Start of full flow unit tests. Can be used as a template for testing other profile...
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Tue, 29 May 2007 17:24:29 +0000 (17:24 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Tue, 29 May 2007 17:24:29 +0000 (17:24 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2217 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

13 files changed:
tests/data/conf1/attribute-filter.xml [new file with mode: 0644]
tests/data/conf1/attribute-resolver.xml [new file with mode: 0644]
tests/data/conf1/internal.xml [new file with mode: 0644]
tests/data/conf1/logging.xml [new file with mode: 0644]
tests/data/conf1/protocol.xml [new file with mode: 0644]
tests/data/conf1/relying-party.xml [new file with mode: 0644]
tests/data/conf1/service.xml [new file with mode: 0644]
tests/data/edu/internet2/middleware/shibboleth/idp/idp-config-example1.xml [deleted file]
tests/edu/internet2/middleware/shibboleth/idp/BaseIdPTestCase.java [moved from tests/edu/internet2/middleware/shibboleth/idp/config/BaseConfigTestCase.java with 79% similarity]
tests/edu/internet2/middleware/shibboleth/idp/config/services/ServicesTestCase.java [deleted file]
tests/edu/internet2/middleware/shibboleth/idp/system/conf1/BaseConf1TestCase.java [new file with mode: 0644]
tests/edu/internet2/middleware/shibboleth/idp/system/conf1/SAML2AttributeQueryTestCase.java [new file with mode: 0644]
tests/log4j.xml

