You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/05/24 15:15:54 UTC
svn commit: r1486045 - in /cxf/trunk:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/
systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/ syst...
Author: coheigea
Date: Fri May 24 13:15:54 2013
New Revision: 1486045
URL: http://svn.apache.org/r1486045
Log:
Added a load more streaming interop tests (for SAML) along with some bug fixes
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/SecurityTestUtil.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/StaxUsernameTokenTest.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java?rev=1486045&r1=1486044&r2=1486045&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java Fri May 24 13:15:54 2013
@@ -267,38 +267,37 @@ public class SamlTokenInterceptor extend
MessageUtils.getContextualBoolean(
message, SecurityConstants.SELF_SIGN_SAML_ASSERTION, false
);
- if (selfSignAssertion) {
- Crypto crypto =
- getCrypto(
- token, SecurityConstants.SIGNATURE_CRYPTO,
- SecurityConstants.SIGNATURE_PROPERTIES, message
- );
-
- String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
- String user = (String)message.getContextualProperty(userNameKey);
- if (crypto != null && StringUtils.isEmpty(user)) {
- try {
- user = crypto.getDefaultX509Identifier();
- } catch (WSSecurityException e1) {
- throw new Fault(e1);
- }
- }
- if (StringUtils.isEmpty(user)) {
- return null;
- }
-
- String password = (String)message.getContextualProperty(SecurityConstants.PASSWORD);
- if (StringUtils.isEmpty(password)) {
- password = getPassword(user, token, WSPasswordCallback.Usage.SIGNATURE, message);
+ if (selfSignAssertion || samlCallback.isSignAssertion()) {
+ String issuerName = samlCallback.getIssuerKeyName();
+ if (issuerName == null) {
+ String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
+ issuerName = (String)message.getContextualProperty(userNameKey);
}
+ String password = samlCallback.getIssuerKeyPassword();
if (password == null) {
- password = "";
+ password = (String)message.getContextualProperty(SecurityConstants.PASSWORD);
+ if (StringUtils.isEmpty(password)) {
+ password =
+ getPassword(issuerName, token, WSPasswordCallback.Usage.SIGNATURE, message);
+ }
}
-
- // TODO configure using a KeyValue here
- assertion.signAssertion(user, password, crypto, false);
+ Crypto crypto = samlCallback.getIssuerCrypto();
+ if (crypto == null) {
+ crypto =
+ getCrypto(token, SecurityConstants.SIGNATURE_CRYPTO,
+ SecurityConstants.SIGNATURE_PROPERTIES, message);
+ }
+
+ assertion.signAssertion(
+ issuerName,
+ password,
+ crypto,
+ samlCallback.isSendKeyValue(),
+ samlCallback.getCanonicalizationAlgorithm(),
+ samlCallback.getSignatureAlgorithm()
+ );
}
-
+
return assertion;
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1486045&r1=1486044&r2=1486045&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Fri May 24 13:15:54 2013
@@ -992,27 +992,29 @@ public abstract class AbstractBindingBui
MessageUtils.getContextualBoolean(
message, SecurityConstants.SELF_SIGN_SAML_ASSERTION, false
);
- if (selfSignAssertion) {
- Crypto crypto = getSignatureCrypto(null);
-
- String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
- String user = (String)message.getContextualProperty(userNameKey);
- if (crypto != null && StringUtils.isEmpty(user)) {
- try {
- user = crypto.getDefaultX509Identifier();
- } catch (WSSecurityException e1) {
- throw new Fault(e1);
- }
+ if (selfSignAssertion || samlCallback.isSignAssertion()) {
+ String issuerName = samlCallback.getIssuerKeyName();
+ if (issuerName == null) {
+ String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
+ issuerName = (String)message.getContextualProperty(userNameKey);
+ }
+ String password = samlCallback.getIssuerKeyPassword();
+ if (password == null) {
+ password = getPassword(issuerName, token, WSPasswordCallback.Usage.SIGNATURE);
+ }
+ Crypto crypto = samlCallback.getIssuerCrypto();
+ if (crypto == null) {
+ crypto = getSignatureCrypto(null);
