You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/05/31 16:00:57 UTC
svn commit: r1488228 - in /cxf/trunk:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/
systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/
systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/cli...
Author: coheigea
Date: Fri May 31 14:00:57 2013
New Revision: 1488228
URL: http://svn.apache.org/r1488228
Log:
Fixed streaming SAML Asymmetric tests
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/clean-asym-policy.xml
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/stax-server.xml
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java?rev=1488228&r1=1488227&r2=1488228&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java Fri May 31 14:00:57 2013
@@ -498,13 +498,14 @@ public abstract class AbstractStaxBindin
protected Map<AbstractToken, SecurePart> handleSupportingTokens(
Collection<Assertion> tokens,
+ boolean signed,
boolean endorse
) throws Exception {
Map<AbstractToken, SecurePart> ret = new HashMap<AbstractToken, SecurePart>();
if (tokens != null) {
for (Assertion pa : tokens) {
if (pa instanceof SupportingTokens) {
- handleSupportingTokens((SupportingTokens)pa, endorse, ret);
+ handleSupportingTokens((SupportingTokens)pa, signed, endorse, ret);
}
}
}
@@ -513,13 +514,15 @@ public abstract class AbstractStaxBindin
protected Map<AbstractToken, SecurePart> handleSupportingTokens(
SupportingTokens suppTokens,
+ boolean signed,
boolean endorse
) throws Exception {
- return handleSupportingTokens(suppTokens, endorse, new HashMap<AbstractToken, SecurePart>());
+ return handleSupportingTokens(suppTokens, signed, endorse, new HashMap<AbstractToken, SecurePart>());
}
protected Map<AbstractToken, SecurePart> handleSupportingTokens(
SupportingTokens suppTokens,
+ boolean signed,
boolean endorse,
Map<AbstractToken, SecurePart> ret
) throws Exception {
@@ -608,7 +611,7 @@ public abstract class AbstractStaxBindin
}
ret.put(token, new SecurePart(WSSConstants.TAG_dsig_Signature, Modifier.Element));
} else if (token instanceof SamlToken) {
- SecurePart securePart = addSamlToken((SamlToken)token, false, endorse);
+ SecurePart securePart = addSamlToken((SamlToken)token, signed, endorse);
if (securePart != null) {
ret.put(token, securePart);
if (suppTokens.isEncryptedToken()) {
@@ -661,45 +664,45 @@ public abstract class AbstractStaxBindin
Collection<Assertion> sgndSuppTokens =
findAndAssertPolicy(SP12Constants.SIGNED_SUPPORTING_TOKENS);
Map<AbstractToken, SecurePart> sigSuppTokMap =
- this.handleSupportingTokens(sgndSuppTokens, false);
+ this.handleSupportingTokens(sgndSuppTokens, true, false);
sgndSuppTokens = findAndAssertPolicy(SP11Constants.SIGNED_SUPPORTING_TOKENS);
- sigSuppTokMap.putAll(this.handleSupportingTokens(sgndSuppTokens, false));
+ sigSuppTokMap.putAll(this.handleSupportingTokens(sgndSuppTokens, true, false));
Collection<Assertion> endSuppTokens =
findAndAssertPolicy(SP12Constants.ENDORSING_SUPPORTING_TOKENS);
- endSuppTokMap = this.handleSupportingTokens(endSuppTokens, true);
+ endSuppTokMap = this.handleSupportingTokens(endSuppTokens, false, true);
endSuppTokens = findAndAssertPolicy(SP11Constants.ENDORSING_SUPPORTING_TOKENS);
- endSuppTokMap.putAll(this.handleSupportingTokens(endSuppTokens, true));
+ endSuppTokMap.putAll(this.handleSupportingTokens(endSuppTokens, false, true));
Collection<Assertion> sgndEndSuppTokens
= findAndAssertPolicy(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
- sgndEndSuppTokMap = this.handleSupportingTokens(sgndEndSuppTokens, true);
+ sgndEndSuppTokMap = this.handleSupportingTokens(sgndEndSuppTokens, true, true);
sgndEndSuppTokens = findAndAssertPolicy(SP11Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
- sgndEndSuppTokMap.putAll(this.handleSupportingTokens(sgndEndSuppTokens, true));
+ sgndEndSuppTokMap.putAll(this.handleSupportingTokens(sgndEndSuppTokens, true, true));
Collection<Assertion> sgndEncryptedSuppTokens
= findAndAssertPolicy(SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
Map<AbstractToken, SecurePart> sgndEncSuppTokMap =
- this.handleSupportingTokens(sgndEncryptedSuppTokens, false);
+ this.handleSupportingTokens(sgndEncryptedSuppTokens, true, false);
Collection<Assertion> endorsingEncryptedSuppTokens