diff --git a/tests/data/conf1/attribute-filter.xml b/tests/data/conf1/attribute-filter.xml
new file mode 100644 (file)
index 0000000..cc0a372
--- /dev/null
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<AttributeFilterPolicyGroup id="ShibbolethFilterPolicy" 
+                            xmlns="urn:mace:shibboleth:2.0:afp"
+                            xmlns:basic="urn:mace:shibboleth:2.0:afp:mf:basic"
+                            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                            xsi:schemaLocation="urn:mace:shibboleth:2.0:afp classpath:/schema/shibboleth-2.0-afp.xsd
+                                                urn:mace:shibboleth:2.0:afp:mf:basic classpath:/schema/shibboleth-2.0-afp-mf-basic.xsd ">
+                                                
+    <AttributeFilterPolicy id="Anyone">
+        <PolicyRequirementRule xsi:type="basic:ANY" />
+        
+        <AttributeRule attributeID="uid">
+            <PermitValueRule xsi:type="basic:ANY" />
+        </AttributeRule>
+        
+        <AttributeRule attributeID="cn">
+            <PermitValueRule xsi:type="basic:ANY" />
+        </AttributeRule>
+        
+    </AttributeFilterPolicy>
+                                                    
+</AttributeFilterPolicyGroup>
\ No newline at end of file
diff --git a/tests/data/conf1/attribute-resolver.xml b/tests/data/conf1/attribute-resolver.xml
new file mode 100644 (file)
index 0000000..13ace52
--- /dev/null
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<AttributeResolver xmlns="urn:mace:shibboleth:2.0:resolver"
+                   xmlns:resolver="urn:mace:shibboleth:2.0:resolver"
+                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                   xmlns:simple="urn:mace:shibboleth:2.0:resolver:ad:simple"
+                      xmlns:static="urn:mace:shibboleth:2.0:resolver:dc:static"
+                      xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver classpath:/schema/shibboleth-2.0-attribute-resolver.xsd
+                                       urn:mace:shibboleth:2.0:resolver:ad:simple classpath:/schema/shibboleth-2.0-attribute-resolver-ad-simple.xsd
+                                       urn:mace:shibboleth:2.0:resolver:dc:static classpath:/schema/shibboleth-2.0-attribute-resolver-dc-static.xsd">
+                                       
+    <resolver:DataConnector xsi:type="static:Static" id="static">
+        <static:Attribute id="uid">
+            <static:Value>testuser</static:Value>
+        </static:Attribute>
+        <static:Attribute id="cn">
+            <static:Value>Test User</static:Value>
+        </static:Attribute>
+    </resolver:DataConnector>
+    
+</AttributeResolver>
\ No newline at end of file
diff --git a/tests/data/conf1/internal.xml b/tests/data/conf1/internal.xml
new file mode 100644 (file)
index 0000000..b2ef7ac
--- /dev/null
@@ -0,0 +1,203 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd"
+    default-autowire="byType">
+    
+    <!-- Spring configuration file that boostraps OpenSAML -->
+    <bean id="shibboleth.OpensamlConfig" class="edu.internet2.middleware.shibboleth.common.config.OpensamlConfigBean" lazy-init="false">
+        <constructor-arg>
+            <list>
+                <bean id="default" class="org.opensaml.util.resource.ClasspathResource">
+                    <constructor-arg value="/default-config.xml" />
+                </bean>
+                <bean id="schema" class="org.opensaml.util.resource.ClasspathResource">
+                    <constructor-arg value="/schema-config.xml" />
+                </bean>
+                <bean id="signature" class="org.opensaml.util.resource.ClasspathResource">
+                    <constructor-arg value="/signature-config.xml" />
+                </bean>
+                <bean id="encryption" class="org.opensaml.util.resource.ClasspathResource">
+                    <constructor-arg value="/encryption-config.xml" />
+                </bean>
+                <bean id="soap11" class="org.opensaml.util.resource.ClasspathResource">
+                    <constructor-arg value="/soap11-config.xml" />
+                </bean>
+                <bean id="saml1Assertion" class="org.opensaml.util.resource.ClasspathResource">
+                    <constructor-arg value="/saml1-assertion-config.xml" />
+                </bean>
+                <bean id="saml1Protocol" class="org.opensaml.util.resource.ClasspathResource">
+                    <constructor-arg value="/saml1-protocol-config.xml" />
+                </bean>
+                <bean id="saml1Metadata" class="org.opensaml.util.resource.ClasspathResource">
+                    <constructor-arg value="/saml1-metadata-config.xml" />
+                </bean>
+                <bean id="saml2Assertion" class="org.opensaml.util.resource.ClasspathResource">
+                    <constructor-arg value="/saml2-assertion-config.xml" />
+                </bean>
+                <bean id="saml2Protocol" class="org.opensaml.util.resource.ClasspathResource">
+                    <constructor-arg value="/saml2-protocol-config.xml" />
+                </bean>
+                <bean id="saml2ThirdParty" class="org.opensaml.util.resource.ClasspathResource">
+                    <constructor-arg value="/saml2-protocol-thirdparty-config.xml" />
+                </bean>
+                <bean id="saml2Metadata" class="org.opensaml.util.resource.ClasspathResource">
+                    <constructor-arg value="/saml2-metadata-config.xml" />
+                </bean>
+                <bean id="saml2MetadataQuery" class="org.opensaml.util.resource.ClasspathResource">
+                    <constructor-arg value="/saml2-metadata-query-config.xml" />
+                </bean>               
+            </list>
+        </constructor-arg>
+    </bean>
+
+    <bean id="shibboleth.VelocityEngine" class="org.springframework.ui.velocity.VelocityEngineFactoryBean" >
+        <property name="velocityProperties">
+            <props>
+                <prop key="resource.loader">classpath, string</prop>
+                <prop key="classpath.resource.loader.class">
+                    org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader
+                </prop>
+                <prop key="string.resource.loader.class">
+                    org.apache.velocity.runtime.resource.loader.StringResourceLoader
+                </prop>
+            </props>
+        </property>
+    </bean>
+
+    <bean id="shibboleth.TaskTimer" class="java.util.Timer" destroy-method="cancel">
+        <constructor-arg value="true" type="boolean" />
+    </bean>
+
+    <bean id="shibboleth.ParserPool" class="org.opensaml.xml.parse.BasicParserPool">
+        <property name="maxPoolSize" value="50" />
+        <property name="createBuildersAtPoolLimit" value="true" />
+        <property name="coalescing" value="true" />
+        <property name="ignoreComments" value="true" />
+        <property name="ignoreElementContentWhitespace" value="true" />
+        <property name="namespaceAware" value="true" />
+    </bean>
+
+    <bean id="shibboleth.SAML2AttributeQueryMessageSecurityPolicyFactory" class="org.opensaml.common.binding.security.SAMLSecurityPolicyFactory">
+        <property name="issuerRole">
