Author: pskopek(a)redhat.com Date: 2011-10-06 09:18:24 -0400 (Thu, 06 Oct 2011) New Revision: 1293 Added: integration-tests/branches/product/common-dist/files/eap/5.1.1/jboss-log4j.xml integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/ integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/CommonTestHelper.java integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/JBossPLTestHelper.java integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/TestDeployerShrinkWrapJBoss.java integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/ integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/ integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/ integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/BasicSTSTestCase.java integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/Hello.java integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/HelloJavaBean.java integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/STSLoginModulesTestCase.java integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/ integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/EasySession.java integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/EasySessionBean.java integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectEJB3InvokeTestCase.java integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectLevel2Session.java integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectLevel2SessionBean.java integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectSession.java integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectSessionBean.java integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/MaskedPassSAML2STSLoginModuleTestCase.java integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/MaskedPassSTSIssuingLMEJB3IntegrationTestCase.java integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/MaskedPassSTSIssuingLMWSTestCase.java integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SAML2STSLoginModuleTestCase.java integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/STSIssuingLMEJB3IntegrationTestCase.java integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/STSIssuingLMWSTestCase.java integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SamlSession.java integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SamlSessionBean.java integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SecureEndpoint.java integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SecureEndpointImpl.java integration-tests/branches/product/picketlink-trust-tests/src/test/resources/MANIFEST.MF integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/securitydomain/ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/securitydomain/ws-sample-jboss-beans.xml integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/securitydomain/ws-sample-roles.properties integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/securitydomain/ws-sample-users.properties integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/SAMLEJB3IntegrationTest.java integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/jboss-service.xml integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/login-config-backup.xml integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/sar_creation.txt integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/classes/ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/classes/picketlink-sts.xml integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/classes/sts-roles.properties integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/classes/sts-users.properties integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/classes/sts_keystore.jks integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/jboss-web.xml integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/jboss-wsse-server.xml integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/sts-jboss-beans.xml integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/web.xml integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/wsdl/ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/wsdl/PicketLinkSTS.wsdl integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/ejb3-sampleapp-jboss-beans.xml integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/ejb3-sampleapp-roles.properties integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/ejb3-sampleapp-users.properties integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/ejb3-sts-issuing-lm-jboss-beans.xml integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/indirect-level2-jboss-beans.xml integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/indirect-sts-issuing-lm-jboss-beans.xml integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/jboss-level2.xml integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/jboss.xml integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/jboss.xml integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/sts-config.properties integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/Alice.cer integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/Bob.cer integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/John.cer integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jboss-service.xml integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jboss-wsse-client.xml integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jboss-wsse-server.xml integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jboss.xml integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jbossws-roles.properties integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/keystore.jks integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/login-config.xml integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/alice-sign.jks integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/bob-sign.jks integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/john-sign.jks integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/readme.txt integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/wsse10.truststore integration-tests/branches/product/picketlink-trust-tests/src/test/resources/keystore/ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/keystore/sts_keystore.jks Modified: integration-tests/branches/product/ant-scripts/ant-build.xml integration-tests/branches/product/parent/pom.xml integration-tests/branches/product/picketlink-trust-eap5-cxf/pom.xml integration-tests/branches/product/picketlink-trust-eap5-native/pom.xml integration-tests/branches/product/picketlink-trust-tests/pom.xml Log: Tests from QA repository merged. Modified: integration-tests/branches/product/ant-scripts/ant-build.xml =================================================================== --- integration-tests/branches/product/ant-scripts/ant-build.xml 2011-10-06 13:16:45 UTC (rev 1292) +++ integration-tests/branches/product/ant-scripts/ant-build.xml 2011-10-06 13:18:24 UTC (rev 1293) @@ -141,9 +141,16 @@ <!-- copy file="${localRepository}/org/picketlink/picketlink-trust-jbossws/${pl-trust-version}/picketlink-trust-jbossws-${pl-trust-version}.jar" todir="${basedir}/target/${EAP_DIR}/jboss-as/server/${jboss.profile}/deploy/picketlink"/ --> - + + <!-- TODO: once JBPAPP-7325 is resolved this can be deleted --> <copy file="${basedir}/../common-dist/files/eap/5.1.1/war-deployers-jboss-beans.xml" - todir="${basedir}/target/${EAP_DIR}/jboss-as/server/${jboss.profile}/deployers/jbossweb.deployer/META-INF" /> + todir="${basedir}/target/${EAP_DIR}/jboss-as/server/${jboss.profile}/deployers/jbossweb.deployer/META-INF" + overwrite="true"/> + + <copy file="${basedir}/../common-dist/files/eap/5.1.1/jboss-log4j.xml" + todir="${basedir}/target/${EAP_DIR}/jboss-as/server/${jboss.profile}/conf" + overwrite="true"/> + </target> <target name="start-jboss" depends="stop-jboss"> Added: integration-tests/branches/product/common-dist/files/eap/5.1.1/jboss-log4j.xml =================================================================== --- integration-tests/branches/product/common-dist/files/eap/5.1.1/jboss-log4j.xml (rev 0) +++ integration-tests/branches/product/common-dist/files/eap/5.1.1/jboss-log4j.xml 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,403 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd"> + +<!-- ===================================================================== --> +<!-- --> +<!-- Log4j Configuration --> +<!-- --> +<!-- ===================================================================== --> + +<!-- $Id: jboss-log4j.xml 112224 2011-09-12 14:13:30Z mbenitez $ --> + +<!-- + | For more configuration information and examples see the Jakarta Log4j + | owebsite: http://jakarta.apache.org/log4j + --> + +<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="false"> + + <!-- ================================= --> + <!-- Preserve messages in a local file --> + <!-- ================================= --> + + <!-- A time/date based rolling appender --> + <appender name="FILE" class="org.jboss.logging.appender.DailyRollingFileAppender"> + <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/> + <param name="File" value="${jboss.server.log.dir}/server.log"/> + <param name="Append" value="true"/> + <!-- In AS 5.0.x the server log threshold was set by a system + property. In 5.1 and later we are instead using the system + property to set the priority on the root logger (see <root/> below) + <param name="Threshold" value="${jboss.server.log.threshold}"/> + --> + + <!-- Rollover at midnight each day --> + <param name="DatePattern" value="'.'yyyy-MM-dd"/> + + <!-- Rollover at the top of each hour + <param name="DatePattern" value="'.'yyyy-MM-dd-HH"/> + --> + + <layout class="org.apache.log4j.PatternLayout"> + <!-- The default pattern: Date Priority [Category] (Thread) Message\n --> + <param name="ConversionPattern" value="%d %-5p [%c] (%t) %m%n"/> + + <!-- The full pattern: Date MS Priority [Category] (Thread:NDC) Message\n + <param name="ConversionPattern" value="%d %-5r %-5p [%c] (%t:%x) %m%n"/> + --> + </layout> + </appender> + + <!-- A size based file rolling appender + <appender name="FILE" class="org.jboss.logging.appender.RollingFileAppender"> + <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/> + <param name="File" value="${jboss.server.log.dir}/server.log"/> + <param name="Append" value="false"/> + <param name="MaxFileSize" value="500KB"/> + <param name="MaxBackupIndex" value="1"/> + + <layout class="org.apache.log4j.PatternLayout"> + <param name="ConversionPattern" value="%d %-5p [%c] %m%n"/> + </layout> + </appender> + --> + + <!-- ============================== --> + <!-- Append messages to the console --> + <!-- ============================== --> + + <appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender"> + <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/> + <param name="Target" value="System.out"/> + <param name="Threshold" value="INFO"/> + + <layout class="org.apache.log4j.PatternLayout"> + <!-- The default pattern: Date Priority [Category] Message\n --> + <param name="ConversionPattern" value="%d{ABSOLUTE} %-5p [%c{1}] %m%n"/> + </layout> + </appender> + + <!-- ====================== --> + <!-- More Appender examples --> + <!-- ====================== --> + + <!-- Buffer events and log them asynchronously + <appender name="ASYNC" class="org.apache.log4j.AsyncAppender"> + <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/> + <appender-ref ref="FILE"/> + <appender-ref ref="CONSOLE"/> + <appender-ref ref="SMTP"/> + </appender> + --> + + <!-- EMail events to an administrator + <appender name="SMTP" class="org.apache.log4j.net.SMTPAppender"> + <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/> + <param name="Threshold" value="ERROR"/> + <param name="To" value=&quot;admin(a)myhost.domain.com&quot;/&gt; + <param name="From" value=&quot;nobody(a)myhost.domain.com&quot;/&gt; + <param name="Subject" value="JBoss Sever Errors"/> + <param name="SMTPHost" value="localhost"/> + <param name="BufferSize" value="10"/> + <layout class="org.apache.log4j.PatternLayout"> + <param name="ConversionPattern" value="[%d{ABSOLUTE},%c{1}] %m%n"/> + </layout> + </appender> + --> + + <!-- Syslog events + <appender name="SYSLOG" class="org.apache.log4j.net.SyslogAppender"> + <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/> + <param name="Facility" value="LOCAL7"/> + <param name="FacilityPrinting" value="true"/> + <param name="SyslogHost" value="localhost"/> + <layout class="org.apache.log4j.PatternLayout"> + <param name="ConversionPattern" value="[%d{ABSOLUTE},%c{1}] %m%n"/> + </layout> + </appender> + --> + + <!-- Log events to JMS (requires a topic to be created) + <appender name="JMS" class="org.apache.log4j.net.JMSAppender"> + <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/> + <param name="Threshold" value="ERROR"/> + <param name="TopicConnectionFactoryBindingName" value="java:/ConnectionFactory"/> + <param name="TopicBindingName" value="topic/MyErrorsTopic"/> + </appender> + --> + + <!-- Log events through SNMP + <appender name="TRAP_LOG" class="org.apache.log4j.ext.SNMPTrapAppender"> + <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/> + <param name="ImplementationClassName" value="org.apache.log4j.ext.JoeSNMPTrapSender"/> + <param name="ManagementHost" value="127.0.0.1"/> + <param name="ManagementHostTrapListenPort" value="162"/> + <param name="EnterpriseOID" value="1.3.6.1.4.1.24.0"/> + <param name="LocalIPAddress" value="127.0.0.1"/> + <param name="LocalTrapSendPort" value="161"/> + <param name="GenericTrapType" value="6"/> + <param name="SpecificTrapType" value="12345678"/> + <param name="CommunityString" value="public"/> + <param name="ForwardStackTraceWithTrap" value="true"/> + <param name="Threshold" value="DEBUG"/> + <param name="ApplicationTrapOID" value="1.3.6.1.4.1.24.12.10.22.64"/> + <layout class="org.apache.log4j.PatternLayout"> + <param name="ConversionPattern" value="%d,%p,[%t],[%c],%m%n"/> + </layout> + </appender> + --> + + <!-- Emit events as JMX notifications + <appender name="JMX" class="org.jboss.monitor.services.JMXNotificationAppender"> + <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/> + + <param name="Threshold" value="WARN"/> + <param name="ObjectName" value="jboss.system:service=Logging,type=JMXNotificationAppender"/> + + <layout class="org.apache.log4j.PatternLayout"> + <param name="ConversionPattern" value="%d %-5p [%c] %m"/> + </layout> + </appender> + --> + + <!-- Security AUDIT Appender + <appender name="AUDIT" class="org.jboss.logging.appender.DailyRollingFileAppender"> + <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/> + <param name="File" value="${jboss.server.log.dir}/audit.log"/> + <param name="Append" value="true"/> + <param name="DatePattern" value="'.'yyyy-MM-dd"/> + <layout class="org.apache.log4j.PatternLayout"> + <param name="ConversionPattern" value="%d %-5p [%c] (%t:%x) %m%n"/> + </layout> + </appender> + --> + + <!-- ================ --> + <!-- Limit categories --> + <!-- ================ --> + + <!-- Limit the org.apache category to INFO as its DEBUG is verbose --> + <category name="org.apache"> + <priority value="INFO"/> + </category> + + <!-- Limit the jacorb category to WARN as its INFO is verbose --> + <category name="jacorb"> + <priority value="WARN"/> + </category> + + <!-- Limit the jacorb.config category to ERROR --> + <category name="jacorb.config"> + <priority value="ERROR"/> + </category> + + <!-- Set the logging level of the JSF implementation that uses + | java.util.logging. The jdk logging levels can be controlled + | through the org.jboss.logging.log4j.JDKLevel class that + | in addition to the standard log4j levels it adds support for + | SEVERE, WARNING, CONFIG, FINE, FINER, FINEST + --> + <category name="javax.enterprise.resource.webcontainer.jsf"> + <priority value="INFO" class="org.jboss.logging.log4j.JDKLevel"/> + </category> + + <!-- Limit the org.jgroups category to WARN as its INFO is verbose --> + <category name="org.jgroups"> + <priority value="WARN"/> + </category> + + <!-- Limit the org.quartz category to INFO as its DEBUG is verbose --> + <category name="org.quartz"> + <priority value="INFO"/> + </category> + + <!-- Limit the com.sun category to INFO as its FINE is verbose --> + <category name="com.sun"> + <priority value="INFO"/> + </category> + + <!-- Limit the sun category to INFO as its FINE is verbose --> + <category name="sun"> + <priority value="INFO"/> + </category> + + <!-- Limit the javax.xml.bind category to INFO as its FINE is verbose --> + <category name="javax.xml.bind"> + <priority value="INFO"/> + </category> + + <!-- Limit the springframework category to WARN--> + <category name="org.springframework"> + <priority value="WARN"/> + </category> + + <!-- Limit JBoss categories + <category name="org.jboss"> + <priority value="INFO"/> + </category> + --> + + <!-- Limit the JSR77 categories --> + <category name="org.jboss.management"> + <priority value="INFO"/> + </category> + + <!-- Limit the verbose facelets compiler --> + <category name="facelets.compiler"> + <priority value="WARN"/> + </category> + + <!-- Limit the verbose ajax4jsf cache initialization --> + <category name="org.ajax4jsf.cache"> + <priority value="WARN"/> + </category> + + <!-- Limit the verbose embedded jopr categories --> + <category name="org.rhq"> + <priority value="WARN"/> + </category> + + <!-- Limit the verbose seam categories --> + <category name="org.jboss.seam"> + <priority value="WARN"/> + </category> + + <!-- Limit the verbose MC4J EMS (lib used by admin-console) categories --> + <category name="org.mc4j.ems"> + <priority value="WARN"/> + </category> + + <category name="org.picketlink"> + <priority value="TRACE"/> + </category> + + <category name="org.jboss.web.tomcat"> + <priority value="TRACE"/> + </category> + + <category name="org.jboss.security"> + <priority value="TRACE"/> + </category> + + <!-- Show the evolution of the DataSource pool in the logs [inUse/Available/Max] + <category name="org.jboss.resource.connectionmanager.JBossManagedConnectionPool"> + <priority value="TRACE"/> + </category> + --> + + <!-- Category specifically for Security Audit Provider + <category name="org.jboss.security.audit.providers.LogAuditProvider" additivity="false"> + <priority value="TRACE"/> + <appender-ref ref="AUDIT"/> + </category> + --> + + <!-- Limit the org.jboss.serial (jboss-serialization) to INFO as its DEBUG is verbose --> + <category name="org.jboss.serial"> + <priority value="INFO"/> + </category> + + <!-- Decrease the priority threshold for the org.jboss.varia category + <category name="org.jboss.varia"> + <priority value="DEBUG"/> + </category> + --> + + <!-- Enable JBossWS message tracing + <category name="org.jboss.ws.core.MessageTrace"> + <priority value="TRACE"/> + </category> + --> + + <!-- + | An example of enabling the custom TRACE level priority that is used + | by the JBoss internals to diagnose low level details. This example + | turns on TRACE level msgs for the org.jboss.ejb.plugins package and its + | subpackages. This will produce A LOT of logging output. + | + | Note: since jboss AS 4.2.x, the trace level is supported natively by + | log4j, so although the custom org.jboss.logging.XLevel priority will + | still work, there is no need to use it. The two examples that follow + | will both enable trace logging. + <category name="org.jboss.system"> + <priority value="TRACE" class="org.jboss.logging.XLevel"/> + </category> + <category name="org.jboss.ejb.plugins"> + <priority value="TRACE"/> + </category> + --> + + <!-- + | Logs these events to SNMP: + - server starts/stops + - cluster evolution (node death/startup) + - When an EJB archive is deployed (and associated verified messages) + - When an EAR archive is deployed + + <category name="org.jboss.system.server.Server"> + <priority value="INFO" /> + <appender-ref ref="TRAP_LOG"/> + </category> + + <category name="org.jboss.ha.framework.interfaces.HAPartition.lifecycle"> + <priority value="INFO" /> + <appender-ref ref="TRAP_LOG"/> + </category> + + <category name="org.jboss.deployment.MainDeployer"> + <priority value="ERROR" /> + <appender-ref ref="TRAP_LOG"/> + </category> + + <category name="org.jboss.ejb.EJBDeployer"> + <priority value="INFO" /> + <appender-ref ref="TRAP_LOG"/> + </category> + + <category name="org.jboss.deployment.EARDeployer"> + <priority value="INFO" /> + <appender-ref ref="TRAP_LOG"/> + </category> + --> + + <!-- Clustering logging --> + <!-- Uncomment the following to redirect the org.jgroups and + org.jboss.ha categories to a cluster.log file. + + <appender name="CLUSTER" class="org.jboss.logging.appender.RollingFileAppender"> + <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/> + <param name="File" value="${jboss.server.log.dir}/cluster.log"/> + <param name="Append" value="false"/> + <param name="MaxFileSize" value="500KB"/> + <param name="MaxBackupIndex" value="1"/> + + <layout class="org.apache.log4j.PatternLayout"> + <param name="ConversionPattern" value="%d %-5p [%c] %m%n"/> + </layout> + </appender> + <category name="org.jgroups"> + <priority value="DEBUG" /> + <appender-ref ref="CLUSTER"/> + </category> + <category name="org.jboss.ha"> + <priority value="DEBUG" /> + <appender-ref ref="CLUSTER"/> + </category> + --> + + <!-- ======================= --> + <!-- Setup the Root category --> + <!-- ======================= --> + + <root> + <!-- + Set the root logger priority via a system property. Note this is parsed by log4j, + so the full JBoss system property format is not supported; e.g. + setting a default via ${jboss.server.log.threshold:WARN} will not work. + --> + <priority value="${jboss.server.log.threshold}"/> + <appender-ref ref="CONSOLE"/> + <appender-ref ref="FILE"/> + </root> + +</log4j:configuration> Modified: integration-tests/branches/product/parent/pom.xml =================================================================== --- integration-tests/branches/product/parent/pom.xml 2011-10-06 13:16:45 UTC (rev 1292) +++ integration-tests/branches/product/parent/pom.xml 2011-10-06 13:18:24 UTC (rev 1293) @@ -33,8 +33,9 @@ <pl-fed-webapps-assembly-version>2.0.1.1.final</pl-fed-webapps-assembly-version> <maven.compiler.target>1.6</maven.compiler.target> <eap-home>${basedir}/target/jboss-eap-5.1/jboss-as</eap-home> + <!