Java Code Examples for com.gargoylesoftware.htmlunit.html.HtmlForm#getInputByName()
The following examples show how to use
com.gargoylesoftware.htmlunit.html.HtmlForm#getInputByName() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: AbstractOIDCTest.java From cxf-fediz with Apache License 2.0 | 6 votes |
private static <P extends Page> P login(final UriBuilder uriBuilder, final WebClient webClient) throws IOException { final HtmlPage idpPage = webClient.getPage( uriBuilder.queryParam("login_hint", "blabla@" + HOME_REALM).build().toURL()); assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); webClient.getCredentialsProvider().clear(); // Test the SAML Version here String wresult = null; for (DomElement result : idpPage.getElementsByTagName("input")) { if ("wresult".equals(result.getAttributeNS(null, "name"))) { wresult = result.getAttributeNS(null, "value"); assertTrue(wresult.contains("urn:oasis:names:tc:SAML:2.0:cm:bearer")); break; } } assertNotNull(wresult); final HtmlForm form = idpPage.getFormByName("signinresponseform"); final HtmlSubmitInput button = form.getInputByName("_eventId_submit"); return button.click(); }
Example 2
Source File: HTTPTestUtils.java From cxf-fediz with Apache License 2.0 | 6 votes |
public static String login(String url, String user, String password, String idpPort, String formName) throws IOException { final WebClient webClient = new WebClient(); webClient.getOptions().setUseInsecureSSL(true); webClient.getCredentialsProvider().setCredentials( new AuthScope("localhost", Integer.parseInt(idpPort)), new UsernamePasswordCredentials(user, password)); webClient.getOptions().setJavaScriptEnabled(false); final HtmlPage idpPage = webClient.getPage(url); webClient.getOptions().setJavaScriptEnabled(true); Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); final HtmlForm form = idpPage.getFormByName(formName); final HtmlSubmitInput button = form.getInputByName("_eventId_submit"); final HtmlPage rpPage = button.click(); Assert.assertTrue("WS Federation Systests Examples".equals(rpPage.getTitleText()) || "WS Federation Systests Spring Examples".equals(rpPage.getTitleText())); webClient.close(); return rpPage.getBody().getTextContent(); }
Example 3
Source File: NodeChangeListenerTest.java From audit-log-plugin with MIT License | 5 votes |
@Issue("JENKINS-56647") @Test public void testOnUpdated() throws Exception { Slave slave = j.createOnlineSlave(); HtmlForm form = j.createWebClient().getPage(slave, "configure").getFormByName("config"); HtmlInput element = form.getInputByName("_.name"); element.setValueAttribute("newSlaveName"); j.submit(form); List<LogEvent> events = app.getEvents(); assertThat(events).hasSize(2); assertThat(events).extracting(event -> ((AuditMessage) event.getMessage()).getId().toString()).contains("createNode", "updateNode"); }
Example 4
Source File: SAMLSSOTest.java From cxf-fediz with Apache License 2.0 | 5 votes |
private static String login(String url, String user, String password, String idpPort, String rpIdpPort) throws IOException { // // Access the RP + get redirected to the IdP for "realm a". Then get redirected to the IdP for // "realm b". // final WebClient webClient = new WebClient(); CookieManager cookieManager = new CookieManager(); webClient.setCookieManager(cookieManager); webClient.getOptions().setUseInsecureSSL(true); webClient.getCredentialsProvider().setCredentials( new AuthScope("localhost", Integer.parseInt(idpPort)), new UsernamePasswordCredentials(user, password)); webClient.getOptions().setJavaScriptEnabled(false); HtmlPage idpPage = webClient.getPage(url); Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); // Now redirect back to the IdP for Realm A HtmlForm form = idpPage.getFormByName("signinresponseform"); HtmlSubmitInput button = form.getInputByName("_eventId_submit"); HtmlPage idpPageRealmA = button.click(); Assert.assertTrue("SAML IDP Response Form".equals(idpPage.getTitleText()) || "IDP SignIn Response Form".equals(idpPage.getTitleText())); form = idpPageRealmA.getFormByName("samlsigninresponseform"); // Now redirect back to the SAML SSO web app button = form.getInputByName("_eventId_submit"); XmlPage rpPage = button.click(); webClient.close(); return rpPage.asXml(); }
