Skip to content

Commit

Permalink
Merge branch 'rfc72'
Browse files Browse the repository at this point in the history
  • Loading branch information
@JREastonMarks
JREastonMarks committed Aug 22, 2023
2 parents 901406f + 4be9db4 commit 4f28eac
Show file tree
Hide file tree
Showing 819 changed files with 67,592 additions and 783 deletions.
Binary file added bin/SESSIONS.ser
View file
Binary file not shown.
7 changes: 7 additions & 0 deletions bin/integration-tests/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# Integration tests

This folder contains maven projects that test particular functionality of `cbioportal.war` started under different settings.

These tests get called by `maven-invoker-plugin` that is declared in the `portal` maven module of the project.

Keeping tests as separate maven projects liberate us from the application dependencies and unnecessary conflicts between them and test dependencies.
37 changes: 37 additions & 0 deletions bin/integration-tests/saml-oauth2-setup/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
# saml-oauth2-setup

Tests oauth2 security workflow of the API with SAML authentication method for the UI.

- `OfflineTokenDownloadIntegrationTests` tests downloading an offline token to gain access to cbioportal API.
- `Oauth2ResourceServerIntegrationTests` tests API access by different type of users (anonymous, non authorized and authorized).

## Start mysql server for integration tests

database name: cgds_test
username: cbio_user
password: somepassword
port: 3306

## Start web container with cbioportal and saml IDP

You can start tomcat to play with the setup with the following command (replace with your values):

```$bash
cd portal/src/integration-tests/saml-oauth2-setup
CBIO_TEST_DB_USR=cbio_user \
CBIO_TEST_DB_PSW=somepassword \
CBIO_TEST_DB_HOST=127.0.0.1:3306 \
CBIO_TEST_DB_NAME=cgds_test \
CBIO_TEST_DB_CONNECTION_STRING=jdbc:mysql://127.0.0.1:3306/cgds_test?sessionVariables=default_storage_engine=InnoDB \
CBIO_WAR_LOCATION=../../../target/cbioportal.war \
mvn org.codehaus.cargo:cargo-maven2-plugin:run --non-recursive
```

## Run integration tests only

After starting the tomcat server above, you can run all tests with:

```$bash
cd portal/src/integration-tests/saml-oauth2-setup
mvn test failsafe:integration-test
```
168 changes: 168 additions & 0 deletions bin/integration-tests/saml-oauth2-setup/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,168 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.mskcc.cbio</groupId>
<artifactId>saml-oauth2-setup</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>pom</packaging>

<modules>
<module>saml-idp</module>
</modules>

<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mock-server</groupId>
<artifactId>mockserver-netty</artifactId>
<version>5.8.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mock-server</groupId>
<artifactId>mockserver-client-java</artifactId>
<version>5.8.0</version>
<scope>test</scope>
</dependency>
</dependencies>

<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.5.1</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
<compilerArgs>
<arg>-parameters</arg>
</compilerArgs>
</configuration>
<executions>
<execution>
<goals>
<goal>testCompile</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.codehaus.cargo</groupId>
<artifactId>cargo-maven2-plugin</artifactId>
<version>1.7.8</version>
<configuration>
<container>
<containerId>tomcat8x</containerId>
<type>embedded</type>
<systemProperties>
<authenticate>saml</authenticate>
<dat.method>oauth2</dat.method>
<!-- DB settings -->
<db.user>${env.CBIO_TEST_DB_USR}</db.user>
<db.password>${env.CBIO_TEST_DB_PSW}</db.password>
<db.host>${env.CBIO_TEST_DB_HOST}</db.host>
<db.portal_db_name>${env.CBIO_TEST_DB_NAME}</db.portal_db_name>
<db.connection_string>${env.CBIO_TEST_DB_CONNECTION_STRING}</db.connection_string>
<!-- SAML settings -->
<saml.keystore.location>file://${project.basedir}/testSamlKeystore.jks
</saml.keystore.location>
<saml.keystore.password>123456</saml.keystore.password>
<saml.keystore.private-key.key>secure-key</saml.keystore.private-key.key>
<saml.keystore.private-key.password>654321</saml.keystore.private-key.password>
<saml.keystore.default-key>secure-key</saml.keystore.default-key>

