You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2012/04/30 18:43:09 UTC
svn commit: r1332286 - in /cxf/trunk:
rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/
systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/
Author: sergeyb
Date: Mon Apr 30 16:43:08 2012
New Revision: 1332286
URL: http://svn.apache.org/viewvc?rev=1332286&view=rev
Log:
[CXF-4145] Adding the ability to restrict the encryption/signature algorithms for JAX-RS endpoints
Added:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java (with props)
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/SignatureProperties.java (with props)
Modified:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/server.xml
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java?rev=1332286&r1=1332285&r2=1332286&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java Mon Apr 30 16:43:08 2012
@@ -53,6 +53,8 @@ import org.apache.xml.security.utils.Con
public abstract class AbstractXmlEncInHandler extends AbstractXmlSecInHandler {
+ private EncryptionProperties encProps;
+
public void decryptContent(Message message) {
Message outMs = message.getExchange().getOutMessage();
Message inMsg = outMs == null ? message : outMs.getExchange().getInMessage();
@@ -65,10 +67,17 @@ public abstract class AbstractXmlEncInHa
byte[] symmetricKeyBytes = getSymmetricKeyBytes(message, root);
- String algorithm = getEncodingMethodAlgorithm(root);
+ String symKeyAlgo = getEncodingMethodAlgorithm(root);
+
+ if (encProps != null && encProps.getEncryptionSymmetricKeyAlgo() != null
+ && !encProps.getEncryptionSymmetricKeyAlgo().equals(symKeyAlgo)) {
+ throwFault("Encryption Symmetric Key Algorithm is not supported", null);
+ }
+
+
byte[] decryptedPayload = null;
try {
- decryptedPayload = decryptPayload(root, symmetricKeyBytes, algorithm);
+ decryptedPayload = decryptPayload(root, symmetricKeyBytes, symKeyAlgo);
} catch (Exception ex) {
throwFault("Payload can not be decrypted", ex);
}
@@ -120,8 +129,21 @@ public abstract class AbstractXmlEncInHa
}
// now start decrypting
- String algorithm = getEncodingMethodAlgorithm(encKeyElement);
- String digestAlgorithm = getDigestMethodAlgorithm(encKeyElement);
+ String keyEncAlgo = getEncodingMethodAlgorithm(encKeyElement);
+ String digestAlgo = getDigestMethodAlgorithm(encKeyElement);
+
+ if (encProps != null) {
+ if (encProps.getEncryptionKeyTransportAlgo() != null
+ && !encProps.getEncryptionKeyTransportAlgo().equals(keyEncAlgo)) {
+ throwFault("Symmetric Key Algorithm is not supported", null);
+ }
+ if (encProps.getEncryptionDigestAlgo() != null
+ && (digestAlgo == null || !encProps.getEncryptionDigestAlgo().equals(digestAlgo))) {
+ throwFault("Digest Algorithm is not supported", null);
+ }
+ }
+
+
Element cipherValue = getNode(encKeyElement, WSConstants.ENC_NS,
"CipherValue", 0);
if (cipherValue == null) {
@@ -131,8 +153,8 @@ public abstract class AbstractXmlEncInHa
return decryptSymmetricKey(cipherValue.getTextContent().trim(),
cert,
crypto,
- algorithm,
- digestAlgorithm,
+ keyEncAlgo,
+ digestAlgo,
message);
} catch (Exception ex) {
throwFault(ex.getMessage(), ex);
@@ -241,6 +263,9 @@ public abstract class AbstractXmlEncInHa
}
}
-
+
+ public void setEncryptionProperties(EncryptionProperties properties) {
+ this.encProps = properties;
+ }
}
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java?rev=1332286&r1=1332285&r2=1332286&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java Mon Apr 30 16:43:08 2012
@@ -80,7 +80,7 @@ public abstract class AbstractXmlSecInHa
protected void throwFault(String error, Exception ex) {
LOG.warning(error);
- Response response = Response.status(401).entity(error).build();