Example 5
Source File: AbstractOIDCTest.java From cxf-fediz with Apache License 2.0 | 5 votes |
@org.junit.Test public void testEditClient() throws Exception { try (WebClient webClient = setupWebClientIDP("alice", "ecila")) { HtmlPage registeredClientPage = login(oidcEndpointBuilder("/console/clients/" + publicClientId), webClient); final HtmlPage editClientPage = registeredClientPage.getAnchorByText("public-client").click(); final HtmlForm form = editClientPage.getForms().get(0); // Set new client values final HtmlTextInput clientNameInput = form.getInputByName("client_name"); final String newClientName = "public-client-modified"; clientNameInput.setValueAttribute(newClientName); final HtmlSelect clientTypeSelect = form.getSelectByName("client_type"); assertTrue(clientTypeSelect.isDisabled()); final HtmlTextInput redirectURIInput = form.getInputByName("client_redirectURI"); assertEquals(REDIRECT_URL, redirectURIInput.getText()); final HtmlTextInput clientAudienceURIInput = form.getInputByName("client_audience"); assertEquals("https://ws.apache.org", clientAudienceURIInput.getText()); final HtmlTextInput clientLogoutURI = form.getInputByName("client_logoutURI"); assertEquals(LOGOUT_URL, clientLogoutURI.getText()); registeredClientPage = form.getButtonByName("submit_button").click(); assertNotNull(registeredClientPage.getAnchorByText(newClientName)); final HtmlPage registeredClientsPage = registeredClientPage.getAnchorByText("registered Clients").click(); HtmlTable table = registeredClientsPage.getHtmlElementById("registered_clients"); assertEquals("2 clients", table.getRows().size(), 3); boolean updatedClientFound = false; for (final HtmlTableRow row : table.getRows()) { if (newClientName.equals(row.getCell(0).asText())) { updatedClientFound = true; break; } } assertTrue(updatedClientFound); } }
Example 6
Source File: ConfigurationAsCodeTest.java From configuration-as-code-plugin with MIT License | 5 votes |
@Test public void doReplace_should_trim_input() throws Exception { HtmlPage page = j.createWebClient().goTo("configuration-as-code"); j.assertGoodStatus(page); HtmlForm form = page.getFormByName("replace"); HtmlInput input = form.getInputByName("_.newSource"); String configUri = getClass().getResource("merge3.yml").toExternalForm(); input.setValueAttribute(" " + configUri + " "); HtmlPage resultPage = j.submit(form); j.assertGoodStatus(resultPage); assertEquals("Configured by Configuration as Code plugin", j.jenkins.getSystemMessage()); }
Example 7
Source File: CsrfValidateFilterIT.java From krazo with Apache License 2.0 | 5 votes |
@Test public void testPutWithCsrfFieldWorksWithStatusCode200() throws Exception { final HtmlPage page1 = webClient.getPage(baseURL + "resources/csrf-methods/ok-put"); final HtmlForm form = (HtmlForm) page1.getElementById("form"); final HtmlSubmitInput button = form.getInputByName("submit"); final Page result = button.click(); assertEquals(200, result.getWebResponse() .getStatusCode()); }
Example 8
Source File: WReqTest.java From cxf-fediz with Apache License 2.0 | 5 votes |
private static String login(String url, String user, String password, String idpPort) throws IOException { final WebClient webClient = new WebClient(); webClient.getOptions().setUseInsecureSSL(true); webClient.getCredentialsProvider().setCredentials( new AuthScope("localhost", Integer.parseInt(idpPort)), new UsernamePasswordCredentials(user, password)); webClient.getOptions().setJavaScriptEnabled(false); final HtmlPage idpPage = webClient.getPage(url); webClient.getOptions().setJavaScriptEnabled(true); Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); // Test the SAML Version here DomNodeList<DomElement> results = idpPage.getElementsByTagName("input"); String wresult = null; for (DomElement result : results) { if ("wresult".equals(result.getAttributeNS(null, "name"))) { wresult = result.getAttributeNS(null, "value"); break; } } Assert.assertTrue(wresult != null && wresult.contains("urn:oasis:names:tc:SAML:1.0:cm:bearer")); final HtmlForm form = idpPage.getFormByName("signinresponseform"); final HtmlSubmitInput button = form.getInputByName("_eventId_submit"); final HtmlPage rpPage = button.click(); Assert.assertEquals("WS Federation Systests Examples", rpPage.getTitleText()); webClient.close(); return rpPage.getBody().getTextContent(); }