}
- if (StringUtils.isEmpty(user)) {
- policyNotAsserted(token, "No username found.");
- return null;
- }
-
- String password = getPassword(user, token, WSPasswordCallback.Usage.SIGNATURE);
-
- // TODO configure using a KeyValue here
- assertion.signAssertion(user, password, crypto, false);
+
+ assertion.signAssertion(
+ issuerName,
+ password,
+ crypto,
+ samlCallback.isSendKeyValue(),
+ samlCallback.getCanonicalizationAlgorithm(),
+ samlCallback.getSignatureAlgorithm()
+ );
}
return assertion;
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java?rev=1486045&r1=1486044&r2=1486045&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java Fri May 24 13:15:54 2013
@@ -123,7 +123,11 @@ public abstract class AbstractStaxBindin
return new SecurePart(WSSConstants.TAG_wsse_UsernameToken, Modifier.Element);
}
- protected SecurePart addSamlToken(SamlToken token) throws WSSecurityException {
+ protected SecurePart addSamlToken(
+ SamlToken token,
+ boolean signed,
+ boolean endorsing
+ ) throws WSSecurityException {
IncludeTokenType includeToken = token.getIncludeTokenType();
if (!isTokenRequired(includeToken)) {
return null;
@@ -154,12 +158,8 @@ public abstract class AbstractStaxBindin
config.put(ConfigurationConstants.SAML_CALLBACK_REF, handler);
// Action
- boolean selfSignAssertion =
- MessageUtils.getContextualBoolean(
- message, SecurityConstants.SELF_SIGN_SAML_ASSERTION, false
- );
String samlAction = ConfigurationConstants.SAML_TOKEN_UNSIGNED;
- if (selfSignAssertion) {
+ if (signed || endorsing) {
samlAction = ConfigurationConstants.SAML_TOKEN_SIGNED;
}
@@ -170,7 +170,6 @@ public abstract class AbstractStaxBindin
config.put(ConfigurationConstants.ACTION, samlAction);
}
- // TODO -> Set SAML Type from policy?
QName qname = WSSConstants.TAG_saml2_Assertion;
SamlTokenType tokenType = token.getSamlTokenType();
if (tokenType == SamlTokenType.WssSamlV11Token10 || tokenType == SamlTokenType.WssSamlV11Token11) {
@@ -559,7 +558,7 @@ public abstract class AbstractStaxBindin
}
ret.put(token, new SecurePart(WSSConstants.TAG_dsig_Signature, Modifier.Element));
} else if (token instanceof SamlToken) {
- SecurePart securePart = addSamlToken((SamlToken)token);
+ SecurePart securePart = addSamlToken((SamlToken)token, false, endorse);
if (securePart != null) {
ret.put(token, securePart);
if (suppTokens.isEncryptedToken()) {
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java?rev=1486045&r1=1486044&r2=1486045&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java Fri May 24 13:15:54 2013
@@ -34,6 +34,7 @@ import org.apache.cxf.ws.policy.Assertio
import org.apache.wss4j.common.ConfigurationConstants;
import org.apache.wss4j.policy.SPConstants;
import org.apache.wss4j.policy.model.AbstractToken;
+import org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType;
import org.apache.wss4j.policy.model.Header;
import org.apache.wss4j.policy.model.IssuedToken;
import org.apache.wss4j.policy.model.KeyValueToken;
@@ -53,6 +54,7 @@ import org.apache.wss4j.stax.ext.WSSCons
public class StaxTransportBindingHandler extends AbstractStaxBindingHandler {
private static final Logger LOG = LogUtils.getL7dLogger(StaxTransportBindingHandler.class);
+ private TransportBinding tbinding;
public StaxTransportBindingHandler(Map<String, Object> properties, SoapMessage msg) {
super(properties, msg);
@@ -64,8 +66,8 @@ public class StaxTransportBindingHandler
configureLayout(aim);
if (this.isRequestor()) {
- TransportBinding binding = (TransportBinding)getBinding(aim);
- TransportToken token = binding.getTransportToken();
+ tbinding = (TransportBinding)getBinding(aim);
+ TransportToken token = tbinding.getTransportToken();
if (token.getToken() instanceof IssuedToken) {
// TODO
}
@@ -149,7 +151,7 @@ public class StaxTransportBindingHandler
}
} */
} else if (token instanceof SamlToken) {
- addSamlToken((SamlToken)token);
+ addSamlToken((SamlToken)token, false, false);
} else {
//REVISIT - not supported for signed. Exception?