+            <bean id="shibboleth.SAML2AttributeQueryRole" class="javax.xml.namespace.QName">
+                <constructor-arg value="urn:oasis:names:tc:SAML:2.0:metadata" />
+                <constructor-arg value="SPSSODescriptor" />
+            </bean>
+        </property>
+        <property name="issuerProtocol" value="urn:oasis:names:tc:SAML:2.0:protocol" />
+        <property name="policyRuleFactories">
+            <list>
+                <ref bean="shibboleth.SAML2ProtocolMessageRuleFactory" />
+                <ref bean="shibboleth.MessageIssueInstantRuleFactory" />
+            </list>
+        </property>
+    </bean>
+    
+    <bean id="shibboleth.SAML2ProtocolMessageRuleFactory" class="org.opensaml.saml2.binding.security.SAML2ProtocolMessageRuleFactory" />
+    
+    <bean id="shibboleth.MessageIssueInstantRuleFactory" class="org.opensaml.common.binding.security.IssueInstantRuleFactory">
+        <property name="clockSkew" value="5" />
+        <property name="expires" value="10" />
+    </bean>
+    
+    <bean id="shibboleth.MessageEncoderFactory" class="org.opensaml.common.binding.encoding.MessageEncoderFactory">
+        <property name="encoderBuilders">
+            <map>
+                <entry>
+                    <key>
+                        <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</value>
+                    </key>
+                    <bean id="shibboleth.SAML2HttpPostEncoderBuilder" class="org.opensaml.saml2.binding.encoding.HTTPPostEncoderBuilder">
+                        <constructor-arg ref="shibboleth.VelocityEngine" />
+                        <constructor-arg value="/templates/saml2-post-binding.vm"/>
+                    </bean>
+                </entry>
+                <entry>
+                    <key>
+                        <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect</value>
+                    </key>
+                    <bean id="shibboleth.SAML2HttpRedirectEncoderBuilder" class="org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoderBuilder" />
+                </entry>
+                <entry>
+                    <key>
+                        <value>urn:oasis:names:tc:SAML:2.0:bindings:SOAP</value>
+                    </key>
+                    <bean id="shibboleth.SAML2HttpSoap11EncoderBuilder" class="org.opensaml.saml2.binding.encoding.HTTPSOAP11EncoderBuilder" />
+                </entry>
+                <entry>
+                    <key>
+                        <value>urn:oasis:names:tc:SAML:1.0:profiles:browser-post</value>
+                    </key>
+                    <bean id="shibboleth.SAML1HttpPostEncoderBuilder" class="org.opensaml.saml1.binding.encoding.HTTPPostEncoderBuilder">
+                        <constructor-arg ref="shibboleth.VelocityEngine" />
+                        <constructor-arg value="/templates/saml1-post-binding.vm"/>
+                    </bean>
+                </entry>
+                <entry>
+                    <key>
+                        <value>urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding</value>
+                    </key>
+                    <bean id="shibboleth.SAML1HttpSoap11EncoderBuilder" class="org.opensaml.saml1.binding.encoding.HTTPSOAP11EncoderBuilder" />
+                </entry>
+            </map>
+        </property>
+    </bean>
+    
+    <bean id="shibboleth.MessageDecoderFactory" class="org.opensaml.common.binding.decoding.MessageDecoderFactory">
+        <property name="decoderBuilders">
+            <map>
+                <entry>
+                    <key>
+                        <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</value>
+                    </key>
+                    <bean id="shibboleth.SAML2HttpPostDecoderBuilder" class="org.opensaml.saml2.binding.decoding.HTTPPostDecoderBuilder" />
+                </entry>
+                <entry>
+                    <key>
+                        <value>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect</value>
+                    </key>
+                    <bean id="shibboleth.SAML2HttpRedirectDecoderBuilder" class="org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoderBuilder" />
+                </entry>
+                <entry>
+                    <key>
+                        <value>urn:oasis:names:tc:SAML:2.0:bindings:SOAP</value>
+                    </key>
+                    <bean id="shibboleth.SAML2HttpSoap11DecoderBuilder" class="org.opensaml.saml2.binding.decoding.HTTPSOAP11DecoderBuilder" />
+                </entry>
+                <entry>
+                    <key>
+                        <value>urn:oasis:names:tc:SAML:1.0:profiles:browser-post</value>
+                    </key>
+                    <bean id="shibboleth.SAML1HttpPostDecoderBuilder" class="org.opensaml.saml1.binding.decoding.HTTPPostDecoderBuilder" />
+                </entry>
+                <entry>
+                    <key>
+                        <value>urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding</value>
+                    </key>
+                    <bean id="shibboleth.SAML1HttpSoap11DecoderBuilder" class="org.opensaml.saml1.binding.decoding.HTTPSOAP11DecoderBuilder" />
+                </entry>
+            </map>
+        </property>
+    </bean>
+    
+    <bean id="shibboleth.SessionManager" class="edu.internet2.middleware.shibboleth.idp.session.impl.SessionManagerImpl" />
+    
+    <!-- We're not operating in a servlet container so this won't work -->
+    <!-- 
+    <bean id="shibboleth.ServletAttributeExporter"
+        class="org.springframework.web.context.support.ServletContextAttributeExporter">
+        <property name="attributes">
+            <map>
+                <entry>
+                    <key>
+                        <value>handlerManager</value>
+                    </key>
+                    <ref bean="shibboleth.ProfileHandler" />
+                </entry>
+            </map>
+        </property>
+    </bean>
+    -->
+    
+</beans>
\ No newline at end of file
diff --git a/tests/data/conf1/logging.xml b/tests/data/conf1/logging.xml
new file mode 100644 (file)
index 0000000..faadbcd
--- /dev/null
@@ -0,0 +1,122 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+
+<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="false">
+
+    <!-- ======================================= -->
+    <!-- Renderers for specific types of objects -->
+    <!-- ======================================= -->
+    <renderer renderedClass="edu.internet2.middleware.shibboleth.common.log.AuditLogEntry"
+        renderingClass="edu.internet2.middleware.shibboleth.common.log.CSVAuditEventRenderer" />
+
+    <renderer renderedClass="edu.internet2.middleware.shibboleth.common.log.AccessLogEntry"
+        renderingClass="edu.internet2.middleware.shibboleth.common.log.CSVAcessEventRenderer" />
+
+    <renderer renderedClass="org.w3c.dom.Node" renderingClass="org.opensaml.log.DOMNodeRenderer" />
+
+    <renderer renderedClass="org.opensaml.xml.XMLObject" renderingClass="org.opensaml.log.XMLObjectRenderer" />
+
+    <!-- ================================= -->
+    <!-- Send messages to local files      -->
+    <!-- ================================= -->
+    <appender name="IDP_LOG" class="org.opensaml.log.RollingFileAppender">
