You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/06/07 14:51:04 UTC
svn commit: r1490619 - in /cxf/trunk:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/ rt/...
Author: coheigea
Date: Fri Jun 7 12:51:03 2013
New Revision: 1490619
URL: http://svn.apache.org/r1490619
Log:
Adding streaming Kerberos support
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/StaxKerberosTokenTest.java
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/client/client.xml
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java?rev=1490619&r1=1490618&r2=1490619&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java Fri Jun 7 12:51:03 2013
@@ -138,8 +138,10 @@ public class KerberosClient implements C
SecurityToken token = new SecurityToken(bst.getID());
token.setToken(bst.getElement());
token.setWsuId(bst.getID());
+ token.setData(bst.getToken());
SecretKey secretKey = bst.getSecretKey();
if (secretKey != null) {
+ token.setKey(secretKey);
token.setSecret(secretKey.getEncoded());
}
String sha1 = Base64.encode(WSSecurityUtil.generateDigest(bst.getToken()));
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java?rev=1490619&r1=1490618&r2=1490619&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java Fri Jun 7 12:51:03 2013
@@ -78,8 +78,8 @@ public class KerberosTokenInterceptorPro
public KerberosTokenInterceptorProvider() {
super(Arrays.asList(SP11Constants.KERBEROS_TOKEN, SP12Constants.KERBEROS_TOKEN));
- this.getOutInterceptors().add(new KerberosTokenDOMOutInterceptor());
- this.getOutFaultInterceptors().add(new KerberosTokenDOMOutInterceptor());
+ this.getOutInterceptors().add(new KerberosTokenOutInterceptor());
+ this.getOutFaultInterceptors().add(new KerberosTokenOutInterceptor());
this.getInInterceptors().add(new KerberosTokenDOMInInterceptor());
this.getInFaultInterceptors().add(new KerberosTokenDOMInInterceptor());
@@ -112,16 +112,14 @@ public class KerberosTokenInterceptorPro
}
}
- static class KerberosTokenDOMOutInterceptor extends AbstractPhaseInterceptor<Message> {
- public KerberosTokenDOMOutInterceptor() {
+ static class KerberosTokenOutInterceptor extends AbstractPhaseInterceptor<Message> {
+ public KerberosTokenOutInterceptor() {
super(Phase.PREPARE_SEND);
}
public void handleMessage(Message message) throws Fault {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
// extract Assertion information
- boolean enableStax =
- MessageUtils.isTrue(message.getContextualProperty(SecurityConstants.ENABLE_STREAMING_SECURITY));
- if (aim != null && !enableStax) {
+ if (aim != null) {
Collection<AssertionInfo> ais =
NegotiationUtils.getAllAssertionsByLocalname(aim, SPConstants.KERBEROS_TOKEN);
if (ais.isEmpty()) {
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java?rev=1490619&r1=1490618&r2=1490619&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java Fri Jun 7 12:51:03 2013
@@ -20,6 +20,7 @@
package org.apache.cxf.ws.security.tokenstore;
import java.io.Serializable;
+import java.security.Key;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.text.DateFormat;
@@ -92,6 +93,16 @@ public class SecurityToken implements Se
private byte[] secret;
/**
+ * Some binary data associated with the token
+ */
+ private byte[] data;
+
+ /**
+ * A key associated with the token
+ */
+ private transient Key key;
+
+ /**
* Created time
*/
private Date created;
@@ -509,5 +520,21 @@ public class SecurityToken implements Se
public SecurityContext getSecurityContext() {
return securityContext;
}
+
+ public Key getKey() {
+ return key;
+ }
+
+ public void setKey(Key key) {
+ this.key = key;
+ }
+
+ public byte[] getData() {
+ return data;
+ }
+
+ public void setData(byte[] data) {
+ this.data = data;
+ }
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java?rev=1490619&r1=1490618&r2=1490619&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java Fri Jun 7 12:51:03 2013