}
@@ -234,12 +236,16 @@ public class StaxTransportBindingHandler
if (token instanceof X509Token
|| token instanceof KeyValueToken) {
doX509TokenSignature(token, wrapper);
- } /* TODO else if (token instanceof SamlToken) {
- SamlAssertionWrapper assertionWrapper = addSamlToken((SamlToken)token);
- assertionWrapper.toDOM(saaj.getSOAPPart());
- storeAssertionAsSecurityToken(assertionWrapper);
- addSig(doIssuedTokenSignature(token, wrapper));
- } TODO else if (token instanceof UsernameToken) {
+ } else if (token instanceof SamlToken) {
+ addSamlToken((SamlToken)token, false, true);
+ signPartsAndElements(wrapper.getSignedParts(), wrapper.getSignedElements());
+
+ Map<String, Object> config = getProperties();
+ config.put(ConfigurationConstants.SIG_ALGO,
+ tbinding.getAlgorithmSuite().getAsymmetricSignature());
+ AlgorithmSuiteType algType = tbinding.getAlgorithmSuite().getAlgorithmSuiteType();
+ config.put(ConfigurationConstants.SIG_DIGEST_ALGO, algType.getDigest());
+ } /*TODO else if (token instanceof UsernameToken) {
// Create a UsernameToken object for derived keys and store the security token
WSSecUsernameToken usernameToken = addDKUsernameToken((UsernameToken)token, true);
String id = usernameToken.getId();
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/SecurityTestUtil.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/SecurityTestUtil.java?rev=1486045&r1=1486044&r2=1486045&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/SecurityTestUtil.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/SecurityTestUtil.java Fri May 24 13:15:54 2013
@@ -23,6 +23,10 @@ import java.io.File;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
+import javax.xml.ws.BindingProvider;
+
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.example.contract.doubleit.DoubleItPortType;
/**
* A utility class for security tests
@@ -67,4 +71,13 @@ public final class SecurityTestUtil {
return false;
}
+ public static void enableStreaming(DoubleItPortType port) {
+ ((BindingProvider)port).getRequestContext().put(
+ SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
+ );
+ ((BindingProvider)port).getResponseContext().put(
+ SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
+ );
+ }
+
}
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java?rev=1486045&r1=1486044&r2=1486045&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java Fri May 24 13:15:54 2013
@@ -39,7 +39,8 @@ import org.example.contract.doubleit.Dou
import org.junit.BeforeClass;
/**
- * A set of tests for SAML Tokens.
+ * A set of tests for SAML Tokens. It tests both DOM + StAX clients against the
+ * DOM server
*/
public class SamlTokenTest extends AbstractBusClientServerTestBase {
static final String PORT = allocatePort(Server.class);
@@ -126,6 +127,69 @@ public class SamlTokenTest extends Abstr
}
@org.junit.Test
+ public void testSaml1OverTransportStreaming() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSaml1TransportPort");
+ DoubleItPortType saml1Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(saml1Port, PORT2);
+ SecurityTestUtil.enableStreaming(saml1Port);
+
+ try {
+ saml1Port.doubleIt(25);
+ fail("Expected failure on an invocation with no SAML Assertion");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // assertTrue(ex.getMessage().contains("No SAML CallbackHandler available"));
+ }
+
+ ((BindingProvider)saml1Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", new SamlCallbackHandler()
+ );
+ try {
+ saml1Port.doubleIt(25);
+ fail("Expected failure on an invocation with a SAML2 Assertion");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // assertTrue(ex.getMessage().contains("Wrong SAML Version"));
+ }
+
+ ((BindingProvider)saml1Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", new SamlCallbackHandler(false)
+ );
+ int result = saml1Port.doubleIt(25);
+ assertTrue(result == 50);
+
+ // Don't send any Token...failure expected
+ portQName = new QName(NAMESPACE, "DoubleItSaml1TransportPort2");
+ saml1Port = service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(saml1Port, PORT2);
+ SecurityTestUtil.enableStreaming(saml1Port);
+
+ ((BindingProvider)saml1Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", new SamlCallbackHandler(false)
+ );
+
+ try {
+ saml1Port.doubleIt(25);
+ fail("Failure expected on no token");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // String error = "The received token does not match the token inclusion requirement";
+ // assertTrue(ex.getMessage().contains(error));
+ }
+
+ ((java.io.Closeable)saml1Port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
public void testSaml1ElementOverTransport() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
@@ -160,6 +224,41 @@ public class SamlTokenTest extends Abstr
}
@org.junit.Test
+ public void testSaml1ElementOverTransportStreaming() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSaml1TransportPort");
+ DoubleItPortType saml1Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(saml1Port, PORT2);
+ SecurityTestUtil.enableStreaming(saml1Port);
+
+ try {
+ saml1Port.doubleIt(25);
+ fail("Expected failure on an invocation with no SAML Assertion");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // assertTrue(ex.getMessage().contains("No SAML CallbackHandler available"));
+ }
+
+ ((BindingProvider)saml1Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", new SamlElementCallbackHandler(false)
+ );
+ int result = saml1Port.doubleIt(25);
+ assertTrue(result == 50);
+
+ ((java.io.Closeable)saml1Port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
public void testSaml2OverSymmetric() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
@@ -216,11 +315,9 @@ public class SamlTokenTest extends Abstr
bus.shutdown(true);
}
- /**
- * Some negative tests. Send a sender-vouches assertion as a SupportingToken...this will
- * fail as the provider will demand that there is a signature covering both the assertion
- * and the message body.
