You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2012/08/03 16:55:43 UTC
svn commit: r1369003 - in
/cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security:
sign_enc/ sign_enc/src/main/java/demo/wssec/client/
sign_enc/src/main/java/demo/wssec/server/ ut/ ut_sign/
ut_sign/src/main/java/demo/wssec/client/ u...
Author: coheigea
Date: Fri Aug 3 14:55:42 2012
New Revision: 1369003
URL: http://svn.apache.org/viewvc?rev=1369003&view=rev
Log:
Merged revisions 1368995 via git cherry-pick from
https://svn.apache.org/repos/asf/cxf/branches/2.6.x-fixes
........
r1368995 | coheigea | 2012-08-03 15:47:54 +0100 (Fri, 03 Aug 2012) | 10 lines
Merged revisions 1368990 via git cherry-pick from
https://svn.apache.org/repos/asf/cxf/trunk
........
r1368990 | coheigea | 2012-08-03 15:43:45 +0100 (Fri, 03 Aug 2012) | 2 lines
[CXF-4453] - Updated WS-Security samples to use the DefaultCryptoCoverageChecker
........
........
Modified:
cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/README.txt
cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/client/Client.java
cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/server/Server.java
cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/ut/README.txt
cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/README.txt
cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/src/main/java/demo/wssec/client/Client.java
cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/src/main/java/demo/wssec/server/Server.java
Modified: cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/README.txt
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/README.txt?rev=1369003&r1=1369002&r2=1369003&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/README.txt (original)
+++ cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/README.txt Fri Aug 3 14:55:42 2012
@@ -3,11 +3,15 @@ WS-Security Demo (Signature and Encrypt
This demo shows how WS-Security support in Apache CXF may be enabled.
-WS-Security can be configured to the Client and Server endpoints by adding WSS4JInterceptors.
-Both Server and Client can be configured for outgoing and incoming interceptors. Various Actions like,
-Timestamp, UsernameToken, Signature, Encryption, etc., can be applied to the interceptors by passing
+WS-Security can be configured to the Client and Server endpoints by adding
+WSS4JInterceptors. Both Server and Client can be configured for outgoing and
+incoming interceptors. Various Actions like, Timestamp, UsernameToken,
+Signature, Encryption, etc., can be applied to the interceptors by passing
appropriate configuration properties.
+This demo also shows how the DefaultCryptoCoverageChecker can be used to
+make sure that the correct Elements were signed and/or encrypted.
+
The logging feature is used to log the inbound and outbound
SOAP messages and display these to the console.
@@ -122,7 +126,5 @@ The server process starts in a new comma
After running the client, terminate the server process.
To remove the code generated from the WSDL file and the .class
-files, either delete the build directory and its contents or run:
-
- ant clean
+files, delete the build directory and its contents.
Modified: cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/client/Client.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/client/Client.java?rev=1369003&r1=1369002&r2=1369003&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/client/Client.java (original)
+++ cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/client/Client.java Fri Aug 3 14:55:42 2012
@@ -32,6 +32,7 @@ import org.apache.cxf.bus.spring.SpringB
import org.apache.cxf.hello_world_soap_http.Greeter;
import org.apache.cxf.hello_world_soap_http.GreeterService;
+import org.apache.cxf.ws.security.wss4j.DefaultCryptoCoverageChecker;
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
@@ -57,12 +58,9 @@ public final class Client {
outProps.put("action", "UsernameToken Timestamp Signature Encrypt");
outProps.put("passwordType", "PasswordDigest");
- outProps.put("user", "clientx509v1");
- //If you are using the patch WSS-194, then uncomment below two lines and
- //comment the above "user" prop line.
