Author: pskopek(a)redhat.com
Date: 2011-10-06 09:18:24 -0400 (Thu, 06 Oct 2011)
New Revision: 1293
Added:
integration-tests/branches/product/common-dist/files/eap/5.1.1/jboss-log4j.xml
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/CommonTestHelper.java
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/JBossPLTestHelper.java
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/TestDeployerShrinkWrapJBoss.java
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/BasicSTSTestCase.java
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/Hello.java
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/HelloJavaBean.java
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/STSLoginModulesTestCase.java
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/EasySession.java
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/EasySessionBean.java
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectEJB3InvokeTestCase.java
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectLevel2Session.java
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectLevel2SessionBean.java
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectSession.java
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectSessionBean.java
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/MaskedPassSAML2STSLoginModuleTestCase.java
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/MaskedPassSTSIssuingLMEJB3IntegrationTestCase.java
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/MaskedPassSTSIssuingLMWSTestCase.java
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SAML2STSLoginModuleTestCase.java
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/STSIssuingLMEJB3IntegrationTestCase.java
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/STSIssuingLMWSTestCase.java
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SamlSession.java
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SamlSessionBean.java
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SecureEndpoint.java
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SecureEndpointImpl.java
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/MANIFEST.MF
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/securitydomain/
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/securitydomain/ws-sample-jboss-beans.xml
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/securitydomain/ws-sample-roles.properties
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/securitydomain/ws-sample-users.properties
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/SAMLEJB3IntegrationTest.java
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/jboss-service.xml
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/login-config-backup.xml
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/sar_creation.txt
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/classes/
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/classes/picketlink-sts.xml
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/classes/sts-roles.properties
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/classes/sts-users.properties
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/classes/sts_keystore.jks
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/jboss-web.xml
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/jboss-wsse-server.xml
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/sts-jboss-beans.xml
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/web.xml
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/wsdl/
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/wsdl/PicketLinkSTS.wsdl
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/ejb3-sampleapp-jboss-beans.xml
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/ejb3-sampleapp-roles.properties
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/ejb3-sampleapp-users.properties
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/ejb3-sts-issuing-lm-jboss-beans.xml
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/indirect-level2-jboss-beans.xml
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/indirect-sts-issuing-lm-jboss-beans.xml
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/jboss-level2.xml
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/jboss.xml
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/jboss.xml
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/sts-config.properties
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/Alice.cer
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/Bob.cer
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/John.cer
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jboss-service.xml
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jboss-wsse-client.xml
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jboss-wsse-server.xml
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jboss.xml
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jbossws-roles.properties
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/keystore.jks
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/login-config.xml
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/alice-sign.jks
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/bob-sign.jks
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/john-sign.jks
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/readme.txt
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/wsse10.truststore
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/keystore/
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/keystore/sts_keystore.jks
Modified:
integration-tests/branches/product/ant-scripts/ant-build.xml
integration-tests/branches/product/parent/pom.xml
integration-tests/branches/product/picketlink-trust-eap5-cxf/pom.xml
integration-tests/branches/product/picketlink-trust-eap5-native/pom.xml
integration-tests/branches/product/picketlink-trust-tests/pom.xml
Log:
Tests from QA repository merged.
Modified: integration-tests/branches/product/ant-scripts/ant-build.xml
===================================================================
--- integration-tests/branches/product/ant-scripts/ant-build.xml 2011-10-06 13:16:45 UTC
(rev 1292)
+++ integration-tests/branches/product/ant-scripts/ant-build.xml 2011-10-06 13:18:24 UTC
(rev 1293)
@@ -141,9 +141,16 @@
<!-- copy
file="${localRepository}/org/picketlink/picketlink-trust-jbossws/${pl-trust-version}/picketlink-trust-jbossws-${pl-trust-version}.jar"
todir="${basedir}/target/${EAP_DIR}/jboss-as/server/${jboss.profile}/deploy/picketlink"/
-->
-
+
+ <!-- TODO: once JBPAPP-7325 is resolved this can be deleted -->
<copy
file="${basedir}/../common-dist/files/eap/5.1.1/war-deployers-jboss-beans.xml"
-
todir="${basedir}/target/${EAP_DIR}/jboss-as/server/${jboss.profile}/deployers/jbossweb.deployer/META-INF"
/>
+
todir="${basedir}/target/${EAP_DIR}/jboss-as/server/${jboss.profile}/deployers/jbossweb.deployer/META-INF"
+ overwrite="true"/>
+
+ <copy file="${basedir}/../common-dist/files/eap/5.1.1/jboss-log4j.xml"
+
todir="${basedir}/target/${EAP_DIR}/jboss-as/server/${jboss.profile}/conf"
+ overwrite="true"/>
+
</target>
<target name="start-jboss" depends="stop-jboss">
Added: integration-tests/branches/product/common-dist/files/eap/5.1.1/jboss-log4j.xml
===================================================================
--- integration-tests/branches/product/common-dist/files/eap/5.1.1/jboss-log4j.xml
(rev 0)
+++
integration-tests/branches/product/common-dist/files/eap/5.1.1/jboss-log4j.xml 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,403 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+
+<!-- ===================================================================== -->
+<!-- -->
+<!-- Log4j Configuration -->
+<!-- -->
+<!-- ===================================================================== -->
+
+<!-- $Id: jboss-log4j.xml 112224 2011-09-12 14:13:30Z mbenitez $ -->
+
+<!--
+ | For more configuration information and examples see the Jakarta Log4j
+ | owebsite:
http://jakarta.apache.org/log4j
+ -->
+
+<log4j:configuration
xmlns:log4j="http://jakarta.apache.org/log4j/"
debug="false">
+
+ <!-- ================================= -->
+ <!-- Preserve messages in a local file -->
+ <!-- ================================= -->
+
+ <!-- A time/date based rolling appender -->
+ <appender name="FILE"
class="org.jboss.logging.appender.DailyRollingFileAppender">
+ <errorHandler
class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
+ <param name="File"
value="${jboss.server.log.dir}/server.log"/>
+ <param name="Append" value="true"/>
+ <!-- In AS 5.0.x the server log threshold was set by a system
+ property. In 5.1 and later we are instead using the system
+ property to set the priority on the root logger (see <root/> below)
+ <param name="Threshold"
value="${jboss.server.log.threshold}"/>
+ -->
+
+ <!-- Rollover at midnight each day -->
+ <param name="DatePattern"
value="'.'yyyy-MM-dd"/>
+
+ <!-- Rollover at the top of each hour
+ <param name="DatePattern"
value="'.'yyyy-MM-dd-HH"/>
+ -->
+
+ <layout class="org.apache.log4j.PatternLayout">
+ <!-- The default pattern: Date Priority [Category] (Thread) Message\n -->
+ <param name="ConversionPattern" value="%d %-5p [%c] (%t)
%m%n"/>
+
+ <!-- The full pattern: Date MS Priority [Category] (Thread:NDC) Message\n
+ <param name="ConversionPattern" value="%d %-5r %-5p [%c]
(%t:%x) %m%n"/>
+ -->
+ </layout>
+ </appender>
+
+ <!-- A size based file rolling appender
+ <appender name="FILE"
class="org.jboss.logging.appender.RollingFileAppender">
+ <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
+ <param name="File"
value="${jboss.server.log.dir}/server.log"/>
+ <param name="Append" value="false"/>
+ <param name="MaxFileSize" value="500KB"/>
+ <param name="MaxBackupIndex" value="1"/>
+
+ <layout class="org.apache.log4j.PatternLayout">
+ <param name="ConversionPattern" value="%d %-5p [%c]
%m%n"/>
+ </layout>
+ </appender>
+ -->
+
+ <!-- ============================== -->
+ <!-- Append messages to the console -->
+ <!-- ============================== -->
+
+ <appender name="CONSOLE"
class="org.apache.log4j.ConsoleAppender">
+ <errorHandler
class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
+ <param name="Target" value="System.out"/>
+ <param name="Threshold" value="INFO"/>
+
+ <layout class="org.apache.log4j.PatternLayout">
+ <!-- The default pattern: Date Priority [Category] Message\n -->
+ <param name="ConversionPattern" value="%d{ABSOLUTE} %-5p
[%c{1}] %m%n"/>
+ </layout>
+ </appender>
+
+ <!-- ====================== -->
+ <!-- More Appender examples -->
+ <!-- ====================== -->
+
+ <!-- Buffer events and log them asynchronously
+ <appender name="ASYNC"
class="org.apache.log4j.AsyncAppender">
+ <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
+ <appender-ref ref="FILE"/>
+ <appender-ref ref="CONSOLE"/>
+ <appender-ref ref="SMTP"/>
+ </appender>
+ -->
+
+ <!-- EMail events to an administrator
+ <appender name="SMTP"
class="org.apache.log4j.net.SMTPAppender">
+ <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
+ <param name="Threshold" value="ERROR"/>
+ <param name="To" value="admin(a)myhost.domain.com"/>
+ <param name="From" value="nobody(a)myhost.domain.com"/>
+ <param name="Subject" value="JBoss Sever Errors"/>
+ <param name="SMTPHost" value="localhost"/>
+ <param name="BufferSize" value="10"/>
+ <layout class="org.apache.log4j.PatternLayout">
+ <param name="ConversionPattern" value="[%d{ABSOLUTE},%c{1}]
%m%n"/>
+ </layout>
+ </appender>
+ -->
+
+ <!-- Syslog events
+ <appender name="SYSLOG"
class="org.apache.log4j.net.SyslogAppender">
+ <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
+ <param name="Facility" value="LOCAL7"/>
+ <param name="FacilityPrinting" value="true"/>
+ <param name="SyslogHost" value="localhost"/>
+ <layout class="org.apache.log4j.PatternLayout">
+ <param name="ConversionPattern" value="[%d{ABSOLUTE},%c{1}]
%m%n"/>
+ </layout>
+ </appender>
+ -->
+
+ <!-- Log events to JMS (requires a topic to be created)
+ <appender name="JMS"
class="org.apache.log4j.net.JMSAppender">
+ <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
+ <param name="Threshold" value="ERROR"/>
+ <param name="TopicConnectionFactoryBindingName"
value="java:/ConnectionFactory"/>
+ <param name="TopicBindingName"
value="topic/MyErrorsTopic"/>
+ </appender>
+ -->
+
+ <!-- Log events through SNMP
+ <appender name="TRAP_LOG"
class="org.apache.log4j.ext.SNMPTrapAppender">
+ <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
+ <param name="ImplementationClassName"
value="org.apache.log4j.ext.JoeSNMPTrapSender"/>
+ <param name="ManagementHost" value="127.0.0.1"/>
+ <param name="ManagementHostTrapListenPort" value="162"/>
+ <param name="EnterpriseOID" value="1.3.6.1.4.1.24.0"/>
+ <param name="LocalIPAddress" value="127.0.0.1"/>
+ <param name="LocalTrapSendPort" value="161"/>
+ <param name="GenericTrapType" value="6"/>
+ <param name="SpecificTrapType" value="12345678"/>
+ <param name="CommunityString" value="public"/>
+ <param name="ForwardStackTraceWithTrap" value="true"/>
+ <param name="Threshold" value="DEBUG"/>
+ <param name="ApplicationTrapOID"
value="1.3.6.1.4.1.24.12.10.22.64"/>
+ <layout class="org.apache.log4j.PatternLayout">
+ <param name="ConversionPattern"
value="%d,%p,[%t],[%c],%m%n"/>
+ </layout>
+ </appender>
+ -->
+
+ <!-- Emit events as JMX notifications
+ <appender name="JMX"
class="org.jboss.monitor.services.JMXNotificationAppender">
+ <errorHandler
class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
+
+ <param name="Threshold" value="WARN"/>
+ <param name="ObjectName"
value="jboss.system:service=Logging,type=JMXNotificationAppender"/>
+
+ <layout class="org.apache.log4j.PatternLayout">
+ <param name="ConversionPattern" value="%d %-5p [%c]
%m"/>
+ </layout>
+ </appender>
+ -->
+
+ <!-- Security AUDIT Appender
+ <appender name="AUDIT"
class="org.jboss.logging.appender.DailyRollingFileAppender">
+ <errorHandler
class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
+ <param name="File"
value="${jboss.server.log.dir}/audit.log"/>
+ <param name="Append" value="true"/>
+ <param name="DatePattern"
value="'.'yyyy-MM-dd"/>
+ <layout class="org.apache.log4j.PatternLayout">
+ <param name="ConversionPattern" value="%d %-5p [%c] (%t:%x)
%m%n"/>
+ </layout>
+ </appender>
+ -->
+
+ <!-- ================ -->
+ <!-- Limit categories -->
+ <!-- ================ -->
+
+ <!-- Limit the org.apache category to INFO as its DEBUG is verbose -->
+ <category name="org.apache">
+ <priority value="INFO"/>
+ </category>
+
+ <!-- Limit the jacorb category to WARN as its INFO is verbose -->
+ <category name="jacorb">
+ <priority value="WARN"/>
+ </category>
+
+ <!-- Limit the jacorb.config category to ERROR -->
+ <category name="jacorb.config">
+ <priority value="ERROR"/>
+ </category>
+
+ <!-- Set the logging level of the JSF implementation that uses
+ | java.util.logging. The jdk logging levels can be controlled
+ | through the org.jboss.logging.log4j.JDKLevel class that
+ | in addition to the standard log4j levels it adds support for
+ | SEVERE, WARNING, CONFIG, FINE, FINER, FINEST
+ -->
+ <category name="javax.enterprise.resource.webcontainer.jsf">
+ <priority value="INFO"
class="org.jboss.logging.log4j.JDKLevel"/>
+ </category>
+
+ <!-- Limit the org.jgroups category to WARN as its INFO is verbose -->
+ <category name="org.jgroups">
+ <priority value="WARN"/>
+ </category>
+
+ <!-- Limit the org.quartz category to INFO as its DEBUG is verbose -->
+ <category name="org.quartz">
+ <priority value="INFO"/>
+ </category>
+
+ <!-- Limit the com.sun category to INFO as its FINE is verbose -->
+ <category name="com.sun">
+ <priority value="INFO"/>
+ </category>
+
+ <!-- Limit the sun category to INFO as its FINE is verbose -->
+ <category name="sun">
+ <priority value="INFO"/>
+ </category>
+
+ <!-- Limit the javax.xml.bind category to INFO as its FINE is verbose -->
+ <category name="javax.xml.bind">
+ <priority value="INFO"/>
+ </category>
+
+ <!-- Limit the springframework category to WARN-->
+ <category name="org.springframework">
+ <priority value="WARN"/>
+ </category>
+
+ <!-- Limit JBoss categories
+ <category name="org.jboss">
+ <priority value="INFO"/>
+ </category>
+ -->
+
+ <!-- Limit the JSR77 categories -->
+ <category name="org.jboss.management">
+ <priority value="INFO"/>
+ </category>
+
+ <!-- Limit the verbose facelets compiler -->
+ <category name="facelets.compiler">
+ <priority value="WARN"/>
+ </category>
+
+ <!-- Limit the verbose ajax4jsf cache initialization -->
+ <category name="org.ajax4jsf.cache">
+ <priority value="WARN"/>
+ </category>
+
+ <!-- Limit the verbose embedded jopr categories -->
+ <category name="org.rhq">
+ <priority value="WARN"/>
+ </category>
+
+ <!-- Limit the verbose seam categories -->
+ <category name="org.jboss.seam">
+ <priority value="WARN"/>
+ </category>
+
+ <!-- Limit the verbose MC4J EMS (lib used by admin-console) categories -->
+ <category name="org.mc4j.ems">
+ <priority value="WARN"/>
+ </category>
+
+ <category name="org.picketlink">
+ <priority value="TRACE"/>
+ </category>
+
+ <category name="org.jboss.web.tomcat">
+ <priority value="TRACE"/>
+ </category>
+
+ <category name="org.jboss.security">
+ <priority value="TRACE"/>
+ </category>
+
+ <!-- Show the evolution of the DataSource pool in the logs [inUse/Available/Max]
+ <category
name="org.jboss.resource.connectionmanager.JBossManagedConnectionPool">
+ <priority value="TRACE"/>
+ </category>
+ -->
+
+ <!-- Category specifically for Security Audit Provider
+ <category name="org.jboss.security.audit.providers.LogAuditProvider"
additivity="false">
+ <priority value="TRACE"/>
+ <appender-ref ref="AUDIT"/>
+ </category>
+ -->
+
+ <!-- Limit the org.jboss.serial (jboss-serialization) to INFO as its DEBUG is
verbose -->
+ <category name="org.jboss.serial">
+ <priority value="INFO"/>
+ </category>
+
+ <!-- Decrease the priority threshold for the org.jboss.varia category
+ <category name="org.jboss.varia">
+ <priority value="DEBUG"/>
+ </category>
+ -->
+
+ <!-- Enable JBossWS message tracing
+ <category name="org.jboss.ws.core.MessageTrace">
+ <priority value="TRACE"/>
+ </category>
+ -->
+
+ <!--
+ | An example of enabling the custom TRACE level priority that is used
+ | by the JBoss internals to diagnose low level details. This example
+ | turns on TRACE level msgs for the org.jboss.ejb.plugins package and its
+ | subpackages. This will produce A LOT of logging output.
+ |
+ | Note: since jboss AS 4.2.x, the trace level is supported natively by
+ | log4j, so although the custom org.jboss.logging.XLevel priority will
+ | still work, there is no need to use it. The two examples that follow
+ | will both enable trace logging.
+ <category name="org.jboss.system">
+ <priority value="TRACE"
class="org.jboss.logging.XLevel"/>
+ </category>
+ <category name="org.jboss.ejb.plugins">
+ <priority value="TRACE"/>
+ </category>
+ -->
+
+ <!--
+ | Logs these events to SNMP:
+ - server starts/stops
+ - cluster evolution (node death/startup)
+ - When an EJB archive is deployed (and associated verified messages)
+ - When an EAR archive is deployed
+
+ <category name="org.jboss.system.server.Server">
+ <priority value="INFO" />
+ <appender-ref ref="TRAP_LOG"/>
+ </category>
+
+ <category
name="org.jboss.ha.framework.interfaces.HAPartition.lifecycle">
+ <priority value="INFO" />
+ <appender-ref ref="TRAP_LOG"/>
+ </category>
+
+ <category name="org.jboss.deployment.MainDeployer">
+ <priority value="ERROR" />
+ <appender-ref ref="TRAP_LOG"/>
+ </category>
+
+ <category name="org.jboss.ejb.EJBDeployer">
+ <priority value="INFO" />
+ <appender-ref ref="TRAP_LOG"/>
+ </category>
+
+ <category name="org.jboss.deployment.EARDeployer">
+ <priority value="INFO" />
+ <appender-ref ref="TRAP_LOG"/>
+ </category>
+ -->
+
+ <!-- Clustering logging -->
+ <!-- Uncomment the following to redirect the org.jgroups and
+ org.jboss.ha categories to a cluster.log file.
+
+ <appender name="CLUSTER"
class="org.jboss.logging.appender.RollingFileAppender">
+ <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
+ <param name="File"
value="${jboss.server.log.dir}/cluster.log"/>
+ <param name="Append" value="false"/>
+ <param name="MaxFileSize" value="500KB"/>
+ <param name="MaxBackupIndex" value="1"/>
+
+ <layout class="org.apache.log4j.PatternLayout">
+ <param name="ConversionPattern" value="%d %-5p [%c]
%m%n"/>
+ </layout>
+ </appender>
+ <category name="org.jgroups">
+ <priority value="DEBUG" />
+ <appender-ref ref="CLUSTER"/>
+ </category>
+ <category name="org.jboss.ha">
+ <priority value="DEBUG" />
+ <appender-ref ref="CLUSTER"/>
+ </category>
+ -->
+
+ <!-- ======================= -->
+ <!-- Setup the Root category -->
+ <!-- ======================= -->
+
+ <root>
+ <!--
+ Set the root logger priority via a system property. Note this is parsed by
log4j,
+ so the full JBoss system property format is not supported; e.g.
+ setting a default via ${jboss.server.log.threshold:WARN} will not work.
+ -->
+ <priority value="${jboss.server.log.threshold}"/>
+ <appender-ref ref="CONSOLE"/>
+ <appender-ref ref="FILE"/>
+ </root>
+
+</log4j:configuration>
Modified: integration-tests/branches/product/parent/pom.xml
===================================================================
--- integration-tests/branches/product/parent/pom.xml 2011-10-06 13:16:45 UTC (rev 1292)
+++ integration-tests/branches/product/parent/pom.xml 2011-10-06 13:18:24 UTC (rev 1293)
@@ -33,8 +33,9 @@
<pl-fed-webapps-assembly-version>2.0.1.1.final</pl-fed-webapps-assembly-version>
<maven.compiler.target>1.6</maven.compiler.target>
<eap-home>${basedir}/target/jboss-eap-5.1/jboss-as</eap-home>
+ <!-- EAP_ZIP>jboss-eap-noauth-5.1.1.zip</EAP_ZIP -->
<EAP_ZIP>jboss-eap-noauth-5.1.2-ER1.zip</EAP_ZIP>
-
<CXF_INSTALLER_ZIP>jboss-ep-ws-cxf-5.1.2-ER1-installer.zip</CXF_INSTALLER_ZIP>
+
<CXF_INSTALLER_ZIP>jboss-ep-ws-cxf-5.1.2-ER1-installer.zip</CXF_INSTALLER_ZIP>
<downloadURL.prefix>file:///mnt/jqa/eap/5.1.2.ER1</downloadURL.prefix>
<EAP_URL>${downloadURL.prefix}/${EAP_ZIP}</EAP_URL>
<CXF_INSTALLER_URL>${downloadURL.prefix}/${CXF_INSTALLER_ZIP}</CXF_INSTALLER_URL>
@@ -155,21 +156,6 @@
</releases>
</repository>
</repositories>
- <pluginRepositories>
- <pluginRepository>
- <id>maven-107</id>
- <name>Maven Surefire Staging Repository</name>
- <layout>default</layout>
-
<
url>https://repository.apache.org/content/repositories/maven-107/</...
