mirror of https://github.com/jacekkow/keycloak-protocol-cas

Matthias Piepkorn
2017-02-05 bce81049aba8eca5afaca2949ba8be3db89a2825
Improve ServiceResponseTest and fix XML response attribute order
1 files added
3 files modified
238 ■■■■ changed files
pom.xml 12 ●●●●● patch | view | raw | blame | history
src/main/java/org/keycloak/protocol/cas/representations/CASServiceResponseAuthenticationSuccess.java 20 ●●●● patch | view | raw | blame | history
src/test/java/org/keycloak/protocol/cas/ServiceResponseTest.java 129 ●●●●● patch | view | raw | blame | history
src/test/resources/org/keycloak/protocol/cas/cas-response-schema.xsd 77 ●●●●● patch | view | raw | blame | history
pom.xml
@@ -93,6 +93,18 @@
            <version>${junit.version}</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.xmlunit</groupId>
            <artifactId>xmlunit-core</artifactId>
            <version>2.3.0</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>com.jayway.jsonpath</groupId>
            <artifactId>json-path</artifactId>
            <version>2.2.0</version>
            <scope>test</scope>
        </dependency>
    </dependencies>
    <build>
        <plugins>
src/main/java/org/keycloak/protocol/cas/representations/CASServiceResponseAuthenticationSuccess.java
@@ -10,12 +10,12 @@
@XmlAccessorType(XmlAccessType.FIELD)
public class CASServiceResponseAuthenticationSuccess {
    private String user;
    @XmlJavaTypeAdapter(AttributesMapAdapter.class)
    private Map<String, Object> attributes;
    private String proxyGrantingTicket;
    @XmlElementWrapper
    @XmlElement(name="proxy")
    private List<String> proxies;
    @XmlJavaTypeAdapter(AttributesMapAdapter.class)
    private Map<String, Object> attributes;
    public String getUser() {
        return this.user;
@@ -23,6 +23,14 @@
    public void setUser(final String user) {
        this.user = user;
    }
    public Map<String, Object> getAttributes() {
        return this.attributes;
    }
    public void setAttributes(final Map<String, Object> attributes) {
        this.attributes = attributes;
    }
    public String getProxyGrantingTicket() {
@@ -39,13 +47,5 @@
    public void setProxies(final List<String> proxies) {
        this.proxies = proxies;
    }
    public Map<String, Object> getAttributes() {
        return this.attributes;
    }
    public void setAttributes(final Map<String, Object> attributes) {
        this.attributes = attributes;
    }
}
src/test/java/org/keycloak/protocol/cas/ServiceResponseTest.java
@@ -1,59 +1,35 @@
package org.keycloak.protocol.cas;
import com.jayway.jsonpath.JsonPath;
import com.sun.xml.bind.v2.util.FatalAdapter;
import org.junit.Test;
import org.keycloak.protocol.cas.representations.CASErrorCode;
import org.keycloak.protocol.cas.representations.CASServiceResponse;
import org.keycloak.protocol.cas.utils.ServiceResponseHelper;
import org.keycloak.protocol.cas.utils.ServiceResponseMarshaller;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.xml.sax.helpers.DefaultHandler;
import org.xmlunit.xpath.JAXPXPathEngine;
import org.xmlunit.xpath.XPathEngine;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.validation.Schema;
import javax.xml.validation.SchemaFactory;
import java.io.ByteArrayInputStream;
import java.nio.charset.StandardCharsets;
import java.util.*;
import static org.junit.Assert.assertEquals;
public class ServiceResponseTest {
    private static final String EXPECTED_JSON_SUCCESS = "{\n" +
            "  \"serviceResponse\" : {\n" +
            "    \"authenticationSuccess\" : {\n" +
            "      \"user\" : \"username\",\n" +
            "      \"proxyGrantingTicket\" : \"PGTIOU-test\",\n" +
            "      \"proxies\" : [ \"https://proxy1/pgtUrl\", \"https://proxy2/pgtUrl\" ],\n" +
