You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@servicemix.apache.org by ff...@apache.org on 2008/05/21 12:18:00 UTC
svn commit: r658616 - in
/servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src:
main/java/org/apache/servicemix/cxfbc/
main/java/org/apache/servicemix/cxfbc/interceptors/
test/java/org/apache/servicemix/cxfbc/ws/security/ test/reso...
Author: ffang
Date: Wed May 21 03:17:59 2008
New Revision: 658616
URL: http://svn.apache.org/viewvc?rev=658616&view=rev
Log:
[SM-1361]cxf bc should delegate ws-security to jaas
Added:
servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/CxfBcConfiguration.java (with props)
servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/interceptors/JbiJAASInterceptor.java (with props)
servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/java/org/apache/servicemix/cxfbc/ws/security/CxfBcSecurityJAASTest.java (with props)
servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/client-jaas.xml (with props)
servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/groups.properties (with props)
servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/login.properties (with props)
servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/users.properties (with props)
servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/xbean-jaas.xml (with props)
Modified:
servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/CxfBcComponent.java
servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/CxfBcConsumer.java
Modified: servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/CxfBcComponent.java
URL: http://svn.apache.org/viewvc/servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/CxfBcComponent.java?rev=658616&r1=658615&r2=658616&view=diff
==============================================================================
--- servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/CxfBcComponent.java (original)
+++ servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/CxfBcComponent.java Wed May 21 03:17:59 2008
@@ -22,6 +22,8 @@
import org.apache.cxf.BusFactory;
import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.servicemix.common.DefaultComponent;
+import org.apache.servicemix.jbi.security.auth.AuthenticationService;
+import org.apache.servicemix.jbi.security.auth.impl.JAASAuthenticationService;
/**
*
@@ -35,7 +37,9 @@
private Bus bus;
private String busCfg;
-
+
+ private CxfBcConfiguration configuration = new CxfBcConfiguration();
+
/**
* @return the endpoints
*/
@@ -69,6 +73,15 @@
} else {
bus = BusFactory.getDefaultBus();
}
+ if (getConfiguration().getAuthenticationService() == null) {
+ try {
+ String name = getConfiguration().getAuthenticationServiceName();
+ Object as = context.getNamingContext().lookup(name);
+ getConfiguration().setAuthenticationService((AuthenticationService) as);
+ } catch (Throwable e) {
+ getConfiguration().setAuthenticationService(new JAASAuthenticationService());
+ }
+ }
super.doInit();
}
@@ -83,4 +96,12 @@
public String getBusConfig() {
return busCfg;
}
+
+ public void setConfiguration(CxfBcConfiguration configuration) {
+ this.configuration = configuration;
+ }
+
+ public CxfBcConfiguration getConfiguration() {
+ return configuration;
+ }
}
Added: servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/CxfBcConfiguration.java
URL: http://svn.apache.org/viewvc/servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/CxfBcConfiguration.java?rev=658616&view=auto
==============================================================================
--- servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/CxfBcConfiguration.java (added)
+++ servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/CxfBcConfiguration.java Wed May 21 03:17:59 2008
@@ -0,0 +1,60 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.servicemix.cxfbc;
+
+import org.apache.servicemix.jbi.security.auth.AuthenticationService;
+
+public class CxfBcConfiguration {
+
+ private transient AuthenticationService authenticationService;
+
+ /**
+ * The JNDI name of the AuthenticationService object
+ */
+ private String authenticationServiceName = "java:comp/env/smx/AuthenticationService";
+
+
+ /**
+ * @return the authenticationService
+ */
+ public AuthenticationService getAuthenticationService() {
+ return authenticationService;
+ }
+
+ /**
+ * @param authenticationService the authenticationService to set
+ */
+ public void setAuthenticationService(AuthenticationService authenticationService) {
+ this.authenticationService = authenticationService;
+ }
+
+ /**
+ * @return the authenticationServiceName
+ */
+ public String getAuthenticationServiceName() {
+ return authenticationServiceName;
+ }
+
+ /**
+ * @param authenticationServiceName the authenticationServiceName to set
+ */
+ public void setAuthenticationServiceName(String authenticationServiceName) {
+ this.authenticationServiceName = authenticationServiceName;
+ }
+
+
+}
Propchange: servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/CxfBcConfiguration.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/CxfBcConfiguration.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified: servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/CxfBcConsumer.java
URL: http://svn.apache.org/viewvc/servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/CxfBcConsumer.java?rev=658616&r1=658615&r2=658616&view=diff
==============================================================================
--- servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/CxfBcConsumer.java (original)
+++ servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/CxfBcConsumer.java Wed May 21 03:17:59 2008
@@ -87,6 +87,7 @@
import org.apache.servicemix.common.endpoints.ConsumerEndpoint;
import org.apache.servicemix.cxfbc.interceptors.JbiInInterceptor;
import org.apache.servicemix.cxfbc.interceptors.JbiInWsdl1Interceptor;
+import org.apache.servicemix.cxfbc.interceptors.JbiJAASInterceptor;
import org.apache.servicemix.cxfbc.interceptors.JbiOperationInterceptor;
import org.apache.servicemix.cxfbc.interceptors.JbiOutWsdl1Interceptor;
import org.apache.servicemix.cxfbc.interceptors.MtomCheckInterceptor;
@@ -277,6 +278,9 @@
cxfService.getInInterceptors().add(
new JbiInWsdl1Interceptor(isUseJBIWrapper()));
cxfService.getInInterceptors().add(new JbiInInterceptor());
+ cxfService.getInInterceptors().add(new JbiJAASInterceptor(
+ ((CxfBcComponent)this.getServiceUnit().getComponent()).
