You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/12/05 14:22:12 UTC
svn commit: r1548129 - in /cxf/trunk:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/
services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/
services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts...
Author: coheigea
Date: Thu Dec 5 13:22:11 2013
New Revision: 1548129
URL: http://svn.apache.org/r1548129
Log:
Finished with STS system test refactoring
Added:
cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/StaxClaimsValidator.java
cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/StaxServer.java
cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/StaxSTSServer.java
cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/StaxSTSServer.java
cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/StaxServer.java
cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/stax-cxf-service.xml
cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/stax-cxf-sts.xml
cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/stax-cxf-sts.xml
cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/soap12/stax-cxf-service.xml
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java
cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/cross_domain/CrossDomainTest.java
cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/SAMLRenewUnitTest.java
cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecurityContextTokenUnitTest.java
cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/Soap12Test.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1548129&r1=1548128&r2=1548129&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Thu Dec 5 13:22:11 2013
@@ -852,6 +852,9 @@ public class WSS4JInInterceptor extends
return (Validator)ClassLoaderUtils.loadClass(o.toString(),
WSS4JInInterceptor.class)
.newInstance();
+ } else if (o != null) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
+ "Cannot load Validator: " + o);
}
} catch (RuntimeException t) {
throw t;
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java?rev=1548129&r1=1548128&r2=1548129&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java Thu Dec 5 13:22:11 2013
@@ -440,7 +440,8 @@ public class WSS4JStaxInInterceptor exte
WSS4JStaxInInterceptor.class)
.newInstance();
} else if (o != null) {
- LOG.info("Cannot load Validator: " + o);
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
+ "Cannot load Validator: " + o);
}
} catch (RuntimeException t) {
throw t;
Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java?rev=1548129&r1=1548128&r2=1548129&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java Thu Dec 5 13:22:11 2013
@@ -19,32 +19,48 @@
package org.apache.cxf.systest.sts.claims;
import java.net.URL;
+import java.util.Arrays;
+import java.util.Collection;
import javax.xml.namespace.QName;
+import javax.xml.ws.BindingProvider;
import javax.xml.ws.Service;
import org.apache.cxf.Bus;
import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.systest.sts.common.SecurityTestUtil;
+import org.apache.cxf.systest.sts.common.TestParam;
+import org.apache.cxf.systest.sts.common.TokenTestUtils;
import org.apache.cxf.systest.sts.deployment.STSServer;
+import org.apache.cxf.systest.sts.deployment.StaxSTSServer;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
-
import org.example.contract.doubleit.DoubleItPortType;
import org.junit.BeforeClass;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized.Parameters;
/**
* Test sending claims that are defined in the policy of the WSDL to the STS for evaluation.
* The SAML token is tested on the service side for the correct claims (role) information via a
* custom validator.
*/
+@RunWith(value = org.junit.runners.Parameterized.class)
public class ClaimsTest extends AbstractBusClientServerTestBase {
static final String STSPORT = allocatePort(STSServer.class);
+ static final String STAX_STSPORT = allocatePort(StaxSTSServer.class);
private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
private static final String PORT = allocatePort(Server.class);
+ private static final String STAX_PORT = allocatePort(StaxServer.class);
+
+ final TestParam test;
+
+ public ClaimsTest(TestParam type) {
+ this.test = type;
+ }
@BeforeClass
public static void startServers() throws Exception {
@@ -56,11 +72,38 @@ public class ClaimsTest extends Abstract
launchServer(Server.class, true)
);
assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(StaxServer.class, true)
+ );
+ assertTrue(
"Server failed to launch",
// run the server in the same process
// set this to false to fork
launchServer(STSServer.class, true)
);
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(StaxSTSServer.class, true)
+ );
+ }
+
+ @Parameters(name = "{0}")
+ public static Collection<TestParam[]> data() {
+
+ return Arrays.asList(new TestParam[][] {{new TestParam(PORT, false, STSPORT)},
+ {new TestParam(PORT, true, STSPORT)},
+ {new TestParam(STAX_PORT, false, STSPORT)},
+ {new TestParam(STAX_PORT, true, STSPORT)},
+
+ {new TestParam(PORT, false, STAX_STSPORT)},
+ {new TestParam(PORT, true, STAX_STSPORT)},
+ {new TestParam(STAX_PORT, false, STAX_STSPORT)},
+ {new TestParam(STAX_PORT, true, STAX_STSPORT)},
+ });
}
@org.junit.AfterClass
@@ -84,7 +127,13 @@ public class ClaimsTest extends Abstract
QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML1ClaimsPort");
DoubleItPortType transportClaimsPort =
service.getPort(portQName, DoubleItPortType.class);
- updateAddressPort(transportClaimsPort, PORT);
+ updateAddressPort(transportClaimsPort, test.getPort());
+
+ TokenTestUtils.updateSTSPort((BindingProvider)transportClaimsPort, test.getStsPort());
+
+ if (test.isStreaming()) {
+ SecurityTestUtil.enableStreaming(transportClaimsPort);
+ }
doubleIt(transportClaimsPort, 25);
@@ -107,9 +156,14 @@ public class ClaimsTest extends Abstract
QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML1CustomClaimsPort");
DoubleItPortType transportClaimsPort =
service.getPort(portQName, DoubleItPortType.class);
- updateAddressPort(transportClaimsPort, PORT);
- doubleIt(transportClaimsPort, 25);
+ updateAddressPort(transportClaimsPort, test.getPort());
+
+ TokenTestUtils.updateSTSPort((BindingProvider)transportClaimsPort, test.getStsPort());
+
+ if (test.isStreaming()) {
+ SecurityTestUtil.enableStreaming(transportClaimsPort);
+ }
((java.io.Closeable)transportClaimsPort).close();
bus.shutdown(true);
@@ -130,7 +184,14 @@ public class ClaimsTest extends Abstract
QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML1ClaimsPort");
DoubleItPortType transportClaimsPort =
service.getPort(portQName, DoubleItPortType.class);
- updateAddressPort(transportClaimsPort, PORT);
+