- <snapshots>
- <enabled>true</enabled>
- </snapshots>
- <releases>
- <enabled>true</enabled>
- <updatePolicy>never</updatePolicy>
- </releases>
- </pluginRepository>
- </pluginRepositories>
<dependencyManagement>
<dependencies>
<dependency>
Modified: integration-tests/branches/product/picketlink-trust-eap5-cxf/pom.xml
===================================================================
--- integration-tests/branches/product/picketlink-trust-eap5-cxf/pom.xml 2011-10-06
13:16:45 UTC (rev 1292)
+++ integration-tests/branches/product/picketlink-trust-eap5-cxf/pom.xml 2011-10-06
13:18:24 UTC (rev 1293)
@@ -11,6 +11,29 @@
<name>PicketLink Integration Tests for WS-Trust (STS) - Trust - EAP5 - WS CXF
Stack</name>
<
url>http://labs.jboss.org/portal/picketlink/</url>
<description>PicketLink Federation Tests to be run in a continuous integration
environment such as Hudson</description>
+
+ <properties>
+ <jboss.bind.address>localhost</jboss.bind.address>
+ <jboss.home>${eap-home}</jboss.home>
+ <jboss.server.instance>${jboss.profile}</jboss.server.instance>
+ <jbossws.integration.target>jboss510</jbossws.integration.target>
+
+
+ <surefire.security.args>-Djava.security.manager
-Djava.security.policy=src/test/etc/tst.policy</surefire.security.args>
+ <surefire.jdwp.args>-Xdebug -Xnoagent -Djava.compiler=NONE
-Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=5005</surefire.jdwp.args>
+ <surefire.gc.args>-XX:MaxPermSize=128m</surefire.gc.args>
+
<test.archive.directory>${basedir}/../picketlink-trust-tests/target</test.archive.directory>
+
<test.classes.directory>${basedir}/../picketlink-trust-tests/target/test-classes</test.classes.directory>
+
<test.resources.directory>${basedir}/../picketlink-trust-tests/target/test-classes</test.resources.directory>
+
<wsdl.publish.location>${basedir}/../picketlink-trust-tests/target/wsdl-publish</wsdl.publish.location>
+ <!-- hibernate.version>3.2.4.sp1</hibernate.version -->
+
<endpoint.servlet>org.jboss.wsf.stack.jbws.EndpointServlet</endpoint.servlet>
+ <jboss.javaee.version>5.0.0.GA</jboss.javaee.version>
+ <surefire.debug.log4j.config>-Dlog4j.logger.org.picketlink=DEBUG
-Dlog4j.configuration=file://${test.resources.directory}/log4j.xml</surefire.debug.log4j.config>
+ <surefire.log4j.config>-Dlog4j.info
-Dlog4j.configuration=file://${test.resources.directory}/log4j.xml</surefire.log4j.config>
+ <jbossws.spi.version>1.1.2.SP7</jbossws.spi.version>
+ </properties>
+
<licenses>
<license>
<name>lgpl</name>
@@ -28,14 +51,44 @@
<configuration>
<phase>test</phase>
<!-- <skipTests>true</skipTests> -->
+
+ <systemPropertyVariables>
+
<java.naming.provider.url>jnp://${jboss.bind.address}:1099</java.naming.provider.url>
+
<java.naming.factory.initial>org.jnp.interfaces.NamingContextFactory</java.naming.factory.initial>
+
<java.naming.factory.url.pkgs>org.jboss.naming:org.jnp.interfaces</java.naming.factory.url.pkgs>
+
<java.naming.factory.initial>org.jnp.interfaces.NamingContextFactory</java.naming.factory.initial>
+
<jboss.server.instance>${jboss.server.instance}</jboss.server.instance>
+
<java.protocol.handler.pkgs>org.jboss.virtual.protocol</java.protocol.handler.pkgs>
+
<java.util.logging.manager>org.jboss.wsf.common.logging.JDKLogManager</java.util.logging.manager>
+ <jboss.home>${jboss.home}</jboss.home>
+
<jbossws.integration.target>${jbossws.integration.target}</jbossws.integration.target>
+ <log4j.output.dir>${project.build.directory}</log4j.output.dir>
+
<org.jboss.ws.wsse.keyStore>${test.resources.directory}/jaxws/samples/wssecurity/wsse.keystore</org.jboss.ws.wsse.keyStore>
+
<org.jboss.ws.wsse.trustStore>${test.resources.directory}/jaxws/samples/wssecurity/wsse.truststore</org.jboss.ws.wsse.trustStore>
+
<org.jboss.ws.wsse.keyStorePassword>jbossws</org.jboss.ws.wsse.keyStorePassword>
+
<org.jboss.ws.wsse.trustStorePassword>jbossws</org.jboss.ws.wsse.trustStorePassword>
+
<org.jboss.ws.wsse.keyStoreType>jks</org.jboss.ws.wsse.keyStoreType>
+
<org.jboss.ws.wsse.trustStoreType>jks</org.jboss.ws.wsse.trustStoreType>
+
<test.archive.directory>${test.archive.directory}</test.archive.directory>
+
<test.classes.directory>${test.classes.directory}</test.classes.directory>
+
<test.resources.directory>${test.resources.directory}</test.resources.directory>
+
<wsdl.publish.location>${wsdl.publish.location}</wsdl.publish.location>
+ </systemPropertyVariables>
+
<testClassesDirectory>${basedir}/../picketlink-trust-tests/target/test-classes</testClassesDirectory>
<testResourcesDirectory>${basedir}/../picketlink-trust-tests/target/test-classes</testResourcesDirectory>
<printSummary>true</printSummary>
<disableXmlReport>false</disableXmlReport>
<includes>
- <include>**/ServletToWSTestCase.java</include>
- <include>**/*XXTestCase.java</include>
+ <!-- include>**/ServletToWSTestCase.java</include -->
+ <include>**/*TestCase.java</include>
</includes>
+ <excludes>
+ <!-- WS-Security style of this tests is not CXF supported
+ TODO: change it to CXF ready one
+ -->
+ <exclude>**/STSLoginModulesTestCase.java</exclude>
+ </excludes>
<forkMode>pertest</forkMode>
<argLine>-Djava.endorsed.dirs=${basedir}/target/jboss-5.1.0.GA/lib/endorsed</argLine>
<useFile>false</useFile>
@@ -47,6 +100,7 @@
<additionalClasspathElement>${eap-home}/client/jmx-invoker-adaptor-client.jar</additionalClasspathElement>
<additionalClasspathElement>${eap-home}/client/jbossall-client.jar</additionalClasspathElement>
<additionalClasspathElement>${eap-home}/client/jbossws-common.jar</additionalClasspathElement>
+
<additionalClasspathElement>${eap-home}/client/jbossws-jboss50.jar</additionalClasspathElement>
<additionalClasspathElement>${eap-home}/common/lib/picketlink-core-${pl-version}.jar</additionalClasspathElement>
<additionalClasspathElement>${eap-home}/lib/endorsed/xercesImpl.jar</additionalClasspathElement>
@@ -54,6 +108,7 @@
<additionalClasspathElement>${eap-home}/client/jbossws-spi.jar</additionalClasspathElement>
<additionalClasspathElement>${eap-home}/client/jbossws-common.jar</additionalClasspathElement>
+
<additionalClasspathElement>${eap-home}/client/jbossws-jboss50.jar</additionalClasspathElement>
<additionalClasspathElement>${eap-home}/client/jboss-xml-binding.jar</additionalClasspathElement>
<additionalClasspathElement>${eap-home}/client/mail.jar</additionalClasspathElement>
<additionalClasspathElement>${eap-home}/client/wsdl4j.jar</additionalClasspathElement>
@@ -189,6 +244,18 @@
<version>3.1</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.jboss.shrinkwrap</groupId>
+ <artifactId>shrinkwrap-api</artifactId>
+ <version>1.0.0-cr-1</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.shrinkwrap</groupId>
+ <artifactId>shrinkwrap-impl-base</artifactId>
+ <version>1.0.0-cr-1</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
Modified: integration-tests/branches/product/picketlink-trust-eap5-native/pom.xml
===================================================================
--- integration-tests/branches/product/picketlink-trust-eap5-native/pom.xml 2011-10-06
13:16:45 UTC (rev 1292)
+++ integration-tests/branches/product/picketlink-trust-eap5-native/pom.xml 2011-10-06
13:18:24 UTC (rev 1293)
@@ -11,6 +11,29 @@
<name>PicketLink Integration Tests for WS-Trust (STS) - Trust - EAP5 - WS Native
Stack</name>
<
url>http://labs.jboss.org/portal/picketlink/</url>
<description>PicketLink Federation Tests to be run in a continuous integration
environment such as Hudson</description>
+
+ <properties>
+ <jboss.bind.address>localhost</jboss.bind.address>
+ <jboss.home>${eap-home}</jboss.home>
+ <jboss.server.instance>${jboss.profile}</jboss.server.instance>
+ <jbossws.integration.target>jboss510</jbossws.integration.target>
+
+
+ <surefire.security.args>-Djava.security.manager
-Djava.security.policy=src/test/etc/tst.policy</surefire.security.args>
+ <surefire.jdwp.args>-Xdebug -Xnoagent -Djava.compiler=NONE
-Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=5005</surefire.jdwp.args>
+ <surefire.gc.args>-XX:MaxPermSize=128m</surefire.gc.args>
+
<test.archive.directory>${basedir}/../picketlink-trust-tests/target</test.archive.directory>
+
<test.classes.directory>${basedir}/../picketlink-trust-tests/target/test-classes</test.classes.directory>
+
<test.resources.directory>${basedir}/../picketlink-trust-tests/target/test-classes</test.resources.directory>
+
<wsdl.publish.location>${basedir}/../picketlink-trust-tests/target/wsdl-publish</wsdl.publish.location>
+ <!-- hibernate.version>3.2.4.sp1</hibernate.version -->
+
<endpoint.servlet>org.jboss.wsf.stack.jbws.EndpointServlet</endpoint.servlet>
+ <jboss.javaee.version>5.0.0.GA</jboss.javaee.version>
+ <surefire.debug.log4j.config>-Dlog4j.logger.org.picketlink=DEBUG
-Dlog4j.configuration=file://${test.resources.directory}/log4j.xml</surefire.debug.log4j.config>
+ <surefire.log4j.config>-Dlog4j.info
-Dlog4j.configuration=file://${test.resources.directory}/log4j.xml</surefire.log4j.config>
+ <jbossws.spi.version>1.1.2.SP7</jbossws.spi.version>
+ </properties>
+
<licenses>
<license>
<name>lgpl</name>
@@ -28,6 +51,30 @@
<configuration>
<phase>test</phase>
<!-- <skipTests>true</skipTests> -->
+
+ <systemPropertyVariables>
+
<java.naming.provider.url>jnp://${jboss.bind.address}:1099</java.naming.provider.url>
+
<java.naming.factory.initial>org.jnp.interfaces.NamingContextFactory</java.naming.factory.initial>
+
<java.naming.factory.url.pkgs>org.jboss.naming:org.jnp.interfaces</java.naming.factory.url.pkgs>
+
<java.naming.factory.initial>org.jnp.interfaces.NamingContextFactory</java.naming.factory.initial>
+
<jboss.server.instance>${jboss.server.instance}</jboss.server.instance>
+
<java.protocol.handler.pkgs>org.jboss.virtual.protocol</java.protocol.handler.pkgs>
+
<java.util.logging.manager>org.jboss.wsf.common.logging.JDKLogManager</java.util.logging.manager>
+ <jboss.home>${jboss.home}</jboss.home>
+
<jbossws.integration.target>${jbossws.integration.target}</jbossws.integration.target>
+ <log4j.output.dir>${project.build.directory}</log4j.output.dir>
+
<org.jboss.ws.wsse.keyStore>${test.resources.directory}/jaxws/samples/wssecurity/wsse.keystore</org.jboss.ws.wsse.keyStore>
+
<org.jboss.ws.wsse.trustStore>${test.resources.directory}/jaxws/samples/wssecurity/wsse.truststore</org.jboss.ws.wsse.trustStore>
+
<org.jboss.ws.wsse.keyStorePassword>jbossws</org.jboss.ws.wsse.keyStorePassword>
+
<org.jboss.ws.wsse.trustStorePassword>jbossws</org.jboss.ws.wsse.trustStorePassword>
+
<org.jboss.ws.wsse.keyStoreType>jks</org.jboss.ws.wsse.keyStoreType>
+
<org.jboss.ws.wsse.trustStoreType>jks</org.jboss.ws.wsse.trustStoreType>
+
<test.archive.directory>${test.archive.directory}</test.archive.directory>
+
<test.classes.directory>${test.classes.directory}</test.classes.directory>
+
<test.resources.directory>${test.resources.directory}</test.resources.directory>
+
<wsdl.publish.location>${wsdl.publish.location}</wsdl.publish.location>
+ </systemPropertyVariables>
+
<testClassesDirectory>${basedir}/../picketlink-trust-tests/target/test-classes</testClassesDirectory>
<testResourcesDirectory>${basedir}/../picketlink-trust-tests/target/test-classes</testResourcesDirectory>
<printSummary>true</printSummary>
@@ -53,6 +100,7 @@
<additionalClasspathElement>${eap-home}/client/jbossws-spi.jar</additionalClasspathElement>
<additionalClasspathElement>${eap-home}/client/jbossws-native-factories.jar</additionalClasspathElement>
<additionalClasspathElement>${eap-home}/client/jbossws-common.jar</additionalClasspathElement>
+
<additionalClasspathElement>${eap-home}/client/jbossws-jboss50.jar</additionalClasspathElement>
<additionalClasspathElement>${eap-home}/client/jboss-xml-binding.jar</additionalClasspathElement>
<additionalClasspathElement>${eap-home}/client/mail.jar</additionalClasspathElement>
<additionalClasspathElement>${eap-home}/client/wsdl4j.jar</additionalClasspathElement>
@@ -76,6 +124,7 @@
<property name="pl-fed-webapps-assembly-version"
value="${pl-fed-webapps-assembly-version}"/>
<property name="localRepository"
value="${user.home}/.m2/repository"/>
<property name="jboss.dist" value="${jboss.dist}"
/>
+ <property name="EAP_ZIP" value="${EAP_ZIP}"
/>
<ant antfile="${basedir}/../ant-scripts/ant-build.xml"
target="init-eap5" />
<ant antfile="${basedir}/../ant-scripts/ant-build.xml"
target="copy-sts-props-eap5" />
<ant antfile="${basedir}/../ant-scripts/ant-build.xml"
target="copy-trust-settings-eap5" />
@@ -188,6 +237,18 @@
<version>3.1</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.jboss.shrinkwrap</groupId>
+ <artifactId>shrinkwrap-api</artifactId>
+ <version>1.0.0-cr-1</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.shrinkwrap</groupId>
+ <artifactId>shrinkwrap-impl-base</artifactId>
+ <version>1.0.0-cr-1</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
Modified: integration-tests/branches/product/picketlink-trust-tests/pom.xml
===================================================================
--- integration-tests/branches/product/picketlink-trust-tests/pom.xml 2011-10-06 13:16:45
UTC (rev 1292)
+++ integration-tests/branches/product/picketlink-trust-tests/pom.xml 2011-10-06 13:18:24
UTC (rev 1293)
@@ -51,7 +51,7 @@
<phase>package</phase>
<configuration>
<warName>pojo-test</warName>
- <packagingExcludes>WEB-INF/lib/*.jar</packagingExcludes>
+
<packagingExcludes>WEB-INF/lib/*.jar,fed,keystore,MANIFEST.MF</packagingExcludes>
<warSourceDirectory>src/test/resources/webapp</warSourceDirectory>
<webappDirectory>${project.build.directory}/${project.build.finalName}-pojo-test</webappDirectory>
<webResources>
@@ -76,7 +76,7 @@
<phase>package</phase>
<configuration>
<warName>binary-test</warName>
- <packagingExcludes>WEB-INF/lib/*.jar</packagingExcludes>
+
<packagingExcludes>WEB-INF/lib/*.jar,fed,keystore,MANIFEST.MF</packagingExcludes>
<warSourceDirectory>src/test/resources/binary</warSourceDirectory>
<webappDirectory>${project.build.directory}/${project.build.finalName}-binary-test</webappDirectory>
<webResources>
@@ -119,6 +119,10 @@
<exclude>**/*TestCase*</exclude>
<exclude>**/POJO*</exclude>
<exclude>**/author*</exclude>
+ <exclude>fed/**</exclude>
+ <exclude>keystore/**</exclude>
+ <exclude>fed/**</exclude>
+ <exclude>org/picketlink/qa/**</exclude>
</excludes>
</configuration>
</plugin>
@@ -243,8 +247,12 @@
<version>3.1</version>
<scope>test</scope>
</dependency>
-
-
+ <dependency>
+ <groupId>org.jboss.shrinkwrap</groupId>
+ <artifactId>shrinkwrap-api</artifactId>
+ <version>1.0.0-cr-1</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<reporting>
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/CommonTestHelper.java
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/CommonTestHelper.java
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/CommonTestHelper.java 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,82 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+
+package org.picketlink.qa;
+
+import java.io.IOException;
+import java.io.StringReader;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.apache.log4j.Logger;
+import org.w3c.dom.Document;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
+
+/**
+ * This is helper class that can be used on server side as well as on client side.
+ * @author pskopek
+ *
+ */
+public class CommonTestHelper
+{
+
+ public static Logger log = Logger.getLogger(CommonTestHelper.class);
+
+ public static String getSubjectNameIDFromXmlString(String xml) throws IOException,
SAXException, ParserConfigurationException
+ {
+
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ factory.setXIncludeAware(true);
+
+ DocumentBuilder builder = factory.newDocumentBuilder();
+ InputSource is = new InputSource(new StringReader(xml));
+
+ Document doc = builder.parse(is);
+
+ Node subject =
doc.getDocumentElement().getElementsByTagName("saml:Subject").item(0);
+ NodeList list = subject.getChildNodes();
+
+ for (int i = 0; i < list.getLength(); i++)
+ {
+
+ Node n = list.item(i);
+ log.trace("Child Node Name=" + n.getNodeName());
+
+ if (n.getNodeName().equals("saml:NameID"))
+ {
+ log.trace("returning node value=" + n.getTextContent());
+ return n.getTextContent();
+ }
+
+ }
+
+ return null;
+ }
+
+
+}
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/JBossPLTestHelper.java
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/JBossPLTestHelper.java
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/JBossPLTestHelper.java 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,249 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+
+package org.picketlink.qa;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileReader;
+import java.io.IOException;
+import java.util.regex.Pattern;
+
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.PBEParameterSpec;
+
+import org.apache.log4j.Logger;
+import org.jboss.shrinkwrap.api.Archive;
+import org.jboss.shrinkwrap.api.ArchivePath;
+import org.jboss.shrinkwrap.api.ArchivePaths;
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.asset.Asset;
+import org.jboss.shrinkwrap.api.asset.StringAsset;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.jboss.wsf.test.JBossWSTestHelper;
+import org.picketlink.identity.federation.core.util.PBEUtils;
+
+/**
+ * @author pskopek
+ *
+ */
+public class JBossPLTestHelper extends JBossWSTestHelper {
+
+ private static Logger log = Logger.getLogger(JBossPLTestHelper.class);
+ private static String MASK_PREFIX = "MASK-";
+
+ private static JBossPLTestHelper TEST_HELPER;
+
+ static {
+ TEST_HELPER = new JBossPLTestHelper();
+ }
+
+ public static String STS_FILE_NAME = "picketlink-sts.war";
+ public static String STS_FILE_NAME_MASKED_PASS =
"picketlink-sts-masked-pass.war";
+ private static WebArchive STS = null;
+ private static WebArchive MASKED_PASS_STS = null;
+
+ private TestDeployerShrinkWrapJBoss sw;
+
+
+ public static JBossPLTestHelper getJBossPLTestHelper() {
+ if (TEST_HELPER == null)
+ TEST_HELPER = new JBossPLTestHelper();
+ return TEST_HELPER;
+ }
+
+ private JBossPLTestHelper() {
+ super();
+ this.sw = new TestDeployerShrinkWrapJBoss(getServer());
+ }
+
+ public void deploy(Archive<?> archive) throws Exception {
+ sw.deploy(archive);
+ }
+
+ public void undeploy(Archive<?> archive) throws Exception {
+ sw.undeploy(archive);
+ }
+
+ public static WebArchive getPicketLinkSTSArchive() {
+ if (STS == null) {
+ createPicketLinkSTSArchive();
+ }
+
+ return STS;
+ }
+
+ public static String maskPassword(byte[] salt, int count, String passwordToEncode) {
+
+ try {
+
+ char[] password =
"somearbitrarycrazystringthatdoesnotmatter".toCharArray();
+ byte[] passwordToEncodeB = passwordToEncode.getBytes("UTF-8");
+
+ PBEParameterSpec cipherSpec = new PBEParameterSpec(salt, count);
+ PBEKeySpec keySpec = new PBEKeySpec(password);
+ SecretKeyFactory factory =
SecretKeyFactory.getInstance("PBEwithMD5andDES");
+ SecretKey cipherKey = factory.generateSecret(keySpec);
+ String encodedPassword = PBEUtils.encode64(passwordToEncodeB,
"PBEwithMD5andDES",
+ cipherKey, cipherSpec);
+
+ return encodedPassword;
+ }
+ catch (Exception e) {
+ log.error("Problem while encoding password ", e);
+ throw new RuntimeException(e);
+ }
+
+ }
+
+
+ public static WebArchive getPasswordMaskedPicketLinkSTSArchive() {
+ if (MASKED_PASS_STS == null) {
+
+ byte[] salt = new byte[] {48, 80, 110, 65, 89, 112, 40, 122 }; // 0PnAYp(z
+ int iterationCount = 135;
+
+ String maskedKeyStorePass = MASK_PREFIX + maskPassword( salt, iterationCount,
"testpass");
+ String maskedSigningKeyPass = MASK_PREFIX + maskPassword(salt, iterationCount,
"keypass");
+
+ String additionalProps = "<Auth Key=\"salt\"
Value=\"0PnAYp(z\"/> <Auth Key=\"iterationCount\"
Value=\"135\"/>";
+
+ MASKED_PASS_STS = createPicketLinkSTSArchive(STS_FILE_NAME_MASKED_PASS,
"sts_keystore.jks", maskedKeyStorePass, "sts", maskedSigningKeyPass,
additionalProps);
+ }
+
+ return MASKED_PASS_STS;
+ }
+
+ /**
+ * Creates STS archive ready to deploy.