@@ -26,6 +26,7 @@ import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
+import java.util.Map;
import java.util.Properties;
import java.util.logging.Logger;
@@ -52,6 +53,8 @@ import org.apache.wss4j.dom.handler.WSHa
import org.apache.wss4j.policy.SP11Constants;
import org.apache.wss4j.policy.SP12Constants;
import org.apache.wss4j.policy.SPConstants;
+import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
+import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
/**
*
@@ -328,23 +331,25 @@ public class PolicyBasedWSS4JStaxOutInte
}
@Override
- protected void configureProperties(SoapMessage msg) throws WSSecurityException {
+ protected void configureProperties(
+ SoapMessage msg, Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens
+ ) throws WSSecurityException {
AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
checkAsymmetricBinding(aim, msg);
checkSymmetricBinding(aim, msg);
checkTransportBinding(aim, msg);
- super.configureProperties(msg);
+ super.configureProperties(msg, outboundTokens);
Collection<AssertionInfo> ais =
getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
if (!ais.isEmpty()) {
- new StaxTransportBindingHandler(getProperties(), msg).handleBinding();
+ new StaxTransportBindingHandler(getProperties(), msg, outboundTokens).handleBinding();
}
ais = getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
if (!ais.isEmpty()) {
- new StaxAsymmetricBindingHandler(getProperties(), msg).handleBinding();
+ new StaxAsymmetricBindingHandler(getProperties(), msg, outboundTokens).handleBinding();
}
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java?rev=1490619&r1=1490618&r2=1490619&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java Fri Jun 7 12:51:03 2013
@@ -19,6 +19,7 @@
package org.apache.cxf.ws.security.wss4j;
import java.io.OutputStream;
+import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
@@ -45,8 +46,11 @@ import org.apache.wss4j.stax.Configurati
import org.apache.wss4j.stax.WSSec;
import org.apache.wss4j.stax.ext.OutboundWSSec;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
+import org.apache.xml.security.stax.impl.OutboundSecurityContextImpl;
import org.apache.xml.security.stax.securityEvent.SecurityEvent;
import org.apache.xml.security.stax.securityEvent.SecurityEventListener;
+import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
+import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
public class WSS4JStaxOutInterceptor extends AbstractWSS4JStaxInterceptor {
@@ -116,7 +120,9 @@ public class WSS4JStaxOutInterceptor ext
(List<SecurityEvent>) mc.getExchange().get(SecurityEvent.class.getName() + ".in");
translateProperties(mc);
- configureProperties(mc);
+ Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens =
+ new HashMap<String, SecurityTokenProvider<OutboundSecurityToken>>();
+ configureProperties(mc, outboundTokens);
configureCallbackHandler(mc);
OutboundWSSec outboundWSSec = null;
@@ -132,8 +138,18 @@ public class WSS4JStaxOutInterceptor ext
outboundWSSec = WSSec.getOutboundWSSec(secProps);
- newXMLStreamWriter =
- outboundWSSec.processOutMessage(os, encoding, requestSecurityEvents, securityEventListener);
+ final OutboundSecurityContextImpl outboundSecurityContext = new OutboundSecurityContextImpl();
+ outboundSecurityContext.putList(SecurityEvent.class, requestSecurityEvents);
+ outboundSecurityContext.addSecurityEventListener(securityEventListener);
+
+ // Save Tokens on the security context
+ for (String key : outboundTokens.keySet()) {
+ SecurityTokenProvider<OutboundSecurityToken> provider = outboundTokens.get(key);
+ outboundSecurityContext.registerSecurityTokenProvider(provider.getId(), provider);
+ outboundSecurityContext.put(key, provider.getId());