            "      \"attributes\" : {\n" +
            "        \"string\" : \"abc\",\n" +
            "        \"list\" : [ \"a\", \"b\" ],\n" +
            "        \"int\" : 123\n" +
            "      }\n" +
            "    }\n" +
            "  }\n" +
            "}";
    private static final String EXPECTED_XML_SUCCESS = "<cas:serviceResponse xmlns:cas=\"http://www.yale.edu/tp/cas\">\n" +
            "    <cas:authenticationSuccess>\n" +
            "        <cas:user>username</cas:user>\n" +
            "        <cas:proxyGrantingTicket>PGTIOU-test</cas:proxyGrantingTicket>\n" +
            "        <cas:proxies>\n" +
            "            <cas:proxy>https://proxy1/pgtUrl</cas:proxy>\n" +
            "            <cas:proxy>https://proxy2/pgtUrl</cas:proxy>\n" +
            "        </cas:proxies>\n" +
            "        <cas:attributes>\n" +
            "            <cas:string>abc</cas:string>\n" +
            "            <cas:list>a</cas:list>\n" +
            "            <cas:list>b</cas:list>\n" +
            "            <cas:int>123</cas:int>\n" +
            "        </cas:attributes>\n" +
            "    </cas:authenticationSuccess>\n" +
            "</cas:serviceResponse>";
    private static final String EXPECTED_JSON_FAILURE = "{\n" +
            "  \"serviceResponse\" : {\n" +
            "    \"authenticationFailure\" : {\n" +
            "      \"code\" : \"INVALID_REQUEST\",\n" +
            "      \"description\" : \"Error description\"\n" +
            "    }\n" +
            "  }\n" +
            "}";
    private static final String EXPECTED_XML_FAILURE = "<cas:serviceResponse xmlns:cas=\"http://www.yale.edu/tp/cas\">\n" +
            "    <cas:authenticationFailure code=\"INVALID_REQUEST\">Error description</cas:authenticationFailure>\n" +
            "</cas:serviceResponse>";
    private final XPathEngine xpath = new JAXPXPathEngine();
    public ServiceResponseTest() {
        xpath.setNamespaceContext(Collections.singletonMap("cas", "http://www.yale.edu/tp/cas"));
    }
    @Test
    public void testSuccessResponse() throws Exception {
@@ -62,18 +38,73 @@
        attributes.put("int", 123);
        attributes.put("string", "abc");
        List<String> proxies = Arrays.asList("https://proxy1/pgtUrl", "https://proxy2/pgtUrl");
        CASServiceResponse response = ServiceResponseHelper.createSuccess("username", attributes, "PGTIOU-test",
                Arrays.asList("https://proxy1/pgtUrl", "https://proxy2/pgtUrl"));
                proxies);
        assertEquals(EXPECTED_JSON_SUCCESS, ServiceResponseMarshaller.marshalJson(response));
        assertEquals(EXPECTED_XML_SUCCESS, ServiceResponseMarshaller.marshalXml(response));
        // Build and validate JSON response
        String json = ServiceResponseMarshaller.marshalJson(response);
        assertEquals("username", JsonPath.read(json, "$.serviceResponse.authenticationSuccess.user"));
        assertEquals(attributes.get("list"), JsonPath.read(json, "$.serviceResponse.authenticationSuccess.attributes.list"));
        assertEquals(attributes.get("int"), JsonPath.read(json, "$.serviceResponse.authenticationSuccess.attributes.int"));
        assertEquals(attributes.get("string"), JsonPath.read(json, "$.serviceResponse.authenticationSuccess.attributes.string"));
        assertEquals("PGTIOU-test", JsonPath.read(json, "$.serviceResponse.authenticationSuccess.proxyGrantingTicket"));
        assertEquals(proxies, JsonPath.read(json, "$.serviceResponse.authenticationSuccess.proxies"));
        // Build and validate XML response
        String xml = ServiceResponseMarshaller.marshalXml(response);
        Document doc = parseAndValidate(xml);
        assertEquals("username", xpath.evaluate("/cas:serviceResponse/cas:authenticationSuccess/cas:user", doc));