+ */
+ private static void createPicketLinkSTSArchive() {
+
+ STS = createPicketLinkSTSArchive(STS_FILE_NAME, "sts_keystore.jks",
"testpass", "sts", "keypass", "");
+
+ }
+
+ /**
+ * Creates STS archive with picketlink-sts.xml created by replacing following tokens
with parameters.
+ * <code>
+ * ${keyStoreURL} -> keyStoreURL
+ * ${keyStorePass} -> keyStorePass
+ * ${signingKeyAlias} -> signingKeyAlias
+ * ${signingKeyPass} -> signingKeyPass
+ * </code>
+ *
+ * @param archiveName
+ * @param keyStoreURL
+ * @param keyStorePass
+ * @param signingKeyAlias
+ * @param signingKeyPass
+ * @param additionalMaskinProps
+ */
+ private static WebArchive createPicketLinkSTSArchive(String archiveName, String
keyStoreURL, String keyStorePass, String signingKeyAlias, String signingKeyPass, String
additionalMaskingProps) {
+
+
+ WebArchive arch = null;
+
+ File stsXml =
TEST_HELPER.getResourceFile("fed/wstrust-lm/STS/WEB-INF/classes/picketlink-sts.xml");
+ StringBuffer fileContent = new StringBuffer(1024);
+
+ try {
+
+ BufferedReader reader = new BufferedReader(new FileReader(stsXml));
+ char[] buf = new char[1024];
+ int numRead=0;
+ while((numRead=reader.read(buf)) != -1){
+ String readData = String.valueOf(buf, 0, numRead);
+ fileContent.append(readData);
+ buf = new char[1024];
+ }
+ reader.close();
+
+ }
+ catch (IOException e) {
+ log.error("IO Exception happend.", e);
+ }
+
+ String plSTS = fileContent.toString()
+ .replaceAll(Pattern.quote("${keyStoreURL}"), keyStoreURL)
+ .replaceAll(Pattern.quote("${keyStorePass}"), keyStorePass)
+ .replaceAll(Pattern.quote("${signingKeyAlias}"), signingKeyAlias)
+ .replaceAll(Pattern.quote("${signingKeyPass}"), signingKeyPass)
+ .replaceAll(Pattern.quote("${additionalMaskingProps}"),
additionalMaskingProps);
+ ;
+
+ StringAsset sAsset = new StringAsset(plSTS);
+
+ /* picketlink-sts package */
+ arch = ShrinkWrap.create(WebArchive.class, archiveName);
+ arch.setManifest(TEST_HELPER.getResourceFile("MANIFEST.MF"));
+
+
arch.addAsWebInfResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/STS/WEB-INF/jboss-web.xml"));
+
arch.addAsWebInfResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/STS/WEB-INF/jboss-wsse-server.xml"));
+
arch.addAsWebInfResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/STS/WEB-INF/sts-jboss-beans.xml"));
+
arch.setWebXML(TEST_HELPER.getResourceFile("fed/wstrust-lm/STS/WEB-INF/web.xml"));
+
+ ArchivePath classes = ArchivePaths.create("classes");
+ ArchivePath wsdl = ArchivePaths.create("wsdl");
+
+ addWebResourceWA(arch, sAsset, classes, "picketlink-sts.xml");
+ addWebResourceWA(arch,
TEST_HELPER.getResourceFile("fed/wstrust-lm/STS/WEB-INF/classes/sts-roles.properties"),
classes);
+ addWebResourceWA(arch,
TEST_HELPER.getResourceFile("fed/wstrust-lm/STS/WEB-INF/classes/sts-users.properties"),
classes);
+ addWebResourceWA(arch,
TEST_HELPER.getResourceFile("fed/wstrust-lm/STS/WEB-INF/classes/sts_keystore.jks"),
classes);
+ addWebResourceWA(arch,
TEST_HELPER.getResourceFile("fed/wstrust-lm/STS/WEB-INF/wsdl/PicketLinkSTS.wsdl"),
wsdl);
+
+ return arch;
+
+ }
+
+
+
+ /**
+ * Workaround to store more files under specified ArchivePath in given WebArchive.
+ *
https://jira.jboss.org/browse/SHRINKWRAP-187
+ * @param webArchive
+ * @param file
+ * @param path
+ */
+ public static void addWebResourceWA(WebArchive webArchive, File file, ArchivePath path)
+ {
+ webArchive.addAsWebResource(file, path.get() + File.separator + file.getName());
+ }
+
+ /**
+ * Workaround to store more Assets under specified ArchivePath in given WebArchive.
+ *
https://jira.jboss.org/browse/SHRINKWRAP-187
+ * @param webArchive
+ * @param asset - the asset to include
+ * @param path - path of the asset in archive
+ * @param assetName - name of the asset inside archive
+ */
+ public static void addWebResourceWA(WebArchive webArchive, Asset asset, ArchivePath
path, String assetName)
+ {
+ webArchive.addAsWebResource(asset, path.get() + File.separator + assetName);
+ }
+
+
+}
+//
\ No newline at end of file
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/TestDeployerShrinkWrapJBoss.java
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/TestDeployerShrinkWrapJBoss.java
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/TestDeployerShrinkWrapJBoss.java 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,59 @@
+package org.picketlink.qa;
+
+import java.io.File;
+import java.net.MalformedURLException;
+import java.net.URL;
+
+import javax.management.MBeanServerConnection;
+
+import org.apache.log4j.Logger;
+import org.jboss.shrinkwrap.api.Archive;
+import org.jboss.shrinkwrap.api.exporter.ZipExporter;
+import org.jboss.wsf.test.JBossWSTestHelper;
+import org.jboss.wsf.test.TestDeployerJBoss;
+
+public class TestDeployerShrinkWrapJBoss extends TestDeployerJBoss {
+
+ public static Logger log = Logger.getLogger(TestDeployerShrinkWrapJBoss.class);
+
+
+ public TestDeployerShrinkWrapJBoss(MBeanServerConnection server) {
+ super(server);
+ }
+
+ public void deploy(Archive<?> archive) throws Exception
+ {
+ deploy(archiveToURL(archive));
+ }
+
+ public void undeploy(Archive<?> archive) throws Exception
+ {
+ undeploy(archiveToURL(archive));
+ deleteDeploymentFile(archive);
+ }
+
+ private URL archiveToURL(Archive <?> archive) throws MalformedURLException {
+
+ String testArchiveDir = JBossWSTestHelper.getTestArchiveDir();
+ String name = archive.getName();
+
+ File file = new File(testArchiveDir + "/" + name);
+
+ if (!file.exists())
+ archive.as(ZipExporter.class).exportTo(file, true);
+
+ return file.toURI().toURL();
+ }
+
+
+ private void deleteDeploymentFile(Archive <?> archive) {
+ String testArchiveDir = JBossWSTestHelper.getTestArchiveDir();
+ String name = archive.getName();
+
+ File file = new File(testArchiveDir + "/" + name);
+ if (file.exists() && !log.isDebugEnabled())
+ file.delete();
+
+ }
+
+}
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/BasicSTSTestCase.java
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/BasicSTSTestCase.java
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/BasicSTSTestCase.java 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,136 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site:
http://www.fsf.org.
+ */
+
+package org.picketlink.qa.identity.federation.wstrust;
+
+import junit.extensions.TestSetup;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+import org.apache.log4j.Logger;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.jboss.wsf.test.JBossWSTest;
+import org.jboss.wsf.test.JBossWSTestSetup;
+import org.picketlink.identity.federation.api.wstrust.WSTrustClient;
+import org.picketlink.identity.federation.api.wstrust.WSTrustClient.SecurityInfo;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.wstrust.WSTrustException;
+import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
+import org.picketlink.qa.JBossPLTestHelper;
+import org.w3c.dom.Element;
+
+/**
+ * This test case checks if obtaining a ticket from STS works.
+ * It also call ticket validation routine.
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ * @author <a href="mailto:pskopek@redhat.com">Peter Skopek</a>
+ *
+ */
+public class BasicSTSTestCase extends JBossWSTest
+{
+
+ private static JBossPLTestHelper TEST_HELPER =
JBossPLTestHelper.getJBossPLTestHelper();
+ private static WebArchive sts = null;
+
+ public static Logger log = Logger.getLogger(BasicSTSTestCase.class);
+
+ public String server = getServerHost();
+
+ public static Test suite() throws Exception
+ {
+ createTestArtifacts();
+
+ TestSuite suite = new TestSuite();
+ suite.addTest(new TestSuite(BasicSTSTestCase.class));
+
+ // Create an initializer for the test suite
+ TestSetup wrapper = new JBossWSTestSetup(suite) {
+ @Override
+ protected void setUp() throws Exception
+ {
+ log.trace("Static setUp");
+ super.setUp();
+ deployArtifacts();
+
+ }
+
+ @Override
+ protected void tearDown() throws Exception
+ {
+ log.trace("Static tearDown");
+ undeployArtifacts();
+ super.tearDown();
+ }
+ };
+
+ return wrapper;
+ }
+
+ public void testSTS() throws Exception
+ {
+ // create a WSTrustClient instance.
+ WSTrustClient client = new WSTrustClient("PicketLinkSTS",
"PicketLinkSTSPort", "http://" + server + ":8080" +
"/picketlink-sts/PicketLinkSTS", new SecurityInfo(
+ "JBoss", "JBoss"));
+
+ // issue a SAML assertion using the client API.
+ Element assertion = null;
+ try
+ {
+ assertion = client.issueToken(SAMLUtil.SAML2_TOKEN_TYPE);
+ }
+ catch (WSTrustException wse)
+ {
+ fail("Unable to issue assertion: " + wse.getMessage());
+ }
+
+ // print the assertion for demonstration purposes.
+ log.debug("Successfully issued a standard SAMLV2.0 Assertion!");
+
+ if (log.isTraceEnabled())
+ log.trace(DocumentUtil.getDOMElementAsString(assertion));
+
+ // validate the received SAML assertion.
+ try
+ {
+ assertTrue("Token valid.", client.validateToken(assertion));
+ }
+ catch (WSTrustException wse)
+ {
+ fail("Failed to validate SAMLV2.0 Assertion: " + wse.getMessage());
+ }
+ }
+
+ private static void createTestArtifacts()
+ {
+ sts = JBossPLTestHelper.getPicketLinkSTSArchive();
+ }
+
+ private static void deployArtifacts() throws Exception {
+ // TEST_HELPER.deploy(sts);
+ }
+
+ private static void undeployArtifacts() throws Exception {
+ // TEST_HELPER.undeploy(sts);
+ }
+
+
+}
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/Hello.java
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/Hello.java
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/Hello.java 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,37 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.picketlink.qa.identity.federation.wstrust;
+
+import javax.jws.WebMethod;
+import javax.jws.WebService;
+import javax.jws.soap.SOAPBinding;
+
+@WebService(name = "Hello", targetNamespace =
"http://org.jboss.ws/cert-auth")
+@SOAPBinding(style = SOAPBinding.Style.RPC)
+public interface Hello
+{
+ @WebMethod
+ public String echo(String par);
+
+ @WebMethod
+ public String echo2(String par);
+}
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/HelloJavaBean.java
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/HelloJavaBean.java
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/HelloJavaBean.java 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,63 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.picketlink.qa.identity.federation.wstrust;
+
+import javax.annotation.Resource;
+import javax.annotation.security.RolesAllowed;
+import javax.ejb.Stateless;
+import javax.jws.WebMethod;
+import javax.jws.WebService;
+import javax.jws.soap.SOAPBinding;
+import javax.xml.ws.WebServiceContext;
+
+import org.jboss.logging.Logger;
+import org.jboss.ws.annotation.EndpointConfig;
+import org.jboss.wsf.spi.annotation.WebContext;
+
+
+@Stateless
+@WebService(name = "Hello", serviceName = "HelloService",
targetNamespace = "http://org.jboss.ws/cert-auth")
+@SOAPBinding(style = SOAPBinding.Style.RPC)
+@WebContext(contextRoot = "/cert-auth", urlPattern = "/*")
+@EndpointConfig(configName = "Standard WSSecurity Endpoint")
+public class HelloJavaBean
+{
+ private Logger log = Logger.getLogger(HelloJavaBean.class);
+ @Resource
+ private WebServiceContext ctx;
+
+ @WebMethod
+ @RolesAllowed({"friend"})
+ public String echo(String par)
+ {
+ log.info("User principal: " + ctx.getUserPrincipal());
+ return par;
+ }
+
+ @WebMethod
+ @RolesAllowed({"girlfriend"})
+ public String echo2(String par)
+ {
+ log.info("User principal: " + ctx.getUserPrincipal());
+ return par;
+ }
+}
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/STSLoginModulesTestCase.java
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/STSLoginModulesTestCase.java
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/STSLoginModulesTestCase.java 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,181 @@
+package org.picketlink.qa.identity.federation.wstrust;
+
+import java.net.URL;
+
+import javax.xml.namespace.QName;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.Service;
+
+import junit.framework.Test;
+
+import org.apache.log4j.Logger;
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.spec.JavaArchive;
+import org.jboss.wsf.test.JBossWSTest;
+import org.jboss.wsf.test.JBossWSTestSetup;
+import org.jboss.ws.core.StubExt;
+import org.picketlink.qa.JBossPLTestHelper;
+
+public class STSLoginModulesTestCase extends JBossWSTest
+{
+
+ private static JBossPLTestHelper TEST_HELPER =
JBossPLTestHelper.getJBossPLTestHelper();
+
+ public static Logger log = Logger.getLogger(STSLoginModulesTestCase.class);
+
+ public static String SAR_FILE_NAME = "cert-auth-service.sar";
+ public static String JAR_FILE_NAME = "cert-auth.jar";
+
+ private static JavaArchive sar = null;
+ private static JavaArchive jar = null;
+
+ private String TARGET_ENDPOINT_ADDRESS = "http://" +
JBossPLTestHelper.getServerHost() + ":8080/cert-auth";
+ private String keyStore;
+ private String trustStore;
+ private String keyStorePassword;
+ private String trustStorePassword;
+ private String keyStoreType;
+ private String trustStoreType;
+
+ public static Test suite() throws Exception
+ {
+ createTestArtifacts();
+ return new JBossWSTestSetup(STSLoginModulesTestCase.class, "");
+ }
+
+ @Override
+ protected void setUp() throws Exception
+ {
+ log.trace("Setting up tests");
+ super.setUp();
+ //Backup values
+ keyStore = System.getProperty("org.jboss.ws.wsse.keyStore");
+ keyStorePassword =
System.getProperty("org.jboss.ws.wsse.keyStorePassword");
+ keyStoreType = System.getProperty("org.jboss.ws.wsse.keyStoreType");
+ trustStore = System.getProperty("org.jboss.ws.wsse.trustStore");
+ trustStorePassword =
System.getProperty("org.jboss.ws.wsse.trustStorePassword");
+ trustStoreType = System.getProperty("org.jboss.ws.wsse.trustStoreType");
+
+ deployArtifacts();
+ }
+
+ @Override
+ protected void tearDown() throws Exception
+ {
+ log.trace("Tearing down test env.");
+
+ undeployArtifacts();
+
+ //Restore environment
+ System.setProperty("org.jboss.ws.wsse.keyStore", keyStore);
+ System.setProperty("org.jboss.ws.wsse.trustStore", trustStore);
+ System.setProperty("org.jboss.ws.wsse.keyStorePassword",
keyStorePassword);
+ System.setProperty("org.jboss.ws.wsse.trustStorePassword",
trustStorePassword);
+ System.setProperty("org.jboss.ws.wsse.keyStoreType", keyStoreType);
+ System.setProperty("org.jboss.ws.wsse.trustStoreType", trustStoreType);
+ super.tearDown();
+ }
+
+ private static void createTestArtifacts()
+ {
+
+ /* cert-auth-service package */
+ sar = ShrinkWrap.create(JavaArchive.class, SAR_FILE_NAME);
+ sar.toString(true);
+
sar.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust/META-INF/jboss-service.xml"));
+
sar.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust/META-INF/jbossws-roles.properties"));
+
sar.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust/META-INF/keystore.jks"));
+
sar.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust/META-INF/login-config.xml"));
+
+ /* cert-auth-webservice package */
+ jar = ShrinkWrap.create(JavaArchive.class, JAR_FILE_NAME);
+ jar.toString(true);
+ jar.addClasses(Hello.class, HelloJavaBean.class);
+
jar.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust/bob-sign.jks"));
+
jar.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust/META-INF/jboss-wsse-server.xml"));
+
jar.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust/META-INF/jboss.xml"));
+
jar.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust/wsse10.truststore"));
+
+ }
+
+ private void deployArtifacts() throws Exception
+ {
+ log.debug("deploying test artifacts");
+ TEST_HELPER.deploy(sar);
+ TEST_HELPER.deploy(jar);
+ }
+
+ private void undeployArtifacts() throws Exception
+ {
+ log.debug("undeploying test artifacts");
+ TEST_HELPER.undeploy(jar);
+ TEST_HELPER.undeploy(sar);
+ }
+
+ public void testAuthAlice() throws Exception
+ {
+ setEnvironment("alice");
+ Hello port = getPort();
+ String msg = "Hi!";
+ try
+ {
+ String result = port.echo(msg);
+ assertEquals(msg, result);
+ result = port.echo2(msg);
+ assertEquals(msg, result);
+ }
+ catch (Exception e)
+ {
+ fail();
+ }
+ }
+
+ public void testAuthJohn() throws Exception
+ {
+ setEnvironment("john");
+ Hello port = getPort();
+ String msg = "Hi!";
+ try
+ {
+ String result = port.echo(msg);
+ assertEquals(msg, result);
+ }
+ catch (Exception e)
+ {
+ fail();
+ }
+ try
+ {
+ port.echo2(msg);
+ fail("John shouldn't be allowed to run this method!");
+ }
+ catch (Exception e)
+ {
+ //OK
+ }
+ }
+
+ private void setEnvironment(String name)
+ {
+ //Setup values
+ System.setProperty("org.jboss.ws.wsse.keyStore",
TEST_HELPER.getResourceFile("fed/wstrust/" + name +
"-sign.jks").getPath());
+ System.setProperty("org.jboss.ws.wsse.trustStore",
TEST_HELPER.getResourceFile("fed/wstrust/wsse10.truststore").getPath());
+ System.setProperty("org.jboss.ws.wsse.keyStorePassword",
"password");
+ System.setProperty("org.jboss.ws.wsse.trustStorePassword",
"password");
+ System.setProperty("org.jboss.ws.wsse.keyStoreType", "jks");
+ System.setProperty("org.jboss.ws.wsse.trustStoreType", "jks");
+ }
+
+ private Hello getPort() throws Exception
+ {
+ URL wsdlURL = new URL(TARGET_ENDPOINT_ADDRESS + "?wsdl");
+ QName serviceName = new QName("http://org.jboss.ws/cert-auth",
"HelloService");
+ Hello port = Service.create(wsdlURL, serviceName).getPort(Hello.class);
+ URL securityURL =
TEST_HELPER.getResourceURL("fed/wstrust/META-INF/jboss-wsse-client.xml");
+ ((StubExt)port).setSecurityConfig(securityURL.toExternalForm());
+ ((StubExt)port).setConfigName("Standard WSSecurity Client");
+ ((BindingProvider)port).getRequestContext().put(StubExt.PROPERTY_AUTH_TYPE,
StubExt.PROPERTY_AUTH_TYPE_WSSE);
+ return port;
+ }
+
+}
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/EasySession.java
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/EasySession.java
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/EasySession.java 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,78 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+
+package org.picketlink.qa.identity.federation.wstrust.lm;
+
+import java.security.Principal;
+
+/**
+ * @author pskopek
+ *
+ */
+public interface EasySession
+{
+ /**
+ * <p>
+ * This is a method available for regular users and administrators. Implementations
must annotate either the class or
+ * this method with {@code @RolesAllowed({"RegularUser",
"Administrator"})} to enforce that only these roles should
+ * be granted access to this method.
+ * </p>
+ *
+ * @return the caller's {@code Principal}.
+ */
+ public Principal invokeRegularMethod();
+
+
+ /**
+ * <p>
+ * This is a method available for administrators only. Implementations must annotate
either the class or this method
+ * with {@code @RolesAllowed({"Administrator"})} to enforce that only
administrators should be granted access to
+ * this method.
+ * </p>
+ *
+ * @return the caller's {@code Principal}.
+ */
+ public Principal invokeAdministrativeMethod();
+
+
+ /**
+ * <p>
+ * This is a method available for all authenticated users, regardless or role.
Implementations must annotate this
+ * method with {@code @PermitAll} to specify that all security roles should be granted
access.
+ * </p>
+ *
+ * @return the caller's {@code Principal}.
+ */
+ public Principal invokeUnprotectedMethod();
+
+
+ /**
+ * <p>
+ * This is a method that is unavailable for everybody. Implementations must annotate
this method with
+ * {@code @DenyAll} to specify that access should be restricted for everybody.
+ * </p>
+ *
+ * @return the caller's {@code Principal}.
