You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/10/03 17:58:01 UTC
svn commit: r1528916 - in /cxf/trunk:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/
systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/
systests/ws-security-examples/src/test/resources...
Author: coheigea
Date: Thu Oct 3 15:58:00 2013
New Revision: 1528916
URL: http://svn.apache.org/r1528916
Log:
Added more SAML streaming stuff
Added:
cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/StaxSamlTokenTest.java
- copied, changed from r1528761, cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java
cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/StaxServer.java
cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/stax-server.xml
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java?rev=1528916&r1=1528915&r2=1528916&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java Thu Oct 3 15:58:00 2013
@@ -19,8 +19,10 @@
package org.apache.cxf.ws.security.wss4j.policyhandlers;
+import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
+import java.util.Date;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
@@ -30,6 +32,7 @@ import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
import org.w3c.dom.Element;
+
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.helpers.CastUtils;
@@ -66,6 +69,8 @@ import org.apache.wss4j.policy.model.Asy
import org.apache.wss4j.policy.model.IssuedToken;
import org.apache.wss4j.policy.model.SamlToken;
+import org.opensaml.common.SAMLVersion;
+
/**
*
*/
@@ -127,7 +132,7 @@ public class AsymmetricBindingHandler ex
attached = true;
}
}
- } else if (initiatorToken instanceof SamlToken) {
+ } else if (initiatorToken instanceof SamlToken && isRequestor()) {
SamlAssertionWrapper assertionWrapper = addSamlToken((SamlToken)initiatorToken);
if (assertionWrapper != null) {
if (includeToken(initiatorToken.getIncludeTokenType())) {
@@ -136,6 +141,12 @@ public class AsymmetricBindingHandler ex
}
policyAsserted(initiatorToken);
}
+ } else if (initiatorToken instanceof SamlToken) {
+ String tokenId = getSAMLToken();
+ if (tokenId == null) {
+ policyNotAsserted(initiatorToken, "Security token is not found or expired");
+ return;
+ }
}
}
@@ -224,6 +235,7 @@ public class AsymmetricBindingHandler ex
initiatorWrapper = abinding.getInitiatorToken();
}
boolean attached = false;
+
if (initiatorWrapper != null) {
AbstractToken initiatorToken = initiatorWrapper.getToken();
if (initiatorToken instanceof IssuedToken) {
@@ -240,7 +252,7 @@ public class AsymmetricBindingHandler ex
attached = true;
}
}
- } else if (initiatorToken instanceof SamlToken) {
+ } else if (initiatorToken instanceof SamlToken && isRequestor()) {
try {
SamlAssertionWrapper assertionWrapper = addSamlToken((SamlToken)initiatorToken);
if (assertionWrapper != null) {
@@ -256,6 +268,12 @@ public class AsymmetricBindingHandler ex
LOG.log(Level.FINE, e.getMessage(), e);
throw new Fault(e);
}
+ } else if (initiatorToken instanceof SamlToken) {
+ String tokenId = getSAMLToken();
+ if (tokenId == null) {
+ policyNotAsserted(initiatorToken, "Security token is not found or expired");
+ return;
+ }
}
}
@@ -433,7 +451,25 @@ public class AsymmetricBindingHandler ex
Crypto crypto = getEncryptionCrypto(recToken);
SecurityToken securityToken = getSecurityToken();
- setKeyIdentifierType(encr, recToken, encrToken);
+ if (!isRequestor() && securityToken != null
+ && recToken.getToken() instanceof SamlToken) {
+ String tokenType = securityToken.getTokenType();
+ if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
+ || WSConstants.SAML_NS.equals(tokenType)) {
+ encr.setCustomEKTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
+ encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+ encr.setCustomEKTokenId(securityToken.getId());
+ } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
+ || WSConstants.SAML2_NS.equals(tokenType)) {
+ encr.setCustomEKTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE);
+ encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+ encr.setCustomEKTokenId(securityToken.getId());
+ } else {
+ setKeyIdentifierType(encr, recToken, encrToken);
+ }
+ } else {
+ setKeyIdentifierType(encr, recToken, encrToken);
+ }
//
// Using a stored cert is only suitable for the Issued Token case, where
// we're extracting the cert from a SAML Assertion on the provider side
@@ -710,6 +746,43 @@ public class AsymmetricBindingHandler ex
message.put(WSSecEncryptedKey.class.getName(), encrKey);
}
-
-
+ private String getSAMLToken() {
+
+ List<WSHandlerResult> results = CastUtils.cast((List<?>)message.getExchange().getInMessage()
+ .get(WSHandlerConstants.RECV_RESULTS));
+
+ for (WSHandlerResult rResult : results) {
+ List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();
+
+ for (WSSecurityEngineResult wser : wsSecEngineResults) {
+ Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
+ String id = (String)wser.get(WSSecurityEngineResult.TAG_ID);
+ if (actInt.intValue() == WSConstants.ST_SIGNED
+ || actInt.intValue() == WSConstants.ST_UNSIGNED) {
+ Date created = new Date();
+ Date expires = new Date();
+ expires.setTime(created.getTime() + 300000);
+ SecurityToken tempTok = new SecurityToken(id, created, expires);
+ tempTok.setSecret((byte[])wser.get(WSSecurityEngineResult.TAG_SECRET));
+ tempTok.setX509Certificate(
+ (X509Certificate)wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE), null
+ );
+
+ SamlAssertionWrapper samlAssertion =
+ (SamlAssertionWrapper)wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ if (samlAssertion.getSamlVersion() == SAMLVersion.VERSION_20) {
+ tempTok.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
+ } else {
+ tempTok.setTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
+ }
+
+ getTokenStore().add(tempTok);
+ message.setContextualProperty(SecurityConstants.TOKEN, tempTok);
+
+ return id;
+ }
+ }
+ }
+ return null;
+ }
}
Modified: cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java?rev=1528916&r1=1528915&r2=1528916&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java (original)
+++ cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java Thu Oct 3 15:58:00 2013
@@ -220,10 +220,6 @@ public class SamlTokenTest extends Abstr
// DOM
samlPort.doubleIt(25);
- // TODO Investigate Streaming
- // SecurityTestUtil.enableStreaming(samlPort);
- // samlPort.doubleIt(25);
-
((java.io.Closeable)samlPort).close();
bus.shutdown(true);
}
@@ -345,7 +341,7 @@ public class SamlTokenTest extends Abstr
// DOM
samlPort.doubleIt(25);
- // TODO Investigate Streaming
+ // TODO Endorsing Streaming not supported yet Streaming
// SecurityTestUtil.enableStreaming(samlPort);
// samlPort.doubleIt(25);
@@ -377,7 +373,7 @@ public class SamlTokenTest extends Abstr
// DOM
samlPort.doubleIt(25);
- // TODO Streaming
+ // TODO Endorsing SAML not supported Streaming
// SecurityTestUtil.enableStreaming(samlPort);
// samlPort.doubleIt(25);
Copied: cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/StaxSamlTokenTest.java (from r1528761, cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/StaxSamlTokenTest.java?p2=cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/StaxSamlTokenTest.java&p1=cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java&r1=1528761&r2=1528916&rev=1528916&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java (original)
+++ cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/StaxSamlTokenTest.java Thu Oct 3 15:58:00 2013
@@ -41,11 +41,11 @@ import org.junit.BeforeClass;
* A set of tests for SAML Tokens using policies defined in the OASIS spec:
* "WS-SecurityPolicy Examples Version 1.0".