        int idx = 0;
        for (Node node : xpath.selectNodes("/cas:serviceResponse/cas:authenticationSuccess/cas:attributes/cas:list", doc)) {
            assertEquals(((List)attributes.get("list")).get(idx), node.getTextContent());
            idx++;
        }
        assertEquals(((List)attributes.get("list")).size(), idx);
        assertEquals(attributes.get("int").toString(), xpath.evaluate("/cas:serviceResponse/cas:authenticationSuccess/cas:attributes/cas:int", doc));
        assertEquals(attributes.get("string").toString(), xpath.evaluate("/cas:serviceResponse/cas:authenticationSuccess/cas:attributes/cas:string", doc));
        assertEquals("PGTIOU-test", xpath.evaluate("/cas:serviceResponse/cas:authenticationSuccess/cas:proxyGrantingTicket", doc));
        idx = 0;
        for (Node node : xpath.selectNodes("/cas:serviceResponse/cas:authenticationSuccess/cas:proxies/cas:proxy", doc)) {
            assertEquals(proxies.get(idx), node.getTextContent());
            idx++;
        }
        assertEquals(proxies.size(), idx);
    }
    @Test
    public void testErrorResponse() throws Exception {
        CASServiceResponse response = ServiceResponseHelper.createFailure(CASErrorCode.INVALID_REQUEST, "Error description");
        assertEquals(EXPECTED_JSON_FAILURE, ServiceResponseMarshaller.marshalJson(response));
        assertEquals(EXPECTED_XML_FAILURE, ServiceResponseMarshaller.marshalXml(response));
        // Build and validate JSON response
        String json = ServiceResponseMarshaller.marshalJson(response);
        assertEquals(CASErrorCode.INVALID_REQUEST.name(), JsonPath.read(json, "$.serviceResponse.authenticationFailure.code"));
        assertEquals("Error description", JsonPath.read(json, "$.serviceResponse.authenticationFailure.description"));
        // Build and validate XML response
        String xml = ServiceResponseMarshaller.marshalXml(response);
        Document doc = parseAndValidate(xml);
        assertEquals(CASErrorCode.INVALID_REQUEST.name(), xpath.evaluate("/cas:serviceResponse/cas:authenticationFailure/@code", doc));
        assertEquals("Error description", xpath.evaluate("/cas:serviceResponse/cas:authenticationFailure", doc));
    }
    /**
     * Parse XML document and validate against CAS schema
     */
    private Document parseAndValidate(String xml) throws Exception {
        Schema schema = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI)
                .newSchema(getClass().getResource("cas-response-schema.xsd"));
        DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
        factory.setSchema(schema);
        factory.setNamespaceAware(true);
        DocumentBuilder builder = factory.newDocumentBuilder();
        builder.setErrorHandler(new FatalAdapter(new DefaultHandler()));
        return builder.parse(new ByteArrayInputStream(xml.getBytes(StandardCharsets.UTF_8)));
    }
}
src/test/resources/org/keycloak/protocol/cas/cas-response-schema.xsd
New file
@@ -0,0 +1,77 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:cas="http://www.yale.edu/tp/cas" targetNamespace="http://www.yale.edu/tp/cas" elementFormDefault="qualified" attributeFormDefault="unqualified">
    <xs:annotation>
        <xs:documentation>The following is the schema for the Central Authentication Service (CAS) version 3.0 protocol response. This covers the responses for the following servlets: /serviceValidate, /proxyValidate, /p3/serviceValidate, /p3/proxyValidate, /proxy This specification is subject to change.</xs:documentation>
    </xs:annotation>
    <xs:element name="serviceResponse" type="cas:ServiceResponseType"></xs:element>
    <xs:complexType name="ServiceResponseType">
        <xs:choice>