+ updateAddressPort(transportClaimsPort, test.getPort());
+
+ TokenTestUtils.updateSTSPort((BindingProvider)transportClaimsPort, test.getStsPort());
+
+ if (test.isStreaming()) {
+ SecurityTestUtil.enableStreaming(transportClaimsPort);
+ }
try {
doubleIt(transportClaimsPort, 25);
@@ -158,7 +219,14 @@ public class ClaimsTest extends Abstract
QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML1FailingClaimsPort");
DoubleItPortType transportClaimsPort =
service.getPort(portQName, DoubleItPortType.class);
- updateAddressPort(transportClaimsPort, PORT);
+
+ updateAddressPort(transportClaimsPort, test.getPort());
+
+ TokenTestUtils.updateSTSPort((BindingProvider)transportClaimsPort, test.getStsPort());
+
+ if (test.isStreaming()) {
+ SecurityTestUtil.enableStreaming(transportClaimsPort);
+ }
try {
doubleIt(transportClaimsPort, 25);
@@ -186,7 +254,14 @@ public class ClaimsTest extends Abstract
QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2ClaimsPort");
DoubleItPortType transportClaimsPort =
service.getPort(portQName, DoubleItPortType.class);
- updateAddressPort(transportClaimsPort, PORT);
+
+ updateAddressPort(transportClaimsPort, test.getPort());
+
+ TokenTestUtils.updateSTSPort((BindingProvider)transportClaimsPort, test.getStsPort());
+
+ if (test.isStreaming()) {
+ SecurityTestUtil.enableStreaming(transportClaimsPort);
+ }
doubleIt(transportClaimsPort, 25);
@@ -209,7 +284,14 @@ public class ClaimsTest extends Abstract
QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2ClaimsPort");
DoubleItPortType transportClaimsPort =
service.getPort(portQName, DoubleItPortType.class);
- updateAddressPort(transportClaimsPort, PORT);
+
+ updateAddressPort(transportClaimsPort, test.getPort());
+
+ TokenTestUtils.updateSTSPort((BindingProvider)transportClaimsPort, test.getStsPort());
+
+ if (test.isStreaming()) {
+ SecurityTestUtil.enableStreaming(transportClaimsPort);
+ }
try {
doubleIt(transportClaimsPort, 25);
@@ -240,7 +322,14 @@ public class ClaimsTest extends Abstract
QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2ClaimsPort");
DoubleItPortType transportClaimsPort =
service.getPort(portQName, DoubleItPortType.class);
- updateAddressPort(transportClaimsPort, PORT);
+
+ updateAddressPort(transportClaimsPort, test.getPort());
+
+ TokenTestUtils.updateSTSPort((BindingProvider)transportClaimsPort, test.getStsPort());
+
+ if (test.isStreaming()) {
+ SecurityTestUtil.enableStreaming(transportClaimsPort);
+ }
doubleIt(transportClaimsPort, 25);
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/StaxClaimsValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/StaxClaimsValidator.java?rev=1548129&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/StaxClaimsValidator.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/StaxClaimsValidator.java Thu Dec 5 13:22:11 2013
@@ -0,0 +1,147 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.claims;
+
+import java.util.List;
+
+import org.w3c.dom.Element;
+import org.apache.cxf.sts.claims.ClaimTypes;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.stax.impl.securityToken.SamlSecurityTokenImpl;
+import org.apache.wss4j.stax.securityToken.SamlSecurityToken;
+import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
+import org.apache.wss4j.stax.validate.SamlTokenValidatorImpl;
+import org.apache.wss4j.stax.validate.TokenContext;
+import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
+import org.opensaml.xml.XMLObject;
+
+/**
+ * This class validates a SAML Assertion and checks that it has an "AuthenticatedRole" attribute
+ * corresponding to "admin-user". Note that it only throws an error if the role has the wrong
+ * value, not if the role doesn't exist. This is because the WS-SecurityPolicy validation will
+ * check to make sure that the correct defined Claims have been met in the token.
+ */
+public class StaxClaimsValidator extends SamlTokenValidatorImpl {
+
+ @SuppressWarnings("unchecked")
+ @Override
+ public <T extends SamlSecurityToken & InboundSecurityToken> T validate(
+ final SamlAssertionWrapper samlAssertionWrapper,
+ final InboundSecurityToken subjectSecurityToken,
+ final TokenContext tokenContext
+ ) throws WSSecurityException {
+ // Check conditions
+ checkConditions(samlAssertionWrapper);
+
+ // Check OneTimeUse Condition
+ checkOneTimeUse(samlAssertionWrapper,
+ tokenContext.getWssSecurityProperties().getSamlOneTimeUseReplayCache());
+
+ // Validate the assertion against schemas/profiles
+ validateAssertion(samlAssertionWrapper);
+
+ // Now check Claims
+ boolean valid = false;
+ if (samlAssertionWrapper.getSaml1() != null) {
+ valid = handleSAML1Assertion(samlAssertionWrapper.getSaml1());
+ } else if (samlAssertionWrapper.getSaml2() != null) {
+ valid = handleSAML2Assertion(samlAssertionWrapper.getSaml2());
+ }
+
+ if (!valid) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
+ }
+
+ Crypto sigVerCrypto = null;
+ if (samlAssertionWrapper.isSigned()) {
+ sigVerCrypto = tokenContext.getWssSecurityProperties().getSignatureVerificationCrypto();
+ }
+ SamlSecurityTokenImpl securityToken = new SamlSecurityTokenImpl(
+ samlAssertionWrapper, subjectSecurityToken,
+ tokenContext.getWsSecurityContext(),
+ sigVerCrypto,
+ WSSecurityTokenConstants.KeyIdentifier_NoKeyInfo,
+ tokenContext.getWssSecurityProperties());
+
+ securityToken.setElementPath(tokenContext.getElementPath());
+ securityToken.setXMLSecEvent(tokenContext.getFirstXMLSecEvent());
+
+ return (T)securityToken;
+ }
+
+ private boolean handleSAML1Assertion(
+ org.opensaml.saml1.core.Assertion assertion
+ ) throws WSSecurityException {
+ List<org.opensaml.saml1.core.AttributeStatement> attributeStatements =
+ assertion.getAttributeStatements();
+ if (attributeStatements == null || attributeStatements.isEmpty()) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
+ }
+
+ for (org.opensaml.saml1.core.AttributeStatement statement : attributeStatements) {
+ List<org.opensaml.saml1.core.Attribute> attributes = statement.getAttributes();
+ for (org.opensaml.saml1.core.Attribute attribute : attributes) {
+
+ if (!ClaimTypes.URI_BASE.toString().equals(attribute.getAttributeNamespace())) {
+ continue;
+ }
+
+ for (XMLObject attributeValue : attribute.getAttributeValues()) {
+ Element attributeValueElement = attributeValue.getDOM();
+ String text = attributeValueElement.getTextContent();
+ if (!"admin-user".equals(text)) {
+ return false;
+ }
+ }
+ }
+ }
+ return true;
+ }
+
+ private boolean handleSAML2Assertion(
+ org.opensaml.saml2.core.Assertion assertion
+ ) throws WSSecurityException {
+ List<org.opensaml.saml2.core.AttributeStatement> attributeStatements =
+ assertion.getAttributeStatements();