+ Response response = Response.status(400).entity(error).build();
throw ex != null ? new WebApplicationException(ex, response) : new WebApplicationException(response);
}
@@ -91,4 +91,5 @@ public abstract class AbstractXmlSecInHa
}
return null;
}
+
}
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java?rev=1332286&r1=1332285&r2=1332286&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSigInHandler.java Mon Apr 30 16:43:08 2012
@@ -41,6 +41,7 @@ import org.apache.ws.security.components
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.signature.Reference;
+import org.apache.xml.security.signature.SignedInfo;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.transforms.Transform;
import org.apache.xml.security.transforms.Transforms;
@@ -50,6 +51,7 @@ public class AbstractXmlSigInHandler ext
private boolean removeSignature = true;
private boolean persistSignature = true;
+ private SignatureProperties sigProps;
public void setRemoveSignature(boolean remove) {
this.removeSignature = remove;
@@ -92,7 +94,20 @@ public class AbstractXmlSigInHandler ext
boolean valid = false;
Reference ref = null;
try {
- XMLSignature signature = new XMLSignature(signatureElement, "", true);
+ XMLSignature signature = new XMLSignature(signatureElement, "", true);
+
+ if (sigProps != null) {
+ SignedInfo sInfo = signature.getSignedInfo();
+ if (sigProps.getSignatureAlgo() != null
+ && !sigProps.getSignatureAlgo().equals(sInfo.getSignatureMethodURI())) {
+ throwFault("Signature Algorithm is not supported", null);
+ }
+ if (sigProps.getSignatureC14Method() != null
+ && !sigProps.getSignatureC14Method().equals(sInfo.getCanonicalizationMethodURI())) {
+ throwFault("Signature Algorithm is not supported", null);
+ }
+ }
+
ref = getReference(signature);
Element signedElement = validateReference(root, ref);
if (signedElement.hasAttributeNS(null, "ID")) {
@@ -204,21 +219,35 @@ public class AbstractXmlSigInHandler ext
} catch (XMLSecurityException ex) {
throwFault("Signature transforms can not be obtained", ex);
}
- if (enveloped) {
- boolean isEnveloped = false;
- for (int i = 0; i < transforms.getLength(); i++) {
- try {
- Transform tr = transforms.item(i);
- if (Transforms.TRANSFORM_ENVELOPED_SIGNATURE.equals(tr.getURI())) {
- isEnveloped = true;
- break;
- }
- } catch (Exception ex) {
- throwFault("Problem accessing Transform instance", ex);
- }
+
+ boolean c14TransformConfirmed = false;
+ String c14TransformExpected = sigProps != null ? sigProps.getSignatureC14Transform() : null;
+ boolean envelopedConfirmed = false;
+ for (int i = 0; i < transforms.getLength(); i++) {
+ try {
+ Transform tr = transforms.item(i);
+ if (Transforms.TRANSFORM_ENVELOPED_SIGNATURE.equals(tr.getURI())) {
+ envelopedConfirmed = true;
+ } else if (c14TransformExpected != null && c14TransformExpected.equals(tr.getURI())) {
+ c14TransformConfirmed = true;
+ }
+ } catch (Exception ex) {
+ throwFault("Problem accessing Transform instance", ex);
}
- if (!isEnveloped) {
- throwFault("Only enveloped signatures are currently supported", null);
+ }
+ if (enveloped && !envelopedConfirmed) {
+ throwFault("Only enveloped signatures are currently supported", null);
+ }
+ if (c14TransformExpected != null && !c14TransformConfirmed) {
+ throwFault("Transform Canonicalization is not supported", null);
+ }
+
+ if (sigProps != null && sigProps.getSignatureDigestAlgo() != null) {
+ Element dm =
+ DOMUtils.getFirstChildWithName(ref.getElement(), Constants.SignatureSpecNS, "DigestMethod");
+ if (dm != null && !dm.getAttribute("Algorithm").equals(
+ sigProps.getSignatureDigestAlgo())) {
+ throwFault("Signature Digest Algorithm is not supported", null);
}
}
return signedEl;