*
- * It tests both DOM + StAX clients against the DOM server
+ * It tests both DOM + StAX clients against the StAX server
*/
-public class SamlTokenTest extends AbstractBusClientServerTestBase {
- static final String PORT = allocatePort(Server.class);
- static final String PORT2 = allocatePort(Server.class, 2);
+public class StaxSamlTokenTest extends AbstractBusClientServerTestBase {
+ static final String PORT = allocatePort(StaxServer.class);
+ static final String PORT2 = allocatePort(StaxServer.class, 2);
static final String STS_PORT = allocatePort(STSServer.class);
private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
@@ -57,7 +57,7 @@ public class SamlTokenTest extends Abstr
"Server failed to launch",
// run the server in the same process
// set this to false to fork
- launchServer(Server.class, true)
+ launchServer(StaxServer.class, true)
);
assertTrue(
"Server failed to launch",
@@ -80,13 +80,13 @@ public class SamlTokenTest extends Abstr
public void testBearer() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
- URL busFile = SamlTokenTest.class.getResource("client.xml");
+ URL busFile = StaxSamlTokenTest.class.getResource("client.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
- URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItBearerPort");
DoubleItPortType samlPort =
@@ -111,13 +111,13 @@ public class SamlTokenTest extends Abstr
public void testTLSSenderVouches() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
- URL busFile = SamlTokenTest.class.getResource("client.xml");
+ URL busFile = StaxSamlTokenTest.class.getResource("client.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
- URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItTLSSenderVouchesPort");
DoubleItPortType samlPort =
@@ -142,13 +142,13 @@ public class SamlTokenTest extends Abstr
public void testTLSHOKSignedEndorsing() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
- URL busFile = SamlTokenTest.class.getResource("client.xml");
+ URL busFile = StaxSamlTokenTest.class.getResource("client.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
- URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItTLSHOKSignedEndorsingPort");
DoubleItPortType samlPort =
@@ -173,13 +173,13 @@ public class SamlTokenTest extends Abstr
public void testAsymmetricSigned() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
- URL busFile = SamlTokenTest.class.getResource("client.xml");
+ URL busFile = StaxSamlTokenTest.class.getResource("client.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
- URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSignedPort");
DoubleItPortType samlPort =
@@ -204,13 +204,13 @@ public class SamlTokenTest extends Abstr
public void testAsymmetricInitiator() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
- URL busFile = SamlTokenTest.class.getResource("client.xml");
+ URL busFile = StaxSamlTokenTest.class.getResource("client.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
- URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricInitiatorPort");
DoubleItPortType samlPort =
@@ -220,15 +220,10 @@ public class SamlTokenTest extends Abstr
// DOM
samlPort.doubleIt(25);
- // TODO Investigate Streaming
- // SecurityTestUtil.enableStreaming(samlPort);
- // samlPort.doubleIt(25);
-
((java.io.Closeable)samlPort).close();
bus.shutdown(true);
}
-
-
+
/**
* 2.3.2.1 (WSS1.1) SAML 2.0 Bearer
*/
@@ -236,13 +231,13 @@ public class SamlTokenTest extends Abstr
public void testAsymmetricSaml2Bearer() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
- URL busFile = SamlTokenTest.class.getResource("client.xml");
+ URL busFile = StaxSamlTokenTest.class.getResource("client.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
- URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSaml2BearerPort");
DoubleItPortType samlPort =
@@ -267,13 +262,13 @@ public class SamlTokenTest extends Abstr
public void testTLSSenderVouchesSaml2() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
- URL busFile = SamlTokenTest.class.getResource("client.xml");
+ URL busFile = StaxSamlTokenTest.class.getResource("client.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
- URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItTLSSenderVouchesSaml2Port");
DoubleItPortType samlPort =
@@ -298,13 +293,13 @@ public class SamlTokenTest extends Abstr
public void testTLSHOKSignedEndorsingSaml2() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
