GridShib for GT 0 6 0 Developer's Guide preparation

From Globus

Overview

This is a page to put content that will go into the final developer's guide.

Related material: GridShib for GT Packaging

System Tests

This is not a comprehensive description but should be enough to give the gist, know where to look in source code/WSDL, etc.

Under the "gt/service/java/source" directory there is a dummy implementation of a SAML attribute service for GT4 using the stubs created in "gt/common". This is provided mainly as an example for a future implementation.

The "gt/service/java/test" directory contains a particular use of such a service implementation. It contains everything needed to perform complete end to end system tests of the interceptors, including:

  • a junit test suite that makes web services calls to a test service
  • a test service whose only purpose is to host an operation protected by the interceptors
  • a test attribute service that those interceptors make attribute queries to

(The "gt/service/java/source" directory breaks the convention of having a source directory with matching test directory containing tests of the code in source. It probably makes more sense to call this directory "gt/test" since it's really a full end to end system test, but that was not done and it doesn't seem like a serious enough mistake to correct now.)

In the future, the test attribute service component will not come into play for some of the tests because we now have attribute push mechanisms (and technically some tests already do not result in an AA query, for example, the DN short-circuiting tests), but the other components will still be useful (for example, to test attribute push over real transport, secure message, and secure conversation channels).

This picture outlines the components:

Image:GridShib_for_GT_0_6_0_end-to-end-test-overview.png

First, a container is started running the test packages. Then each junit test makes a noAuthRequest call to the test service. For the details, run 'ant test' on the top-level build file and examine the noAuthRequest element defined in "gt/service/java/test/compact/shibboleth_tests/shibtest_port_type.wsdl".

Each time a test runs, a "noAuthRequest" is made to the service without any authentication or authorization. It gives the test service all of the necessary information to configure everything for the particular test. For example:

  • The Policy type is passed to the test service, specifying the exact DN and attribute policy the interceptors should be configured with.
  • The "aaMungeAttributes" flag tells the test service to direct the test AA to return a mangled attribute that would conflict with the policy (to test denials).

The test service does two things with the information in this message:

  1. The test service creates and configures an authorization chain in front of the createResource operation based on the received noAuth parameters. The configured chain is GridShibPDP (the main aggregate interceptor).
  2. The test service configures the test AA by binding a populated configuration object into a JNDI context that the AA will retrieve from each call.

Finally, each junit test makes one or more calls to the createResource operation on the test service (the operation which is configured with the GridShib interceptors in front of it). Operation success or remote exception casing is used to determine if the expected result occurred.

The view of what happened from the web services client in the junit tests is limited, more fine grain testing should be done in unit tests (under "gt/interceptors/java/test/").

The easiest way to add an element to the test WSDL (for example a new flag or bit of information to the noAuthRequest) is to run "ant undeploy clean", make the change, and "ant deploy" to get the stub regeneration (these are the targets on the local build.xml, these would be different from the top level build file).

Compatibility

The system tests run on either GT 4.0 or GT 4.2 (like the rest of GridShib for GT). To achieve compatibility, the build files copy 4.0-specific code or 4.2-specific code into the build as appropriate. See the pairs of files in "gt/service/java/test/var":

  • gt/service/java/test/var/CompatibleUtil-4.0.java
  • gt/service/java/test/var/CompatibleUtil-4.1+.java
  • gt/service/java/test/var/NStoPkg-4.0.properties
  • gt/service/java/test/var/NStoPkg-4.1+.properties
  • gt/service/java/test/var/security-descriptor-4.0.xml
  • gt/service/java/test/var/security-descriptor-4.1+.xml
  • gt/service/java/test/var/ShibbolethTestService-4.0.java
  • gt/service/java/test/var/ShibbolethTestService-4.1+.java
  • gt/service/java/test/var/shibtest_port_type-4.0.wsdl
  • gt/service/java/test/var/shibtest_port_type-4.1+.wsdl

For build details, see target determine-GT-version in "interceptors/java/source/build.xml" and all the targets that depend on it.

Retrieved from "http://dev.globus.org/wiki/GridShib_for_GT_0_6_0_Developer%27s_Guide_preparation"
Personal tools
Execution Projects
Information projects
Distribution Projects
Documentation Projects
Deprecated