<saml.idp.metadata.location>file://${project.basedir}/saml-idp-metadata.xml
</saml.idp.metadata.location>
<!--I had to use specificBinding because of this bug https://github.com/spring-projects/spring-security-saml/issues/460 -->
<saml.idp.comm.binding.settings>specificBinding</saml.idp.comm.binding.settings>
<saml.idp.comm.binding.type>bindings:HTTP-Redirect</saml.idp.comm.binding.type>
<saml.sp.metadata.entitybaseurl>#{null}</saml.sp.metadata.entitybaseurl>
<saml.sp.metadata.entityid>cbioportal</saml.sp.metadata.entityid>
<saml.idp.metadata.entityid>spring.security.saml.idp.id</saml.idp.metadata.entityid>
<saml.idp.metadata.attribute.email>User.email</saml.idp.metadata.attribute.email>
<saml.custom.userservice.class>
org.cbioportal.security.spring.authentication.saml.SAMLUserDetailsServiceImpl
</saml.custom.userservice.class>
<saml.logout.local>false</saml.logout.local>
<!--FIXME Our test saml idp does not sign assertions for some reason-->
<saml.sp.metadata.wantassertionsigned>false</saml.sp.metadata.wantassertionsigned>
<saml.logout.url>/</saml.logout.url>
<dat.oauth2.clientId>client_id</dat.oauth2.clientId>
<dat.oauth2.clientSecret>client_secret</dat.oauth2.clientSecret>
<dat.oauth2.issuer>token_issuer</dat.oauth2.issuer>
<dat.oauth2.accessTokenUri>http://localhost:8443/auth/realms/cbio/token</dat.oauth2.accessTokenUri>
<dat.oauth2.redirectUri>http://localhost:8080/api/data-access-token/oauth2</dat.oauth2.redirectUri>
<dat.oauth2.userAuthorizationUri>http://localhost:8443/auth/realms/cbio/auth</dat.oauth2.userAuthorizationUri>
<dat.oauth2.jwkUrl>http://localhost:8443/auth/realms/cbio/jwkUrl</dat.oauth2.jwkUrl>
<dat.oauth2.jwtRolesPath>resource_access::cbioportal::roles</dat.oauth2.jwtRolesPath>
</systemProperties>
</container>
<configuration>
<properties>
<cargo.servlet.port>8080</cargo.servlet.port>
<cargo.start.jvmargs>
-Xms2g
-Xmx4g
</cargo.start.jvmargs>
</properties>
</configuration>
<wait>false</wait>
<deployables>
<deployable>
<groupId>org.mskcc.cbio</groupId>
<artifactId>cbioportal</artifactId>
<type>war</type>
<location>${env.CBIO_WAR_LOCATION}</location>
</deployable>
<deployable>
<groupId>org.mskcc.cbio</groupId>
<artifactId>saml-idp</artifactId>
<type>war</type>
<location>${project.basedir}/saml-idp/target/saml-idp.war</location>
</deployable>
</deployables>
</configuration>
<executions>
<execution>
<id>start-server</id>
<phase>pre-integration-test</phase>
<goals>
<goal>start</goal>
</goals>
</execution>
<execution>
<id>stop-server</id>
<phase>post-integration-test</phase>
<goals>
<goal>stop</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-failsafe-plugin</artifactId>
<version>3.0.0-M4</version>
<configuration>
<includes>
<include>**/*IntegrationTests</include>
</includes>
<trimStackTrace>false</trimStackTrace>
</configuration>
<executions>
<execution>
<goals>
<goal>integration-test</goal>
<goal>verify</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
50 changes: 50 additions & 0 deletions bin/integration-tests/saml-oauth2-setup/saml-idp-metadata.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor ID="IDPM392d91fa-7520-4ab3-be02-a1876bb8d681" entityID="spring.security.saml.idp.id"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
<md:IDPSSODescriptor ID="RD4fac15fd-394b-4ef0-b896-7fb50dcce5b5" WantAuthnRequestsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIChTCCAe4CCQDo0wjPUK8sMDANBgkqhkiG9w0BAQsFADCBhjELMAkGA1UEBhMCVVMxEzARBgNV
BAgMCldhc2hpbmd0b24xEjAQBgNVBAcMCVZhbmNvdXZlcjEdMBsGA1UECgwUU3ByaW5nIFNlY3Vy
aXR5IFNBTUwxDDAKBgNVBAsMA2lkcDEhMB8GA1UEAwwYaWRwLnNwcmluZy5zZWN1cml0eS5zYW1s
MB4XDTE4MDUxNDE0NTUyMVoXDTI4MDUxMTE0NTUyMVowgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
DApXYXNoaW5ndG9uMRIwEAYDVQQHDAlWYW5jb3V2ZXIxHTAbBgNVBAoMFFNwcmluZyBTZWN1cml0
eSBTQU1MMQwwCgYDVQQLDANpZHAxITAfBgNVBAMMGGlkcC5zcHJpbmcuc2VjdXJpdHkuc2FtbDCB
nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2EuygAucRBWtYifgEH/ErVUive4dZdqo72Bze4Mb
kPuTKLrMCLB6IXxt1p5lu+tr0JxOiRO3KFVOO3D0l+j9zOow4g+JdoMQsjSzA6HtL/D9ZjXP6iUx
FCYx+qmnVl3X9ipBD/HVKOBlzIqeXTSa5D17uxPQVxK64UDOI3CyY4cCAwEAATANBgkqhkiG9w0B
AQsFAAOBgQAj+6b6dlA6SitTfz44LdnFSW9mYaeimwPP8ZtU7/3EJCzLd5eq7N/0kYPNVclZvB45
I0UMT77AHWrNyScm56MTcEpSuHhJHAqRAgJKbciCTNsFI928EqiWSmu//w0ASBN3bVa8nv8/rafu
utCq3RskTkHVZnbT5Xa6ITEZxSncow==
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIChTCCAe4CCQDo0wjPUK8sMDANBgkqhkiG9w0BAQsFADCBhjELMAkGA1UEBhMCVVMxEzARBgNV
BAgMCldhc2hpbmd0b24xEjAQBgNVBAcMCVZhbmNvdXZlcjEdMBsGA1UECgwUU3ByaW5nIFNlY3Vy
aXR5IFNBTUwxDDAKBgNVBAsMA2lkcDEhMB8GA1UEAwwYaWRwLnNwcmluZy5zZWN1cml0eS5zYW1s
MB4XDTE4MDUxNDE0NTUyMVoXDTI4MDUxMTE0NTUyMVowgYYxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
DApXYXNoaW5ndG9uMRIwEAYDVQQHDAlWYW5jb3V2ZXIxHTAbBgNVBAoMFFNwcmluZyBTZWN1cml0
eSBTQU1MMQwwCgYDVQQLDANpZHAxITAfBgNVBAMMGGlkcC5zcHJpbmcuc2VjdXJpdHkuc2FtbDCB
nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2EuygAucRBWtYifgEH/ErVUive4dZdqo72Bze4Mb
kPuTKLrMCLB6IXxt1p5lu+tr0JxOiRO3KFVOO3D0l+j9zOow4g+JdoMQsjSzA6HtL/D9ZjXP6iUx
FCYx+qmnVl3X9ipBD/HVKOBlzIqeXTSa5D17uxPQVxK64UDOI3CyY4cCAwEAATANBgkqhkiG9w0B
AQsFAAOBgQAj+6b6dlA6SitTfz44LdnFSW9mYaeimwPP8ZtU7/3EJCzLd5eq7N/0kYPNVclZvB45
I0UMT77AHWrNyScm56MTcEpSuHhJHAqRAgJKbciCTNsFI928EqiWSmu//w0ASBN3bVa8nv8/rafu
utCq3RskTkHVZnbT5Xa6ITEZxSncow==
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://localhost:8080/saml-idp/saml/idp/SSO/alias/boot-sample-idp"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
Location="http://localhost:8080/saml-idp/saml/idp/SSO/alias/boot-sample-idp"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
18 changes: 18 additions & 0 deletions bin/integration-tests/saml-oauth2-setup/saml-idp/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# saml-idp