+        <param name="File" value="$IDP_HOME$/conf/idp.log" />
+        <param name="Append" value="false" />
+
+        <!-- Rollover at midnight each day -->
+        <param name="DatePattern" value="'.'yyyy-MM-dd" />
+
+        <layout class="org.apache.log4j.PatternLayout">
+            <!-- The default pattern: Date Priority [Category] Message -->
+            <param name="ConversionPattern" value="%d %-5p [%c] %m%n" />\r
+\r
+            <!-- The debug pattern (very slow): Date Priority [Class#Method:Line Number] Message -->
+            <!--
+                <param name="ConversionPattern" value="%d %-5p [%C{1}#%M:%L] %m%n"/>
+            -->
+        </layout>
+    </appender>
+
+    <appender name="IDP_AUDIT" class="org.opensaml.log.RollingFileAppender">
+        <param name="File" value="$IDP_HOME$/conf/audit.log" />
+        <param name="Append" value="false" />
+
+        <!-- Rollover at midnight each day -->
+        <param name="DatePattern" value="'.'yyyy-MM-dd" />
+
+        <layout class="org.apache.log4j.PatternLayout">
+            <!-- The default pattern: Date Priority [Category] Message -->
+            <param name="ConversionPattern" value="%d %-5p [%c] %m%n" />
+
+            <!-- The debug pattern (very slow): Date Priority [Class#Method:Line Number] Message -->
+            <!--
+                <param name="ConversionPattern" value="%d %-5p [%C{1}#%M:%L] %m%n"/>
+            -->
+        </layout>
+    </appender>
+
+    <appender name="IDP_ACCESS" class="org.opensaml.log.RollingFileAppender">
+        <param name="File" value="$IDP_HOME$/conf/access.log" />
+        <param name="Append" value="false" />
+
+        <!-- Rollover at midnight each day -->
+        <param name="DatePattern" value="'.'yyyy-MM-dd" />
+
+        <layout class="org.apache.log4j.PatternLayout">
+            <!-- The default pattern: Date Priority [Category] Message -->
+            <param name="ConversionPattern" value="%d %-5p [%c] %m%n" />
+
+            <!-- The debug pattern (very slow): Date Priority [Class#Method:Line Number] Message -->
+            <!--
+                <param name="ConversionPattern" value="%d %-5p [%C{1}#%M:%L] %m%n"/>
+            -->
+        </layout>
+    </appender>
+
+    <!-- ============================== -->
+    <!-- Append messages to the console -->
+    <!-- ============================== -->
+
+    <appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender">
+        <param name="Target" value="System.out" />
+
+        <layout class="org.apache.log4j.PatternLayout">
+            <!-- The default pattern: Date Priority [Category] Message -->\r
+            <!-- param name="ConversionPattern" value="%d %-5p [%c] %m%n"/-->\r
+\r
+            <!-- The debug pattern (very slow): Date Priority [Class#Method:Line Number] Message -->\r
+            <param name="ConversionPattern" value="%d %-5p [%C{1}#%M:%L] %m%n" />
+        </layout>
+    </appender>
+
+
+    <!-- ================ -->
+    <!-- Limit categories -->
+    <!-- ================ -->
+
+    <category name="Shibboleth-Audit">
+        <priority value="CRITICAL" />
+        <appender-ref ref="IDP_AUDIT" />
+    </category>
+
+    <category name="Shibboleth-Access">
+        <priority value="CRITICAL" />
+        <appender-ref ref="IDP_ACCESS" />
+    </category>
+
+    <category name="edu.internet2.middleware.shibboleth">
+        <priority value="DEBUG" />
+    </category>\r
+\r
+\r
+    <!-- ======================= -->
+    <!-- Setup the Root category -->
+    <!-- ======================= -->
+
+    <root>
+        <priority value="WARN" />
+        <appender-ref ref="CONSOLE" />
+    </root>
+
+</log4j:configuration>
\ No newline at end of file
diff --git a/tests/data/conf1/protocol.xml b/tests/data/conf1/protocol.xml
new file mode 100644 (file)
index 0000000..4a5680b
--- /dev/null
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<ProfileHandlerGroup xmlns="urn:mace:shibboleth:2.0:profile-handler"
+                 xmlns:idpProfile="urn:mace:shibboleth:2.0:idp:profiles"
+                 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                 xsi:schemaLocation="urn:mace:shibboleth:2.0:profile-handler classpath:/schema/shibboleth-2.0-profile-handler.xsd
+                                     urn:mace:shibboleth:2.0:idp:profiles classpath:/schema/shibboleth-2.0-idp-profile.xsd">
+
+    <ErrorHandler xsi:type="JSPErrorHandler" jspPagePath="/error.jsp" />
+
+    <ProfileHandler xsi:type="idpProfile:Status">
+        <RequestPath>/shibboleth/IdP/status</RequestPath>
+    </ProfileHandler>
+    
+    <ProfileHandler xsi:type="idpProfile:SAML2AttributeQuery"
+                    securityPolicyFactoryId="shibboleth.SAML2AttributeQueryMessageSecurityPolicyFactory">
+        <RequestPath>/IdP/saml2/SOAP/AttributeQuery</RequestPath>
+    </ProfileHandler>
+
+<!--
+    <ProfileHandler xsi:type="idpProfile:SAML2SSO">
+        <RequestPath>/IdP/saml2/HTTP/SSO</RequestPath>
+    </ProfileHandler>
+
+    <ProfileHandler xsi:type="idpProfile:SAML2AttributeQuery">
+        <RequestPath>/IdP/saml2/SOAP/attribute</RequestPath>
+    </ProfileHandler>
+-->
+
+</ProfileHandlerGroup>
\ No newline at end of file
diff --git a/tests/data/conf1/relying-party.xml b/tests/data/conf1/relying-party.xml
new file mode 100644 (file)
index 0000000..3720bf0
--- /dev/null
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+    This file specifies relying party dependent configurations for the IdP, for example, whether SAML assertions to a 
+    particular relying party should be signed.  It also includes metadata provider and credential definitions used 
+    when answering requests to a relying party.
+-->
+
+<RelyingPartyGroup xmlns="urn:mace:shibboleth:2.0:relying-party"
+                   xmlns:saml="urn:mace:shibboleth:2.0:relying-party:saml"
+                   xmlns:metadata="urn:mace:shibboleth:2.0:metadata"
+                   xmlns:credential="urn:mace:shibboleth:2.0:credential"
+                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                   xsi:schemaLocation="urn:mace:shibboleth:2.0:relying-party classpath:/schema/shibboleth-2.0-relying-party.xsd
+                                       urn:mace:shibboleth:2.0:relying-party:saml classpath:/schema/shibboleth-2.0-relying-party-saml.xsd
+                                       urn:mace:shibboleth:2.0:metadata classpath:/schema/shibboleth-2.0-metadata.xsd
+                                       urn:mace:shibboleth:2.0:credential classpath:/schema/shibboleth-2.0-credential.xsd
+                                       urn:oasis:names:tc:SAML:2.0:metadata classpath:/schema/saml-schema-metadata-2.0.xsd">
+                                       
+    <AnonymousRelyingParty provider="http://example.org/IdP" />
+    
+    <DefaultRelyingParty provider="http://example.org/IdP" />
+    
+    <RelyingParty id="urn:mace:incommon"
+                  provider="http://example.org/IdP">
+          <!-- 
+        <ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" />
+        <ProfileConfiguration xsi:type="saml:SAML2SSOProfile" />
+        -->
+    </RelyingParty>
+    
+    <MetadataProvider id="UnitTestConf1" xsi:type="InlineMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata">
+        <EntitiesDescriptor Name="urn:example.org:unitTestFed" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
+            <EntityDescriptor entityID="urn:example.org:unitTestFed:mysp">
+                <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+                    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.org/mySP" index="0" />
+                    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://example.org/mySP" index="0" />
+                </SPSSODescriptor>
+            </EntityDescriptor>
+        </EntitiesDescriptor>
+    </MetadataProvider>
+
+</RelyingPartyGroup>
\ No newline at end of file
diff --git a/tests/data/conf1/service.xml b/tests/data/conf1/service.xml
new file mode 100644 (file)
index 0000000..09c65f8
--- /dev/null
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<IdPConfig xmlns="urn:mace:shibboleth:2.0:idp:services" xmlns:service="urn:mace:shibboleth:2.0:services"
+    xmlns:profile="urn:mace:shibboleth:2.0:profile-handler" xmlns:relyingParty="urn:mace:shibboleth:2.0:relying-party"
+    xmlns:resolver="urn:mace:shibboleth:2.0:resolver" xmlns:afp="urn:mace:shibboleth:2.0:afp"
+    xmlns:resource="urn:mace:shibboleth:2.0:resource" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="urn:mace:shibboleth:2.0:idp:services classpath:/schema/shibboleth-2.0-idp-service.xsd
+                        urn:mace:shibboleth:2.0:services classpath:/schema/shibboleth-2.0-services.xsd
+                        urn:mace:shibboleth:2.0:profile-handler classpath:/schema/shibboleth-2.0-profile-handler.xsd
+                        urn:mace:shibboleth:2.0:relying-party classpath:/schema/shibboleth-2.0-relying-party.xsd
+                        urn:mace:shibboleth:2.0:resolver classpath:/schema/shibboleth-2.0-attribute-resolver.xsd
+                        urn:mace:shibboleth:2.0:afp classpath:/schema/shibboleth-2.0-afp.xsd 
+                        urn:mace:shibboleth:2.0:resource classpath:/schema/shibboleth-2.0-resource.xsd">
+
+<!--
+    <LoggingConfiguration>$IDP_HOME$/conf/logging.xml</LoggingConfiguration>
+-->
+
+    <Service id="shibboleth.ProfileHandler"
+             xmlns="urn:mace:shibboleth:2.0:services"
+             xsi:type="profile:ShibbolethProfileHandlerManager">
+        <ConfigurationResource file="/data/conf1/protocol.xml" xsi:type="resource:ClasspathResource" />
+    </Service>
+
+    <Service id="shibboleth.RelyingPartyConfigurationManager"
+             xmlns="urn:mace:shibboleth:2.0:services"
+             xsi:type="relyingParty:SAMLMDRelyingPartyConfigurationManager">
+        <ConfigurationResource file="/data/conf1/relying-party.xml" xsi:type="resource:ClasspathResource" />
+    </Service>
+
+    <Service id="shibboleth.AttributeResolver"
+             xmlns="urn:mace:shibboleth:2.0:services"
+             xsi:type="resolver:ShibbolethAttributeResolver">
+        <ConfigurationResource file="/data/conf1/attribute-resolver.xml" xsi:type="resource:ClasspathResource" />
+    </Service>
+
+    <Service id="shibboleth.AttributeFilterEngine"
+             xmlns="urn:mace:shibboleth:2.0:services"
+             xsi:type="afp:ShibbolethAttributeFilteringEngine">
+        <ConfigurationResource file="/data/conf1/attribute-filter.xml" xsi:type="resource:ClasspathResource" />
+    </Service>
+
+</IdPConfig>
\ No newline at end of file
diff --git a/tests/data/edu/internet2/middleware/shibboleth/idp/idp-config-example1.xml b/tests/data/edu/internet2/middleware/shibboleth/idp/idp-config-example1.xml
deleted file mode 100644 (file)
index ff228ee..0000000
+++ /dev/null
@@ -1,57 +0,0 @@
-<IdPConfig xmlns="urn:mace:shibboleth:2.0:idp-config" xmlns:service="urn:mace:shibboleth:2.0:services"
-    xmlns:profile="urn:mace:shibboleth:2.0:profile-handler" xmlns:relyingParty="urn:mace:shibboleth:2.0:relying-party"
-    xmlns:resolver="urn:mace:shibboleth:2.0:resolver" xmlns:afp="urn:mace:shibboleth:2.0:afp"
-    xmlns:res="urn:mace:shibboleth:2.0:resource"
-    xsi:schemaLocation="urn:mace:shibboleth:2.0:idp-config classpath:/schema/shibboleth-2.0-idp-config.xsd
-                                 urn:mace:shibboleth:2.0:services classpath:/schema/shibboleth-2.0-services.xsd
-                                 urn:mace:shibboleth:2.0:profile-handler classpath:/schema/shibboleth-2.0-profile-handler.xsd
-                                 urn:mace:shibboleth:2.0:relying-party classpath:/schema/shibboleth-2.0-relying-party.xsd
-                                 urn:mace:shibboleth:2.0:resolver classpath:/schema/shibboleth-2.0-attribute-resolver.xsd
-                                 urn:mace:shibboleth:2.0:afp classpath:/schema/shibboleth-2.0-afp.xsd 
-                                 urn:mace:shibboleth:2.0:resource classpath:/schema/shibboleth-2.0-resource.xsd">
-
-    <LoggingConfiguration>/opt/shibboleth-idp-2/etc/logging.xml</LoggingConfiguration>
-
-    <!--  Reloadable profile handler manager -->
-    <service:Service id="shibboleth.ProfileHandler"
-                           type="profile:ShibbolethProfileHandlerManager"
-                           configurationResourcePollingFrequency="300000">
-        <resource:ConfigurationResource type="resource:FileSystemResource">
-            /opt/shibboleth-idp-2/etc/profileHandlers.xml
-        </resource:ConfigurationResource>
-    </service:Service>
-
-    <!--  Reloadable relying party configuration manager -->
-    <service:Service id="shibboleth.RelyingPartyConfigurationManager"
-                           type="relyingParty:SAMLMDRelyingPartyConfigurationManager"
-                           configurationResourcePollingFrequency="300000">
-        <resource:ConfigurationResource type="resource:FileSystemResource">
-            /opt/shibboleth-idp-2/etc/relyingParties.xml
-        </resource:ConfigurationResource>
-    </service:Service>
-
-    <!--  Non-reloadable attribute resolver -->
-    <service:Service id="shibboleth.AttributeResolver"
-                           type="resolver:ShibbolethAttributeResolver">
-        <resource:ConfigurationResource type="resource:FileSystemResource">
-            /opt/shibboleth-idp-2/etc/resolver.xml
-        </resource:ConfigurationResource>
-    </service:Service>
-
-    <!--  Reloadable attribute filtering engine overriding the default number of times (3) the engine will try to reload a bad configuration file -->
-    <service:Service id="shibboleth.AttributeFilterEngine"
-                           type="afp:ShibbolethAttributeFilteringEngine"
-                           configurationResourcePollingFrequency="300000"
-                           configurationResourcePollingRetryAttempts="10">
-        <resource:ConfigurationResource type="resource:FileSystemResource">
-            /opt/shibboleth-idp-2/etc/site.filter.xml
-        </resource:ConfigurationResource>
-        <resource:ConfigurationResource type="resource:FileSystemResource">
-            /opt/shibboleth-idp-2/etc/groups.filter.xml
-        </resource:ConfigurationResource>
-        <resource:ConfigurationResource type="resource:FileSystemResource">
-            /opt/shibboleth-idp-2/etc/users.filter.xml
-        </resource:ConfigurationResource>
-    </service:Service>
-
-</IdPConfig>
\ No newline at end of file
@@ -1,12 +1,16 @@
-package edu.internet2.middleware.shibboleth.idp.config;
+package edu.internet2.middleware.shibboleth.idp;
 
 
 import java.util.ArrayList;
 import java.util.List;
 
 
 
 import java.util.ArrayList;
 import java.util.List;
 
+import org.opensaml.Configuration;
 import org.opensaml.util.resource.ClasspathResource;
 import org.opensaml.util.resource.Resource;
 import org.opensaml.util.resource.ResourceException;
 import org.opensaml.util.resource.ClasspathResource;
 import org.opensaml.util.resource.Resource;
 import org.opensaml.util.resource.ResourceException;
+import org.opensaml.xml.XMLObjectBuilderFactory;
+import org.opensaml.xml.io.MarshallerFactory;
+import org.opensaml.xml.io.UnmarshallerFactory;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.support.GenericApplicationContext;
 
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.support.GenericApplicationContext;
 
@@ -16,13 +20,26 @@ import edu.internet2.middleware.shibboleth.common.config.SpringConfigurationUtil
 /**
  * Base unit test case for Spring configuration tests.
  */
 /**
  * Base unit test case for Spring configuration tests.
  */
-public class BaseConfigTestCase extends BaseTestCase {
+public class BaseIdPTestCase extends BaseTestCase {
+    
+    /** Factory for XMLObject builders. */
+    protected XMLObjectBuilderFactory builderFactory;
+    
+    /** Factory for XMLObject marshallers. */
+    protected MarshallerFactory marshallerFactory;
+    
+    /** Factory for XMLObject unmarshallers. */
+    protected UnmarshallerFactory unmarshallerFactory;
 
