You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by gm...@apache.org on 2012/05/29 23:39:02 UTC
svn commit: r1344008 - in
/cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec:
client/ClientCallbackHandler.java client/wssec-client.xml
server/ServerCallbackHandler.java sts/STSCallbackHandler.java
sts/wssec-sts.xml
Author: gmazza
Date: Tue May 29 21:39:01 2012
New Revision: 1344008
URL: http://svn.apache.org/viewvc?rev=1344008&view=rev
Log:
Better commenting, formatting, more robust password callback handlers added.
Modified:
cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/client/ClientCallbackHandler.java
cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/client/wssec-client.xml
cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/server/ServerCallbackHandler.java
cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/sts/STSCallbackHandler.java
cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/sts/wssec-sts.xml
Modified: cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/client/ClientCallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/client/ClientCallbackHandler.java?rev=1344008&r1=1344007&r2=1344008&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/client/ClientCallbackHandler.java (original)
+++ cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/client/ClientCallbackHandler.java Tue May 29 21:39:01 2012
@@ -31,18 +31,19 @@ public class ClientCallbackHandler imple
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
- if ("myclientkey".equals(pc.getIdentifier())) {
- pc.setPassword("ckpass");
- break;
- } else if ("alice".equals(pc.getIdentifier())) {
- pc.setPassword("clarinet");
- break;
- } else if ("bob".equals(pc.getIdentifier())) {
- pc.setPassword("trombone");
- break;
- } else if ("eve".equals(pc.getIdentifier())) {
- pc.setPassword("evekpass");
- break;
+ if (pc.getUsage() == WSPasswordCallback.DECRYPT ||
+ pc.getUsage() == WSPasswordCallback.SIGNATURE) {
+ if ("myclientkey".equals(pc.getIdentifier())) {
+ pc.setPassword("ckpass");
+ }
+ } else if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN) {
+ if ("alice".equals(pc.getIdentifier())) {
+ pc.setPassword("clarinet");
+ break;
+ } else if ("bob".equals(pc.getIdentifier())) {
+ pc.setPassword("trombone");
+ break;
+ }
}
}
}
Modified: cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/client/wssec-client.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/client/wssec-client.xml?rev=1344008&r1=1344007&r2=1344008&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/client/wssec-client.xml (original)
+++ cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/client/wssec-client.xml Tue May 29 21:39:01 2012
@@ -66,8 +66,14 @@
value="demo.wssec.client.ClientCallbackHandler"/>
<entry key="ws-security.encryption.properties" value="keys/clientKeystore.properties"/>
<entry key="ws-security.encryption.username" value="mystskey"/>
+ <!-- Because of the PublicKey requirement in the InitiatorToken element
+ in the WSP WSDL, the client needs to have the STS add its public
+ key to the SAML assertion, as configured in the three lines below.
+ -->
<entry key="ws-security.sts.token.username" value="myclientkey"/>
<entry key="ws-security.sts.token.properties" value="keys/clientKeystore.properties"/>
+ <!-- If usecert = true, sends entire certificate in an X509Certificate element, else
+ sends cert ID in a KeyValue element -->
<entry key="ws-security.sts.token.usecert" value="true"/>
</map>
</property>
Modified: cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/server/ServerCallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/server/ServerCallbackHandler.java?rev=1344008&r1=1344007&r2=1344008&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/server/ServerCallbackHandler.java (original)
+++ cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/server/ServerCallbackHandler.java Tue May 29 21:39:01 2012
@@ -29,7 +29,7 @@ public class ServerCallbackHandler imple
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
- if (callbacks[i] instanceof WSPasswordCallback) { // CXF
+ if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
if ("myservicekey".equals(pc.getIdentifier())) {
pc.setPassword("skpass");
Modified: cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/sts/STSCallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/sts/STSCallbackHandler.java?rev=1344008&r1=1344007&r2=1344008&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/sts/STSCallbackHandler.java (original)
+++ cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/sts/STSCallbackHandler.java Tue May 29 21:39:01 2012
@@ -31,14 +31,18 @@ public class STSCallbackHandler implemen
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
- if ("mystskey".equals(pc.getIdentifier())) {
- pc.setPassword("stskpass");
- break;
- } else if ("alice".equals(pc.getIdentifier())) {
- pc.setPassword("clarinet");
- break;
+ if (pc.getUsage() == WSPasswordCallback.DECRYPT ||
+ pc.getUsage() == WSPasswordCallback.SIGNATURE) {
+ if ("mystskey".equals(pc.getIdentifier())) {
+ pc.setPassword("stskpass");
+ }
+ } else if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN) {
+ if ("alice".equals(pc.getIdentifier())) {
+ pc.setPassword("clarinet");
+ }
}
}
}
}
}
+
Modified: cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/sts/wssec-sts.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/sts/wssec-sts.xml?rev=1344008&r1=1344007&r2=1344008&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/sts/wssec-sts.xml (original)
+++ cxf/trunk/distribution/src/main/release/samples/sts/src/demo/wssec/sts/wssec-sts.xml Tue May 29 21:39:01 2012
@@ -16,13 +16,9 @@
specific language governing permissions and limitations
under the License.