A test SAML Identity Provider. It is used by cbioportal integration tests.
It's modified version of [a saml IDP sample code](https://github.com/spring-projects/spring-security-saml/tree/develop/samples/boot/simple-identity-provider) of the spring security.
`application.yml` specify a test user email that is added to assertions.

## License

The sample code is distributed under Apache License, Version 2.0.

## Known limitations

- The IDP does not sign assertions. That's why we had to set the following flag for the test cbioportal application:

```$xml
<!--FIXME Our test saml idp does not sing assertions for some reason-->
<saml.sp.metadata.wantassertionsigned>false</saml.sp.metadata.wantassertionsigned>
```
58 changes: 58 additions & 0 deletions bin/integration-tests/saml-oauth2-setup/saml-idp/pom.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.mskcc.cbio</groupId>
<artifactId>saml-idp</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>war</packaging>

<dependencies>
<dependency>
<groupId>org.springframework.security.extensions</groupId>
<artifactId>spring-security-saml2-core</artifactId>
<version>2.0.0.M31</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>2.2.0.RELEASE</version>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>jul-to-slf4j</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
<scope>provided</scope>
<version>2.2.0.RELEASE</version>
</dependency>
</dependencies>

<build>
<finalName>saml-idp</finalName>
<plugins>
<plugin>
<artifactId>maven-war-plugin</artifactId>
<version>2.2</version>
<configuration>
<failOnMissingWebXml>false</failOnMissingWebXml>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.5.1</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
<compilerArgs>
<arg>-parameters</arg>
</compilerArgs>
</configuration>
</plugin>
</plugins>
</build>
</project>
Loading

0 comments on commit 4f28eac

Please sign in to comment.