+ }
+
+ newXMLStreamWriter = outboundWSSec.processOutMessage(os, encoding, outboundSecurityContext);
mc.setContent(XMLStreamWriter.class, newXMLStreamWriter);
} catch (WSSecurityException e) {
throw new Fault(e);
@@ -175,7 +191,9 @@ public class WSS4JStaxOutInterceptor ext
return securityEventListener;
}
- protected void configureProperties(SoapMessage msg) throws WSSecurityException {
+ protected void configureProperties(
+ SoapMessage msg, Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens
+ ) throws WSSecurityException {
Map<String, Object> config = getProperties();
// Crypto loading only applies for Map
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java?rev=1490619&r1=1490618&r2=1490619&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java Fri Jun 7 12:51:03 2013
@@ -45,6 +45,7 @@ import org.apache.cxf.ws.policy.Assertio
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.policy.PolicyException;
import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory;
import org.apache.neethi.Assertion;
@@ -61,6 +62,7 @@ import org.apache.wss4j.policy.model.Abs
import org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType;
import org.apache.wss4j.policy.model.EncryptedParts;
import org.apache.wss4j.policy.model.Header;
+import org.apache.wss4j.policy.model.KerberosToken;
import org.apache.wss4j.policy.model.KeyValueToken;
import org.apache.wss4j.policy.model.Layout;
import org.apache.wss4j.policy.model.Layout.LayoutType;
@@ -76,8 +78,11 @@ import org.apache.wss4j.policy.model.Wss
import org.apache.wss4j.policy.model.X509Token;
import org.apache.wss4j.policy.model.X509Token.TokenType;
import org.apache.wss4j.stax.ext.WSSConstants;
+import org.apache.wss4j.stax.impl.securityToken.KerberosClientSecurityToken;
import org.apache.xml.security.stax.ext.SecurePart;
import org.apache.xml.security.stax.ext.SecurePart.Modifier;
+import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
+import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
/**
*
@@ -91,13 +96,19 @@ public abstract class AbstractStaxBindin
protected Map<AbstractToken, SecurePart> endSuppTokMap;
protected Map<AbstractToken, SecurePart> sgndEndEncSuppTokMap;
protected Map<AbstractToken, SecurePart> sgndEndSuppTokMap;
+ protected Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens;
private final Map<String, Object> properties;
private final SoapMessage message;
- public AbstractStaxBindingHandler(Map<String, Object> properties, SoapMessage msg) {
+ public AbstractStaxBindingHandler(
+ Map<String, Object> properties,
+ SoapMessage msg,
+ Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens
+ ) {
this.properties = properties;
this.message = msg;
+ this.outboundTokens = outboundTokens;
}
protected SecurePart addUsernameToken(UsernameToken usernameToken) {
@@ -139,6 +150,65 @@ public abstract class AbstractStaxBindin
return new SecurePart(WSSConstants.TAG_wsse_UsernameToken, Modifier.Element);
}
+ protected SecurePart addKerberosToken(
+ KerberosToken token, boolean signed, boolean endorsing
+ ) throws WSSecurityException {
+ IncludeTokenType includeToken = token.getIncludeTokenType();
+ if (!isTokenRequired(includeToken)) {
+ return null;
+ }
+
+ SecurityToken secToken = getSecurityToken();
+ if (secToken == null) {
+ policyNotAsserted(token, "Could not find KerberosToken");
+ }
+
+ // Convert to WSS4J token
+ final KerberosClientSecurityToken wss4jToken =
+ new KerberosClientSecurityToken(secToken.getData(), secToken.getKey(), secToken.getId());
+
+ final SecurityTokenProvider<OutboundSecurityToken> kerberosSecurityTokenProvider =
+ new SecurityTokenProvider<OutboundSecurityToken>() {
+
+ @Override
+ public OutboundSecurityToken getSecurityToken() throws WSSecurityException {
+ return wss4jToken;
+ }
+
+ @Override