- */
+ // Some negative tests. Send a sender-vouches assertion as a SupportingToken...this will
+ // fail as the provider will demand that there is a signature covering both the assertion
+ // and the message body.
@org.junit.Test
public void testSaml2OverSymmetricSupporting() throws Exception {
@@ -342,6 +439,34 @@ public class SamlTokenTest extends Abstr
}
@org.junit.Test
+ public void testSaml1SelfSignedOverTransportStreaming() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSaml1SelfSignedTransportPort");
+ DoubleItPortType saml1Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(saml1Port, PORT2);
+ SecurityTestUtil.enableStreaming(saml1Port);
+
+ ((BindingProvider)saml1Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", new SamlCallbackHandler(false, true)
+ );
+ int result = saml1Port.doubleIt(25);
+ assertTrue(result == 50);
+
+ ((java.io.Closeable)saml1Port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
public void testSaml1SelfSignedOverTransportSP11() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
@@ -369,6 +494,34 @@ public class SamlTokenTest extends Abstr
}
@org.junit.Test
+ public void testSaml1SelfSignedOverTransportSP11Streaming() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSaml1SelfSignedTransportSP11Port");
+ DoubleItPortType saml1Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(saml1Port, PORT2);
+ SecurityTestUtil.enableStreaming(saml1Port);
+
+ ((BindingProvider)saml1Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", new SamlCallbackHandler(false, true)
+ );
+ int result = saml1Port.doubleIt(25);
+ assertTrue(result == 50);
+
+ ((java.io.Closeable)saml1Port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
public void testAsymmetricSamlInitiator() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
@@ -455,6 +608,37 @@ public class SamlTokenTest extends Abstr
}
@org.junit.Test
+ public void testSaml2EndorsingOverTransportStreaming() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSaml2EndorsingTransportPort");
+ DoubleItPortType saml2Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(saml2Port, PORT2);
+ SecurityTestUtil.enableStreaming(saml2Port);
+
+ SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true, true);
+ callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
+ ((BindingProvider)saml2Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", callbackHandler
+ );
+
+ int result = saml2Port.doubleIt(25);
+ assertTrue(result == 50);
+
+ ((java.io.Closeable)saml2Port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
public void testSaml2EndorsingPKOverTransport() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
@@ -486,6 +670,38 @@ public class SamlTokenTest extends Abstr
}
@org.junit.Test
+ public void testSaml2EndorsingPKOverTransportStreaming() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSaml2EndorsingTransportPort");
+ DoubleItPortType saml2Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(saml2Port, PORT2);
+ SecurityTestUtil.enableStreaming(saml2Port);
+
+ SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true, true);
+ callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
+ callbackHandler.setKeyInfoIdentifier(CERT_IDENTIFIER.KEY_VALUE);
+ ((BindingProvider)saml2Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", callbackHandler
+ );
+
+ int result = saml2Port.doubleIt(25);
+ assertTrue(result == 50);
+
+ ((java.io.Closeable)saml2Port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
public void testSaml2EndorsingOverTransportSP11() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
@@ -514,7 +730,38 @@ public class SamlTokenTest extends Abstr
((java.io.Closeable)saml2Port).close();
bus.shutdown(true);
}
+
+ @org.junit.Test
+ public void testSaml2EndorsingOverTransportSP11Streaming() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSaml2EndorsingTransportSP11Port");
+ DoubleItPortType saml2Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(saml2Port, PORT2);
+ SecurityTestUtil.enableStreaming(saml2Port);
+
+ SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true, true);
+ callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
+ ((BindingProvider)saml2Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", callbackHandler
+ );
+
+ int result = saml2Port.doubleIt(25);
+ assertTrue(result == 50);
+
+ ((java.io.Closeable)saml2Port).close();
+ bus.shutdown(true);
+ }
+
@org.junit.Test
public void testSaml2OverAsymmetricSignedEncrypted() throws Exception {
@@ -571,7 +818,6 @@ public class SamlTokenTest extends Abstr
bus.shutdown(true);
}
-
@org.junit.Test
public void testSaml2EndorsingEncryptedOverTransport() throws Exception {
@@ -603,6 +849,37 @@ public class SamlTokenTest extends Abstr
}
@org.junit.Test
+ public void testSaml2EndorsingEncryptedOverTransportStreaming() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSaml2EndorsingEncryptedTransportPort");
+ DoubleItPortType saml2Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(saml2Port, PORT2);
+ SecurityTestUtil.enableStreaming(saml2Port);
+
+ SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true, true);
+ callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