+ if (attributeStatements == null || attributeStatements.isEmpty()) {
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
+ }
+
+ for (org.opensaml.saml2.core.AttributeStatement statement : attributeStatements) {
+ List<org.opensaml.saml2.core.Attribute> attributes = statement.getAttributes();
+ for (org.opensaml.saml2.core.Attribute attribute : attributes) {
+ if (!attribute.getName().startsWith(ClaimTypes.URI_BASE.toString())) {
+ continue;
+ }
+
+ for (XMLObject attributeValue : attribute.getAttributeValues()) {
+ Element attributeValueElement = attributeValue.getDOM();
+ String text = attributeValueElement.getTextContent();
+ if (!"admin-user".equals(text)) {
+ return false;
+ }
+ }
+ }
+ }
+ return true;
+ }
+
+}
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/StaxServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/StaxServer.java?rev=1548129&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/StaxServer.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/StaxServer.java Thu Dec 5 13:22:11 2013
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.claims;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class StaxServer extends AbstractBusTestServerBase {
+
+ public StaxServer() {
+
+ }
+
+ protected void run() {
+ URL busFile = StaxServer.class.getResource("stax-cxf-service.xml");
+ Bus busLocal = new SpringBusFactory().createBus(busFile);
+ BusFactory.setDefaultBus(busLocal);
+ setBus(busLocal);
+
+ try {
+ new StaxServer();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/cross_domain/CrossDomainTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/cross_domain/CrossDomainTest.java?rev=1548129&r1=1548128&r2=1548129&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/cross_domain/CrossDomainTest.java (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/cross_domain/CrossDomainTest.java Thu Dec 5 13:22:11 2013
@@ -32,7 +32,7 @@ import org.example.contract.doubleit.Dou
import org.junit.BeforeClass;
/**
- * In this test, a CXF client checks to see that the location defined on it's STSClient is different
+ * In this test, a CXF client checks to see that the location defined on its STSClient is different
* from that configured in the Issuer of the IssuedToken policy supplied in the WSDL of the
* service provider. It obtains a SAML Token from the configured STS first, and then sends it in
* the security header to the second STS. The returned token is then sent to the service provider.
Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/SAMLRenewUnitTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/SAMLRenewUnitTest.java?rev=1548129&r1=1548128&r2=1548129&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/SAMLRenewUnitTest.java (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/SAMLRenewUnitTest.java Thu Dec 5 13:22:11 2013
@@ -19,6 +19,8 @@
package org.apache.cxf.systest.sts.renew;
import java.net.URL;
+import java.util.Arrays;
+import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -26,20 +28,31 @@ import java.util.Map;
import org.apache.cxf.Bus;
import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.systest.sts.common.SecurityTestUtil;
+import org.apache.cxf.systest.sts.common.TestParam;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.trust.STSClient;
import org.apache.wss4j.dom.WSConstants;
import org.junit.BeforeClass;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized.Parameters;
/**
* In this test case, a CXF client requests a SAML Token from an STS and then tries to renew it.
*/
+@RunWith(value = org.junit.runners.Parameterized.class)
public class SAMLRenewUnitTest extends AbstractBusClientServerTestBase {
static final String STSPORT = allocatePort(STSServer.class);
+ static final String STAX_STSPORT = allocatePort(StaxSTSServer.class);
+ final TestParam test;
+
+ public SAMLRenewUnitTest(TestParam type) {
+ this.test = type;
+ }
+
@BeforeClass
public static void startServers() throws Exception {
assertTrue(
@@ -48,6 +61,20 @@ public class SAMLRenewUnitTest extends A
// set this to false to fork
launchServer(STSServer.class, true)
);
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(StaxSTSServer.class, true)
+ );
+ }
+
+ @Parameters(name = "{0}")
+ public static Collection<TestParam[]> data() {
+
+ return Arrays.asList(new TestParam[][] {{new TestParam("", false, STSPORT)},
+ {new TestParam("", false, STAX_STSPORT)},
+ });
}
@org.junit.AfterClass
@@ -66,7 +93,7 @@ public class SAMLRenewUnitTest extends A
SpringBusFactory.setThreadDefaultBus(bus);
String wsdlLocation =
- "https://localhost:" + STSPORT + "/SecurityTokenService/Transport?wsdl";
+ "https://localhost:" + test.getStsPort() + "/SecurityTokenService/Transport?wsdl";
// Request the token
SecurityToken token =
@@ -103,7 +130,7 @@ public class SAMLRenewUnitTest extends A
SpringBusFactory.setThreadDefaultBus(bus);
String wsdlLocation =
- "https://localhost:" + STSPORT + "/SecurityTokenService/Transport?wsdl";
+ "https://localhost:" + test.getStsPort() + "/SecurityTokenService/Transport?wsdl";
// Request the token
SecurityToken token =
@@ -140,7 +167,7 @@ public class SAMLRenewUnitTest extends A
SpringBusFactory.setThreadDefaultBus(bus);
String wsdlLocation =
- "https://localhost:" + STSPORT + "/SecurityTokenService/Transport?wsdl";
+ "https://localhost:" + test.getStsPort() + "/SecurityTokenService/Transport?wsdl";
// Request the token
SecurityToken token =
@@ -170,7 +197,7 @@ public class SAMLRenewUnitTest extends A
SpringBusFactory.setThreadDefaultBus(bus);
String wsdlLocation =
- "https://localhost:" + STSPORT + "/SecurityTokenService/Transport?wsdl";
+ "https://localhost:" + test.getStsPort() + "/SecurityTokenService/Transport?wsdl";
// Request the token
SecurityToken token =
@@ -202,7 +229,7 @@ public class SAMLRenewUnitTest extends A
SpringBusFactory.setThreadDefaultBus(bus);
String wsdlLocation =
- "https://localhost:" + STSPORT + "/SecurityTokenService/Transport?wsdl";
+ "https://localhost:" + test.getStsPort() + "/SecurityTokenService/Transport?wsdl";
// Request the token
SecurityToken token =
@@ -233,7 +260,7 @@ public class SAMLRenewUnitTest extends A
SpringBusFactory.setThreadDefaultBus(bus);
String wsdlLocation =
- "https://localhost:" + STSPORT + "/SecurityTokenService/Transport?wsdl";
+ "https://localhost:" + test.getStsPort() + "/SecurityTokenService/Transport?wsdl";
// Request the token
SecurityToken token =
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/StaxSTSServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/StaxSTSServer.java?rev=1548129&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/StaxSTSServer.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/StaxSTSServer.java Thu Dec 5 13:22:11 2013