+ getConfiguration().getAuthenticationService()));
cxfService.getInInterceptors().add(new JbiInvokerInterceptor());
cxfService.getInInterceptors().add(new JbiPostInvokerInterceptor());
Added: servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/interceptors/JbiJAASInterceptor.java
URL: http://svn.apache.org/viewvc/servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/interceptors/JbiJAASInterceptor.java?rev=658616&view=auto
==============================================================================
--- servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/interceptors/JbiJAASInterceptor.java (added)
+++ servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/interceptors/JbiJAASInterceptor.java Wed May 21 03:17:59 2008
@@ -0,0 +1,90 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.servicemix.cxfbc.interceptors;
+
+import java.security.GeneralSecurityException;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Vector;
+
+import javax.security.auth.Subject;
+
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.ws.security.wss4j.AbstractWSS4JInterceptor;
+import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
+import org.apache.servicemix.jbi.security.auth.AuthenticationService;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSUsernameTokenPrincipal;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+
+public class JbiJAASInterceptor extends AbstractWSS4JInterceptor {
+
+ private String domain = "servicemix-domain";
+ private AuthenticationService authenticationService;
+ private ThreadLocal<Subject> currentSubject = new ThreadLocal<Subject>();
+
+
+ public JbiJAASInterceptor(AuthenticationService authenticationService) {
+ super();
+ setPhase(Phase.PRE_PROTOCOL);
+ getAfter().add(WSS4JInInterceptor.class.getName());
+ this.authenticationService = authenticationService;
+ }
+
+
+ public void handleMessage(SoapMessage message) throws Fault {
+
+ try {
+
+ Subject subject = (Subject) currentSubject.get();
+
+ if (subject == null) {
+ subject = new Subject();
+ currentSubject.set(subject);
+ }
+ List<Object> results = (Vector<Object>)message.get(WSHandlerConstants.RECV_RESULTS);
+ if (results == null) {
+ return;
+ }
+ for (Iterator iter = results.iterator(); iter.hasNext();) {
+ WSHandlerResult hr = (WSHandlerResult) iter.next();
+ if (hr == null || hr.getResults() == null) {
+ return;
+ }
+ for (Iterator it = hr.getResults().iterator(); it.hasNext();) {
+ WSSecurityEngineResult er = (WSSecurityEngineResult) it.next();
+
+ if (er != null && er.getPrincipal() instanceof WSUsernameTokenPrincipal) {
+ WSUsernameTokenPrincipal p = (WSUsernameTokenPrincipal)er.getPrincipal();
+ subject.getPrincipals().add(p);
+ this.authenticationService.authenticate(subject, domain, p.getName(), p.getPassword());
+ }
+ }
+ }
+
+ message.put(Subject.class, subject);
+ } catch (GeneralSecurityException e) {
+ throw new Fault(e);
+ } finally {
+ currentSubject.set(null);
+ }
+ }
+
+}
Propchange: servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/interceptors/JbiJAASInterceptor.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/main/java/org/apache/servicemix/cxfbc/interceptors/JbiJAASInterceptor.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added: servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/java/org/apache/servicemix/cxfbc/ws/security/CxfBcSecurityJAASTest.java
URL: http://svn.apache.org/viewvc/servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/java/org/apache/servicemix/cxfbc/ws/security/CxfBcSecurityJAASTest.java?rev=658616&view=auto
==============================================================================
--- servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/java/org/apache/servicemix/cxfbc/ws/security/CxfBcSecurityJAASTest.java (added)
+++ servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/java/org/apache/servicemix/cxfbc/ws/security/CxfBcSecurityJAASTest.java Wed May 21 03:17:59 2008
@@ -0,0 +1,91 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.servicemix.cxfbc.ws.security;
+
+import java.io.File;
+import java.net.URL;
+import java.util.logging.Logger;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.interceptor.LoggingInInterceptor;
+import org.apache.cxf.interceptor.LoggingOutInterceptor;
+import org.apache.hello_world_soap_http.Greeter;
+import org.apache.servicemix.tck.SpringTestSupport;
+import org.apache.xbean.spring.context.ClassPathXmlApplicationContext;
+import org.springframework.context.support.AbstractXmlApplicationContext;
+
+
+public class CxfBcSecurityJAASTest extends SpringTestSupport {
+
+ private static final Logger LOG = LogUtils.getL7dLogger(CxfBCSecurityTest.class);
+
+ private static final java.net.URL WSDL_LOC;
