Commit bce81049 authored by Matthias Piepkorn's avatar Matthias Piepkorn
Browse files

Improve ServiceResponseTest and fix XML response attribute order

parent b8c87450
......@@ -93,6 +93,18 @@
<version>${junit.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.xmlunit</groupId>
<artifactId>xmlunit-core</artifactId>
<version>2.3.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.jayway.jsonpath</groupId>
<artifactId>json-path</artifactId>
<version>2.2.0</version>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
......
......@@ -10,12 +10,12 @@ import java.util.Map;
@XmlAccessorType(XmlAccessType.FIELD)
public class CASServiceResponseAuthenticationSuccess {
private String user;
@XmlJavaTypeAdapter(AttributesMapAdapter.class)
private Map<String, Object> attributes;
private String proxyGrantingTicket;
@XmlElementWrapper
@XmlElement(name="proxy")
private List<String> proxies;
@XmlJavaTypeAdapter(AttributesMapAdapter.class)
private Map<String, Object> attributes;
public String getUser() {
return this.user;
......@@ -25,6 +25,14 @@ public class CASServiceResponseAuthenticationSuccess {
this.user = user;
}
public Map<String, Object> getAttributes() {
return this.attributes;
}
public void setAttributes(final Map<String, Object> attributes) {
this.attributes = attributes;
}
public String getProxyGrantingTicket() {
return this.proxyGrantingTicket;
}
......@@ -40,12 +48,4 @@ public class CASServiceResponseAuthenticationSuccess {
public void setProxies(final List<String> proxies) {
this.proxies = proxies;
}
public Map<String, Object> getAttributes() {
return this.attributes;
}
public void setAttributes(final Map<String, Object> attributes) {
this.attributes = attributes;
}
}
package org.keycloak.protocol.cas;
import com.jayway.jsonpath.JsonPath;
import com.sun.xml.bind.v2.util.FatalAdapter;
import org.junit.Test;
import org.keycloak.protocol.cas.representations.CASErrorCode;
import org.keycloak.protocol.cas.representations.CASServiceResponse;
import org.keycloak.protocol.cas.utils.ServiceResponseHelper;
import org.keycloak.protocol.cas.utils.ServiceResponseMarshaller;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.xml.sax.helpers.DefaultHandler;
import org.xmlunit.xpath.JAXPXPathEngine;
import org.xmlunit.xpath.XPathEngine;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.validation.Schema;
import javax.xml.validation.SchemaFactory;
import java.io.ByteArrayInputStream;
import java.nio.charset.StandardCharsets;
import java.util.*;
import static org.junit.Assert.assertEquals;
public class ServiceResponseTest {
private static final String EXPECTED_JSON_SUCCESS = "{\n" +
" \"serviceResponse\" : {\n" +
" \"authenticationSuccess\" : {\n" +
" \"user\" : \"username\",\n" +
" \"proxyGrantingTicket\" : \"PGTIOU-test\",\n" +
" \"proxies\" : [ \"https://proxy1/pgtUrl\", \"https://proxy2/pgtUrl\" ],\n" +
" \"attributes\" : {\n" +
" \"string\" : \"abc\",\n" +
" \"list\" : [ \"a\", \"b\" ],\n" +
" \"int\" : 123\n" +
" }\n" +
" }\n" +
" }\n" +
"}";
private static final String EXPECTED_XML_SUCCESS = "<cas:serviceResponse xmlns:cas=\"http://www.yale.edu/tp/cas\">\n" +
" <cas:authenticationSuccess>\n" +
" <cas:user>username</cas:user>\n" +
" <cas:proxyGrantingTicket>PGTIOU-test</cas:proxyGrantingTicket>\n" +
" <cas:proxies>\n" +
" <cas:proxy>https://proxy1/pgtUrl</cas:proxy>\n" +
" <cas:proxy>https://proxy2/pgtUrl</cas:proxy>\n" +
" </cas:proxies>\n" +
" <cas:attributes>\n" +
" <cas:string>abc</cas:string>\n" +
" <cas:list>a</cas:list>\n" +
" <cas:list>b</cas:list>\n" +
" <cas:int>123</cas:int>\n" +
" </cas:attributes>\n" +
" </cas:authenticationSuccess>\n" +
"</cas:serviceResponse>";
private static final String EXPECTED_JSON_FAILURE = "{\n" +
" \"serviceResponse\" : {\n" +
" \"authenticationFailure\" : {\n" +
" \"code\" : \"INVALID_REQUEST\",\n" +
" \"description\" : \"Error description\"\n" +
" }\n" +
" }\n" +
"}";
private static final String EXPECTED_XML_FAILURE = "<cas:serviceResponse xmlns:cas=\"http://www.yale.edu/tp/cas\">\n" +
" <cas:authenticationFailure code=\"INVALID_REQUEST\">Error description</cas:authenticationFailure>\n" +