- //outProps.put("user", "abcd");
- //outProps.put("signatureUser", "clientx509v1");
+ outProps.put("user", "abcd");
+ outProps.put("signatureUser", "clientx509v1");
outProps.put("passwordCallbackClass", "demo.wssec.client.UTPasswordCallback");
@@ -95,6 +93,14 @@ public final class Client {
bus.getInInterceptors().add(new WSS4JInInterceptor(inProps));
+ // Check to make sure that the SOAP Body and Timestamp were signed,
+ // and that the SOAP Body was encrypted
+ DefaultCryptoCoverageChecker coverageChecker = new DefaultCryptoCoverageChecker();
+ coverageChecker.setSignBody(true);
+ coverageChecker.setSignTimestamp(true);
+ coverageChecker.setEncryptBody(true);
+ bus.getInInterceptors().add(coverageChecker);
+
GreeterService service = new GreeterService();
Greeter port = service.getGreeterPort();
@@ -106,7 +112,7 @@ public final class Client {
System.out.println("response: " + response + "\n");
}
- // allow aynchronous resends to occur
+ // allow asynchronous resends to occur
Thread.sleep(30 * 1000);
if (port instanceof Closeable) {
Modified: cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/server/Server.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/server/Server.java?rev=1369003&r1=1369002&r2=1369003&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/server/Server.java (original)
+++ cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/server/Server.java Fri Aug 3 14:55:42 2012
@@ -29,6 +29,8 @@ import javax.xml.ws.Endpoint;
import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
import org.apache.cxf.bus.spring.SpringBusFactory;
+
+import org.apache.cxf.ws.security.wss4j.DefaultCryptoCoverageChecker;
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
@@ -55,13 +57,10 @@ public class Server {
outProps.put("action", "UsernameToken Timestamp Signature Encrypt");
outProps.put("passwordType", "PasswordText");
- outProps.put("user", "serverx509v1");
outProps.put("passwordCallbackClass", "demo.wssec.server.UTPasswordCallback");
- //If you are using the patch WSS-194, then uncomment below two lines and
- //comment the above "user" prop line.
- //outProps.put("user", "Alice");
- //outProps.put("signatureUser", "serverx509v1");
+ outProps.put("user", "Alice");
+ outProps.put("signatureUser", "serverx509v1");
outProps.put("encryptionUser", "clientx509v1");
outProps.put("encryptionPropFile", "etc/Server_SignVerf.properties");
@@ -90,6 +89,14 @@ public class Server {
bus.getInInterceptors().add(new WSS4JInInterceptor(inProps));
+ // Check to make sure that the SOAP Body and Timestamp were signed,
+ // and that the SOAP Body was encrypted
+ DefaultCryptoCoverageChecker coverageChecker = new DefaultCryptoCoverageChecker();
+ coverageChecker.setSignBody(true);
+ coverageChecker.setSignTimestamp(true);
+ coverageChecker.setEncryptBody(true);
+ bus.getInInterceptors().add(coverageChecker);
+
BusFactory.setDefaultBus(bus);
new Server();
Modified: cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/ut/README.txt
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/ut/README.txt?rev=1369003&r1=1369002&r2=1369003&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/ut/README.txt (original)
+++ cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/ut/README.txt Fri Aug 3 14:55:42 2012
@@ -3,9 +3,10 @@ WS-Security Demo (UsernameToken and Tim
This demo shows how WS-Security support in Apache CXF may be enabled.
-WS-Security can be configured to the Client and Server endpoints by adding WSS4JInterceptors.
-Both Server and Client can be configured for outgoing and incoming interceptors. Various Actions like,
-Timestamp, UsernameToken, Signature, Encryption, etc., can be applied to the interceptors by passing
+WS-Security can be configured to the Client and Server endpoints by adding
+WSS4JInterceptors. Both Server and Client can be configured for outgoing and
+incoming interceptors. Various Actions like, Timestamp, UsernameToken,
+Signature, Encryption, etc., can be applied to the interceptors by passing
appropriate configuration properties.
The logging feature is used to log the inbound and outbound
Modified: cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/README.txt
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/README.txt?rev=1369003&r1=1369002&r2=1369003&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/README.txt (original)
+++ cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/README.txt Fri Aug 3 14:55:42 2012
@@ -3,11 +3,15 @@ WS-Security Demo (Signature and Usernam
This demo shows how WS-Security support in Apache CXF may be enabled.
-WS-Security can be configured to the Client and Server endpoints by adding WSS4JInterceptors.
-Both Server and Client can be configured for outgoing and incoming interceptors. Various Actions like,
-Timestamp, UsernameToken, Signature, Encryption, etc., can be applied to the interceptors by passing
+WS-Security can be configured to the Client and Server endpoints by adding
+WSS4JInterceptors. Both Server and Client can be configured for outgoing and
+incoming interceptors. Various Actions like, Timestamp, UsernameToken,
+Signature, Encryption, etc., can be applied to the interceptors by passing
appropriate configuration properties.