+ static {
+ java.net.URL tmp = null;
+ try {
+ tmp = CxfBCSecurityTest.class.getClassLoader().getResource(
+ "org/apache/servicemix/cxfbc/ws/security/hello_world.wsdl"
+ );
+ } catch (final Exception e) {
+ e.printStackTrace();
+ }
+ WSDL_LOC = tmp;
+ String path = System.getProperty("java.security.auth.login.config");
+ if (path == null) {
+ URL resource = CxfBcSecurityJAASTest.class.getResource("login.properties");
+ if (resource != null) {
+ path = new File(resource.getFile()).getAbsolutePath();
+ System.setProperty("java.security.auth.login.config", path);
+ }
+ }
+ }
+
+ public void testJAAS() {
+ LOG.info("test security");
+ Bus bus = new SpringBusFactory().createBus(
+ "org/apache/servicemix/cxfbc/ws/security/client-jaas.xml");
+ BusFactory.setDefaultBus(bus);
+ LoggingInInterceptor in = new LoggingInInterceptor();
+ bus.getInInterceptors().add(in);
+ bus.getInFaultInterceptors().add(in);
+ LoggingOutInterceptor out = new LoggingOutInterceptor();
+ bus.getOutInterceptors().add(out);
+ bus.getOutFaultInterceptors().add(out);
+ final javax.xml.ws.Service svc = javax.xml.ws.Service.create(WSDL_LOC,
+ new javax.xml.namespace.QName(
+ "http://apache.org/hello_world_soap_http",
+ "SOAPServiceWSSecurity"));
+ final Greeter greeter = svc.getPort(new javax.xml.namespace.QName(
+ "http://apache.org/hello_world_soap_http",
+ "TimestampSignEncrypt"), Greeter.class);
+ String ret = greeter.sayHi();
+ assertEquals(ret, "Bonjour");
+ ret = greeter.greetMe("ffang");
+ assertEquals(ret, "Hello ffang");
+ }
+
+ @Override
+ protected AbstractXmlApplicationContext createBeanFactory() {
+ // load cxf se and bc from spring config file
+ return new ClassPathXmlApplicationContext(
+ "org/apache/servicemix/cxfbc/ws/security/xbean-jaas.xml");
+ }
+
+}
Propchange: servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/java/org/apache/servicemix/cxfbc/ws/security/CxfBcSecurityJAASTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/java/org/apache/servicemix/cxfbc/ws/security/CxfBcSecurityJAASTest.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added: servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/client-jaas.xml
URL: http://svn.apache.org/viewvc/servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/client-jaas.xml?rev=658616&view=auto
==============================================================================
--- servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/client-jaas.xml (added)
+++ servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/client-jaas.xml Wed May 21 03:17:59 2008
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:jaxws="http://cxf.apache.org/jaxws"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd
+ ">
+
+ <jaxws:client name="{http://apache.org/hello_world_soap_http}TimestampSignEncrypt" createdFromAPI="true">
+ <jaxws:features>
+ <bean class="org.apache.cxf.feature.LoggingFeature"/>
+ </jaxws:features>
+ <jaxws:outInterceptors>
+ <bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor"/>
+ <ref bean="TimestampSignEncrypt_Request"/>
+ </jaxws:outInterceptors>
+ <jaxws:inInterceptors>
+ <ref bean="TimestampSignEncrypt_Response"/>
+ <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/>
+ </jaxws:inInterceptors>
+ </jaxws:client>
+
+ <!-- -->
+ <!-- This bean is an Out interceptor which will add a Timestamp, -->
+ <!-- sign the Timstamp and Body, and then encrypt the Timestamp -->
+ <!-- and Body. It uses 3DES as the symmetric key algorithm. -->
+ <!-- -->
+ <bean
+ class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"
+ id="TimestampSignEncrypt_Request">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="UsernameToken"/>
+ <entry key="passwordType" value="PasswordText" />
+ <entry key="user" value="alice"/>
+ <entry key="signaturePropFile" value="org/apache/servicemix/cxfbc/ws/security/alice.properties"/>
+ <entry key="encryptionPropFile" value="org/apache/servicemix/cxfbc/ws/security/bob.properties"/>
+ <entry key="encryptionUser" value="Bob"/>
+ <entry key="signatureKeyIdentifier" value="DirectReference"/>
+ <entry key="passwordCallbackClass" value="org.apache.servicemix.cxfbc.ws.security.KeystorePasswordCallback"/>
+ <entry key="signatureParts" value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body"/>
+ <!-- -->
+ <!-- Recommendation: signatures should be encrypted -->
+ <!-- -->
+ <entry key="encryptionParts" value="{Element}{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body"/>
+ <!-- <entry key="encryptionKeyTransportAlgorithm" value="RSA15"/> -->
+ <entry key="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+ </map>
+ </constructor-arg>
+ </bean>
+
+ <!-- -->