"</cas:serviceResponse>";
private final XPathEngine xpath = new JAXPXPathEngine();
public ServiceResponseTest() {
xpath.setNamespaceContext(Collections.singletonMap("cas", "http://www.yale.edu/tp/cas"));
}
@Test
public void testSuccessResponse() throws Exception {
......@@ -62,18 +38,73 @@ public class ServiceResponseTest {
attributes.put("int", 123);
attributes.put("string", "abc");
List<String> proxies = Arrays.asList("https://proxy1/pgtUrl", "https://proxy2/pgtUrl");
CASServiceResponse response = ServiceResponseHelper.createSuccess("username", attributes, "PGTIOU-test",
Arrays.asList("https://proxy1/pgtUrl", "https://proxy2/pgtUrl"));
proxies);
// Build and validate JSON response
String json = ServiceResponseMarshaller.marshalJson(response);
assertEquals("username", JsonPath.read(json, "$.serviceResponse.authenticationSuccess.user"));
assertEquals(attributes.get("list"), JsonPath.read(json, "$.serviceResponse.authenticationSuccess.attributes.list"));
assertEquals(attributes.get("int"), JsonPath.read(json, "$.serviceResponse.authenticationSuccess.attributes.int"));
assertEquals(attributes.get("string"), JsonPath.read(json, "$.serviceResponse.authenticationSuccess.attributes.string"));
assertEquals("PGTIOU-test", JsonPath.read(json, "$.serviceResponse.authenticationSuccess.proxyGrantingTicket"));
assertEquals(proxies, JsonPath.read(json, "$.serviceResponse.authenticationSuccess.proxies"));
// Build and validate XML response
String xml = ServiceResponseMarshaller.marshalXml(response);
Document doc = parseAndValidate(xml);
assertEquals("username", xpath.evaluate("/cas:serviceResponse/cas:authenticationSuccess/cas:user", doc));
int idx = 0;
for (Node node : xpath.selectNodes("/cas:serviceResponse/cas:authenticationSuccess/cas:attributes/cas:list", doc)) {
assertEquals(((List)attributes.get("list")).get(idx), node.getTextContent());
idx++;
}
assertEquals(((List)attributes.get("list")).size(), idx);
assertEquals(attributes.get("int").toString(), xpath.evaluate("/cas:serviceResponse/cas:authenticationSuccess/cas:attributes/cas:int", doc));
assertEquals(attributes.get("string").toString(), xpath.evaluate("/cas:serviceResponse/cas:authenticationSuccess/cas:attributes/cas:string", doc));
assertEquals(EXPECTED_JSON_SUCCESS, ServiceResponseMarshaller.marshalJson(response));
assertEquals(EXPECTED_XML_SUCCESS, ServiceResponseMarshaller.marshalXml(response));
assertEquals("PGTIOU-test", xpath.evaluate("/cas:serviceResponse/cas:authenticationSuccess/cas:proxyGrantingTicket", doc));
idx = 0;
for (Node node : xpath.selectNodes("/cas:serviceResponse/cas:authenticationSuccess/cas:proxies/cas:proxy", doc)) {
assertEquals(proxies.get(idx), node.getTextContent());
idx++;
}
assertEquals(proxies.size(), idx);
}
@Test
public void testErrorResponse() throws Exception {
CASServiceResponse response = ServiceResponseHelper.createFailure(CASErrorCode.INVALID_REQUEST, "Error description");
assertEquals(EXPECTED_JSON_FAILURE, ServiceResponseMarshaller.marshalJson(response));
assertEquals(EXPECTED_XML_FAILURE, ServiceResponseMarshaller.marshalXml(response));
// Build and validate JSON response
String json = ServiceResponseMarshaller.marshalJson(response);
assertEquals(CASErrorCode.INVALID_REQUEST.name(), JsonPath.read(json, "$.serviceResponse.authenticationFailure.code"));
assertEquals("Error description", JsonPath.read(json, "$.serviceResponse.authenticationFailure.description"));
// Build and validate XML response
String xml = ServiceResponseMarshaller.marshalXml(response);
Document doc = parseAndValidate(xml);
assertEquals(CASErrorCode.INVALID_REQUEST.name(), xpath.evaluate("/cas:serviceResponse/cas:authenticationFailure/@code", doc));
assertEquals("Error description", xpath.evaluate("/cas:serviceResponse/cas:authenticationFailure", doc));
}
/**
* Parse XML document and validate against CAS schema
*/
private Document parseAndValidate(String xml) throws Exception {
Schema schema = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI)
.newSchema(getClass().getResource("cas-response-schema.xsd"));