-- EAP_ZIP>jboss-eap-noauth-5.1.1.zip</EAP_ZIP --> <EAP_ZIP>jboss-eap-noauth-5.1.2-ER1.zip</EAP_ZIP> - <CXF_INSTALLER_ZIP>jboss-ep-ws-cxf-5.1.2-ER1-installer.zip</CXF_INSTALLER_ZIP> + <CXF_INSTALLER_ZIP>jboss-ep-ws-cxf-5.1.2-ER1-installer.zip</CXF_INSTALLER_ZIP> <downloadURL.prefix>file:///mnt/jqa/eap/5.1.2.ER1</downloadURL.prefix> <EAP_URL>${downloadURL.prefix}/${EAP_ZIP}</EAP_URL> <CXF_INSTALLER_URL>${downloadURL.prefix}/${CXF_INSTALLER_ZIP}</CXF_INSTALLER_URL> @@ -155,21 +156,6 @@ </releases> </repository> </repositories> - <pluginRepositories> - <pluginRepository> - <id>maven-107</id> - <name>Maven Surefire Staging Repository</name> - <layout>default</layout> - <url>https://repository.apache.org/content/repositories/maven-107/</... - <snapshots> - <enabled>true</enabled> - </snapshots> - <releases> - <enabled>true</enabled> - <updatePolicy>never</updatePolicy> - </releases> - </pluginRepository> - </pluginRepositories> <dependencyManagement> <dependencies> <dependency> Modified: integration-tests/branches/product/picketlink-trust-eap5-cxf/pom.xml =================================================================== --- integration-tests/branches/product/picketlink-trust-eap5-cxf/pom.xml 2011-10-06 13:16:45 UTC (rev 1292) +++ integration-tests/branches/product/picketlink-trust-eap5-cxf/pom.xml 2011-10-06 13:18:24 UTC (rev 1293) @@ -11,6 +11,29 @@ <name>PicketLink Integration Tests for WS-Trust (STS) - Trust - EAP5 - WS CXF Stack</name> <url>http://labs.jboss.org/portal/picketlink/</url> <description>PicketLink Federation Tests to be run in a continuous integration environment such as Hudson</description> + + <properties> + <jboss.bind.address>localhost</jboss.bind.address> + <jboss.home>${eap-home}</jboss.home> + <jboss.server.instance>${jboss.profile}</jboss.server.instance> + <jbossws.integration.target>jboss510</jbossws.integration.target> + + + <surefire.security.args>-Djava.security.manager -Djava.security.policy=src/test/etc/tst.policy</surefire.security.args> + <surefire.jdwp.args>-Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=5005</surefire.jdwp.args> + <surefire.gc.args>-XX:MaxPermSize=128m</surefire.gc.args> + <test.archive.directory>${basedir}/../picketlink-trust-tests/target</test.archive.directory> + <test.classes.directory>${basedir}/../picketlink-trust-tests/target/test-classes</test.classes.directory> + <test.resources.directory>${basedir}/../picketlink-trust-tests/target/test-classes</test.resources.directory> + <wsdl.publish.location>${basedir}/../picketlink-trust-tests/target/wsdl-publish</wsdl.publish.location> + <!-- hibernate.version>3.2.4.sp1</hibernate.version --> + <endpoint.servlet>org.jboss.wsf.stack.jbws.EndpointServlet</endpoint.servlet> + <jboss.javaee.version>5.0.0.GA</jboss.javaee.version> + <surefire.debug.log4j.config>-Dlog4j.logger.org.picketlink=DEBUG -Dlog4j.configuration=file://${test.resources.directory}/log4j.xml</surefire.debug.log4j.config> + <surefire.log4j.config>-Dlog4j.info -Dlog4j.configuration=file://${test.resources.directory}/log4j.xml</surefire.log4j.config> + <jbossws.spi.version>1.1.2.SP7</jbossws.spi.version> + </properties> + <licenses> <license> <name>lgpl</name> @@ -28,14 +51,44 @@ <configuration> <phase>test</phase> <!-- <skipTests>true</skipTests> --> + + <systemPropertyVariables> + <java.naming.provider.url>jnp://${jboss.bind.address}:1099</java.naming.provider.url> + <java.naming.factory.initial>org.jnp.interfaces.NamingContextFactory</java.naming.factory.initial> + <java.naming.factory.url.pkgs>org.jboss.naming:org.jnp.interfaces</java.naming.factory.url.pkgs> + <java.naming.factory.initial>org.jnp.interfaces.NamingContextFactory</java.naming.factory.initial> + <jboss.server.instance>${jboss.server.instance}</jboss.server.instance> + <java.protocol.handler.pkgs>org.jboss.virtual.protocol</java.protocol.handler.pkgs> + <java.util.logging.manager>org.jboss.wsf.common.logging.JDKLogManager</java.util.logging.manager> + <jboss.home>${jboss.home}</jboss.home> + <jbossws.integration.target>${jbossws.integration.target}</jbossws.integration.target> + <log4j.output.dir>${project.build.directory}</log4j.output.dir> + <org.jboss.ws.wsse.keyStore>${test.resources.directory}/jaxws/samples/wssecurity/wsse.keystore</org.jboss.ws.wsse.keyStore> + <org.jboss.ws.wsse.trustStore>${test.resources.directory}/jaxws/samples/wssecurity/wsse.truststore</org.jboss.ws.wsse.trustStore> + <org.jboss.ws.wsse.keyStorePassword>jbossws</org.jboss.ws.wsse.keyStorePassword> + <org.jboss.ws.wsse.trustStorePassword>jbossws</org.jboss.ws.wsse.trustStorePassword> + <org.jboss.ws.wsse.keyStoreType>jks</org.jboss.ws.wsse.keyStoreType> + <org.jboss.ws.wsse.trustStoreType>jks</org.jboss.ws.wsse.trustStoreType> + <test.archive.directory>${test.archive.directory}</test.archive.directory> + <test.classes.directory>${test.classes.directory}</test.classes.directory> + <test.resources.directory>${test.resources.directory}</test.resources.directory> + <wsdl.publish.location>${wsdl.publish.location}</wsdl.publish.location> + </systemPropertyVariables> + <testClassesDirectory>${basedir}/../picketlink-trust-tests/target/test-classes</testClassesDirectory> <testResourcesDirectory>${basedir}/../picketlink-trust-tests/target/test-classes</testResourcesDirectory> <printSummary>true</printSummary> <disableXmlReport>false</disableXmlReport> <includes> - <include>**/ServletToWSTestCase.java</include> - <include>**/*XXTestCase.java</include> + <!-- include>**/ServletToWSTestCase.java</include --> + <include>**/*TestCase.java</include> </includes> + <excludes> + <!-- WS-Security style of this tests is not CXF supported + TODO: change it to CXF ready one + --> + <exclude>**/STSLoginModulesTestCase.java</exclude> + </excludes> <forkMode>pertest</forkMode> <argLine>-Djava.endorsed.dirs=${basedir}/target/jboss-5.1.0.GA/lib/endorsed</argLine> <useFile>false</useFile> @@ -47,6 +100,7 @@ <additionalClasspathElement>${eap-home}/client/jmx-invoker-adaptor-client.jar</additionalClasspathElement> <additionalClasspathElement>${eap-home}/client/jbossall-client.jar</additionalClasspathElement> <additionalClasspathElement>${eap-home}/client/jbossws-common.jar</additionalClasspathElement> + <additionalClasspathElement>${eap-home}/client/jbossws-jboss50.jar</additionalClasspathElement> <additionalClasspathElement>${eap-home}/common/lib/picketlink-core-${pl-version}.jar</additionalClasspathElement> <additionalClasspathElement>${eap-home}/lib/endorsed/xercesImpl.jar</additionalClasspathElement> @@ -54,6 +108,7 @@ <additionalClasspathElement>${eap-home}/client/jbossws-spi.jar</additionalClasspathElement> <additionalClasspathElement>${eap-home}/client/jbossws-common.jar</additionalClasspathElement> + <additionalClasspathElement>${eap-home}/client/jbossws-jboss50.jar</additionalClasspathElement> <additionalClasspathElement>${eap-home}/client/jboss-xml-binding.jar</additionalClasspathElement> <additionalClasspathElement>${eap-home}/client/mail.jar</additionalClasspathElement> <additionalClasspathElement>${eap-home}/client/wsdl4j.jar</additionalClasspathElement> @@ -189,6 +244,18 @@ <version>3.1</version> <scope>test</scope> </dependency> + <dependency> + <groupId>org.jboss.shrinkwrap</groupId> + <artifactId>shrinkwrap-api</artifactId> + <version>1.0.0-cr-1</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.jboss.shrinkwrap</groupId> + <artifactId>shrinkwrap-impl-base</artifactId> + <version>1.0.0-cr-1</version> + <scope>test</scope> + </dependency> </dependencies> Modified: integration-tests/branches/product/picketlink-trust-eap5-native/pom.xml =================================================================== --- integration-tests/branches/product/picketlink-trust-eap5-native/pom.xml 2011-10-06 13:16:45 UTC (rev 1292) +++ integration-tests/branches/product/picketlink-trust-eap5-native/pom.xml 2011-10-06 13:18:24 UTC (rev 1293) @@ -11,6 +11,29 @@ <name>PicketLink Integration Tests for WS-Trust (STS) - Trust - EAP5 - WS Native Stack</name> <url>http://labs.jboss.org/portal/picketlink/</url> <description>PicketLink Federation Tests to be run in a continuous integration environment such as Hudson</description> + + <properties> + <jboss.bind.address>localhost</jboss.bind.address> + <jboss.home>${eap-home}</jboss.home> + <jboss.server.instance>${jboss.profile}</jboss.server.instance> + <jbossws.integration.target>jboss510</jbossws.integration.target> + + + <surefire.security.args>-Djava.security.manager -Djava.security.policy=src/test/etc/tst.policy</surefire.security.args> + <surefire.jdwp.args>-Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=5005</surefire.jdwp.args> + <surefire.gc.args>-XX:MaxPermSize=128m</surefire.gc.args> + <test.archive.directory>${basedir}/../picketlink-trust-tests/target</test.archive.directory> + <test.classes.directory>${basedir}/../picketlink-trust-tests/target/test-classes</test.classes.directory> + <test.resources.directory>${basedir}/../picketlink-trust-tests/target/test-classes</test.resources.directory> + <wsdl.publish.location>${basedir}/../picketlink-trust-tests/target/wsdl-publish</wsdl.publish.location> + <!-- hibernate.version>3.2.4.sp1</hibernate.version --> + <endpoint.servlet>org.jboss.wsf.stack.jbws.EndpointServlet</endpoint.servlet> + <jboss.javaee.version>5.0.0.GA</jboss.javaee.version> + <surefire.debug.log4j.config>-Dlog4j.logger.org.picketlink=DEBUG -Dlog4j.configuration=file://${test.resources.directory}/log4j.xml</surefire.debug.log4j.config> + <surefire.log4j.config>-Dlog4j.info -Dlog4j.configuration=file://${test.resources.directory}/log4j.xml</surefire.log4j.config> + <jbossws.spi.version>1.1.2.SP7</jbossws.spi.version> + </properties> + <licenses> <license> <name>lgpl</name> @@ -28,6 +51,30 @@ <configuration> <phase>test</phase> <!-- <skipTests>true</skipTests> --> + + <systemPropertyVariables> + <java.naming.provider.url>jnp://${jboss.bind.address}:1099</java.naming.provider.url> + <java.naming.factory.initial>org.jnp.interfaces.NamingContextFactory</java.naming.factory.initial> + <java.naming.factory.url.pkgs>org.jboss.naming:org.jnp.interfaces</java.naming.factory.url.pkgs> + <java.naming.factory.initial>org.jnp.interfaces.NamingContextFactory</java.naming.factory.initial> + <jboss.server.instance>${jboss.server.instance}</jboss.server.instance> + <java.protocol.handler.pkgs>org.jboss.virtual.protocol</java.protocol.handler.pkgs> + <java.util.logging.manager>org.jboss.wsf.common.logging.JDKLogManager</java.util.logging.manager> + <jboss.home>${jboss.home}</jboss.home> + <jbossws.integration.target>${jbossws.integration.target}</jbossws.integration.target> + <log4j.output.dir>${project.build.directory}</log4j.output.dir> + <org.jboss.ws.wsse.keyStore>${test.resources.directory}/jaxws/samples/wssecurity/wsse.keystore</org.jboss.ws.wsse.keyStore> + <org.jboss.ws.wsse.trustStore>${test.resources.directory}/jaxws/samples/wssecurity/wsse.truststore</org.jboss.ws.wsse.trustStore> + <org.jboss.ws.wsse.keyStorePassword>jbossws</org.jboss.ws.wsse.keyStorePassword> + <org.jboss.ws.wsse.trustStorePassword>jbossws</org.jboss.ws.wsse.trustStorePassword> + <org.jboss.ws.wsse.keyStoreType>jks</org.jboss.ws.wsse.keyStoreType> + <org.jboss.ws.wsse.trustStoreType>jks</org.jboss.ws.wsse.trustStoreType> + <test.archive.directory>${test.archive.directory}</test.archive.directory> + <test.classes.directory>${test.classes.directory}</test.classes.directory> + <test.resources.directory>${test.resources.directory}</test.resources.directory> + <wsdl.publish.location>${wsdl.publish.location}</wsdl.publish.location> + </systemPropertyVariables> + <testClassesDirectory>${basedir}/../picketlink-trust-tests/target/test-classes</testClassesDirectory> <testResourcesDirectory>${basedir}/../picketlink-trust-tests/target/test-classes</testResourcesDirectory> <printSummary>true</printSummary> @@ -53,6 +100,7 @@ <additionalClasspathElement>${eap-home}/client/jbossws-spi.jar</additionalClasspathElement> <additionalClasspathElement>${eap-home}/client/jbossws-native-factories.jar</additionalClasspathElement> <additionalClasspathElement>${eap-home}/client/jbossws-common.jar</additionalClasspathElement> + <additionalClasspathElement>${eap-home}/client/jbossws-jboss50.jar</additionalClasspathElement> <additionalClasspathElement>${eap-home}/client/jboss-xml-binding.jar</additionalClasspathElement> <additionalClasspathElement>${eap-home}/client/mail.jar</additionalClasspathElement> <additionalClasspathElement>${eap-home}/client/wsdl4j.jar</additionalClasspathElement> @@ -76,6 +124,7 @@ <property name="pl-fed-webapps-assembly-version" value="${pl-fed-webapps-assembly-version}"/> <property name="localRepository" value="${user.home}/.m2/repository"/> <property name="jboss.dist" value="${jboss.dist}" /> + <property name="EAP_ZIP" value="${EAP_ZIP}" /> <ant antfile="${basedir}/../ant-scripts/ant-build.xml" target="init-eap5" /> <ant antfile="${basedir}/../ant-scripts/ant-build.xml" target="copy-sts-props-eap5" /> <ant antfile="${basedir}/../ant-scripts/ant-build.xml" target="copy-trust-settings-eap5" /> @@ -188,6 +237,18 @@ <version>3.1</version> <scope>test</scope> </dependency> + <dependency> + <groupId>org.jboss.shrinkwrap</groupId> + <artifactId>shrinkwrap-api</artifactId> + <version>1.0.0-cr-1</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.jboss.shrinkwrap</groupId> + <artifactId>shrinkwrap-impl-base</artifactId> + <version>1.0.0-cr-1</version> + <scope>test</scope> + </dependency> </dependencies> Modified: integration-tests/branches/product/picketlink-trust-tests/pom.xml =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/pom.xml 2011-10-06 13:16:45 UTC (rev 1292) +++ integration-tests/branches/product/picketlink-trust-tests/pom.xml 2011-10-06 13:18:24 UTC (rev 1293) @@ -51,7 +51,7 @@ <phase>package</phase> <configuration> <warName>pojo-test</warName> - <packagingExcludes>WEB-INF/lib/*.jar</packagingExcludes> + <packagingExcludes>WEB-INF/lib/*.jar,fed,keystore,MANIFEST.MF</packagingExcludes> <warSourceDirectory>src/test/resources/webapp</warSourceDirectory> <webappDirectory>${project.build.directory}/${project.build.finalName}-pojo-test</webappDirectory> <webResources> @@ -76,7 +76,7 @@ <phase>package</phase> <configuration> <warName>binary-test</warName> - <packagingExcludes>WEB-INF/lib/*.jar</packagingExcludes> + <packagingExcludes>WEB-INF/lib/*.jar,fed,keystore,MANIFEST.MF</packagingExcludes> <warSourceDirectory>src/test/resources/binary</warSourceDirectory> <webappDirectory>${project.build.directory}/${project.build.finalName}-binary-test</webappDirectory> <webResources> @@ -119,6 +119,10 @@ <exclude>**/*TestCase*</exclude> <exclude>**/POJO*</exclude> <exclude>**/author*</exclude> + <exclude>fed/**</exclude> + <exclude>keystore/**</exclude> + <exclude>fed/**</exclude> + <exclude>org/picketlink/qa/**</exclude> </excludes> </configuration> </plugin> @@ -243,8 +247,12 @@ <version>3.1</version> <scope>test</scope> </dependency> - - + <dependency> + <groupId>org.jboss.shrinkwrap</groupId> + <artifactId>shrinkwrap-api</artifactId> + <version>1.0.0-cr-1</version> + <scope>test</scope> + </dependency> </dependencies> <reporting> Added: integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/CommonTestHelper.java =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/CommonTestHelper.java (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/CommonTestHelper.java 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,82 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ + +package org.picketlink.qa; + +import java.io.IOException; +import java.io.StringReader; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; + +import org.apache.log4j.Logger; +import org.w3c.dom.Document; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.xml.sax.InputSource; +import org.xml.sax.SAXException; + +/** + * This is helper class that can be used on server side as well as on client side. + * @author pskopek + * + */ +public class CommonTestHelper +{ + + public static Logger log = Logger.getLogger(CommonTestHelper.class); + + public static String getSubjectNameIDFromXmlString(String xml) throws IOException, SAXException, ParserConfigurationException + { + + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + factory.setXIncludeAware(true); + + DocumentBuilder builder = factory.newDocumentBuilder(); + InputSource is = new InputSource(new StringReader(xml)); + + Document doc = builder.parse(is); + + Node subject = doc.getDocumentElement().getElementsByTagName("saml:Subject").item(0); + NodeList list = subject.getChildNodes(); + + for (int i = 0; i < list.getLength(); i++) + { + + Node n = list.item(i); + log.trace("Child Node Name=" + n.getNodeName()); + + if (n.getNodeName().equals("saml:NameID")) + { + log.trace("returning node value=" + n.getTextContent()); + return n.getTextContent(); + } + + } + + return null; + } + + +} Added: integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/JBossPLTestHelper.java =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/JBossPLTestHelper.java (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/JBossPLTestHelper.java 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,249 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ + +package org.picketlink.qa; + +import java.io.BufferedReader; +import java.io.File; +import java.io.FileReader; +import java.io.IOException; +import java.util.regex.Pattern; + +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.PBEKeySpec; +import javax.crypto.spec.PBEParameterSpec; + +import org.apache.log4j.Logger; +import org.jboss.shrinkwrap.api.Archive; +import org.jboss.shrinkwrap.api.ArchivePath; +import org.jboss.shrinkwrap.api.ArchivePaths; +import org.jboss.shrinkwrap.api.ShrinkWrap; +import org.jboss.shrinkwrap.api.asset.Asset; +import org.jboss.shrinkwrap.api.asset.StringAsset; +import org.jboss.shrinkwrap.api.spec.WebArchive; +import org.jboss.wsf.test.JBossWSTestHelper; +import org.picketlink.identity.federation.core.util.PBEUtils; + +/** + * @author pskopek + * + */ +public class JBossPLTestHelper extends JBossWSTestHelper { + + private static Logger log = Logger.getLogger(JBossPLTestHelper.class); + private static String MASK_PREFIX = "MASK-"; + + private static JBossPLTestHelper TEST_HELPER; + + static { + TEST_HELPER = new JBossPLTestHelper(); + } + + public static String STS_FILE_NAME = "picketlink-sts.war"; + public static String STS_FILE_NAME_MASKED_PASS = "picketlink-sts-masked-pass.war"; + private static WebArchive STS = null; + private static WebArchive MASKED_PASS_STS = null; + + private TestDeployerShrinkWrapJBoss sw; + + + public static JBossPLTestHelper getJBossPLTestHelper() { + if (TEST_HELPER == null) + TEST_HELPER = new JBossPLTestHelper(); + return TEST_HELPER; + } + + private JBossPLTestHelper() { + super(); + this.sw = new TestDeployerShrinkWrapJBoss(getServer()); + } + + public void deploy(Archive<?> archive) throws Exception { + sw.deploy(archive); + } + + public void undeploy(Archive<?> archive) throws Exception { + sw.undeploy(archive); + } + + public static WebArchive getPicketLinkSTSArchive() { + if (STS == null) { + createPicketLinkSTSArchive(); + } + + return STS; + } + + public static String maskPassword(byte[] salt, int count, String passwordToEncode) { + + try { + + char[] password = "somearbitrarycrazystringthatdoesnotmatter".toCharArray(); + byte[] passwordToEncodeB = passwordToEncode.getBytes("UTF-8"); + + PBEParameterSpec cipherSpec = new PBEParameterSpec(salt, count); + PBEKeySpec keySpec = new PBEKeySpec(password); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEwithMD5andDES"); + SecretKey cipherKey = factory.generateSecret(keySpec); + String encodedPassword = PBEUtils.encode64(passwordToEncodeB, "PBEwithMD5andDES", + cipherKey, cipherSpec); + + return encodedPassword; + } + catch (Exception e) { + log.error("Problem while encoding password ", e); + throw new RuntimeException(e); + } + + } + + + public static WebArchive getPasswordMaskedPicketLinkSTSArchive() { + if (MASKED_PASS_STS == null) { + + byte[] salt = new byte[] {48, 80, 110, 65, 89, 112, 40, 122 }; // 0PnAYp(z + int iterationCount = 135; + + String maskedKeyStorePass = MASK_PREFIX + maskPassword( salt, iterationCount, "testpass"); + String maskedSigningKeyPass = MASK_PREFIX + maskPassword(salt, iterationCount, "keypass"); + + String additionalProps = "<Auth Key=\"salt\" Value=\"0PnAYp(z\"/> <Auth Key=\"iterationCount\" Value=\"135\"/>"; + + MASKED_PASS_STS = createPicketLinkSTSArchive(STS_FILE_NAME_MASKED_PASS, "sts_keystore.jks", maskedKeyStorePass, "sts", maskedSigningKeyPass, additionalProps); + } + + return MASKED_PASS_STS; + } + + /** + * Creates STS archive ready to deploy. + */ + private static void createPicketLinkSTSArchive() { + + STS = createPicketLinkSTSArchive(STS_FILE_NAME, "sts_keystore.jks", "testpass", "sts", "keypass", ""); + + } + + /** + * Creates STS archive with picketlink-sts.xml created by replacing following tokens with parameters. + * <code> + * ${keyStoreURL} -> keyStoreURL + * ${keyStorePass} -> keyStorePass + * ${signingKeyAlias} -> signingKeyAlias + * ${signingKeyPass} -> signingKeyPass + * </code> + * + * @param archiveName + * @param keyStoreURL + * @param keyStorePass + * @param signingKeyAlias + * @param signingKeyPass + * @param additionalMaskinProps + */ + private static WebArchive createPicketLinkSTSArchive(String archiveName, String keyStoreURL, String keyStorePass, String signingKeyAlias, String signingKeyPass, String additionalMaskingProps) { + + + WebArchive arch = null; + + File stsXml = TEST_HELPER.getResourceFile("fed/wstrust-lm/STS/WEB-INF/classes/picketlink-sts.xml"); + StringBuffer fileContent = new StringBuffer(1024); + + try { + + BufferedReader reader = new BufferedReader(new FileReader(stsXml)); + char[] buf = new char[1024]; + int numRead=0; + while((numRead=reader.read(buf)) != -1){ + String readData = String.valueOf(buf, 0, numRead); + fileContent.append(readData); + buf = new char[1024]; + } + reader.close(); + + } + catch (IOException e) { + log.error("IO Exception happend.", e); + } + + String plSTS = fileContent.toString() + .replaceAll(Pattern.quote("${keyStoreURL}"), keyStoreURL) + .replaceAll(Pattern.quote("${keyStorePass}"), keyStorePass) + .replaceAll(Pattern.quote("${signingKeyAlias}"), signingKeyAlias) + .replaceAll(Pattern.quote("${signingKeyPass}"), signingKeyPass) + .replaceAll(Pattern.quote("${additionalMaskingProps}"), additionalMaskingProps); + ; + + StringAsset sAsset = new StringAsset(plSTS); + + /* picketlink-sts package */ + arch = ShrinkWrap.create(WebArchive.class, archiveName); + arch.setManifest(TEST_HELPER.getResourceFile("MANIFEST.MF")); + + arch.addAsWebInfResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/STS/WEB-INF/jboss-web.xml")); + arch.addAsWebInfResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/STS/WEB-INF/jboss-wsse-server.xml")); + arch.addAsWebInfResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/STS/WEB-INF/sts-jboss-beans.xml")); + arch.setWebXML(TEST_HELPER.getResourceFile("fed/wstrust-lm/STS/WEB-INF/web.xml")); + + ArchivePath classes = ArchivePaths.create("classes"); + ArchivePath wsdl = ArchivePaths.create("wsdl"); + + addWebResourceWA(arch, sAsset, classes, "picketlink-sts.xml"); + addWebResourceWA(arch, TEST_HELPER.getResourceFile("fed/wstrust-lm/STS/WEB-INF/classes/sts-roles.properties"), classes); + addWebResourceWA(arch, TEST_HELPER.getResourceFile("fed/wstrust-lm/STS/WEB-INF/classes/sts-users.properties"), classes); + addWebResourceWA(arch, TEST_HELPER.getResourceFile("fed/wstrust-lm/STS/WEB-INF/classes/sts_keystore.jks"), classes); + addWebResourceWA(arch, TEST_HELPER.getResourceFile("fed/wstrust-lm/STS/WEB-INF/wsdl/PicketLinkSTS.wsdl"), wsdl); + + return arch; + + } + + + + /** + * Workaround to store more files under specified ArchivePath in given WebArchive. + * https://jira.jboss.org/browse/SHRINKWRAP-187 + * @param webArchive + * @param file + * @param path + */ + public static void addWebResourceWA(WebArchive webArchive, File file, ArchivePath path) + { + webArchive.addAsWebResource(file, path.get() + File.separator + file.getName()); + } + + /** + * Workaround to store more Assets under specified ArchivePath in given WebArchive. + * https://jira.jboss.org/browse/SHRINKWRAP-187 + * @param webArchive + * @param asset - the asset to include + * @param path - path of the asset in archive + * @param assetName - name of the asset inside archive + */ + public static void addWebResourceWA(WebArchive webArchive, Asset asset, ArchivePath path, String assetName) + { + webArchive.addAsWebResource(asset, path.get() + File.separator + assetName); + } + + +} +// \ No newline at end of file Added: integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/TestDeployerShrinkWrapJBoss.java =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/TestDeployerShrinkWrapJBoss.java (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/TestDeployerShrinkWrapJBoss.java 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,59 @@ +package org.picketlink.qa; + +import java.io.File; +import java.net.MalformedURLException; +import java.net.URL; + +import javax.management.MBeanServerConnection; + +import org.apache.log4j.Logger; +import org.jboss.shrinkwrap.api.Archive; +import org.jboss.shrinkwrap.api.exporter.ZipExporter; +import org.jboss.wsf.test.JBossWSTestHelper; +import org.jboss.wsf.test.TestDeployerJBoss; + +public class TestDeployerShrinkWrapJBoss extends TestDeployerJBoss { + + public static Logger log = Logger.getLogger(TestDeployerShrinkWrapJBoss.class); + + + public TestDeployerShrinkWrapJBoss(MBeanServerConnection server) { + super(server); + } + + public void deploy(Archive<?> archive) throws Exception + { + deploy(archiveToURL(archive)); + } + + public void undeploy(Archive<?> archive) throws Exception + { + undeploy(archiveToURL(archive)); + deleteDeploymentFile(archive); + } + + private URL archiveToURL(Archive <?> archive) throws MalformedURLException { + + String testArchiveDir = JBossWSTestHelper.getTestArchiveDir(); + String name = archive.getName(); + + File file = new File(testArchiveDir + "/" + name); + + if (!file.exists()) + archive.as(ZipExporter.class).exportTo(file, true); + + return file.toURI().toURL(); + } + + + private void deleteDeploymentFile(Archive <?> archive) { + String testArchiveDir = JBossWSTestHelper.getTestArchiveDir(); + String name = archive.getName(); + + File file = new File(testArchiveDir + "/" + name); + if (file.exists() && !log.isDebugEnabled()) + file.delete(); + + } + +} Added: integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/BasicSTSTestCase.java =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/BasicSTSTestCase.java (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/BasicSTSTestCase.java 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,136 @@ +/* + * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware + * LLC, and individual contributors by the @authors tag. See the copyright.txt + * in the distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it under the + * terms of the GNU Lesser General Public License as published by the Free + * Software Foundation; either version 2.1 of the License, or (at your option) + * any later version. + * + * This software is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more + * details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this software; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF + * site: http://www.fsf.org. + */ + +package org.picketlink.qa.identity.federation.wstrust; + +import junit.extensions.TestSetup; +import junit.framework.Test; +import junit.framework.TestSuite; + +import org.apache.log4j.Logger; +import org.jboss.shrinkwrap.api.spec.WebArchive; +import org.jboss.wsf.test.JBossWSTest; +import org.jboss.wsf.test.JBossWSTestSetup; +import org.picketlink.identity.federation.api.wstrust.WSTrustClient; +import org.picketlink.identity.federation.api.wstrust.WSTrustClient.SecurityInfo; +import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; +import org.picketlink.identity.federation.core.wstrust.WSTrustException; +import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil; +import org.picketlink.qa.JBossPLTestHelper; +import org.w3c.dom.Element; + +/** + * This test case checks if obtaining a ticket from STS works. + * It also call ticket validation routine. + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + * @author <a href="mailto:pskopek@redhat.com">Peter Skopek</a> + * + */ +public class BasicSTSTestCase extends JBossWSTest +{ + + private static JBossPLTestHelper TEST_HELPER = JBossPLTestHelper.getJBossPLTestHelper(); + private static WebArchive sts = null; + + public static Logger log = Logger.getLogger(BasicSTSTestCase.class); + + public String server = getServerHost(); + + public static Test suite() throws Exception + { + createTestArtifacts(); + + TestSuite suite = new TestSuite(); + suite.addTest(new TestSuite(BasicSTSTestCase.class)); + + // Create an initializer for the test suite + TestSetup wrapper = new JBossWSTestSetup(suite) { + @Override + protected void setUp() throws Exception + { + log.trace("Static setUp"); + super.setUp(); + deployArtifacts(); + + } + + @Override + protected void tearDown() throws Exception + { + log.trace("Static tearDown"); + undeployArtifacts(); + super.tearDown(); + } + }; + + return wrapper; + } + + public void testSTS() throws Exception + { + // create a WSTrustClient instance. + WSTrustClient client = new WSTrustClient("PicketLinkSTS", "PicketLinkSTSPort", "http://" + server + ":8080" + "/picketlink-sts/PicketLinkSTS", new SecurityInfo( + "JBoss", "JBoss")); + + // issue a SAML assertion using the client API. + Element assertion = null; + try + { + assertion = client.issueToken(SAMLUtil.SAML2_TOKEN_TYPE); + } + catch (WSTrustException wse) + { + fail("Unable to issue assertion: " + wse.getMessage()); + } + + // print the assertion for demonstration purposes. + log.debug("Successfully issued a standard SAMLV2.0 Assertion!"); + + if (log.isTraceEnabled()) + log.trace(DocumentUtil.getDOMElementAsString(assertion)); + + // validate the received SAML assertion. + try + { + assertTrue("Token valid.", client.validateToken(assertion)); + } + catch (WSTrustException wse) + { + fail("Failed to validate SAMLV2.0 Assertion: " + wse.getMessage()); + } + } + + private static void createTestArtifacts() + { + sts = JBossPLTestHelper.getPicketLinkSTSArchive(); + } + + private static void deployArtifacts() throws Exception { + // TEST_HELPER.deploy(sts); + } + + private static void undeployArtifacts() throws Exception { + // TEST_HELPER.undeploy(sts); + } + + +} Added: integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/Hello.java =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/Hello.java (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/Hello.java 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,37 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2006, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.qa.identity.federation.wstrust; + +import javax.jws.WebMethod; +import javax.jws.WebService; +import javax.jws.soap.SOAPBinding; + +@WebService(name = "Hello", targetNamespace = "http://org.jboss.ws/cert-auth") +@SOAPBinding(style = SOAPBinding.Style.RPC) +public interface Hello +{ + @WebMethod + public String echo(String par); + + @WebMethod + public String echo2(String par); +} Added: integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/HelloJavaBean.java =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/HelloJavaBean.java (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/HelloJavaBean.java 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,63 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2006, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.qa.identity.federation.wstrust; + +import javax.annotation.Resource; +import javax.annotation.security.RolesAllowed; +import javax.ejb.Stateless; +import javax.jws.WebMethod; +import javax.jws.WebService; +import javax.jws.soap.SOAPBinding; +import javax.xml.ws.WebServiceContext; + +import org.jboss.logging.Logger; +import org.jboss.ws.annotation.EndpointConfig; +import org.jboss.wsf.spi.annotation.WebContext; + + +@Stateless +@WebService(name = "Hello", serviceName = "HelloService", targetNamespace = "http://org.jboss.ws/cert-auth") +@SOAPBinding(style = SOAPBinding.Style.RPC) +@WebContext(contextRoot = "/cert-auth", urlPattern = "/*") +@EndpointConfig(configName = "Standard WSSecurity Endpoint") +public class HelloJavaBean +{ + private Logger log = Logger.getLogger(HelloJavaBean.class); + @Resource + private WebServiceContext ctx; + + @WebMethod + @RolesAllowed({"friend"}) + public String echo(String par) + { + log.info("User principal: " + ctx.getUserPrincipal()); + return par; + } + + @WebMethod + @RolesAllowed({"girlfriend"}) + public String echo2(String par) + { + log.info("User principal: " + ctx.getUserPrincipal()); + return par; + } +} Added: integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/STSLoginModulesTestCase.java =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/STSLoginModulesTestCase.java (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/STSLoginModulesTestCase.java 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,181 @@ +package org.picketlink.qa.identity.federation.wstrust; + +import java.net.URL; + +import javax.xml.namespace.QName; +import javax.xml.ws.BindingProvider; +import javax.xml.ws.Service; + +import junit.framework.Test; + +import org.apache.log4j.Logger; +import org.jboss.shrinkwrap.api.ShrinkWrap; +import org.jboss.shrinkwrap.api.spec.JavaArchive; +import org.jboss.wsf.test.JBossWSTest; +import org.jboss.wsf.test.JBossWSTestSetup; +import org.jboss.ws.core.StubExt; +import org.picketlink.qa.JBossPLTestHelper; + +public class STSLoginModulesTestCase extends JBossWSTest +{ + + private static JBossPLTestHelper TEST_HELPER = JBossPLTestHelper.getJBossPLTestHelper(); + + public static Logger log = Logger.getLogger(STSLoginModulesTestCase.class); + + public static String SAR_FILE_NAME = "cert-auth-service.sar"; + public static String JAR_FILE_NAME = "cert-auth.jar"; + + private static JavaArchive sar = null; + private static JavaArchive jar = null; + + private String TARGET_ENDPOINT_ADDRESS = "http://" + JBossPLTestHelper.getServerHost() + ":8080/cert-auth"; + private String keyStore; + private String trustStore; + private String keyStorePassword; + private String trustStorePassword; + private String keyStoreType; + private String trustStoreType; + + public static Test suite() throws Exception + { + createTestArtifacts(); + return new JBossWSTestSetup(STSLoginModulesTestCase.class, ""); + } + + @Override + protected void setUp() throws Exception + { + log.trace("Setting up tests"); + super.setUp(); + //Backup values + keyStore = System.getProperty("org.jboss.ws.wsse.keyStore"); + keyStorePassword = System.getProperty("org.jboss.ws.wsse.keyStorePassword"); + keyStoreType = System.getProperty("org.jboss.ws.wsse.keyStoreType"); + trustStore = System.getProperty("org.jboss.ws.wsse.trustStore"); + trustStorePassword = System.getProperty("org.jboss.ws.wsse.trustStorePassword"); + trustStoreType = System.getProperty("org.jboss.ws.wsse.trustStoreType"); + + deployArtifacts(); + } + + @Override + protected void tearDown() throws Exception + { + log.trace("Tearing down test env."); + + undeployArtifacts(); + + //Restore environment + System.setProperty("org.jboss.ws.wsse.keyStore", keyStore); + System.setProperty("org.jboss.ws.wsse.trustStore", trustStore); + System.setProperty("org.jboss.ws.wsse.keyStorePassword", keyStorePassword); + System.setProperty("org.jboss.ws.wsse.trustStorePassword", trustStorePassword); + System.setProperty("org.jboss.ws.wsse.keyStoreType", keyStoreType); + System.setProperty("org.jboss.ws.wsse.trustStoreType", trustStoreType); + super.tearDown(); + } + + private static void createTestArtifacts() + { + + /* cert-auth-service package */ + sar = ShrinkWrap.create(JavaArchive.class, SAR_FILE_NAME); + sar.toString(true); + sar.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust/META-INF/jboss-service.xml")); + sar.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust/META-INF/jbossws-roles.properties")); + sar.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust/META-INF/keystore.jks")); + sar.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust/META-INF/login-config.xml")); + + /* cert-auth-webservice package */ + jar = ShrinkWrap.create(JavaArchive.class, JAR_FILE_NAME); + jar.toString(true); + jar.addClasses(Hello.class, HelloJavaBean.class); + jar.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust/bob-sign.jks")); + jar.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust/META-INF/jboss-wsse-server.xml")); + jar.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust/META-INF/jboss.xml")); + jar.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust/wsse10.truststore")); + + } + + private void deployArtifacts() throws Exception + { + log.debug("deploying test artifacts"); + TEST_HELPER.deploy(sar); + TEST_HELPER.deploy(jar); + } + + private void undeployArtifacts() throws Exception + { + log.debug("undeploying test artifacts"); + TEST_HELPER.undeploy(jar); + TEST_HELPER.undeploy(sar); + } + + public void testAuthAlice() throws Exception + { + setEnvironment("alice"); + Hello port = getPort(); + String msg = "Hi!"; + try + { + String result = port.echo(msg); + assertEquals(msg, result); + result = port.echo2(msg); + assertEquals(msg, result); + } + catch (Exception e) + { + fail(); + } + } + + public void testAuthJohn() throws Exception + { + setEnvironment("john"); + Hello port = getPort(); + String msg = "Hi!"; + try + { + String result = port.echo(msg); + assertEquals(msg, result); + } + catch (Exception e) + { + fail(); + } + try + { + port.echo2(msg); + fail("John shouldn't be allowed to run this method!"); + } + catch (Exception e) + { + //OK + } + } + + private void setEnvironment(String name) + { + //Setup values + System.setProperty("org.jboss.ws.wsse.keyStore", TEST_HELPER.getResourceFile("fed/wstrust/" + name + "-sign.jks").getPath()); + System.setProperty("org.jboss.ws.wsse.trustStore", TEST_HELPER.getResourceFile("fed/wstrust/wsse10.truststore").getPath()); + System.setProperty("org.jboss.ws.wsse.keyStorePassword", "password"); + System.setProperty("org.jboss.ws.wsse.trustStorePassword", "password"); + System.setProperty("org.jboss.ws.wsse.keyStoreType", "jks"); + System.setProperty("org.jboss.ws.wsse.trustStoreType", "jks"); + } + + private Hello getPort() throws Exception + { + URL wsdlURL = new URL(TARGET_ENDPOINT_ADDRESS + "?wsdl"); + QName serviceName = new QName("http://org.jboss.ws/cert-auth", "HelloService"); + Hello port = Service.create(wsdlURL, serviceName).getPort(Hello.class); + URL securityURL = TEST_HELPER.getResourceURL("fed/wstrust/META-INF/jboss-wsse-client.xml"); + ((StubExt)port).setSecurityConfig(securityURL.toExternalForm()); + ((StubExt)port).setConfigName("Standard WSSecurity Client"); + ((BindingProvider)port).getRequestContext().put(StubExt.PROPERTY_AUTH_TYPE, StubExt.PROPERTY_AUTH_TYPE_WSSE); + return port; + } + +} Added: integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/EasySession.java =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/EasySession.java (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/EasySession.java 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,78 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ + +package org.picketlink.qa.identity.federation.wstrust.lm; + +import java.security.Principal; + +/** + * @author pskopek + * + */ +public interface EasySession +{ + /** + * <p> + * This is a method available for regular users and administrators. Implementations must annotate either the class or + * this method with {@code @RolesAllowed({"RegularUser", "Administrator"})} to enforce that only these roles should + * be granted access to this method. + * </p> + * + * @return the caller's {@code Principal}. + */ + public Principal invokeRegularMethod(); + + + /** + * <p> + * This is a method available for administrators only. Implementations must annotate either the class or this method + * with {@code @RolesAllowed({"Administrator"})} to enforce that only administrators should be granted access to + * this method. + * </p> + * + * @return the caller's {@code Principal}. + */ + public Principal invokeAdministrativeMethod(); + + + /** + * <p> + * This is a method available for all authenticated users, regardless or role. Implementations must annotate this + * method with {@code @PermitAll} to specify that all security roles should be granted access. + * </p> + * + * @return the caller's {@code Principal}. + */ + public Principal invokeUnprotectedMethod(); + + + /** + * <p> + * This is a method that is unavailable for everybody. Implementations must annotate this method with + * {@code @DenyAll} to specify that access should be restricted for everybody. + * </p> + * + * @return the caller's {@code Principal}. + */ + public Principal invokeUnavailableMethod(); + +} Added: integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/EasySessionBean.java =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/EasySessionBean.java (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/EasySessionBean.java 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,85 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ + +package org.picketlink.qa.identity.federation.wstrust.lm; + +import java.security.Principal; +import javax.annotation.Resource; +import javax.annotation.security.DenyAll; +import javax.annotation.security.PermitAll; +import javax.annotation.security.RolesAllowed; +import javax.ejb.Remote; +import javax.ejb.SessionContext; +import javax.ejb.Stateless; +import org.apache.log4j.Logger; + +/** + * @author pskopek + * + */ +@Stateless +(a)Remote(EasySession.class) +@RolesAllowed( { "RegularUser", "Administrator" }) +public class EasySessionBean implements EasySession +{ + + Logger log = Logger.getLogger(EasySessionBean.class); + + @Resource + private SessionContext context; + + /* (non-Javadoc) + * @see org.picketlink.qa.identity.federation.wstrust.lm.EasySession#invokeAdministrativeMethod() + */ + @RolesAllowed( { "Administrator" }) + public Principal invokeAdministrativeMethod() + { + return this.context.getCallerPrincipal(); + } + + /* (non-Javadoc) + * @see org.picketlink.qa.identity.federation.wstrust.lm.EasySession#invokeRegularMethod() + */ + public Principal invokeRegularMethod() + { + return this.context.getCallerPrincipal(); + } + + /* (non-Javadoc) + * @see org.picketlink.qa.identity.federation.wstrust.lm.EasySession#invokeUnavailableMethod() + */ + @DenyAll + public Principal invokeUnavailableMethod() + { + return this.context.getCallerPrincipal(); + } + + /* (non-Javadoc) + * @see org.picketlink.qa.identity.federation.wstrust.lm.EasySession#invokeUnprotectedMethod() + */ + @PermitAll + public Principal invokeUnprotectedMethod() + { + return this.context.getCallerPrincipal(); + } + +} Added: integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectEJB3InvokeTestCase.java =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectEJB3InvokeTestCase.java (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectEJB3InvokeTestCase.java 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,276 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ + +package org.picketlink.qa.identity.federation.wstrust.lm; + +import java.security.Principal; +import java.util.Hashtable; + +import javax.ejb.EJBAccessException; +import javax.naming.Context; +import javax.naming.InitialContext; + +import junit.extensions.TestSetup; +import junit.framework.Test; +import junit.framework.TestSuite; + +import org.apache.log4j.Logger; +import org.jboss.shrinkwrap.api.ShrinkWrap; +import org.jboss.shrinkwrap.api.spec.JavaArchive; +import org.jboss.shrinkwrap.api.spec.WebArchive; +import org.jboss.wsf.test.JBossWSTest; +import org.jboss.wsf.test.JBossWSTestSetup; +import org.picketlink.qa.CommonTestHelper; +import org.picketlink.qa.JBossPLTestHelper; + +/** + * This test case deploys two EJB3 apps and invokes first secured via STSIssuingLoginModule in stack with STSValidatingLoginModule. + * First session bean has another one which secured using SAML2STSLoginModule. Issues STS ticket is used to + * authenticate against new security domain as second level invoke. + * + * Tests if EJB3 client can invoke indirectly remote EJB3 methods with following permissions:<br/> + * - administrative <br/> + * - regular <br/> + * - unprotected <br/> + * - denied for all <br/> + * + * @author pskopek + * + */ +public class IndirectEJB3InvokeTestCase extends JBossWSTest +{ + private static JBossPLTestHelper TEST_HELPER = JBossPLTestHelper.getJBossPLTestHelper(); + + public static Logger log = Logger.getLogger(IndirectEJB3InvokeTestCase.class); + + public static String EJB3_APP_FILE_NAME = "indirect-ejb3-app.jar"; + public static String LEVEL2_EJB3_APP_FILE_NAME = "indirect-ejb3-level2-app.jar"; + + private static JavaArchive ejb3App = null; + private static JavaArchive level2Ejb3App = null; + private static WebArchive sts = null; + + public static Test suite() throws Exception + { + createTestArtifacts(); + + TestSuite suite = new TestSuite(); + suite.addTest(new TestSuite(IndirectEJB3InvokeTestCase.class)); + + // Create an initializer for the test suite + TestSetup wrapper = new JBossWSTestSetup(suite) { + @Override + protected void setUp() throws Exception + { + log.trace("Static setUp"); + super.setUp(); + deployArtifacts(); + + } + + @Override + protected void tearDown() throws Exception + { + log.trace("Static tearDown"); + undeployArtifacts(); + super.tearDown(); + } + }; + + return wrapper; + } + + public void testSAML2STSLoginModule() throws Exception + { + performLoginModuleTest("UserA", "PassA", true, true, true); + performLoginModuleTest("UserB", "PassB", false, true, true); + performLoginModuleTest("UserC", "PassC", false, false, true); + } + + + private void performLoginModuleTest(String userName, String password, boolean isAdmin, boolean isRegular, boolean isGuest) throws Exception + { + + boolean callResult; + String resultUserName; + + Hashtable<String, Object> env = new Hashtable<String, Object>(); + + env.put("java.naming.factory.initial", "org.jboss.security.jndi.JndiLoginInitialContextFactory"); + env.put("java.naming.factory.url.pkgs", "org.jboss.naming:org.jnp.interfaces"); + env.put("java.naming.provider.url", JBossPLTestHelper.getServerHost() + ":1099"); + + env.put(Context.SECURITY_PRINCIPAL, userName); + env.put(Context.SECURITY_CREDENTIALS, password); + + log.debug("Invoking secure EJB3 session bean with " + userName); + Context context = new InitialContext(env); + Object object = context.lookup("IndirectSessionBean/remote"); + IndirectSession session = (IndirectSession)object; + + // invoke method that requires the Administrator role. + callResult = false; + resultUserName = null; + try + { + Principal principal = session.invokeAdministrativeMethod(); + resultUserName = principal.getName(); + + log.debug("User " + resultUserName + " successfully called administrative method!"); + log.debug("Principal object = " + resultUserName); + + callResult = true; + } + catch (EJBAccessException eae) + { + log.debug("User " + userName + " is not authorized to call administrative method!", eae); + } + + // in case of admin role check returned principal's name (just for sure ;-) + if (isAdmin && callResult) + callResult = userName.equals(resultUserName); + + assertEquals("Calling method invokeAdministrativeMethod() as " + userName, isAdmin, callResult); + + // invoke method that requires the RegularUser role. + callResult = false; + resultUserName = null; + try + { + Principal principal = session.invokeRegularMethod(); + resultUserName = principal.getName(); + + log.debug("User " + resultUserName + " successfully called regular method!"); + callResult = true; + } + catch (EJBAccessException eae) + { + log.debug("User " + userName + " is not authorized to call regular method!", eae); + } + + // in case of regular user role check returned principal's name (just for sure ;-) + if (isRegular && callResult) + callResult = userName.equals(resultUserName); + + assertEquals("Calling method invokeRegularMethod() as " + userName, isRegular, callResult); + + // invoke method that allows all roles. + callResult = false; + resultUserName = null; + try + { + Principal principal = session.invokeUnprotectedMethod(); + resultUserName = principal.getName(); + + log.debug("User " + resultUserName + " successfully called unprotected method!"); + callResult = true; + } + catch (EJBAccessException eae) + { + // this should never happen as long as the user has successfully authenticated. + log.debug("User " + userName + " is not authorized to call unprotected method!", eae); + } + + assertEquals("Calling method invokeUnprotectedMethod() as " + userName, isGuest, callResult); + + // invoke method that denies access to all roles. + callResult = false; + resultUserName = null; + try + { + Principal principal = session.invokeUnavailableMethod(); + // this should never happen because the method should deny access to all roles. + resultUserName = principal.getName(); + log.debug("User " + resultUserName + " successfully called unavailable method!"); + fail("Calling method invokeUnavailableMethod() as " + userName + ", but has to be denied for all users"); + } + catch (EJBAccessException eae) + { + log.debug("User " + userName + " is not authorized to call unavailable method which is OK!"); + assertTrue("Calling method invokeUnavailableMethod() as " + userName, true); + } + + } + + @Override + protected void setUp() throws Exception + { + log.trace("Dynamic Setting up test"); + super.setUp(); + } + + @Override + protected void tearDown() throws Exception + { + log.trace("Dynamic Tearing down test env."); + super.tearDown(); + } + + private static void createTestArtifacts() + { + + /* picketlink-sts package */ + sts = JBossPLTestHelper.getPicketLinkSTSArchive(); + + /* ejb3-test-app package */ + ejb3App = ShrinkWrap.create(JavaArchive.class, EJB3_APP_FILE_NAME); + ejb3App.setManifest(TEST_HELPER.getResourceFile("MANIFEST.MF")); + ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/indirect/jboss.xml")); + ejb3App.addClasses(IndirectSession.class, IndirectSessionBean.class, IndirectLevel2Session.class, CommonTestHelper.class); + ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/indirect/indirect-sts-issuing-lm-jboss-beans.xml")); + ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sampleapp-roles.properties")); + ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sampleapp-users.properties")); + // has to be on classpath, because it is loaded using getResourceAsStream(..) + ejb3App.addAsResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/sts-config.properties")); + + + level2Ejb3App = ShrinkWrap.create(JavaArchive.class, LEVEL2_EJB3_APP_FILE_NAME); + level2Ejb3App.setManifest(TEST_HELPER.getResourceFile("MANIFEST.MF")); + level2Ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/indirect/jboss-level2.xml"), "jboss.xml"); + level2Ejb3App.addClasses(IndirectLevel2Session.class, IndirectLevel2SessionBean.class); + level2Ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/indirect/indirect-level2-jboss-beans.xml")); + level2Ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sampleapp-roles.properties")); + level2Ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sampleapp-users.properties")); + // has to be on classpath, because it is loaded using getResourceAsStream(..) + level2Ejb3App.addAsResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/sts-config.properties")); + + } + + private static void deployArtifacts() throws Exception + { + log.debug("deploying test artifacts"); + TEST_HELPER.deploy(level2Ejb3App); + + + // TEST_HELPER.deploy(sts); + TEST_HELPER.deploy(ejb3App); + } + + private static void undeployArtifacts() throws Exception + { + log.debug("undeploying test artifacts"); + TEST_HELPER.undeploy(level2Ejb3App); + TEST_HELPER.undeploy(ejb3App); + // TEST_HELPER.undeploy(sts); + } + +} Added: integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectLevel2Session.java =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectLevel2Session.java (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectLevel2Session.java 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,80 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ + +package org.picketlink.qa.identity.federation.wstrust.lm; + +import java.security.Principal; +import javax.ejb.Remote; + +/** + * @author pskopek + * + */ +@Remote +public interface IndirectLevel2Session +{ + /** + * <p> + * This is a method available for regular users and administrators. Implementations must annotate either the class or + * this method with {@code @RolesAllowed({"RegularUser", "Administrator"})} to enforce that only these roles should + * be granted access to this method. + * </p> + * + * @return the caller's {@code Principal}. + */ + public Principal invokeRegularMethod(); + + + /** + * <p> + * This is a method available for administrators only. Implementations must annotate either the class or this method + * with {@code @RolesAllowed({"Administrator"})} to enforce that only administrators should be granted access to + * this method. + * </p> + * + * @return the caller's {@code Principal}. + */ + public Principal invokeAdministrativeMethod(); + + + /** + * <p> + * This is a method available for all authenticated users, regardless or role. Implementations must annotate this + * method with {@code @PermitAll} to specify that all security roles should be granted access. + * </p> + * + * @return the caller's {@code Principal}. + */ + public Principal invokeUnprotectedMethod(); + + + /** + * <p> + * This is a method that is unavailable for everybody. Implementations must annotate this method with + * {@code @DenyAll} to specify that access should be restricted for everybody. + * </p> + * + * @return the caller's {@code Principal}. + */ + public Principal invokeUnavailableMethod(); + +} Added: integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectLevel2SessionBean.java =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectLevel2SessionBean.java (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectLevel2SessionBean.java 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,87 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ + +package org.picketlink.qa.identity.federation.wstrust.lm; + +import java.security.Principal; +import javax.annotation.Resource; +import javax.annotation.security.DenyAll; +import javax.annotation.security.PermitAll; +import javax.annotation.security.RolesAllowed; +import javax.ejb.Remote; +import javax.ejb.SessionContext; +import javax.ejb.Stateless; +import org.apache.log4j.Logger; + +/** + * @author pskopek + * + */ +@Stateless +//(a)Local(IndirectLevel2Session.class) +(a)Remote(IndirectLevel2Session.class) +@RolesAllowed( { "RegularUser", "Administrator" }) +public class IndirectLevel2SessionBean implements IndirectLevel2Session +{ + + Logger log = Logger.getLogger(IndirectLevel2SessionBean.class); + + @Resource + private SessionContext context; + + + /* (non-Javadoc) + * @see org.picketlink.qa.identity.federation.wstrust.lm.EasySession#invokeAdministrativeMethod() + */ + @RolesAllowed( { "Administrator" }) + public Principal invokeAdministrativeMethod() + { + return this.context.getCallerPrincipal(); + } + + /* (non-Javadoc) + * @see org.picketlink.qa.identity.federation.wstrust.lm.EasySession#invokeRegularMethod() + */ + public Principal invokeRegularMethod() + { + return this.context.getCallerPrincipal(); + } + + /* (non-Javadoc) + * @see org.picketlink.qa.identity.federation.wstrust.lm.EasySession#invokeUnavailableMethod() + */ + @DenyAll + public Principal invokeUnavailableMethod() + { + return this.context.getCallerPrincipal(); + } + + /* (non-Javadoc) + * @see org.picketlink.qa.identity.federation.wstrust.lm.EasySession#invokeUnprotectedMethod() + */ + @PermitAll + public Principal invokeUnprotectedMethod() + { + return this.context.getCallerPrincipal(); + } + +} Added: integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectSession.java =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectSession.java (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectSession.java 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,78 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ + +package org.picketlink.qa.identity.federation.wstrust.lm; + +import java.security.Principal; + +/** + * @author pskopek + * + */ +public interface IndirectSession +{ + /** + * <p> + * This is a method available for regular users and administrators. Implementations must annotate either the class or + * this method with {@code @RolesAllowed({"RegularUser", "Administrator"})} to enforce that only these roles should + * be granted access to this method. + * </p> + * + * @return the caller's {@code Principal}. + */ + public Principal invokeRegularMethod(); + + + /** + * <p> + * This is a method available for administrators only. Implementations must annotate either the class or this method + * with {@code @RolesAllowed({"Administrator"})} to enforce that only administrators should be granted access to + * this method. + * </p> + * + * @return the caller's {@code Principal}. + */ + public Principal invokeAdministrativeMethod(); + + + /** + * <p> + * This is a method available for all authenticated users, regardless or role. Implementations must annotate this + * method with {@code @PermitAll} to specify that all security roles should be granted access. + * </p> + * + * @return the caller's {@code Principal}. + */ + public Principal invokeUnprotectedMethod(); + + + /** + * <p> + * This is a method that is unavailable for everybody. Implementations must annotate this method with + * {@code @DenyAll} to specify that access should be restricted for everybody. + * </p> + * + * @return the caller's {@code Principal}. + */ + public Principal invokeUnavailableMethod(); + +} Added: integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectSessionBean.java =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectSessionBean.java (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/IndirectSessionBean.java 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,193 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ + +package org.picketlink.qa.identity.federation.wstrust.lm; + +import java.security.Principal; +import javax.annotation.Resource; +import javax.annotation.security.DenyAll; +import javax.annotation.security.PermitAll; +import javax.annotation.security.RolesAllowed; +import javax.ejb.EJB; +import javax.ejb.EJBException; +import javax.ejb.Remote; +import javax.ejb.SessionContext; +import javax.ejb.Stateless; +import javax.security.auth.Subject; +import javax.security.jacc.PolicyContext; +import javax.security.jacc.PolicyContextException; +import org.apache.log4j.Logger; +import org.jboss.security.client.SecurityClient; +import org.jboss.security.client.SecurityClientFactory; +import org.picketlink.identity.federation.core.wstrust.SamlCredential; +import org.picketlink.qa.CommonTestHelper; + +/** + * @author pskopek + * + */ +@Stateless +(a)Remote(IndirectSession.class) +@RolesAllowed( { "RegularUser", "Administrator" }) +public class IndirectSessionBean implements IndirectSession +{ + + Logger log = Logger.getLogger(IndirectSessionBean.class); + + @Resource + private SessionContext context; + + @EJB(mappedName = "IndirectLevel2SessionBean/remote") + private IndirectLevel2Session level2App; + + private void dumpSubject() + { + + if (!log.isDebugEnabled()) return; + + try + { + Subject callerSubject = (Subject)PolicyContext.getContext(SamlSession.SUBJECT_CONTEXT_KEY); + log.debug("-- SUBJECT PRINCIPALS:"); + for (Principal p : callerSubject.getPrincipals()) + { + log.debug(" " + p.getName()); + } + log.debug("--"); + + log.debug("-- SUBJECT PUBLIC CREDENTIALS:"); + for (Object o : callerSubject.getPublicCredentials()) + { + log.debug(" " + o); + } + log.debug("--"); + + log.debug("-- SUBJECT PRIVATE CREDENTIALS:"); + for (Object o : callerSubject.getPrivateCredentials()) + { + log.debug(" " + o); + } + log.debug("--"); + + } + catch (PolicyContextException e) + { + throw new EJBException(e); + } + + } + + private void login() + { + log.trace("Login started ..."); + try + { + SamlCredential sc = getCallerSamlCredential(); + log.debug("Got SAML credential " + sc); + if (log.isTraceEnabled()) + log.trace("Assertion as string=" + sc.getAssertionAsString()); + String user = CommonTestHelper.getSubjectNameIDFromXmlString(sc.getAssertionAsString()); + SecurityClient client = SecurityClientFactory.getSecurityClient(); + log.debug("User for simple login is " + user); + client.setSimple(user, sc); + client.login(); + } + catch (Exception e) + { + throw new EJBException(e); + } + } + + private SamlCredential getCallerSamlCredential() + { + + log.trace("Getting SAML credential"); + try + { + Subject callerSubject = (Subject)PolicyContext.getContext(SamlSession.SUBJECT_CONTEXT_KEY); + for (Object o : callerSubject.getPublicCredentials()) + { + if (log.isTraceEnabled()) + log.trace("Public Credential = " + o); + if (o instanceof SamlCredential) + { + return (SamlCredential)o; + } + } + + return null; + + } + catch (PolicyContextException e) + { + throw new EJBException(e); + } + + } + + /* (non-Javadoc) + * @see org.picketlink.qa.identity.federation.wstrust.lm.EasySession#invokeAdministrativeMethod() + */ + @RolesAllowed( { "Administrator" }) + public Principal invokeAdministrativeMethod() + { + log.debug("invoking level2App.invokeAdministrativeMethod() as " + context.getCallerPrincipal()); + + dumpSubject(); + login(); + + return level2App.invokeAdministrativeMethod(); + } + + /* (non-Javadoc) + * @see org.picketlink.qa.identity.federation.wstrust.lm.EasySession#invokeRegularMethod() + */ + public Principal invokeRegularMethod() + { + log.debug("invoking level2App.invokeRegularMethod() as " + context.getCallerPrincipal()); + login(); + return level2App.invokeRegularMethod(); + } + + /* (non-Javadoc) + * @see org.picketlink.qa.identity.federation.wstrust.lm.EasySession#invokeUnavailableMethod() + */ + @DenyAll + public Principal invokeUnavailableMethod() + { + log.debug("invoking level2App.invokeUnavailableMethod() as " + context.getCallerPrincipal()); + login(); + return level2App.invokeUnavailableMethod(); + } + + /* (non-Javadoc) + * @see org.picketlink.qa.identity.federation.wstrust.lm.EasySession#invokeUnprotectedMethod() + */ + @PermitAll + public Principal invokeUnprotectedMethod() + { + log.debug("invoking level2App.invokeUnprotectedMethod() as " + context.getCallerPrincipal()); + login(); + return level2App.invokeUnprotectedMethod(); + } + +} Added: integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/MaskedPassSAML2STSLoginModuleTestCase.java =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/MaskedPassSAML2STSLoginModuleTestCase.java (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/MaskedPassSAML2STSLoginModuleTestCase.java 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,261 @@ +package org.picketlink.qa.identity.federation.wstrust.lm; + +import java.security.Principal; +import java.util.Hashtable; + +import javax.ejb.EJBAccessException; +import javax.naming.Context; +import javax.naming.InitialContext; + +import junit.extensions.TestSetup; +import junit.framework.Test; +import junit.framework.TestSuite; + + +import org.apache.log4j.Logger; +import org.jboss.shrinkwrap.api.ShrinkWrap; +import org.jboss.shrinkwrap.api.spec.JavaArchive; +import org.jboss.shrinkwrap.api.spec.WebArchive; +import org.jboss.wsf.test.JBossWSTest; +import org.jboss.wsf.test.JBossWSTestSetup; +import org.picketlink.identity.federation.api.wstrust.WSTrustClient; +import org.picketlink.identity.federation.api.wstrust.WSTrustClient.SecurityInfo; +import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; +import org.picketlink.identity.federation.core.wstrust.SamlCredential; +import org.picketlink.identity.federation.core.wstrust.WSTrustException; +import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil; +import org.picketlink.qa.JBossPLTestHelper; +import org.w3c.dom.Element; + +/** + * This test case utilizes org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSLoginModule in + * conjunction with UsersRolesLoginModule (which provides roles for authenticated principal). + * 1. it gets SAML token from STS + * 2. uses the token as credential in login to container + * 3. tests if EJB3 client can invoke remote EJB3 methods with following permissions: + * - administrative + * - regular + * - unprotected + * - denied for all + * + * @author pskopek + * + */ +public class MaskedPassSAML2STSLoginModuleTestCase extends JBossWSTest +{ + private static JBossPLTestHelper TEST_HELPER = JBossPLTestHelper.getJBossPLTestHelper(); + + public static Logger log = Logger.getLogger(MaskedPassSAML2STSLoginModuleTestCase.class); + + public static String EJB3_APP_FILE_NAME = "ejb3-test-saml2stslm-mp-app.jar"; + + private static JavaArchive ejb3App = null; + private static WebArchive sts = null; + + + public static Test suite() throws Exception + { + createTestArtifacts(); + + TestSuite suite = new TestSuite(); + suite.addTest(new TestSuite(MaskedPassSAML2STSLoginModuleTestCase.class)); + + // Create an initializer for the test suite + TestSetup wrapper = new JBossWSTestSetup(suite) { + @Override + protected void setUp() throws Exception + { + log.trace("Static setUp"); + super.setUp(); + deployArtifacts(); + + } + + @Override + protected void tearDown() throws Exception + { + log.trace("Static tearDown"); + undeployArtifacts(); + super.tearDown(); + } + }; + + return wrapper; + + } + + public void testSAML2STSLoginModule() throws Exception + { + performLoginModuleTest("UserA", "PassA", true, true, true); + performLoginModuleTest("UserB", "PassB", false, true, true); + performLoginModuleTest("UserC", "PassC", false, false, true); + } + + private void performLoginModuleTest(String userName, String password, boolean isAdmin, boolean isRegular, boolean isGuest) throws Exception + { + + // create a WSTrustClient instance. + WSTrustClient client = new WSTrustClient("PicketLinkSTS", "PicketLinkSTSPort", + "http://localhost:8080/picketlink-sts/PicketLinkSTS", + new SecurityInfo(userName, password)); + + // issue a SAML assertion using the client API. + Element assertion = null; + + try + { + log.debug("Invoking token service to get SAML assertion for " + userName); + assertion = client.issueToken(SAMLUtil.SAML2_TOKEN_TYPE); + log.debug("SAML assertion for " + userName + " successfully obtained!"); + if (log.isTraceEnabled()) + log.trace("token received="+DocumentUtil.getDOMElementAsString(assertion)); + } + catch (WSTrustException wse) + { + log.error("Unable to issue assertion", wse); + fail("Unable to issue assertion: " + wse.getMessage()); + } + + if (log.isDebugEnabled()) + log.debug("validate " + client.validateToken(assertion)); + + boolean callResult; + String resultUserName; + + + Hashtable<String, Object> env = new Hashtable<String, Object>(); + + env.put("java.naming.factory.initial", "org.jboss.security.jndi.JndiLoginInitialContextFactory"); + env.put("java.naming.factory.url.pkgs", "org.jboss.naming:org.jnp.interfaces"); + env.put("java.naming.provider.url", JBossPLTestHelper.getServerHost() + ":1099"); + + // invoke the remote EJB using the assertion as the credential. + env.put(Context.SECURITY_PRINCIPAL, userName); + SamlCredential scred = new SamlCredential(assertion); + env.put(Context.SECURITY_CREDENTIALS, scred); + + log.debug("Invoking secure EJB3 session bean with " + userName + " SAML assertion"); + Context context = new InitialContext(env); + Object object = context.lookup("EasySessionBean/remote"); + //EasySession session = (EasySession) PortableRemoteObject.narrow(object, EasySession.class); + EasySession session = (EasySession) object; + + + + // invoke method that requires the Administrator role. + callResult = false; + resultUserName = null; + try + { + Principal principal = session.invokeAdministrativeMethod(); + log.debug("User " + principal.getName() + " successfully called administrative method!"); + resultUserName = principal.getName(); + callResult = true; + } + catch (EJBAccessException eae) + { + log.debug("User " + userName + " is not authorized to call administrative method!", eae); + } + + // in case of admin role check returned principal's name (just for sure ;-) + if (isAdmin && callResult) + callResult = userName.equals(resultUserName); + + assertEquals("Calling method invokeAdministrativeMethod() as " + userName, isAdmin, callResult); + + + // invoke method that requires the RegularUser role. + callResult = false; + resultUserName = null; + try + { + Principal principal = session.invokeRegularMethod(); + log.debug("User " + principal.getName() + " successfully called regular method!"); + resultUserName = principal.getName(); + callResult = true; + } + catch (EJBAccessException eae) + { + log.debug("User " + userName + " is not authorized to call regular method!", eae); + } + + // in case of regular user role check returned principal's name (just for sure ;-) + if (isRegular && callResult) + callResult = userName.equals(resultUserName); + + assertEquals("Calling method invokeRegularMethod() as " + userName, isRegular, callResult); + + + // invoke method that allows all roles. + callResult = false; + resultUserName = null; + try + { + Principal principal = session.invokeUnprotectedMethod(); + log.debug("User " + principal.getName() + " successfully called unprotected method!"); + resultUserName = principal.getName(); + callResult = true; + } + catch (EJBAccessException eae) + { + // this should never happen as long as the user has successfully authenticated. + log.debug("User " + userName + " is not authorized to call unprotected method!", eae); + } + + + assertEquals("Calling method invokeUnprotectedMethod() as " + userName, isGuest, callResult); + + // invoke method that denies access to all roles. + callResult = false; + resultUserName = null; + try + { + Principal principal = session.invokeUnavailableMethod(); + // this should never happen because the method should deny access to all roles. + log.debug("User " + principal.getName() + " successfully called unavailable method!"); + fail("Calling method invokeUnavailableMethod() as " + userName + ", but has to be denied for all users"); + } + catch (EJBAccessException eae) + { + log.debug("User " + userName + " is not authorized to call unavailable method which is OK!"); + assertTrue("Calling method invokeUnavailableMethod() as " + userName, true); + } + + + } + + + private static void createTestArtifacts() + { + + /* picketlink-sts package */ + sts = JBossPLTestHelper.getPicketLinkSTSArchive(); + + /* ejb3-test-app package */ + ejb3App = ShrinkWrap.create(JavaArchive.class, EJB3_APP_FILE_NAME); + ejb3App.setManifest(TEST_HELPER.getResourceFile("MANIFEST.MF")); + ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/jboss.xml")); + ejb3App.addClasses(EasySession.class, EasySessionBean.class); + ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sampleapp-jboss-beans.xml")); + ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sampleapp-roles.properties")); + ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sampleapp-users.properties")); + // has to be on classpath, because it is loaded using getResourceAsStream(..) + ejb3App.addAsResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/sts-config.properties")); + + } + + private static void deployArtifacts() throws Exception + { + log.debug("deploying test artifacts"); + // TEST_HELPER.deploy(sts); + TEST_HELPER.deploy(ejb3App); + } + + private static void undeployArtifacts() throws Exception + { + log.debug("undeploying test artifacts"); + TEST_HELPER.undeploy(ejb3App); + // TEST_HELPER.undeploy(sts); + } + +} Added: integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/MaskedPassSTSIssuingLMEJB3IntegrationTestCase.java =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/MaskedPassSTSIssuingLMEJB3IntegrationTestCase.java (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/MaskedPassSTSIssuingLMEJB3IntegrationTestCase.java 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,237 @@ +package org.picketlink.qa.identity.federation.wstrust.lm; + +import java.util.Hashtable; + +import javax.ejb.EJBAccessException; +import javax.naming.Context; +import javax.naming.InitialContext; + +import junit.extensions.TestSetup; +import junit.framework.Test; +import junit.framework.TestSuite; + +import org.apache.log4j.Logger; +import org.jboss.shrinkwrap.api.ShrinkWrap; +import org.jboss.shrinkwrap.api.spec.JavaArchive; +import org.jboss.shrinkwrap.api.spec.WebArchive; +import org.jboss.wsf.test.JBossWSTest; +import org.jboss.wsf.test.JBossWSTestSetup; +import org.picketlink.identity.federation.core.wstrust.SamlCredential; +import org.picketlink.qa.CommonTestHelper; +import org.picketlink.qa.JBossPLTestHelper; + +/** + * This test case makes sure that org.picketlink.identity.federation.core.wstrust.auth.STSIssuingLoginModule + * works as expected in conjunction with org.picketlink.identity.federation.core.wstrust.auth.STSValidatingLoginModule + * and UsersRolesLoginModule (which supplies roles to the authenticated Subject). + * Login to container uses user name and password credentials as expected by STSIssuingLoginModule. + * + * Checks whether EJB3 client can invoke remote EJB3 methods with following permissions: + * - administrative + * - regular + * - unprotected + * - denied for all + * + * @author pskopek + * + */ +public class MaskedPassSTSIssuingLMEJB3IntegrationTestCase extends JBossWSTest +{ + private static JBossPLTestHelper TEST_HELPER = JBossPLTestHelper.getJBossPLTestHelper(); + + public static Logger log = Logger.getLogger(MaskedPassSTSIssuingLMEJB3IntegrationTestCase.class); + + public static String EJB3_APP_FILE_NAME = "ejb3-test-stsvalidatinglm-mp-app.jar"; + + private static JavaArchive ejb3App = null; + private static WebArchive sts = null; + + public static Test suite() throws Exception + { + createTestArtifacts(); + + TestSuite suite = new TestSuite(); + suite.addTest(new TestSuite(MaskedPassSTSIssuingLMEJB3IntegrationTestCase.class)); + + // Create an initializer for the test suite + TestSetup wrapper = new JBossWSTestSetup(suite) { + @Override + protected void setUp() throws Exception + { + log.trace("Static setUp"); + super.setUp(); + deployArtifacts(); + + } + + @Override + protected void tearDown() throws Exception + { + log.trace("Static tearDown"); + undeployArtifacts(); + super.tearDown(); + } + }; + + return wrapper; + } + + public void testSAML2STSLoginModule() throws Exception + { + performLoginModuleTest("UserA", "PassA", true, true, true); + performLoginModuleTest("UserB", "PassB", false, true, true); + performLoginModuleTest("UserC", "PassC", false, false, true); + } + + private void performLoginModuleTest(String userName, String password, boolean isAdmin, boolean isRegular, boolean isGuest) throws Exception + { + + boolean callResult; + String resultUserName; + + Hashtable<String, Object> env = new Hashtable<String, Object>(); + + env.put("java.naming.factory.initial", "org.jboss.security.jndi.JndiLoginInitialContextFactory"); + env.put("java.naming.factory.url.pkgs", "org.jboss.naming:org.jnp.interfaces"); + env.put("java.naming.provider.url", JBossPLTestHelper.getServerHost() + ":1099"); + + env.put(Context.SECURITY_PRINCIPAL, userName); + env.put(Context.SECURITY_CREDENTIALS, password); + + log.debug("Invoking secure EJB3 session bean with " + userName + " SAML assertion"); + Context context = new InitialContext(env); + Object object = context.lookup("SamlSessionBean/remote"); + SamlSession session = (SamlSession)object; + + // invoke method that requires the Administrator role. + callResult = false; + resultUserName = null; + try + { + SamlCredential sc = session.invokeAdministrativeMethod(); + resultUserName = CommonTestHelper.getSubjectNameIDFromXmlString(sc.getAssertionAsString()); + + log.debug("User " + resultUserName + " successfully called administrative method!"); + log.debug("Principal object = " + resultUserName); + + callResult = true; + } + catch (EJBAccessException eae) + { + log.debug("User " + userName + " is not authorized to call administrative method!", eae); + } + + // in case of admin role check returned principal's name (just for sure ;-) + if (isAdmin && callResult) + callResult = userName.equals(resultUserName); + + assertEquals("Calling method invokeAdministrativeMethod() as " + userName, isAdmin, callResult); + + // invoke method that requires the RegularUser role. + callResult = false; + resultUserName = null; + try + { + SamlCredential sc = session.invokeRegularMethod(); + resultUserName = CommonTestHelper.getSubjectNameIDFromXmlString(sc.getAssertionAsString()); + + log.debug("User " + resultUserName + " successfully called regular method!"); + callResult = true; + } + catch (EJBAccessException eae) + { + log.debug("User " + userName + " is not authorized to call regular method!", eae); + } + + // in case of regular user role check returned principal's name (just for sure ;-) + if (isRegular && callResult) + callResult = userName.equals(resultUserName); + + assertEquals("Calling method invokeRegularMethod() as " + userName, isRegular, callResult); + + // invoke method that allows all roles. + callResult = false; + resultUserName = null; + try + { + SamlCredential sc = session.invokeUnprotectedMethod(); + resultUserName = CommonTestHelper.getSubjectNameIDFromXmlString(sc.getAssertionAsString()); + + log.debug("User " + resultUserName + " successfully called unprotected method!"); + callResult = true; + } + catch (EJBAccessException eae) + { + // this should never happen as long as the user has successfully authenticated. + log.debug("User " + userName + " is not authorized to call unprotected method!", eae); + } + + assertEquals("Calling method invokeUnprotectedMethod() as " + userName, isGuest, callResult); + + // invoke method that denies access to all roles. + callResult = false; + resultUserName = null; + try + { + SamlCredential sc = session.invokeUnavailableMethod(); + // this should never happen because the method should deny access to all roles. + resultUserName = CommonTestHelper.getSubjectNameIDFromXmlString(sc.getAssertionAsString()); + log.debug("User " + resultUserName + " successfully called unavailable method!"); + fail("Calling method invokeUnavailableMethod() as " + userName + ", but has to be denied for all users"); + } + catch (EJBAccessException eae) + { + log.debug("User " + userName + " is not authorized to call unavailable method which is OK!"); + assertTrue("Calling method invokeUnavailableMethod() as " + userName, true); + } + + } + + @Override + protected void setUp() throws Exception + { + log.trace("Dynamic Setting up test"); + super.setUp(); + } + + @Override + protected void tearDown() throws Exception + { + log.trace("Dynamic Tearing down test env."); + super.tearDown(); + } + + private static void createTestArtifacts() + { + + /* picketlink-sts package */ + sts = JBossPLTestHelper.getPasswordMaskedPicketLinkSTSArchive(); + + /* ejb3-test-app package */ + ejb3App = ShrinkWrap.create(JavaArchive.class, EJB3_APP_FILE_NAME); + ejb3App.setManifest(TEST_HELPER.getResourceFile("MANIFEST.MF")); + ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/jboss.xml")); + ejb3App.addClasses(SamlSession.class, SamlSessionBean.class); + ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sts-issuing-lm-jboss-beans.xml")); + ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sampleapp-roles.properties")); + ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sampleapp-users.properties")); + // has to be on classpath, because it is loaded using getResourceAsStream(..) + ejb3App.addAsResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/sts-config.properties")); + + } + + private static void deployArtifacts() throws Exception + { + log.debug("deploying test artifacts"); + // TEST_HELPER.deploy(sts); + TEST_HELPER.deploy(ejb3App); + } + + private static void undeployArtifacts() throws Exception + { + log.debug("undeploying test artifacts"); + TEST_HELPER.undeploy(ejb3App); + // TEST_HELPER.undeploy(sts); + } + +} Added: integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/MaskedPassSTSIssuingLMWSTestCase.java =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/MaskedPassSTSIssuingLMWSTestCase.java (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/MaskedPassSTSIssuingLMWSTestCase.java 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,234 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ + +package org.picketlink.qa.identity.federation.wstrust.lm; + +import java.net.URL; +import java.util.Map; + +import javax.xml.namespace.QName; +import javax.xml.ws.BindingProvider; +import javax.xml.ws.Service; +import javax.xml.ws.WebServiceException; + +import junit.extensions.TestSetup; +import junit.framework.Test; +import junit.framework.TestSuite; + +import org.apache.log4j.Logger; +import org.jboss.shrinkwrap.api.ShrinkWrap; +import org.jboss.shrinkwrap.api.spec.JavaArchive; +import org.jboss.shrinkwrap.api.spec.WebArchive; +import org.jboss.wsf.test.JBossWSTest; +import org.jboss.wsf.test.JBossWSTestSetup; +import org.picketlink.qa.JBossPLTestHelper; + +/** + * This test case makes sure that org.picketlink.identity.federation.core.wstrust.auth.STSIssuingLoginModule + * works as expected in conjunction with org.picketlink.identity.federation.core.wstrust.auth.STSValidatingLoginModule + * and UsersRolesLoginModule (which supplies roles to the authenticated Subject). + * Login to web service uses user name and password credentials as expected by STSIssuingLoginModule. + * + * @author pskopek + * + */ +public class MaskedPassSTSIssuingLMWSTestCase extends JBossWSTest +{ + public final String TARGET_ENDPOINT_ADDRESS = "http://" + getServerHost() + ":8080/jaxws-securityDomain"; + + private static JBossPLTestHelper TEST_HELPER = JBossPLTestHelper.getJBossPLTestHelper(); + + public static Logger log = Logger.getLogger(MaskedPassSTSIssuingLMWSTestCase.class); + + public static final String WS_FILE_NAME = "jaxws-stsval-mp-securityDomain.jar"; + + private static JavaArchive ws = null; + private static WebArchive sts = null; + + + public static Test suite() throws Exception + { + createTestArtifacts(); + + TestSuite suite = new TestSuite(); + suite.addTest(new TestSuite(MaskedPassSTSIssuingLMWSTestCase.class)); + + // Create an initializer for the test suite + TestSetup wrapper = new JBossWSTestSetup(suite) { + @Override + protected void setUp() throws Exception + { + log.trace("Static setUp"); + super.setUp(); + deployArtifacts(); + + } + + @Override + protected void tearDown() throws Exception + { + log.trace("Static tearDown"); + undeployArtifacts(); + super.tearDown(); + } + }; + + return wrapper; + + } + + + private static void createTestArtifacts() + { + + /* picketlink-sts package */ + sts = JBossPLTestHelper.getPasswordMaskedPicketLinkSTSArchive(); + + /* ejb3-test-app package */ + ws = ShrinkWrap.create(JavaArchive.class, WS_FILE_NAME); + ws.setManifest(TEST_HELPER.getResourceFile("MANIFEST.MF")); + ws.addClasses(SecureEndpointImpl.class); + ws.addAsManifestResource(TEST_HELPER.getResourceFile("fed/securitydomain/ws-sample-jboss-beans.xml")); + ws.addAsManifestResource(TEST_HELPER.getResourceFile("fed/securitydomain/ws-sample-roles.properties")); + ws.addAsManifestResource(TEST_HELPER.getResourceFile("fed/securitydomain/ws-sample-users.properties")); + // has to be on classpath, because it is loaded using getResourceAsStream(..) + // take this one, because we can have all at the same place + ws.addAsResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/sts-config.properties")); + + } + + private static void deployArtifacts() throws Exception + { + log.debug("deploying test artifacts"); + // TEST_HELPER.deploy(sts); + TEST_HELPER.deploy(ws); + } + + private static void undeployArtifacts() throws Exception + { + log.debug("undeploying test artifacts"); + TEST_HELPER.undeploy(ws); + // TEST_HELPER.undeploy(sts); + } + + private SecureEndpoint getPort() throws Exception + { + URL wsdlURL = new URL(TARGET_ENDPOINT_ADDRESS + "?wsdl"); + QName serviceName = new QName("http://org.jboss.ws/securityDomain", "SecureEndpointService"); + SecureEndpoint port = Service.create(wsdlURL, serviceName).getPort(SecureEndpoint.class); + return port; + } + + + /** + * Tests whether invoking secured web service without principal fails as expected. + * @throws Exception + */ + public void testNegativeNoPrincipal() throws Exception + { + SecureEndpoint port = getPort(); + try + { + port.echo("Hello"); + fail("Expected: Invalid HTTP server response [401] - Unauthorized"); + } + catch (WebServiceException ex) + { + // all good + } + } + + /** + * Tests if invoking secured web service with invalid credential fails as expected. + * @throws Exception + */ + public void testNegativeWrongCredential() throws Exception + { + + String userName = "UserA"; + String password = "XXX"; + + SecureEndpoint port = getPort(); + + Map<String, Object> reqContext = ((BindingProvider)port).getRequestContext(); + reqContext.put(BindingProvider.USERNAME_PROPERTY, userName); + reqContext.put(BindingProvider.PASSWORD_PROPERTY, password); + + try { + port.echo("Hello"); + fail("Expected: Invalid HTTP server response [401] - Unauthorized"); + } + catch (WebServiceException ex) + { + // all good + } + } + + /** + * Tests if invoking secured web service with invalid principal fails as expected. + * @throws Exception + */ + public void testNegativeWrongPrincipal() throws Exception + { + + String userName = "UserX"; + String password = "PassA"; + + SecureEndpoint port = getPort(); + + Map<String, Object> reqContext = ((BindingProvider)port).getRequestContext(); + reqContext.put(BindingProvider.USERNAME_PROPERTY, userName); + reqContext.put(BindingProvider.PASSWORD_PROPERTY, password); + + try { + port.echo("Hello"); + fail("Expected: Invalid HTTP server response [401] - Unauthorized"); + } + catch (WebServiceException ex) + { + // all good + } + } + + + /** + * Tests if invoking secured web service with proper principal and credential is possible. + * @throws Exception + */ + public void testPositive() throws Exception + { + + String userName = "UserA"; + String password = "PassA"; + + SecureEndpoint port = getPort(); + + Map<String, Object> reqContext = ((BindingProvider)port).getRequestContext(); + reqContext.put(BindingProvider.USERNAME_PROPERTY, userName); + reqContext.put(BindingProvider.PASSWORD_PROPERTY, password); + + String retObj = port.echo("Hello"); + assertEquals("Hello", retObj); + } + + +} Added: integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SAML2STSLoginModuleTestCase.java =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SAML2STSLoginModuleTestCase.java (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SAML2STSLoginModuleTestCase.java 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,261 @@ +package org.picketlink.qa.identity.federation.wstrust.lm; + +import java.security.Principal; +import java.util.Hashtable; + +import javax.ejb.EJBAccessException; +import javax.naming.Context; +import javax.naming.InitialContext; + +import junit.extensions.TestSetup; +import junit.framework.Test; +import junit.framework.TestSuite; + + +import org.apache.log4j.Logger; +import org.jboss.shrinkwrap.api.ShrinkWrap; +import org.jboss.shrinkwrap.api.spec.JavaArchive; +import org.jboss.shrinkwrap.api.spec.WebArchive; +import org.jboss.wsf.test.JBossWSTest; +import org.jboss.wsf.test.JBossWSTestSetup; +import org.picketlink.identity.federation.api.wstrust.WSTrustClient; +import org.picketlink.identity.federation.api.wstrust.WSTrustClient.SecurityInfo; +import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; +import org.picketlink.identity.federation.core.wstrust.SamlCredential; +import org.picketlink.identity.federation.core.wstrust.WSTrustException; +import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil; +import org.picketlink.qa.JBossPLTestHelper; +import org.w3c.dom.Element; + +/** + * This test case utilizes org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSLoginModule in + * conjunction with UsersRolesLoginModule (which provides roles for authenticated principal). + * 1. it gets SAML token from STS + * 2. uses the token as credential in login to container + * 3. tests if EJB3 client can invoke remote EJB3 methods with following permissions: + * - administrative + * - regular + * - unprotected + * - denied for all + * + * @author pskopek + * + */ +public class SAML2STSLoginModuleTestCase extends JBossWSTest +{ + private static JBossPLTestHelper TEST_HELPER = JBossPLTestHelper.getJBossPLTestHelper(); + + public static Logger log = Logger.getLogger(SAML2STSLoginModuleTestCase.class); + + public static String EJB3_APP_FILE_NAME = "ejb3-test-saml2stslm-app.jar"; + + private static JavaArchive ejb3App = null; + private static WebArchive sts = null; + + + public static Test suite() throws Exception + { + createTestArtifacts(); + + TestSuite suite = new TestSuite(); + suite.addTest(new TestSuite(SAML2STSLoginModuleTestCase.class)); + + // Create an initializer for the test suite + TestSetup wrapper = new JBossWSTestSetup(suite) { + @Override + protected void setUp() throws Exception + { + log.trace("Static setUp"); + super.setUp(); + deployArtifacts(); + + } + + @Override + protected void tearDown() throws Exception + { + log.trace("Static tearDown"); + undeployArtifacts(); + super.tearDown(); + } + }; + + return wrapper; + + } + + public void testSAML2STSLoginModule() throws Exception + { + performLoginModuleTest("UserA", "PassA", true, true, true); + performLoginModuleTest("UserB", "PassB", false, true, true); + performLoginModuleTest("UserC", "PassC", false, false, true); + } + + private void performLoginModuleTest(String userName, String password, boolean isAdmin, boolean isRegular, boolean isGuest) throws Exception + { + + // create a WSTrustClient instance. + WSTrustClient client = new WSTrustClient("PicketLinkSTS", "PicketLinkSTSPort", + "http://localhost:8080/picketlink-sts/PicketLinkSTS", + new SecurityInfo(userName, password)); + + // issue a SAML assertion using the client API. + Element assertion = null; + + try + { + log.debug("Invoking token service to get SAML assertion for " + userName); + assertion = client.issueToken(SAMLUtil.SAML2_TOKEN_TYPE); + log.debug("SAML assertion for " + userName + " successfully obtained!"); + if (log.isTraceEnabled()) + log.trace("token received="+DocumentUtil.getDOMElementAsString(assertion)); + } + catch (WSTrustException wse) + { + log.error("Unable to issue assertion", wse); + fail("Unable to issue assertion: " + wse.getMessage()); + } + + if (log.isDebugEnabled()) + log.debug("validate " + client.validateToken(assertion)); + + boolean callResult; + String resultUserName; + + + Hashtable<String, Object> env = new Hashtable<String, Object>(); + + env.put("java.naming.factory.initial", "org.jboss.security.jndi.JndiLoginInitialContextFactory"); + env.put("java.naming.factory.url.pkgs", "org.jboss.naming:org.jnp.interfaces"); + env.put("java.naming.provider.url", JBossPLTestHelper.getServerHost() + ":1099"); + + // invoke the remote EJB using the assertion as the credential. + env.put(Context.SECURITY_PRINCIPAL, userName); + SamlCredential scred = new SamlCredential(assertion); + env.put(Context.SECURITY_CREDENTIALS, scred); + + log.debug("Invoking secure EJB3 session bean with " + userName + " SAML assertion"); + Context context = new InitialContext(env); + Object object = context.lookup("EasySessionBean/remote"); + //EasySession session = (EasySession) PortableRemoteObject.narrow(object, EasySession.class); + EasySession session = (EasySession) object; + + + + // invoke method that requires the Administrator role. + callResult = false; + resultUserName = null; + try + { + Principal principal = session.invokeAdministrativeMethod(); + log.debug("User " + principal.getName() + " successfully called administrative method!"); + resultUserName = principal.getName(); + callResult = true; + } + catch (EJBAccessException eae) + { + log.debug("User " + userName + " is not authorized to call administrative method!", eae); + } + + // in case of admin role check returned principal's name (just for sure ;-) + if (isAdmin && callResult) + callResult = userName.equals(resultUserName); + + assertEquals("Calling method invokeAdministrativeMethod() as " + userName, isAdmin, callResult); + + + // invoke method that requires the RegularUser role. + callResult = false; + resultUserName = null; + try + { + Principal principal = session.invokeRegularMethod(); + log.debug("User " + principal.getName() + " successfully called regular method!"); + resultUserName = principal.getName(); + callResult = true; + } + catch (EJBAccessException eae) + { + log.debug("User " + userName + " is not authorized to call regular method!", eae); + } + + // in case of regular user role check returned principal's name (just for sure ;-) + if (isRegular && callResult) + callResult = userName.equals(resultUserName); + + assertEquals("Calling method invokeRegularMethod() as " + userName, isRegular, callResult); + + + // invoke method that allows all roles. + callResult = false; + resultUserName = null; + try + { + Principal principal = session.invokeUnprotectedMethod(); + log.debug("User " + principal.getName() + " successfully called unprotected method!"); + resultUserName = principal.getName(); + callResult = true; + } + catch (EJBAccessException eae) + { + // this should never happen as long as the user has successfully authenticated. + log.debug("User " + userName + " is not authorized to call unprotected method!", eae); + } + + + assertEquals("Calling method invokeUnprotectedMethod() as " + userName, isGuest, callResult); + + // invoke method that denies access to all roles. + callResult = false; + resultUserName = null; + try + { + Principal principal = session.invokeUnavailableMethod(); + // this should never happen because the method should deny access to all roles. + log.debug("User " + principal.getName() + " successfully called unavailable method!"); + fail("Calling method invokeUnavailableMethod() as " + userName + ", but has to be denied for all users"); + } + catch (EJBAccessException eae) + { + log.debug("User " + userName + " is not authorized to call unavailable method which is OK!"); + assertTrue("Calling method invokeUnavailableMethod() as " + userName, true); + } + + + } + + + private static void createTestArtifacts() + { + + /* picketlink-sts package */ + sts = JBossPLTestHelper.getPicketLinkSTSArchive(); + + /* ejb3-test-app package */ + ejb3App = ShrinkWrap.create(JavaArchive.class, EJB3_APP_FILE_NAME); + ejb3App.setManifest(TEST_HELPER.getResourceFile("MANIFEST.MF")); + ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/jboss.xml")); + ejb3App.addClasses(EasySession.class, EasySessionBean.class); + ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sampleapp-jboss-beans.xml")); + ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sampleapp-roles.properties")); + ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sampleapp-users.properties")); + // has to be on classpath, because it is loaded using getResourceAsStream(..) + ejb3App.addAsResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/sts-config.properties")); + + } + + private static void deployArtifacts() throws Exception + { + log.debug("deploying test artifacts"); + // TEST_HELPER.deploy(sts); + TEST_HELPER.deploy(ejb3App); + } + + private static void undeployArtifacts() throws Exception + { + log.debug("undeploying test artifacts"); + TEST_HELPER.undeploy(ejb3App); + // TEST_HELPER.undeploy(sts); + } + +} Added: integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/STSIssuingLMEJB3IntegrationTestCase.java =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/STSIssuingLMEJB3IntegrationTestCase.java (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/STSIssuingLMEJB3IntegrationTestCase.java 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,237 @@ +package org.picketlink.qa.identity.federation.wstrust.lm; + +import java.util.Hashtable; + +import javax.ejb.EJBAccessException; +import javax.naming.Context; +import javax.naming.InitialContext; + +import junit.extensions.TestSetup; +import junit.framework.Test; +import junit.framework.TestSuite; + +import org.apache.log4j.Logger; +import org.jboss.shrinkwrap.api.ShrinkWrap; +import org.jboss.shrinkwrap.api.spec.JavaArchive; +import org.jboss.shrinkwrap.api.spec.WebArchive; +import org.jboss.wsf.test.JBossWSTest; +import org.jboss.wsf.test.JBossWSTestSetup; +import org.picketlink.identity.federation.core.wstrust.SamlCredential; +import org.picketlink.qa.CommonTestHelper; +import org.picketlink.qa.JBossPLTestHelper; + +/** + * This test case makes sure that org.picketlink.identity.federation.core.wstrust.auth.STSIssuingLoginModule + * works as expected in conjunction with org.picketlink.identity.federation.core.wstrust.auth.STSValidatingLoginModule + * and UsersRolesLoginModule (which supplies roles to the authenticated Subject). + * Login to container uses user name and password credentials as expected by STSIssuingLoginModule. + * + * Checks whether EJB3 client can invoke remote EJB3 methods with following permissions: + * - administrative + * - regular + * - unprotected + * - denied for all + * + * @author pskopek + * + */ +public class STSIssuingLMEJB3IntegrationTestCase extends JBossWSTest +{ + private static JBossPLTestHelper TEST_HELPER = JBossPLTestHelper.getJBossPLTestHelper(); + + public static Logger log = Logger.getLogger(STSIssuingLMEJB3IntegrationTestCase.class); + + public static String EJB3_APP_FILE_NAME = "ejb3-test-stsvalidatinglm-app.jar"; + + private static JavaArchive ejb3App = null; + private static WebArchive sts = null; + + public static Test suite() throws Exception + { + createTestArtifacts(); + + TestSuite suite = new TestSuite(); + suite.addTest(new TestSuite(STSIssuingLMEJB3IntegrationTestCase.class)); + + // Create an initializer for the test suite + TestSetup wrapper = new JBossWSTestSetup(suite) { + @Override + protected void setUp() throws Exception + { + log.trace("Static setUp"); + super.setUp(); + deployArtifacts(); + + } + + @Override + protected void tearDown() throws Exception + { + log.trace("Static tearDown"); + undeployArtifacts(); + super.tearDown(); + } + }; + + return wrapper; + } + + public void testSAML2STSLoginModule() throws Exception + { + performLoginModuleTest("UserA", "PassA", true, true, true); + performLoginModuleTest("UserB", "PassB", false, true, true); + performLoginModuleTest("UserC", "PassC", false, false, true); + } + + private void performLoginModuleTest(String userName, String password, boolean isAdmin, boolean isRegular, boolean isGuest) throws Exception + { + + boolean callResult; + String resultUserName; + + Hashtable<String, Object> env = new Hashtable<String, Object>(); + + env.put("java.naming.factory.initial", "org.jboss.security.jndi.JndiLoginInitialContextFactory"); + env.put("java.naming.factory.url.pkgs", "org.jboss.naming:org.jnp.interfaces"); + env.put("java.naming.provider.url", JBossPLTestHelper.getServerHost() + ":1099"); + + env.put(Context.SECURITY_PRINCIPAL, userName); + env.put(Context.SECURITY_CREDENTIALS, password); + + log.debug("Invoking secure EJB3 session bean with " + userName + " SAML assertion"); + Context context = new InitialContext(env); + Object object = context.lookup("SamlSessionBean/remote"); + SamlSession session = (SamlSession)object; + + // invoke method that requires the Administrator role. + callResult = false; + resultUserName = null; + try + { + SamlCredential sc = session.invokeAdministrativeMethod(); + resultUserName = CommonTestHelper.getSubjectNameIDFromXmlString(sc.getAssertionAsString()); + + log.debug("User " + resultUserName + " successfully called administrative method!"); + log.debug("Principal object = " + resultUserName); + + callResult = true; + } + catch (EJBAccessException eae) + { + log.debug("User " + userName + " is not authorized to call administrative method!", eae); + } + + // in case of admin role check returned principal's name (just for sure ;-) + if (isAdmin && callResult) + callResult = userName.equals(resultUserName); + + assertEquals("Calling method invokeAdministrativeMethod() as " + userName, isAdmin, callResult); + + // invoke method that requires the RegularUser role. + callResult = false; + resultUserName = null; + try + { + SamlCredential sc = session.invokeRegularMethod(); + resultUserName = CommonTestHelper.getSubjectNameIDFromXmlString(sc.getAssertionAsString()); + + log.debug("User " + resultUserName + " successfully called regular method!"); + callResult = true; + } + catch (EJBAccessException eae) + { + log.debug("User " + userName + " is not authorized to call regular method!", eae); + } + + // in case of regular user role check returned principal's name (just for sure ;-) + if (isRegular && callResult) + callResult = userName.equals(resultUserName); + + assertEquals("Calling method invokeRegularMethod() as " + userName, isRegular, callResult); + + // invoke method that allows all roles. + callResult = false; + resultUserName = null; + try + { + SamlCredential sc = session.invokeUnprotectedMethod(); + resultUserName = CommonTestHelper.getSubjectNameIDFromXmlString(sc.getAssertionAsString()); + + log.debug("User " + resultUserName + " successfully called unprotected method!"); + callResult = true; + } + catch (EJBAccessException eae) + { + // this should never happen as long as the user has successfully authenticated. + log.debug("User " + userName + " is not authorized to call unprotected method!", eae); + } + + assertEquals("Calling method invokeUnprotectedMethod() as " + userName, isGuest, callResult); + + // invoke method that denies access to all roles. + callResult = false; + resultUserName = null; + try + { + SamlCredential sc = session.invokeUnavailableMethod(); + // this should never happen because the method should deny access to all roles. + resultUserName = CommonTestHelper.getSubjectNameIDFromXmlString(sc.getAssertionAsString()); + log.debug("User " + resultUserName + " successfully called unavailable method!"); + fail("Calling method invokeUnavailableMethod() as " + userName + ", but has to be denied for all users"); + } + catch (EJBAccessException eae) + { + log.debug("User " + userName + " is not authorized to call unavailable method which is OK!"); + assertTrue("Calling method invokeUnavailableMethod() as " + userName, true); + } + + } + + @Override + protected void setUp() throws Exception + { + log.trace("Dynamic Setting up test"); + super.setUp(); + } + + @Override + protected void tearDown() throws Exception + { + log.trace("Dynamic Tearing down test env."); + super.tearDown(); + } + + private static void createTestArtifacts() + { + + /* picketlink-sts package */ + sts = JBossPLTestHelper.getPicketLinkSTSArchive(); + + /* ejb3-test-app package */ + ejb3App = ShrinkWrap.create(JavaArchive.class, EJB3_APP_FILE_NAME); + ejb3App.setManifest(TEST_HELPER.getResourceFile("MANIFEST.MF")); + ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/jboss.xml")); + ejb3App.addClasses(SamlSession.class, SamlSessionBean.class); + ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sts-issuing-lm-jboss-beans.xml")); + ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sampleapp-roles.properties")); + ejb3App.addAsManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sampleapp-users.properties")); + // has to be on classpath, because it is loaded using getResourceAsStream(..) + ejb3App.addAsResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/sts-config.properties")); + + } + + private static void deployArtifacts() throws Exception + { + log.debug("deploying test artifacts"); + // TEST_HELPER.deploy(sts); + TEST_HELPER.deploy(ejb3App); + } + + private static void undeployArtifacts() throws Exception + { + log.debug("undeploying test artifacts"); + TEST_HELPER.undeploy(ejb3App); + // TEST_HELPER.undeploy(sts); + } + +} Added: integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/STSIssuingLMWSTestCase.java =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/STSIssuingLMWSTestCase.java (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/STSIssuingLMWSTestCase.java 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,234 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ + +package org.picketlink.qa.identity.federation.wstrust.lm; + +import java.net.URL; +import java.util.Map; + +import javax.xml.namespace.QName; +import javax.xml.ws.BindingProvider; +import javax.xml.ws.Service; +import javax.xml.ws.WebServiceException; + +import junit.extensions.TestSetup; +import junit.framework.Test; +import junit.framework.TestSuite; + +import org.apache.log4j.Logger; +import org.jboss.shrinkwrap.api.ShrinkWrap; +import org.jboss.shrinkwrap.api.spec.JavaArchive; +import org.jboss.shrinkwrap.api.spec.WebArchive; +import org.jboss.wsf.test.JBossWSTest; +import org.jboss.wsf.test.JBossWSTestSetup; +import org.picketlink.qa.JBossPLTestHelper; + +/** + * This test case makes sure that org.picketlink.identity.federation.core.wstrust.auth.STSIssuingLoginModule + * works as expected in conjunction with org.picketlink.identity.federation.core.wstrust.auth.STSValidatingLoginModule + * and UsersRolesLoginModule (which supplies roles to the authenticated Subject). + * Login to web service uses user name and password credentials as expected by STSIssuingLoginModule. + * + * @author pskopek + * + */ +public class STSIssuingLMWSTestCase extends JBossWSTest +{ + public final String TARGET_ENDPOINT_ADDRESS = "http://" + getServerHost() + ":8080/jaxws-securityDomain"; + + private static JBossPLTestHelper TEST_HELPER = JBossPLTestHelper.getJBossPLTestHelper(); + + public static Logger log = Logger.getLogger(STSIssuingLMWSTestCase.class); + + public static final String WS_FILE_NAME = "jaxws-stsval-securityDomain.jar"; + + private static JavaArchive ws = null; + private static WebArchive sts = null; + + + public static Test suite() throws Exception + { + createTestArtifacts(); + + TestSuite suite = new TestSuite(); + suite.addTest(new TestSuite(STSIssuingLMWSTestCase.class)); + + // Create an initializer for the test suite + TestSetup wrapper = new JBossWSTestSetup(suite) { + @Override + protected void setUp() throws Exception + { + log.trace("Static setUp"); + super.setUp(); + deployArtifacts(); + + } + + @Override + protected void tearDown() throws Exception + { + log.trace("Static tearDown"); + undeployArtifacts(); + super.tearDown(); + } + }; + + return wrapper; + + } + + + private static void createTestArtifacts() + { + + /* picketlink-sts package */ + sts = JBossPLTestHelper.getPicketLinkSTSArchive(); + + /* ejb3-test-app package */ + ws = ShrinkWrap.create(JavaArchive.class, WS_FILE_NAME); + ws.setManifest(TEST_HELPER.getResourceFile("MANIFEST.MF")); + ws.addClasses(SecureEndpointImpl.class); + ws.addAsManifestResource(TEST_HELPER.getResourceFile("fed/securitydomain/ws-sample-jboss-beans.xml")); + ws.addAsManifestResource(TEST_HELPER.getResourceFile("fed/securitydomain/ws-sample-roles.properties")); + ws.addAsManifestResource(TEST_HELPER.getResourceFile("fed/securitydomain/ws-sample-users.properties")); + // has to be on classpath, because it is loaded using getResourceAsStream(..) + // take this one, because we can have all at the same place + ws.addAsResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/sts-config.properties")); + + } + + private static void deployArtifacts() throws Exception + { + log.debug("deploying test artifacts"); + // TEST_HELPER.deploy(sts); + TEST_HELPER.deploy(ws); + } + + private static void undeployArtifacts() throws Exception + { + log.debug("undeploying test artifacts"); + TEST_HELPER.undeploy(ws); + // TEST_HELPER.undeploy(sts); + } + + private SecureEndpoint getPort() throws Exception + { + URL wsdlURL = new URL(TARGET_ENDPOINT_ADDRESS + "?wsdl"); + QName serviceName = new QName("http://org.jboss.ws/securityDomain", "SecureEndpointService"); + SecureEndpoint port = Service.create(wsdlURL, serviceName).getPort(SecureEndpoint.class); + return port; + } + + + /** + * Tests whether invoking secured web service without principal fails as expected. + * @throws Exception + */ + public void testNegativeNoPrincipal() throws Exception + { + SecureEndpoint port = getPort(); + try + { + port.echo("Hello"); + fail("Expected: Invalid HTTP server response [401] - Unauthorized"); + } + catch (WebServiceException ex) + { + // all good + } + } + + /** + * Tests if invoking secured web service with invalid credential fails as expected. + * @throws Exception + */ + public void testNegativeWrongCredential() throws Exception + { + + String userName = "UserA"; + String password = "XXX"; + + SecureEndpoint port = getPort(); + + Map<String, Object> reqContext = ((BindingProvider)port).getRequestContext(); + reqContext.put(BindingProvider.USERNAME_PROPERTY, userName); + reqContext.put(BindingProvider.PASSWORD_PROPERTY, password); + + try { + port.echo("Hello"); + fail("Expected: Invalid HTTP server response [401] - Unauthorized"); + } + catch (WebServiceException ex) + { + // all good + } + } + + /** + * Tests if invoking secured web service with invalid principal fails as expected. + * @throws Exception + */ + public void testNegativeWrongPrincipal() throws Exception + { + + String userName = "UserX"; + String password = "PassA"; + + SecureEndpoint port = getPort(); + + Map<String, Object> reqContext = ((BindingProvider)port).getRequestContext(); + reqContext.put(BindingProvider.USERNAME_PROPERTY, userName); + reqContext.put(BindingProvider.PASSWORD_PROPERTY, password); + + try { + port.echo("Hello"); + fail("Expected: Invalid HTTP server response [401] - Unauthorized"); + } + catch (WebServiceException ex) + { + // all good + } + } + + + /** + * Tests if invoking secured web service with proper principal and credential is possible. + * @throws Exception + */ + public void testPositive() throws Exception + { + + String userName = "UserA"; + String password = "PassA"; + + SecureEndpoint port = getPort(); + + Map<String, Object> reqContext = ((BindingProvider)port).getRequestContext(); + reqContext.put(BindingProvider.USERNAME_PROPERTY, userName); + reqContext.put(BindingProvider.PASSWORD_PROPERTY, password); + + String retObj = port.echo("Hello"); + assertEquals("Hello", retObj); + } + + +} Added: integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SamlSession.java =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SamlSession.java (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SamlSession.java 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,82 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ + +package org.picketlink.qa.identity.federation.wstrust.lm; + +import org.picketlink.identity.federation.core.wstrust.SamlCredential; + +/** + * @author pskopek + * + */ +public interface SamlSession +{ + + public static final String SUBJECT_CONTEXT_KEY = "javax.security.auth.Subject.container"; + + + /** + * <p> + * This is a method available for regular users and administrators. Implementations must annotate either the class or + * this method with {@code @RolesAllowed({"RegularUser", "Administrator"})} to enforce that only these roles should + * be granted access to this method. + * </p> + * + * @return the caller's {@code Principal}. + */ + public SamlCredential invokeRegularMethod(); + + + /** + * <p> + * This is a method available for administrators only. Implementations must annotate either the class or this method + * with {@code @RolesAllowed({"Administrator"})} to enforce that only administrators should be granted access to + * this method. + * </p> + * + * @return the caller's {@code Principal}. + */ + public SamlCredential invokeAdministrativeMethod(); + + + /** + * <p> + * This is a method available for all authenticated users, regardless or role. Implementations must annotate this + * method with {@code @PermitAll} to specify that all security roles should be granted access. + * </p> + * + * @return the caller's {@code Principal}. + */ + public SamlCredential invokeUnprotectedMethod(); + + + /** + * <p> + * This is a method that is unavailable for everybody. Implementations must annotate this method with + * {@code @DenyAll} to specify that access should be restricted for everybody. + * </p> + * + * @return the caller's {@code Principal}. + */ + public SamlCredential invokeUnavailableMethod(); + +} Added: integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SamlSessionBean.java =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SamlSessionBean.java (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SamlSessionBean.java 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,111 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ + +package org.picketlink.qa.identity.federation.wstrust.lm; + +import javax.annotation.security.DenyAll; +import javax.annotation.security.PermitAll; +import javax.annotation.security.RolesAllowed; +import javax.ejb.EJBException; +import javax.ejb.Remote; +import javax.ejb.Stateless; +import javax.security.auth.Subject; +import javax.security.jacc.PolicyContext; +import javax.security.jacc.PolicyContextException; + +import org.apache.log4j.Logger; +import org.picketlink.identity.federation.core.wstrust.SamlCredential; + +/** + * @author pskopek + * + */ +@Stateless +(a)Remote(SamlSession.class) +@RolesAllowed( { "RegularUser", "Administrator" }) +public class SamlSessionBean implements SamlSession +{ + + Logger log = Logger.getLogger(SamlSessionBean.class); + + private SamlCredential getCallerSamlCredential() + { + + try + { + Subject callerSubject = (Subject)PolicyContext.getContext(SamlSession.SUBJECT_CONTEXT_KEY); + for (Object o : callerSubject.getPublicCredentials()) + { + if (log.isTraceEnabled()) + log.trace("Public Credential = " + o); + if (o instanceof SamlCredential) + { + return (SamlCredential)o; + } + } + + return null; + + } + catch (PolicyContextException e) + { + throw new EJBException(e); + } + + } + + /* (non-Javadoc) + * @see org.picketlink.qa.identity.federation.wstrust.lm.EasySession#invokeAdministrativeMethod() + */ + @RolesAllowed( { "Administrator" }) + public SamlCredential invokeAdministrativeMethod() + { + return getCallerSamlCredential(); + } + + /* (non-Javadoc) + * @see org.picketlink.qa.identity.federation.wstrust.lm.EasySession#invokeRegularMethod() + */ + public SamlCredential invokeRegularMethod() + { + return getCallerSamlCredential(); + } + + /* (non-Javadoc) + * @see org.picketlink.qa.identity.federation.wstrust.lm.EasySession#invokeUnavailableMethod() + */ + @DenyAll + public SamlCredential invokeUnavailableMethod() + { + return getCallerSamlCredential(); + } + + /* (non-Javadoc) + * @see org.picketlink.qa.identity.federation.wstrust.lm.EasySession#invokeUnprotectedMethod() + */ + @PermitAll + public SamlCredential invokeUnprotectedMethod() + { + return getCallerSamlCredential(); + } + +} Added: integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SecureEndpoint.java =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SecureEndpoint.java (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SecureEndpoint.java 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,40 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2006, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.qa.identity.federation.wstrust.lm; + +import javax.jws.WebMethod; +import javax.jws.WebParam; +import javax.jws.WebResult; +import javax.jws.WebService; +import javax.jws.soap.SOAPBinding; +import javax.jws.soap.SOAPBinding.Style; + +@WebService(name = "SecureEndpoint", targetNamespace = "http://org.jboss.ws/securityDomain") +@SOAPBinding(style = Style.RPC) +public interface SecureEndpoint +{ + + @WebMethod + @WebResult(targetNamespace = "http://org.jboss.ws/securityDomain", partName = "return") + public String echo(@WebParam(name = "arg0", partName = "arg0") String arg0); + +} Added: integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SecureEndpointImpl.java =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SecureEndpointImpl.java (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/java/org/picketlink/qa/identity/federation/wstrust/lm/SecureEndpointImpl.java 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,66 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2006, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.qa.identity.federation.wstrust.lm; + +import javax.annotation.security.RolesAllowed; +import javax.ejb.Stateless; +import javax.jws.WebMethod; +import javax.jws.WebService; +import javax.jws.soap.SOAPBinding; +import javax.jws.soap.SOAPBinding.Style; + +import org.jboss.ejb3.annotation.SecurityDomain; +import org.jboss.logging.Logger; +import org.jboss.wsf.spi.annotation.AuthMethod; +import org.jboss.wsf.spi.annotation.TransportGuarantee; +import org.jboss.wsf.spi.annotation.WebContext; + +@Stateless(name = "SecureEndpoint") +@SOAPBinding(style = Style.RPC) +@WebService +( + name = "SecureEndpoint", + serviceName = "SecureEndpointService", + targetNamespace = "http://org.jboss.ws/securityDomain" +) +@WebContext +( + contextRoot="/jaxws-securityDomain", + urlPattern="/*", + authMethod = AuthMethod.BASIC, + transportGuarantee = TransportGuarantee.NONE, + secureWSDLAccess = false +) +@SecurityDomain("ws-sample") +@RolesAllowed("Administrator") +public class SecureEndpointImpl +{ + // Provide logging + private static Logger log = Logger.getLogger(SecureEndpointImpl.class); + + @WebMethod + public String echo(String input) + { + log.info(input); + return input; + } +} Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/MANIFEST.MF =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/resources/MANIFEST.MF (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/MANIFEST.MF 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,3 @@ +Manifest-Version: 1.0 +Created-By: 1.6.0_18 (Sun Microsystems Inc.) + Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/securitydomain/ws-sample-jboss-beans.xml =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/securitydomain/ws-sample-jboss-beans.xml (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/securitydomain/ws-sample-jboss-beans.xml 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,28 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<deployment xmlns="urn:jboss:bean-deployer:2.0"> + + <!-- ejb3 test application-policy definition --> + <application-policy xmlns="urn:jboss:security-beans:1.0" name="ws-sample"> + <authentication> + + <login-module code="org.picketlink.identity.federation.core.wstrust.auth.STSIssuingLoginModule" flag="required"> + <module-option name="password-stacking">true</module-option> + <module-option name="configFile">sts-config.properties</module-option> + <module-option name="tokenType">http://docs.oasis-open.org/wss/oasis-wss-sa... + </login-module> + + <login-module code="org.picketlink.identity.federation.core.wstrust.auth.STSValidatingLoginModule" flag="required"> + <module-option name="password-stacking">useFirstPass</module-option> + <module-option name="configFile">sts-config.properties</module-option> + </login-module> + + <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> + <module-option name="password-stacking">useFirstPass</module-option> + <module-option name="usersProperties">META-INF/ws-sample-users.properties</module-option> + <module-option name="rolesProperties">META-INF/ws-sample-roles.properties</module-option> + </login-module> + </authentication> + </application-policy> + +</deployment> Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/securitydomain/ws-sample-roles.properties =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/securitydomain/ws-sample-roles.properties (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/securitydomain/ws-sample-roles.properties 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,3 @@ +UserA=RegularUser,Administrator +UserB=RegularUser +UserC=Guest \ No newline at end of file Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/securitydomain/ws-sample-users.properties =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/securitydomain/ws-sample-users.properties (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/securitydomain/ws-sample-users.properties 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,4 @@ +#JBoss=JBoss +#UserA=PassA +#UserB=PassB +#UserC=PassC Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/SAMLEJB3IntegrationTest.java =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/SAMLEJB3IntegrationTest.java (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/SAMLEJB3IntegrationTest.java 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,134 @@ +package org.picketlink.qa.identity.federation.wstrust.lm; + +import java.security.Principal; +import java.util.Hashtable; + +import javax.ejb.EJBAccessException; +import javax.naming.Context; +import javax.naming.InitialContext; +import javax.rmi.PortableRemoteObject; + +import org.picketlink.identity.federation.api.wstrust.WSTrustClient; +import org.picketlink.identity.federation.api.wstrust.WSTrustClient.SecurityInfo; +import org.picketlink.identity.federation.core.wstrust.SamlCredential; +import org.picketlink.identity.federation.core.wstrust.WSTrustException; +import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil; +import org.w3c.dom.Element; + +/** + * <p> + * This class tests the usage of SAML assertions to authenticate clients of EJB3 applications on JBoss. This is + * accomplished by having the client first obtain a SAML assertion from the PicketLink STS service and then use + * the assertion as the credential when calling the protected EJB3. + * </p> + * <p> + * The protected EJB3 application used in this test has configured the {@code SAML2STSLoginModule}. This login + * module sends the SAML assertion to the STS for validation in order to authenticate the caller. A second login + * module, {@code UsersRolesLoginModule}, has been used to provide the client's roles. + * </p> + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public class SAMLEJB3IntegrationTest +{ + + private Hashtable<String, Object> env; + + public static void main(String[] args) throws Exception + { + SAMLEJB3IntegrationTest test = new SAMLEJB3IntegrationTest(); + test.testSAMLEJB3Integration("UserA", "PassA"); + //test.testSAMLEJB3Integration("UserB", "PassB"); + //test.testSAMLEJB3Integration("UserC", "PassC"); + } + + public SAMLEJB3IntegrationTest() + { + // initialize the JNDI env that will be used to lookup the test EJB. + this.env = new Hashtable<String, Object>(); + this.env.put("java.naming.factory.initial", "org.jboss.security.jndi.JndiLoginInitialContextFactory"); + this.env.put("java.naming.factory.url.pkgs", "org.jboss.naming:org.jnp.interfaces"); + this.env.put("java.naming.provider.url", "localhost:1099"); + } + + public void testSAMLEJB3Integration(String username, String password) throws Exception + { + /* + // create a WSTrustClient instance. + WSTrustClient client = new WSTrustClient("PicketLinkSTS", "PicketLinkSTSPort", + "http://localhost:8080/picketlink-sts/PicketLinkSTS", + new SecurityInfo(username, password)); + + // issue a SAML assertion using the client API. + Element assertion = null; + try + { + System.out.println("\nInvoking token service to get SAML assertion for " + username); + assertion = client.issueToken(SAMLUtil.SAML2_TOKEN_TYPE); + System.out.println("SAML assertion for " + username + " successfully obtained!"); + } + catch (WSTrustException wse) + { + System.out.println("Unable to issue assertion: " + wse.getMessage()); + wse.printStackTrace(); + System.exit(1); + } + */ + // invoke the remote EJB using the assertion as the credential. + this.env.put(Context.SECURITY_PRINCIPAL, username); + //this.env.put("java.naming.security.credentials", new SamlCredential(assertion)); + this.env.put(Context.SECURITY_CREDENTIALS, password); + + System.out.println("Invoking secure EJB3 session bean with " + username + " SAML assertion"); + Context context = new InitialContext(env); + Object object = context.lookup("EasySessionBean/remote"); + EasySession session = (EasySession) PortableRemoteObject.narrow(object, EasySession.class); + + // invoke method that requires the Administrator role. + try + { + Principal principal = session.invokeAdministrativeMethod(); + System.out.println("User " + principal.getName() + " successfully called administrative method!"); + } + catch (EJBAccessException eae) + { + System.out.println("User " + username + " is not authorized to call administrative method!"); + } + + // invoke method that requires the RegularUser role. + try + { + Principal principal = session.invokeRegularMethod(); + System.out.println("User " + principal.getName() + " successfully called regular method!"); + } + catch (EJBAccessException eae) + { + System.out.println("User " + username + " is not authorized to call regular method!"); + } + + // invoke method that allows all roles. + try + { + Principal principal = session.invokeUnprotectedMethod(); + System.out.println("User " + principal.getName() + " successfully called unprotected method!"); + } + catch (EJBAccessException eae) + { + // this should never happen as long as the user has successfully authenticated. + System.out.println("User " + username + " is not authorized to call unprotected method!"); + } + + // invoke method that denies access to all roles. + try + { + Principal principal = session.invokeUnavailableMethod(); + // this should never happen because the method should deny access to all roles. + System.out.println("User " + principal.getName() + " successfully called unavailable method!"); + } + catch (EJBAccessException eae) + { + System.out.println("User " + username + " is not authorized to call unavailable method!"); + } + + } +} \ No newline at end of file Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/jboss-service.xml =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/jboss-service.xml (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/jboss-service.xml 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,30 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<server> + + <mbean code="org.jboss.security.plugins.JaasSecurityDomain" + name="jboss.security:service=SecurityDomain"> + <constructor> + <arg type="java.lang.String" value="ejb3-sampleapp"/> + </constructor> + <depends>jboss.security:service=JaasSecurityManager</depends> + </mbean> + + <mbean code="org.jboss.security.auth.login.DynamicLoginConfig" + name="jboss:service=DynamicLoginConfig"> + <attribute name="AuthConfig">META-INF/login-config.xml</attribute> + <!-- The service which supports dynamic processing of login-config.xml + configurations. + --> + <depends optional-attribute-name="LoginConfigService"> + jboss.security:service=XMLLoginConfig + </depends> + <!-- Optionally specify the security mgr service to use when + this service is stopped to flush the auth caches of the domains + registered by this service. + --> + <depends optional-attribute-name="SecurityManagerService"> + jboss.security:service=JaasSecurityManager + </depends> + </mbean> +</server> Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/login-config-backup.xml =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/login-config-backup.xml (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/login-config-backup.xml 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,30 @@ +<?xml version='1.0'?> +<!DOCTYPE policy PUBLIC + "-//JBoss//DTD JBOSS Security Config 3.0//EN" + "http://www.jboss.org/j2ee/dtd/security_config.dtd"> + +<policy> + + <application-policy name="ejb3-sampleapp"> + <authentication> + + <login-module code="org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSLoginModule" flag="required"> + <module-option name="password-stacking">useFirstPass</module-option> + <module-option name="configFile">sts-config.properties</module-option> + </login-module> + + <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> + <module-option name="password-stacking">useFirstPass</module-option> + <module-option name="usersProperties">ejb3-sampleapp-users.properties</module-option> + <module-option name="rolesProperties">ejb3-sampleapp-roles.properties</module-option> + </login-module> + + + </authentication> + + + + </application-policy> + +</policy> + Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/sar_creation.txt =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/sar_creation.txt (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/service/sar_creation.txt 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,7 @@ + /* login-mogules.sar package */ + //sar = ShrinkWrap.create(JavaArchive.class, SAR_FILE_NAME); + //sar.addManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/jboss-service.xml")); + //sar.addManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sampleapp-roles.properties")); + //sar.addManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/ejb3-sampleapp-roles.properties")); + //sar.addManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/login-config.xml")); + //sar.addManifestResource(TEST_HELPER.getResourceFile("fed/wstrust-lm/sts-config.properties")); Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/Alice.cer =================================================================== (Binary files differ) Property changes on: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/Alice.cer ___________________________________________________________________ Added: svn:mime-type + application/octet-stream Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/Bob.cer =================================================================== (Binary files differ) Property changes on: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/Bob.cer ___________________________________________________________________ Added: svn:mime-type + application/octet-stream Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/John.cer =================================================================== (Binary files differ) Property changes on: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/John.cer ___________________________________________________________________ Added: svn:mime-type + application/octet-stream Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jboss-service.xml =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jboss-service.xml (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jboss-service.xml 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,36 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<server> + <!-- ==================================================================== --> + <!-- JassSecurityDomain required to use CertRolesLoginModule --> + <!-- ==================================================================== --> + <mbean code="org.jboss.security.plugins.JaasSecurityDomain" + name="jboss.security:service=SecurityDomain"> + <constructor> + <arg type="java.lang.String" value="JBossWSCert"/> + </constructor> + <attribute name="KeyStoreURL">resource:META-INF/keystore.jks</attribute> + <attribute name="KeyStorePass">password</attribute> + <depends>jboss.security:service=JaasSecurityManager</depends> + </mbean> + <!-- ==================================================================== --> + <!-- Dynamic login config to install the CertRolesLoginModule --> + <!-- ==================================================================== --> + <mbean code="org.jboss.security.auth.login.DynamicLoginConfig" + name="jboss:service=DynamicLoginConfig"> + <attribute name="AuthConfig">META-INF/login-config.xml</attribute> + <!-- The service which supports dynamic processing of login-config.xml + configurations. + --> + <depends optional-attribute-name="LoginConfigService"> + jboss.security:service=XMLLoginConfig + </depends> + <!-- Optionally specify the security mgr service to use when + this service is stopped to flush the auth caches of the domains + registered by this service. + --> + <depends optional-attribute-name="SecurityManagerService"> + jboss.security:service=JaasSecurityManager + </depends> + </mbean> +</server> Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jboss-wsse-client.xml =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jboss-wsse-client.xml (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jboss-wsse-client.xml 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd"> + <config> + <sign type="x509v3" alias="1" includeTimestamp="false"/> + <requires> + <signature/> + </requires> + </config> +</jboss-ws-security> \ No newline at end of file Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jboss-wsse-server.xml =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jboss-wsse-server.xml (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jboss-wsse-server.xml 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd"> + <key-store-file>META-INF/bob-sign.jks</key-store-file> + <key-store-password>password</key-store-password> + <key-store-type>jks</key-store-type> + <trust-store-file>META-INF/wsse10.truststore</trust-store-file> + <trust-store-password>password</trust-store-password> + <config> + <sign type="x509v3" alias="1" includeTimestamp="false"/> + <requires> + <signature/> + </requires> + <authenticate> + <signatureCertAuth certificatePrincipal="org.jboss.security.auth.certs.SubjectCNMapping"/> + </authenticate> + </config> +</jboss-ws-security> \ No newline at end of file Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jboss.xml =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jboss.xml (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jboss.xml 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,5 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<jboss> + <security-domain>java:/jaas/JBossWSCert</security-domain> +</jboss> \ No newline at end of file Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jbossws-roles.properties =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jbossws-roles.properties (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/jbossws-roles.properties 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,3 @@ +# A sample roles.properties file for use with the CertRolesLoginModule +alice=friend,girlfriend +john=friend \ No newline at end of file Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/keystore.jks =================================================================== (Binary files differ) Property changes on: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/keystore.jks ___________________________________________________________________ Added: svn:mime-type + application/octet-stream Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/login-config.xml =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/login-config.xml (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/META-INF/login-config.xml 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,20 @@ +<?xml version='1.0'?> +<!DOCTYPE policy PUBLIC + "-//JBoss//DTD JBOSS Security Config 3.0//EN" + "http://www.jboss.org/j2ee/dtd/security_config.dtd"> + +<policy> + + <application-policy name="JBossWSCert"> + <authentication> + <login-module code="org.jboss.security.auth.spi.CertRolesLoginModule" + flag="required"> + <module-option name="rolesProperties">META-INF/jbossws-roles.properties</module-option> + <module-option name="unauthenticatedIdentity">anonymous</module-option> + <module-option name="securityDomain">java:/jaas/JBossWSCert</module-option> + </login-module> + </authentication> + </application-policy> + +</policy> + Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/alice-sign.jks =================================================================== (Binary files differ) Property changes on: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/alice-sign.jks ___________________________________________________________________ Added: svn:mime-type + application/octet-stream Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/bob-sign.jks =================================================================== (Binary files differ) Property changes on: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/bob-sign.jks ___________________________________________________________________ Added: svn:mime-type + application/octet-stream Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/john-sign.jks =================================================================== (Binary files differ) Property changes on: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/john-sign.jks ___________________________________________________________________ Added: svn:mime-type + application/octet-stream Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/readme.txt =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/readme.txt (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/readme.txt 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,114 @@ + ------------------------------------- + Certificates & keystores + ------------------------------------- + + + Alice - Client 1 John - Client 2 Bob - Server + +Signature +-> Keystore alice-sign.jks john-sign.jks bob-sign.jks +-> Truststore wsse10.truststore wsse10.truststore wsse10.truststore + + +> keytool -printcert -file Alice.cer + +Proprietario: CN=Alice, OU=OASIS Interop Test Cert, O=OASIS +Organismo di emissione: CN=OASIS Interop Test CA, O=OASIS +Numero di serie: 33a6047fb155631fed6721178150a899 +Valido da Sat Mar 19 01:00:00 CET 2005 a Tue Mar 20 00:59:59 CET 2018 +Impronte digitali certificato: + MD5: 57:CE:81:F1:03:C4:2C:F7:5B:1A:DE:AC:43:64:0A:84 + SHA1: 6E:0E:88:F3:6E:BB:87:44:D4:70:F6:2F:60:4D:03:EA:4E:BE:50:94 + + +-------------------------------------------------------------------------------------- +> keytool -printcert -file Bob.cer +Proprietario: CN=Bob, OU=OASIS Interop Test Cert, O=OASIS +Organismo di emissione: CN=OASIS Interop Test CA, O=OASIS +Numero di serie: 6038eedbfeac9bbec89d87d3abae71f8 +Valido da Sat Mar 19 01:00:00 CET 2005 a Tue Mar 20 00:59:59 CET 2018 +Impronte digitali certificato: + MD5: 89:3E:86:D2:4F:9C:E7:39:B6:71:8A:EF:00:C5:89:DC + SHA1: 35:03:34:20:1B:EE:A6:50:2D:11:34:2F:93:EE:A0:9F:C0:B5:DF:01 + +-------------------------------------------------------------------------------------- +> keytool -printcert -file John.cer +Proprietario: CN=John, OU=Test, O=Test, L=Test, ST=Test, C=IT +Organismo di emissione: CN=John, OU=Test, O=Test, L=Test, ST=Test, C=IT +Numero di serie: 4832ac71 +Valido da Tue May 20 12:48:17 CEST 2008 a Fri May 18 12:48:17 CEST 2018 +Impronte digitali certificato: + MD5: C8:64:7A:4A:67:AC:73:A2:48:26:0A:B3:84:1D:0C:BB + SHA1: 0A:22:01:1C:11:E0:CC:33:D7:D1:97:D6:BF:0B:3B:77:A3:6C:93:70 + + +-------------------------------------------------------------------------------------- +keytool -list -keystore wsse10.truststore +Immettere la password del keystore: password + +Tipo keystore: jks +Provider keystore: SUN + +Il keystore contiene 3 entry + +alice, 9-mar-2006, trustedCertEntry, +Impronta digitale certificato (MD5): 57:CE:81:F1:03:C4:2C:F7:5B:1A:DE:AC:43:64:0A:84 +bob, 9-mar-2006, trustedCertEntry, +Impronta digitale certificato (MD5): 89:3E:86:D2:4F:9C:E7:39:B6:71:8A:EF:00:C5:89:DC +john, 20-mag-2008, trustedCertEntry, +Impronta digitale certificato (MD5): C8:64:7A:4A:67:AC:73:A2:48:26:0A:B3:84:1D:0C:BB + + +-------------------------------------------------------------------------------------- +> keytool -list -keystore alice-sign.jks +Immettere la password del keystore: password + +Tipo keystore: jks +Provider keystore: SUN + +Il keystore contiene 2 entry + +1, 27-ott-2007, keyEntry, +Impronta digitale certificato (MD5): 57:CE:81:F1:03:C4:2C:F7:5B:1A:DE:AC:43:64:0A:84 + + +-------------------------------------------------------------------------------------- +> keytool -list -keystore bob-sign.jks +Immettere la password del keystore: password + +Tipo keystore: jks +Provider keystore: SUN + +Il keystore contiene 3 entry + +1, 27-ott-2007, keyEntry, +Impronta digitale certificato (MD5): 89:3E:86:D2:4F:9C:E7:39:B6:71:8A:EF:00:C5:89:DC + + +-------------------------------------------------------------------------------------- +> keytool -list -keystore john-sign.jks +Immettere la password del keystore: password + +Tipo keystore: jks +Provider keystore: SUN + +Il keystore contiene 2 entry + +1, 20-mag-2008, keyEntry, +Impronta digitale certificato (MD5): C8:64:7A:4A:67:AC:73:A2:48:26:0A:B3:84:1D:0C:BB + + +-------------------------------------------------------------------------------------- +keytool -list -keystore keystore.jks +Immettere la password del keystore: password + +Tipo keystore: jks +Provider keystore: SUN + +Il keystore contiene 3 entry + +alice, 9-mar-2006, trustedCertEntry, +Impronta digitale certificato (MD5): 57:CE:81:F1:03:C4:2C:F7:5B:1A:DE:AC:43:64:0A:84 +john, 20-mag-2008, trustedCertEntry, +Impronta digitale certificato (MD5): C8:64:7A:4A:67:AC:73:A2:48:26:0A:B3:84:1D:0C:BB + Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/wsse10.truststore =================================================================== (Binary files differ) Property changes on: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust/wsse10.truststore ___________________________________________________________________ Added: svn:mime-type + application/octet-stream Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/classes/picketlink-sts.xml =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/classes/picketlink-sts.xml (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/classes/picketlink-sts.xml 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,21 @@ +<PicketLinkSTS xmlns="urn:picketlink:identity-federation:config:1.0" + STSName="PicketLinkSTS" TokenTimeout="7200" EncryptToken="false"> + <KeyProvider ClassName="org.picketlink.identity.federation.core.impl.KeyStoreKeyManager"> + <Auth Key="KeyStoreURL" Value="${keyStoreURL}"/> + <Auth Key="KeyStorePass" Value="${keyStorePass}"/> + <Auth Key="SigningKeyAlias" Value="${signingKeyAlias}"/> + <Auth Key="SigningKeyPass" Value="${signingKeyPass}"/> + ${additionalMaskingProps} + <ValidatingAlias Key="http://services.testcorp.org/provider1" Value="service1"/> + </KeyProvider> + <TokenProviders> + <TokenProvider ProviderClass="org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider" + TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profi... + TokenElement="Assertion" + TokenElementNS="urn:oasis:names:tc:SAML:2.0:assertion"/> + </TokenProviders> + <ServiceProviders> + <ServiceProvider Endpoint="http://services.testcorp.org/provider1" TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profi... + TruststoreAlias="service1"/> + </ServiceProviders> +</PicketLinkSTS> Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/classes/sts-roles.properties =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/classes/sts-roles.properties (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/classes/sts-roles.properties 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,4 @@ +JBoss=STSClient +UserA=STSClient +UserB=STSClient +UserC=STSClient Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/classes/sts-users.properties =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/classes/sts-users.properties (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/classes/sts-users.properties 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,4 @@ +JBoss=JBoss +UserA=PassA +UserB=PassB +UserC=PassC Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/classes/sts_keystore.jks =================================================================== (Binary files differ) Property changes on: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/classes/sts_keystore.jks ___________________________________________________________________ Added: svn:mime-type + application/octet-stream Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/jboss-web.xml =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/jboss-web.xml (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/jboss-web.xml 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,6 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<jboss-web> + <security-domain>java:/jaas/sts-domain</security-domain> + <context-root>picketlink-sts</context-root> +</jboss-web> Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/jboss-wsse-server.xml =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/jboss-wsse-server.xml (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/jboss-wsse-server.xml 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd"> + <config> + <requires/> + </config> +</jboss-ws-security> Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/sts-jboss-beans.xml =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/sts-jboss-beans.xml (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/sts-jboss-beans.xml 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,15 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<deployment xmlns="urn:jboss:bean-deployer:2.0"> + + <!-- ejb3 test application-policy definition --> + <application-policy xmlns="urn:jboss:security-beans:1.0" name="sts-domain"> + <authentication> + <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> + <module-option name="usersProperties">sts-users.properties</module-option> + <module-option name="rolesProperties">sts-roles.properties</module-option> + </login-module> + </authentication> + </application-policy> + +</deployment> Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/web.xml =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/web.xml (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/web.xml 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,37 @@ +<?xml version="1.0"?> +<!DOCTYPE web-app PUBLIC + "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" + "http://java.sun.com/dtd/web-app_2_3.dtd"> + +<web-app> + <servlet> + <servlet-name>PicketLinkSTS</servlet-name> + <servlet-class>org.picketlink.identity.federation.core.wstrust.PicketLinkSTS</servlet-class> + </servlet> + <servlet-mapping> + <servlet-name>PicketLinkSTS</servlet-name> + <url-pattern>/*</url-pattern> + </servlet-mapping> + + <security-constraint> + <web-resource-collection> + <web-resource-name>TokenService</web-resource-name> + <url-pattern>/*</url-pattern> + <http-method>GET</http-method> + <http-method>POST</http-method> + </web-resource-collection> + <auth-constraint> + <role-name>STSClient</role-name> + </auth-constraint> + </security-constraint> + + <login-config> + <auth-method>BASIC</auth-method> + <realm-name>PicketLinkSTSRealm</realm-name> + </login-config> + + <security-role> + <role-name>STSClient</role-name> + </security-role> + +</web-app> Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/wsdl/PicketLinkSTS.wsdl =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/wsdl/PicketLinkSTS.wsdl (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/STS/WEB-INF/wsdl/PicketLinkSTS.wsdl 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,49 @@ +<?xml version="1.0"?> +<wsdl:definitions name="PicketLinkSTS" targetNamespace="urn:picketlink:identity-federation:sts" + xmlns:tns="urn:picketlink:identity-federation:sts" + xmlns:xsd="http://www.w3.org/2001/XMLSchema" + xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" + xmlns:wsap10="http://www.w3.org/2006/05/addressing/wsdl" + xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/"> + <wsdl:types> + <xs:schema targetNamespace="urn:picketlink:identity-federation:sts" + xmlns:tns="urn:picketlink:identity-federation:sts" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + version="1.0"> + <xs:complexType name="MessageBody"> + <xs:sequence> + <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##any"/> + </xs:sequence> + </xs:complexType> + </xs:schema> + </wsdl:types> + <wsdl:message name="RequestSecurityToken"> + <wsdl:part name="rstMessage" element="tns:MessageBody"/> + </wsdl:message> + <wsdl:message name="RequestSecurityTokenResponse"> + <wsdl:part name="rstrMessage" element="tns:MessageBody"/> + </wsdl:message> + <wsdl:portType name="SecureTokenService"> + <wsdl:operation name="IssueToken"> + <wsdl:input wsap10:Action="http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue... message="tns:RequestSecurityToken"/> + <wsdl:output wsap10:Action="http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issu... message="tns:RequestSecurityTokenResponse"/> + </wsdl:operation> + </wsdl:portType> + <wsdl:binding name="STSBinding" type="tns:SecureTokenService"> + <soap12:binding transport="http://schemas.xmlsoap.org/soap/http"/> + <wsdl:operation name="IssueToken"> + <soap12:operation soapAction="http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue" style="document"/> + <wsdl:input> + <soap12:body use="literal"/> + </wsdl:input> + <wsdl:output> + <soap12:body use="literal"/> + </wsdl:output> + </wsdl:operation> + </wsdl:binding> + <wsdl:service name="PicketLinkSTS"> + <wsdl:port name="PicketLinkSTSPort" binding="tns:STSBinding"> + <soap12:address location="http://localhost:8080/picketlink-sts"/> + </wsdl:port> + </wsdl:service> +</wsdl:definitions> Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/ejb3-sampleapp-jboss-beans.xml =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/ejb3-sampleapp-jboss-beans.xml (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/ejb3-sampleapp-jboss-beans.xml 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,22 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<deployment xmlns="urn:jboss:bean-deployer:2.0"> + + <!-- ejb3 test application-policy definition --> + <application-policy xmlns="urn:jboss:security-beans:1.0" name="ejb3-sampleapp"> + <authentication> + + <login-module code="org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSLoginModule" flag="required"> + <module-option name="password-stacking">useFirstPass</module-option> + <module-option name="configFile">sts-config.properties</module-option> + </login-module> + + <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> + <module-option name="password-stacking">useFirstPass</module-option> + <module-option name="usersProperties">META-INF/ejb3-sampleapp-users.properties</module-option> + <module-option name="rolesProperties">META-INF/ejb3-sampleapp-roles.properties</module-option> + </login-module> + </authentication> + </application-policy> + +</deployment> Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/ejb3-sampleapp-roles.properties =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/ejb3-sampleapp-roles.properties (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/ejb3-sampleapp-roles.properties 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,3 @@ +UserA=RegularUser,Administrator +UserB=RegularUser +UserC=Guest \ No newline at end of file Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/ejb3-sampleapp-users.properties =================================================================== Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/ejb3-sts-issuing-lm-jboss-beans.xml =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/ejb3-sts-issuing-lm-jboss-beans.xml (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/ejb3-sts-issuing-lm-jboss-beans.xml 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,29 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<deployment xmlns="urn:jboss:bean-deployer:2.0"> + + <!-- ejb3 test application-policy definition --> + <application-policy xmlns="urn:jboss:security-beans:1.0" name="ejb3-sampleapp"> + <authentication> + + <login-module code="org.picketlink.identity.federation.core.wstrust.auth.STSIssuingLoginModule" flag="required"> + <module-option name="password-stacking">true</module-option> + <module-option name="configFile">sts-config.properties</module-option> + <!-- module-option name="endpointURI">http://security_saml/goodbyeworld</module-option --> + <module-option name="tokenType">http://docs.oasis-open.org/wss/oasis-wss-sa... + </login-module> + + <login-module code="org.picketlink.identity.federation.core.wstrust.auth.STSValidatingLoginModule" flag="required"> + <module-option name="configFile">sts-config.properties</module-option> + <module-option name="password-stacking">useFirstPass</module-option> + </login-module> + + <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> + <module-option name="password-stacking">useFirstPass</module-option> + <module-option name="usersProperties">META-INF/ejb3-sampleapp-users.properties</module-option> + <module-option name="rolesProperties">META-INF/ejb3-sampleapp-roles.properties</module-option> + </login-module> + </authentication> + </application-policy> + +</deployment> Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/indirect-level2-jboss-beans.xml =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/indirect-level2-jboss-beans.xml (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/indirect-level2-jboss-beans.xml 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,22 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<deployment xmlns="urn:jboss:bean-deployer:2.0"> + + <!-- ejb3 test application-policy definition --> + <application-policy xmlns="urn:jboss:security-beans:1.0" name="indirect-level2"> + <authentication> + + <login-module code="org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSLoginModule" flag="required"> + <module-option name="password-stacking">useFirstPass</module-option> + <module-option name="configFile">sts-config.properties</module-option> + </login-module> + + <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> + <module-option name="password-stacking">useFirstPass</module-option> + <module-option name="usersProperties">META-INF/ejb3-sampleapp-users.properties</module-option> + <module-option name="rolesProperties">META-INF/ejb3-sampleapp-roles.properties</module-option> + </login-module> + </authentication> + </application-policy> + +</deployment> Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/indirect-sts-issuing-lm-jboss-beans.xml =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/indirect-sts-issuing-lm-jboss-beans.xml (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/indirect-sts-issuing-lm-jboss-beans.xml 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,29 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<deployment xmlns="urn:jboss:bean-deployer:2.0"> + + <!-- ejb3 test application-policy definition --> + <application-policy xmlns="urn:jboss:security-beans:1.0" name="indirect-sampleapp"> + <authentication> + + <login-module code="org.picketlink.identity.federation.core.wstrust.auth.STSIssuingLoginModule" flag="required"> + <module-option name="password-stacking">true</module-option> + <module-option name="configFile">sts-config.properties</module-option> + <!-- module-option name="endpointURI">http://security_saml/goodbyeworld</module-option --> + <module-option name="tokenType">http://docs.oasis-open.org/wss/oasis-wss-sa... + </login-module> + + <login-module code="org.picketlink.identity.federation.core.wstrust.auth.STSValidatingLoginModule" flag="required"> + <module-option name="configFile">sts-config.properties</module-option> + <module-option name="password-stacking">useFirstPass</module-option> + </login-module> + + <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> + <module-option name="password-stacking">useFirstPass</module-option> + <module-option name="usersProperties">META-INF/ejb3-sampleapp-users.properties</module-option> + <module-option name="rolesProperties">META-INF/ejb3-sampleapp-roles.properties</module-option> + </login-module> + </authentication> + </application-policy> + +</deployment> Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/jboss-level2.xml =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/jboss-level2.xml (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/jboss-level2.xml 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,7 @@ +<?xml version="1.0"?> +<!DOCTYPE jboss PUBLIC + "-//JBoss//DTD JBOSS 5.0//EN" + "http://www.jboss.org/j2ee/dtd/jboss_5_0.dtd"> +<jboss> + <security-domain>indirect-level2</security-domain> +</jboss> Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/jboss.xml =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/jboss.xml (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/indirect/jboss.xml 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,7 @@ +<?xml version="1.0"?> +<!DOCTYPE jboss PUBLIC + "-//JBoss//DTD JBOSS 5.0//EN" + "http://www.jboss.org/j2ee/dtd/jboss_5_0.dtd"> +<jboss> + <security-domain>indirect-sampleapp</security-domain> +</jboss> Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/jboss.xml =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/jboss.xml (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/jboss.xml 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,7 @@ +<?xml version="1.0"?> +<!DOCTYPE jboss PUBLIC + "-//JBoss//DTD JBOSS 5.0//EN" + "http://www.jboss.org/j2ee/dtd/jboss_5_0.dtd"> +<jboss> + <security-domain>java:/jaas/ejb3-sampleapp</security-domain> +</jboss> Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/sts-config.properties =================================================================== --- integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/sts-config.properties (rev 0) +++ integration-tests/branches/product/picketlink-trust-tests/src/test/resources/fed/wstrust-lm/sts-config.properties 2011-10-06 13:18:24 UTC (rev 1293) @@ -0,0 +1,14 @@ +serviceName=PicketLinkSTS +portName=PicketLinkSTSPort +endpointAddress=http://localhost:8080/picketlink-sts/PicketLinkSTS +#username=JBoss +#password=JBoss +username=admin +#password=admin +password=MASK-0BbleBL2LZk= +salt=18273645 +iterationCount=56 + +#java -cp picketlink-fed-core.jar org.picketlink.identity.federation.core.util.PBEUtils 18273645 56 admin +#Encoded password: MASK-0BbleBL2LZk= + Added: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/keystore/sts_keystore.jks =================================================================== (Binary files differ) Property changes on: integration-tests/branches/product/picketlink-trust-tests/src/test/resources/keystore/sts_keystore.jks ___________________________________________________________________ Added: svn:mime-type + application/octet-stream