+This demo also shows how the DefaultCryptoCoverageChecker can be used to
+make sure that the correct Elements were signed and/or encrypted.
+
The logging feature is used to log the inbound and outbound
SOAP messages and display these to the console.
@@ -122,7 +126,5 @@ The server process starts in a new comma
After running the client, terminate the server process.
To remove the code generated from the WSDL file and the .class
-files, either delete the build directory and its contents or run:
-
- ant clean
+files, delete the build directory and its contents.
Modified: cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/src/main/java/demo/wssec/client/Client.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/src/main/java/demo/wssec/client/Client.java?rev=1369003&r1=1369002&r2=1369003&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/src/main/java/demo/wssec/client/Client.java (original)
+++ cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/src/main/java/demo/wssec/client/Client.java Fri Aug 3 14:55:42 2012
@@ -31,6 +31,7 @@ import org.apache.cxf.bus.spring.SpringB
import org.apache.cxf.hello_world_soap_http.Greeter;
import org.apache.cxf.hello_world_soap_http.GreeterService;
+import org.apache.cxf.ws.security.wss4j.DefaultCryptoCoverageChecker;
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
@@ -56,13 +57,10 @@ public final class Client {
outProps.put("action", "UsernameToken Timestamp Signature");
outProps.put("passwordType", "PasswordDigest");
- outProps.put("user", "clientx509v1");
outProps.put("passwordCallbackClass", "demo.wssec.client.UTPasswordCallback");
- //If you are using the patch WSS-194, then uncomment below two lines and comment
- //the above "user" prop line.
- //outProps.put("user", "abcd");
- //outProps.put("signatureUser", "clientx509v1");
+ outProps.put("user", "abcd");
+ outProps.put("signatureUser", "clientx509v1");
outProps.put("signaturePropFile", "etc/Client_Sign.properties");
outProps.put("signatureKeyIdentifier", "DirectReference");
outProps.put("signatureParts",
@@ -82,6 +80,12 @@ public final class Client {
bus.getInInterceptors().add(new WSS4JInInterceptor(inProps));
+ // Check to make sure that the SOAP Body and Timestamp were signed
+ DefaultCryptoCoverageChecker coverageChecker = new DefaultCryptoCoverageChecker();
+ coverageChecker.setSignBody(true);
+ coverageChecker.setSignTimestamp(true);
+ bus.getInInterceptors().add(coverageChecker);
+
GreeterService service = new GreeterService();
Greeter port = service.getGreeterPort();
Modified: cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/src/main/java/demo/wssec/server/Server.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/src/main/java/demo/wssec/server/Server.java?rev=1369003&r1=1369002&r2=1369003&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/src/main/java/demo/wssec/server/Server.java (original)
+++ cxf/branches/2.5.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/src/main/java/demo/wssec/server/Server.java Fri Aug 3 14:55:42 2012
@@ -29,6 +29,7 @@ import javax.xml.ws.Endpoint;
import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.ws.security.wss4j.DefaultCryptoCoverageChecker;
import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
@@ -56,12 +57,8 @@ public class Server {
outProps.put("action", "UsernameToken Timestamp Signature");
outProps.put("passwordType", "PasswordText");
- outProps.put("user", "serverx509v1");
-
- //If you are using WSS4J which includes a patch for WSS-194, then uncomment following 2
- //lines for "user" and "signatureUser" props and comment the above line for "user" props.
- //outProps.put("user", "Alice");
- //outProps.put("signatureUser", "serverx509v1");
+ outProps.put("user", "Alice");
+ outProps.put("signatureUser", "serverx509v1");
outProps.put("passwordCallbackClass", "demo.wssec.server.UTPasswordCallback");
outProps.put("signaturePropFile", "etc/Server_Decrypt.properties");
@@ -82,6 +79,12 @@ public class Server {
bus.getInInterceptors().add(new WSS4JInInterceptor(inProps));
+ // Check to make sure that the SOAP Body and Timestamp were signed
+ DefaultCryptoCoverageChecker coverageChecker = new DefaultCryptoCoverageChecker();
+ coverageChecker.setSignBody(true);
+ coverageChecker.setSignTimestamp(true);
+ bus.getInInterceptors().add(coverageChecker);
+
BusFactory.setDefaultBus(bus);
new Server();