+ <!-- This bean is an In interceptor which validated a signed, -->
+ <!-- encrypted resposne, and timestamped. -->
+ <!-- -->
+ <!-- -->
+ <bean
+ class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"
+ id="TimestampSignEncrypt_Response">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Timestamp Signature Encrypt"/>
+ <entry key="signaturePropFile" value="org/apache/servicemix/cxfbc/ws/security/bob.properties"/>
+ <entry key="decryptionPropFile" value="org/apache/servicemix/cxfbc/ws/security/alice.properties"/>
+ <entry key="passwordCallbackClass" value="org.apache.servicemix.cxfbc.ws.security.KeystorePasswordCallback"/>
+ </map>
+ </constructor-arg>
+ </bean>
+
+</beans>
Propchange: servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/client-jaas.xml
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/client-jaas.xml
------------------------------------------------------------------------------
svn:keywords = Rev Date
Propchange: servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/client-jaas.xml
------------------------------------------------------------------------------
svn:mime-type = text/xml
Added: servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/groups.properties
URL: http://svn.apache.org/viewvc/servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/groups.properties?rev=658616&view=auto
==============================================================================
--- servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/groups.properties (added)
+++ servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/groups.properties Wed May 21 03:17:59 2008
@@ -0,0 +1,20 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+#
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+admin=alice
Propchange: servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/groups.properties
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/groups.properties
------------------------------------------------------------------------------
svn:keywords = Rev Date
Propchange: servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/groups.properties
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/login.properties
URL: http://svn.apache.org/viewvc/servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/login.properties?rev=658616&view=auto
==============================================================================
--- servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/login.properties (added)
+++ servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/login.properties Wed May 21 03:17:59 2008
@@ -0,0 +1,22 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+servicemix-domain {
+ org.apache.servicemix.jbi.security.login.PropertiesLoginModule required
+ debug=true
+ org.apache.servicemix.security.properties.user="users.properties"
+ org.apache.servicemix.security.properties.group="groups.properties";
+};
Propchange: servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/login.properties
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/login.properties
------------------------------------------------------------------------------
svn:keywords = Rev Date
Propchange: servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/login.properties
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/users.properties
URL: http://svn.apache.org/viewvc/servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/users.properties?rev=658616&view=auto
==============================================================================
--- servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/users.properties (added)
+++ servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/users.properties Wed May 21 03:17:59 2008
@@ -0,0 +1,20 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+#
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+alice=password
Propchange: servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/users.properties
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/users.properties
------------------------------------------------------------------------------
svn:keywords = Rev Date
Propchange: servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/users.properties
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/xbean-jaas.xml
URL: http://svn.apache.org/viewvc/servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/xbean-jaas.xml?rev=658616&view=auto
==============================================================================
--- servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/xbean-jaas.xml (added)
+++ servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/xbean-jaas.xml Wed May 21 03:17:59 2008
@@ -0,0 +1,124 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+-->