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.renew;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class StaxSTSServer extends AbstractBusTestServerBase {
+
+ public StaxSTSServer() {
+
+ }
+
+ protected void run() {
+ URL busFile = StaxSTSServer.class.getResource("stax-cxf-sts.xml");
+ Bus busLocal = new SpringBusFactory().createBus(busFile);
+ BusFactory.setDefaultBus(busLocal);
+ setBus(busLocal);
+
+ try {
+ new StaxSTSServer();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ public static void main(String args[]) {
+ new StaxSTSServer().run();
+ }
+}
Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecurityContextTokenUnitTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecurityContextTokenUnitTest.java?rev=1548129&r1=1548128&r2=1548129&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecurityContextTokenUnitTest.java (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecurityContextTokenUnitTest.java Thu Dec 5 13:22:11 2013
@@ -19,25 +19,37 @@
package org.apache.cxf.systest.sts.secure_conv;
import java.net.URL;
+import java.util.Arrays;
+import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import org.apache.cxf.Bus;
import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.systest.sts.common.SecurityTestUtil;
+import org.apache.cxf.systest.sts.common.TestParam;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.trust.STSClient;
-
import org.junit.BeforeClass;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized.Parameters;
/**
* In this test case, a CXF client requests a SecurityContextToken from an STS.
*/
+@RunWith(value = org.junit.runners.Parameterized.class)
public class SecurityContextTokenUnitTest extends AbstractBusClientServerTestBase {
static final String STSPORT = allocatePort(STSServer.class);
+ static final String STAX_STSPORT = allocatePort(StaxSTSServer.class);
+
+ final TestParam test;
+
+ public SecurityContextTokenUnitTest(TestParam type) {
+ this.test = type;
+ }
@BeforeClass
public static void startServers() throws Exception {
@@ -47,6 +59,20 @@ public class SecurityContextTokenUnitTes
// set this to false to fork
launchServer(STSServer.class, true)
);
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(StaxSTSServer.class, true)
+ );
+ }
+
+ @Parameters(name = "{0}")
+ public static Collection<TestParam[]> data() {
+
+ return Arrays.asList(new TestParam[][] {{new TestParam("", false, STSPORT)},
+ {new TestParam("", true, STAX_STSPORT)},
+ });
}
@org.junit.AfterClass
@@ -65,7 +91,7 @@ public class SecurityContextTokenUnitTes
SpringBusFactory.setThreadDefaultBus(bus);
String wsdlLocation =
- "https://localhost:" + STSPORT + "/SecurityTokenService/TransportSCT?wsdl";
+ "https://localhost:" + test.getStsPort() + "/SecurityTokenService/TransportSCT?wsdl";
SecurityToken token =
requestSecurityToken(bus, wsdlLocation, true);
assertTrue(token.getSecret() != null && token.getSecret().length > 0);
@@ -83,7 +109,7 @@ public class SecurityContextTokenUnitTes
SpringBusFactory.setThreadDefaultBus(bus);
String wsdlLocation =
- "https://localhost:" + STSPORT + "/SecurityTokenService/TransportSCT?wsdl";
+ "https://localhost:" + test.getStsPort() + "/SecurityTokenService/TransportSCT?wsdl";
SecurityToken token =
requestSecurityToken(bus, wsdlLocation, false);
assertTrue(token.getSecret() != null && token.getSecret().length > 0);
@@ -101,7 +127,7 @@ public class SecurityContextTokenUnitTes
SpringBusFactory.setThreadDefaultBus(bus);
String wsdlLocation =
- "https://localhost:" + STSPORT + "/SecurityTokenService/TransportSCTEncrypted?wsdl";
+ "https://localhost:" + test.getStsPort() + "/SecurityTokenService/TransportSCTEncrypted?wsdl";
SecurityToken token =
requestSecurityToken(bus, wsdlLocation, true);
assertTrue(token.getSecret() != null && token.getSecret().length > 0);
@@ -119,7 +145,7 @@ public class SecurityContextTokenUnitTes
SpringBusFactory.setThreadDefaultBus(bus);
String wsdlLocation =
- "https://localhost:" + STSPORT + "/SecurityTokenService/TransportSCTEncrypted?wsdl";
+ "https://localhost:" + test.getStsPort() + "/SecurityTokenService/TransportSCTEncrypted?wsdl";
SecurityToken token =
requestSecurityToken(bus, wsdlLocation, false);
assertTrue(token.getSecret() != null && token.getSecret().length > 0);
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/StaxSTSServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/StaxSTSServer.java?rev=1548129&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/StaxSTSServer.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/StaxSTSServer.java Thu Dec 5 13:22:11 2013
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.secure_conv;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class StaxSTSServer extends AbstractBusTestServerBase {
+
+ public StaxSTSServer() {
+
+ }
+
+ protected void run() {
+ URL busFile = StaxSTSServer.class.getResource("stax-cxf-sts.xml");
+ Bus busLocal = new SpringBusFactory().createBus(busFile);
+ BusFactory.setDefaultBus(busLocal);
+ setBus(busLocal);
+
+ try {
+ new StaxSTSServer();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ public static void main(String args[]) {
+ new StaxSTSServer().run();
+ }
+}
Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/Soap12Test.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/Soap12Test.java?rev=1548129&r1=1548128&r2=1548129&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/Soap12Test.java (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/Soap12Test.java Thu Dec 5 13:22:11 2013
@@ -19,34 +19,42 @@
package org.apache.cxf.systest.sts.soap12;
import java.net.URL;
+import java.util.Arrays;
+import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import javax.xml.namespace.QName;
+import javax.xml.ws.BindingProvider;
import javax.xml.ws.Service;
import org.w3c.dom.Element;
-
import org.apache.cxf.Bus;
import org.apache.cxf.binding.soap.SoapFault;
import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.systest.sts.common.SecurityTestUtil;
+import org.apache.cxf.systest.sts.common.TestParam;
+import org.apache.cxf.systest.sts.common.TokenTestUtils;
import org.apache.cxf.systest.sts.deployment.STSServer;
+import org.apache.cxf.systest.sts.deployment.StaxSTSServer;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.trust.STSClient;
-
import org.example.contract.doubleit.DoubleItPortType;
import org.junit.BeforeClass;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized.Parameters;
/**
* This is a test for invoking on an STS using SOAP 1.2 via the TransportBinding. The CXF client gets a
* token from the STS over TLS, and then sends it to the CXF endpoint over TLS.
*/
+@RunWith(value = org.junit.runners.Parameterized.class)
public class Soap12Test extends AbstractBusClientServerTestBase {
static final String STSPORT = allocatePort(STSServer.class);
+ static final String STAX_STSPORT = allocatePort(StaxSTSServer.class);
private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
@@ -59,7 +67,14 @@ public class Soap12Test extends Abstract
"http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer";
private static final String PORT = allocatePort(Server.class);
+ private static final String STAX_PORT = allocatePort(StaxServer.class);
+ final TestParam test;
+
+ public Soap12Test(TestParam type) {
+ this.test = type;
+ }
+
@BeforeClass
public static void startServers() throws Exception {
assertTrue(
@@ -69,11 +84,38 @@ public class Soap12Test extends Abstract
launchServer(Server.class, true)
);
assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(StaxServer.class, true)
+ );
+ assertTrue(
"Server failed to launch",
// run the server in the same process
// set this to false to fork
launchServer(STSServer.class, true)
);
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(StaxSTSServer.class, true)
+ );
+ }
+
+ @Parameters(name = "{0}")
+ public static Collection<TestParam[]> data() {
+
+ return Arrays.asList(new TestParam[][] {{new TestParam(PORT, false, STSPORT)},
+ {new TestParam(PORT, true, STSPORT)},
+ {new TestParam(STAX_PORT, false, STSPORT)},
+ {new TestParam(STAX_PORT, true, STSPORT)},
+
+ {new TestParam(PORT, false, STAX_STSPORT)},
+ {new TestParam(PORT, true, STAX_STSPORT)},
+ {new TestParam(STAX_PORT, false, STAX_STSPORT)},
+ {new TestParam(STAX_PORT, true, STAX_STSPORT)},
+ });
}
@org.junit.AfterClass
@@ -97,7 +139,13 @@ public class Soap12Test extends Abstract
QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2Port");
DoubleItPortType transportSaml2Port =
service.getPort(portQName, DoubleItPortType.class);
- updateAddressPort(transportSaml2Port, PORT);
+ updateAddressPort(transportSaml2Port, test.getPort());
+
+ TokenTestUtils.updateSTSPort((BindingProvider)transportSaml2Port, test.getStsPort());
+
+ if (test.isStreaming()) {
+ SecurityTestUtil.enableStreaming(transportSaml2Port);
+ }
doubleIt(transportSaml2Port, 30);
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/StaxServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/StaxServer.java?rev=1548129&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/StaxServer.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/StaxServer.java Thu Dec 5 13:22:11 2013
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.soap12;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class StaxServer extends AbstractBusTestServerBase {
+
+ public StaxServer() {
+
+ }
+
+ protected void run() {
+ URL busFile = StaxServer.class.getResource("stax-cxf-service.xml");
+ Bus busLocal = new SpringBusFactory().createBus(busFile);
+ BusFactory.setDefaultBus(busLocal);
+ setBus(busLocal);
+
+ try {
+ new StaxServer();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
Added: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/stax-cxf-service.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/stax-cxf-service.xml?rev=1548129&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/stax-cxf-service.xml (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/stax-cxf-service.xml Thu Dec 5 13:22:11 2013
@@ -0,0 +1,100 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:cxf="http://cxf.apache.org/core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xsi:schemaLocation=" http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml1claims" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML1ClaimsPort" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.StaxServer}/doubleit/services/doubleittransportsaml1claims" wsdlLocation="org/apache/cxf/systest/sts/claims/DoubleIt.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
+ <entry key="ws-security.saml1.validator">
+ <bean class="org.apache.cxf.systest.sts.claims.StaxClaimsValidator"/>
+ </entry>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml1customclaims" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML1CustomClaimsPort" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.StaxServer}/doubleit/services/doubleittransportsaml1customclaims" wsdlLocation="org/apache/cxf/systest/sts/claims/DoubleIt.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
+ <entry key="ws-security.saml1.validator">
+ <bean class="org.apache.cxf.systest.sts.claims.StaxClaimsValidator"/>
+ </entry>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml2claims" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML2ClaimsPort" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.StaxServer}/doubleit/services/doubleittransportsaml2claims" wsdlLocation="org/apache/cxf/systest/sts/claims/DoubleIt.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
+ <entry key="ws-security.saml2.validator">
+ <bean class="org.apache.cxf.systest.sts.claims.StaxClaimsValidator"/>
+ </entry>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml1failingclaims" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML1FailingClaimsPort" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.StaxServer}/doubleit/services/doubleittransportsaml1failingclaims" wsdlLocation="org/apache/cxf/systest/sts/claims/DoubleIt.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
+ <entry key="ws-security.saml1.validator">
+ <bean class="org.apache.cxf.systest.sts.claims.StaxClaimsValidator"/>
+ </entry>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml2childclaims" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML2ChildClaimsPort" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.StaxServer}/doubleit/services/doubleittransportsaml2childclaims" wsdlLocation="org/apache/cxf/systest/sts/claims/DoubleIt.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
+ <entry key="ws-security.saml2.validator">
+ <bean class="org.apache.cxf.systest.sts.claims.StaxClaimsValidator"/>
+ </entry>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+ <httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf">
+ <httpj:engine port="${testutil.ports.StaxServer}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="skpass">
+ <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="jks" password="stsspass" resource="stsstore.jks"/>
+ </sec:trustManagers>
+ <sec:cipherSuitesFilter>
+ <sec:include>.*_EXPORT_.*</sec:include>
+ <sec:include>.*_EXPORT1024_.*</sec:include>
+ <sec:include>.*_WITH_DES_.*</sec:include>
+ <sec:include>.*_WITH_AES_.*</sec:include>
+ <sec:include>.*_WITH_NULL_.*</sec:include>
+ <sec:exclude>.*_DH_anon_.*</sec:exclude>
+ </sec:cipherSuitesFilter>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpj:tlsServerParameters>
+ </httpj:engine>
+ </httpj:engine-factory>
+ <http:conduit name="https://localhost.*">
+ <http:tlsClientParameters disableCNCheck="true">
+ <sec:trustManagers>
+ <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
+ </sec:trustManagers>
+ </http:tlsClientParameters>
+ </http:conduit>
+</beans>
Added: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/stax-cxf-sts.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/stax-cxf-sts.xml?rev=1548129&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/stax-cxf-sts.xml (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/stax-cxf-sts.xml Thu Dec 5 13:22:11 2013
@@ -0,0 +1,135 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:cxf="http://cxf.apache.org/core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation=" http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/transports/http-jetty/configuration http://c
xf.apache.org/schemas/configuration/http-jetty.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+ <bean id="transportSTSProviderBean" class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
+ <property name="issueOperation" ref="transportIssueDelegate"/>
+ <property name="validateOperation" ref="transportValidateDelegate"/>
+ <property name="renewOperation" ref="transportRenewDelegate"/>
+ </bean>
+ <bean id="transportIssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation">
+ <property name="tokenProviders" ref="transportTokenProviders"/>
+ <property name="services" ref="transportService"/>
+ <property name="stsProperties" ref="transportSTSProperties"/>
+ <property name="claimsManager" ref="claimsManager"/>
+ <property name="tokenStore" ref="defaultTokenStore"/>
+ </bean>
+ <bean id="transportValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation">
+ <property name="tokenProviders" ref="transportTokenProviders"/>
+ <property name="tokenValidators" ref="transportTokenValidators"/>
+ <property name="stsProperties" ref="transportSTSProperties"/>
+ <property name="tokenStore" ref="defaultTokenStore"/>
+ </bean>
+ <bean id="transportRenewDelegate" class="org.apache.cxf.sts.operation.TokenRenewOperation">
+ <property name="tokenRenewers" ref="transportTokenRenewers"/>
+ <property name="tokenValidators" ref="transportTokenValidators"/>
+ <property name="stsProperties" ref="transportSTSProperties"/>
+ <property name="tokenStore" ref="defaultTokenStore"/>
+ </bean>
+ <bean id="defaultTokenStore" class="org.apache.cxf.sts.cache.DefaultInMemoryTokenStore">
+ </bean>
+ <util:list id="transportTokenProviders">
+ <ref bean="transportSamlTokenProvider"/>
+ </util:list>
+ <util:list id="transportTokenValidators">
+ <ref bean="transportSamlTokenValidator"/>
+ </util:list>
+ <util:list id="transportTokenRenewers">
+ <ref bean="transportSamlTokenRenewer"/>
+ </util:list>
+ <bean id="transportSamlTokenProvider" class="org.apache.cxf.sts.token.provider.SAMLTokenProvider">
+ <property name="attributeStatementProviders" ref="attributeStatementProvidersList"/>
+ <property name="conditionsProvider" ref="SAMLConditionsProvider"/>
+ </bean>
+ <util:list id="attributeStatementProvidersList">
+ <ref bean="defaultAttributeProvider"/>
+ <ref bean="customAttributeProvider"/>
+ </util:list>
+ <bean id="defaultAttributeProvider" class="org.apache.cxf.sts.token.provider.DefaultAttributeStatementProvider">
+ </bean>
+ <bean id="customAttributeProvider" class="org.apache.cxf.systest.sts.deployment.CustomAttributeStatementProvider">
+ </bean>
+ <bean id="claimsManager" class="org.apache.cxf.sts.claims.ClaimsManager">
+ <property name="claimHandlers" ref="claimHandlerList"/>
+ </bean>
+ <util:list id="claimHandlerList">
+ <ref bean="customClaimsHandler"/>
+ </util:list>
+ <bean id="customClaimsHandler" class="org.apache.cxf.systest.sts.deployment.CustomClaimsHandler">
+ </bean>
+ <bean id="transportX509TokenValidator" class="org.apache.cxf.sts.token.validator.X509TokenValidator">
+ </bean>
+ <bean id="transportSamlTokenValidator" class="org.apache.cxf.sts.token.validator.SAMLTokenValidator">
+ </bean>
+ <bean id="transportSamlTokenRenewer" class="org.apache.cxf.sts.token.renewer.SAMLTokenRenewer">
+ <property name="verifyProofOfPossession" value="false"/>
+ <property name="allowRenewalAfterExpiry" value="true"/>
+ <property name="conditionsProvider" ref="SAMLConditionsProvider"/>
+ </bean>
+ <bean id="SAMLConditionsProvider" class="org.apache.cxf.sts.token.provider.DefaultConditionsProvider">
+ <property name="acceptClientLifetime" value="true"/>
+ </bean>
+ <bean id="transportService" class="org.apache.cxf.sts.service.StaticService">
+ <property name="endpoints" ref="transportEndpoints"/>
+ </bean>
+ <util:list id="transportEndpoints">
+ <value>https://localhost:(\d)*/doubleit/services/doubleittransport.*
+ </value>
+ </util:list>
+ <bean id="transportSTSProperties" class="org.apache.cxf.sts.StaticSTSProperties">
+ <property name="signaturePropertiesFile" value="stsKeystore.properties"/>
+ <property name="signatureUsername" value="mystskey"/>
+ <property name="callbackHandlerClass" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <property name="encryptionPropertiesFile" value="stsKeystore.properties"/>
+ <property name="issuer" value="DoubleItSTSIssuer"/>
+ <property name="encryptionUsername" value="myservicekey"/>
+ </bean>
+ <jaxws:endpoint xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" id="localSTS" implementor="#transportSTSProviderBean" address="https://localhost:${testutil.ports.StaxSTSServer}/SecurityTokenService/Transport" wsdlLocation="src/test/resources/org/apache/cxf/systest/sts/deployment/ws-trust-1.4-service.wsdl" depends-on="ClientAuthHttpsSettings" serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Port">