- URL busFile = SamlTokenTest.class.getResource("client.xml");
+ URL busFile = StaxSamlTokenTest.class.getResource("client.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
- URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItTLSHOKSignedEndorsingSaml2Port");
DoubleItPortType samlPort =
@@ -324,18 +319,20 @@ public class SamlTokenTest extends Abstr
/**
* 2.3.2.4 (WSS1.1) SAML1.1/2.0 Sender Vouches with X.509 Certificate, Sign, Encrypt
+ * TODO Endorsing support
*/
@org.junit.Test
+ @org.junit.Ignore
public void testSymmetricSV() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
- URL busFile = SamlTokenTest.class.getResource("client.xml");
+ URL busFile = StaxSamlTokenTest.class.getResource("client.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
- URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItSymmetricSVPort");
DoubleItPortType samlPort =
@@ -345,7 +342,7 @@ public class SamlTokenTest extends Abstr
// DOM
samlPort.doubleIt(25);
- // TODO Investigate Streaming
+ // TODO Endorsing Streaming not supported yet Streaming
// SecurityTestUtil.enableStreaming(samlPort);
// samlPort.doubleIt(25);
@@ -355,18 +352,20 @@ public class SamlTokenTest extends Abstr
/**
* 2.3.2.5 (WSS1.1) SAML1.1/2.0 Holder of Key, Sign, Encrypt
+ * TODO Endorsing Support
*/
@org.junit.Test
+ @org.junit.Ignore
public void testSymmetricIssuedToken() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
- URL busFile = SamlTokenTest.class.getResource("client.xml");
+ URL busFile = StaxSamlTokenTest.class.getResource("client.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
- URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItSymmetricIssuedTokenPort");
DoubleItPortType samlPort =
@@ -377,7 +376,7 @@ public class SamlTokenTest extends Abstr
// DOM
samlPort.doubleIt(25);
- // TODO Streaming
+ // TODO Endorsing SAML not supported Streaming
// SecurityTestUtil.enableStreaming(samlPort);
// samlPort.doubleIt(25);
Added: cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/StaxServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/StaxServer.java?rev=1528916&view=auto
==============================================================================
--- cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/StaxServer.java (added)
+++ cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/StaxServer.java Thu Oct 3 15:58:00 2013
@@ -0,0 +1,47 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.wssec.examples.saml;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class StaxServer extends AbstractBusTestServerBase {
+
+ public StaxServer() {
+
+ }
+
+ protected void run() {
+ URL busFile = StaxServer.class.getResource("stax-server.xml");
+ Bus busLocal = new SpringBusFactory().createBus(busFile);
+ BusFactory.setDefaultBus(busLocal);
+ setBus(busLocal);
+
+ try {
+ new StaxServer();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
Added: cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/stax-server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/stax-server.xml?rev=1528916&view=auto
==============================================================================
--- cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/stax-server.xml (added)
+++ cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/stax-server.xml Thu Oct 3 15:58:00 2013
@@ -0,0 +1,238 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:jaxws="http://cxf.apache.org/jaxws"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:p="http://cxf.apache.org/policy"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd
+ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd
+ ">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+
+ <cxf:bus>
+ <cxf:features>
+ <p:policies/>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+
+ <jaxws:endpoint
+ id="Bearer"
+ address="http://localhost:${testutil.ports.StaxServer}/DoubleItSamlBearer"
+ serviceName="s:DoubleItService"
+ endpointName="s:DoubleItBearerPort"
+ xmlns:s="http://www.example.org/contract/DoubleIt"
+ implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl"
+ wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+
+ <jaxws:endpoint
+ id="TLSSenderVouches"
+ address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItSamlTLSSenderVouches"
+ serviceName="s:DoubleItService"
+ endpointName="s:DoubleItTLSSenderVouchesPort"
+ xmlns:s="http://www.example.org/contract/DoubleIt"
+ implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl"
+ wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl"