= findAndAssertPolicy(SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
endEncSuppTokMap
- = this.handleSupportingTokens(endorsingEncryptedSuppTokens, true);
+ = this.handleSupportingTokens(endorsingEncryptedSuppTokens, false, true);
Collection<Assertion> sgndEndEncSuppTokens
= findAndAssertPolicy(SP12Constants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
- sgndEndEncSuppTokMap = this.handleSupportingTokens(sgndEndEncSuppTokens, true);
+ sgndEndEncSuppTokMap = this.handleSupportingTokens(sgndEndEncSuppTokens, true, true);
Collection<Assertion> supportingToks
= findAndAssertPolicy(SP12Constants.SUPPORTING_TOKENS);
- this.handleSupportingTokens(supportingToks, false);
+ this.handleSupportingTokens(supportingToks, false, false);
supportingToks = findAndAssertPolicy(SP11Constants.SUPPORTING_TOKENS);
- this.handleSupportingTokens(supportingToks, false);
+ this.handleSupportingTokens(supportingToks, false, false);
Collection<Assertion> encryptedSupportingToks
= findAndAssertPolicy(SP12Constants.ENCRYPTED_SUPPORTING_TOKENS);
- this.handleSupportingTokens(encryptedSupportingToks, false);
+ this.handleSupportingTokens(encryptedSupportingToks, false, false);
//Setup signature parts
addSignatureParts(sigSuppTokMap);
@@ -722,7 +725,13 @@ public abstract class AbstractStaxBindin
}
QName name = part.getName();
- parts += "{Element}{" + name.getNamespaceURI() + "}" + name.getLocalPart() + ";";
+ String action = (String)config.get(ConfigurationConstants.ACTION);
+ // Don't add a signed SAML Token as a part, as it will be automatically signed by WSS4J
+ if (!((WSSConstants.TAG_saml_Assertion.equals(name)
+ || WSSConstants.TAG_saml2_Assertion.equals(name))
+ && action != null && action.contains(ConfigurationConstants.SAML_TOKEN_SIGNED))) {
+ parts += "{Element}{" + name.getNamespaceURI() + "}" + name.getLocalPart() + ";";
+ }
config.put(ConfigurationConstants.SIGNATURE_PARTS, parts);
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java?rev=1488228&r1=1488227&r2=1488228&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java Fri May 31 14:00:57 2013
@@ -352,7 +352,9 @@ public class StaxAsymmetricBindingHandle
if (config.containsKey(ConfigurationConstants.ACTION)) {
String action = (String)config.get(ConfigurationConstants.ACTION);
- config.put(ConfigurationConstants.ACTION, action + " " + actionToPerform);
+ if (!action.contains(ConfigurationConstants.SAML_TOKEN_SIGNED)) {
+ config.put(ConfigurationConstants.ACTION, action + " " + actionToPerform);
+ }
} else {
config.put(ConfigurationConstants.ACTION, actionToPerform);
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java?rev=1488228&r1=1488227&r2=1488228&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java Fri May 31 14:00:57 2013
@@ -130,7 +130,7 @@ public class StaxTransportBindingHandler
SupportingTokens suppTokens = (SupportingTokens)ai.getAssertion();
if (suppTokens != null && suppTokens.getTokens() != null
&& suppTokens.getTokens().size() > 0) {
- handleSupportingTokens(suppTokens, false);
+ handleSupportingTokens(suppTokens, false, false);
}
ai.setAsserted(true);
}
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java?rev=1488228&r1=1488227&r2=1488228&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java Fri May 31 14:00:57 2013
@@ -412,6 +412,69 @@ public class SamlTokenTest extends Abstr
}
@org.junit.Test
+ public void testSaml2OverAsymmetricStreaming() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSaml2AsymmetricPort");
+ DoubleItPortType saml2Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(saml2Port, PORT);
+ SecurityTestUtil.enableStreaming(saml2Port);
+
+ try {
+ saml2Port.doubleIt(25);
+ fail("Expected failure on an invocation with no SAML Assertion");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // assertTrue(ex.getMessage().contains("No SAML CallbackHandler available"));
+ }
+
+ ((BindingProvider)saml2Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", new SamlCallbackHandler(false)
+ );
+ try {
+ saml2Port.doubleIt(25);
+ fail("Expected failure on an invocation with a SAML1 Assertion");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // assertTrue(ex.getMessage().contains("Wrong SAML Version"));
+ }
+