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setSchema(schema);
factory.setNamespaceAware(true);
DocumentBuilder builder = factory.newDocumentBuilder();
builder.setErrorHandler(new FatalAdapter(new DefaultHandler()));
return builder.parse(new ByteArrayInputStream(xml.getBytes(StandardCharsets.UTF_8)));
}
}
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:cas="http://www.yale.edu/tp/cas" targetNamespace="http://www.yale.edu/tp/cas" elementFormDefault="qualified" attributeFormDefault="unqualified">
<xs:annotation>
<xs:documentation>The following is the schema for the Central Authentication Service (CAS) version 3.0 protocol response. This covers the responses for the following servlets: /serviceValidate, /proxyValidate, /p3/serviceValidate, /p3/proxyValidate, /proxy This specification is subject to change.</xs:documentation>
</xs:annotation>
<xs:element name="serviceResponse" type="cas:ServiceResponseType"></xs:element>
<xs:complexType name="ServiceResponseType">
<xs:choice>
<xs:element name="authenticationSuccess" type="cas:AuthenticationSuccessType"></xs:element>
<xs:element name="authenticationFailure" type="cas:AuthenticationFailureType"></xs:element>
<xs:element name="proxySuccess" type="cas:ProxySuccessType"></xs:element>
<xs:element name="proxyFailure" type="cas:ProxyFailureType"></xs:element>
</xs:choice>
</xs:complexType>
<xs:complexType name="AuthenticationSuccessType">
<xs:sequence>
<xs:element name="user" type="xs:string"></xs:element>
<xs:element name="attributes" type="cas:AttributesType" minOccurs="0"></xs:element>
<xs:element name="proxyGrantingTicket" type="xs:string" minOccurs="0"></xs:element>
<xs:element name="proxies" type="cas:ProxiesType" minOccurs="0"></xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="ProxiesType">
<xs:sequence>
<xs:element name="proxy" type="xs:string" maxOccurs="unbounded"></xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="AuthenticationFailureType">
<xs:simpleContent>
<xs:extension base="xs:string">
<xs:attribute name="code" type="xs:string" use="required"></xs:attribute>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<xs:complexType name="ProxySuccessType">
<xs:sequence>
<xs:element name="proxyTicket" type="xs:string"></xs:element>
</xs:sequence>
</xs:complexType>
<xs:complexType name="ProxyFailureType">
<xs:simpleContent>
<xs:extension base="xs:string">
<xs:attribute name="code" type="xs:string" use="required"></xs:attribute>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<xs:complexType name="AttributesType">
<xs:sequence>
<!-- the protocol documentation is unclear about that part; sometimes the meta-attributes are
required, sometimes not. For now we don't support them. -->
<!--<xs:element name="authenticationDate" type="xs:dateTime" minOccurs="1" maxOccurs="1"></xs:element>-->
<!--<xs:element name="longTermAuthenticationRequestTokenUsed" type="xs:boolean" minOccurs="1" maxOccurs="1">-->
<!--<xs:annotation>-->
<!--<xs:documentation>true if a long-term (Remember-Me) token was used</xs:documentation>-->
<!--</xs:annotation>-->
<!--</xs:element>-->
<!--<xs:element name="isFromNewLogin" type="xs:boolean" minOccurs="1" maxOccurs="1">-->
<!--<xs:annotation>-->
<!--<xs:documentation>true if this was from a new, interactive login. If login was from a non-interactive login (e.g. Remember-Me), this value is false or might be omitted.</xs:documentation>-->
<!--</xs:annotation>-->
<!--</xs:element>-->
<!-- this part of the offical schema is, unfortunately, invalid -->
<!--<xs:element name="memberOf" type="xs:string" minOccurs="0" maxOccurs="unbounded">-->
<!--<xs:annotation>-->
<!--<xs:documentation>One or many elements describing the units the user is member in. E.g. LDAP format values.</xs:documentation>-->
<!--</xs:annotation>-->
<!--</xs:element>-->
<xs:any minOccurs="0" maxOccurs="unbounded" processContents="lax">
<xs:annotation>
<xs:documentation>Any user specific attribute elements.</xs:documentation>
</xs:annotation>
</xs:any>
</xs:sequence>
</xs:complexType>
</xs:schema>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment