-
Notifications
You must be signed in to change notification settings - Fork 487
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
819 changed files
with
67,592 additions
and
783 deletions.
There are no files selected for viewing
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
# Integration tests | ||
|
||
This folder contains maven projects that test particular functionality of `cbioportal.war` started under different settings. | ||
|
||
These tests get called by `maven-invoker-plugin` that is declared in the `portal` maven module of the project. | ||
|
||
Keeping tests as separate maven projects liberate us from the application dependencies and unnecessary conflicts between them and test dependencies. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
# saml-oauth2-setup | ||
|
||
Tests oauth2 security workflow of the API with SAML authentication method for the UI. | ||
|
||
- `OfflineTokenDownloadIntegrationTests` tests downloading an offline token to gain access to cbioportal API. | ||
- `Oauth2ResourceServerIntegrationTests` tests API access by different type of users (anonymous, non authorized and authorized). | ||
|
||
## Start mysql server for integration tests | ||
|
||
database name: cgds_test | ||
username: cbio_user | ||
password: somepassword | ||
port: 3306 | ||
|
||
## Start web container with cbioportal and saml IDP | ||
|
||
You can start tomcat to play with the setup with the following command (replace with your values): | ||
|
||
```$bash | ||
cd portal/src/integration-tests/saml-oauth2-setup | ||
CBIO_TEST_DB_USR=cbio_user \ | ||
CBIO_TEST_DB_PSW=somepassword \ | ||
CBIO_TEST_DB_HOST=127.0.0.1:3306 \ | ||
CBIO_TEST_DB_NAME=cgds_test \ | ||
CBIO_TEST_DB_CONNECTION_STRING=jdbc:mysql://127.0.0.1:3306/cgds_test?sessionVariables=default_storage_engine=InnoDB \ | ||
CBIO_WAR_LOCATION=../../../target/cbioportal.war \ | ||
mvn org.codehaus.cargo:cargo-maven2-plugin:run --non-recursive | ||
``` | ||
|
||
## Run integration tests only | ||
|
||
After starting the tomcat server above, you can run all tests with: | ||
|
||
```$bash | ||
cd portal/src/integration-tests/saml-oauth2-setup | ||
mvn test failsafe:integration-test | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,168 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> | ||
<modelVersion>4.0.0</modelVersion> | ||
<groupId>org.mskcc.cbio</groupId> | ||
<artifactId>saml-oauth2-setup</artifactId> | ||
<version>0.0.1-SNAPSHOT</version> | ||
<packaging>pom</packaging> | ||
|
||
<modules> | ||
<module>saml-idp</module> | ||
</modules> | ||
|
||
<dependencies> | ||
<dependency> | ||
<groupId>junit</groupId> | ||
<artifactId>junit</artifactId> | ||
<version>4.12</version> | ||
<scope>test</scope> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.mock-server</groupId> | ||
<artifactId>mockserver-netty</artifactId> | ||
<version>5.8.0</version> | ||
<scope>test</scope> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.mock-server</groupId> | ||
<artifactId>mockserver-client-java</artifactId> | ||
<version>5.8.0</version> | ||
<scope>test</scope> | ||
</dependency> | ||
</dependencies> | ||
|
||
<build> | ||
<plugins> | ||
<plugin> | ||
<groupId>org.apache.maven.plugins</groupId> | ||
<artifactId>maven-compiler-plugin</artifactId> | ||
<version>3.5.1</version> | ||
<configuration> | ||
<source>1.8</source> | ||
<target>1.8</target> | ||
<compilerArgs> | ||
<arg>-parameters</arg> | ||
</compilerArgs> | ||
</configuration> | ||
<executions> | ||
<execution> | ||
<goals> | ||
<goal>testCompile</goal> | ||
</goals> | ||
</execution> | ||
</executions> | ||
</plugin> | ||
<plugin> | ||
<groupId>org.codehaus.cargo</groupId> | ||
<artifactId>cargo-maven2-plugin</artifactId> | ||
<version>1.7.8</version> | ||
<configuration> | ||
<container> | ||
<containerId>tomcat8x</containerId> | ||
<type>embedded</type> | ||
<systemProperties> | ||
<authenticate>saml</authenticate> | ||
<dat.method>oauth2</dat.method> | ||
<!-- DB settings --> | ||
<db.user>${env.CBIO_TEST_DB_USR}</db.user> | ||
<db.password>${env.CBIO_TEST_DB_PSW}</db.password> | ||
<db.host>${env.CBIO_TEST_DB_HOST}</db.host> | ||
<db.portal_db_name>${env.CBIO_TEST_DB_NAME}</db.portal_db_name> | ||
<db.connection_string>${env.CBIO_TEST_DB_CONNECTION_STRING}</db.connection_string> | ||
<!-- SAML settings --> | ||
<saml.keystore.location>file://${project.basedir}/testSamlKeystore.jks | ||
</saml.keystore.location> | ||
<saml.keystore.password>123456</saml.keystore.password> | ||
<saml.keystore.private-key.key>secure-key</saml.keystore.private-key.key> | ||
<saml.keystore.private-key.password>654321</saml.keystore.private-key.password> | ||
<saml.keystore.default-key>secure-key</saml.keystore.default-key> | ||
|
||
<saml.idp.metadata.location>file://${project.basedir}/saml-idp-metadata.xml | ||
</saml.idp.metadata.location> | ||
<!--I had to use specificBinding because of this bug https://github.com/spring-projects/spring-security-saml/issues/460 --> | ||
<saml.idp.comm.binding.settings>specificBinding</saml.idp.comm.binding.settings> | ||
<saml.idp.comm.binding.type>bindings:HTTP-Redirect</saml.idp.comm.binding.type> | ||
<saml.sp.metadata.entitybaseurl>#{null}</saml.sp.metadata.entitybaseurl> | ||
<saml.sp.metadata.entityid>cbioportal</saml.sp.metadata.entityid> | ||
<saml.idp.metadata.entityid>spring.security.saml.idp.id</saml.idp.metadata.entityid> | ||
<saml.idp.metadata.attribute.email>User.email</saml.idp.metadata.attribute.email> | ||
<saml.custom.userservice.class> | ||
org.cbioportal.security.spring.authentication.saml.SAMLUserDetailsServiceImpl | ||
</saml.custom.userservice.class> | ||
<saml.logout.local>false</saml.logout.local> | ||
<!--FIXME Our test saml idp does not sign assertions for some reason--> | ||
<saml.sp.metadata.wantassertionsigned>false</saml.sp.metadata.wantassertionsigned> | ||
<saml.logout.url>/</saml.logout.url> | ||
<dat.oauth2.clientId>client_id</dat.oauth2.clientId> | ||
<dat.oauth2.clientSecret>client_secret</dat.oauth2.clientSecret> | ||
<dat.oauth2.issuer>token_issuer</dat.oauth2.issuer> | ||
<dat.oauth2.accessTokenUri>http://localhost:8443/auth/realms/cbio/token</dat.oauth2.accessTokenUri> | ||
<dat.oauth2.redirectUri>http://localhost:8080/api/data-access-token/oauth2</dat.oauth2.redirectUri> | ||
<dat.oauth2.userAuthorizationUri>http://localhost:8443/auth/realms/cbio/auth</dat.oauth2.userAuthorizationUri> | ||
<dat.oauth2.jwkUrl>http://localhost:8443/auth/realms/cbio/jwkUrl</dat.oauth2.jwkUrl> | ||
<dat.oauth2.jwtRolesPath>resource_access::cbioportal::roles</dat.oauth2.jwtRolesPath> | ||
</systemProperties> | ||
</container> | ||
<configuration> | ||
<properties> | ||
<cargo.servlet.port>8080</cargo.servlet.port> | ||
<cargo.start.jvmargs> | ||
-Xms2g | ||
-Xmx4g | ||
</cargo.start.jvmargs> | ||
</properties> | ||
</configuration> | ||
<wait>false</wait> | ||
<deployables> | ||
<deployable> | ||
<groupId>org.mskcc.cbio</groupId> | ||
<artifactId>cbioportal</artifactId> | ||
<type>war</type> | ||
<location>${env.CBIO_WAR_LOCATION}</location> | ||
</deployable> | ||
<deployable> | ||
<groupId>org.mskcc.cbio</groupId> | ||
<artifactId>saml-idp</artifactId> | ||
<type>war</type> | ||
<location>${project.basedir}/saml-idp/target/saml-idp.war</location> | ||
</deployable> | ||
</deployables> | ||
</configuration> | ||
<executions> | ||
<execution> | ||
<id>start-server</id> | ||
<phase>pre-integration-test</phase> | ||
<goals> | ||
<goal>start</goal> | ||
</goals> | ||
</execution> | ||
<execution> | ||
<id>stop-server</id> | ||
<phase>post-integration-test</phase> | ||
<goals> | ||
<goal>stop</goal> | ||
</goals> | ||
</execution> | ||
</executions> | ||
</plugin> | ||
<plugin> | ||
<artifactId>maven-failsafe-plugin</artifactId> | ||
<version>3.0.0-M4</version> | ||
<configuration> | ||
<includes> | ||
<include>**/*IntegrationTests</include> | ||
</includes> | ||
<trimStackTrace>false</trimStackTrace> | ||
</configuration> | ||
<executions> | ||
<execution> | ||
<goals> | ||
<goal>integration-test</goal> | ||
<goal>verify</goal> | ||
</goals> | ||
</execution> | ||
</executions> | ||
</plugin> | ||
</plugins> | ||
</build> | ||
</project> |
50 changes: 50 additions & 0 deletions
50
bin/integration-tests/saml-oauth2-setup/saml-idp-metadata.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<md:EntityDescriptor ID="IDPM392d91fa-7520-4ab3-be02-a1876bb8d681" entityID="spring.security.saml.idp.id" | ||
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"> | ||
<md:IDPSSODescriptor ID="RD4fac15fd-394b-4ef0-b896-7fb50dcce5b5" WantAuthnRequestsSigned="true" | ||
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> | ||
<md:KeyDescriptor use="signing"> | ||
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> | ||
<ds:X509Data> | ||
<ds:X509Certificate>MIIChTCCAe4CCQDo0wjPUK8sMDANBgkqhkiG9w0BAQsFADCBhjELMAkGA1UEBhMCVVMxEzARBgNV | ||
BAgMCldhc2hpbmd0b24xEjAQBgNVBAcMCVZhbmNvdXZlcjEdMBsGA1UECgwUU3ByaW5nIFNlY3Vy | ||
aXR5IFNBTUwxDDAKBgNVBAsMA2lkcDEhMB8GA1UEAwwYaWRwLnNwcmluZy5zZWN1cml0eS5zYW1s | ||
MB4XDTE4MDUxNDE0NTUyMVoXDTI4MDUxMTE0NTUyMVowgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQI | ||
DApXYXNoaW5ndG9uMRIwEAYDVQQHDAlWYW5jb3V2ZXIxHTAbBgNVBAoMFFNwcmluZyBTZWN1cml0 | ||
eSBTQU1MMQwwCgYDVQQLDANpZHAxITAfBgNVBAMMGGlkcC5zcHJpbmcuc2VjdXJpdHkuc2FtbDCB | ||
nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2EuygAucRBWtYifgEH/ErVUive4dZdqo72Bze4Mb | ||
kPuTKLrMCLB6IXxt1p5lu+tr0JxOiRO3KFVOO3D0l+j9zOow4g+JdoMQsjSzA6HtL/D9ZjXP6iUx | ||
FCYx+qmnVl3X9ipBD/HVKOBlzIqeXTSa5D17uxPQVxK64UDOI3CyY4cCAwEAATANBgkqhkiG9w0B | ||
AQsFAAOBgQAj+6b6dlA6SitTfz44LdnFSW9mYaeimwPP8ZtU7/3EJCzLd5eq7N/0kYPNVclZvB45 | ||
I0UMT77AHWrNyScm56MTcEpSuHhJHAqRAgJKbciCTNsFI928EqiWSmu//w0ASBN3bVa8nv8/rafu | ||
utCq3RskTkHVZnbT5Xa6ITEZxSncow== | ||
</ds:X509Certificate> | ||
</ds:X509Data> | ||
</ds:KeyInfo> | ||
</md:KeyDescriptor> | ||
<md:KeyDescriptor use="encryption"> | ||
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> | ||
<ds:X509Data> | ||
<ds:X509Certificate>MIIChTCCAe4CCQDo0wjPUK8sMDANBgkqhkiG9w0BAQsFADCBhjELMAkGA1UEBhMCVVMxEzARBgNV | ||
BAgMCldhc2hpbmd0b24xEjAQBgNVBAcMCVZhbmNvdXZlcjEdMBsGA1UECgwUU3ByaW5nIFNlY3Vy | ||
aXR5IFNBTUwxDDAKBgNVBAsMA2lkcDEhMB8GA1UEAwwYaWRwLnNwcmluZy5zZWN1cml0eS5zYW1s | ||
MB4XDTE4MDUxNDE0NTUyMVoXDTI4MDUxMTE0NTUyMVowgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQI | ||
DApXYXNoaW5ndG9uMRIwEAYDVQQHDAlWYW5jb3V2ZXIxHTAbBgNVBAoMFFNwcmluZyBTZWN1cml0 | ||
eSBTQU1MMQwwCgYDVQQLDANpZHAxITAfBgNVBAMMGGlkcC5zcHJpbmcuc2VjdXJpdHkuc2FtbDCB | ||
nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2EuygAucRBWtYifgEH/ErVUive4dZdqo72Bze4Mb | ||
kPuTKLrMCLB6IXxt1p5lu+tr0JxOiRO3KFVOO3D0l+j9zOow4g+JdoMQsjSzA6HtL/D9ZjXP6iUx | ||
FCYx+qmnVl3X9ipBD/HVKOBlzIqeXTSa5D17uxPQVxK64UDOI3CyY4cCAwEAATANBgkqhkiG9w0B | ||
AQsFAAOBgQAj+6b6dlA6SitTfz44LdnFSW9mYaeimwPP8ZtU7/3EJCzLd5eq7N/0kYPNVclZvB45 | ||
I0UMT77AHWrNyScm56MTcEpSuHhJHAqRAgJKbciCTNsFI928EqiWSmu//w0ASBN3bVa8nv8/rafu | ||
utCq3RskTkHVZnbT5Xa6ITEZxSncow== | ||
</ds:X509Certificate> | ||
</ds:X509Data> | ||
</ds:KeyInfo> | ||
</md:KeyDescriptor> | ||
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat> | ||
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" | ||
Location="http://localhost:8080/saml-idp/saml/idp/SSO/alias/boot-sample-idp"/> | ||
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" | ||
Location="http://localhost:8080/saml-idp/saml/idp/SSO/alias/boot-sample-idp"/> | ||
</md:IDPSSODescriptor> | ||
</md:EntityDescriptor> |
18 changes: 18 additions & 0 deletions
18
bin/integration-tests/saml-oauth2-setup/saml-idp/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
# saml-idp | ||
|
||
A test SAML Identity Provider. It is used by cbioportal integration tests. | ||
It's modified version of [a saml IDP sample code](https://github.com/spring-projects/spring-security-saml/tree/develop/samples/boot/simple-identity-provider) of the spring security. | ||
`application.yml` specify a test user email that is added to assertions. | ||
|
||
## License | ||
|
||
The sample code is distributed under Apache License, Version 2.0. | ||
|
||
## Known limitations | ||
|
||
- The IDP does not sign assertions. That's why we had to set the following flag for the test cbioportal application: | ||
|
||
```$xml | ||
<!--FIXME Our test saml idp does not sing assertions for some reason--> | ||
<saml.sp.metadata.wantassertionsigned>false</saml.sp.metadata.wantassertionsigned> | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> | ||
<modelVersion>4.0.0</modelVersion> | ||
<groupId>org.mskcc.cbio</groupId> | ||
<artifactId>saml-idp</artifactId> | ||
<version>0.0.1-SNAPSHOT</version> | ||
<packaging>war</packaging> | ||
|
||
<dependencies> | ||
<dependency> | ||
<groupId>org.springframework.security.extensions</groupId> | ||
<artifactId>spring-security-saml2-core</artifactId> | ||
<version>2.0.0.M31</version> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.springframework.boot</groupId> | ||
<artifactId>spring-boot-starter-web</artifactId> | ||
<version>2.2.0.RELEASE</version> | ||
<exclusions> | ||
<exclusion> | ||
<groupId>org.slf4j</groupId> | ||
<artifactId>jul-to-slf4j</artifactId> | ||
</exclusion> | ||
</exclusions> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.springframework.boot</groupId> | ||
<artifactId>spring-boot-starter-tomcat</artifactId> | ||
<scope>provided</scope> | ||
<version>2.2.0.RELEASE</version> | ||
</dependency> | ||
</dependencies> | ||
|
||
<build> | ||
<finalName>saml-idp</finalName> | ||
<plugins> | ||
<plugin> | ||
<artifactId>maven-war-plugin</artifactId> | ||
<version>2.2</version> | ||
<configuration> | ||
<failOnMissingWebXml>false</failOnMissingWebXml> | ||
</configuration> | ||
</plugin> | ||
<plugin> | ||
<groupId>org.apache.maven.plugins</groupId> | ||
<artifactId>maven-compiler-plugin</artifactId> | ||
<version>3.5.1</version> | ||
<configuration> | ||
<source>1.8</source> | ||
<target>1.8</target> | ||
<compilerArgs> | ||
<arg>-parameters</arg> | ||
</compilerArgs> | ||
</configuration> | ||
</plugin> | ||
</plugins> | ||
</build> | ||
</project> |
Oops, something went wrong.