+ ((BindingProvider)saml2Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", new SamlCallbackHandler()
+ );
+ int result = saml2Port.doubleIt(25);
+ assertTrue(result == 50);
+
+ // Don't send any Token...failure expected
+ portQName = new QName(NAMESPACE, "DoubleItSaml2AsymmetricPort2");
+ saml2Port = service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(saml2Port, PORT);
+ SecurityTestUtil.enableStreaming(saml2Port);
+
+ ((BindingProvider)saml2Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", new SamlCallbackHandler()
+ );
+
+ try {
+ saml2Port.doubleIt(25);
+ fail("Failure expected on no token");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ //String error = "The received token does not match the token inclusion requirement";
+ //assertTrue(ex.getMessage().contains(error));
+ }
+
+ ((java.io.Closeable)saml2Port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
public void testSaml1SelfSignedOverTransport() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
@@ -790,6 +853,34 @@ public class SamlTokenTest extends Abstr
}
@org.junit.Test
+ public void testSaml2OverAsymmetricSignedEncryptedStreaming() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSaml2AsymmetricSignedEncryptedPort");
+ DoubleItPortType saml2Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(saml2Port, PORT);
+ SecurityTestUtil.enableStreaming(saml2Port);
+
+ ((BindingProvider)saml2Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", new SamlCallbackHandler()
+ );
+ int result = saml2Port.doubleIt(25);
+ assertTrue(result == 50);
+
+ ((java.io.Closeable)saml2Port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
public void testSaml2OverAsymmetricEncrypted() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
@@ -819,6 +910,36 @@ public class SamlTokenTest extends Abstr
}
@org.junit.Test
+ public void testSaml2OverAsymmetricEncryptedStreaming() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSaml2AsymmetricEncryptedPort");
+ DoubleItPortType saml2Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(saml2Port, PORT);
+ SecurityTestUtil.enableStreaming(saml2Port);
+
+ SamlCallbackHandler callbackHandler = new SamlCallbackHandler();
+ callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
+ ((BindingProvider)saml2Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", callbackHandler
+ );
+ int result = saml2Port.doubleIt(25);
+ assertTrue(result == 50);
+
+ ((java.io.Closeable)saml2Port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
public void testSaml2EndorsingEncryptedOverTransport() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java?rev=1488228&r1=1488227&r2=1488228&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java Fri May 31 14:00:57 2013
@@ -354,9 +354,7 @@ public class StaxSamlTokenTest extends A
bus.shutdown(true);
}
- // TODO See WSS-442
@org.junit.Test
- @org.junit.Ignore
public void testSaml2OverAsymmetric() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
@@ -387,7 +385,7 @@ public class StaxSamlTokenTest extends A
saml2Port.doubleIt(25);
fail("Expected failure on an invocation with a SAML1 Assertion");
} catch (javax.xml.ws.soap.SOAPFaultException ex) {
- assertTrue(ex.getMessage().contains("Wrong SAML Version"));
+ // assertTrue(ex.getMessage().contains("Wrong SAML Version"));
}
((BindingProvider)saml2Port).getRequestContext().put(
@@ -409,8 +407,71 @@ public class StaxSamlTokenTest extends A
saml2Port.doubleIt(25);
fail("Failure expected on no token");
} catch (javax.xml.ws.soap.SOAPFaultException ex) {
- String error = "SamlToken not satisfied";
- assertTrue(ex.getMessage().contains(error));
+ // String error = "SamlToken not satisfied";
+ // assertTrue(ex.getMessage().contains(error));
+ }
+
+ ((java.io.Closeable)saml2Port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
+ public void testSaml2OverAsymmetricStreaming() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = StaxSamlTokenTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSaml2AsymmetricPort");
+ DoubleItPortType saml2Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(saml2Port, PORT);
+ SecurityTestUtil.enableStreaming(saml2Port);
+
+ try {
+ saml2Port.doubleIt(25);