+ public String getId() {
+ return wss4jToken.getId();
+ }
+ };
+ outboundTokens.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_BST,
+ kerberosSecurityTokenProvider);
+
+ // Action
+ Map<String, Object> config = getProperties();
+ String actionToPerform = ConfigurationConstants.KERBEROS_TOKEN;
+ if (endorsing) {
+ actionToPerform = ConfigurationConstants.SIGNATURE_WITH_KERBEROS_TOKEN;
+ }
+
+ if (config.containsKey(ConfigurationConstants.ACTION)) {
+ String action = (String)config.get(ConfigurationConstants.ACTION);
+ config.put(ConfigurationConstants.ACTION, action + " " + actionToPerform);
+ } else {
+ config.put(ConfigurationConstants.ACTION, actionToPerform);
+ }
+
+ /*
+ if (endorsing) {
+ String action = (String)config.get(ConfigurationConstants.ACTION);
+ config.put(ConfigurationConstants.ACTION,
+ ConfigurationConstants.SIGNATURE_WITH_KERBEROS_TOKEN + " " + action);
+ // config.put(ConfigurationConstants.SIG_KEY_ID, "DirectReference");
+ }
+ */
+
+ return new SecurePart(WSSConstants.TAG_wsse_BinarySecurityToken, Modifier.Element);
+ }
+
protected SecurePart addSamlToken(
SamlToken token,
boolean signed,
@@ -602,6 +672,14 @@ public abstract class AbstractStaxBindin
}
} */
+ } else if (isRequestor() && token instanceof KerberosToken) {
+ SecurePart securePart = addKerberosToken((KerberosToken)token, signed, endorse);
+ if (securePart != null) {
+ ret.put(token, securePart);
+ if (suppTokens.isEncryptedToken()) {
+ encryptedTokensList.add(securePart);
+ }
+ }
} else if (token instanceof X509Token || token instanceof KeyValueToken) {
configureSignature(suppTokens, token, false);
if (suppTokens.isEncryptedToken()) {
@@ -645,6 +723,22 @@ public abstract class AbstractStaxBindin
}
}
+ protected SecurityToken getSecurityToken() {
+ SecurityToken st = (SecurityToken)message.getContextualProperty(SecurityConstants.TOKEN);
+ if (st == null) {
+ String id = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
+ if (id != null) {
+ st = getTokenStore().getToken(id);
+ }
+ }
+ if (st != null) {
+ getTokenStore().add(st);
+ return st;
+ }
+ return null;
+ }
+
+
protected Collection<Assertion> findAndAssertPolicy(QName n) {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
Collection<AssertionInfo> ais = aim.getAssertionInfo(n);
@@ -854,5 +948,4 @@ public abstract class AbstractStaxBindin
return encryptedParts;
}
-
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java?rev=1490619&r1=1490618&r2=1490619&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java Fri Jun 7 12:51:03 2013
@@ -46,6 +46,8 @@ import org.apache.wss4j.policy.model.X50
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.xml.security.stax.ext.SecurePart;
import org.apache.xml.security.stax.ext.SecurePart.Modifier;
+import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
+import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
/**
*
@@ -57,8 +59,12 @@ public class StaxAsymmetricBindingHandle
private AsymmetricBinding abinding;
private SoapMessage message;
- public StaxAsymmetricBindingHandler(Map<String, Object> properties, SoapMessage msg) {
- super(properties, msg);
+ public StaxAsymmetricBindingHandler(
+ Map<String, Object> properties,
+ SoapMessage msg,
+ Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens
+ ) {
+ super(properties, msg, outboundTokens);
this.message = msg;
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java?rev=1490619&r1=1490618&r2=1490619&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java Fri Jun 7 12:51:03 2013
@@ -38,6 +38,7 @@ import org.apache.wss4j.policy.model.Abs
import org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType;
import org.apache.wss4j.policy.model.Header;
import org.apache.wss4j.policy.model.IssuedToken;
+import org.apache.wss4j.policy.model.KerberosToken;
import org.apache.wss4j.policy.model.KeyValueToken;
import org.apache.wss4j.policy.model.SamlToken;
import org.apache.wss4j.policy.model.SignedElements;
@@ -48,6 +49,8 @@ import org.apache.wss4j.policy.model.Tra
import org.apache.wss4j.policy.model.UsernameToken;
import org.apache.wss4j.policy.model.X509Token;
import org.apache.wss4j.stax.ext.WSSConstants;
+import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
+import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
/**
*
@@ -57,8 +60,12 @@ public class StaxTransportBindingHandler
private static final Logger LOG = LogUtils.getL7dLogger(StaxTransportBindingHandler.class);
private TransportBinding tbinding;
- public StaxTransportBindingHandler(Map<String, Object> properties, SoapMessage msg) {
- super(properties, msg);
+ public StaxTransportBindingHandler(
+ Map<String, Object> properties,
+ SoapMessage msg,
+ Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens
+ ) {
+ super(properties, msg, outboundTokens);
}
public void handleBinding() {
@@ -143,7 +150,7 @@ public class StaxTransportBindingHandler
if (token instanceof UsernameToken) {
addUsernameToken((UsernameToken)token);
/*TODO
- else if (token instanceof IssuedToken || token instanceof KerberosToken) {
+ else if (token instanceof IssuedToken) {
SecurityToken secTok = getSecurityToken();
if (includeToken(token.getIncludeTokenType())) {
@@ -151,6 +158,8 @@ public class StaxTransportBindingHandler
addEncryptedKeyElement(cloneElement(secTok.getToken()));
}
} */
+ } else if (token instanceof KerberosToken) {
+ addKerberosToken((KerberosToken)token, false, false);
} else if (token instanceof SamlToken) {
addSamlToken((SamlToken)token, false, false);
} else {
@@ -230,7 +239,6 @@ public class StaxTransportBindingHandler
/* TODO if (token instanceof IssuedToken
|| token instanceof SecureConversationToken
|| token instanceof SecurityContextToken
- || token instanceof KerberosToken
|| token instanceof SpnegoContextToken) {
addSig(doIssuedTokenSignature(token, wrapper));
} else */
@@ -248,6 +256,15 @@ public class StaxTransportBindingHandler
config.put(ConfigurationConstants.SIG_DIGEST_ALGO, algType.getDigest());
} else if (token instanceof UsernameToken) {
throw new Exception("Endorsing UsernameTokens are not supported in the streaming code");
+ } else if (token instanceof KerberosToken) {
+ addKerberosToken((KerberosToken)token, false, true);
+ signPartsAndElements(wrapper.getSignedParts(), wrapper.getSignedElements());
+
+ Map<String, Object> config = getProperties();
+ config.put(ConfigurationConstants.SIG_ALGO,
+ tbinding.getAlgorithmSuite().getSymmetricSignature());
+ AlgorithmSuiteType algType = tbinding.getAlgorithmSuite().getAlgorithmSuiteType();
+ config.put(ConfigurationConstants.SIG_DIGEST_ALGO, algType.getDigest());
}
}
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java?rev=1490619&r1=1490618&r2=1490619&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java Fri Jun 7 12:51:03 2013
@@ -89,8 +89,13 @@ public class KerberosTokenTest extends A
service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(kerberosPort, PORT2);
- int result = kerberosPort.doubleIt(25);
- assertTrue(result == 50);
+
+ // DOM
+ kerberosPort.doubleIt(25);
+
+ // Streaming
+ SecurityTestUtil.enableStreaming(kerberosPort);
+ kerberosPort.doubleIt(25);
((java.io.Closeable)kerberosPort).close();
bus.shutdown(true);
@@ -205,8 +210,12 @@ public class KerberosTokenTest extends A
updateAddressPort(kerberosPort, PORT);
- int result = kerberosPort.doubleIt(25);
- assertTrue(result == 50);
+ // DOM
+ kerberosPort.doubleIt(25);
+
+ // Streaming
+ SecurityTestUtil.enableStreaming(kerberosPort);
+ kerberosPort.doubleIt(25);
((java.io.Closeable)kerberosPort).close();
bus.shutdown(true);
@@ -229,8 +238,13 @@ public class KerberosTokenTest extends A