+ */
+ public Principal invokeUnavailableMethod();
+
+}
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/EasySessionBean.java
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/EasySessionBean.java
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/EasySessionBean.java 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,85 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+
+package org.picketlink.qa.identity.federation.wstrust.lm;
+
+import java.security.Principal;
+import javax.annotation.Resource;
+import javax.annotation.security.DenyAll;
+import javax.annotation.security.PermitAll;
+import javax.annotation.security.RolesAllowed;
+import javax.ejb.Remote;
+import javax.ejb.SessionContext;
+import javax.ejb.Stateless;
+import org.apache.log4j.Logger;
+
+/**
+ * @author pskopek
+ *
+ */
+@Stateless
+(a)Remote(EasySession.class)
+@RolesAllowed( { "RegularUser", "Administrator" })
+public class EasySessionBean implements EasySession
+{
+
+ Logger log = Logger.getLogger(EasySessionBean.class);
+
+ @Resource
+ private SessionContext context;
+
+ /* (non-Javadoc)
+ * @see
org.picketlink.qa.identity.federation.wstrust.lm.EasySession#invokeAdministrativeMethod()
+ */
+ @RolesAllowed( { "Administrator" })
+ public Principal invokeAdministrativeMethod()
+ {
+ return this.context.getCallerPrincipal();
+ }
+
+ /* (non-Javadoc)
+ * @see
org.picketlink.qa.identity.federation.wstrust.lm.EasySession#invokeRegularMethod()
+ */
+ public Principal invokeRegularMethod()
+ {
+ return this.context.getCallerPrincipal();
+ }
+
+ /* (non-Javadoc)
+ * @see
org.picketlink.qa.identity.federation.wstrust.lm.EasySession#invokeUnavailableMethod()
+ */
+ @DenyAll
+ public Principal invokeUnavailableMethod()
+ {
+ return this.context.getCallerPrincipal();
+ }
+
+ /* (non-Javadoc)
+ * @see
org.picketlink.qa.identity.federation.wstrust.lm.EasySession#invokeUnprotectedMethod()
+ */
+ @PermitAll
+ public Principal invokeUnprotectedMethod()
+ {
+ return this.context.getCallerPrincipal();
+ }
+
+}
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectEJB3InvokeTestCase.java
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectEJB3InvokeTestCase.java
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectEJB3InvokeTestCase.java 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,276 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+
+package org.picketlink.qa.identity.federation.wstrust.lm;
+
+import java.security.Principal;
+import java.util.Hashtable;
+
+import javax.ejb.EJBAccessException;
+import javax.naming.Context;
+import javax.naming.InitialContext;
+
+import junit.extensions.TestSetup;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+import org.apache.log4j.Logger;
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.spec.JavaArchive;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.jboss.wsf.test.JBossWSTest;
+import org.jboss.wsf.test.JBossWSTestSetup;
+import org.picketlink.qa.CommonTestHelper;
+import org.picketlink.qa.JBossPLTestHelper;
+
+/**
+ * This test case deploys two EJB3 apps and invokes first secured via
STSIssuingLoginModule in stack with STSValidatingLoginModule.
+ * First session bean has another one which secured using SAML2STSLoginModule. Issues STS
ticket is used to
+ * authenticate against new security domain as second level invoke.
+ *
+ * Tests if EJB3 client can invoke indirectly remote EJB3 methods with following
permissions:<br/>
+ * - administrative <br/>
+ * - regular <br/>
+ * - unprotected <br/>
+ * - denied for all <br/>
+ *
+ * @author pskopek
+ *
+ */
+public class IndirectEJB3InvokeTestCase extends JBossWSTest
+{
+ private static JBossPLTestHelper TEST_HELPER =
JBossPLTestHelper.getJBossPLTestHelper();
+
+ public static Logger log = Logger.getLogger(IndirectEJB3InvokeTestCase.class);
+
+ public static String EJB3_APP_FILE_NAME = "indirect-ejb3-app.jar";
+ public static String LEVEL2_EJB3_APP_FILE_NAME =
"indirect-ejb3-level2-app.jar";
+
+ private static JavaArchive ejb3App = null;
+ private static JavaArchive level2Ejb3App = null;
+ private static WebArchive sts = null;
+
+ public static Test suite() throws Exception
+ {
+ createTestArtifacts();
+
+ TestSuite suite = new TestSuite();
+ suite.addTest(new TestSuite(IndirectEJB3InvokeTestCase.class));
+
+ // Create an initializer for the test suite
+ TestSetup wrapper = new JBossWSTestSetup(suite) {
+ @Override
+ protected void setUp() throws Exception
+ {
+ log.trace("Static setUp");
+ super.setUp();
+ deployArtifacts();
+
+ }
+
+ @Override
+ protected void tearDown() throws Exception
+ {
+ log.trace("Static tearDown");
+ undeployArtifacts();
+ super.tearDown();
+ }
+ };
+
+ return wrapper;
+ }
+
+ public void testSAML2STSLoginModule() throws Exception
+ {
+ performLoginModuleTest("UserA", "PassA", true, true, true);
+ performLoginModuleTest("UserB", "PassB", false, true, true);
+ performLoginModuleTest("UserC", "PassC", false, false, true);
+ }
+
+
+ private void performLoginModuleTest(String userName, String password, boolean isAdmin,
boolean isRegular, boolean isGuest) throws Exception
+ {
+
+ boolean callResult;
+ String resultUserName;
+
+ Hashtable<String, Object> env = new Hashtable<String, Object>();
+
+ env.put("java.naming.factory.initial",
"org.jboss.security.jndi.JndiLoginInitialContextFactory");
+ env.put("java.naming.factory.url.pkgs",
"org.jboss.naming:org.jnp.interfaces");
+ env.put("java.naming.provider.url", JBossPLTestHelper.getServerHost() +
":1099");
+
+ env.put(Context.SECURITY_PRINCIPAL, userName);
+ env.put(Context.SECURITY_CREDENTIALS, password);
+
+ log.debug("Invoking secure EJB3 session bean with " + userName);
+ Context context = new InitialContext(env);
+ Object object = context.lookup("IndirectSessionBean/remote");
+ IndirectSession session = (IndirectSession)object;
+
+ // invoke method that requires the Administrator role.
+ callResult = false;
+ resultUserName = null;
+ try
+ {
+ Principal principal = session.invokeAdministrativeMethod();
+ resultUserName = principal.getName();
+
+ log.debug("User " + resultUserName + " successfully called
administrative method!");
+ log.debug("Principal object = " + resultUserName);
+
+ callResult = true;
+ }
+ catch (EJBAccessException eae)
+ {
+ log.debug("User " + userName + " is not authorized to call
administrative method!", eae);
+ }
+
+ // in case of admin role check returned principal's name (just for sure ;-)
+ if (isAdmin && callResult)
+ callResult = userName.equals(resultUserName);
+
+ assertEquals("Calling method invokeAdministrativeMethod() as " +
userName, isAdmin, callResult);
+
+ // invoke method that requires the RegularUser role.
+ callResult = false;
+ resultUserName = null;
+ try
+ {
+ Principal principal = session.invokeRegularMethod();
+ resultUserName = principal.getName();
+
+ log.debug("User " + resultUserName + " successfully called
regular method!");
+ callResult = true;
+ }
+ catch (EJBAccessException eae)
+ {
+ log.debug("User " + userName + " is not authorized to call
regular method!", eae);
+ }
+
+ // in case of regular user role check returned principal's name (just for sure
;-)
+ if (isRegular && callResult)
+ callResult = userName.equals(resultUserName);
+
+ assertEquals("Calling method invokeRegularMethod() as " + userName,
isRegular, callResult);
+
+ // invoke method that allows all roles.
+ callResult = false;
+ resultUserName = null;
+ try
+ {
+ Principal principal = session.invokeUnprotectedMethod();
+ resultUserName = principal.getName();
+
+ log.debug("User " + resultUserName + " successfully called
unprotected method!");
+ callResult = true;
+ }
+ catch (EJBAccessException eae)
+ {
+ // this should never happen as long as the user has successfully authenticated.
+ log.debug("User " + userName + " is not authorized to call
unprotected method!", eae);
+ }
+
+ assertEquals("Calling method invokeUnprotectedMethod() as " + userName,
isGuest, callResult);
+
+ // invoke method that denies access to all roles.
+ callResult = false;
+ resultUserName = null;
+ try
+ {
+ Principal principal = session.invokeUnavailableMethod();
+ // this should never happen because the method should deny access to all roles.
+ resultUserName = principal.getName();
+ log.debug("User " + resultUserName + " successfully called
unavailable method!");
+ fail("Calling method invokeUnavailableMethod() as " + userName +
", but has to be denied for all users");
+ }
+ catch (EJBAccessException eae)
+ {
+ log.debug("User " + userName + " is not authorized to call
unavailable method which is OK!");
+ assertTrue("Calling method invokeUnavailableMethod() as " + userName,
true);
+ }
+
+ }
+
+ @Override
+ protected void setUp() throws Exception
+ {
+ log.trace("Dynamic Setting up test");
+ super.setUp();
+ }
+
+ @Override
+ protected void tearDown() throws Exception
+ {
+ log.trace("Dynamic Tearing down test env.");
+ super.tearDown();
+ }
+
+ private static void createTestArtifacts()
+ {
+
+ /* picketlink-sts package */
+ sts = JBossPLTestHelper.getPicketLinkSTSArchive();
+
+ /* ejb3-test-app package */
+ ejb3App = ShrinkWrap.create(JavaArchive.class, EJB3_APP_FILE_NAME);
+ ejb3App.setManifest(TEST_HELPER.getResourceFile("MANIFEST.MF"));
+
ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/indirect/jboss.xml"));
+ ejb3App.addClasses(IndirectSession.class, IndirectSessionBean.class,
IndirectLevel2Session.class, CommonTestHelper.class);
+
ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/indirect/indirect-sts-issuing-lm-jboss-beans.xml"));
+
ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sampleapp-roles.properties"));
+
ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sampleapp-users.properties"));
+ // has to be on classpath, because it is loaded using getResourceAsStream(..)
+
ejb3App.addAsResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/sts-config.properties"));
+
+
+ level2Ejb3App = ShrinkWrap.create(JavaArchive.class, LEVEL2_EJB3_APP_FILE_NAME);
+ level2Ejb3App.setManifest(TEST_HELPER.getResourceFile("MANIFEST.MF"));
+
level2Ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/indirect/jboss-level2.xml"),
"jboss.xml");
+ level2Ejb3App.addClasses(IndirectLevel2Session.class,
IndirectLevel2SessionBean.class);
+
level2Ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/indirect/indirect-level2-jboss-beans.xml"));
+
level2Ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sampleapp-roles.properties"));
+
level2Ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sampleapp-users.properties"));
+ // has to be on classpath, because it is loaded using getResourceAsStream(..)
+
level2Ejb3App.addAsResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/sts-config.properties"));
+
+ }
+
+ private static void deployArtifacts() throws Exception
+ {
+ log.debug("deploying test artifacts");
+ TEST_HELPER.deploy(level2Ejb3App);
+
+
+ // TEST_HELPER.deploy(sts);
+ TEST_HELPER.deploy(ejb3App);
+ }
+
+ private static void undeployArtifacts() throws Exception
+ {
+ log.debug("undeploying test artifacts");
+ TEST_HELPER.undeploy(level2Ejb3App);
+ TEST_HELPER.undeploy(ejb3App);
+ // TEST_HELPER.undeploy(sts);
+ }
+
+}
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectLevel2Session.java
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectLevel2Session.java
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectLevel2Session.java 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,80 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+
+package org.picketlink.qa.identity.federation.wstrust.lm;
+
+import java.security.Principal;
+import javax.ejb.Remote;
+
+/**
+ * @author pskopek
+ *
+ */
+@Remote
+public interface IndirectLevel2Session
+{
+ /**
+ * <p>
+ * This is a method available for regular users and administrators. Implementations
must annotate either the class or
+ * this method with {@code @RolesAllowed({"RegularUser",
"Administrator"})} to enforce that only these roles should
+ * be granted access to this method.
+ * </p>
+ *
+ * @return the caller's {@code Principal}.
+ */
+ public Principal invokeRegularMethod();
+
+
+ /**
+ * <p>
+ * This is a method available for administrators only. Implementations must annotate
either the class or this method
+ * with {@code @RolesAllowed({"Administrator"})} to enforce that only
administrators should be granted access to
+ * this method.
+ * </p>
+ *
+ * @return the caller's {@code Principal}.
+ */
+ public Principal invokeAdministrativeMethod();
+
+
+ /**
+ * <p>
+ * This is a method available for all authenticated users, regardless or role.
Implementations must annotate this
+ * method with {@code @PermitAll} to specify that all security roles should be granted
access.
+ * </p>
+ *
+ * @return the caller's {@code Principal}.
+ */
+ public Principal invokeUnprotectedMethod();
+
+
+ /**
+ * <p>
+ * This is a method that is unavailable for everybody. Implementations must annotate
this method with
+ * {@code @DenyAll} to specify that access should be restricted for everybody.
+ * </p>
+ *
+ * @return the caller's {@code Principal}.
+ */
+ public Principal invokeUnavailableMethod();
+
+}
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectLevel2SessionBean.java
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectLevel2SessionBean.java
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectLevel2SessionBean.java 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,87 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+
+package org.picketlink.qa.identity.federation.wstrust.lm;
+
+import java.security.Principal;
+import javax.annotation.Resource;
+import javax.annotation.security.DenyAll;
+import javax.annotation.security.PermitAll;
+import javax.annotation.security.RolesAllowed;
+import javax.ejb.Remote;
+import javax.ejb.SessionContext;
+import javax.ejb.Stateless;
+import org.apache.log4j.Logger;
+
+/**
+ * @author pskopek
+ *
+ */
+@Stateless
+//(a)Local(IndirectLevel2Session.class)
+(a)Remote(IndirectLevel2Session.class)
+@RolesAllowed( { "RegularUser", "Administrator" })
+public class IndirectLevel2SessionBean implements IndirectLevel2Session
+{
+
+ Logger log = Logger.getLogger(IndirectLevel2SessionBean.class);
+
+ @Resource
+ private SessionContext context;
+
+
+ /* (non-Javadoc)
+ * @see
org.picketlink.qa.identity.federation.wstrust.lm.EasySession#invokeAdministrativeMethod()
+ */
+ @RolesAllowed( { "Administrator" })
+ public Principal invokeAdministrativeMethod()
+ {
+ return this.context.getCallerPrincipal();
+ }
+
+ /* (non-Javadoc)
+ * @see
org.picketlink.qa.identity.federation.wstrust.lm.EasySession#invokeRegularMethod()
+ */
+ public Principal invokeRegularMethod()
+ {
+ return this.context.getCallerPrincipal();
+ }
+
+ /* (non-Javadoc)
+ * @see
org.picketlink.qa.identity.federation.wstrust.lm.EasySession#invokeUnavailableMethod()
+ */
+ @DenyAll
+ public Principal invokeUnavailableMethod()
+ {
+ return this.context.getCallerPrincipal();
+ }
+
+ /* (non-Javadoc)
+ * @see
org.picketlink.qa.identity.federation.wstrust.lm.EasySession#invokeUnprotectedMethod()
+ */
+ @PermitAll
+ public Principal invokeUnprotectedMethod()
+ {
+ return this.context.getCallerPrincipal();
+ }
+
+}
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectSession.java
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectSession.java
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectSession.java 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,78 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+
+package org.picketlink.qa.identity.federation.wstrust.lm;
+
+import java.security.Principal;
+
+/**
+ * @author pskopek
+ *
+ */
+public interface IndirectSession
+{
+ /**
+ * <p>
+ * This is a method available for regular users and administrators. Implementations
must annotate either the class or
+ * this method with {@code @RolesAllowed({"RegularUser",
"Administrator"})} to enforce that only these roles should
+ * be granted access to this method.
+ * </p>
+ *
+ * @return the caller's {@code Principal}.
+ */
+ public Principal invokeRegularMethod();
+
+
+ /**
+ * <p>
+ * This is a method available for administrators only. Implementations must annotate
either the class or this method
+ * with {@code @RolesAllowed({"Administrator"})} to enforce that only
administrators should be granted access to
+ * this method.
+ * </p>
+ *
+ * @return the caller's {@code Principal}.
+ */
+ public Principal invokeAdministrativeMethod();
+
+
+ /**
+ * <p>
+ * This is a method available for all authenticated users, regardless or role.
Implementations must annotate this
+ * method with {@code @PermitAll} to specify that all security roles should be granted
access.
+ * </p>
+ *
+ * @return the caller's {@code Principal}.
+ */
+ public Principal invokeUnprotectedMethod();
+
+
+ /**
+ * <p>
+ * This is a method that is unavailable for everybody. Implementations must annotate
this method with
+ * {@code @DenyAll} to specify that access should be restricted for everybody.
+ * </p>
+ *
+ * @return the caller's {@code Principal}.
+ */
+ public Principal invokeUnavailableMethod();
+
+}
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectSessionBean.java
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectSessionBean.java
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectSessionBean.java 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,193 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+
+package org.picketlink.qa.identity.federation.wstrust.lm;
+
+import java.security.Principal;
+import javax.annotation.Resource;
+import javax.annotation.security.DenyAll;
+import javax.annotation.security.PermitAll;
+import javax.annotation.security.RolesAllowed;
+import javax.ejb.EJB;
+import javax.ejb.EJBException;
+import javax.ejb.Remote;
+import javax.ejb.SessionContext;
+import javax.ejb.Stateless;
+import javax.security.auth.Subject;
+import javax.security.jacc.PolicyContext;
+import javax.security.jacc.PolicyContextException;
+import org.apache.log4j.Logger;
+import org.jboss.security.client.SecurityClient;
+import org.jboss.security.client.SecurityClientFactory;
+import org.picketlink.identity.federation.core.wstrust.SamlCredential;
+import org.picketlink.qa.CommonTestHelper;
+
+/**
+ * @author pskopek
+ *
+ */
+@Stateless
+(a)Remote(IndirectSession.class)
+@RolesAllowed( { "RegularUser", "Administrator" })
+public class IndirectSessionBean implements IndirectSession
+{
+
+ Logger log = Logger.getLogger(IndirectSessionBean.class);
+
+ @Resource
+ private SessionContext context;
+
+ @EJB(mappedName = "IndirectLevel2SessionBean/remote")
+ private IndirectLevel2Session level2App;
+
+ private void dumpSubject()
+ {
+
+ if (!log.isDebugEnabled()) return;
+
+ try
+ {
+ Subject callerSubject =
(Subject)PolicyContext.getContext(SamlSession.SUBJECT_CONTEXT_KEY);
+ log.debug("-- SUBJECT PRINCIPALS:");
+ for (Principal p : callerSubject.getPrincipals())
+ {
+ log.debug(" " + p.getName());
+ }
+ log.debug("--");
+
+ log.debug("-- SUBJECT PUBLIC CREDENTIALS:");
+ for (Object o : callerSubject.getPublicCredentials())
+ {
+ log.debug(" " + o);
+ }
+ log.debug("--");
+
+ log.debug("-- SUBJECT PRIVATE CREDENTIALS:");
+ for (Object o : callerSubject.getPrivateCredentials())
+ {
+ log.debug(" " + o);
+ }
+ log.debug("--");
+
+ }
+ catch (PolicyContextException e)
+ {
+ throw new EJBException(e);
+ }
+
+ }
+
+ private void login()
+ {
+ log.trace("Login started ...");
+ try
+ {
+ SamlCredential sc = getCallerSamlCredential();
+ log.debug("Got SAML credential " + sc);
+ if (log.isTraceEnabled())
+ log.trace("Assertion as string=" + sc.getAssertionAsString());
+ String user =
CommonTestHelper.getSubjectNameIDFromXmlString(sc.getAssertionAsString());
+ SecurityClient client = SecurityClientFactory.getSecurityClient();
+ log.debug("User for simple login is " + user);
+ client.setSimple(user, sc);
+ client.login();
+ }
+ catch (Exception e)
+ {
+ throw new EJBException(e);
+ }
+ }
+
+ private SamlCredential getCallerSamlCredential()
+ {
+
+ log.trace("Getting SAML credential");
+ try
+ {
+ Subject callerSubject =
(Subject)PolicyContext.getContext(SamlSession.SUBJECT_CONTEXT_KEY);
+ for (Object o : callerSubject.getPublicCredentials())
+ {
+ if (log.isTraceEnabled())
+ log.trace("Public Credential = " + o);
+ if (o instanceof SamlCredential)
+ {
+ return (SamlCredential)o;
+ }
+ }
+
+ return null;
+
+ }
+ catch (PolicyContextException e)
+ {
+ throw new EJBException(e);
+ }
+
+ }
+
+ /* (non-Javadoc)
+ * @see
org.picketlink.qa.identity.federation.wstrust.lm.EasySession#invokeAdministrativeMethod()
+ */
+ @RolesAllowed( { "Administrator" })
+ public Principal invokeAdministrativeMethod()
+ {
+ log.debug("invoking level2App.invokeAdministrativeMethod() as " +
context.getCallerPrincipal());
+
+ dumpSubject();
+ login();
+
+ return level2App.invokeAdministrativeMethod();
+ }
+
+ /* (non-Javadoc)
+ * @see
org.picketlink.qa.identity.federation.wstrust.lm.EasySession#invokeRegularMethod()
+ */
+ public Principal invokeRegularMethod()
+ {
+ log.debug("invoking level2App.invokeRegularMethod() as " +
context.getCallerPrincipal());
+ login();
+ return level2App.invokeRegularMethod();
+ }
+
+ /* (non-Javadoc)
+ * @see
org.picketlink.qa.identity.federation.wstrust.lm.EasySession#invokeUnavailableMethod()
+ */
+ @DenyAll
+ public Principal invokeUnavailableMethod()
+ {
+ log.debug("invoking level2App.invokeUnavailableMethod() as " +
context.getCallerPrincipal());
+ login();
+ return level2App.invokeUnavailableMethod();
+ }
+
+ /* (non-Javadoc)
+ * @see
org.picketlink.qa.identity.federation.wstrust.lm.EasySession#invokeUnprotectedMethod()
+ */
+ @PermitAll
+ public Principal invokeUnprotectedMethod()
+ {
+ log.debug("invoking level2App.invokeUnprotectedMethod() as " +
context.getCallerPrincipal());
+ login();
+ return level2App.invokeUnprotectedMethod();
+ }
+
+}
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/MaskedPassSAML2STSLoginModuleTestCase.java
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/MaskedPassSAML2STSLoginModuleTestCase.java
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/MaskedPassSAML2STSLoginModuleTestCase.java 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,261 @@
+package org.picketlink.qa.identity.federation.wstrust.lm;
+
+import java.security.Principal;
+import java.util.Hashtable;
+
+import javax.ejb.EJBAccessException;
+import javax.naming.Context;
+import javax.naming.InitialContext;
+
+import junit.extensions.TestSetup;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+
+import org.apache.log4j.Logger;
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.spec.JavaArchive;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.jboss.wsf.test.JBossWSTest;
+import org.jboss.wsf.test.JBossWSTestSetup;
+import org.picketlink.identity.federation.api.wstrust.WSTrustClient;
+import org.picketlink.identity.federation.api.wstrust.WSTrustClient.SecurityInfo;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.wstrust.SamlCredential;
+import org.picketlink.identity.federation.core.wstrust.WSTrustException;
+import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
+import org.picketlink.qa.JBossPLTestHelper;
+import org.w3c.dom.Element;
+
+/**
+ * This test case utilizes
org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSLoginModule in
+ * conjunction with UsersRolesLoginModule (which provides roles for authenticated
principal).
+ * 1. it gets SAML token from STS
+ * 2. uses the token as credential in login to container
+ * 3. tests if EJB3 client can invoke remote EJB3 methods with following permissions:
+ * - administrative
+ * - regular
+ * - unprotected
+ * - denied for all
+ *
+ * @author pskopek
+ *
+ */
+public class MaskedPassSAML2STSLoginModuleTestCase extends JBossWSTest
+{
+ private static JBossPLTestHelper TEST_HELPER =
JBossPLTestHelper.getJBossPLTestHelper();
+
+ public static Logger log =
Logger.getLogger(MaskedPassSAML2STSLoginModuleTestCase.class);
+
+ public static String EJB3_APP_FILE_NAME =
"ejb3-test-saml2stslm-mp-app.jar";
+
+ private static JavaArchive ejb3App = null;
+ private static WebArchive sts = null;
+
+
+ public static Test suite() throws Exception
+ {
+ createTestArtifacts();
+
+ TestSuite suite = new TestSuite();
+ suite.addTest(new TestSuite(MaskedPassSAML2STSLoginModuleTestCase.class));
+
+ // Create an initializer for the test suite
+ TestSetup wrapper = new JBossWSTestSetup(suite) {
+ @Override
+ protected void setUp() throws Exception
+ {
+ log.trace("Static setUp");
+ super.setUp();
+ deployArtifacts();
+
+ }
+
+ @Override
+ protected void tearDown() throws Exception
+ {
+ log.trace("Static tearDown");
+ undeployArtifacts();
+ super.tearDown();
+ }
+ };
+
+ return wrapper;
+
+ }
+
+ public void testSAML2STSLoginModule() throws Exception
+ {
+ performLoginModuleTest("UserA", "PassA", true, true, true);
+ performLoginModuleTest("UserB", "PassB", false, true, true);
+ performLoginModuleTest("UserC", "PassC", false, false, true);
+ }
+
+ private void performLoginModuleTest(String userName, String password, boolean isAdmin,
boolean isRegular, boolean isGuest) throws Exception
+ {
+
+ // create a WSTrustClient instance.
+ WSTrustClient client = new WSTrustClient("PicketLinkSTS",
"PicketLinkSTSPort",
+ "http://localhost:8080/picketlink-sts/PicketLinkSTS",
+ new SecurityInfo(userName, password));
+
+ // issue a SAML assertion using the client API.
+ Element assertion = null;
+
+ try
+ {
+ log.debug("Invoking token service to get SAML assertion for " +
userName);
+ assertion = client.issueToken(SAMLUtil.SAML2_TOKEN_TYPE);
+ log.debug("SAML assertion for " + userName + " successfully
obtained!");
+ if (log.isTraceEnabled())
+ log.trace("token
received="+DocumentUtil.getDOMElementAsString(assertion));
+ }
+ catch (WSTrustException wse)
+ {
+ log.error("Unable to issue assertion", wse);
+ fail("Unable to issue assertion: " + wse.getMessage());
+ }
+
+ if (log.isDebugEnabled())
+ log.debug("validate " + client.validateToken(assertion));
+
+ boolean callResult;
+ String resultUserName;
+
+
+ Hashtable<String, Object> env = new Hashtable<String, Object>();
+
+ env.put("java.naming.factory.initial",
"org.jboss.security.jndi.JndiLoginInitialContextFactory");
+ env.put("java.naming.factory.url.pkgs",
"org.jboss.naming:org.jnp.interfaces");
+ env.put("java.naming.provider.url", JBossPLTestHelper.getServerHost() +
":1099");
+
+ // invoke the remote EJB using the assertion as the credential.
+ env.put(Context.SECURITY_PRINCIPAL, userName);
+ SamlCredential scred = new SamlCredential(assertion);
+ env.put(Context.SECURITY_CREDENTIALS, scred);
+
+ log.debug("Invoking secure EJB3 session bean with " + userName + "
SAML assertion");
+ Context context = new InitialContext(env);
+ Object object = context.lookup("EasySessionBean/remote");
+ //EasySession session = (EasySession) PortableRemoteObject.narrow(object,
EasySession.class);
+ EasySession session = (EasySession) object;
+
+
+
+ // invoke method that requires the Administrator role.
+ callResult = false;
+ resultUserName = null;
+ try
+ {
+ Principal principal = session.invokeAdministrativeMethod();
+ log.debug("User " + principal.getName() + " successfully called
administrative method!");
+ resultUserName = principal.getName();
+ callResult = true;
+ }
+ catch (EJBAccessException eae)
+ {
+ log.debug("User " + userName + " is not authorized to call
administrative method!", eae);
+ }
+
+ // in case of admin role check returned principal's name (just for sure ;-)
+ if (isAdmin && callResult)
+ callResult = userName.equals(resultUserName);
+
+ assertEquals("Calling method invokeAdministrativeMethod() as " +
userName, isAdmin, callResult);
+
+
+ // invoke method that requires the RegularUser role.
+ callResult = false;
+ resultUserName = null;
+ try
+ {
+ Principal principal = session.invokeRegularMethod();
+ log.debug("User " + principal.getName() + " successfully called
regular method!");
+ resultUserName = principal.getName();
+ callResult = true;
+ }
+ catch (EJBAccessException eae)
+ {
+ log.debug("User " + userName + " is not authorized to call
regular method!", eae);
+ }
+
+ // in case of regular user role check returned principal's name (just for sure
;-)
+ if (isRegular && callResult)
+ callResult = userName.equals(resultUserName);
+
+ assertEquals("Calling method invokeRegularMethod() as " + userName,
isRegular, callResult);
+
+
+ // invoke method that allows all roles.
+ callResult = false;
+ resultUserName = null;
+ try
+ {
+ Principal principal = session.invokeUnprotectedMethod();
+ log.debug("User " + principal.getName() + " successfully called
unprotected method!");
+ resultUserName = principal.getName();
+ callResult = true;
+ }
+ catch (EJBAccessException eae)
+ {
+ // this should never happen as long as the user has successfully authenticated.
+ log.debug("User " + userName + " is not authorized to call
unprotected method!", eae);
+ }
+
+
+ assertEquals("Calling method invokeUnprotectedMethod() as " + userName,
isGuest, callResult);
+
+ // invoke method that denies access to all roles.
+ callResult = false;
+ resultUserName = null;
+ try
+ {
+ Principal principal = session.invokeUnavailableMethod();
+ // this should never happen because the method should deny access to all roles.
+ log.debug("User " + principal.getName() + " successfully called
unavailable method!");
+ fail("Calling method invokeUnavailableMethod() as " + userName +
", but has to be denied for all users");
+ }
+ catch (EJBAccessException eae)
+ {
+ log.debug("User " + userName + " is not authorized to call
unavailable method which is OK!");
+ assertTrue("Calling method invokeUnavailableMethod() as " + userName,
true);
+ }
+
+
+ }
+
+
+ private static void createTestArtifacts()
+ {
+
+ /* picketlink-sts package */
+ sts = JBossPLTestHelper.getPicketLinkSTSArchive();
+
+ /* ejb3-test-app package */
+ ejb3App = ShrinkWrap.create(JavaArchive.class, EJB3_APP_FILE_NAME);
+ ejb3App.setManifest(TEST_HELPER.getResourceFile("MANIFEST.MF"));
+
ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/jboss.xml"));
+ ejb3App.addClasses(EasySession.class, EasySessionBean.class);
+
ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sampleapp-jboss-beans.xml"));
+
ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sampleapp-roles.properties"));
+
ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sampleapp-users.properties"));
+ // has to be on classpath, because it is loaded using getResourceAsStream(..)
+
ejb3App.addAsResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/sts-config.properties"));
+
+ }
+
+ private static void deployArtifacts() throws Exception
+ {
+ log.debug("deploying test artifacts");
+ // TEST_HELPER.deploy(sts);
+ TEST_HELPER.deploy(ejb3App);
+ }
+
+ private static void undeployArtifacts() throws Exception
+ {
+ log.debug("undeploying test artifacts");
+ TEST_HELPER.undeploy(ejb3App);
+ // TEST_HELPER.undeploy(sts);
+ }
+
+}
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/MaskedPassSTSIssuingLMEJB3IntegrationTestCase.java
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/MaskedPassSTSIssuingLMEJB3IntegrationTestCase.java
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/MaskedPassSTSIssuingLMEJB3IntegrationTestCase.java 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,237 @@
+package org.picketlink.qa.identity.federation.wstrust.lm;
+
+import java.util.Hashtable;
+
+import javax.ejb.EJBAccessException;
+import javax.naming.Context;
+import javax.naming.InitialContext;
+
+import junit.extensions.TestSetup;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+import org.apache.log4j.Logger;
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.spec.JavaArchive;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.jboss.wsf.test.JBossWSTest;
+import org.jboss.wsf.test.JBossWSTestSetup;
+import org.picketlink.identity.federation.core.wstrust.SamlCredential;
+import org.picketlink.qa.CommonTestHelper;
+import org.picketlink.qa.JBossPLTestHelper;
+
+/**
+ * This test case makes sure that
org.picketlink.identity.federation.core.wstrust.auth.STSIssuingLoginModule
+ * works as expected in conjunction with
org.picketlink.identity.federation.core.wstrust.auth.STSValidatingLoginModule
+ * and UsersRolesLoginModule (which supplies roles to the authenticated Subject).
+ * Login to container uses user name and password credentials as expected by
STSIssuingLoginModule.
+ *
+ * Checks whether EJB3 client can invoke remote EJB3 methods with following permissions:
+ * - administrative
+ * - regular
+ * - unprotected
+ * - denied for all
+ *
+ * @author pskopek
+ *
+ */
+public class MaskedPassSTSIssuingLMEJB3IntegrationTestCase extends JBossWSTest
+{
+ private static JBossPLTestHelper TEST_HELPER =
JBossPLTestHelper.getJBossPLTestHelper();
+
+ public static Logger log =
Logger.getLogger(MaskedPassSTSIssuingLMEJB3IntegrationTestCase.class);
+
+ public static String EJB3_APP_FILE_NAME =
"ejb3-test-stsvalidatinglm-mp-app.jar";
+
+ private static JavaArchive ejb3App = null;
+ private static WebArchive sts = null;
+
+ public static Test suite() throws Exception
+ {
+ createTestArtifacts();
+
+ TestSuite suite = new TestSuite();
+ suite.addTest(new TestSuite(MaskedPassSTSIssuingLMEJB3IntegrationTestCase.class));
+
+ // Create an initializer for the test suite
+ TestSetup wrapper = new JBossWSTestSetup(suite) {
+ @Override
+ protected void setUp() throws Exception
+ {
+ log.trace("Static setUp");
+ super.setUp();
+ deployArtifacts();
+
+ }
+
+ @Override
+ protected void tearDown() throws Exception
+ {
+ log.trace("Static tearDown");
+ undeployArtifacts();
+ super.tearDown();
+ }
+ };
+
+ return wrapper;
+ }
+
+ public void testSAML2STSLoginModule() throws Exception
+ {
+ performLoginModuleTest("UserA", "PassA", true, true, true);
+ performLoginModuleTest("UserB", "PassB", false, true, true);
+ performLoginModuleTest("UserC", "PassC", false, false, true);
+ }
+
+ private void performLoginModuleTest(String userName, String password, boolean isAdmin,
boolean isRegular, boolean isGuest) throws Exception
+ {
+
+ boolean callResult;
+ String resultUserName;
+
+ Hashtable<String, Object> env = new Hashtable<String, Object>();
+
+ env.put("java.naming.factory.initial",
"org.jboss.security.jndi.JndiLoginInitialContextFactory");
+ env.put("java.naming.factory.url.pkgs",
"org.jboss.naming:org.jnp.interfaces");
+ env.put("java.naming.provider.url", JBossPLTestHelper.getServerHost() +
":1099");
+
+ env.put(Context.SECURITY_PRINCIPAL, userName);
+ env.put(Context.SECURITY_CREDENTIALS, password);
+
+ log.debug("Invoking secure EJB3 session bean with " + userName + "
SAML assertion");
+ Context context = new InitialContext(env);
+ Object object = context.lookup("SamlSessionBean/remote");
+ SamlSession session = (SamlSession)object;
+
+ // invoke method that requires the Administrator role.
+ callResult = false;
+ resultUserName = null;
+ try
+ {
+ SamlCredential sc = session.invokeAdministrativeMethod();
+ resultUserName =
CommonTestHelper.getSubjectNameIDFromXmlString(sc.getAssertionAsString());
+
+ log.debug("User " + resultUserName + " successfully called
administrative method!");
+ log.debug("Principal object = " + resultUserName);
+
+ callResult = true;
+ }
+ catch (EJBAccessException eae)
+ {
+ log.debug("User " + userName + " is not authorized to call
administrative method!", eae);
+ }
+
+ // in case of admin role check returned principal's name (just for sure ;-)
+ if (isAdmin && callResult)
+ callResult = userName.equals(resultUserName);
+
+ assertEquals("Calling method invokeAdministrativeMethod() as " +
userName, isAdmin, callResult);
+
+ // invoke method that requires the RegularUser role.
+ callResult = false;
+ resultUserName = null;
+ try
+ {
+ SamlCredential sc = session.invokeRegularMethod();
+ resultUserName =
CommonTestHelper.getSubjectNameIDFromXmlString(sc.getAssertionAsString());
+
+ log.debug("User " + resultUserName + " successfully called
regular method!");
+ callResult = true;
+ }
+ catch (EJBAccessException eae)
+ {
+ log.debug("User " + userName + " is not authorized to call
regular method!", eae);
+ }
+
+ // in case of regular user role check returned principal's name (just for sure
;-)
+ if (isRegular && callResult)
+ callResult = userName.equals(resultUserName);
+
+ assertEquals("Calling method invokeRegularMethod() as " + userName,
isRegular, callResult);
+
+ // invoke method that allows all roles.
+ callResult = false;
+ resultUserName = null;
+ try
+ {
+ SamlCredential sc = session.invokeUnprotectedMethod();
+ resultUserName =
CommonTestHelper.getSubjectNameIDFromXmlString(sc.getAssertionAsString());
+
+ log.debug("User " + resultUserName + " successfully called
unprotected method!");
+ callResult = true;
+ }
+ catch (EJBAccessException eae)
+ {
+ // this should never happen as long as the user has successfully authenticated.
+ log.debug("User " + userName + " is not authorized to call
unprotected method!", eae);
+ }
+
+ assertEquals("Calling method invokeUnprotectedMethod() as " + userName,
isGuest, callResult);
+
+ // invoke method that denies access to all roles.
+ callResult = false;
+ resultUserName = null;
+ try
+ {
+ SamlCredential sc = session.invokeUnavailableMethod();
+ // this should never happen because the method should deny access to all roles.
+ resultUserName =
CommonTestHelper.getSubjectNameIDFromXmlString(sc.getAssertionAsString());
+ log.debug("User " + resultUserName + " successfully called
unavailable method!");
+ fail("Calling method invokeUnavailableMethod() as " + userName +
", but has to be denied for all users");
+ }
+ catch (EJBAccessException eae)
+ {
+ log.debug("User " + userName + " is not authorized to call
unavailable method which is OK!");
+ assertTrue("Calling method invokeUnavailableMethod() as " + userName,
true);
+ }
+
+ }
+
+ @Override
+ protected void setUp() throws Exception
+ {
+ log.trace("Dynamic Setting up test");
+ super.setUp();
+ }
+
+ @Override
+ protected void tearDown() throws Exception
+ {
+ log.trace("Dynamic Tearing down test env.");
+ super.tearDown();
+ }
+
+ private static void createTestArtifacts()
+ {
+
+ /* picketlink-sts package */
+ sts = JBossPLTestHelper.getPasswordMaskedPicketLinkSTSArchive();
+
+ /* ejb3-test-app package */
+ ejb3App = ShrinkWrap.create(JavaArchive.class, EJB3_APP_FILE_NAME);
+ ejb3App.setManifest(TEST_HELPER.getResourceFile("MANIFEST.MF"));
+
ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/jboss.xml"));
+ ejb3App.addClasses(SamlSession.class, SamlSessionBean.class);
+
ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sts-issuing-lm-jboss-beans.xml"));
+
ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sampleapp-roles.properties"));
+
ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sampleapp-users.properties"));
+ // has to be on classpath, because it is loaded using getResourceAsStream(..)
+
ejb3App.addAsResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/sts-config.properties"));
+
+ }
+
+ private static void deployArtifacts() throws Exception
+ {
+ log.debug("deploying test artifacts");
+ // TEST_HELPER.deploy(sts);
+ TEST_HELPER.deploy(ejb3App);
+ }
+
+ private static void undeployArtifacts() throws Exception
+ {
+ log.debug("undeploying test artifacts");
+ TEST_HELPER.undeploy(ejb3App);
+ // TEST_HELPER.undeploy(sts);
+ }
+
+}
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/MaskedPassSTSIssuingLMWSTestCase.java
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/MaskedPassSTSIssuingLMWSTestCase.java
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/MaskedPassSTSIssuingLMWSTestCase.java 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,234 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+
+package org.picketlink.qa.identity.federation.wstrust.lm;
+
+import java.net.URL;
+import java.util.Map;
+
+import javax.xml.namespace.QName;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.Service;
+import javax.xml.ws.WebServiceException;
+
+import junit.extensions.TestSetup;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+import org.apache.log4j.Logger;
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.spec.JavaArchive;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.jboss.wsf.test.JBossWSTest;
+import org.jboss.wsf.test.JBossWSTestSetup;
+import org.picketlink.qa.JBossPLTestHelper;
+
+/**
+ * This test case makes sure that
org.picketlink.identity.federation.core.wstrust.auth.STSIssuingLoginModule
+ * works as expected in conjunction with
org.picketlink.identity.federation.core.wstrust.auth.STSValidatingLoginModule
+ * and UsersRolesLoginModule (which supplies roles to the authenticated Subject).
+ * Login to web service uses user name and password credentials as expected by
STSIssuingLoginModule.
+ *
+ * @author pskopek
+ *
+ */
+public class MaskedPassSTSIssuingLMWSTestCase extends JBossWSTest
+{
+ public final String TARGET_ENDPOINT_ADDRESS = "http://" + getServerHost() +
":8080/jaxws-securityDomain";
+
+ private static JBossPLTestHelper TEST_HELPER =
JBossPLTestHelper.getJBossPLTestHelper();
+
+ public static Logger log = Logger.getLogger(MaskedPassSTSIssuingLMWSTestCase.class);
+
+ public static final String WS_FILE_NAME =
"jaxws-stsval-mp-securityDomain.jar";
+
+ private static JavaArchive ws = null;
+ private static WebArchive sts = null;
+
+
+ public static Test suite() throws Exception
+ {
+ createTestArtifacts();
+
+ TestSuite suite = new TestSuite();
+ suite.addTest(new TestSuite(MaskedPassSTSIssuingLMWSTestCase.class));
+
+ // Create an initializer for the test suite
+ TestSetup wrapper = new JBossWSTestSetup(suite) {
+ @Override
+ protected void setUp() throws Exception
+ {
+ log.trace("Static setUp");
+ super.setUp();
+ deployArtifacts();
+
+ }
+
+ @Override
+ protected void tearDown() throws Exception
+ {
+ log.trace("Static tearDown");
+ undeployArtifacts();
+ super.tearDown();
+ }
+ };
+
+ return wrapper;
+
+ }
+
+
+ private static void createTestArtifacts()
+ {
+
+ /* picketlink-sts package */
+ sts = JBossPLTestHelper.getPasswordMaskedPicketLinkSTSArchive();
+
+ /* ejb3-test-app package */
+ ws = ShrinkWrap.create(JavaArchive.class, WS_FILE_NAME);
+ ws.setManifest(TEST_HELPER.getResourceFile("MANIFEST.MF"));
+ ws.addClasses(SecureEndpointImpl.class);
+
ws.addAsManifestResource(TEST_HELPER.getResourceFile("fed/securitydomain/ws-sample-jboss-beans.xml"));
+
ws.addAsManifestResource(TEST_HELPER.getResourceFile("fed/securitydomain/ws-sample-roles.properties"));
+
ws.addAsManifestResource(TEST_HELPER.getResourceFile("fed/securitydomain/ws-sample-users.properties"));
+ // has to be on classpath, because it is loaded using getResourceAsStream(..)
+ // take this one, because we can have all at the same place
+
ws.addAsResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/sts-config.properties"));
+
+ }
+
+ private static void deployArtifacts() throws Exception
+ {
+ log.debug("deploying test artifacts");
+ // TEST_HELPER.deploy(sts);
+ TEST_HELPER.deploy(ws);
+ }
+
+ private static void undeployArtifacts() throws Exception
+ {
+ log.debug("undeploying test artifacts");
+ TEST_HELPER.undeploy(ws);
+ // TEST_HELPER.undeploy(sts);
+ }
+
+ private SecureEndpoint getPort() throws Exception
+ {
+ URL wsdlURL = new URL(TARGET_ENDPOINT_ADDRESS + "?wsdl");
+ QName serviceName = new QName("http://org.jboss.ws/securityDomain",
"SecureEndpointService");
+ SecureEndpoint port = Service.create(wsdlURL,
serviceName).getPort(SecureEndpoint.class);
+ return port;
+ }
+
+
+ /**
+ * Tests whether invoking secured web service without principal fails as expected.
+ * @throws Exception
+ */
+ public void testNegativeNoPrincipal() throws Exception
+ {
+ SecureEndpoint port = getPort();
+ try
+ {
+ port.echo("Hello");
+ fail("Expected: Invalid HTTP server response [401] - Unauthorized");
+ }
+ catch (WebServiceException ex)
+ {
+ // all good
+ }
+ }
+
+ /**
+ * Tests if invoking secured web service with invalid credential fails as expected.
+ * @throws Exception
+ */
+ public void testNegativeWrongCredential() throws Exception
+ {
+
+ String userName = "UserA";
+ String password = "XXX";
+
+ SecureEndpoint port = getPort();
+
+ Map<String, Object> reqContext =
((BindingProvider)port).getRequestContext();
+ reqContext.put(BindingProvider.USERNAME_PROPERTY, userName);
+ reqContext.put(BindingProvider.PASSWORD_PROPERTY, password);
+
+ try {
+ port.echo("Hello");
+ fail("Expected: Invalid HTTP server response [401] - Unauthorized");
+ }
+ catch (WebServiceException ex)
+ {
+ // all good
+ }
+ }
+
+ /**
+ * Tests if invoking secured web service with invalid principal fails as expected.
