You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/07/10 16:00:23 UTC
svn commit: r1501772 - in /cxf/trunk:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/
systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/
Author: coheigea
Date: Wed Jul 10 14:00:22 2013
New Revision: 1501772
URL: http://svn.apache.org/r1501772
Log:
Adding support for Timestamp last Layout creation in the streaming code + more tests
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/BindingPropertiesTest.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java?rev=1501772&r1=1501771&r2=1501772&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java Wed Jul 10 14:00:22 2013
@@ -38,7 +38,6 @@ import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
import org.w3c.dom.Element;
-
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.common.i18n.Message;
@@ -371,14 +370,32 @@ public abstract class AbstractStaxBindin
protected void configureLayout(AssertionInfoMap aim) {
Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.LAYOUT);
+ Layout layout = null;
for (AssertionInfo ai : ais) {
- Layout layout = (Layout)ai.getAssertion();
+ layout = (Layout)ai.getAssertion();
ai.setAsserted(true);
- if (layout.getLayoutType() == LayoutType.LaxTsLast) {
- // TODO re-order action list
- } else if (layout.getLayoutType() == LayoutType.LaxTsFirst) {
- // TODO re-order action list
+ }
+
+ if (!timestampAdded) {
+ return;
+ }
+
+ Map<String, Object> config = getProperties();
+ boolean timestampLast =
+ layout != null && layout.getLayoutType() == LayoutType.LaxTsLast;
+
+ if (config.containsKey(ConfigurationConstants.ACTION)) {
+ String action = (String)config.get(ConfigurationConstants.ACTION);
+ if (timestampLast) {
+ config.put(ConfigurationConstants.ACTION,
+ ConfigurationConstants.TIMESTAMP + " " + action);
+ } else {
+ config.put(ConfigurationConstants.ACTION,
+ action + " " + ConfigurationConstants.TIMESTAMP);
}
+ } else {
+ config.put(ConfigurationConstants.ACTION,
+ ConfigurationConstants.TIMESTAMP);
}
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java?rev=1501772&r1=1501771&r2=1501772&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java Wed Jul 10 14:00:22 2013
@@ -71,7 +71,6 @@ public class StaxAsymmetricBindingHandle
public void handleBinding() {
AssertionInfoMap aim = getMessage().get(AssertionInfoMap.class);
configureTimestamp(aim);
- configureLayout(aim);
abinding = (AsymmetricBinding)getBinding(aim);
if (abinding.getProtectionOrder()
@@ -81,18 +80,7 @@ public class StaxAsymmetricBindingHandle
doSignBeforeEncrypt();
}
- if (timestampAdded) {
- Map<String, Object> config = getProperties();
- // Action
- if (config.containsKey(ConfigurationConstants.ACTION)) {
- String action = (String)config.get(ConfigurationConstants.ACTION);
- config.put(ConfigurationConstants.ACTION,
- action + " " + ConfigurationConstants.TIMESTAMP);
- } else {
- config.put(ConfigurationConstants.ACTION,
- ConfigurationConstants.TIMESTAMP);
- }
- }
+ configureLayout(aim);
}
private void doSignBeforeEncrypt() {
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java?rev=1501772&r1=1501771&r2=1501772&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java Wed Jul 10 14:00:22 2013
@@ -110,7 +110,6 @@ public class StaxSymmetricBindingHandler
public void handleBinding() {
AssertionInfoMap aim = getMessage().get(AssertionInfoMap.class);
configureTimestamp(aim);
- configureLayout(aim);
sbinding = (SymmetricBinding)getBinding(aim);
// Set up CallbackHandler which wraps the configured Handler
@@ -132,17 +131,7 @@ public class StaxSymmetricBindingHandler
config.put(ConfigurationConstants.ENC_SYM_ENC_KEY, "false");
}
- if (timestampAdded) {
- // Action
- if (config.containsKey(ConfigurationConstants.ACTION)) {
- String action = (String)config.get(ConfigurationConstants.ACTION);
- config.put(ConfigurationConstants.ACTION,
- action + " " + ConfigurationConstants.TIMESTAMP);
- } else {
- config.put(ConfigurationConstants.ACTION,
- ConfigurationConstants.TIMESTAMP);
- }
- }
+ configureLayout(aim);
}
private void doEncryptBeforeSign() {
