From bce81049aba8eca5afaca2949ba8be3db89a2825 Mon Sep 17 00:00:00 2001
From: Matthias Piepkorn <mpiepk@gmail.com>
Date: Sun, 05 Feb 2017 10:54:12 +0000
Subject: [PATCH] Improve ServiceResponseTest and fix XML response attribute order
---
src/test/resources/org/keycloak/protocol/cas/cas-response-schema.xsd | 77 +++++++++++++++++++
src/main/java/org/keycloak/protocol/cas/representations/CASServiceResponseAuthenticationSuccess.java | 20 ++--
pom.xml | 12 +++
src/test/java/org/keycloak/protocol/cas/ServiceResponseTest.java | 129 ++++++++++++++++++++------------
4 files changed, 179 insertions(+), 59 deletions(-)
diff --git a/pom.xml b/pom.xml
index 2d52b17..6d338c7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -93,6 +93,18 @@
<version>${junit.version}</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.xmlunit</groupId>
+ <artifactId>xmlunit-core</artifactId>
+ <version>2.3.0</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>com.jayway.jsonpath</groupId>
+ <artifactId>json-path</artifactId>
+ <version>2.2.0</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<build>
<plugins>
diff --git a/src/main/java/org/keycloak/protocol/cas/representations/CASServiceResponseAuthenticationSuccess.java b/src/main/java/org/keycloak/protocol/cas/representations/CASServiceResponseAuthenticationSuccess.java
index 30a37c6..3ef7754 100644
--- a/src/main/java/org/keycloak/protocol/cas/representations/CASServiceResponseAuthenticationSuccess.java
+++ b/src/main/java/org/keycloak/protocol/cas/representations/CASServiceResponseAuthenticationSuccess.java
@@ -10,12 +10,12 @@
@XmlAccessorType(XmlAccessType.FIELD)
public class CASServiceResponseAuthenticationSuccess {
private String user;
+ @XmlJavaTypeAdapter(AttributesMapAdapter.class)
+ private Map<String, Object> attributes;
private String proxyGrantingTicket;
@XmlElementWrapper
@XmlElement(name="proxy")
private List<String> proxies;
- @XmlJavaTypeAdapter(AttributesMapAdapter.class)
- private Map<String, Object> attributes;
public String getUser() {
return this.user;
@@ -23,6 +23,14 @@
public void setUser(final String user) {
this.user = user;
+ }
+
+ public Map<String, Object> getAttributes() {
+ return this.attributes;
+ }
+
+ public void setAttributes(final Map<String, Object> attributes) {
+ this.attributes = attributes;
}
public String getProxyGrantingTicket() {
@@ -39,13 +47,5 @@
public void setProxies(final List<String> proxies) {
this.proxies = proxies;
- }
-
- public Map<String, Object> getAttributes() {
- return this.attributes;
- }
-
- public void setAttributes(final Map<String, Object> attributes) {
- this.attributes = attributes;
}
}
diff --git a/src/test/java/org/keycloak/protocol/cas/ServiceResponseTest.java b/src/test/java/org/keycloak/protocol/cas/ServiceResponseTest.java
index 4e07135..b8ebe5a 100644
--- a/src/test/java/org/keycloak/protocol/cas/ServiceResponseTest.java
+++ b/src/test/java/org/keycloak/protocol/cas/ServiceResponseTest.java
@@ -1,59 +1,35 @@
package org.keycloak.protocol.cas;
+import com.jayway.jsonpath.JsonPath;
+import com.sun.xml.bind.v2.util.FatalAdapter;
import org.junit.Test;
import org.keycloak.protocol.cas.representations.CASErrorCode;
import org.keycloak.protocol.cas.representations.CASServiceResponse;
import org.keycloak.protocol.cas.utils.ServiceResponseHelper;
import org.keycloak.protocol.cas.utils.ServiceResponseMarshaller;
+import org.w3c.dom.Document;
+import org.w3c.dom.Node;
+import org.xml.sax.helpers.DefaultHandler;
+import org.xmlunit.xpath.JAXPXPathEngine;