     /** Configuration resources to be loaded for all unit tests. */
     private List<Resource> configResources;
 
     /** {@inheritDoc} */
     protected void setUp() throws Exception {
 
     /** Configuration resources to be loaded for all unit tests. */
     private List<Resource> configResources;
 
     /** {@inheritDoc} */
     protected void setUp() throws Exception {
+        builderFactory = Configuration.getBuilderFactory();
+        marshallerFactory = Configuration.getMarshallerFactory();
+        unmarshallerFactory = Configuration.getUnmarshallerFactory();
+        
         configResources = new ArrayList<Resource>();
     }
 
         configResources = new ArrayList<Resource>();
     }
 
diff --git a/tests/edu/internet2/middleware/shibboleth/idp/config/services/ServicesTestCase.java b/tests/edu/internet2/middleware/shibboleth/idp/config/services/ServicesTestCase.java
deleted file mode 100644 (file)
index f83e035..0000000
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package edu.internet2.middleware.shibboleth.idp.config.services;
-
-import org.springframework.context.ApplicationContext;
-
-import edu.internet2.middleware.shibboleth.idp.config.BaseConfigTestCase;
-import edu.internet2.middleware.shibboleth.idp.config.service.IdPServicesBean;
-
-/**
- *
- */
-public class ServicesTestCase extends BaseConfigTestCase {
-
-    public void testServiceLoading() throws Exception {
-        String[] configs = {"/internal.xml", "/service.xml",  };
-        ApplicationContext appCtx = createSpringContext(configs);
-        
-        String[] beanNames = appCtx.getBeanNamesForType(IdPServicesBean.class);
-        IdPServicesBean idpServices = (IdPServicesBean) appCtx.getBean(beanNames[0]);
-    }
-}
\ No newline at end of file
diff --git a/tests/edu/internet2/middleware/shibboleth/idp/system/conf1/BaseConf1TestCase.java b/tests/edu/internet2/middleware/shibboleth/idp/system/conf1/BaseConf1TestCase.java
new file mode 100644 (file)
index 0000000..e26db54
--- /dev/null
@@ -0,0 +1,32 @@
+package edu.internet2.middleware.shibboleth.idp.system.conf1;
+
+
+import org.springframework.context.ApplicationContext;
+
+import edu.internet2.middleware.shibboleth.idp.BaseIdPTestCase;
+
+/**
+ * Base unit test case for Spring configuration tests.
+ */
+public class BaseConf1TestCase extends BaseIdPTestCase {
+    
+    /** Application context containing the loaded IdP configuration. */
+    private ApplicationContext appCtx;
+
+    /** {@inheritDoc} */
+    protected void setUp() throws Exception {
+        super.setUp();
+        
+        String[] configs = { "/data/conf1/internal.xml", "/data/conf1/service.xml", };
+        appCtx = createSpringContext(configs);
+    }
+    
+    /**
+     * Gets the application context containing the IdP configuration for the unit tests.
+     * 
+     * @return application context containing the IdP configuration for the unit tests
+     */
+    protected ApplicationContext getApplicationContext(){
+        return appCtx;
+    }
+}
\ No newline at end of file
diff --git a/tests/edu/internet2/middleware/shibboleth/idp/system/conf1/SAML2AttributeQueryTestCase.java b/tests/edu/internet2/middleware/shibboleth/idp/system/conf1/SAML2AttributeQueryTestCase.java
new file mode 100644 (file)
index 0000000..a43bd06
--- /dev/null
@@ -0,0 +1,130 @@
+/*
+ * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package edu.internet2.middleware.shibboleth.idp.system.conf1;
+
+import org.joda.time.DateTime;
+import org.opensaml.common.SAMLObjectBuilder;
+import org.opensaml.common.SAMLVersion;
+import org.opensaml.saml2.core.AttributeQuery;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.ws.soap.common.SOAPObjectBuilder;
+import org.opensaml.ws.soap.soap11.Body;
+import org.opensaml.ws.soap.soap11.Envelope;
+import org.opensaml.xml.io.Marshaller;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.util.XMLHelper;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.w3c.dom.Element;
+
+import edu.internet2.middleware.shibboleth.common.profile.ProfileHandler;
+import edu.internet2.middleware.shibboleth.common.profile.ProfileRequest;
+import edu.internet2.middleware.shibboleth.common.profile.ProfileResponse;
+import edu.internet2.middleware.shibboleth.common.profile.provider.ShibbolethProfileHandlerManager;
+import edu.internet2.middleware.shibboleth.idp.profile.ShibbolethProfileRequest;
+import edu.internet2.middleware.shibboleth.idp.profile.ShibbolethProfileResponse;
+
+/**
+ * A system test that meant to simulate various types of SAML 2 attribute queries.
+ */
+public class SAML2AttributeQueryTestCase extends BaseConf1TestCase {
+
+    public void testAttributeQuery() throws Exception {
+        AttributeQuery query = buildAttributeQuery();
+        String soapMessage = getSOAPMessage(query);
+
+        MockHttpServletRequest servletRequest = new MockHttpServletRequest();
+        servletRequest.setPathInfo("/IdP/saml2/SOAP/AttributeQuery");
+        servletRequest.setContent(soapMessage.getBytes());
+
+        MockHttpServletResponse servletResponse = new MockHttpServletResponse();
+
+        ShibbolethProfileHandlerManager handlerManager = (ShibbolethProfileHandlerManager) getApplicationContext()
+                .getBean("shibboleth.ProfileHandler");
+        ProfileHandler handler = handlerManager.getProfileHandler(servletRequest);
+        
+        return;
+
+//        ProfileRequest profileRequest = new ShibbolethProfileRequest(servletRequest);
+//        ProfileResponse profileResponse = new ShibbolethProfileResponse(servletResponse);
+//        handler.processRequest(profileRequest, profileResponse);
+
+    }
+
+    /**
+     * Builds a basic attribute query.
+     * 
+     * @return basic attribute query
+     */
+    @SuppressWarnings("unchecked")
+    protected AttributeQuery buildAttributeQuery() {
+        SAMLObjectBuilder<Issuer> issuerBuilder = (SAMLObjectBuilder<Issuer>) builderFactory
+                .getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
+        Issuer issuer = issuerBuilder.buildObject();
+        issuer.setValue("urn:example.org:unitTestFed:mysp");
+
+        SAMLObjectBuilder<NameID> nameIdBuilder = (SAMLObjectBuilder<NameID>) builderFactory
+                .getBuilder(NameID.DEFAULT_ELEMENT_NAME);
+        NameID nameId = nameIdBuilder.buildObject();
+        nameId.setValue("testUser");
+
+        SAMLObjectBuilder<Subject> subjectBuilder = (SAMLObjectBuilder<Subject>) builderFactory
+                .getBuilder(Subject.DEFAULT_ELEMENT_NAME);
+        Subject subject = subjectBuilder.buildObject();
+        subject.setNameID(nameId);
+
+        SAMLObjectBuilder<AttributeQuery> attributeQueryBuilder = (SAMLObjectBuilder<AttributeQuery>) builderFactory
+                .getBuilder(AttributeQuery.DEFAULT_ELEMENT_NAME);
+        AttributeQuery query = attributeQueryBuilder.buildObject();
+        query.setID("1");
+        query.setIssueInstant(new DateTime());
+        query.setIssuer(issuer);
+        query.setSubject(subject);
+        query.setVersion(SAMLVersion.VERSION_20);
+
+        return query;
+    }
+
+    /**
+     * Wraps an attribute query in a SOAP message, marshalls, and serializes it.
+     * 
+     * @param query the attribute query to wrap
+     * 
+     * @return the SOAP message
+     * 
+     * @throws MarshallingException thrown if the message can not be marshalled
+     */
+    @SuppressWarnings("unchecked")
+    protected String getSOAPMessage(AttributeQuery query) throws MarshallingException {
+        SOAPObjectBuilder<Body> bodyBuilder = (SOAPObjectBuilder<Body>) builderFactory
+                .getBuilder(Body.DEFAULT_ELEMENT_NAME);
+        Body body = bodyBuilder.buildObject();
+        body.getUnknownXMLObjects().add(query);
+
+        SOAPObjectBuilder<Envelope> envelopeBuilder = (SOAPObjectBuilder<Envelope>) builderFactory
+                .getBuilder(Envelope.DEFAULT_ELEMENT_NAME);
+        Envelope envelope = envelopeBuilder.buildObject();
+        envelope.setBody(body);
+
+        Marshaller marshaller = marshallerFactory.getMarshaller(envelope);
+        Element envelopeElem = marshaller.marshall(envelope);
+
+        return XMLHelper.nodeToString(envelopeElem);
+    }
+}
\ No newline at end of file
index 69d06c6..6c6e66c 100644 (file)
@@ -16,6 +16,9 @@
 
     <renderer renderedClass="edu.internet2.middleware.shibboleth.common.log.AuditLogEntry"
         renderingClass="edu.internet2.middleware.shibboleth.common.log.CSVAuditEventRenderer" />
 
     <renderer renderedClass="edu.internet2.middleware.shibboleth.common.log.AuditLogEntry"
         renderingClass="edu.internet2.middleware.shibboleth.common.log.CSVAuditEventRenderer" />
+        
+    <renderer renderedClass="edu.internet2.middleware.shibboleth.common.log.AccessLogEntry"
+        renderingClass="edu.internet2.middleware.shibboleth.common.log.CSVAccessEventRenderer" />
 
     <!-- ================================= -->
     <!-- Preserve messages in a local file -->
 
     <!-- ================================= -->
     <!-- Preserve messages in a local file -->
     <category name="Shibboleth-Audit">
         <priority value="CRITICAL" />
     </category>
     <category name="Shibboleth-Audit">
         <priority value="CRITICAL" />
     </category>
+    
+    <category name="Shibboleth-Access">
+        <priority value="CRITICAL" />
+    </category>
+    
 
     <category name="edu.internet2.middleware.shibboleth.idp">
         <priority value="DEBUG" />
 
     <category name="edu.internet2.middleware.shibboleth.idp">
         <priority value="DEBUG" />
@@ -77,7 +85,7 @@
     </category>
 
     <category name="org.springframework">\r
     </category>
 
     <category name="org.springframework">\r
-        <priority value="DEBUG" />\r
+        <priority value="WARN" />\r
     </category>\r
 \r
 \r
     </category>\r
 \r
 \r