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java?rev=1501772&r1=1501771&r2=1501772&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java Wed Jul 10 14:00:22 2013
@@ -72,7 +72,6 @@ public class StaxTransportBindingHandler
public void handleBinding() {
AssertionInfoMap aim = getMessage().get(AssertionInfoMap.class);
configureTimestamp(aim);
- configureLayout(aim);
if (this.isRequestor()) {
tbinding = (TransportBinding)getBinding(aim);
@@ -99,18 +98,7 @@ public class StaxTransportBindingHandler
addSignatureConfirmation(null);
}
- if (timestampAdded) {
- Map<String, Object> config = getProperties();
- // Action
- if (config.containsKey(ConfigurationConstants.ACTION)) {
- String action = (String)config.get(ConfigurationConstants.ACTION);
- config.put(ConfigurationConstants.ACTION,
- action + " " + ConfigurationConstants.TIMESTAMP);
- } else {
- config.put(ConfigurationConstants.ACTION,
- ConfigurationConstants.TIMESTAMP);
- }
- }
+ configureLayout(aim);
}
/**
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/BindingPropertiesTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/BindingPropertiesTest.java?rev=1501772&r1=1501771&r2=1501772&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/BindingPropertiesTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/BindingPropertiesTest.java Wed Jul 10 14:00:22 2013
@@ -34,7 +34,8 @@ import org.example.contract.doubleit.Dou
import org.junit.BeforeClass;
/**
- * This is a test for various properties associated with a security binding
+ * This is a test for various properties associated with a security binding. It tests both DOM +
+ * StAX clients against the DOM server
*/
public class BindingPropertiesTest extends AbstractBusClientServerTestBase {
static final String PORT = allocatePort(Server.class);
@@ -76,13 +77,20 @@ public class BindingPropertiesTest exten
QName portQName = new QName(NAMESPACE, "DoubleItNotOnlySignPort");
DoubleItPortType port = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(port, PORT);
+
+ // DOM
port.doubleIt(25);
+ // TODO - XPath support Streaming
+ // SecurityTestUtil.enableStreaming(port);
+ // port.doubleIt(25);
+
// This should fail, as OnlySignEntireHeadersAndBody is specified
portQName = new QName(NAMESPACE, "DoubleItOnlySignPort");
port = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(port, PORT);
+ // DOM
try {
port.doubleIt(25);
fail("Failure expected on OnlySignEntireHeadersAndBody property");
@@ -91,6 +99,16 @@ public class BindingPropertiesTest exten
assertTrue(ex.getMessage().contains(error));
}
+ // Streaming
+ try {
+ SecurityTestUtil.enableStreaming(port);
+ port.doubleIt(25);
+ fail("Failure expected on OnlySignEntireHeadersAndBody property");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // String error = "OnlySignEntireHeadersAndBody does not match the requirements";
+ // assertTrue(ex.getMessage().contains(error));
+ }
+
((java.io.Closeable)port).close();
bus.shutdown(true);
}
@@ -112,6 +130,12 @@ public class BindingPropertiesTest exten
QName portQName = new QName(NAMESPACE, "DoubleItEncryptSignaturePort");
DoubleItPortType port = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(port, PORT);
+
+ // DOM
+ port.doubleIt(25);
+
+ // Streaming
+ SecurityTestUtil.enableStreaming(port);
port.doubleIt(25);
// This should fail, as the client is not encrypting the signature is specified
@@ -119,6 +143,7 @@ public class BindingPropertiesTest exten
port = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(port, PORT);
+ // DOM
try {
port.doubleIt(25);
fail("Failure expected on not encrypting the signature property");
@@ -127,6 +152,16 @@ public class BindingPropertiesTest exten
assertTrue(ex.getMessage().contains(error));
}
+ // Streaming
+ try {
+ SecurityTestUtil.enableStreaming(port);
+ port.doubleIt(25);
+ fail("Failure expected on not encrypting the signature property");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // String error = "The signature is not protected";
+ // assertTrue(ex.getMessage().contains(error));
+ }
+
((java.io.Closeable)port).close();
