[maven-release-plugin] prepare for next development iteration
[cxf-fediz.git] / systests / ldap / src / test / java / org / apache / cxf / fediz / integrationtests / LDAPTest.java
1 /**
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing,
13 * software distributed under the License is distributed on an
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 * KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations
17 * under the License.
18 */
19
20 package org.apache.cxf.fediz.integrationtests;
21
22
23 import java.io.File;
24 import java.io.FileInputStream;
25 import java.io.FileOutputStream;
26 import java.io.IOException;
27
28 import javax.servlet.ServletException;
29
30 import org.apache.catalina.Context;
31 import org.apache.catalina.LifecycleException;
32 import org.apache.catalina.LifecycleState;
33 import org.apache.catalina.connector.Connector;
34 import org.apache.catalina.startup.Tomcat;
35 import org.apache.commons.io.IOUtils;
36 import org.apache.cxf.fediz.core.ClaimTypes;
37 import org.apache.cxf.fediz.tomcat7.FederationAuthenticator;
38 import org.apache.directory.server.annotations.CreateLdapServer;
39 import org.apache.directory.server.annotations.CreateTransport;
40 import org.apache.directory.server.core.annotations.ApplyLdifFiles;
41 import org.apache.directory.server.core.annotations.CreateDS;
42 import org.apache.directory.server.core.annotations.CreateIndex;
43 import org.apache.directory.server.core.annotations.CreatePartition;
44 import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
45 import org.apache.directory.server.core.integ.FrameworkRunner;
46 import org.apache.wss4j.dom.engine.WSSConfig;
47 import org.junit.After;
48 import org.junit.Assert;
49 import org.junit.Before;
50 import org.junit.Test;
51 import org.junit.runner.RunWith;
52
53 /**
54 * A test that configures the STS to authenticate user (and retrieve claims) from an LDAP backend.
55 */
56
57 @RunWith(FrameworkRunner.class)
58
59 //Define the DirectoryService
60 @CreateDS(name = "LDAPTest-class",
61 enableAccessControl = false,
62 allowAnonAccess = false,
63 enableChangeLog = true,
64 partitions = {
65 @CreatePartition(
66 name = "fediz",
67 suffix = "dc=fediz,dc=org",
68 indexes = {
69 @CreateIndex(attribute = "objectClass"),
70 @CreateIndex(attribute = "dc"),
71 @CreateIndex(attribute = "ou")
72 }
73 ) }
74 )
75
76 @CreateLdapServer(
77 transports = {
78 @CreateTransport(protocol = "LDAP", address = "localhost")
79 }
80 )
81
82 //Inject an file containing entries
83 @ApplyLdifFiles("ldap.ldif")
84
85 public class LDAPTest extends AbstractLdapTestUnit {
86
87 static String idpHttpsPort;
88 static String rpHttpsPort;
89
90 private static Tomcat idpServer;
91 private static Tomcat rpServer;
92 private static boolean portUpdated;
93
94 @Before
95 public void init() throws Exception {
96 System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
97 System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true");
98 System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "info");
99 System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", "info");
100 System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
101 System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
102 System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
103 System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
104
105 idpHttpsPort = System.getProperty("idp.https.port");
106 Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
107 rpHttpsPort = System.getProperty("rp.https.port");
108 Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
109
110 WSSConfig.init();
111
112 updatePort();
113
114 idpServer = startServer(true, idpHttpsPort);
115 rpServer = startServer(false, rpHttpsPort);
116 }
117
118 public void updatePort() throws Exception {
119 if (!portUpdated) {
120 String basedir = System.getProperty("basedir");
121 if (basedir == null) {
122 basedir = new File(".").getCanonicalPath();
123 }
124
125 // Read in ldap.xml and substitute in the correct port
126 File f = new File(basedir + "/src/test/resources/sts/ldap.xml");
127
128 FileInputStream inputStream = new FileInputStream(f);
129 String content = IOUtils.toString(inputStream, "UTF-8");
130 inputStream.close();
131 content = content.replaceAll("portno", "" + super.getLdapServer().getPort());
132
133 File f2 = new File(basedir + "/target/tomcat/idp/webapps/fediz-idp-sts/WEB-INF/endpoints/ldap.xml");
134 try (FileOutputStream outputStream = new FileOutputStream(f2)) {
135 IOUtils.write(content, outputStream, "UTF-8");
136 }
137
138 // Read in ldap.jaas and substitute in the correct port