service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(kerberosPort, PORT2);
- int result = kerberosPort.doubleIt(25);
- assertTrue(result == 50);
+
+ // DOM
+ kerberosPort.doubleIt(25);
+
+ // Streaming
+ SecurityTestUtil.enableStreaming(kerberosPort);
+ kerberosPort.doubleIt(25);
((java.io.Closeable)kerberosPort).close();
bus.shutdown(true);
@@ -360,8 +374,12 @@ public class KerberosTokenTest extends A
updateAddressPort(kerberosPort, PORT);
- int result = kerberosPort.doubleIt(25);
- assertTrue(result == 50);
+ // DOM
+ kerberosPort.doubleIt(25);
+
+ // Streaming
+ SecurityTestUtil.enableStreaming(kerberosPort);
+ kerberosPort.doubleIt(25);
((java.io.Closeable)kerberosPort).close();
bus.shutdown(true);
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/StaxKerberosTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/StaxKerberosTokenTest.java?rev=1490619&r1=1490618&r2=1490619&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/StaxKerberosTokenTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/StaxKerberosTokenTest.java Fri Jun 7 12:51:03 2013
@@ -39,7 +39,7 @@ import org.junit.BeforeClass;
* "/etc/bob.keytab" (this can all be edited in src/test/resource/kerberos.jaas". Then disable the
* @Ignore annotations and run the tests with:
*
- * mvn test -Pnochecks -Dtest=KerberosTokenTest
+ * mvn test -Pnochecks -Dtest=StaxKerberosTokenTest
* -Djava.security.auth.login.config=src/test/resources/kerberos.jaas
*
* See here for more information:
@@ -96,9 +96,9 @@ public class StaxKerberosTokenTest exten
// DOM
kerberosPort.doubleIt(25);
- // TODO Streaming
- // SecurityTestUtil.enableStreaming(kerberosPort);
- // kerberosPort.doubleIt(25);
+ // Streaming
+ SecurityTestUtil.enableStreaming(kerberosPort);
+ kerberosPort.doubleIt(25);
((java.io.Closeable)kerberosPort).close();
bus.shutdown(true);
@@ -190,16 +190,15 @@ public class StaxKerberosTokenTest exten
// DOM
kerberosPort.doubleIt(25);
- // TODO Streaming
- // SecurityTestUtil.enableStreaming(kerberosPort);
- // kerberosPort.doubleIt(25);
+ // Streaming
+ SecurityTestUtil.enableStreaming(kerberosPort);
+ kerberosPort.doubleIt(25);
((java.io.Closeable)kerberosPort).close();
bus.shutdown(true);
}
@org.junit.Test
- @org.junit.Ignore
public void testKerberosOverTransportEndorsing() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
@@ -220,9 +219,9 @@ public class StaxKerberosTokenTest exten
// DOM
kerberosPort.doubleIt(25);
- // TODO Streaming
- // SecurityTestUtil.enableStreaming(kerberosPort);
- // kerberosPort.doubleIt(25);
+ // Streaming
+ SecurityTestUtil.enableStreaming(kerberosPort);
+ kerberosPort.doubleIt(25);
((java.io.Closeable)kerberosPort).close();
bus.shutdown(true);
@@ -370,9 +369,9 @@ public class StaxKerberosTokenTest exten
// DOM
kerberosPort.doubleIt(25);
- // TODO Streaming
- // SecurityTestUtil.enableStreaming(kerberosPort);
- // kerberosPort.doubleIt(25);
+ // Streaming
+ SecurityTestUtil.enableStreaming(kerberosPort);
+ kerberosPort.doubleIt(25);
((java.io.Closeable)kerberosPort).close();
bus.shutdown(true);
Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/client/client.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/client/client.xml?rev=1490619&r1=1490618&r2=1490619&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/client/client.xml (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/client/client.xml Fri Jun 7 12:51:03 2013
@@ -144,6 +144,11 @@
<property name="serviceName" value="bob@service.ws.apache.org"/>
</bean>
</entry>
+ <entry key="ws-security.signature.properties"
+ value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/>
+ <entry key="ws-security.signature.username" value="alice"/>
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
</jaxws:properties>
</jaxws:client>