+<beans xmlns:sm="http://servicemix.apache.org/config/1.0"
+ xmlns:cxfse="http://servicemix.apache.org/cxfse/1.0"
+ xmlns:cxfbc="http://servicemix.apache.org/cxfbc/1.0"
+ xmlns:greeter="http://apache.org/hello_world_soap_http">
+
+ <sm:container id="jbi" embedded="true">
+ <sm:broker>
+ <sm:securedBroker>
+ <sm:authorizationMap>
+ <sm:authorizationMap>
+ <sm:authorizationEntries>
+ <sm:authorizationEntry service="*:*" roles="admin" />
+ </sm:authorizationEntries>
+ </sm:authorizationMap>
+ </sm:authorizationMap>
+ </sm:securedBroker>
+ </sm:broker>
+
+ <sm:endpoints>
+ <cxfse:endpoint>
+ <cxfse:pojo>
+ <bean class="org.apache.servicemix.cxfbc.ws.security.GreeterImpl" />
+ </cxfse:pojo>
+ <cxfse:inInterceptors>
+ <bean class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
+ </cxfse:inInterceptors>
+ <cxfse:outInterceptors>
+ <bean class="org.apache.cxf.interceptor.LoggingOutInterceptor"/>
+ </cxfse:outInterceptors>
+ <cxfse:inFaultInterceptors>
+ <bean class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
+ </cxfse:inFaultInterceptors>
+ <cxfse:outFaultInterceptors>
+ <bean class="org.apache.cxf.interceptor.LoggingOutInterceptor"/>
+ </cxfse:outFaultInterceptors>
+ </cxfse:endpoint>
+ <cxfbc:consumer wsdl="org/apache/servicemix/cxfbc/ws/security/hello_world.wsdl"
+ targetEndpoint="TimestampSignEncrypt"
+ targetService="greeter:SOAPServiceWSSecurity"
+ targetInterface="greeter:Greeter"
+ >
+ <cxfbc:inInterceptors>
+ <bean class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
+ <ref bean="TimestampSignEncrypt_Request"/>
+ <ref bean="saajin"/>
+ </cxfbc:inInterceptors>
+ <cxfbc:outInterceptors>
+ <bean class="org.apache.cxf.interceptor.LoggingOutInterceptor"/>
+ <ref bean="saajout"/>
+ <ref bean="TimestampSignEncrypt_Response"/>
+ </cxfbc:outInterceptors>
+ <cxfbc:inFaultInterceptors>
+ <bean class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
+ </cxfbc:inFaultInterceptors>
+ <cxfbc:outFaultInterceptors>
+ <bean class="org.apache.cxf.interceptor.LoggingOutInterceptor"/>
+ </cxfbc:outFaultInterceptors>
+ </cxfbc:consumer>
+ </sm:endpoints>
+
+ </sm:container>
+
+ <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" id="saajin"/>
+ <bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor" id="saajout"/>
+ <bean
+ class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"
+ id="TimestampSignEncrypt_Response">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Timestamp Signature Encrypt"/>
+ <entry key="user" value="bob"/>
+ <entry key="signaturePropFile" value="org/apache/servicemix/cxfbc/ws/security/bob.properties"/>
+ <entry key="encryptionPropFile" value="org/apache/servicemix/cxfbc/ws/security/alice.properties"/>
+ <entry key="encryptionUser" value="Alice"/>
+ <entry key="signatureKeyIdentifier" value="DirectReference"/>
+ <entry key="passwordCallbackClass" value="org.apache.servicemix.cxfbc.ws.security.KeystorePasswordCallback"/>
+ <entry key="signatureParts" value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body"/>
+ <!-- -->
+ <!-- Recommendation: signatures should be encrypted -->
+ <!-- -->
+ <entry key="encryptionParts" value="{Element}{http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body"/>
+ <!-- <entry key="encryptionKeyTransportAlgorithm" value="RSA15"/> -->
+ <entry key="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+ </map>
+ </constructor-arg>
+ </bean>
+ <bean
+ class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"
+ id="TimestampSignEncrypt_Request">
+ <constructor-arg>
+ <map>
+ <!-- Use this action order for local clients -->
+ <entry key="action" value="UsernameToken"/>
+ <entry key="passwordType" value="PasswordText" />
+ <!-- Use this action spec for WCF clients
+ <entry key="action" value="Signature Encrypt Timestamp"/>
+ -->
+ <entry key="signaturePropFile" value="org/apache/servicemix/cxfbc/ws/security/alice.properties"/>
+ <entry key="decryptionPropFile" value="org/apache/servicemix/cxfbc/ws/security/bob.properties"/>
+ <entry key="passwordCallbackClass" value="org.apache.servicemix.cxfbc.ws.security.KeystorePasswordCallback"/>
+ </map>
+ </constructor-arg>
+ </bean>
+
+</beans>
Propchange: servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/xbean-jaas.xml
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/xbean-jaas.xml
------------------------------------------------------------------------------
svn:keywords = Rev Date
Propchange: servicemix/smx3/trunk/deployables/bindingcomponents/servicemix-cxf-bc/src/test/resources/org/apache/servicemix/cxfbc/ws/security/xbean-jaas.xml
------------------------------------------------------------------------------
svn:mime-type = text/xml