Example 9
Source File: CsrfValidateFilterIT.java From krazo with Apache License 2.0 | 5 votes |
@Test public void testPostWithoutCsrfFieldFailsWithStatusCode403() throws Exception { final HtmlPage page1 = webClient.getPage(baseURL + "resources/csrf-methods/exception-post"); final HtmlForm form = (HtmlForm) page1.getElementById("form"); final HtmlSubmitInput button = form.getInputByName("submit"); final Page result = button.click(); assertEquals(403, result.getWebResponse() .getStatusCode()); }
Example 10
Source File: CsrfValidateFilterIT.java From krazo with Apache License 2.0 | 5 votes |
@Test public void testPatchWithoutCsrfFieldFailsWithStatusCode403() throws Exception { final HtmlPage page1 = webClient.getPage(baseURL + "resources/csrf-methods/exception-patch"); final HtmlForm form = (HtmlForm) page1.getElementById("form"); final HtmlSubmitInput button = form.getInputByName("submit"); final Page result = button.click(); assertEquals(403, result.getWebResponse() .getStatusCode()); }
Example 11
Source File: ConverterPriorityIT.java From krazo with Apache License 2.0 | 5 votes |
@Test public void testCorrectCustomConverterIsUsedForDoubleValue() throws Exception { final HtmlPage page1 = webClient.getPage(baseURL + "resources/converter"); final HtmlForm form = (HtmlForm) page1.getElementById("form"); final HtmlSubmitInput button = form.getInputByName("submit"); final HtmlPage resultPage = button.click(); final double result = Double.parseDouble(resultPage.getElementById("result").getTextContent()); assertEquals(42.0D, result, 0); }
Example 12
Source File: HTTPTestUtils.java From cxf-fediz with Apache License 2.0 | 5 votes |
public static void logout(String url, CookieManager cookieManager, boolean wsfed) throws IOException { final WebClient webClient = new WebClient(); webClient.setCookieManager(cookieManager); webClient.getOptions().setUseInsecureSSL(true); final HtmlPage idpPage = webClient.getPage(url); Assert.assertEquals("IDP SignOut Confirmation Response Page", idpPage.getTitleText()); final HtmlForm form = idpPage.getFormByName("signoutconfirmationresponseform"); final HtmlSubmitInput button = form.getInputByName("_eventId_submit"); webClient.getOptions().setJavaScriptEnabled(false); final HtmlPage idpLogoutPage = button.click(); webClient.getOptions().setJavaScriptEnabled(true); if (wsfed) { DomNodeList<DomElement> images = idpLogoutPage.getElementsByTagName("img"); Assert.assertEquals(1, images.getLength()); for (int i = 0; i < images.size(); i++) { DomElement domElement = images.get(i); String imgSrc = domElement.getAttribute("src"); //we should get a fault if the image isn't available. webClient.getPage(imgSrc); } } else { // For SAML SSO we will be redirected back to the RP HtmlForm responseForm = idpLogoutPage.getFormByName("samlsignoutresponseform"); HtmlSubmitInput button2 = responseForm.getInputByName("_eventId_submit"); button2.click(); } webClient.close(); }
Example 13
Source File: WSFedTest.java From cxf-fediz with Apache License 2.0 | 4 votes |