+import org.xmlunit.xpath.XPathEngine;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.Map;
+import javax.xml.XMLConstants;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.validation.Schema;
+import javax.xml.validation.SchemaFactory;
+import java.io.ByteArrayInputStream;
+import java.nio.charset.StandardCharsets;
+import java.util.*;
import static org.junit.Assert.assertEquals;
public class ServiceResponseTest {
- private static final String EXPECTED_JSON_SUCCESS = "{\n" +
- " \"serviceResponse\" : {\n" +
- " \"authenticationSuccess\" : {\n" +
- " \"user\" : \"username\",\n" +
- " \"proxyGrantingTicket\" : \"PGTIOU-test\",\n" +
- " \"proxies\" : [ \"https://proxy1/pgtUrl\", \"https://proxy2/pgtUrl\" ],\n" +
- " \"attributes\" : {\n" +
- " \"string\" : \"abc\",\n" +
- " \"list\" : [ \"a\", \"b\" ],\n" +
- " \"int\" : 123\n" +
- " }\n" +
- " }\n" +
- " }\n" +
- "}";
- private static final String EXPECTED_XML_SUCCESS = "<cas:serviceResponse xmlns:cas=\"http://www.yale.edu/tp/cas\">\n" +
- " <cas:authenticationSuccess>\n" +
- " <cas:user>username</cas:user>\n" +
- " <cas:proxyGrantingTicket>PGTIOU-test</cas:proxyGrantingTicket>\n" +
- " <cas:proxies>\n" +
- " <cas:proxy>https://proxy1/pgtUrl</cas:proxy>\n" +
- " <cas:proxy>https://proxy2/pgtUrl</cas:proxy>\n" +
- " </cas:proxies>\n" +
- " <cas:attributes>\n" +
- " <cas:string>abc</cas:string>\n" +
- " <cas:list>a</cas:list>\n" +
- " <cas:list>b</cas:list>\n" +
- " <cas:int>123</cas:int>\n" +
- " </cas:attributes>\n" +
- " </cas:authenticationSuccess>\n" +
- "</cas:serviceResponse>";
- private static final String EXPECTED_JSON_FAILURE = "{\n" +
- " \"serviceResponse\" : {\n" +
- " \"authenticationFailure\" : {\n" +
- " \"code\" : \"INVALID_REQUEST\",\n" +
- " \"description\" : \"Error description\"\n" +
- " }\n" +
- " }\n" +
- "}";
- private static final String EXPECTED_XML_FAILURE = "<cas:serviceResponse xmlns:cas=\"http://www.yale.edu/tp/cas\">\n" +
- " <cas:authenticationFailure code=\"INVALID_REQUEST\">Error description</cas:authenticationFailure>\n" +
- "</cas:serviceResponse>";
+ private final XPathEngine xpath = new JAXPXPathEngine();
+
+ public ServiceResponseTest() {
+ xpath.setNamespaceContext(Collections.singletonMap("cas", "http://www.yale.edu/tp/cas"));
+ }
@Test
public void testSuccessResponse() throws Exception {
@@ -62,18 +38,73 @@
attributes.put("int", 123);
attributes.put("string", "abc");
+ List<String> proxies = Arrays.asList("https://proxy1/pgtUrl", "https://proxy2/pgtUrl");
CASServiceResponse response = ServiceResponseHelper.createSuccess("username", attributes, "PGTIOU-test",
- Arrays.asList("https://proxy1/pgtUrl", "https://proxy2/pgtUrl"));
+ proxies);
- assertEquals(EXPECTED_JSON_SUCCESS, ServiceResponseMarshaller.marshalJson(response));
- assertEquals(EXPECTED_XML_SUCCESS, ServiceResponseMarshaller.marshalXml(response));
+ // Build and validate JSON response
+
+ String json = ServiceResponseMarshaller.marshalJson(response);
+ assertEquals("username", JsonPath.read(json, "$.serviceResponse.authenticationSuccess.user"));
+ assertEquals(attributes.get("list"), JsonPath.read(json, "$.serviceResponse.authenticationSuccess.attributes.list"));
+ assertEquals(attributes.get("int"), JsonPath.read(json, "$.serviceResponse.authenticationSuccess.attributes.int"));
+ assertEquals(attributes.get("string"), JsonPath.read(json, "$.serviceResponse.authenticationSuccess.attributes.string"));
+ assertEquals("PGTIOU-test", JsonPath.read(json, "$.serviceResponse.authenticationSuccess.proxyGrantingTicket"));
+ assertEquals(proxies, JsonPath.read(json, "$.serviceResponse.authenticationSuccess.proxies"));