+ ((BindingProvider)saml2Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", callbackHandler
+ );
+
+ int result = saml2Port.doubleIt(25);
+ assertTrue(result == 50);
+
+ ((java.io.Closeable)saml2Port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
public void testNoSamlToken() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
@@ -631,6 +908,36 @@ public class SamlTokenTest extends Abstr
bus.shutdown(true);
}
+ @org.junit.Test
+ public void testNoSamlTokenStreaming() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItInlinePolicyPort");
+ DoubleItPortType saml2Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(saml2Port, PORT2);
+ SecurityTestUtil.enableStreaming(saml2Port);
+
+ try {
+ saml2Port.doubleIt(25);
+ fail("Failure expected on no SamlToken");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // String error = "The received token does not match the token inclusion requirement";
+ // assertTrue(ex.getMessage().contains(error));
+ }
+
+ ((java.io.Closeable)saml2Port).close();
+ bus.shutdown(true);
+ }
+
// In this test-case, the WSP is configured with a XACML PEP interceptor, which in this
// case just mocks the call to the PDP + enforces the decision
@org.junit.Test
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java?rev=1486045&r1=1486044&r2=1486045&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java Fri May 24 13:15:54 2013
@@ -39,7 +39,8 @@ import org.example.contract.doubleit.Dou
import org.junit.BeforeClass;
/**
- * A set of tests for SAML Tokens using the streaming interceptors.
+ * A set of tests for SAML Tokens using the streaming interceptors. It tests both DOM + StAX
+ * clients against the StAX server
*/
public class StaxSamlTokenTest extends AbstractBusClientServerTestBase {
static final String PORT = allocatePort(StaxServer.class);
@@ -126,6 +127,69 @@ public class StaxSamlTokenTest extends A
}
@org.junit.Test
+ public void testSaml1OverTransportStreaming() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = StaxSamlTokenTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSaml1TransportPort");
+ DoubleItPortType saml1Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(saml1Port, PORT2);
+ SecurityTestUtil.enableStreaming(saml1Port);
+
+ try {
+ saml1Port.doubleIt(25);
+ fail("Expected failure on an invocation with no SAML Assertion");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // assertTrue(ex.getMessage().contains("No SAML CallbackHandler available"));
+ }
+
+ ((BindingProvider)saml1Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", new SamlCallbackHandler()
+ );
+ try {
+ saml1Port.doubleIt(25);
+ fail("Expected failure on an invocation with a SAML2 Assertion");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // assertTrue(ex.getMessage().contains("Policy enforces SamlVersion11Profile11 but we got 2.0"));
+ }
+
+ ((BindingProvider)saml1Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", new SamlCallbackHandler(false)
+ );
+ int result = saml1Port.doubleIt(25);
+ assertTrue(result == 50);
+
+ // Don't send any Token...failure expected
+ portQName = new QName(NAMESPACE, "DoubleItSaml1TransportPort2");
+ saml1Port = service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(saml1Port, PORT2);
+ SecurityTestUtil.enableStreaming(saml1Port);
+
+ ((BindingProvider)saml1Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", new SamlCallbackHandler(false)
+ );
+
+ try {
+ saml1Port.doubleIt(25);
+ fail("Failure expected on no token");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // String error = "SamlToken not satisfied";
+ // assertTrue(ex.getMessage().contains(error));
+ }
+
+ ((java.io.Closeable)saml1Port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
public void testSaml1ElementOverTransport() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
@@ -159,6 +223,41 @@ public class StaxSamlTokenTest extends A
bus.shutdown(true);
}
+ @org.junit.Test
+ public void testSaml1ElementOverTransportStreaming() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = StaxSamlTokenTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSaml1TransportPort");
+ DoubleItPortType saml1Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(saml1Port, PORT2);
+ SecurityTestUtil.enableStreaming(saml1Port);
+
+ try {
+ saml1Port.doubleIt(25);
+ fail("Expected failure on an invocation with no SAML Assertion");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // assertTrue(ex.getMessage().contains("No SAML CallbackHandler available"));
+ }
+
+ ((BindingProvider)saml1Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", new SamlElementCallbackHandler(false)
+ );
+ int result = saml1Port.doubleIt(25);
+ assertTrue(result == 50);
+
+ ((java.io.Closeable)saml1Port).close();
+ bus.shutdown(true);
+ }
+
// TODO See WSS-442
@org.junit.Test
@org.junit.Ignore
@@ -218,11 +317,9 @@ public class StaxSamlTokenTest extends A
bus.shutdown(true);
}
- /**
- * Some negative tests. Send a sender-vouches assertion as a SupportingToken...this will
- * fail as the provider will demand that there is a signature covering both the assertion
- * and the message body.