+ <jaxws:properties>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+ <httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf">
+ <httpj:engine port="${testutil.ports.StaxSTSServer}">
+ <httpj:tlsServerParameters>
+ <sec:trustManagers>
+ <sec:keyStore type="jks" password="stsspass" resource="stsstore.jks"/>
+ </sec:trustManagers>
+ <sec:keyManagers keyPassword="stskpass">
+ <sec:keyStore type="jks" password="stsspass" resource="stsstore.jks"/>
+ </sec:keyManagers>
+ <sec:cipherSuitesFilter>
+ <sec:include>.*_EXPORT_.*</sec:include>
+ <sec:include>.*_EXPORT1024_.*</sec:include>
+ <sec:include>.*_WITH_DES_.*</sec:include>
+ <sec:include>.*_WITH_AES_.*</sec:include>
+ <sec:include>.*_WITH_NULL_.*</sec:include>
+ <sec:exclude>.*_DH_anon_.*</sec:exclude>
+ </sec:cipherSuitesFilter>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpj:tlsServerParameters>
+ </httpj:engine>
+ </httpj:engine-factory>
+</beans>
Added: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/stax-cxf-sts.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/stax-cxf-sts.xml?rev=1548129&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/stax-cxf-sts.xml (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/stax-cxf-sts.xml Thu Dec 5 13:22:11 2013
@@ -0,0 +1,169 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:cxf="http://cxf.apache.org/core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation=" http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/transports/http-jetty/configuration http://c
xf.apache.org/schemas/configuration/http-jetty.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+ <bean id="transportSTSProviderBean" class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
+ <property name="issueOperation" ref="transportIssueDelegate"/>
+ <property name="validateOperation" ref="transportValidateDelegate"/>
+ <property name="cancelOperation" ref="transportCancelDelegate"/>
+ </bean>
+ <bean id="transportSTSEncryptedProviderBean" class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
+ <property name="issueOperation" ref="transportEncryptedIssueDelegate"/>
+ <property name="validateOperation" ref="transportValidateDelegate"/>
+ </bean>
+ <bean id="transportIssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation">
+ <property name="tokenProviders" ref="transportTokenProviders"/>
+ <property name="services" ref="transportService"/>
+ <property name="stsProperties" ref="transportSTSProperties"/>
+ <property name="tokenStore" ref="defaultTokenStore"/>
+ </bean>
+ <bean id="transportEncryptedIssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation">
+ <property name="tokenProviders" ref="transportTokenProviders"/>
+ <property name="services" ref="transportService"/>
+ <property name="stsProperties" ref="transportSTSProperties"/>
+ <property name="encryptIssuedToken" value="true"/>
+ <property name="tokenStore" ref="defaultTokenStore"/>
+ </bean>
+ <bean id="transportValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation">
+ <property name="tokenProviders" ref="transportTokenProviders"/>
+ <property name="tokenValidators" ref="transportTokenValidators"/>
+ <property name="stsProperties" ref="transportSTSProperties"/>
+ <property name="tokenStore" ref="defaultTokenStore"/>
+ </bean>
+ <bean id="transportCancelDelegate" class="org.apache.cxf.sts.operation.TokenCancelOperation">
+ <property name="tokenCancellers" ref="transportTokenCancellers"/>
+ <property name="stsProperties" ref="transportSTSProperties"/>
+ <property name="tokenStore" ref="defaultTokenStore"/>
+ </bean>
+ <bean id="defaultTokenStore" class="org.apache.cxf.sts.cache.DefaultInMemoryTokenStore">
+ </bean>
+ <util:list id="transportTokenProviders">
+ <ref bean="transportSCTProvider"/>
+ <ref bean="transportSCTSamlTokenProvider"/>
+ </util:list>
+ <util:list id="transportTokenValidators">
+ <ref bean="transportSCTValidator"/>
+ </util:list>
+ <util:list id="transportTokenCancellers">
+ <ref bean="transportSCTCanceller"/>
+ </util:list>
+ <bean id="transportSCTProvider" class="org.apache.cxf.sts.token.provider.SCTProvider">
+ </bean>
+ <bean id="transportSCTSamlTokenProvider" class="org.apache.cxf.systest.sts.secure_conv.SCTSAMLTokenProvider">
+ </bean>
+ <bean id="transportSCTValidator" class="org.apache.cxf.sts.token.validator.SCTValidator">
+ </bean>
+ <bean id="transportSCTCanceller" class="org.apache.cxf.sts.token.canceller.SCTCanceller">
+ </bean>
+ <bean id="transportService" class="org.apache.cxf.sts.service.StaticService">
+ <property name="endpoints" ref="transportEndpoints"/>
+ </bean>
+ <util:list id="transportEndpoints">
+ <value>https://localhost:(\d)*/doubleit/services/doubleittransport.*
+ </value>
+ <value>http://localhost:(\d)*/doubleit/services/doubleitsymmetric.*
+ </value>
+ </util:list>
+ <bean id="encProperties" class="org.apache.cxf.sts.service.EncryptionProperties">
+ <property name="encryptionAlgorithm" value="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ </bean>
+ <bean id="transportSTSProperties" class="org.apache.cxf.sts.StaticSTSProperties">
+ <property name="signaturePropertiesFile" value="stsKeystore.properties"/>
+ <property name="signatureUsername" value="mystskey"/>
+ <property name="callbackHandlerClass" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <property name="encryptionPropertiesFile" value="stsKeystore.properties"/>
+ <property name="encryptionProperties" ref="encProperties"/>
+ <property name="issuer" value="DoubleItSTSIssuer"/>
+ <property name="encryptionUsername" value="myservicekey"/>
+ </bean>
+ <jaxws:endpoint xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" id="localSCTSTS" implementor="#transportSTSProviderBean" address="https://localhost:${testutil.ports.StaxSTSServer}/SecurityTokenService/TransportSCT" wsdlLocation="src/test/resources/org/apache/cxf/systest/sts/secure_conv/ws-trust-1.4-service.wsdl" depends-on="ClientAuthHttpsSettings" serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Port">
+ <jaxws:inInterceptors>
+ <ref bean="sctInterceptor"/>