+
+ // Build and validate XML response
+
+ String xml = ServiceResponseMarshaller.marshalXml(response);
+ Document doc = parseAndValidate(xml);
+ assertEquals("username", xpath.evaluate("/cas:serviceResponse/cas:authenticationSuccess/cas:user", doc));
+ int idx = 0;
+ for (Node node : xpath.selectNodes("/cas:serviceResponse/cas:authenticationSuccess/cas:attributes/cas:list", doc)) {
+ assertEquals(((List)attributes.get("list")).get(idx), node.getTextContent());
+ idx++;
+ }
+ assertEquals(((List)attributes.get("list")).size(), idx);
+ assertEquals(attributes.get("int").toString(), xpath.evaluate("/cas:serviceResponse/cas:authenticationSuccess/cas:attributes/cas:int", doc));
+ assertEquals(attributes.get("string").toString(), xpath.evaluate("/cas:serviceResponse/cas:authenticationSuccess/cas:attributes/cas:string", doc));
+
+ assertEquals("PGTIOU-test", xpath.evaluate("/cas:serviceResponse/cas:authenticationSuccess/cas:proxyGrantingTicket", doc));
+ idx = 0;
+ for (Node node : xpath.selectNodes("/cas:serviceResponse/cas:authenticationSuccess/cas:proxies/cas:proxy", doc)) {
+ assertEquals(proxies.get(idx), node.getTextContent());
+ idx++;
+ }
+ assertEquals(proxies.size(), idx);
}
@Test
public void testErrorResponse() throws Exception {
CASServiceResponse response = ServiceResponseHelper.createFailure(CASErrorCode.INVALID_REQUEST, "Error description");
- assertEquals(EXPECTED_JSON_FAILURE, ServiceResponseMarshaller.marshalJson(response));
- assertEquals(EXPECTED_XML_FAILURE, ServiceResponseMarshaller.marshalXml(response));
+ // Build and validate JSON response
+
+ String json = ServiceResponseMarshaller.marshalJson(response);
+ assertEquals(CASErrorCode.INVALID_REQUEST.name(), JsonPath.read(json, "$.serviceResponse.authenticationFailure.code"));
+ assertEquals("Error description", JsonPath.read(json, "$.serviceResponse.authenticationFailure.description"));
+
+ // Build and validate XML response
+
+ String xml = ServiceResponseMarshaller.marshalXml(response);
+ Document doc = parseAndValidate(xml);
+ assertEquals(CASErrorCode.INVALID_REQUEST.name(), xpath.evaluate("/cas:serviceResponse/cas:authenticationFailure/@code", doc));
+ assertEquals("Error description", xpath.evaluate("/cas:serviceResponse/cas:authenticationFailure", doc));
+ }
+
+ /**
+ * Parse XML document and validate against CAS schema
+ */
+ private Document parseAndValidate(String xml) throws Exception {
+ Schema schema = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI)
+ .newSchema(getClass().getResource("cas-response-schema.xsd"));
+
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ factory.setSchema(schema);
+ factory.setNamespaceAware(true);
+ DocumentBuilder builder = factory.newDocumentBuilder();
+ builder.setErrorHandler(new FatalAdapter(new DefaultHandler()));
+ return builder.parse(new ByteArrayInputStream(xml.getBytes(StandardCharsets.UTF_8)));
}
}
diff --git a/src/test/resources/org/keycloak/protocol/cas/cas-response-schema.xsd b/src/test/resources/org/keycloak/protocol/cas/cas-response-schema.xsd
new file mode 100644
index 0000000..be8aa9e
--- /dev/null
+++ b/src/test/resources/org/keycloak/protocol/cas/cas-response-schema.xsd
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:cas="http://www.yale.edu/tp/cas" targetNamespace="http://www.yale.edu/tp/cas" elementFormDefault="qualified" attributeFormDefault="unqualified">
+ <xs:annotation>