+ depends-on="tls-settings">
+ <jaxws:properties>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+
+ <jaxws:endpoint
+ id="TLSHOKSignedEndorsing"
+ address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItSamlTLSHOKSignedEndorsing"
+ serviceName="s:DoubleItService"
+ endpointName="s:DoubleItTLSHOKSignedEndorsingPort"
+ xmlns:s="http://www.example.org/contract/DoubleIt"
+ implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl"
+ wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl"
+ depends-on="tls-settings">
+ <jaxws:properties>
+ <entry key="ws-security.signature.properties" value="bob.properties"/>
+ <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+
+ <jaxws:endpoint
+ id="AsymmetricSigned"
+ address="http://localhost:${testutil.ports.StaxServer}/DoubleItSamlAsymmetricSigned"
+ serviceName="s:DoubleItService"
+ endpointName="s:DoubleItAsymmetricSignedPort"
+ xmlns:s="http://www.example.org/contract/DoubleIt"
+ implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl"
+ wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/>
+ <entry key="ws-security.signature.properties" value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="useReqSigCert"/>
+ <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+
+ <jaxws:endpoint
+ id="AsymmetricInitiator"
+ address="http://localhost:${testutil.ports.StaxServer}/DoubleItSamlAsymmetricInitiator"
+ serviceName="s:DoubleItService"
+ endpointName="s:DoubleItAsymmetricInitiatorPort"
+ xmlns:s="http://www.example.org/contract/DoubleIt"
+ implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl"
+ wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/>
+ <entry key="ws-security.signature.properties" value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="useReqSigCert"/>
+ <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+
+ <jaxws:endpoint
+ id="AsymmetricSaml2Bearer"
+ address="http://localhost:${testutil.ports.StaxServer}/DoubleItSamlAsymmetricSaml2Bearer"
+ serviceName="s:DoubleItService"
+ endpointName="s:DoubleItAsymmetricSaml2BearerPort"
+ xmlns:s="http://www.example.org/contract/DoubleIt"
+ implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl"
+ wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/>
+ <entry key="ws-security.signature.properties" value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="useReqSigCert"/>
+ <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+
+ <jaxws:endpoint
+ id="TLSSenderVouchesSaml2"
+ address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItSamlTLSSenderVouchesSaml2"
+ serviceName="s:DoubleItService"
+ endpointName="s:DoubleItTLSSenderVouchesSaml2Port"
+ xmlns:s="http://www.example.org/contract/DoubleIt"
+ implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl"
+ wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl"
+ depends-on="tls-settings">
+ <jaxws:properties>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+
+ <jaxws:endpoint
+ id="TLSHOKSignedEndorsingSaml2"
+ address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItSamlTLSHOKSignedEndorsingSaml2"
+ serviceName="s:DoubleItService"
+ endpointName="s:DoubleItTLSHOKSignedEndorsingSaml2Port"
+ xmlns:s="http://www.example.org/contract/DoubleIt"
+ implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl"
+ wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl"
+ depends-on="tls-settings">
+ <jaxws:properties>
+ <entry key="ws-security.signature.properties" value="bob.properties"/>
+ <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+
+ <jaxws:endpoint
+ id="SymmetricSV"
+ address="http://localhost:${testutil.ports.StaxServer}/DoubleItSamlSymmetricSV"
+ serviceName="s:DoubleItService"
+ endpointName="s:DoubleItSymmetricSVPort"
+ xmlns:s="http://www.example.org/contract/DoubleIt"
+ implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl"
+ wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/>
+ <!-- TODO Fix the way these properties are inverted -->
+ <entry key="ws-security.signature.username" value="bob"/>
+ <entry key="ws-security.encryption.properties" value="bob.properties"/>
+ <entry key="ws-security.signature.properties" value="alice.properties"/>
+ <entry key="ws-security.encryption.username" value="alice"/>
+ <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+
+ <jaxws:endpoint
+ id="SymmetricIssuedToken"
+ address="http://localhost:${testutil.ports.StaxServer}/DoubleItSamlSymmetricIssuedToken"
+ serviceName="s:DoubleItService"