            <xs:element name="authenticationSuccess" type="cas:AuthenticationSuccessType"></xs:element>
            <xs:element name="authenticationFailure" type="cas:AuthenticationFailureType"></xs:element>
            <xs:element name="proxySuccess" type="cas:ProxySuccessType"></xs:element>
            <xs:element name="proxyFailure" type="cas:ProxyFailureType"></xs:element>
        </xs:choice>
    </xs:complexType>
    <xs:complexType name="AuthenticationSuccessType">
        <xs:sequence>
            <xs:element name="user" type="xs:string"></xs:element>
            <xs:element name="attributes" type="cas:AttributesType" minOccurs="0"></xs:element>
            <xs:element name="proxyGrantingTicket" type="xs:string" minOccurs="0"></xs:element>
            <xs:element name="proxies" type="cas:ProxiesType" minOccurs="0"></xs:element>
        </xs:sequence>
    </xs:complexType>
    <xs:complexType name="ProxiesType">
        <xs:sequence>
            <xs:element name="proxy" type="xs:string" maxOccurs="unbounded"></xs:element>
        </xs:sequence>
    </xs:complexType>
    <xs:complexType name="AuthenticationFailureType">
        <xs:simpleContent>
            <xs:extension base="xs:string">
                <xs:attribute name="code" type="xs:string" use="required"></xs:attribute>
            </xs:extension>
        </xs:simpleContent>
    </xs:complexType>
    <xs:complexType name="ProxySuccessType">
        <xs:sequence>
            <xs:element name="proxyTicket" type="xs:string"></xs:element>
        </xs:sequence>
    </xs:complexType>
    <xs:complexType name="ProxyFailureType">
        <xs:simpleContent>
            <xs:extension base="xs:string">
                <xs:attribute name="code" type="xs:string" use="required"></xs:attribute>
            </xs:extension>
        </xs:simpleContent>
    </xs:complexType>
    <xs:complexType name="AttributesType">
        <xs:sequence>
            <!-- the protocol documentation is unclear about that part; sometimes the meta-attributes are
                 required, sometimes not. For now we don't support them. -->
            <!--<xs:element name="authenticationDate" type="xs:dateTime" minOccurs="1" maxOccurs="1"></xs:element>-->
            <!--<xs:element name="longTermAuthenticationRequestTokenUsed" type="xs:boolean" minOccurs="1" maxOccurs="1">-->
                <!--<xs:annotation>-->
                    <!--<xs:documentation>true if a long-term (Remember-Me) token was used</xs:documentation>-->
                <!--</xs:annotation>-->
            <!--</xs:element>-->
            <!--<xs:element name="isFromNewLogin" type="xs:boolean" minOccurs="1" maxOccurs="1">-->
                <!--<xs:annotation>-->
                    <!--<xs:documentation>true if this was from a new, interactive login. If login was from a non-interactive login (e.g. Remember-Me), this value is false or might be omitted.</xs:documentation>-->
                <!--</xs:annotation>-->
            <!--</xs:element>-->
            <!-- this part of the offical schema is, unfortunately, invalid -->
            <!--<xs:element name="memberOf" type="xs:string" minOccurs="0" maxOccurs="unbounded">-->
                <!--<xs:annotation>-->
                    <!--<xs:documentation>One or many elements describing the units the user is member in. E.g. LDAP format values.</xs:documentation>-->
                <!--</xs:annotation>-->
            <!--</xs:element>-->
            <xs:any minOccurs="0" maxOccurs="unbounded" processContents="lax">
                <xs:annotation>
                    <xs:documentation>Any user specific attribute elements.</xs:documentation>
                </xs:annotation>
            </xs:any>
        </xs:sequence>
    </xs:complexType>
</xs:schema>