@@ -309,4 +338,7 @@ public class AbstractXmlSigInHandler ext
return foundElement;
}
+ public void setSignatureProperties(SignatureProperties properties) {
+ this.sigProps = properties;
+ }
}
Added: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java?rev=1332286&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java (added)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java Mon Apr 30 16:43:08 2012
@@ -0,0 +1,45 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.xml;
+
+public class EncryptionProperties {
+ private String encryptionKeyTransportAlgo;
+ private String encryptionSymmetricKeyAlgo;
+ private String encryptionDigestAlgo;
+
+ public void setEncryptionKeyTransportAlgo(String encryptionKeyTransportAlgo) {
+ this.encryptionKeyTransportAlgo = encryptionKeyTransportAlgo;
+ }
+ public String getEncryptionKeyTransportAlgo() {
+ return encryptionKeyTransportAlgo;
+ }
+ public void setEncryptionSymmetricKeyAlgo(String encryptionSymmetricKeyAlgo) {
+ this.encryptionSymmetricKeyAlgo = encryptionSymmetricKeyAlgo;
+ }
+ public String getEncryptionSymmetricKeyAlgo() {
+ return encryptionSymmetricKeyAlgo;
+ }
+ public void setEncryptionDigestAlgo(String encryptionDigestAlgo) {
+ this.encryptionDigestAlgo = encryptionDigestAlgo;
+ }
+ public String getEncryptionDigestAlgo() {
+ return encryptionDigestAlgo;
+ }
+
+}
Propchange: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/SignatureProperties.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/SignatureProperties.java?rev=1332286&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/SignatureProperties.java (added)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/SignatureProperties.java Mon Apr 30 16:43:08 2012
@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.rs.security.xml;
+
+public class SignatureProperties {
+ private String signatureAlgo;
+ private String signatureDigestAlgo;
+ private String signatureC14Method;
+ private String signatureC14Transform;
+
+ public void setSignatureAlgo(String signatureAlgo) {
+ this.signatureAlgo = signatureAlgo;
+ }
+ public String getSignatureAlgo() {
+ return signatureAlgo;
+ }
+ public void setSignatureDigestAlgo(String signatureDigestAlgo) {
+ this.signatureDigestAlgo = signatureDigestAlgo;
+ }
+ public String getSignatureDigestAlgo() {
+ return signatureDigestAlgo;
+ }
+ public void setSignatureC14Method(String signatureC14Method) {
+ this.signatureC14Method = signatureC14Method;
+ }
+ public String getSignatureC14Method() {
+ return signatureC14Method;
+ }
+ public void setSignatureC14Transform(String signatureC14Transform) {
+ this.signatureC14Transform = signatureC14Transform;
+ }
+ public String getSignatureC14Transform() {
+ return signatureC14Transform;
+ }
+
+}
Propchange: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/SignatureProperties.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/SignatureProperties.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java?rev=1332286&r1=1332285&r2=1332286&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java (original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java Mon Apr 30 16:43:08 2012
@@ -167,7 +167,7 @@ public class JAXRSXmlSecTest extends Abs
properties.put("ws-security.encryption.properties",
"org/apache/cxf/systest/jaxrs/security/bob.properties");
String aes128GCM = "http://www.w3.org/2009/xmlenc11#aes128-gcm";
- doTestPostEncryptedBook(address, false, properties, SecurityUtils.X509_KEY, aes128GCM, null);
+ doTestPostEncryptedBook(address, false, properties, SecurityUtils.X509_KEY, aes128GCM, null, false);
}
@Test
@@ -180,7 +180,7 @@ public class JAXRSXmlSecTest extends Abs
properties.put("ws-security.encryption.properties",