+ fail("Expected failure on an invocation with no SAML Assertion");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // assertTrue(ex.getMessage().contains("No SAML CallbackHandler available"));
+ }
+
+ ((BindingProvider)saml2Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", new SamlCallbackHandler(false)
+ );
+ try {
+ saml2Port.doubleIt(25);
+ fail("Expected failure on an invocation with a SAML1 Assertion");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // assertTrue(ex.getMessage().contains("Wrong SAML Version"));
+ }
+
+ ((BindingProvider)saml2Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", new SamlCallbackHandler()
+ );
+ int result = saml2Port.doubleIt(25);
+ assertTrue(result == 50);
+
+ // Don't send any Token...failure expected
+ portQName = new QName(NAMESPACE, "DoubleItSaml2AsymmetricPort2");
+ saml2Port = service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(saml2Port, PORT);
+ SecurityTestUtil.enableStreaming(saml2Port);
+
+ ((BindingProvider)saml2Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", new SamlCallbackHandler()
+ );
+
+ try {
+ saml2Port.doubleIt(25);
+ fail("Failure expected on no token");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // String error = "SamlToken not satisfied";
+ // assertTrue(ex.getMessage().contains(error));
}
((java.io.Closeable)saml2Port).close();
@@ -713,9 +774,7 @@ public class StaxSamlTokenTest extends A
bus.shutdown(true);
}
- // TODO See WSS-442
@org.junit.Test
- @org.junit.Ignore
public void testSaml2OverAsymmetricSignedEncrypted() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
@@ -742,9 +801,35 @@ public class StaxSamlTokenTest extends A
bus.shutdown(true);
}
- // TODO See WSS-442
@org.junit.Test
- @org.junit.Ignore
+ public void testSaml2OverAsymmetricSignedEncryptedStreaming() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = StaxSamlTokenTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSaml2AsymmetricSignedEncryptedPort");
+ DoubleItPortType saml2Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(saml2Port, PORT);
+ SecurityTestUtil.enableStreaming(saml2Port);
+
+ ((BindingProvider)saml2Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", new SamlCallbackHandler()
+ );
+ int result = saml2Port.doubleIt(25);
+ assertTrue(result == 50);
+
+ ((java.io.Closeable)saml2Port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
public void testSaml2OverAsymmetricEncrypted() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
@@ -773,6 +858,36 @@ public class StaxSamlTokenTest extends A
bus.shutdown(true);
}
+ @org.junit.Test
+ public void testSaml2OverAsymmetricEncryptedStreaming() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = StaxSamlTokenTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSaml2AsymmetricEncryptedPort");
+ DoubleItPortType saml2Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(saml2Port, PORT);
+ SecurityTestUtil.enableStreaming(saml2Port);
+
+ SamlCallbackHandler callbackHandler = new SamlCallbackHandler();
+ callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
+ ((BindingProvider)saml2Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", callbackHandler
+ );
+ int result = saml2Port.doubleIt(25);
+ assertTrue(result == 50);
+
+ ((java.io.Closeable)saml2Port).close();
+ bus.shutdown(true);
+ }
+
// See WSS-443
@org.junit.Test
@org.junit.Ignore
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java?rev=1488228&r1=1488227&r2=1488228&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java Fri May 31 14:00:57 2013
@@ -116,13 +116,11 @@ public class SamlCallbackHandler impleme
callback.setAttributeStatementData(Collections.singletonList(attrBean));
try {
- if (signAssertion) {
- String file = "org/apache/cxf/systest/ws/wssec10/client/alice.properties";
- Crypto crypto = CryptoFactory.getInstance(file);
- callback.setIssuerCrypto(crypto);
- callback.setIssuerKeyName("alice");
- callback.setIssuerKeyPassword("password");
- }
+ String file = "org/apache/cxf/systest/ws/wssec10/client/alice.properties";
+ Crypto crypto = CryptoFactory.getInstance(file);
+ callback.setIssuerCrypto(crypto);
+ callback.setIssuerKeyName("alice");
+ callback.setIssuerKeyPassword("password");
callback.setSignAssertion(signAssertion);
} catch (WSSecurityException e) {
throw new IOException(e);
Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl?rev=1488228&r1=1488227&r2=1488228&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl Fri May 31 14:00:57 2013
@@ -725,10 +725,9 @@
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
- sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToInitiator">
<wsp:Policy>
<sp:WssX509V3Token10 />
- <sp:RequireIssuerSerialReference />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
@@ -835,10 +834,9 @@
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
- sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToInitiator">
<wsp:Policy>
<sp:WssX509V3Token10 />
- <sp:RequireIssuerSerialReference />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
@@ -895,10 +893,9 @@
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
- sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToInitiator">
<wsp:Policy>
<sp:WssX509V3Token10 />
- <sp:RequireIssuerSerialReference />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
@@ -996,7 +993,6 @@
</sp:EncryptedParts>
<sp:SignedParts>
<sp:Body/>
- <sp:Header Namespace="http://WSSec/saml"/>
</sp:SignedParts>
</wsp:All>
</wsp:ExactlyOne>
Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/clean-asym-policy.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/clean-asym-policy.xml?rev=1488228&r1=1488227&r2=1488228&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/clean-asym-policy.xml (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/clean-asym-policy.xml Fri May 31 14:00:57 2013
@@ -48,6 +48,12 @@
<sp:MustSupportRefEncryptedKey/>
</wsp:Policy>
</sp:Wss11>
+ <sp:EncryptedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SignedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body/>
+ </sp:SignedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
\ No newline at end of file
Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/stax-server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/stax-server.xml?rev=1488228&r1=1488227&r2=1488228&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/stax-server.xml (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/stax-server.xml Fri May 31 14:00:57 2013
@@ -145,8 +145,8 @@
value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
<entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
<entry key="ws-security.encryption.username" value="useReqSigCert"/>
- <entry key="ws-security.saml2.validator"
- value="org.apache.cxf.systest.ws.saml.server.CustomSaml2Validator"/>
+ <!--<entry key="ws-security.saml2.validator"
+ value="org.apache.cxf.systest.ws.saml.server.CustomSaml2Validator"/>-->
<entry key="ws-security.enable.streaming" value="true"/>
</jaxws:properties>
@@ -169,8 +169,8 @@
value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
<entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
<entry key="ws-security.encryption.username" value="useReqSigCert"/>
- <entry key="ws-security.saml2.validator"
- value="org.apache.cxf.systest.ws.saml.server.CustomSaml2Validator"/>
+ <!--<entry key="ws-security.saml2.validator"
+ value="org.apache.cxf.systest.ws.saml.server.CustomSaml2Validator"/>-->
<entry key="ws-security.enable.streaming" value="true"/>
</jaxws:properties>
<jaxws:features>
@@ -283,8 +283,8 @@
value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
<entry key="ws-security.encryption.username" value="useReqSigCert"/>
<entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
- <entry key="ws-security.saml2.validator"
- value="org.apache.cxf.systest.ws.saml.server.CustomSaml2Validator"/>
+ <!--<entry key="ws-security.saml2.validator"
+ value="org.apache.cxf.systest.ws.saml.server.CustomSaml2Validator"/>-->
<entry key="ws-security.enable.streaming" value="true"/>
</jaxws:properties>
@@ -327,8 +327,8 @@
value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
<entry key="ws-security.encryption.username" value="useReqSigCert"/>
<entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
- <entry key="ws-security.saml2.validator"
- value="org.apache.cxf.systest.ws.saml.server.CustomSaml2Validator"/>
+ <!--<entry key="ws-security.saml2.validator"
+ value="org.apache.cxf.systest.ws.saml.server.CustomSaml2Validator"/>-->
<entry key="ws-security.enable.streaming" value="true"/>
</jaxws:properties>