139 f = new File(basedir + "/src/test/resources/ldap.jaas");
140
141 inputStream = new FileInputStream(f);
142 content = IOUtils.toString(inputStream, "UTF-8");
143 inputStream.close();
144 content = content.replaceAll("portno", "" + super.getLdapServer().getPort());
145
146 f2 = new File(basedir + "/target/test-classes/ldap.jaas");
147 try (FileOutputStream outputStream = new FileOutputStream(f2)) {
148 IOUtils.write(content, outputStream, "UTF-8");
149 }
150
151 portUpdated = true;
152 }
153
154 System.setProperty("java.security.auth.login.config", "target/test-classes/ldap.jaas");
155 }
156
157 private static Tomcat startServer(boolean idp, String port)
158 throws ServletException, LifecycleException, IOException {
159 Tomcat server = new Tomcat();
160 server.setPort(0);
161 String currentDir = new File(".").getCanonicalPath();
162 String baseDir = currentDir + File.separator + "target";
163 server.setBaseDir(baseDir);
164
165 if (idp) {
166 server.getHost().setAppBase("tomcat/idp/webapps");
167 } else {
168 server.getHost().setAppBase("tomcat/rp/webapps");
169 }
170 server.getHost().setAutoDeploy(true);
171 server.getHost().setDeployOnStartup(true);
172
173 Connector httpsConnector = new Connector();
174 httpsConnector.setPort(Integer.parseInt(port));
175 httpsConnector.setSecure(true);
176 httpsConnector.setScheme("https");
177 //httpsConnector.setAttribute("keyAlias", keyAlias);
178 httpsConnector.setAttribute("keystorePass", "tompass");
179 httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
180 httpsConnector.setAttribute("truststorePass", "tompass");
181 httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
182 httpsConnector.setAttribute("clientAuth", "want");
183 // httpsConnector.setAttribute("clientAuth", "false");
184 httpsConnector.setAttribute("sslProtocol", "TLS");
185 httpsConnector.setAttribute("SSLEnabled", true);
186
187 server.getService().addConnector(httpsConnector);
188
189 if (idp) {
190 File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
191 server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
192
193 File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
194 server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
195 } else {
196 File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp");
197 Context cxt = server.addWebapp("/fedizhelloworld", rpWebapp.getAbsolutePath());
198
199 FederationAuthenticator fa = new FederationAuthenticator();
200 fa.setConfigFile(currentDir + File.separator + "target" + File.separator
201 + "test-classes" + File.separator + "fediz_config.xml");
202 cxt.getPipeline().addValve(fa);
203 }
204
205 server.start();
206
207 return server;
208 }
209
210 @After
211 public void cleanup() {
212 shutdownServer(idpServer);
213 shutdownServer(rpServer);
214 }
215
216 private static void shutdownServer(Tomcat server) {
217 try {
218 if (server != null && server.getServer() != null
219 && server.getServer().getState() != LifecycleState.DESTROYED) {
220 if (server.getServer().getState() != LifecycleState.STOPPED) {
221 server.stop();
222 }
223 server.destroy();
224 }
225 } catch (Exception e) {
226 e.printStackTrace();
227 }
228 }
229
230 public String getIdpHttpsPort() {
231 return idpHttpsPort;
232 }
233
234 public String getRpHttpsPort() {
235 return rpHttpsPort;
236 }
237
238 public String getServletContextName() {
239 return "fedizhelloworld";
240 }
241
242 @Test
243 public void testLDAP() throws Exception {
244 String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
245 + "/secure/fedservlet";
246 String user = "alice";
247 String password = "ecila";
248
249 final String bodyTextContent =
250 HTTPTestUtils.login(url, user, password, getIdpHttpsPort());
251
252 Assert.assertTrue("Principal not " + user,
253 bodyTextContent.contains("userPrincipal=" + user));
254 Assert.assertTrue("User " + user + " does not have role Admin",
255 bodyTextContent.contains("role:Admin=false"));
256 Assert.assertTrue("User " + user + " does not have role Manager",
257 bodyTextContent.contains("role:Manager=false"));
258 Assert.assertTrue("User " + user + " must have role User",
259 bodyTextContent.contains("role:User=true"));
260
261 String claim = ClaimTypes.FIRSTNAME.toString();
262 Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'",
263 bodyTextContent.contains(claim + "=Alice"));
264 claim = ClaimTypes.LASTNAME.toString();
265 Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'",
266 bodyTextContent.contains(claim + "=Smith"));
267 claim = ClaimTypes.EMAILADDRESS.toString();
268 Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
269 bodyTextContent.contains(claim + "=alice@realma.org"));
270
271 }
272
273
274 }