- */
+ // Some negative tests. Send a sender-vouches assertion as a SupportingToken...this will
+ // fail as the provider will demand that there is a signature covering both the assertion
+ // and the message body.
// TODO See WSS-442
@org.junit.Test
@org.junit.Ignore
@@ -348,6 +445,34 @@ public class StaxSamlTokenTest extends A
}
@org.junit.Test
+ public void testSaml1SelfSignedOverTransportStreaming() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = StaxSamlTokenTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSaml1SelfSignedTransportPort");
+ DoubleItPortType saml1Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(saml1Port, PORT2);
+ SecurityTestUtil.enableStreaming(saml1Port);
+
+ ((BindingProvider)saml1Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", new SamlCallbackHandler(false, true)
+ );
+ int result = saml1Port.doubleIt(25);
+ assertTrue(result == 50);
+
+ ((java.io.Closeable)saml1Port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
public void testSaml1SelfSignedOverTransportSP11() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
@@ -374,6 +499,34 @@ public class StaxSamlTokenTest extends A
bus.shutdown(true);
}
+ @org.junit.Test
+ public void testSaml1SelfSignedOverTransportSP11Streaming() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = StaxSamlTokenTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSaml1SelfSignedTransportSP11Port");
+ DoubleItPortType saml1Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(saml1Port, PORT2);
+ SecurityTestUtil.enableStreaming(saml1Port);
+
+ ((BindingProvider)saml1Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", new SamlCallbackHandler(false, true)
+ );
+ int result = saml1Port.doubleIt(25);
+ assertTrue(result == 50);
+
+ ((java.io.Closeable)saml1Port).close();
+ bus.shutdown(true);
+ }
+
// TODO See WSS-442
@org.junit.Test
@org.junit.Ignore
@@ -434,7 +587,7 @@ public class StaxSamlTokenTest extends A
bus.shutdown(true);
}
- // NPE in outbound DOM because of SignatureConfirmation - should be fixed with StaX out
+ // See WSS-446
@org.junit.Test
@org.junit.Ignore
public void testSaml2EndorsingOverTransport() throws Exception {
@@ -466,7 +619,7 @@ public class StaxSamlTokenTest extends A
bus.shutdown(true);
}
- // NPE in outbound DOM because of SignatureConfirmation - should be fixed with StaX out
+ // See WSS-446
@org.junit.Test
@org.junit.Ignore
public void testSaml2EndorsingPKOverTransport() throws Exception {
@@ -528,6 +681,37 @@ public class StaxSamlTokenTest extends A
((java.io.Closeable)saml2Port).close();
bus.shutdown(true);
}
+
+ @org.junit.Test
+ public void testSaml2EndorsingOverTransportSP11Streaming() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = StaxSamlTokenTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSaml2EndorsingTransportSP11Port");
+ DoubleItPortType saml2Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(saml2Port, PORT2);
+ SecurityTestUtil.enableStreaming(saml2Port);
+
+ SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true, true);
+ callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
+ ((BindingProvider)saml2Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", callbackHandler
+ );
+
+ int result = saml2Port.doubleIt(25);
+ assertTrue(result == 50);
+
+ ((java.io.Closeable)saml2Port).close();
+ bus.shutdown(true);
+ }
// TODO See WSS-442
@org.junit.Test
@@ -650,6 +834,36 @@ public class StaxSamlTokenTest extends A
bus.shutdown(true);
}
+ @org.junit.Test
+ public void testNoSamlTokenStreaming() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = StaxSamlTokenTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItInlinePolicyPort");
+ DoubleItPortType saml2Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(saml2Port, PORT2);
+ SecurityTestUtil.enableStreaming(saml2Port);
+
+ try {
+ saml2Port.doubleIt(25);
+ fail("Failure expected on no SamlToken");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // String error = "SamlToken not satisfied";
+ // assertTrue(ex.getMessage().contains(error));
+ }
+
+ ((java.io.Closeable)saml2Port).close();
+ bus.shutdown(true);
+ }
+
// In this test-case, the WSP is configured with a XACML PEP interceptor, which in this
// case just mocks the call to the PDP + enforces the decision
// TODO See WSS-442
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java?rev=1486045&r1=1486044&r2=1486045&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java Fri May 24 13:15:54 2013
@@ -30,6 +30,7 @@ import javax.security.auth.callback.Unsu
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.crypto.CryptoType;
