext().put(
+ SecurityConstants.SAML_CALLBACK_HANDLER, samlCallbackHandler
+ );
+ int result = saml2Port.doubleIt(25);
+ assertTrue(result == 50);
+
+ ((java.io.Closeable)saml2Port).close();
+ bus.shutdown(true);
+ }
+
// Some negative tests. Send a sender-vouches assertion as a
SupportingToken...this will
// fail as the provider will demand that there is a signature covering
both the assertion
// and the message body.
diff --git
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl
index 706f8a07..ab1cf08 100644
---
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl
+++
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl
@@ -17,7 +17,7 @@
specific language governing permissions and limitations
under the License.
-->
-<wsdl:definitions xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/";
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/";
xmlns:tns="http://www.example.org/contract/DoubleIt";
xmlns:wsp="http://www.w3.org/ns/ws-policy";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsaws="http://www.w3.org/2005/08/addressing";
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";
xmlns:saml2="urn:oasi [...]
+<wsdl:definitions xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/";
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/";
xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/";
xmlns:tns="http://www.example.org/contract/DoubleIt";
xmlns:wsp="http://www.w3.org/ns/ws-policy";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsaws="http://www.w3.org/2005/08/addressing";
xmlns:sp="http://docs.oasis-open.or [...]
<wsdl:import location="src/test/resources/DoubleItLogical.wsdl"
namespace="http://www.example.org/contract/DoubleIt"/>
<wsdl:binding name="DoubleItSaml1TransportBinding"
type="tns:DoubleItPortType">
<wsp:PolicyReference URI="#DoubleItSaml1TransportPolicy"/>
@@ -143,6 +143,24 @@
</wsdl:fault>
</wsdl:operation>
</wsdl:binding>
+ <wsdl:binding name="DoubleItSaml2SymmetricSoap12Binding"
type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItSaml2SymmetricPolicy"/>
+ <soap12:binding style="document"
transport="http://schemas.xmlsoap.org/soap/http"/>
+ <wsdl:operation name="DoubleIt">
+ <soap12:operation soapAction=""/>
+ <wsdl:input>
+ <soap12:body use="literal"/>
+ <wsp:PolicyReference
URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap12:body use="literal"/>
+ <wsp:PolicyReference
URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+ </wsdl:output>
+ <wsdl:fault name="DoubleItFault">
+ <soap12:body use="literal" name="DoubleItFault"/>
+ </wsdl:fault>
+ </wsdl:operation>
+ </wsdl:binding>
<wsdl:binding name="DoubleItSaml2SymmetricSupportingBinding"
type="tns:DoubleItPortType">
<wsp:PolicyReference URI="#DoubleItSaml2SymmetricSupportingPolicy"/>
<soap:binding style="document"
transport="http://schemas.xmlsoap.org/soap/http"/>
@@ -349,6 +367,9 @@
<wsdl:port name="DoubleItSaml2SymmetricPort"
binding="tns:DoubleItSaml2SymmetricBinding">
<soap:address
location="http://localhost:9001/DoubleItSaml2Symmetric"/>
</wsdl:port>
+ <wsdl:port name="DoubleItSaml2SymmetricSoap12Port"
binding="tns:DoubleItSaml2SymmetricSoap12Binding">
+ <soap:address
location="http://localhost:9001/DoubleItSaml2SymmetricSoap12"/>
+ </wsdl:port>
<wsdl:port name="DoubleItSaml2SymmetricSupportingPort"
binding="tns:DoubleItSaml2SymmetricSupportingBinding">
<soap:address
location="http://localhost:9001/DoubleItSaml2Symmetric"/>
</wsdl:port>
diff --git
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client.xml
index d418c92..1357dd4 100644
---
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client.xml
+++
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client.xml
@@ -48,6 +48,12 @@
<entry key="security.encryption.username" value="bob"/>
</jaxws:properties>
</jaxws:client>
+ <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItSaml2SymmetricSoap12Port";
createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="security.encryption.properties"
value="bob.properties"/>
+ <entry key="security.encryption.username" value="bob"/>
+ </jaxws:properties>
+ </jaxws:client>
<jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItSaml2SymmetricSupportingPort";
createdFromAPI="true">
<jaxws:properties>
<entry key="security.encryption.properties"
value="bob.properties"/>
diff --git
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml
index 401f5a7..bf5cae6 100644
---
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml
+++
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml
@@ -69,6 +69,13 @@
<entry key="ws-security.saml2.validator"
value="org.apache.cxf.systest.ws.saml.CustomSaml2Validator"/>
</jaxws:properties>
</jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="Saml2TokenOverSymmetricSoap12"
address="http://localhost:${testutil.ports.saml.Server}/DoubleItSaml2SymmetricSoap12";
serviceName="s:DoubleItService"
endpointName="s:DoubleItSaml2SymmetricSoap12Port"
implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl"
wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
+ <jaxws:properties>
+ <entry key="security.callback-handler"
value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+ <entry key="security.signature.properties" value="bob.properties"/>
+ <entry key="ws-security.saml2.validator"
value="org.apache.cxf.systest.ws.saml.CustomSaml2Validator"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
<jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="Saml2TokenOverAsymmetric"
address="http://localhost:${testutil.ports.saml.Server}/DoubleItSaml2Asymmetric";
serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2AsymmetricPort"
implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl"
wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
<jaxws:properties>
<entry key="security.username" value="bob"/>
diff --git
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml
index 040a14f..09e4cec 100644
---
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml
+++
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml
@@ -74,6 +74,15 @@
<entry key="ws-security.enable.streaming" value="true"/>
</jaxws:properties>
</jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="Saml2TokenOverSymmetricSoap12"
address="http://localhost:${testutil.ports.saml.StaxServer}/DoubleItSaml2SymmetricSoap12";
serviceName="s:DoubleItService"
endpointName="s:DoubleItSaml2SymmetricSoap12Port"
implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl"
wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
+ <jaxws:properties>
+ <entry key="security.callback-handler"
value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+ <entry key="security.signature.properties" value="bob.properties"/>
+ <!--<entry key="ws-security.saml2.validator"
+
value="org.apache.cxf.systest.ws.saml.CustomSaml2Validator"/>-->
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
<jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="Saml2TokenOverAsymmetric"
address="http://localhost:${testutil.ports.saml.StaxServer}/DoubleItSaml2Asymmetric";
serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2AsymmetricPort"
implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl"
wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
<jaxws:properties>
<entry key="security.username" value="bob"/>