+ endpointName="s:DoubleItSymmetricIssuedTokenPort"
+ xmlns:s="http://www.example.org/contract/DoubleIt"
+ implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl"
+ wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/>
+ <entry key="ws-security.signature.username" value="bob"/>
+ <entry key="ws-security.signature.properties" value="bob.properties"/>
+ <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+
+ <!-- -->
+ <!-- Any services listening on port ${testutil.ports.StaxServer} must use the following -->
+ <!-- Transport Layer Security (TLS) settings -->
+ <!-- -->
+ <httpj:engine-factory id="tls-settings">
+ <httpj:engine port="${testutil.ports.StaxServer.2}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="jks" password="password" resource="bob.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="jks" password="password" resource="cxfca.jks"/>
+ </sec:trustManagers>
+ <sec:cipherSuitesFilter>
+ <sec:include>.*_EXPORT_.*</sec:include>
+ <sec:include>.*_EXPORT1024_.*</sec:include>
+ <sec:include>.*_WITH_DES_.*</sec:include>
+ <sec:include>.*_WITH_AES_.*</sec:include>
+ <sec:include>.*_WITH_NULL_.*</sec:include>
+ <sec:exclude>.*_DH_anon_.*</sec:exclude>
+ </sec:cipherSuitesFilter>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpj:tlsServerParameters>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+</beans>
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java?rev=1528916&r1=1528915&r2=1528916&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java Thu Oct 3 15:58:00 2013
@@ -765,6 +765,37 @@ public class StaxSamlTokenTest extends A
}
@org.junit.Test
+ public void testSaml2EndorsingOverTransportStreaming() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = StaxSamlTokenTest.class.getResource("client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSaml2EndorsingTransportPort");
+ DoubleItPortType saml2Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(saml2Port, PORT2);
+ SecurityTestUtil.enableStreaming(saml2Port);
+
+ SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true, true);
+ callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
+ ((BindingProvider)saml2Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", callbackHandler
+ );
+
+ int result = saml2Port.doubleIt(25);
+ assertTrue(result == 50);
+
+ ((java.io.Closeable)saml2Port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
public void testSaml2EndorsingPKOverTransport() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
@@ -796,6 +827,38 @@ public class StaxSamlTokenTest extends A
}
@org.junit.Test
+ public void testSaml2EndorsingPKOverTransportStreaming() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = StaxSamlTokenTest.class.getResource("client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSaml2EndorsingTransportPort");
+ DoubleItPortType saml2Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(saml2Port, PORT2);
+ SecurityTestUtil.enableStreaming(saml2Port);
+
+ SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true, true);
+ callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
+ callbackHandler.setKeyInfoIdentifier(CERT_IDENTIFIER.KEY_VALUE);
+ ((BindingProvider)saml2Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", callbackHandler
+ );
+
+ int result = saml2Port.doubleIt(25);
+ assertTrue(result == 50);
+
+ ((java.io.Closeable)saml2Port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
public void testSaml2EndorsingOverTransportSP11() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
@@ -1001,6 +1064,37 @@ public class StaxSamlTokenTest extends A
}
@org.junit.Test
+ public void testSaml2EndorsingEncryptedOverTransportStreaming() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = StaxSamlTokenTest.class.getResource("client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSaml2EndorsingEncryptedTransportPort");
+ DoubleItPortType saml2Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(saml2Port, PORT2);
+ SecurityTestUtil.enableStreaming(saml2Port);
+
+ SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true, true);
+ callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
+ ((BindingProvider)saml2Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", callbackHandler
+ );
+
+ int result = saml2Port.doubleIt(25);
+ assertTrue(result == 50);
+
+ ((java.io.Closeable)saml2Port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
public void testNoSamlToken() throws Exception {
SpringBusFactory bf = new SpringBusFactory();