+import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SAMLCallback;
import org.apache.wss4j.common.saml.bean.AttributeBean;
import org.apache.wss4j.common.saml.bean.AttributeStatementBean;
@@ -47,6 +48,7 @@ public class SamlCallbackHandler impleme
private boolean saml2 = true;
private String confirmationMethod = SAML2Constants.CONF_SENDER_VOUCHES;
private CERT_IDENTIFIER keyInfoIdentifier = CERT_IDENTIFIER.X509_CERT;
+ private boolean signAssertion;
public SamlCallbackHandler() {
//
@@ -56,6 +58,11 @@ public class SamlCallbackHandler impleme
this.saml2 = saml2;
}
+ public SamlCallbackHandler(boolean saml2, boolean signAssertion) {
+ this.saml2 = saml2;
+ this.signAssertion = signAssertion;
+ }
+
public void setConfirmationMethod(String confirmationMethod) {
this.confirmationMethod = confirmationMethod;
}
@@ -107,6 +114,19 @@ public class SamlCallbackHandler impleme
attributeBean.setAttributeValues(Collections.singletonList("system-user"));
attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
callback.setAttributeStatementData(Collections.singletonList(attrBean));
+
+ try {
+ if (signAssertion) {
+ String file = "org/apache/cxf/systest/ws/wssec10/client/alice.properties";
+ Crypto crypto = CryptoFactory.getInstance(file);
+ callback.setIssuerCrypto(crypto);
+ callback.setIssuerKeyName("alice");
+ callback.setIssuerKeyPassword("password");
+ }
+ callback.setSignAssertion(signAssertion);
+ } catch (WSSecurityException e) {
+ throw new IOException(e);
+ }
}
}
}
@@ -128,5 +148,13 @@ public class SamlCallbackHandler impleme
return keyInfo;
}
+
+ public boolean isSignAssertion() {
+ return signAssertion;
+ }
+
+ public void setSignAssertion(boolean signAssertion) {
+ this.signAssertion = signAssertion;
+ }
}
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/StaxUsernameTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/StaxUsernameTokenTest.java?rev=1486045&r1=1486044&r2=1486045&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/StaxUsernameTokenTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/StaxUsernameTokenTest.java Fri May 24 13:15:54 2013
@@ -83,12 +83,7 @@ public class StaxUsernameTokenTest exten
utPort.doubleIt(25);
// Streaming
- ((BindingProvider)utPort).getRequestContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
- ((BindingProvider)utPort).getResponseContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
+ SecurityTestUtil.enableStreaming(utPort);
utPort.doubleIt(25);
((java.io.Closeable)utPort).close();
@@ -116,12 +111,7 @@ public class StaxUsernameTokenTest exten
utPort.doubleIt(25);
// Streaming
- ((BindingProvider)utPort).getRequestContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
- ((BindingProvider)utPort).getResponseContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
+ SecurityTestUtil.enableStreaming(utPort);
utPort.doubleIt(25);
((java.io.Closeable)utPort).close();
@@ -149,12 +139,7 @@ public class StaxUsernameTokenTest exten
utPort.doubleIt(25);
// Streaming
- ((BindingProvider)utPort).getRequestContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
- ((BindingProvider)utPort).getResponseContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
+ SecurityTestUtil.enableStreaming(utPort);
utPort.doubleIt(25);
((java.io.Closeable)utPort).close();
@@ -182,12 +167,7 @@ public class StaxUsernameTokenTest exten
utPort.doubleIt(25);
// Streaming
- ((BindingProvider)utPort).getRequestContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
- ((BindingProvider)utPort).getResponseContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
+ SecurityTestUtil.enableStreaming(utPort);
utPort.doubleIt(25);
((java.io.Closeable)utPort).close();
@@ -215,12 +195,7 @@ public class StaxUsernameTokenTest exten
utPort.doubleIt(25);
// Streaming
- ((BindingProvider)utPort).getRequestContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
- ((BindingProvider)utPort).getResponseContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
+ SecurityTestUtil.enableStreaming(utPort);
utPort.doubleIt(25);
((java.io.Closeable)utPort).close();
@@ -248,12 +223,7 @@ public class StaxUsernameTokenTest exten
utPort.doubleIt(25);
// Streaming
- ((BindingProvider)utPort).getRequestContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
- ((BindingProvider)utPort).getResponseContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
+ SecurityTestUtil.enableStreaming(utPort);
utPort.doubleIt(25);
((java.io.Closeable)utPort).close();
@@ -281,12 +251,7 @@ public class StaxUsernameTokenTest exten
utPort.doubleIt(25);
// Streaming
- ((BindingProvider)utPort).getRequestContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