+ <xs:documentation>The following is the schema for the Central Authentication Service (CAS) version 3.0 protocol response. This covers the responses for the following servlets: /serviceValidate, /proxyValidate, /p3/serviceValidate, /p3/proxyValidate, /proxy This specification is subject to change.</xs:documentation>
+ </xs:annotation>
+ <xs:element name="serviceResponse" type="cas:ServiceResponseType"></xs:element>
+ <xs:complexType name="ServiceResponseType">
+ <xs:choice>
+ <xs:element name="authenticationSuccess" type="cas:AuthenticationSuccessType"></xs:element>
+ <xs:element name="authenticationFailure" type="cas:AuthenticationFailureType"></xs:element>
+ <xs:element name="proxySuccess" type="cas:ProxySuccessType"></xs:element>
+ <xs:element name="proxyFailure" type="cas:ProxyFailureType"></xs:element>
+ </xs:choice>
+ </xs:complexType>
+ <xs:complexType name="AuthenticationSuccessType">
+ <xs:sequence>
+ <xs:element name="user" type="xs:string"></xs:element>
+ <xs:element name="attributes" type="cas:AttributesType" minOccurs="0"></xs:element>
+ <xs:element name="proxyGrantingTicket" type="xs:string" minOccurs="0"></xs:element>
+ <xs:element name="proxies" type="cas:ProxiesType" minOccurs="0"></xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ <xs:complexType name="ProxiesType">
+ <xs:sequence>
+ <xs:element name="proxy" type="xs:string" maxOccurs="unbounded"></xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ <xs:complexType name="AuthenticationFailureType">
+ <xs:simpleContent>
+ <xs:extension base="xs:string">
+ <xs:attribute name="code" type="xs:string" use="required"></xs:attribute>
+ </xs:extension>
+ </xs:simpleContent>
+ </xs:complexType>
+ <xs:complexType name="ProxySuccessType">
+ <xs:sequence>
+ <xs:element name="proxyTicket" type="xs:string"></xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ <xs:complexType name="ProxyFailureType">
+ <xs:simpleContent>
+ <xs:extension base="xs:string">
+ <xs:attribute name="code" type="xs:string" use="required"></xs:attribute>
+ </xs:extension>
+ </xs:simpleContent>
+ </xs:complexType>
+ <xs:complexType name="AttributesType">
+ <xs:sequence>
+ <!-- the protocol documentation is unclear about that part; sometimes the meta-attributes are
+ required, sometimes not. For now we don't support them. -->
+ <!--<xs:element name="authenticationDate" type="xs:dateTime" minOccurs="1" maxOccurs="1"></xs:element>-->
+ <!--<xs:element name="longTermAuthenticationRequestTokenUsed" type="xs:boolean" minOccurs="1" maxOccurs="1">-->
+ <!--<xs:annotation>-->
+ <!--<xs:documentation>true if a long-term (Remember-Me) token was used</xs:documentation>-->
+ <!--</xs:annotation>-->
+ <!--</xs:element>-->
+ <!--<xs:element name="isFromNewLogin" type="xs:boolean" minOccurs="1" maxOccurs="1">-->
+ <!--<xs:annotation>-->
+ <!--<xs:documentation>true if this was from a new, interactive login. If login was from a non-interactive login (e.g. Remember-Me), this value is false or might be omitted.</xs:documentation>-->
+ <!--</xs:annotation>-->
+ <!--</xs:element>-->
+
+ <!-- this part of the offical schema is, unfortunately, invalid -->
+ <!--<xs:element name="memberOf" type="xs:string" minOccurs="0" maxOccurs="unbounded">-->
+ <!--<xs:annotation>-->
+ <!--<xs:documentation>One or many elements describing the units the user is member in. E.g. LDAP format values.</xs:documentation>-->
+ <!--</xs:annotation>-->
+ <!--</xs:element>-->
+
+ <xs:any minOccurs="0" maxOccurs="unbounded" processContents="lax">
+ <xs:annotation>
+ <xs:documentation>Any user specific attribute elements.</xs:documentation>
+ </xs:annotation>
+ </xs:any>
+ </xs:sequence>
+ </xs:complexType>
+</xs:schema>
--
Gitblit v1.9.1