You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2018/04/12 11:14:31 UTC
[cxf] 01/02: Added a WS-SecurityPolicy code-first demo
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.1.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 8c9a156469daa2a974db79e2b1f70224ed773c4b
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Apr 12 12:03:53 2018 +0100
Added a WS-SecurityPolicy code-first demo
(cherry picked from commit 51df5beeb200a77c274f6c93ca4f65145a1ddcd7)
---
.../cxf/systest/ws/ut/UsernameTokenTest.java | 58 ++++++++++++++++++++++
.../ws/ut/plaintext-pass-timestamp-policy.xml | 38 ++++++++++++++
2 files changed, 96 insertions(+)
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java
index 236f9c4..e20763a 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java
@@ -24,22 +24,28 @@ import java.net.URL;
import java.security.KeyStore;
import java.util.Arrays;
import java.util.Collection;
+import java.util.Collections;
import javax.net.ssl.TrustManagerFactory;
import javax.xml.namespace.QName;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.Service;
+import org.w3c.dom.Element;
+
import org.apache.cxf.Bus;
import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.endpoint.Client;
import org.apache.cxf.frontend.ClientProxy;
+import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
+import org.apache.cxf.staxutils.StaxUtils;
import org.apache.cxf.systest.ws.common.SecurityTestUtil;
import org.apache.cxf.systest.ws.common.TestParam;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.apache.cxf.transport.http.HTTPConduit;
+import org.apache.cxf.ws.policy.WSPolicyFeature;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.example.contract.doubleit.DoubleItPortType;
@@ -139,6 +145,58 @@ public class UsernameTokenTest extends AbstractBusClientServerTestBase {
((java.io.Closeable)utPort).close();
}
+ // Here we are not using the WSDL and so need to add the policy manually on the client side
+ @org.junit.Test
+ public void testPlaintextCodeFirst() throws Exception {
+
+ String address = "https://localhost:" + PORT + "/DoubleItUTPlaintext";
+ QName portQName = new QName(NAMESPACE, "DoubleItPlaintextPort");
+
+ WSPolicyFeature policyFeature = new WSPolicyFeature();
+ Element policyElement =
+ StaxUtils.read(getClass().getResourceAsStream("plaintext-pass-timestamp-policy.xml")).getDocumentElement();
+ policyFeature.setPolicyElements(Collections.singletonList(policyElement));
+
+ JaxWsProxyFactoryBean clientFactoryBean = new JaxWsProxyFactoryBean();
+ clientFactoryBean.setFeatures(Collections.singletonList(policyFeature));
+ clientFactoryBean.setAddress(address);
+ clientFactoryBean.setServiceName(SERVICE_QNAME);
+ clientFactoryBean.setEndpointName(portQName);
+ clientFactoryBean.setServiceClass(DoubleItPortType.class);
+
+ DoubleItPortType port = (DoubleItPortType)clientFactoryBean.create();
+
+ if (test.isStreaming()) {
+ SecurityTestUtil.enableStreaming(port);
+ }
+
+ ((BindingProvider)port).getRequestContext().put(SecurityConstants.USERNAME, "Alice");
+
+ ((BindingProvider)port).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,
+ "org.apache.cxf.systest.ws.common.UTPasswordCallback");
+
+ TrustManagerFactory tmf =
+ TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+ final KeyStore ts = KeyStore.getInstance("JKS");
+ try (InputStream trustStore =
+ ClassLoaderUtils.getResourceAsStream("keys/Truststore.jks", UsernameTokenTest.class)) {
+ ts.load(trustStore, "password".toCharArray());
+ }
+ tmf.init(ts);
+
+ TLSClientParameters tlsParams = new TLSClientParameters();
+ tlsParams.setTrustManagers(tmf.getTrustManagers());
+ tlsParams.setDisableCNCheck(true);
+
+ Client client = ClientProxy.getClient(port);
+ HTTPConduit http = (HTTPConduit) client.getConduit();
+ http.setTlsClientParameters(tlsParams);
+
+ assertEquals(50, port.doubleIt(25));
+
+ ((java.io.Closeable)port).close();
+ }
+
@org.junit.Test
public void testPlaintext() throws Exception {
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/plaintext-pass-timestamp-policy.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/plaintext-pass-timestamp-policy.xml
new file mode 100644
index 0000000..265bf4e
--- /dev/null
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/plaintext-pass-timestamp-policy.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0"?>
+<wsp:Policy xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://www.w3.org/ns/ws-policy" wsu:Id="TransportUsernameTokenPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken>
+ <wsp:Policy/>
+ </sp:HttpsToken>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssUsernameToken10/>
+ </wsp:Policy>
+ </sp:UsernameToken>
+ </wsp:Policy>
+ </sp:SupportingTokens>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
--
To stop receiving notification emails like this one, please contact
coheigea@apache.org.