+ </jaxws:inInterceptors>
+ <jaxws:outInterceptors>
+ <ref bean="sctOutInterceptor"/>
+ </jaxws:outInterceptors>
+ <jaxws:outFaultInterceptors>
+ <ref bean="sctOutInterceptor"/>
+ </jaxws:outFaultInterceptors>
+ <jaxws:properties>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+ <jaxws:endpoint xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" id="localSCTEncryptedSTS" implementor="#transportSTSEncryptedProviderBean" address="https://localhost:${testutil.ports.StaxSTSServer}/SecurityTokenService/TransportSCTEncrypted" wsdlLocation="src/test/resources/org/apache/cxf/systest/sts/secure_conv/ws-trust-1.4-service.wsdl" depends-on="ClientAuthHttpsSettings" serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Port">
+ <jaxws:inInterceptors>
+ <ref bean="sctInterceptor"/>
+ </jaxws:inInterceptors>
+ <jaxws:outInterceptors>
+ <ref bean="sctOutInterceptor"/>
+ </jaxws:outInterceptors>
+ <jaxws:outFaultInterceptors>
+ <ref bean="sctOutInterceptor"/>
+ </jaxws:outFaultInterceptors>
+ <jaxws:properties>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+ <jaxws:endpoint xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" id="localSCTEndorsingSTS" implementor="#transportSTSProviderBean" address="https://localhost:${testutil.ports.StaxSTSServer}/SecurityTokenService/TransportEndorsing" wsdlLocation="src/test/resources/org/apache/cxf/systest/sts/secure_conv/ws-trust-1.4-service.wsdl" depends-on="ClientAuthHttpsSettings" serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Endorsing_Port">
+ <jaxws:inInterceptors>
+ <ref bean="sctInterceptor"/>
+ </jaxws:inInterceptors>
+ <jaxws:outInterceptors>
+ <ref bean="sctOutInterceptor"/>
+ </jaxws:outInterceptors>
+ <jaxws:outFaultInterceptors>
+ <ref bean="sctOutInterceptor"/>
+ </jaxws:outFaultInterceptors>
+ <jaxws:properties>
+ <entry key="org.apache.cxf.ws.security.tokenstore.TokenStore">
+ <ref bean="defaultTokenStore"/>
+ </entry>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+ <bean id="sctInterceptor" class="org.apache.cxf.sts.interceptor.SCTInInterceptor"/>
+ <bean id="sctOutInterceptor" class="org.apache.cxf.sts.interceptor.SCTOutInterceptor"/>
+ <httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf">
+ <httpj:engine port="${testutil.ports.StaxSTSServer}">
+ <httpj:tlsServerParameters>
+ <sec:trustManagers>
+ <sec:keyStore type="jks" password="stsspass" resource="stsstore.jks"/>
+ </sec:trustManagers>
+ <sec:keyManagers keyPassword="stskpass">
+ <sec:keyStore type="jks" password="stsspass" resource="stsstore.jks"/>
+ </sec:keyManagers>
+ <sec:cipherSuitesFilter>
+ <sec:include>.*_EXPORT_.*</sec:include>
+ <sec:include>.*_EXPORT1024_.*</sec:include>
+ <sec:include>.*_WITH_DES_.*</sec:include>
+ <sec:include>.*_WITH_AES_.*</sec:include>
+ <sec:include>.*_WITH_NULL_.*</sec:include>
+ <sec:exclude>.*_DH_anon_.*</sec:exclude>
+ </sec:cipherSuitesFilter>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpj:tlsServerParameters>
+ </httpj:engine>
+ </httpj:engine-factory>
+</beans>
Added: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/soap12/stax-cxf-service.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/soap12/stax-cxf-service.xml?rev=1548129&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/soap12/stax-cxf-service.xml (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/soap12/stax-cxf-service.xml Thu Dec 5 13:22:11 2013
@@ -0,0 +1,83 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:cxf="http://cxf.apache.org/core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xsi:schemaLocation=" http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml2" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML2Port" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.StaxServer}/doubleit/services/doubleittransportsaml2" wsdlLocation="org/apache/cxf/systest/sts/soap12/DoubleIt.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
+ <entry key="ws-security.saml2.validator">
+ <bean class="org.apache.cxf.ws.security.trust.STSStaxTokenValidator">
+ <constructor-arg value="true"/>
+ </bean>
+ </entry>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ <entry key="ws-security.sts.client">
+ <bean class="org.apache.cxf.ws.security.trust.STSClient">
+ <constructor-arg ref="cxf"/>
+ <property name="wsdlLocation" value="https://localhost:${testutil.ports.StaxSTSServer}/SecurityTokenService/TransportSoap12?wsdl"/>
+ <property name="serviceName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"/>
+ <property name="endpointName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Soap12_Port"/>
+ <property name="properties">
+ <map>
+ <entry key="ws-security.username" value="alice"/>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="ws-security.sts.token.username" value="myclientkey"/>
+ <entry key="ws-security.sts.token.properties" value="clientKeystore.properties"/>
+ <entry key="ws-security.sts.token.usecert" value="true"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </map>
+ </property>
+ </bean>
+ </entry>
+ </jaxws:properties>
+ </jaxws:endpoint>
+ <httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf">
+ <httpj:engine port="${testutil.ports.StaxServer}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="skpass">
+ <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="jks" password="stsspass" resource="stsstore.jks"/>
+ </sec:trustManagers>
+ <sec:cipherSuitesFilter>
+ <sec:include>.*_EXPORT_.*</sec:include>
+ <sec:include>.*_EXPORT1024_.*</sec:include>
+ <sec:include>.*_WITH_DES_.*</sec:include>
+ <sec:include>.*_WITH_AES_.*</sec:include>
+ <sec:include>.*_WITH_NULL_.*</sec:include>
+ <sec:exclude>.*_DH_anon_.*</sec:exclude>
+ </sec:cipherSuitesFilter>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpj:tlsServerParameters>
+ </httpj:engine>
+ </httpj:engine-factory>
+ <http:conduit name="https://localhost:.*">
+ <http:tlsClientParameters disableCNCheck="true">
+ <sec:trustManagers>
+ <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
+ </sec:trustManagers>
+ <sec:keyManagers keyPassword="skpass">
+ <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
+ </sec:keyManagers>
+ </http:tlsClientParameters>
+ </http:conduit>
+</beans>