private static String loginOIDC(String url, String user, String password, String idpPort, String rpIdpPort) throws IOException { // // Access the RP + get redirected to the IdP for "realm a". Then get redirected to the IdP for // "realm b". // final WebClient webClient = new WebClient(); CookieManager cookieManager = new CookieManager(); webClient.setCookieManager(cookieManager); webClient.getOptions().setUseInsecureSSL(true); webClient.getCredentialsProvider().setCredentials( new AuthScope("localhost", Integer.parseInt(idpPort)), new UsernamePasswordCredentials(user, password)); webClient.getOptions().setJavaScriptEnabled(false); // The decision page is returned as XML for some reason. So parse it and send a form response back. HtmlPage oidcIdpConfirmationPage = webClient.getPage(url); final HtmlForm oidcForm = oidcIdpConfirmationPage.getForms().get(0); WebRequest request = new WebRequest(new URL(oidcForm.getActionAttribute()), HttpMethod.POST); request.setRequestParameters(Arrays.asList( new NameValuePair("client_id", oidcForm.getInputByName("client_id").getValueAttribute()), new NameValuePair("redirect_uri", oidcForm.getInputByName("redirect_uri").getValueAttribute()), new NameValuePair("scope", oidcForm.getInputByName("scope").getValueAttribute()), new NameValuePair("state", oidcForm.getInputByName("state").getValueAttribute()), new NameValuePair("session_authenticity_token", oidcForm.getInputByName("session_authenticity_token").getValueAttribute()), new NameValuePair("oauthDecision", "allow"))); HtmlPage idpPage = webClient.getPage(request); assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); // Now redirect back to the RP final HtmlForm form = idpPage.getFormByName("signinresponseform"); final HtmlSubmitInput button = form.getInputByName("_eventId_submit"); final HtmlPage rpPage = button.click(); assertEquals("WS Federation Systests Examples", rpPage.getTitleText()); webClient.close(); return rpPage.getBody().getTextContent(); }
Example 14
Source File: TomcatPluginTest.java From cxf-fediz with Apache License 2.0 | 4 votes |
@Test public void testAliceModifiedContext() throws Exception { String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet"; String user = "alice"; String password = "ecila"; // Get the initial token CookieManager cookieManager = new CookieManager(); final WebClient webClient = new WebClient(); webClient.setCookieManager(cookieManager); webClient.getOptions().setUseInsecureSSL(true); webClient.getCredentialsProvider().setCredentials( new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())), new UsernamePasswordCredentials(user, password)); webClient.getOptions().setJavaScriptEnabled(false); final HtmlPage idpPage = webClient.getPage(url); webClient.getOptions().setJavaScriptEnabled(true); Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); // Parse the form to get the token (wresult) DomNodeList<DomElement> results = idpPage.getElementsByTagName("input"); for (DomElement result : results) { if (getContextName().equals(result.getAttributeNS(null, "name"))) { // Now modify the context String value = result.getAttributeNS(null, "value"); value = "H" + value; result.setAttributeNS(null, "value", value); } } // Invoke back on the RP final HtmlForm form = idpPage.getFormByName(getLoginFormName()); final HtmlSubmitInput button = form.getInputByName("_eventId_submit"); try { button.click(); Assert.fail("Failure expected on a modified context"); } catch (FailingHttpStatusCodeException ex) { // Request Timeout expected here, as the context isn't known - the session is presumed to have expired Assert.assertTrue(408 == ex.getStatusCode()); } webClient.close(); }
Example 15
Source File: FederationTest.java From cxf-fediz with Apache License 2.0 | 4 votes |
@org.junit.Test public void testNoRequestValidation() throws Exception { String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworldnoreqvalidation/secure/fedservlet"; String user = "alice"; String password = "ecila"; // Get the initial token CookieManager cookieManager = new CookieManager(); final WebClient webClient = new WebClient(); webClient.setCookieManager(cookieManager); webClient.getOptions().setUseInsecureSSL(true); webClient.getCredentialsProvider().setCredentials( new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())), new UsernamePasswordCredentials(user, password)); webClient.getOptions().setJavaScriptEnabled(false); final HtmlPage idpPage = webClient.getPage(url); webClient.getOptions().setJavaScriptEnabled(true); Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); // Parse