"org/apache/cxf/systest/jaxrs/security/bob.properties");
doTestPostEncryptedBook(
- address, false, properties, SecurityUtils.X509_KEY, XMLCipher.AES_128, XMLCipher.SHA256
+ address, false, properties, SecurityUtils.X509_KEY, XMLCipher.AES_128, XMLCipher.SHA256, false
);
}
@@ -194,13 +194,13 @@ public class JAXRSXmlSecTest extends Abs
properties.put("ws-security.encryption.properties",
"org/apache/cxf/systest/jaxrs/security/bob.properties");
doTestPostEncryptedBook(
- address, false, properties, SecurityUtils.X509_ISSUER_SERIAL, XMLCipher.AES_128, null
+ address, false, properties, SecurityUtils.X509_ISSUER_SERIAL, XMLCipher.AES_128, null, false
);
}
@Test
public void testPostEncryptedSignedBook() throws Exception {
- String address = "https://localhost:" + PORT + "/xmlsec/bookstore/books";
+ String address = "https://localhost:" + PORT + "/xmlsec-validate/bookstore/books";
Map<String, Object> properties = new HashMap<String, Object>();
properties.put("ws-security.callback-handler",
"org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
@@ -215,6 +215,27 @@ public class JAXRSXmlSecTest extends Abs
}
@Test
+ public void testPostEncryptedSignedBookInvalid() throws Exception {
+ String address = "https://localhost:" + PORT + "/xmlsec-validate/bookstore/books";
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put("ws-security.callback-handler",
+ "org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
+ properties.put("ws-security.encryption.username", "bob");
+ properties.put("ws-security.encryption.properties",
+ "org/apache/cxf/systest/jaxrs/security/bob.properties");
+ properties.put("ws-security.signature.username", "alice");
+ properties.put("ws-security.signature.properties",
+ "org/apache/cxf/systest/jaxrs/security/alice.properties");
+ try {
+ doTestPostEncryptedBook(address, true, properties, SecurityUtils.X509_KEY,
+ "http://www.w3.org/2009/xmlenc11#aes128-gcm", null, true);
+ } catch (ServerWebApplicationException ex) {
+ assertEquals(400, ex.getStatus());
+ }
+
+ }
+
+ @Test
public void testPostEncryptedSignedBookUseReqSigCert() throws Exception {
String address = "https://localhost:" + PORT + "/xmlsec-useReqSigCert/bookstore/books";
Map<String, Object> properties = new HashMap<String, Object>();
@@ -232,14 +253,15 @@ public class JAXRSXmlSecTest extends Abs
public void doTestPostEncryptedBook(String address, boolean sign, Map<String, Object> properties)
throws Exception {
doTestPostEncryptedBook(
- address, sign, properties, SecurityUtils.X509_KEY, XMLCipher.AES_128, null
+ address, sign, properties, SecurityUtils.X509_KEY, XMLCipher.AES_128, null, false
);
}
public void doTestPostEncryptedBook(
String address, boolean sign, Map<String, Object> properties,
String keyIdentifierType, String symmetricAlgorithm,
- String digestAlgorithm
+ String digestAlgorithm,
+ boolean propagateException
) throws Exception {
JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
bean.setAddress(address);
@@ -271,7 +293,11 @@ public class JAXRSXmlSecTest extends Abs
Book book = wc.post(new Book("CXF", 126L), Book.class);
assertEquals(126L, book.getId());
} catch (ServerWebApplicationException ex) {
- fail(ex.getMessage());
+ if (propagateException) {
+ throw ex;
+ } else {
+ fail(ex.getMessage());
+ }
} catch (ClientWebApplicationException ex) {
if (ex.getCause() != null && ex.getCause().getMessage() != null) {
fail(ex.getCause().getMessage());
Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/server.xml?rev=1332286&r1=1332285&r2=1332286&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/server.xml (original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/server.xml Mon Apr 30 16:43:08 2012
@@ -66,9 +66,39 @@ under the License.