+ * @throws Exception
+ */
+ public void testNegativeWrongPrincipal() throws Exception
+ {
+
+ String userName = "UserX";
+ String password = "PassA";
+
+ SecureEndpoint port = getPort();
+
+ Map<String, Object> reqContext =
((BindingProvider)port).getRequestContext();
+ reqContext.put(BindingProvider.USERNAME_PROPERTY, userName);
+ reqContext.put(BindingProvider.PASSWORD_PROPERTY, password);
+
+ try {
+ port.echo("Hello");
+ fail("Expected: Invalid HTTP server response [401] - Unauthorized");
+ }
+ catch (WebServiceException ex)
+ {
+ // all good
+ }
+ }
+
+
+ /**
+ * Tests if invoking secured web service with proper principal and credential is
possible.
+ * @throws Exception
+ */
+ public void testPositive() throws Exception
+ {
+
+ String userName = "UserA";
+ String password = "PassA";
+
+ SecureEndpoint port = getPort();
+
+ Map<String, Object> reqContext =
((BindingProvider)port).getRequestContext();
+ reqContext.put(BindingProvider.USERNAME_PROPERTY, userName);
+ reqContext.put(BindingProvider.PASSWORD_PROPERTY, password);
+
+ String retObj = port.echo("Hello");
+ assertEquals("Hello", retObj);
+ }
+
+
+}
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SAML2STSLoginModuleTestCase.java
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SAML2STSLoginModuleTestCase.java
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SAML2STSLoginModuleTestCase.java 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,261 @@
+package org.picketlink.qa.identity.federation.wstrust.lm;
+
+import java.security.Principal;
+import java.util.Hashtable;
+
+import javax.ejb.EJBAccessException;
+import javax.naming.Context;
+import javax.naming.InitialContext;
+
+import junit.extensions.TestSetup;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+
+import org.apache.log4j.Logger;
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.spec.JavaArchive;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.jboss.wsf.test.JBossWSTest;
+import org.jboss.wsf.test.JBossWSTestSetup;
+import org.picketlink.identity.federation.api.wstrust.WSTrustClient;
+import org.picketlink.identity.federation.api.wstrust.WSTrustClient.SecurityInfo;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.wstrust.SamlCredential;
+import org.picketlink.identity.federation.core.wstrust.WSTrustException;
+import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
+import org.picketlink.qa.JBossPLTestHelper;
+import org.w3c.dom.Element;
+
+/**
+ * This test case utilizes
org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSLoginModule in
+ * conjunction with UsersRolesLoginModule (which provides roles for authenticated
principal).
+ * 1. it gets SAML token from STS
+ * 2. uses the token as credential in login to container
+ * 3. tests if EJB3 client can invoke remote EJB3 methods with following permissions:
+ * - administrative
+ * - regular
+ * - unprotected
+ * - denied for all
+ *
+ * @author pskopek
+ *
+ */
+public class SAML2STSLoginModuleTestCase extends JBossWSTest
+{
+ private static JBossPLTestHelper TEST_HELPER =
JBossPLTestHelper.getJBossPLTestHelper();
+
+ public static Logger log = Logger.getLogger(SAML2STSLoginModuleTestCase.class);
+
+ public static String EJB3_APP_FILE_NAME = "ejb3-test-saml2stslm-app.jar";
+
+ private static JavaArchive ejb3App = null;
+ private static WebArchive sts = null;
+
+
+ public static Test suite() throws Exception
+ {
+ createTestArtifacts();
+
+ TestSuite suite = new TestSuite();
+ suite.addTest(new TestSuite(SAML2STSLoginModuleTestCase.class));
+
+ // Create an initializer for the test suite
+ TestSetup wrapper = new JBossWSTestSetup(suite) {
+ @Override
+ protected void setUp() throws Exception
+ {
+ log.trace("Static setUp");
+ super.setUp();
+ deployArtifacts();
+
+ }
+
+ @Override
+ protected void tearDown() throws Exception
+ {
+ log.trace("Static tearDown");
+ undeployArtifacts();
+ super.tearDown();
+ }
+ };
+
+ return wrapper;
+
+ }
+
+ public void testSAML2STSLoginModule() throws Exception
+ {
+ performLoginModuleTest("UserA", "PassA", true, true, true);
+ performLoginModuleTest("UserB", "PassB", false, true, true);
+ performLoginModuleTest("UserC", "PassC", false, false, true);
+ }
+
+ private void performLoginModuleTest(String userName, String password, boolean isAdmin,
boolean isRegular, boolean isGuest) throws Exception
+ {
+
+ // create a WSTrustClient instance.
+ WSTrustClient client = new WSTrustClient("PicketLinkSTS",
"PicketLinkSTSPort",
+ "http://localhost:8080/picketlink-sts/PicketLinkSTS",
+ new SecurityInfo(userName, password));
+
+ // issue a SAML assertion using the client API.
+ Element assertion = null;
+
+ try
+ {
+ log.debug("Invoking token service to get SAML assertion for " +
userName);
+ assertion = client.issueToken(SAMLUtil.SAML2_TOKEN_TYPE);
+ log.debug("SAML assertion for " + userName + " successfully
obtained!");
+ if (log.isTraceEnabled())
+ log.trace("token
received="+DocumentUtil.getDOMElementAsString(assertion));
+ }
+ catch (WSTrustException wse)
+ {
+ log.error("Unable to issue assertion", wse);
+ fail("Unable to issue assertion: " + wse.getMessage());
+ }
+
+ if (log.isDebugEnabled())
+ log.debug("validate " + client.validateToken(assertion));
+
+ boolean callResult;
+ String resultUserName;
+
+
+ Hashtable<String, Object> env = new Hashtable<String, Object>();
+
+ env.put("java.naming.factory.initial",
"org.jboss.security.jndi.JndiLoginInitialContextFactory");
+ env.put("java.naming.factory.url.pkgs",
"org.jboss.naming:org.jnp.interfaces");
+ env.put("java.naming.provider.url", JBossPLTestHelper.getServerHost() +
":1099");
+
+ // invoke the remote EJB using the assertion as the credential.
+ env.put(Context.SECURITY_PRINCIPAL, userName);
+ SamlCredential scred = new SamlCredential(assertion);
+ env.put(Context.SECURITY_CREDENTIALS, scred);
+
+ log.debug("Invoking secure EJB3 session bean with " + userName + "
SAML assertion");
+ Context context = new InitialContext(env);
+ Object object = context.lookup("EasySessionBean/remote");
+ //EasySession session = (EasySession) PortableRemoteObject.narrow(object,
EasySession.class);
+ EasySession session = (EasySession) object;
+
+
+
+ // invoke method that requires the Administrator role.
+ callResult = false;
+ resultUserName = null;
+ try
+ {
+ Principal principal = session.invokeAdministrativeMethod();
+ log.debug("User " + principal.getName() + " successfully called
administrative method!");
+ resultUserName = principal.getName();
+ callResult = true;
+ }
+ catch (EJBAccessException eae)
+ {
+ log.debug("User " + userName + " is not authorized to call
administrative method!", eae);
+ }
+
+ // in case of admin role check returned principal's name (just for sure ;-)
+ if (isAdmin && callResult)
+ callResult = userName.equals(resultUserName);
+
+ assertEquals("Calling method invokeAdministrativeMethod() as " +
userName, isAdmin, callResult);
+
+
+ // invoke method that requires the RegularUser role.
+ callResult = false;
+ resultUserName = null;
+ try
+ {
+ Principal principal = session.invokeRegularMethod();
+ log.debug("User " + principal.getName() + " successfully called
regular method!");
+ resultUserName = principal.getName();
+ callResult = true;
+ }
+ catch (EJBAccessException eae)
+ {
+ log.debug("User " + userName + " is not authorized to call
regular method!", eae);
+ }
+
+ // in case of regular user role check returned principal's name (just for sure
;-)
+ if (isRegular && callResult)
+ callResult = userName.equals(resultUserName);
+
+ assertEquals("Calling method invokeRegularMethod() as " + userName,
isRegular, callResult);
+
+
+ // invoke method that allows all roles.
+ callResult = false;
+ resultUserName = null;
+ try
+ {
+ Principal principal = session.invokeUnprotectedMethod();
+ log.debug("User " + principal.getName() + " successfully called
unprotected method!");
+ resultUserName = principal.getName();
+ callResult = true;
+ }
+ catch (EJBAccessException eae)
+ {
+ // this should never happen as long as the user has successfully authenticated.
+ log.debug("User " + userName + " is not authorized to call
unprotected method!", eae);
+ }
+
+
+ assertEquals("Calling method invokeUnprotectedMethod() as " + userName,
isGuest, callResult);
+
+ // invoke method that denies access to all roles.
+ callResult = false;
+ resultUserName = null;
+ try
+ {
+ Principal principal = session.invokeUnavailableMethod();
+ // this should never happen because the method should deny access to all roles.
+ log.debug("User " + principal.getName() + " successfully called
unavailable method!");
+ fail("Calling method invokeUnavailableMethod() as " + userName +
", but has to be denied for all users");
+ }
+ catch (EJBAccessException eae)
+ {
+ log.debug("User " + userName + " is not authorized to call
unavailable method which is OK!");
+ assertTrue("Calling method invokeUnavailableMethod() as " + userName,
true);
+ }
+
+
+ }
+
+
+ private static void createTestArtifacts()
+ {
+
+ /* picketlink-sts package */
+ sts = JBossPLTestHelper.getPicketLinkSTSArchive();
+
+ /* ejb3-test-app package */
+ ejb3App = ShrinkWrap.create(JavaArchive.class, EJB3_APP_FILE_NAME);
+ ejb3App.setManifest(TEST_HELPER.getResourceFile("MANIFEST.MF"));
+
ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/jboss.xml"));
+ ejb3App.addClasses(EasySession.class, EasySessionBean.class);
+
ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sampleapp-jboss-beans.xml"));
+
ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sampleapp-roles.properties"));
+
ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sampleapp-users.properties"));
+ // has to be on classpath, because it is loaded using getResourceAsStream(..)
+
ejb3App.addAsResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/sts-config.properties"));
+
+ }
+
+ private static void deployArtifacts() throws Exception
+ {
+ log.debug("deploying test artifacts");
+ // TEST_HELPER.deploy(sts);
+ TEST_HELPER.deploy(ejb3App);
+ }
+
+ private static void undeployArtifacts() throws Exception
+ {
+ log.debug("undeploying test artifacts");
+ TEST_HELPER.undeploy(ejb3App);
+ // TEST_HELPER.undeploy(sts);
+ }
+
+}
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/STSIssuingLMEJB3IntegrationTestCase.java
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/STSIssuingLMEJB3IntegrationTestCase.java
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/STSIssuingLMEJB3IntegrationTestCase.java 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,237 @@
+package org.picketlink.qa.identity.federation.wstrust.lm;
+
+import java.util.Hashtable;
+
+import javax.ejb.EJBAccessException;
+import javax.naming.Context;
+import javax.naming.InitialContext;
+
+import junit.extensions.TestSetup;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+import org.apache.log4j.Logger;
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.spec.JavaArchive;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.jboss.wsf.test.JBossWSTest;
+import org.jboss.wsf.test.JBossWSTestSetup;
+import org.picketlink.identity.federation.core.wstrust.SamlCredential;
+import org.picketlink.qa.CommonTestHelper;
+import org.picketlink.qa.JBossPLTestHelper;
+
+/**
+ * This test case makes sure that
org.picketlink.identity.federation.core.wstrust.auth.STSIssuingLoginModule
+ * works as expected in conjunction with
org.picketlink.identity.federation.core.wstrust.auth.STSValidatingLoginModule
+ * and UsersRolesLoginModule (which supplies roles to the authenticated Subject).
+ * Login to container uses user name and password credentials as expected by
STSIssuingLoginModule.
+ *
+ * Checks whether EJB3 client can invoke remote EJB3 methods with following permissions:
+ * - administrative
+ * - regular
+ * - unprotected
+ * - denied for all
+ *
+ * @author pskopek
+ *
+ */
+public class STSIssuingLMEJB3IntegrationTestCase extends JBossWSTest
+{
+ private static JBossPLTestHelper TEST_HELPER =
JBossPLTestHelper.getJBossPLTestHelper();
+
+ public static Logger log =
Logger.getLogger(STSIssuingLMEJB3IntegrationTestCase.class);
+
+ public static String EJB3_APP_FILE_NAME =
"ejb3-test-stsvalidatinglm-app.jar";
+
+ private static JavaArchive ejb3App = null;
+ private static WebArchive sts = null;
+
+ public static Test suite() throws Exception
+ {
+ createTestArtifacts();
+
+ TestSuite suite = new TestSuite();
+ suite.addTest(new TestSuite(STSIssuingLMEJB3IntegrationTestCase.class));
+
+ // Create an initializer for the test suite
+ TestSetup wrapper = new JBossWSTestSetup(suite) {
+ @Override
+ protected void setUp() throws Exception
+ {
+ log.trace("Static setUp");
+ super.setUp();
+ deployArtifacts();
+
+ }
+
+ @Override
+ protected void tearDown() throws Exception
+ {
+ log.trace("Static tearDown");
+ undeployArtifacts();
+ super.tearDown();
+ }
+ };
+
+ return wrapper;
+ }
+
+ public void testSAML2STSLoginModule() throws Exception
+ {
+ performLoginModuleTest("UserA", "PassA", true, true, true);
+ performLoginModuleTest("UserB", "PassB", false, true, true);
+ performLoginModuleTest("UserC", "PassC", false, false, true);
+ }
+
+ private void performLoginModuleTest(String userName, String password, boolean isAdmin,
boolean isRegular, boolean isGuest) throws Exception
+ {
+
+ boolean callResult;
+ String resultUserName;
+
+ Hashtable<String, Object> env = new Hashtable<String, Object>();
+
+ env.put("java.naming.factory.initial",
"org.jboss.security.jndi.JndiLoginInitialContextFactory");
+ env.put("java.naming.factory.url.pkgs",
"org.jboss.naming:org.jnp.interfaces");
+ env.put("java.naming.provider.url", JBossPLTestHelper.getServerHost() +
":1099");
+
+ env.put(Context.SECURITY_PRINCIPAL, userName);
+ env.put(Context.SECURITY_CREDENTIALS, password);
+
+ log.debug("Invoking secure EJB3 session bean with " + userName + "
SAML assertion");
+ Context context = new InitialContext(env);
+ Object object = context.lookup("SamlSessionBean/remote");
+ SamlSession session = (SamlSession)object;
+
+ // invoke method that requires the Administrator role.
+ callResult = false;
+ resultUserName = null;
+ try
+ {
+ SamlCredential sc = session.invokeAdministrativeMethod();
+ resultUserName =
CommonTestHelper.getSubjectNameIDFromXmlString(sc.getAssertionAsString());
+
+ log.debug("User " + resultUserName + " successfully called
administrative method!");
+ log.debug("Principal object = " + resultUserName);
+
+ callResult = true;
+ }
+ catch (EJBAccessException eae)
+ {
+ log.debug("User " + userName + " is not authorized to call
administrative method!", eae);
+ }
+
+ // in case of admin role check returned principal's name (just for sure ;-)
+ if (isAdmin && callResult)
+ callResult = userName.equals(resultUserName);
+
+ assertEquals("Calling method invokeAdministrativeMethod() as " +
userName, isAdmin, callResult);
+
+ // invoke method that requires the RegularUser role.
+ callResult = false;
+ resultUserName = null;
+ try
+ {
+ SamlCredential sc = session.invokeRegularMethod();
+ resultUserName =
CommonTestHelper.getSubjectNameIDFromXmlString(sc.getAssertionAsString());
+
+ log.debug("User " + resultUserName + " successfully called
regular method!");
+ callResult = true;
+ }
+ catch (EJBAccessException eae)
+ {
+ log.debug("User " + userName + " is not authorized to call
regular method!", eae);
+ }
+
+ // in case of regular user role check returned principal's name (just for sure
;-)
+ if (isRegular && callResult)
+ callResult = userName.equals(resultUserName);
+
+ assertEquals("Calling method invokeRegularMethod() as " + userName,
isRegular, callResult);
+
+ // invoke method that allows all roles.
+ callResult = false;
+ resultUserName = null;
+ try
+ {
+ SamlCredential sc = session.invokeUnprotectedMethod();
+ resultUserName =
CommonTestHelper.getSubjectNameIDFromXmlString(sc.getAssertionAsString());
+
+ log.debug("User " + resultUserName + " successfully called
unprotected method!");
+ callResult = true;
+ }
+ catch (EJBAccessException eae)
+ {
+ // this should never happen as long as the user has successfully authenticated.
+ log.debug("User " + userName + " is not authorized to call
unprotected method!", eae);
+ }
+
+ assertEquals("Calling method invokeUnprotectedMethod() as " + userName,
isGuest, callResult);
+
+ // invoke method that denies access to all roles.
+ callResult = false;
+ resultUserName = null;
+ try
+ {
+ SamlCredential sc = session.invokeUnavailableMethod();
+ // this should never happen because the method should deny access to all roles.
+ resultUserName =
CommonTestHelper.getSubjectNameIDFromXmlString(sc.getAssertionAsString());
+ log.debug("User " + resultUserName + " successfully called
unavailable method!");
+ fail("Calling method invokeUnavailableMethod() as " + userName +
", but has to be denied for all users");
+ }
+ catch (EJBAccessException eae)
+ {
+ log.debug("User " + userName + " is not authorized to call
unavailable method which is OK!");
+ assertTrue("Calling method invokeUnavailableMethod() as " + userName,
true);
+ }
+
+ }
+
+ @Override
+ protected void setUp() throws Exception
+ {
+ log.trace("Dynamic Setting up test");
+ super.setUp();
+ }
+
+ @Override
+ protected void tearDown() throws Exception
+ {
+ log.trace("Dynamic Tearing down test env.");
+ super.tearDown();
+ }
+
+ private static void createTestArtifacts()
+ {
+
+ /* picketlink-sts package */
+ sts = JBossPLTestHelper.getPicketLinkSTSArchive();
+
+ /* ejb3-test-app package */
+ ejb3App = ShrinkWrap.create(JavaArchive.class, EJB3_APP_FILE_NAME);
+ ejb3App.setManifest(TEST_HELPER.getResourceFile("MANIFEST.MF"));
+
ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/jboss.xml"));
+ ejb3App.addClasses(SamlSession.class, SamlSessionBean.class);
+
ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sts-issuing-lm-jboss-beans.xml"));
+
ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sampleapp-roles.properties"));
+
ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sampleapp-users.properties"));
+ // has to be on classpath, because it is loaded using getResourceAsStream(..)
+
ejb3App.addAsResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/sts-config.properties"));
+
+ }
+
+ private static void deployArtifacts() throws Exception
+ {
+ log.debug("deploying test artifacts");
+ // TEST_HELPER.deploy(sts);
+ TEST_HELPER.deploy(ejb3App);
+ }
+
+ private static void undeployArtifacts() throws Exception
+ {
+ log.debug("undeploying test artifacts");
+ TEST_HELPER.undeploy(ejb3App);
+ // TEST_HELPER.undeploy(sts);
+ }
+
+}
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/STSIssuingLMWSTestCase.java
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/STSIssuingLMWSTestCase.java
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/STSIssuingLMWSTestCase.java 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,234 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+
+package org.picketlink.qa.identity.federation.wstrust.lm;
+
+import java.net.URL;
+import java.util.Map;
+
+import javax.xml.namespace.QName;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.Service;
+import javax.xml.ws.WebServiceException;
+
+import junit.extensions.TestSetup;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+import org.apache.log4j.Logger;
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.spec.JavaArchive;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.jboss.wsf.test.JBossWSTest;
+import org.jboss.wsf.test.JBossWSTestSetup;
+import org.picketlink.qa.JBossPLTestHelper;
+
+/**
+ * This test case makes sure that
org.picketlink.identity.federation.core.wstrust.auth.STSIssuingLoginModule
+ * works as expected in conjunction with
org.picketlink.identity.federation.core.wstrust.auth.STSValidatingLoginModule
+ * and UsersRolesLoginModule (which supplies roles to the authenticated Subject).
+ * Login to web service uses user name and password credentials as expected by
STSIssuingLoginModule.
+ *
+ * @author pskopek
+ *
+ */
+public class STSIssuingLMWSTestCase extends JBossWSTest
+{
+ public final String TARGET_ENDPOINT_ADDRESS = "http://" + getServerHost() +
":8080/jaxws-securityDomain";
+
+ private static JBossPLTestHelper TEST_HELPER =
JBossPLTestHelper.getJBossPLTestHelper();
+
+ public static Logger log = Logger.getLogger(STSIssuingLMWSTestCase.class);
+
+ public static final String WS_FILE_NAME =
"jaxws-stsval-securityDomain.jar";
+
+ private static JavaArchive ws = null;
+ private static WebArchive sts = null;
+
+
+ public static Test suite() throws Exception
+ {
+ createTestArtifacts();
+
+ TestSuite suite = new TestSuite();
+ suite.addTest(new TestSuite(STSIssuingLMWSTestCase.class));
+
+ // Create an initializer for the test suite
+ TestSetup wrapper = new JBossWSTestSetup(suite) {
+ @Override
+ protected void setUp() throws Exception
+ {
+ log.trace("Static setUp");
+ super.setUp();
+ deployArtifacts();
+
+ }
+
+ @Override
+ protected void tearDown() throws Exception
+ {
+ log.trace("Static tearDown");
+ undeployArtifacts();
+ super.tearDown();
+ }
+ };
+
+ return wrapper;
+
+ }
+
+
+ private static void createTestArtifacts()
+ {
+
+ /* picketlink-sts package */
+ sts = JBossPLTestHelper.getPicketLinkSTSArchive();
+
+ /* ejb3-test-app package */
+ ws = ShrinkWrap.create(JavaArchive.class, WS_FILE_NAME);
+ ws.setManifest(TEST_HELPER.getResourceFile("MANIFEST.MF"));
+ ws.addClasses(SecureEndpointImpl.class);
+
ws.addAsManifestResource(TEST_HELPER.getResourceFile("fed/securitydomain/ws-sample-jboss-beans.xml"));
+
ws.addAsManifestResource(TEST_HELPER.getResourceFile("fed/securitydomain/ws-sample-roles.properties"));
+
ws.addAsManifestResource(TEST_HELPER.getResourceFile("fed/securitydomain/ws-sample-users.properties"));
+ // has to be on classpath, because it is loaded using getResourceAsStream(..)