-->
-<beans
- xmlns="http://www.springframework.org/schema/beans"
- xmlns:cxf="http://cxf.apache.org/core"
- xmlns:jaxws="http://cxf.apache.org/jaxws"
- xmlns:test="http://apache.org/hello_world_soap_http"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:util="http://www.springframework.org/schema/util"
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:test="http://apache.org/hello_world_soap_http"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="
http://cxf.apache.org/core
http://cxf.apache.org/schemas/core.xsd
@@ -35,68 +31,58 @@
<cxf:bus>
<cxf:features>
- <cxf:logging/>
+ <cxf:logging />
</cxf:features>
</cxf:bus>
<bean id="utSTSProviderBean"
- class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
- <property name="issueOperation" ref="utIssueDelegate"/>
- <property name="validateOperation" ref="utValidateDelegate"/>
- </bean>
-
- <bean id="utIssueDelegate"
- class="org.apache.cxf.sts.operation.TokenIssueOperation">
- <property name="tokenProviders" ref="utSamlTokenProvider"/>
- <property name="services" ref="utService"/>
- <property name="stsProperties" ref="utSTSProperties"/>
- </bean>
-
- <bean id="utValidateDelegate"
- class="org.apache.cxf.sts.operation.TokenValidateOperation">
- <property name="tokenValidators" ref="utSamlTokenValidator"/>
- <property name="stsProperties" ref="utSTSProperties"/>
- </bean>
-
- <bean id="utSamlTokenProvider"
- class="org.apache.cxf.sts.token.provider.SAMLTokenProvider">
- </bean>
-
- <bean id="utSamlTokenValidator"
- class="org.apache.cxf.sts.token.validator.SAMLTokenValidator">
- </bean>
-
- <bean id="utService"
- class="org.apache.cxf.sts.service.StaticService">
- <property name="endpoints" ref="utEndpoints"/>
+ class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
+ <property name="issueOperation" ref="utIssueDelegate" />
+ <property name="validateOperation" ref="utValidateDelegate" />
</bean>
-
+
+ <bean id="utIssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation">
+ <property name="tokenProviders" ref="utSamlTokenProvider" />
+ <property name="services" ref="utService" />
+ <property name="stsProperties" ref="utSTSProperties" />
+ </bean>
+
+ <bean id="utValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation">
+ <property name="tokenValidators" ref="utSamlTokenValidator" />
+ <property name="stsProperties" ref="utSTSProperties" />
+ </bean>
+
+ <bean id="utSamlTokenProvider" class="org.apache.cxf.sts.token.provider.SAMLTokenProvider">
+ </bean>
+
+ <bean id="utSamlTokenValidator" class="org.apache.cxf.sts.token.validator.SAMLTokenValidator">
+ </bean>
+
+ <bean id="utService" class="org.apache.cxf.sts.service.StaticService">
+ <property name="endpoints" ref="utEndpoints" />
+ </bean>
+
<util:list id="utEndpoints">
- <value>http://localhost:(\d)*/SoapContext/SoapPort</value>
- </util:list>
-
- <bean id="utSTSProperties"
- class="org.apache.cxf.sts.StaticSTSProperties">
- <property name="signaturePropertiesFile" value="keys/stsKeystore.properties"/>
- <property name="signatureUsername" value="mystskey"/>
- <property name="callbackHandlerClass" value="demo.wssec.sts.STSCallbackHandler"/>
- <property name="issuer" value="DoubleItSTSIssuer"/>
- </bean>
-
- <jaxws:endpoint id="UTSTS"
- implementor="#utSTSProviderBean"
- address="http://localhost:8080/SecurityTokenService/UT"
- wsdlLocation="wsdl/ws-trust-1.4-service.wsdl"
+ <value>http://localhost:(\d)*/SoapContext/SoapPort</value>
+ </util:list>
+
+ <bean id="utSTSProperties" class="org.apache.cxf.sts.StaticSTSProperties">
+ <property name="signaturePropertiesFile" value="keys/stsKeystore.properties" />
+ <property name="signatureUsername" value="mystskey" />
+ <property name="callbackHandlerClass" value="demo.wssec.sts.STSCallbackHandler" />
+ <property name="issuer" value="DoubleItSTSIssuer" />
+ </bean>
+
+ <jaxws:endpoint id="UTSTS" implementor="#utSTSProviderBean"
+ address="http://localhost:8080/SecurityTokenService/UT" wsdlLocation="wsdl/ws-trust-1.4-service.wsdl"
xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
- serviceName="ns1:SecurityTokenService"
- endpointName="ns1:UT_Port">
+ serviceName="ns1:SecurityTokenService" endpointName="ns1:UT_Port">
<jaxws:properties>
- <entry key="ws-security.callback-handler" value="demo.wssec.sts.STSCallbackHandler"/>
- <entry key="ws-security.signature.properties" value="keys/stsKeystore.properties"/>
- <entry key="ws-security.signature.username" value="mystskey"/>
- </jaxws:properties>
- </jaxws:endpoint>
-
+ <entry key="ws-security.callback-handler" value="demo.wssec.sts.STSCallbackHandler" />
+ <entry key="ws-security.signature.properties" value="keys/stsKeystore.properties" />
+ <entry key="ws-security.signature.username" value="mystskey" />
+ </jaxws:properties>
+ </jaxws:endpoint>
</beans>