the form to remove the context DomNodeList<DomElement> results = idpPage.getElementsByTagName("input"); for (DomElement result : results) { if (getContextName().equals(result.getAttributeNS(null, "name"))) { result.setAttributeNS(null, "value", ""); } } // Invoke back on the RP final HtmlForm form = idpPage.getFormByName(getLoginFormName()); final HtmlSubmitInput button = form.getInputByName("_eventId_submit"); final HtmlPage rpPage = button.click(); Assert.assertTrue("WS Federation Systests Examples".equals(rpPage.getTitleText()) || "WS Federation Systests Spring Examples".equals(rpPage.getTitleText())); webClient.close(); }
Example 16
Source File: KerberosTest.java From cxf-fediz with Apache License 2.0 | 4 votes |
@org.junit.Test @org.junit.Ignore public void testSpnego() throws Exception { String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet"; // Get a Kerberos Ticket + Base64 encode it String ticket = getEncodedKerberosTicket(true); final WebClient webClient = new WebClient(); webClient.getOptions().setUseInsecureSSL(true); webClient.getOptions().setJavaScriptEnabled(false); webClient.addRequestHeader("Authorization", "Negotiate " + ticket); final HtmlPage idpPage = webClient.getPage(url); webClient.getOptions().setJavaScriptEnabled(true); Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); final HtmlForm form = idpPage.getFormByName("signinresponseform"); final HtmlSubmitInput button = form.getInputByName("_eventId_submit"); final HtmlPage rpPage = button.click(); Assert.assertEquals("WS Federation Systests Examples", rpPage.getTitleText()); final String bodyTextContent = rpPage.getBody().getTextContent(); String user = "alice"; Assert.assertTrue("Principal not " + user, bodyTextContent.contains("userPrincipal=" + user)); Assert.assertTrue("User " + user + " does not have role Admin", bodyTextContent.contains("role:Admin=false")); Assert.assertTrue("User " + user + " does not have role Manager", bodyTextContent.contains("role:Manager=false")); Assert.assertTrue("User " + user + " must have role User", bodyTextContent.contains("role:User=true")); String claim = ClaimTypes.FIRSTNAME.toString(); Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'", bodyTextContent.contains(claim + "=Alice")); claim = ClaimTypes.LASTNAME.toString(); Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'", bodyTextContent.contains(claim + "=Smith")); claim = ClaimTypes.EMAILADDRESS.toString(); Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'", bodyTextContent.contains(claim + "=alice@realma.org")); webClient.close(); }
Example 17
Source File: WSFedTest.java From cxf-fediz with Apache License 2.0 | 4 votes |
private static String login(String url, String user, String password, String idpPort, String rpIdpPort) throws IOException { // // Access the RP + get redirected to the IdP for "realm a". Then get redirected to the IdP for // "realm b". // final WebClient webClient = new WebClient(); CookieManager cookieManager = new CookieManager(); webClient.setCookieManager(cookieManager); webClient.getOptions().setUseInsecureSSL(true); webClient.getCredentialsProvider().setCredentials( new AuthScope("localhost", Integer.parseInt(idpPort)), new UsernamePasswordCredentials(user, password)); webClient.getOptions().setJavaScriptEnabled(false); final HtmlPage idpPage = webClient.getPage(url); webClient.getOptions().setJavaScriptEnabled(true); Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); // For some reason, redirecting back to the IdP for "realm a" is not working with htmlunit. So extract // the parameters manually from the form, and access the IdP for "realm a" with them DomNodeList<DomElement> results = idpPage.getElementsByTagName("input"); String wresult = null; String wa = "wsignin1.0"; String wctx = null; String wtrealm = null; for (DomElement result : results) { if ("wresult".equals(result.getAttributeNS(null, "name"))) { wresult = result.getAttributeNS(null, "value"); } else if ("wctx".equals(result.getAttributeNS(null, "name"))) { wctx = result.getAttributeNS(null, "value"); } else if ("wtrealm".equals(result.getAttributeNS(null, "name"))) { wtrealm = result.getAttributeNS(null, "value"); } } Assert.assertTrue(wctx != null && wresult != null && wtrealm != null); webClient.close(); // Invoke on the IdP for "realm a" final WebClient webClient2 = new WebClient(); webClient2.setCookieManager(cookieManager); webClient2.getOptions().setUseInsecureSSL(true); String url2 = "https://localhost:" + rpIdpPort + "/fediz-idp/federation?"; url2 += "wctx=" + wctx + "&"; url2 += "wa=" + wa + "&"; url2 += "wtrealm=" + URLEncoder.encode(wtrealm, "UTF8") + "&"; url2 += "wresult=" + URLEncoder.encode(wresult, "UTF8"); webClient2.getOptions().setJavaScriptEnabled(false); final HtmlPage idpPage2 = webClient2.getPage(url2); webClient2.getOptions().setJavaScriptEnabled(true); Assert.assertEquals("IDP SignIn Response Form", idpPage2.getTitleText()); // Now redirect back to the RP final HtmlForm form2 = idpPage2.getFormByName("signinresponseform"); final HtmlSubmitInput button2 = form2.getInputByName("_eventId_submit"); final HtmlPage rpPage = button2.click(); Assert.assertEquals("WS Federation Systests Examples", rpPage.getTitleText()); webClient2.close(); return rpPage.getBody().getTextContent(); }
Example 18
Source File: AbstractTests.java From cxf-fediz with Apache License 2.0 | 4 votes |
@Test public void testAliceModifiedSignature() throws Exception { String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet"; String user = "alice"; String password = "ecila"; // Get the initial token CookieManager cookieManager = new CookieManager(); final WebClient webClient = new WebClient(); webClient.setCookieManager(cookieManager); webClient.getOptions().setUseInsecureSSL(true); webClient.getCredentialsProvider().setCredentials( new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())), new UsernamePasswordCredentials(user, password)); webClient.getOptions().setJavaScriptEnabled(false); final HtmlPage idpPage = webClient.getPage(url); webClient.getOptions().setJavaScriptEnabled(true); Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); // Parse the form to get the token (wresult) DomNodeList<DomElement> results = idpPage.getElementsByTagName("input"); for (DomElement result : results) { if (getTokenName().equals(result.getAttributeNS(null, "name"))) { // Now modify the Signature String value = result.getAttributeNS(null, "value"); if (value.contains("alice")) { value = value.replace("alice", "bob"); } else { value = "H" + value; } result.setAttributeNS(null, "value", value); } } // Invoke back on the RP final HtmlForm form = idpPage.getFormByName(getLoginFormName()); final HtmlSubmitInput button = form.getInputByName("_eventId_submit"); try { button.click(); Assert.fail("Failure expected on a modified signature"); } catch (FailingHttpStatusCodeException ex) { // expected Assert.assertTrue(401 == ex.getStatusCode() || 403 == ex.getStatusCode()); } webClient.close(); }
Example 19
Source File: HolderOfKeyTest.java From cxf-fediz with Apache License 2.0 | 4 votes |
@org.junit.Test public void testHolderOfKey() throws Exception { String url = "https://localhost:" + TomcatLauncher.getRpHttpsPort() + '/' + SERVLET_CONTEXT_NAME + "/secure/fedservlet"; String user = "alice"; String password = "ecila"; final WebClient webClient = new WebClient(); webClient.getOptions().setUseInsecureSSL(true); webClient.getOptions().setSSLClientCertificate( this.getClass().getClassLoader().getResource("client.jks"), "storepass", "jks"); webClient.getCredentialsProvider().setCredentials( new AuthScope("localhost", Integer.parseInt(TomcatLauncher.getIdpHttpsPort())), new UsernamePasswordCredentials(user, password)); webClient.getOptions().setJavaScriptEnabled(false); final HtmlPage idpPage = webClient.getPage(url); webClient.getOptions().setJavaScriptEnabled(true); Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); final HtmlForm form = idpPage.getFormByName("signinresponseform"); final HtmlSubmitInput button = form.getInputByName("_eventId_submit"); // Test the Subject Confirmation method here DomNodeList<DomElement> results = idpPage.getElementsByTagName("input"); String wresult = null; for (DomElement result : results) { if ("wresult".equals(result.getAttributeNS(null, "name"))) { wresult = result.getAttributeNS(null, "value"); break; } } Assert.assertTrue(wresult != null && wresult.contains("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key")); final HtmlPage rpPage = button.click(); Assert.assertEquals("WS Federation Systests Examples", rpPage.getTitleText()); final String bodyTextContent = rpPage.getBody().getTextContent(); Assert.assertTrue("Principal not " + user, bodyTextContent.contains("userPrincipal=" + user)); Assert.assertTrue("User " + user + " does not have role Admin", bodyTextContent.contains("role:Admin=false")); Assert.assertTrue("User " + user + " does not have role Manager", bodyTextContent.contains("role:Manager=false")); Assert.assertTrue("User " + user + " must have role User", bodyTextContent.contains("role:User=true")); String claim = ClaimTypes.FIRSTNAME.toString(); Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'", bodyTextContent.contains(claim + "=Alice")); claim = ClaimTypes.LASTNAME.toString(); Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'", bodyTextContent.contains(claim + "=Smith")); claim = ClaimTypes.EMAILADDRESS.toString(); Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'", bodyTextContent.contains(claim + "=alice@realma.org")); webClient.close(); }
Example 20
Source File: AbstractTests.java From cxf-fediz with Apache License 2.0 | 4 votes |
@Test public void testEntityExpansionAttack2() throws Exception { String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet"; String user = "alice"; String password = "ecila"; // Get the initial token CookieManager cookieManager = new CookieManager(); final WebClient webClient = new WebClient(); webClient.setCookieManager(cookieManager); webClient.getOptions().setUseInsecureSSL(true); webClient.getCredentialsProvider().setCredentials( new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())), new UsernamePasswordCredentials(user, password)); webClient.getOptions().setJavaScriptEnabled(false); final HtmlPage idpPage = webClient.getPage(url); webClient.getOptions().setJavaScriptEnabled(true); Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); // Parse the form to get the token (wresult) DomNodeList<DomElement> results = idpPage.getElementsByTagName("input"); String entity = getResourceAsString("/entity2.xml"); String reference = "&m;"; for (DomElement result : results) { if (getTokenName().equals(result.getAttributeNS(null, "name"))) { // Now modify the Signature String value = result.getAttributeNS(null, "value"); if (isWSFederation()) { value = entity + value; value = value.replace("alice", reference); result.setAttributeNS(null, "value", value); } else { // Decode response byte[] deflatedToken = Base64Utility.decode(value); InputStream inputStream = new ByteArrayInputStream(deflatedToken); Document responseDoc = StaxUtils.read(new InputStreamReader(inputStream, "UTF-8")); // Modify SignatureValue to include the entity String signatureNamespace = "http://www.w3.org/2000/09/xmldsig#"; Node signatureValue = responseDoc.getElementsByTagNameNS(signatureNamespace, "SignatureValue").item(0); signatureValue.setTextContent(reference + signatureValue.getTextContent()); // Re-encode response String responseMessage = DOM2Writer.nodeToString(responseDoc); result.setAttributeNS(null, "value", Base64Utility.encode((entity + responseMessage).getBytes())); } } } // Invoke back on the RP final HtmlForm form = idpPage.getFormByName(getLoginFormName()); final HtmlSubmitInput button = form.getInputByName("_eventId_submit"); try { button.click(); Assert.fail("Failure expected on an entity expansion attack"); } catch (FailingHttpStatusCodeException ex) { // expected Assert.assertTrue(401 == ex.getStatusCode() || 403 == ex.getStatusCode()); } webClient.close(); }