+ // take this one, because we can have all at the same place
+
ws.addAsResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/sts-config.properties"));
+
+ }
+
+ private static void deployArtifacts() throws Exception
+ {
+ log.debug("deploying test artifacts");
+ // TEST_HELPER.deploy(sts);
+ TEST_HELPER.deploy(ws);
+ }
+
+ private static void undeployArtifacts() throws Exception
+ {
+ log.debug("undeploying test artifacts");
+ TEST_HELPER.undeploy(ws);
+ // TEST_HELPER.undeploy(sts);
+ }
+
+ private SecureEndpoint getPort() throws Exception
+ {
+ URL wsdlURL = new URL(TARGET_ENDPOINT_ADDRESS + "?wsdl");
+ QName serviceName = new QName("http://org.jboss.ws/securityDomain",
"SecureEndpointService");
+ SecureEndpoint port = Service.create(wsdlURL,
serviceName).getPort(SecureEndpoint.class);
+ return port;
+ }
+
+
+ /**
+ * Tests whether invoking secured web service without principal fails as expected.
+ * @throws Exception
+ */
+ public void testNegativeNoPrincipal() throws Exception
+ {
+ SecureEndpoint port = getPort();
+ try
+ {
+ port.echo("Hello");
+ fail("Expected: Invalid HTTP server response [401] - Unauthorized");
+ }
+ catch (WebServiceException ex)
+ {
+ // all good
+ }
+ }
+
+ /**
+ * Tests if invoking secured web service with invalid credential fails as expected.
+ * @throws Exception
+ */
+ public void testNegativeWrongCredential() throws Exception
+ {
+
+ String userName = "UserA";
+ String password = "XXX";
+
+ SecureEndpoint port = getPort();
+
+ Map<String, Object> reqContext =
((BindingProvider)port).getRequestContext();
+ reqContext.put(BindingProvider.USERNAME_PROPERTY, userName);
+ reqContext.put(BindingProvider.PASSWORD_PROPERTY, password);
+
+ try {
+ port.echo("Hello");
+ fail("Expected: Invalid HTTP server response [401] - Unauthorized");
+ }
+ catch (WebServiceException ex)
+ {
+ // all good
+ }
+ }
+
+ /**
+ * Tests if invoking secured web service with invalid principal fails as expected.
+ * @throws Exception
+ */
+ public void testNegativeWrongPrincipal() throws Exception
+ {
+
+ String userName = "UserX";
+ String password = "PassA";
+
+ SecureEndpoint port = getPort();
+
+ Map<String, Object> reqContext =
((BindingProvider)port).getRequestContext();
+ reqContext.put(BindingProvider.USERNAME_PROPERTY, userName);
+ reqContext.put(BindingProvider.PASSWORD_PROPERTY, password);
+
+ try {
+ port.echo("Hello");
+ fail("Expected: Invalid HTTP server response [401] - Unauthorized");
+ }
+ catch (WebServiceException ex)
+ {
+ // all good
+ }
+ }
+
+
+ /**
+ * Tests if invoking secured web service with proper principal and credential is
possible.
+ * @throws Exception
+ */
+ public void testPositive() throws Exception
+ {
+
+ String userName = "UserA";
+ String password = "PassA";
+
+ SecureEndpoint port = getPort();
+
+ Map<String, Object> reqContext =
((BindingProvider)port).getRequestContext();
+ reqContext.put(BindingProvider.USERNAME_PROPERTY, userName);
+ reqContext.put(BindingProvider.PASSWORD_PROPERTY, password);
+
+ String retObj = port.echo("Hello");
+ assertEquals("Hello", retObj);
+ }
+
+
+}
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SamlSession.java
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SamlSession.java
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SamlSession.java 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,82 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+
+package org.picketlink.qa.identity.federation.wstrust.lm;
+
+import org.picketlink.identity.federation.core.wstrust.SamlCredential;
+
+/**
+ * @author pskopek
+ *
+ */
+public interface SamlSession
+{
+
+ public static final String SUBJECT_CONTEXT_KEY =
"javax.security.auth.Subject.container";
+
+
+ /**
+ * <p>
+ * This is a method available for regular users and administrators. Implementations
must annotate either the class or
+ * this method with {@code @RolesAllowed({"RegularUser",
"Administrator"})} to enforce that only these roles should
+ * be granted access to this method.
+ * </p>
+ *
+ * @return the caller's {@code Principal}.
+ */
+ public SamlCredential invokeRegularMethod();
+
+
+ /**
+ * <p>
+ * This is a method available for administrators only. Implementations must annotate
either the class or this method
+ * with {@code @RolesAllowed({"Administrator"})} to enforce that only
administrators should be granted access to
+ * this method.
+ * </p>
+ *
+ * @return the caller's {@code Principal}.
+ */
+ public SamlCredential invokeAdministrativeMethod();
+
+
+ /**
+ * <p>
+ * This is a method available for all authenticated users, regardless or role.
Implementations must annotate this
+ * method with {@code @PermitAll} to specify that all security roles should be granted
access.
+ * </p>
+ *
+ * @return the caller's {@code Principal}.
+ */
+ public SamlCredential invokeUnprotectedMethod();
+
+
+ /**
+ * <p>
+ * This is a method that is unavailable for everybody. Implementations must annotate
this method with
+ * {@code @DenyAll} to specify that access should be restricted for everybody.
+ * </p>
+ *
+ * @return the caller's {@code Principal}.
+ */
+ public SamlCredential invokeUnavailableMethod();
+
+}
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SamlSessionBean.java
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SamlSessionBean.java
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SamlSessionBean.java 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,111 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+
+package org.picketlink.qa.identity.federation.wstrust.lm;
+
+import javax.annotation.security.DenyAll;
+import javax.annotation.security.PermitAll;
+import javax.annotation.security.RolesAllowed;
+import javax.ejb.EJBException;
+import javax.ejb.Remote;
+import javax.ejb.Stateless;
+import javax.security.auth.Subject;
+import javax.security.jacc.PolicyContext;
+import javax.security.jacc.PolicyContextException;
+
+import org.apache.log4j.Logger;
+import org.picketlink.identity.federation.core.wstrust.SamlCredential;
+
+/**
+ * @author pskopek
+ *
+ */
+@Stateless
+(a)Remote(SamlSession.class)
+@RolesAllowed( { "RegularUser", "Administrator" })
+public class SamlSessionBean implements SamlSession
+{
+
+ Logger log = Logger.getLogger(SamlSessionBean.class);
+
+ private SamlCredential getCallerSamlCredential()
+ {
+
+ try
+ {
+ Subject callerSubject =
(Subject)PolicyContext.getContext(SamlSession.SUBJECT_CONTEXT_KEY);
+ for (Object o : callerSubject.getPublicCredentials())
+ {
+ if (log.isTraceEnabled())
+ log.trace("Public Credential = " + o);
+ if (o instanceof SamlCredential)
+ {
+ return (SamlCredential)o;
+ }
+ }
+
+ return null;
+
+ }
+ catch (PolicyContextException e)
+ {
+ throw new EJBException(e);
+ }
+
+ }
+
+ /* (non-Javadoc)
+ * @see
org.picketlink.qa.identity.federation.wstrust.lm.EasySession#invokeAdministrativeMethod()
+ */
+ @RolesAllowed( { "Administrator" })
+ public SamlCredential invokeAdministrativeMethod()
+ {
+ return getCallerSamlCredential();
+ }
+
+ /* (non-Javadoc)
+ * @see
org.picketlink.qa.identity.federation.wstrust.lm.EasySession#invokeRegularMethod()
+ */
+ public SamlCredential invokeRegularMethod()
+ {
+ return getCallerSamlCredential();
+ }
+
+ /* (non-Javadoc)
+ * @see
org.picketlink.qa.identity.federation.wstrust.lm.EasySession#invokeUnavailableMethod()
+ */
+ @DenyAll
+ public SamlCredential invokeUnavailableMethod()
+ {
+ return getCallerSamlCredential();
+ }
+
+ /* (non-Javadoc)
+ * @see
org.picketlink.qa.identity.federation.wstrust.lm.EasySession#invokeUnprotectedMethod()
+ */
+ @PermitAll
+ public SamlCredential invokeUnprotectedMethod()
+ {
+ return getCallerSamlCredential();
+ }
+
+}
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SecureEndpoint.java
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SecureEndpoint.java
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SecureEndpoint.java 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,40 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.picketlink.qa.identity.federation.wstrust.lm;
+
+import javax.jws.WebMethod;
+import javax.jws.WebParam;
+import javax.jws.WebResult;
+import javax.jws.WebService;
+import javax.jws.soap.SOAPBinding;
+import javax.jws.soap.SOAPBinding.Style;
+
+@WebService(name = "SecureEndpoint", targetNamespace =
"http://org.jboss.ws/securityDomain")
+@SOAPBinding(style = Style.RPC)
+public interface SecureEndpoint
+{
+
+ @WebMethod
+ @WebResult(targetNamespace = "http://org.jboss.ws/securityDomain", partName
= "return")
+ public String echo(@WebParam(name = "arg0", partName = "arg0")
String arg0);
+
+}
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SecureEndpointImpl.java
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SecureEndpointImpl.java
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SecureEndpointImpl.java 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,66 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.picketlink.qa.identity.federation.wstrust.lm;
+
+import javax.annotation.security.RolesAllowed;
+import javax.ejb.Stateless;
+import javax.jws.WebMethod;
+import javax.jws.WebService;
+import javax.jws.soap.SOAPBinding;
+import javax.jws.soap.SOAPBinding.Style;
+
+import org.jboss.ejb3.annotation.SecurityDomain;
+import org.jboss.logging.Logger;
+import org.jboss.wsf.spi.annotation.AuthMethod;
+import org.jboss.wsf.spi.annotation.TransportGuarantee;
+import org.jboss.wsf.spi.annotation.WebContext;
+
+@Stateless(name = "SecureEndpoint")
+@SOAPBinding(style = Style.RPC)
+@WebService
+(
+ name = "SecureEndpoint",
+ serviceName = "SecureEndpointService",
+ targetNamespace = "http://org.jboss.ws/securityDomain"
+)
+@WebContext
+(
+ contextRoot="/jaxws-securityDomain",
+ urlPattern="/*",
+ authMethod = AuthMethod.BASIC,
+ transportGuarantee = TransportGuarantee.NONE,
+ secureWSDLAccess = false
+)
+@SecurityDomain("ws-sample")
+@RolesAllowed("Administrator")
+public class SecureEndpointImpl
+{
+ // Provide logging
+ private static Logger log = Logger.getLogger(SecureEndpointImpl.class);
+
+ @WebMethod
+ public String echo(String input)
+ {
+ log.info(input);
+ return input;
+ }
+}
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/MANIFEST.MF
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/MANIFEST.MF
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/MANIFEST.MF 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,3 @@
+Manifest-Version: 1.0
+Created-By: 1.6.0_18 (Sun Microsystems Inc.)
+
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/securitydomain/ws-sample-jboss-beans.xml
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/securitydomain/ws-sample-jboss-beans.xml
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/securitydomain/ws-sample-jboss-beans.xml 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<deployment xmlns="urn:jboss:bean-deployer:2.0">
+
+ <!-- ejb3 test application-policy definition -->
+ <application-policy xmlns="urn:jboss:security-beans:1.0"
name="ws-sample">
+ <authentication>
+
+ <login-module
code="org.picketlink.identity.federation.core.wstrust.auth.STSIssuingLoginModule"
flag="required">
+ <module-option
name="password-stacking">true</module-option>
+ <module-option
name="configFile">sts-config.properties</module-option>
+ <module-option
name="tokenType">http://docs.oasis-open.org/wss/oasis-wss-sa...
+ </login-module>
+
+ <login-module
code="org.picketlink.identity.federation.core.wstrust.auth.STSValidatingLoginModule"
flag="required">
+ <module-option
name="password-stacking">useFirstPass</module-option>
+ <module-option
name="configFile">sts-config.properties</module-option>
+ </login-module>
+
+ <login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
+ <module-option
name="password-stacking">useFirstPass</module-option>
+ <module-option
name="usersProperties">META-INF/ws-sample-users.properties</module-option>
+ <module-option
name="rolesProperties">META-INF/ws-sample-roles.properties</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+</deployment>
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/securitydomain/ws-sample-roles.properties
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/securitydomain/ws-sample-roles.properties
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/securitydomain/ws-sample-roles.properties 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,3 @@
+UserA=RegularUser,Administrator
+UserB=RegularUser
+UserC=Guest
\ No newline at end of file
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/securitydomain/ws-sample-users.properties
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/securitydomain/ws-sample-users.properties
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/securitydomain/ws-sample-users.properties 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,4 @@
+#JBoss=JBoss
+#UserA=PassA
+#UserB=PassB
+#UserC=PassC
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/SAMLEJB3IntegrationTest.java
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/SAMLEJB3IntegrationTest.java
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/SAMLEJB3IntegrationTest.java 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,134 @@
+package org.picketlink.qa.identity.federation.wstrust.lm;
+
+import java.security.Principal;
+import java.util.Hashtable;
+
+import javax.ejb.EJBAccessException;
+import javax.naming.Context;
+import javax.naming.InitialContext;
+import javax.rmi.PortableRemoteObject;
+
+import org.picketlink.identity.federation.api.wstrust.WSTrustClient;
+import org.picketlink.identity.federation.api.wstrust.WSTrustClient.SecurityInfo;
+import org.picketlink.identity.federation.core.wstrust.SamlCredential;
+import org.picketlink.identity.federation.core.wstrust.WSTrustException;
+import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
+import org.w3c.dom.Element;
+
+/**
+ * <p>
+ * This class tests the usage of SAML assertions to authenticate clients of EJB3
applications on JBoss. This is
+ * accomplished by having the client first obtain a SAML assertion from the PicketLink
STS service and then use
+ * the assertion as the credential when calling the protected EJB3.
+ * </p>
+ * <p>
+ * The protected EJB3 application used in this test has configured the {@code
SAML2STSLoginModule}. This login
+ * module sends the SAML assertion to the STS for validation in order to authenticate the
caller. A second login
+ * module, {@code UsersRolesLoginModule}, has been used to provide the client's
roles.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public class SAMLEJB3IntegrationTest
+{
+
+ private Hashtable<String, Object> env;
+
+ public static void main(String[] args) throws Exception
+ {
+ SAMLEJB3IntegrationTest test = new SAMLEJB3IntegrationTest();
+ test.testSAMLEJB3Integration("UserA", "PassA");
+ //test.testSAMLEJB3Integration("UserB", "PassB");
+ //test.testSAMLEJB3Integration("UserC", "PassC");
+ }
+
+ public SAMLEJB3IntegrationTest()
+ {
+ // initialize the JNDI env that will be used to lookup the test EJB.
+ this.env = new Hashtable<String, Object>();
+ this.env.put("java.naming.factory.initial",
"org.jboss.security.jndi.JndiLoginInitialContextFactory");
+ this.env.put("java.naming.factory.url.pkgs",
"org.jboss.naming:org.jnp.interfaces");
+ this.env.put("java.naming.provider.url", "localhost:1099");
+ }
+
+ public void testSAMLEJB3Integration(String username, String password) throws
Exception
+ {
+ /*
+ // create a WSTrustClient instance.
+ WSTrustClient client = new WSTrustClient("PicketLinkSTS",
"PicketLinkSTSPort",
+ "http://localhost:8080/picketlink-sts/PicketLinkSTS",
+ new SecurityInfo(username, password));
+
+ // issue a SAML assertion using the client API.
+ Element assertion = null;
+ try
+ {
+ System.out.println("\nInvoking token service to get SAML assertion for
" + username);
+ assertion = client.issueToken(SAMLUtil.SAML2_TOKEN_TYPE);
+ System.out.println("SAML assertion for " + username + "
successfully obtained!");
+ }
+ catch (WSTrustException wse)
+ {
+ System.out.println("Unable to issue assertion: " + wse.getMessage());
+ wse.printStackTrace();
+ System.exit(1);
+ }
+ */
+ // invoke the remote EJB using the assertion as the credential.
+ this.env.put(Context.SECURITY_PRINCIPAL, username);
+ //this.env.put("java.naming.security.credentials", new
SamlCredential(assertion));
+ this.env.put(Context.SECURITY_CREDENTIALS, password);
+
+ System.out.println("Invoking secure EJB3 session bean with " + username +
" SAML assertion");
+ Context context = new InitialContext(env);
+ Object object = context.lookup("EasySessionBean/remote");
+ EasySession session = (EasySession) PortableRemoteObject.narrow(object,
EasySession.class);
+
+ // invoke method that requires the Administrator role.
+ try
+ {
+ Principal principal = session.invokeAdministrativeMethod();
+ System.out.println("User " + principal.getName() + " successfully
called administrative method!");
+ }
+ catch (EJBAccessException eae)
+ {
+ System.out.println("User " + username + " is not authorized to
call administrative method!");
+ }
+
+ // invoke method that requires the RegularUser role.
+ try
+ {
+ Principal principal = session.invokeRegularMethod();
+ System.out.println("User " + principal.getName() + " successfully
called regular method!");
+ }
+ catch (EJBAccessException eae)
+ {
+ System.out.println("User " + username + " is not authorized to
call regular method!");
+ }
+
+ // invoke method that allows all roles.
+ try
+ {
+ Principal principal = session.invokeUnprotectedMethod();
+ System.out.println("User " + principal.getName() + " successfully
called unprotected method!");
+ }
+ catch (EJBAccessException eae)
+ {
+ // this should never happen as long as the user has successfully authenticated.
+ System.out.println("User " + username + " is not authorized to
call unprotected method!");
+ }
+
+ // invoke method that denies access to all roles.
+ try
+ {
+ Principal principal = session.invokeUnavailableMethod();
+ // this should never happen because the method should deny access to all roles.
+ System.out.println("User " + principal.getName() + " successfully
called unavailable method!");
+ }
+ catch (EJBAccessException eae)
+ {
+ System.out.println("User " + username + " is not authorized to
call unavailable method!");
+ }
+
+ }
+}
\ No newline at end of file
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/jboss-service.xml
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/jboss-service.xml
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/jboss-service.xml 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<server>
+
+ <mbean code="org.jboss.security.plugins.JaasSecurityDomain"
+ name="jboss.security:service=SecurityDomain">
+ <constructor>
+ <arg type="java.lang.String" value="ejb3-sampleapp"/>
+ </constructor>
+ <depends>jboss.security:service=JaasSecurityManager</depends>
+ </mbean>
+
+ <mbean code="org.jboss.security.auth.login.DynamicLoginConfig"
+ name="jboss:service=DynamicLoginConfig">
+ <attribute
name="AuthConfig">META-INF/login-config.xml</attribute>
+ <!-- The service which supports dynamic processing of login-config.xml
+ configurations.
+ -->
+ <depends optional-attribute-name="LoginConfigService">
+ jboss.security:service=XMLLoginConfig
+ </depends>
+ <!-- Optionally specify the security mgr service to use when
+ this service is stopped to flush the auth caches of the domains
+ registered by this service.
+ -->
+ <depends optional-attribute-name="SecurityManagerService">
+ jboss.security:service=JaasSecurityManager
+ </depends>
+ </mbean>
+</server>
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/login-config-backup.xml
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/login-config-backup.xml
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/login-config-backup.xml 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,30 @@
+<?xml version='1.0'?>
+<!DOCTYPE policy PUBLIC
+ "-//JBoss//DTD JBOSS Security Config 3.0//EN"
+ "http://www.jboss.org/j2ee/dtd/security_config.dtd">
+
+<policy>
+
+ <application-policy name="ejb3-sampleapp">
+ <authentication>
+
+ <login-module
code="org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSLoginModule"
flag="required">
+ <module-option
name="password-stacking">useFirstPass</module-option>
+ <module-option
name="configFile">sts-config.properties</module-option>
+ </login-module>
+
+ <login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
+ <module-option
name="password-stacking">useFirstPass</module-option>
+ <module-option
name="usersProperties">ejb3-sampleapp-users.properties</module-option>
+ <module-option
name="rolesProperties">ejb3-sampleapp-roles.properties</module-option>
+ </login-module>
+
+
+ </authentication>
+
+
+
+ </application-policy>
+
+</policy>
+
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/sar_creation.txt
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/sar_creation.txt
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/sar_creation.txt 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,7 @@
+ /* login-mogules.sar package */
+ //sar = ShrinkWrap.create(JavaArchive.class, SAR_FILE_NAME);
+
//sar.addManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/jboss-service.xml"));
+
//sar.addManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sampleapp-roles.properties"));
+
//sar.addManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sampleapp-roles.properties"));
+
//sar.addManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/login-config.xml"));
+
//sar.addManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/sts-config.properties"));
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/Alice.cer
===================================================================
(Binary files differ)
Property changes on:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/Alice.cer
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/Bob.cer
===================================================================
(Binary files differ)
Property changes on:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/Bob.cer
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/John.cer
===================================================================
(Binary files differ)
Property changes on:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/John.cer
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jboss-service.xml
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jboss-service.xml
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jboss-service.xml 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<server>
+ <!-- ==================================================================== -->
+ <!-- JassSecurityDomain required to use CertRolesLoginModule -->
+ <!-- ==================================================================== -->
+ <mbean code="org.jboss.security.plugins.JaasSecurityDomain"
+ name="jboss.security:service=SecurityDomain">
+ <constructor>
+ <arg type="java.lang.String" value="JBossWSCert"/>
+ </constructor>
+ <attribute
name="KeyStoreURL">resource:META-INF/keystore.jks</attribute>
+ <attribute name="KeyStorePass">password</attribute>
+ <depends>jboss.security:service=JaasSecurityManager</depends>
+ </mbean>
+ <!-- ==================================================================== -->
+ <!-- Dynamic login config to install the CertRolesLoginModule -->
+ <!-- ==================================================================== -->
+ <mbean code="org.jboss.security.auth.login.DynamicLoginConfig"
+ name="jboss:service=DynamicLoginConfig">
+ <attribute
name="AuthConfig">META-INF/login-config.xml</attribute>
+ <!-- The service which supports dynamic processing of login-config.xml
+ configurations.