- ((BindingProvider)utPort).getResponseContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
+ SecurityTestUtil.enableStreaming(utPort);
utPort.doubleIt(25);
((java.io.Closeable)utPort).close();
@@ -321,12 +286,7 @@ public class StaxUsernameTokenTest exten
/*
// TODO
// Streaming
- ((BindingProvider)utPort).getRequestContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
- ((BindingProvider)utPort).getResponseContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
+ SecurityTestUtil.enableStreaming(utPort);
try {
utPort.doubleIt(25);
fail("Failure expected on no UsernameToken");
@@ -409,12 +369,7 @@ public class StaxUsernameTokenTest exten
/*
// TODO
// Streaming
- ((BindingProvider)utPort).getRequestContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
- ((BindingProvider)utPort).getResponseContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
+ SecurityTestUtil.enableStreaming(utPort);
((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME, "Alice");
utPort.doubleIt(25);
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java?rev=1486045&r1=1486044&r2=1486045&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java Fri May 24 13:15:54 2013
@@ -83,12 +83,7 @@ public class UsernameTokenTest extends A
utPort.doubleIt(25);
// Streaming
- ((BindingProvider)utPort).getRequestContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
- ((BindingProvider)utPort).getResponseContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
+ SecurityTestUtil.enableStreaming(utPort);
utPort.doubleIt(25);
((java.io.Closeable)utPort).close();
@@ -116,12 +111,7 @@ public class UsernameTokenTest extends A
utPort.doubleIt(25);
// Streaming
- ((BindingProvider)utPort).getRequestContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
- ((BindingProvider)utPort).getResponseContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
+ SecurityTestUtil.enableStreaming(utPort);
utPort.doubleIt(25);
((java.io.Closeable)utPort).close();
@@ -149,12 +139,7 @@ public class UsernameTokenTest extends A
utPort.doubleIt(25);
// Streaming
- ((BindingProvider)utPort).getRequestContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
- ((BindingProvider)utPort).getResponseContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
+ SecurityTestUtil.enableStreaming(utPort);
utPort.doubleIt(25);
((java.io.Closeable)utPort).close();
@@ -182,12 +167,7 @@ public class UsernameTokenTest extends A
utPort.doubleIt(25);
// Streaming
- ((BindingProvider)utPort).getRequestContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
- ((BindingProvider)utPort).getResponseContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
+ SecurityTestUtil.enableStreaming(utPort);
utPort.doubleIt(25);
((java.io.Closeable)utPort).close();
@@ -215,12 +195,7 @@ public class UsernameTokenTest extends A
utPort.doubleIt(25);
// Streaming
- ((BindingProvider)utPort).getRequestContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
- ((BindingProvider)utPort).getResponseContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
+ SecurityTestUtil.enableStreaming(utPort);
utPort.doubleIt(25);
((java.io.Closeable)utPort).close();
@@ -248,12 +223,7 @@ public class UsernameTokenTest extends A
utPort.doubleIt(25);
// Streaming
- ((BindingProvider)utPort).getRequestContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
- ((BindingProvider)utPort).getResponseContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
+ SecurityTestUtil.enableStreaming(utPort);
utPort.doubleIt(25);
((java.io.Closeable)utPort).close();
@@ -281,12 +251,7 @@ public class UsernameTokenTest extends A
utPort.doubleIt(25);
// Streaming
- ((BindingProvider)utPort).getRequestContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
- ((BindingProvider)utPort).getResponseContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
+ SecurityTestUtil.enableStreaming(utPort);
utPort.doubleIt(25);
((java.io.Closeable)utPort).close();
@@ -322,12 +287,7 @@ public class UsernameTokenTest extends A
/*
// TODO
// Streaming
- ((BindingProvider)utPort).getRequestContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
- ((BindingProvider)utPort).getResponseContext().put(
- SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
- );
+ SecurityTestUtil.enableStreaming(utPort);
try {
utPort.doubleIt(25);
fail("Failure expected on no UsernameToken");
@@ -450,6 +410,7 @@ public class UsernameTokenTest extends A
// Streaming
/*
// TODO
+ SecurityTestUtil.enableStreaming(utPort);
((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME, "Alice");
utPort.doubleIt(25);