</httpj:engine-factory>
<bean id="serviceBean" class="org.apache.cxf.systest.jaxrs.security.BookStore"/>
- <bean id="xmlSigHandler" class="org.apache.cxf.rs.security.xml.XmlSigInHandler"/>
+
+ <bean id="sigProps" class="org.apache.cxf.rs.security.xml.SignatureProperties">
+ <property name="signatureAlgo"
+ value="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+ <property name="signatureDigestAlgo"
+ value="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <property name="signatureC14Method"
+ value="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <property name="signatureC14Transform"
+ value="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+ </bean>
+
+ <bean id="encProps" class="org.apache.cxf.rs.security.xml.EncryptionProperties">
+ <property name="encryptionKeyTransportAlgo"
+ value="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
+ <property name="encryptionSymmetricKeyAlgo"
+ value="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ </bean>
+
+ <bean id="xmlSigInHandler" class="org.apache.cxf.rs.security.xml.XmlSigInHandler"/>
+
+ <bean id="xmlSigInHandlerWithProps" class="org.apache.cxf.rs.security.xml.XmlSigInHandler">
+ <property name="signatureProperties" ref="sigProps"/>
+ </bean>
+
<bean id="xmlSigOutHandler" class="org.apache.cxf.rs.security.xml.XmlSigOutInterceptor"/>
- <bean id="xmlEncHandler" class="org.apache.cxf.rs.security.xml.XmlEncInHandler"/>
+ <bean id="xmlEncInHandler" class="org.apache.cxf.rs.security.xml.XmlEncInHandler"/>
+
+ <bean id="xmlEncInHandlerWithProps" class="org.apache.cxf.rs.security.xml.XmlEncInHandler">
+ <property name="encryptionProperties" ref="encProps"/>
+ </bean>
+
+
<bean id="xmlEncOutHandler" class="org.apache.cxf.rs.security.xml.XmlEncOutInterceptor">
<property name="symmetricEncAlgorithm" value="aes128-cbc"/>
</bean>
@@ -79,7 +109,7 @@ under the License.
<ref bean="serviceBean"/>
</jaxrs:serviceBeans>
<jaxrs:providers>
- <ref bean="xmlSigHandler"/>
+ <ref bean="xmlSigInHandler"/>
</jaxrs:providers>
<jaxrs:outInterceptors>
<ref bean="xmlSigOutHandler"/>
@@ -99,7 +129,7 @@ under the License.
<ref bean="serviceBean"/>
</jaxrs:serviceBeans>
<jaxrs:providers>
- <ref bean="xmlEncHandler"/>
+ <ref bean="xmlEncInHandler"/>
</jaxrs:providers>
<jaxrs:outInterceptors>
<ref bean="xmlEncOutHandler"/>
@@ -119,8 +149,32 @@ under the License.
<ref bean="serviceBean"/>
</jaxrs:serviceBeans>
<jaxrs:providers>
- <ref bean="xmlEncHandler"/>
- <ref bean="xmlSigHandler"/>
+ <ref bean="xmlEncInHandler"/>
+ <ref bean="xmlSigInHandler"/>
+ </jaxrs:providers>
+ <jaxrs:outInterceptors>
+ <ref bean="xmlSigOutHandler"/>
+ <ref bean="xmlEncOutHandler"/>
+ </jaxrs:outInterceptors>
+ <jaxrs:properties>
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
+ <entry key="ws-security.encryption.properties"
+ value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ <entry key="ws-security.signature.properties"
+ value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
+ </jaxrs:properties>
+
+ </jaxrs:server>
+
+ <jaxrs:server
+ address="https://localhost:${testutil.ports.jaxrs-xmlsec}/xmlsec-validate">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="xmlEncInHandlerWithProps"/>
+ <ref bean="xmlSigInHandlerWithProps"/>
</jaxrs:providers>
<jaxrs:outInterceptors>
<ref bean="xmlSigOutHandler"/>
@@ -143,8 +197,8 @@ under the License.
<ref bean="serviceBean"/>
</jaxrs:serviceBeans>
<jaxrs:providers>
- <ref bean="xmlEncHandler"/>
- <ref bean="xmlSigHandler"/>
+ <ref bean="xmlEncInHandler"/>
+ <ref bean="xmlSigInHandler"/>
</jaxrs:providers>
<jaxrs:outInterceptors>
<ref bean="xmlSigOutHandler"/>