+ -->
+ <depends optional-attribute-name="LoginConfigService">
+ jboss.security:service=XMLLoginConfig
+ </depends>
+ <!-- Optionally specify the security mgr service to use when
+ this service is stopped to flush the auth caches of the domains
+ registered by this service.
+ -->
+ <depends optional-attribute-name="SecurityManagerService">
+ jboss.security:service=JaasSecurityManager
+ </depends>
+ </mbean>
+</server>
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jboss-wsse-client.xml
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jboss-wsse-client.xml
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jboss-wsse-client.xml 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<jboss-ws-security
xmlns="http://www.jboss.com/ws-security/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+
xsi:schemaLocation="http://www.jboss.com/ws-security/config
http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
+ <config>
+ <sign type="x509v3" alias="1"
includeTimestamp="false"/>
+ <requires>
+ <signature/>
+ </requires>
+ </config>
+</jboss-ws-security>
\ No newline at end of file
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jboss-wsse-server.xml
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jboss-wsse-server.xml
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jboss-wsse-server.xml 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<jboss-ws-security
xmlns="http://www.jboss.com/ws-security/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+
xsi:schemaLocation="http://www.jboss.com/ws-security/config
http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
+ <key-store-file>META-INF/bob-sign.jks</key-store-file>
+ <key-store-password>password</key-store-password>
+ <key-store-type>jks</key-store-type>
+ <trust-store-file>META-INF/wsse10.truststore</trust-store-file>
+ <trust-store-password>password</trust-store-password>
+ <config>
+ <sign type="x509v3" alias="1"
includeTimestamp="false"/>
+ <requires>
+ <signature/>
+ </requires>
+ <authenticate>
+ <signatureCertAuth
certificatePrincipal="org.jboss.security.auth.certs.SubjectCNMapping"/>
+ </authenticate>
+ </config>
+</jboss-ws-security>
\ No newline at end of file
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jboss.xml
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jboss.xml
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jboss.xml 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<jboss>
+ <security-domain>java:/jaas/JBossWSCert</security-domain>
+</jboss>
\ No newline at end of file
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jbossws-roles.properties
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jbossws-roles.properties
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jbossws-roles.properties 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,3 @@
+# A sample roles.properties file for use with the CertRolesLoginModule
+alice=friend,girlfriend
+john=friend
\ No newline at end of file
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/keystore.jks
===================================================================
(Binary files differ)
Property changes on:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/keystore.jks
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/login-config.xml
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/login-config.xml
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/login-config.xml 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,20 @@
+<?xml version='1.0'?>
+<!DOCTYPE policy PUBLIC
+ "-//JBoss//DTD JBOSS Security Config 3.0//EN"
+ "http://www.jboss.org/j2ee/dtd/security_config.dtd">
+
+<policy>
+
+ <application-policy name="JBossWSCert">
+ <authentication>
+ <login-module
code="org.jboss.security.auth.spi.CertRolesLoginModule"
+ flag="required">
+ <module-option
name="rolesProperties">META-INF/jbossws-roles.properties</module-option>
+ <module-option
name="unauthenticatedIdentity">anonymous</module-option>
+ <module-option
name="securityDomain">java:/jaas/JBossWSCert</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+</policy>
+
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/alice-sign.jks
===================================================================
(Binary files differ)
Property changes on:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/alice-sign.jks
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/bob-sign.jks
===================================================================
(Binary files differ)
Property changes on:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/bob-sign.jks
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/john-sign.jks
===================================================================
(Binary files differ)
Property changes on:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/john-sign.jks
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/readme.txt
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/readme.txt
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/readme.txt 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,114 @@
+ -------------------------------------
+ Certificates & keystores
+ -------------------------------------
+
+
+ Alice - Client 1 John - Client 2 Bob - Server
+
+Signature
+-> Keystore alice-sign.jks john-sign.jks bob-sign.jks
+-> Truststore wsse10.truststore wsse10.truststore wsse10.truststore
+
+
+> keytool -printcert -file Alice.cer
+
+Proprietario: CN=Alice, OU=OASIS Interop Test Cert, O=OASIS
+Organismo di emissione: CN=OASIS Interop Test CA, O=OASIS
+Numero di serie: 33a6047fb155631fed6721178150a899
+Valido da Sat Mar 19 01:00:00 CET 2005 a Tue Mar 20 00:59:59 CET 2018
+Impronte digitali certificato:
+ MD5: 57:CE:81:F1:03:C4:2C:F7:5B:1A:DE:AC:43:64:0A:84
+ SHA1: 6E:0E:88:F3:6E:BB:87:44:D4:70:F6:2F:60:4D:03:EA:4E:BE:50:94
+
+
+--------------------------------------------------------------------------------------
+> keytool -printcert -file Bob.cer
+Proprietario: CN=Bob, OU=OASIS Interop Test Cert, O=OASIS
+Organismo di emissione: CN=OASIS Interop Test CA, O=OASIS
+Numero di serie: 6038eedbfeac9bbec89d87d3abae71f8
+Valido da Sat Mar 19 01:00:00 CET 2005 a Tue Mar 20 00:59:59 CET 2018
+Impronte digitali certificato:
+ MD5: 89:3E:86:D2:4F:9C:E7:39:B6:71:8A:EF:00:C5:89:DC
+ SHA1: 35:03:34:20:1B:EE:A6:50:2D:11:34:2F:93:EE:A0:9F:C0:B5:DF:01
+
+--------------------------------------------------------------------------------------
+> keytool -printcert -file John.cer
+Proprietario: CN=John, OU=Test, O=Test, L=Test, ST=Test, C=IT
+Organismo di emissione: CN=John, OU=Test, O=Test, L=Test, ST=Test, C=IT
+Numero di serie: 4832ac71
+Valido da Tue May 20 12:48:17 CEST 2008 a Fri May 18 12:48:17 CEST 2018
+Impronte digitali certificato:
+ MD5: C8:64:7A:4A:67:AC:73:A2:48:26:0A:B3:84:1D:0C:BB
+ SHA1: 0A:22:01:1C:11:E0:CC:33:D7:D1:97:D6:BF:0B:3B:77:A3:6C:93:70
+
+
+--------------------------------------------------------------------------------------
+keytool -list -keystore wsse10.truststore
+Immettere la password del keystore: password
+
+Tipo keystore: jks
+Provider keystore: SUN
+
+Il keystore contiene 3 entry
+
+alice, 9-mar-2006, trustedCertEntry,
+Impronta digitale certificato (MD5): 57:CE:81:F1:03:C4:2C:F7:5B:1A:DE:AC:43:64:0A:84
+bob, 9-mar-2006, trustedCertEntry,
+Impronta digitale certificato (MD5): 89:3E:86:D2:4F:9C:E7:39:B6:71:8A:EF:00:C5:89:DC
+john, 20-mag-2008, trustedCertEntry,
+Impronta digitale certificato (MD5): C8:64:7A:4A:67:AC:73:A2:48:26:0A:B3:84:1D:0C:BB
+
+
+--------------------------------------------------------------------------------------
+> keytool -list -keystore alice-sign.jks
+Immettere la password del keystore: password
+
+Tipo keystore: jks
+Provider keystore: SUN
+
+Il keystore contiene 2 entry
+
+1, 27-ott-2007, keyEntry,
+Impronta digitale certificato (MD5): 57:CE:81:F1:03:C4:2C:F7:5B:1A:DE:AC:43:64:0A:84
+
+
+--------------------------------------------------------------------------------------
+> keytool -list -keystore bob-sign.jks
+Immettere la password del keystore: password
+
+Tipo keystore: jks
+Provider keystore: SUN
+
+Il keystore contiene 3 entry
+
+1, 27-ott-2007, keyEntry,
+Impronta digitale certificato (MD5): 89:3E:86:D2:4F:9C:E7:39:B6:71:8A:EF:00:C5:89:DC
+
+
+--------------------------------------------------------------------------------------
+> keytool -list -keystore john-sign.jks
+Immettere la password del keystore: password
+
+Tipo keystore: jks
+Provider keystore: SUN
+
+Il keystore contiene 2 entry
+
+1, 20-mag-2008, keyEntry,
+Impronta digitale certificato (MD5): C8:64:7A:4A:67:AC:73:A2:48:26:0A:B3:84:1D:0C:BB
+
+
+--------------------------------------------------------------------------------------
+keytool -list -keystore keystore.jks
+Immettere la password del keystore: password
+
+Tipo keystore: jks
+Provider keystore: SUN
+
+Il keystore contiene 3 entry
+
+alice, 9-mar-2006, trustedCertEntry,
+Impronta digitale certificato (MD5): 57:CE:81:F1:03:C4:2C:F7:5B:1A:DE:AC:43:64:0A:84
+john, 20-mag-2008, trustedCertEntry,
+Impronta digitale certificato (MD5): C8:64:7A:4A:67:AC:73:A2:48:26:0A:B3:84:1D:0C:BB
+
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/wsse10.truststore
===================================================================
(Binary files differ)
Property changes on:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/wsse10.truststore
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/classes/picketlink-sts.xml
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/classes/picketlink-sts.xml
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/classes/picketlink-sts.xml 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,21 @@
+<PicketLinkSTS xmlns="urn:picketlink:identity-federation:config:1.0"
+ STSName="PicketLinkSTS" TokenTimeout="7200"
EncryptToken="false">
+ <KeyProvider
ClassName="org.picketlink.identity.federation.core.impl.KeyStoreKeyManager">
+ <Auth Key="KeyStoreURL" Value="${keyStoreURL}"/>
+ <Auth Key="KeyStorePass" Value="${keyStorePass}"/>
+ <Auth Key="SigningKeyAlias" Value="${signingKeyAlias}"/>
+ <Auth Key="SigningKeyPass" Value="${signingKeyPass}"/>
+ ${additionalMaskingProps}
+ <ValidatingAlias
Key="http://services.testcorp.org/provider1"
Value="service1"/>
+ </KeyProvider>
+ <TokenProviders>
+ <TokenProvider
ProviderClass="org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider"
+
TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profi...
+ TokenElement="Assertion"
+ TokenElementNS="urn:oasis:names:tc:SAML:2.0:assertion"/>
+ </TokenProviders>
+ <ServiceProviders>
+ <ServiceProvider
Endpoint="http://services.testcorp.org/provider1"
TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profi...
+ TruststoreAlias="service1"/>
+ </ServiceProviders>
+</PicketLinkSTS>
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/classes/sts-roles.properties
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/classes/sts-roles.properties
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/classes/sts-roles.properties 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,4 @@
+JBoss=STSClient
+UserA=STSClient
+UserB=STSClient
+UserC=STSClient
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/classes/sts-users.properties
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/classes/sts-users.properties
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/classes/sts-users.properties 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,4 @@
+JBoss=JBoss
+UserA=PassA
+UserB=PassB
+UserC=PassC
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/classes/sts_keystore.jks
===================================================================
(Binary files differ)
Property changes on:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/classes/sts_keystore.jks
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/jboss-web.xml
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/jboss-web.xml
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/jboss-web.xml 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<jboss-web>
+ <security-domain>java:/jaas/sts-domain</security-domain>
+ <context-root>picketlink-sts</context-root>
+</jboss-web>
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/jboss-wsse-server.xml
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/jboss-wsse-server.xml
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/jboss-wsse-server.xml 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<jboss-ws-security
xmlns="http://www.jboss.com/ws-security/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+
xsi:schemaLocation="http://www.jboss.com/ws-security/config
http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
+ <config>
+ <requires/>
+ </config>
+</jboss-ws-security>
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/sts-jboss-beans.xml
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/sts-jboss-beans.xml
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/sts-jboss-beans.xml 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<deployment xmlns="urn:jboss:bean-deployer:2.0">
+
+ <!-- ejb3 test application-policy definition -->
+ <application-policy xmlns="urn:jboss:security-beans:1.0"
name="sts-domain">
+ <authentication>
+ <login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
+ <module-option
name="usersProperties">sts-users.properties</module-option>
+ <module-option
name="rolesProperties">sts-roles.properties</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+</deployment>
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/web.xml
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/web.xml
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/web.xml 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,37 @@
+<?xml version="1.0"?>
+<!DOCTYPE web-app PUBLIC
+ "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
+ "http://java.sun.com/dtd/web-app_2_3.dtd">
+
+<web-app>
+ <servlet>
+ <servlet-name>PicketLinkSTS</servlet-name>
+
<servlet-class>org.picketlink.identity.federation.core.wstrust.PicketLinkSTS</servlet-class>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>PicketLinkSTS</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>TokenService</web-resource-name>
+ <url-pattern>/*</url-pattern>
+ <http-method>GET</http-method>
+ <http-method>POST</http-method>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>STSClient</role-name>
+ </auth-constraint>
+ </security-constraint>
+
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>PicketLinkSTSRealm</realm-name>
+ </login-config>
+
+ <security-role>
+ <role-name>STSClient</role-name>
+ </security-role>
+
+</web-app>
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/wsdl/PicketLinkSTS.wsdl
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/wsdl/PicketLinkSTS.wsdl
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/wsdl/PicketLinkSTS.wsdl 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,49 @@
+<?xml version="1.0"?>
+<wsdl:definitions name="PicketLinkSTS"
targetNamespace="urn:picketlink:identity-federation:sts"
+ xmlns:tns="urn:picketlink:identity-federation:sts"
+
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
+
xmlns:wsap10="http://www.w3.org/2006/05/addressing/wsdl"
+
xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/">
+ <wsdl:types>
+ <xs:schema targetNamespace="urn:picketlink:identity-federation:sts"
+ xmlns:tns="urn:picketlink:identity-federation:sts"
+
xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ version="1.0">
+ <xs:complexType name="MessageBody">
+ <xs:sequence>
+ <xs:any minOccurs="0" maxOccurs="unbounded"
namespace="##any"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:schema>
+ </wsdl:types>
+ <wsdl:message name="RequestSecurityToken">
+ <wsdl:part name="rstMessage" element="tns:MessageBody"/>
+ </wsdl:message>
+ <wsdl:message name="RequestSecurityTokenResponse">
+ <wsdl:part name="rstrMessage" element="tns:MessageBody"/>
+ </wsdl:message>
+ <wsdl:portType name="SecureTokenService">
+ <wsdl:operation name="IssueToken">
+ <wsdl:input
wsap10:Action="http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue...
message="tns:RequestSecurityToken"/>
+ <wsdl:output
wsap10:Action="http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issu...
message="tns:RequestSecurityTokenResponse"/>
+ </wsdl:operation>
+ </wsdl:portType>
+ <wsdl:binding name="STSBinding"
type="tns:SecureTokenService">
+ <soap12:binding
transport="http://schemas.xmlsoap.org/soap/http"/>
+ <wsdl:operation name="IssueToken">
+ <soap12:operation
soapAction="http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue"
style="document"/>
+ <wsdl:input>
+ <soap12:body use="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap12:body use="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
+ <wsdl:service name="PicketLinkSTS">
+ <wsdl:port name="PicketLinkSTSPort"
binding="tns:STSBinding">
+ <soap12:address location="http://localhost:8080/picketlink-sts"/>
+ </wsdl:port>
+ </wsdl:service>
+</wsdl:definitions>
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/ejb3-sampleapp-jboss-beans.xml
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/ejb3-sampleapp-jboss-beans.xml
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/ejb3-sampleapp-jboss-beans.xml 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<deployment xmlns="urn:jboss:bean-deployer:2.0">
+
+ <!-- ejb3 test application-policy definition -->
+ <application-policy xmlns="urn:jboss:security-beans:1.0"
name="ejb3-sampleapp">
+ <authentication>
+
+ <login-module
code="org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSLoginModule"
flag="required">
+ <module-option
name="password-stacking">useFirstPass</module-option>
+ <module-option
name="configFile">sts-config.properties</module-option>
+ </login-module>
+
+ <login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
+ <module-option
name="password-stacking">useFirstPass</module-option>
+ <module-option
name="usersProperties">META-INF/ejb3-sampleapp-users.properties</module-option>
+ <module-option
name="rolesProperties">META-INF/ejb3-sampleapp-roles.properties</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+</deployment>
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/ejb3-sampleapp-roles.properties
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/ejb3-sampleapp-roles.properties
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/ejb3-sampleapp-roles.properties 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,3 @@
+UserA=RegularUser,Administrator
+UserB=RegularUser
+UserC=Guest
\ No newline at end of file
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/ejb3-sampleapp-users.properties
===================================================================
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/ejb3-sts-issuing-lm-jboss-beans.xml
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/ejb3-sts-issuing-lm-jboss-beans.xml
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/ejb3-sts-issuing-lm-jboss-beans.xml 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<deployment xmlns="urn:jboss:bean-deployer:2.0">
+
+ <!-- ejb3 test application-policy definition -->
+ <application-policy xmlns="urn:jboss:security-beans:1.0"
name="ejb3-sampleapp">
+ <authentication>
+
+ <login-module
code="org.picketlink.identity.federation.core.wstrust.auth.STSIssuingLoginModule"
flag="required">
+ <module-option
name="password-stacking">true</module-option>
+ <module-option
name="configFile">sts-config.properties</module-option>
+ <!-- module-option
name="endpointURI">http://security_saml/goodbyeworld</module-option
-->
+ <module-option
name="tokenType">http://docs.oasis-open.org/wss/oasis-wss-sa...
+ </login-module>
+
+ <login-module
code="org.picketlink.identity.federation.core.wstrust.auth.STSValidatingLoginModule"
flag="required">
+ <module-option
name="configFile">sts-config.properties</module-option>
+ <module-option
name="password-stacking">useFirstPass</module-option>
+ </login-module>
+
+ <login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
+ <module-option
name="password-stacking">useFirstPass</module-option>
+ <module-option
name="usersProperties">META-INF/ejb3-sampleapp-users.properties</module-option>
+ <module-option
name="rolesProperties">META-INF/ejb3-sampleapp-roles.properties</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+</deployment>
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/indirect-level2-jboss-beans.xml
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/indirect-level2-jboss-beans.xml
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/indirect-level2-jboss-beans.xml 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<deployment xmlns="urn:jboss:bean-deployer:2.0">
+
+ <!-- ejb3 test application-policy definition -->
+ <application-policy xmlns="urn:jboss:security-beans:1.0"
name="indirect-level2">
+ <authentication>
+
+ <login-module
code="org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSLoginModule"
flag="required">
+ <module-option
name="password-stacking">useFirstPass</module-option>
+ <module-option
name="configFile">sts-config.properties</module-option>
+ </login-module>
+
+ <login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
+ <module-option
name="password-stacking">useFirstPass</module-option>
+ <module-option
name="usersProperties">META-INF/ejb3-sampleapp-users.properties</module-option>
+ <module-option
name="rolesProperties">META-INF/ejb3-sampleapp-roles.properties</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+</deployment>
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/indirect-sts-issuing-lm-jboss-beans.xml
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/indirect-sts-issuing-lm-jboss-beans.xml
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/indirect-sts-issuing-lm-jboss-beans.xml 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<deployment xmlns="urn:jboss:bean-deployer:2.0">
+
+ <!-- ejb3 test application-policy definition -->
+ <application-policy xmlns="urn:jboss:security-beans:1.0"
name="indirect-sampleapp">
+ <authentication>
+
+ <login-module
code="org.picketlink.identity.federation.core.wstrust.auth.STSIssuingLoginModule"
flag="required">
+ <module-option
name="password-stacking">true</module-option>
+ <module-option
name="configFile">sts-config.properties</module-option>
+ <!-- module-option
name="endpointURI">http://security_saml/goodbyeworld</module-option
-->
+ <module-option
name="tokenType">http://docs.oasis-open.org/wss/oasis-wss-sa...
+ </login-module>
+
+ <login-module
code="org.picketlink.identity.federation.core.wstrust.auth.STSValidatingLoginModule"
flag="required">
+ <module-option
name="configFile">sts-config.properties</module-option>
+ <module-option
name="password-stacking">useFirstPass</module-option>
+ </login-module>
+
+ <login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
+ <module-option
name="password-stacking">useFirstPass</module-option>
+ <module-option
name="usersProperties">META-INF/ejb3-sampleapp-users.properties</module-option>
+ <module-option
name="rolesProperties">META-INF/ejb3-sampleapp-roles.properties</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+</deployment>
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/jboss-level2.xml
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/jboss-level2.xml
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/jboss-level2.xml 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,7 @@
+<?xml version="1.0"?>
+<!DOCTYPE jboss PUBLIC
+ "-//JBoss//DTD JBOSS 5.0//EN"
+ "http://www.jboss.org/j2ee/dtd/jboss_5_0.dtd">
+<jboss>
+ <security-domain>indirect-level2</security-domain>
+</jboss>
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/jboss.xml
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/jboss.xml
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/jboss.xml 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,7 @@
+<?xml version="1.0"?>
+<!DOCTYPE jboss PUBLIC
+ "-//JBoss//DTD JBOSS 5.0//EN"
+ "http://www.jboss.org/j2ee/dtd/jboss_5_0.dtd">
+<jboss>
+ <security-domain>indirect-sampleapp</security-domain>
+</jboss>
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/jboss.xml
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/jboss.xml
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/jboss.xml 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,7 @@
+<?xml version="1.0"?>
+<!DOCTYPE jboss PUBLIC
+ "-//JBoss//DTD JBOSS 5.0//EN"
+ "http://www.jboss.org/j2ee/dtd/jboss_5_0.dtd">
+<jboss>
+ <security-domain>java:/jaas/ejb3-sampleapp</security-domain>
+</jboss>
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/sts-config.properties
===================================================================
---
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/sts-config.properties
(rev 0)
+++
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/sts-config.properties 2011-10-06
13:18:24 UTC (rev 1293)
@@ -0,0 +1,14 @@
+serviceName=PicketLinkSTS
+portName=PicketLinkSTSPort
+endpointAddress=http://localhost:8080/picketlink-sts/PicketLinkSTS
+#username=JBoss
+#password=JBoss
+username=admin
+#password=admin
+password=MASK-0BbleBL2LZk=
+salt=18273645
+iterationCount=56
+
+#java -cp picketlink-fed-core.jar org.picketlink.identity.federation.core.util.PBEUtils
18273645 56 admin
+#Encoded password: MASK-0BbleBL2LZk=
+
Added:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/keystore/sts_keystore.jks
===================================================================
(Binary files differ)
Property changes on:
integration-tests/branches/product/picketlink-trust-tests/src/test/resources/keystore/sts_keystore.jks
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream