Author: sguilhen(a)redhat.com
Date: 2011-02-22 13:12:15 -0500 (Tue, 22 Feb 2011)
New Revision: 760
Added:
integration-tests/trunk/picketlink-sts-tests/src/test/java/org/picketlink/test/integration/sts/CacheInvalidationUnitTestCase.java
integration-tests/trunk/picketlink-sts-tests/src/test/resources/sts-config.properties
Modified:
integration-tests/trunk/picketlink-sts-tests/.classpath
integration-tests/trunk/picketlink-sts-tests/ant-build.xml
integration-tests/trunk/picketlink-sts-tests/pom.xml
Log:
PLFED-132: Added CacheInvalidationUnitTestCase
Modified: integration-tests/trunk/picketlink-sts-tests/.classpath
===================================================================
--- integration-tests/trunk/picketlink-sts-tests/.classpath 2011-02-22 18:10:31 UTC (rev
759)
+++ integration-tests/trunk/picketlink-sts-tests/.classpath 2011-02-22 18:12:15 UTC (rev
760)
@@ -1,17 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
<classpath>
- <classpathentry kind="src" path="src/test/java"
output="target/test-classes" including="**/*.java"/>
- <classpathentry kind="src" path="src/test/resources"
output="target/test-classes" excluding="**/*.java"/>
- <classpathentry kind="output" path="target/classes"/>
- <classpathentry kind="var"
path="M2_REPO/javax/servlet/servlet-api/2.3/servlet-api-2.3.jar"
sourcepath="M2_REPO/javax/servlet/servlet-api/2.3/servlet-api-2.3-sources.jar"/>
- <classpathentry kind="var"
path="M2_REPO/ant/ant/1.5/ant-1.5.jar"/>
- <classpathentry kind="var"
path="M2_REPO/ant-contrib/ant-contrib/1.0b2/ant-contrib-1.0b2.jar"
sourcepath="M2_REPO/ant-contrib/ant-contrib/1.0b2/ant-contrib-1.0b2-sources.jar"/>
- <classpathentry kind="var"
path="M2_REPO/httpunit/httpunit/1.7/httpunit-1.7.jar"
sourcepath="M2_REPO/httpunit/httpunit/1.7/httpunit-1.7-sources.jar"/>
- <classpathentry kind="var"
path="M2_REPO/rhino/js/1.6R7/js-1.6R7.jar"/>
- <classpathentry kind="var"
path="M2_REPO/jtidy/jtidy/4aug2000r7-dev/jtidy-4aug2000r7-dev.jar"
sourcepath="M2_REPO/jtidy/jtidy/4aug2000r7-dev/jtidy-4aug2000r7-dev-sources.jar"/>
- <classpathentry kind="var"
path="M2_REPO/junit/junit/4.4/junit-4.4.jar"
sourcepath="M2_REPO/junit/junit/4.4/junit-4.4-sources.jar"/>
- <classpathentry kind="var"
path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar"
sourcepath="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14-sources.jar"/>
- <classpathentry kind="var"
path="M2_REPO/nekohtml/nekohtml/1.9.12/nekohtml-1.9.12.jar"/>
- <classpathentry kind="var"
path="M2_REPO/org/picketlink/picketlink-fed/2.0.0-SNAPSHOT/picketlink-fed-2.0.0-SNAPSHOT.jar"
sourcepath="M2_REPO/org/picketlink/picketlink-fed/2.0.0-SNAPSHOT/picketlink-fed-2.0.0-SNAPSHOT-sources.jar"/>
- <classpathentry kind="var"
path="M2_REPO/apache-xerces/xercesImpl/2.9.1/xercesImpl-2.9.1.jar"/>
- <classpathentry kind="con"
path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
-</classpath>
\ No newline at end of file
+ <classpathentry including="**/*.java" kind="src"
output="target/test-classes" path="src/test/java"/>
+ <classpathentry excluding="**/*.java" kind="src"
output="target/test-classes" path="src/test/resources"/>
+ <classpathentry kind="var"
path="M2_REPO/javax/servlet/servlet-api/2.3/servlet-api-2.3.jar"
sourcepath="M2_REPO/javax/servlet/servlet-api/2.3/servlet-api-2.3-sources.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/ant/ant/1.5/ant-1.5.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/ant-contrib/ant-contrib/1.0b2/ant-contrib-1.0b2.jar"
sourcepath="M2_REPO/ant-contrib/ant-contrib/1.0b2/ant-contrib-1.0b2-sources.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/httpunit/httpunit/1.7/httpunit-1.7.jar"
sourcepath="M2_REPO/httpunit/httpunit/1.7/httpunit-1.7-sources.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/rhino/js/1.6R7/js-1.6R7.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/jtidy/jtidy/4aug2000r7-dev/jtidy-4aug2000r7-dev.jar"
sourcepath="M2_REPO/jtidy/jtidy/4aug2000r7-dev/jtidy-4aug2000r7-dev-sources.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/junit/junit/4.4/junit-4.4.jar"
sourcepath="M2_REPO/junit/junit/4.4/junit-4.4-sources.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar"
sourcepath="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14-sources.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/nekohtml/nekohtml/1.9.12/nekohtml-1.9.12.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/org/picketlink/picketlink-fed/2.0.0-SNAPSHOT/picketlink-fed-2.0.0-SNAPSHOT.jar"
sourcepath="M2_REPO/org/picketlink/picketlink-fed/2.0.0-SNAPSHOT/picketlink-fed-2.0.0-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var"
path="M2_REPO/apache-xerces/xercesImpl/2.9.1/xercesImpl-2.9.1.jar"/>
+ <classpathentry kind="con"
path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+ <classpathentry kind="var"
path="M2_REPO/org/jboss/jbossas/jboss-as-client/5.1.0.GA/jboss-as-client-5.1.0.GA.pom"/>
+ <classpathentry kind="lib"
path="/opt/workspace-picketlink/integration-tests-trunk/picketlink-sts-tests/target/jboss-5.1.0.GA/client/jbossall-client.jar"/>
+ <classpathentry kind="output" path="target/classes"/>
+</classpath>
Modified: integration-tests/trunk/picketlink-sts-tests/ant-build.xml
===================================================================
--- integration-tests/trunk/picketlink-sts-tests/ant-build.xml 2011-02-22 18:10:31 UTC
(rev 759)
+++ integration-tests/trunk/picketlink-sts-tests/ant-build.xml 2011-02-22 18:12:15 UTC
(rev 760)
@@ -19,6 +19,8 @@
<copy
file="${localRepository}/org/picketlink/picketlink-fed/${version}/picketlink-fed-${version}.jar"
todir="${JBAS_DEPLOY}/picketlink"/>
<unzip
src="${localRepository}/org/picketlink/picketlink-fed-webapps-assembly/${version}/picketlink-fed-webapps-assembly-${version}.zip"
dest="${JBAS_DEPLOY}"/>
+ <!-- the following props file needs to be copied to JBAS conf and is used by the
cache invalidation test -->
+ <copy file="${basedir}/src/test/resources/sts-config.properties"
todir="${JBAS_DEPLOY}/../conf/"/>
<chmod file="${basedir}/target/jboss-5.1.0.GA/bin/run.sh"
perm="700"/>
</target>
@@ -26,7 +28,7 @@
<echo>Starting Local 8080</echo>
<exec executable="${basedir}/target/jboss-5.1.0.GA/bin/run.sh"
osfamily="unix" spawn="true" />
- <waitfor maxwait="1" maxwaitunit="minute"
+ <waitfor maxwait="2" maxwaitunit="minute"
checkevery="100" checkeveryunit="millisecond">
<http url="http://localhost:8080" />
</waitfor>
Modified: integration-tests/trunk/picketlink-sts-tests/pom.xml
===================================================================
--- integration-tests/trunk/picketlink-sts-tests/pom.xml 2011-02-22 18:10:31 UTC (rev
759)
+++ integration-tests/trunk/picketlink-sts-tests/pom.xml 2011-02-22 18:12:15 UTC (rev
760)
@@ -132,6 +132,26 @@
<scope>test</scope>
</dependency>
<dependency>
+ <groupId>org.jboss.jbossas</groupId>
+ <artifactId>jboss-as-client</artifactId>
+ <version>5.1.0.GA</version>
+ <type>pom</type>
+ <scope>test</scope>
+ </dependency>
+ <!--dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jbosssx-client</artifactId>
+ <version>2.0.4.SP6</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss.jbossas</groupId>
+ <artifactId>jboss-as-server</artifactId>
+ <classifier>jmx-invoker-adaptor-client</classifier>
+ <version>5.1.0.GA</version>
+ <scope>test</scope>
+ </dependency-->
+ <dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
Added:
integration-tests/trunk/picketlink-sts-tests/src/test/java/org/picketlink/test/integration/sts/CacheInvalidationUnitTestCase.java
===================================================================
---
integration-tests/trunk/picketlink-sts-tests/src/test/java/org/picketlink/test/integration/sts/CacheInvalidationUnitTestCase.java
(rev 0)
+++
integration-tests/trunk/picketlink-sts-tests/src/test/java/org/picketlink/test/integration/sts/CacheInvalidationUnitTestCase.java 2011-02-22
18:12:15 UTC (rev 760)
@@ -0,0 +1,112 @@
+/*
+ * JBoss, Home of Professional Open Source. Copyright 2008, Red Hat Middleware LLC, and
individual contributors as
+ * indicated by the @author tags. See the copyright.txt file in the distribution for a
full listing of individual
+ * contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the terms of the
GNU Lesser General Public
+ * License as published by the Free Software Foundation; either version 2.1 of the
License, or (at your option) any
+ * later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License along with
this software; if not, write to
+ * the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
USA, or see the FSF site:
+ *
http://www.fsf.org.
+ */
+package org.picketlink.test.integration.sts;
+
+import java.net.URI;
+import java.util.List;
+import java.util.Properties;
+
+import javax.management.ObjectName;
+import javax.naming.InitialContext;
+
+import org.jboss.jmx.adaptor.rmi.RMIAdaptor;
+import org.jboss.security.SimplePrincipal;
+import org.junit.Assert;
+import org.junit.Test;
+import org.picketlink.identity.federation.api.wstrust.WSTrustClient;
+import org.picketlink.identity.federation.api.wstrust.WSTrustClient.SecurityInfo;
+import org.picketlink.identity.federation.core.wstrust.SamlCredential;
+import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
+import org.picketlink.identity.federation.core.wstrust.WSTrustUtil;
+import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
+import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
+import org.w3c.dom.Element;
+
+/**
+ * <p>
+ * This class tests the invalidation of security cache entries that contain expired
tokens. This mechanism is enabled by
+ * setting the {@code cache.invalidation} property of the {@code SAML2STSLoginModule} to
{@code true} and causes the
+ * security cache of the JBoss Application Server to remove (logout) users whose SAML
assertions have expired.
+ * </p>
+ *
+ * @author Anil.Saldhana(a)redhat.com
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ * @since Jun 8, 2010
+ */
+public class CacheInvalidationUnitTestCase
+{
+ /**
+ * <p>
+ * This test checks the invalidation of expired cache entries by requesting a
short-lived assertion to the STS
+ * and then using this assertion to authenticate to the {@code
JaasSecurityManagerService} MBean. The test checks
+ * if the cache contains the entry right after authentication takes place and then
sleeps till the assertion
+ * expires. After that, the test checks the cache again to verify if the entry has
been removed.
+ * </p>
+ *
+ * @throws Exception if an error occurs while running the test.
+ */
+ @Test
+ public void testCacheInvalidation() throws Exception
+ {
+ // initial context properties that specify how to connect to the JBoss JNDI
server.
+ Properties props = new Properties();
+ props.put("java.naming.factory.initial",
"org.jnp.interfaces.NamingContextFactory");
+ props.put("java.naming.factory.url.pkgs",
"org.jboss.naming:org.jnp.interfaces");
+ props.put("java.naming.provider.url", "localhost:1099");
+
+ // lookup the RMIAdaptor instance in JNDI.
+ InitialContext ic = new InitialContext(props);
+ RMIAdaptor server = (RMIAdaptor) ic.lookup("jmx/invoker/RMIAdaptor");
+ Assert.assertNotNull("RMIAdaptor is null, lookup failed", server);
+
+ // invoke the token service to obtain a short-lived (10s) assertion.
+ WSTrustClient client = new WSTrustClient("PicketLinkSTS",
"PicketLinkSTSPort",
+ "http://localhost:8080/picketlink-sts/PicketLinkSTS", new
SecurityInfo("admin", "admin"));
+ RequestSecurityToken request = new RequestSecurityToken();
+ request.setRequestType(URI.create(WSTrustConstants.ISSUE_REQUEST));
+ request.setTokenType(URI.create(SAMLUtil.SAML2_TOKEN_TYPE));
+ request.setLifetime(WSTrustUtil.createDefaultLifetime(10000));
+ Element assertionElement = client.issueToken(request);
+ Assert.assertNotNull("SAML assertion is null, token request failed",
assertionElement);
+
+ // invoke the JaasSecurityManagerService MBean to authenticate the client using the
assertion.
+ ObjectName name = new
ObjectName("jboss.security:service=JaasSecurityManager");
+ String[] methodSignature = {"java.lang.String",
"java.security.Principal", "java.lang.Object"};
+ Object[] methodParams = {"cache-test", new
SimplePrincipal("admin"), new SamlCredential(assertionElement)};
+ Object result = server.invoke(name, "isValid", methodParams,
methodSignature);
+ Assert.assertTrue("isValid returned an invalid result object", result
instanceof Boolean);
+ Assert.assertTrue("Authentication failed", (Boolean) result);
+
+ // check if the cache contains the authenticated principal.
+ methodSignature = new String[]{"java.lang.String"};
+ methodParams = new Object[]{"cache-test"};
+ result = server.invoke(name, "getAuthenticationCachePrincipals",
methodParams, methodSignature);
+ Assert.assertTrue("getAuthenticationCachePrincipals returned an invalid result
object", result instanceof List<?>);
+ List<?> resultList = (List<?>) result;
+ Assert.assertEquals("Unexpected cache size", 1, resultList.size());
+ Assert.assertEquals("Unexpected cached principal", "admin",
resultList.get(0).toString());
+
+ // now wait till the assertion has expired and check the authentication cache
again.
+ Thread.sleep(12000);
+ result = server.invoke(name, "getAuthenticationCachePrincipals",
methodParams, methodSignature);
+ Assert.assertTrue("getAuthenticationCachePrincipals returned an invalid result
object", result instanceof List<?>);
+ resultList = (List<?>) result;
+ Assert.assertEquals("Unexpected cache size", 0, resultList.size());
+
+ }
+}
Added:
integration-tests/trunk/picketlink-sts-tests/src/test/resources/sts-config.properties
===================================================================
--- integration-tests/trunk/picketlink-sts-tests/src/test/resources/sts-config.properties
(rev 0)
+++
integration-tests/trunk/picketlink-sts-tests/src/test/resources/sts-config.properties 2011-02-22
18:12:15 UTC (rev 760)
@@ -0,0 +1,6 @@
+serviceName=PicketLinkSTS
+portName=PicketLinkSTSPort
+endpointAddress=http://localhost:8080/picketlink-sts/PicketLinkSTS
+username=admin
+password=admin
+