bus.shutdown(true);
}
@@ -148,6 +183,12 @@ public class BindingPropertiesTest exten
QName portQName = new QName(NAMESPACE, "DoubleItIncludeTimestampPort");
DoubleItPortType port = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(port, PORT);
+
+ // DOM
+ port.doubleIt(25);
+
+ // Streaming
+ SecurityTestUtil.enableStreaming(port);
port.doubleIt(25);
// This should fail, as the client is not sending a Timestamp
@@ -155,6 +196,7 @@ public class BindingPropertiesTest exten
port = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(port, PORT);
+ // DOM
try {
port.doubleIt(25);
fail("Failure expected on not sending a Timestamp");
@@ -163,6 +205,16 @@ public class BindingPropertiesTest exten
assertTrue(ex.getMessage().contains(error));
}
+ // Streaming
+ try {
+ SecurityTestUtil.enableStreaming(port);
+ port.doubleIt(25);
+ fail("Failure expected on not sending a Timestamp");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // String error = "Received Timestamp does not match the requirements";
+ // assertTrue(ex.getMessage().contains(error));
+ }
+
((java.io.Closeable)port).close();
bus.shutdown(true);
}
@@ -184,6 +236,12 @@ public class BindingPropertiesTest exten
QName portQName = new QName(NAMESPACE, "DoubleItEncryptBeforeSigningPort");
DoubleItPortType port = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(port, PORT);
+
+ // DOM
+ port.doubleIt(25);
+
+ // Streaming
+ SecurityTestUtil.enableStreaming(port);
port.doubleIt(25);
// This should fail, as the client is not following the correct steps for this property
@@ -191,6 +249,7 @@ public class BindingPropertiesTest exten
port = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(port, PORT);
+ // DOM
try {
port.doubleIt(25);
fail("Failure expected on not encrypting before signing");
@@ -199,6 +258,16 @@ public class BindingPropertiesTest exten
assertTrue(ex.getMessage().contains(error));
}
+ // Streaming
+ try {
+ SecurityTestUtil.enableStreaming(port);
+ port.doubleIt(25);
+ fail("Failure expected on not encrypting before signing");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // String error = "Not encrypted before signed";
+ // assertTrue(ex.getMessage().contains(error));
+ }
+
((java.io.Closeable)port).close();
bus.shutdown(true);
}
@@ -220,6 +289,12 @@ public class BindingPropertiesTest exten
QName portQName = new QName(NAMESPACE, "DoubleItSignBeforeEncryptingPort");
DoubleItPortType port = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(port, PORT);
+
+ // DOM
+ port.doubleIt(25);
+
+ // Streaming
+ SecurityTestUtil.enableStreaming(port);
port.doubleIt(25);
// This should fail, as the client is not following the correct steps for this property
@@ -227,6 +302,7 @@ public class BindingPropertiesTest exten
port = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(port, PORT);
+ // DOM
try {
port.doubleIt(25);
fail("Failure expected on not signing before encrypting");
@@ -235,13 +311,21 @@ public class BindingPropertiesTest exten
assertTrue(ex.getMessage().contains(error));
}
+ // Streaming
+ try {
+ SecurityTestUtil.enableStreaming(port);
+ port.doubleIt(25);
+ fail("Failure expected on not signing before encrypting");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // String error = "Not signed before encrypted";
+ // assertTrue(ex.getMessage().contains(error));
+ }
+
((java.io.Closeable)port).close();
bus.shutdown(true);
}
- // TODO It's not sending the Timestamp "first" correctly
@org.junit.Test
- @org.junit.Ignore
public void testTimestampFirst() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
@@ -258,6 +342,12 @@ public class BindingPropertiesTest exten
QName portQName = new QName(NAMESPACE, "DoubleItTimestampFirstPort");
DoubleItPortType port = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(port, PORT);
+
+ // TODO It's not sending the Timestamp "first" correctly - DOM
+ // port.doubleIt(25);
+
+ // Streaming
+ SecurityTestUtil.enableStreaming(port);
port.doubleIt(25);
// This should fail, as the client is sending the timestamp last
@@ -265,6 +355,8 @@ public class BindingPropertiesTest exten
port = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(port, PORT);
+ /*
+ // DOM
try {
port.doubleIt(25);
fail("Failure expected on on sending the timestamp last");
@@ -272,6 +364,16 @@ public class BindingPropertiesTest exten
String error = "Layout does not match the requirements";
assertTrue(ex.getMessage().contains(error));
}
+ */
+ // Streaming
+ try {
+ SecurityTestUtil.enableStreaming(port);
+ port.doubleIt(25);
+ fail("Failure expected on on sending the timestamp last");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // String error = "Layout does not match the requirements";
+ // assertTrue(ex.getMessage().contains(error));
+ }
((java.io.Closeable)port).close();
bus.shutdown(true);
@@ -294,6 +396,12 @@ public class BindingPropertiesTest exten
QName portQName = new QName(NAMESPACE, "DoubleItTimestampLastPort");
DoubleItPortType port = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(port, PORT);
+
+ // DOM
+ port.doubleIt(25);
+
+ // Streaming
+ SecurityTestUtil.enableStreaming(port);
port.doubleIt(25);
// This should fail, as the client is sending the timestamp first
@@ -301,6 +409,7 @@ public class BindingPropertiesTest exten
port = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(port, PORT);
+ // DOM
try {
port.doubleIt(25);
fail("Failure expected on sending the timestamp first");
@@ -309,6 +418,16 @@ public class BindingPropertiesTest exten
assertTrue(ex.getMessage().contains(error));
}
+ // Streaming
+ try {
+ SecurityTestUtil.enableStreaming(port);
+ port.doubleIt(25);
+ fail("Failure expected on sending the timestamp first");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // String error = "Layout does not match the requirements";
+ // assertTrue(ex.getMessage().contains(error));
+ }
+
((java.io.Closeable)port).close();
bus.shutdown(true);
}
@@ -330,6 +449,12 @@ public class BindingPropertiesTest exten
QName portQName = new QName(NAMESPACE, "DoubleItStrictPort");
DoubleItPortType port = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(port, PORT);
+
+ // DOM
+ port.doubleIt(25);
+
+ // Streaming
+ SecurityTestUtil.enableStreaming(port);
port.doubleIt(25);
// This should fail, as the client is sending the timestamp last
@@ -337,6 +462,7 @@ public class BindingPropertiesTest exten
port = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(port, PORT);
+ // DOM
try {
port.doubleIt(25);
fail("Failure expected on sending the timestamp last");
@@ -345,6 +471,16 @@ public class BindingPropertiesTest exten
assertTrue(ex.getMessage().contains(error));
}
+ // Streaming
+ try {
+ SecurityTestUtil.enableStreaming(port);
+ port.doubleIt(25);
+ fail("Failure expected on sending the timestamp last");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // String error = "Layout does not match the requirements";
+ // assertTrue(ex.getMessage().contains(error));
+ }
+
((java.io.Closeable)port).close();
bus.shutdown(true);
}
@@ -406,6 +542,12 @@ public class BindingPropertiesTest exten
QName portQName = new QName(NAMESPACE, "DoubleItSignatureConfirmationPort");
DoubleItPortType port = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(port, PORT);
+
+ // DOM
+ port.doubleIt(25);
+
+ // Streaming
+ SecurityTestUtil.enableStreaming(port);
port.doubleIt(25);
// This should fail, as SignatureConfirmation is not enabled
@@ -413,6 +555,7 @@ public class BindingPropertiesTest exten
port = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(port, PORT);
+ // DOM
try {
port.doubleIt(25);
fail("Failure expected on not enabling SignatureConfirmation");
@@ -421,6 +564,19 @@ public class BindingPropertiesTest exten
assertTrue(ex.getMessage().contains(error));
}
+ // Streaming
+ /*
+ * TODO - See WSS-460
+ try {
+ SecurityTestUtil.enableStreaming(port);
+ port.doubleIt(25);
+ fail("Failure expected on not enabling SignatureConfirmation");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // String error = "Check Signature confirmation";
+ // assertTrue(ex.getMessage().contains(error));
+ }
+ */
+
((java.io.Closeable)port).close();
bus.shutdown(true);
}