You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2011/08/26 18:09:04 UTC
svn commit: r1162151 - in
/cxf/branches/2.4.x-fixes/systests/ws-security/src/test:
java/org/apache/cxf/systest/ws/kerberos/
resources/org/apache/cxf/systest/ws/kerberos/client/
resources/org/apache/cxf/systest/ws/kerberos/server/
resources/wsdl_systest...
Author: coheigea
Date: Fri Aug 26 16:09:03 2011
New Revision: 1162151
URL: http://svn.apache.org/viewvc?rev=1162151&view=rev
Log:
[CXF-3767] - Added tests...
- Transport binding endorsing kerberos token
- Asymmetric binding endorsing kerberos token
- Symmetric binding with a kerberos protection token.
Modified:
cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java
cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/client/client.xml
cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/server/server.xml
cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/wsdl_systest_wssec/kerberos/DoubleItKerberos.wsdl
Modified: cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java?rev=1162151&r1=1162150&r2=1162151&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java (original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java Fri Aug 26 16:09:03 2011
@@ -152,6 +152,63 @@ public class KerberosTokenTest extends A
assertTrue(result.equals(BigInteger.valueOf(50)));
}
+ @org.junit.Test
+ @org.junit.Ignore
+ public void testKerberosOverTransportEndorsing() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = KerberosTokenTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ DoubleItService service = new DoubleItService();
+
+ DoubleItPortType kerberosPort = service.getDoubleItKerberosTransportEndorsingPort();
+ updateAddressPort(kerberosPort, PORT2);
+ BigInteger result = kerberosPort.doubleIt(BigInteger.valueOf(25));
+ assertTrue(result.equals(BigInteger.valueOf(50)));
+ }
+
+ @org.junit.Test
+ @org.junit.Ignore
+ public void testKerberosOverAsymmetricEndorsing() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = KerberosTokenTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ DoubleItService service = new DoubleItService();
+
+ DoubleItPortType kerberosPort = service.getDoubleItKerberosAsymmetricEndorsingPort();
+ updateAddressPort(kerberosPort, PORT);
+ BigInteger result = kerberosPort.doubleIt(BigInteger.valueOf(25));
+ assertTrue(result.equals(BigInteger.valueOf(50)));
+ }
+
+ @org.junit.Test
+ @org.junit.Ignore
+ public void testKerberosOverSymmetricProtection() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = KerberosTokenTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ DoubleItService service = new DoubleItService();
+
+ DoubleItPortType kerberosPort = service.getDoubleItKerberosSymmetricProtectionPort();
+ updateAddressPort(kerberosPort, PORT);
+ BigInteger result = kerberosPort.doubleIt(BigInteger.valueOf(25));
+ assertTrue(result.equals(BigInteger.valueOf(50)));
+ }
+
private boolean checkUnrestrictedPoliciesInstalled() {
try {
byte[] data = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
Modified: cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/client/client.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/client/client.xml?rev=1162151&r1=1162150&r2=1162151&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/client/client.xml (original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/client/client.xml Fri Aug 26 16:09:03 2011
@@ -118,4 +118,54 @@
</jaxws:properties>
</jaxws:client>
+ <jaxws:client name="{http://WSSec/kerberos}DoubleItKerberosTransportEndorsingPort"
+ createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.kerberos.client">
+ <bean class="org.apache.cxf.ws.security.kerberos.KerberosClient">
+ <constructor-arg ref="cxf"/>
+ <property name="jaasLoginModuleName" value="alice"/>
+ <property name="serviceName" value="bob@service.ws.apache.org"/>
+ </bean>
+ </entry>
+ </jaxws:properties>
+ </jaxws:client>
+
+ <jaxws:client name="{http://WSSec/kerberos}DoubleItKerberosAsymmetricEndorsingPort"
+ createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+ <entry key="ws-security.encryption.properties"
+ value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ <entry key="ws-security.signature.properties"
+ value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/>
+ <entry key="ws-security.signature.username" value="alice"/>
+ <entry key="ws-security.kerberos.client">
+ <bean class="org.apache.cxf.ws.security.kerberos.KerberosClient">
+ <constructor-arg ref="cxf"/>
+ <property name="jaasLoginModuleName" value="alice"/>
+ <property name="serviceName" value="bob@service.ws.apache.org"/>
+ </bean>
+ </entry>
+ </jaxws:properties>
+ </jaxws:client>
+
+ <jaxws:client name="{http://WSSec/kerberos}DoubleItKerberosSymmetricProtectionPort"
+ createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.encryption.properties"
+ value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ <entry key="ws-security.kerberos.client">
+ <bean class="org.apache.cxf.ws.security.kerberos.KerberosClient">
+ <constructor-arg ref="cxf"/>
+ <property name="jaasLoginModuleName" value="alice"/>
+ <property name="serviceName" value="bob@service.ws.apache.org"/>
+ </bean>
+ </entry>
+ </jaxws:properties>
+ </jaxws:client>
+
</beans>
Modified: cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/server/server.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/server/server.xml?rev=1162151&r1=1162150&r2=1162151&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/server/server.xml (original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/server/server.xml Fri Aug 26 16:09:03 2011
@@ -156,4 +156,64 @@
</jaxws:endpoint>
+ <jaxws:endpoint
+ id="KerberosOverTransportEndorsing"
+ address="https://localhost:${testutil.ports.Server.2}/DoubleItKerberosTransportEndorsing"
+ serviceName="s:DoubleItService"
+ endpointName="s:DoubleItKerberosTransportEndorsingPort"
+ xmlns:s="http://WSSec/kerberos"
+ implementor="org.apache.cxf.systest.ws.kerberos.server.DoubleItImpl"
+ wsdlLocation="wsdl_systest_wssec/kerberos/DoubleItKerberos.wsdl"
+ depends-on="tls-settings">
+
+ <jaxws:properties>
+ <entry key="ws-security.is-bsp-compliant" value="false"/>
+ <entry key="ws-security.bst.validator" value-ref="kerberosValidator"/>
+ </jaxws:properties>
+
+ </jaxws:endpoint>
+
+ <jaxws:endpoint
+ id="KerberosOverAsymmetricEndorsing"
+ address="http://localhost:${testutil.ports.Server}/DoubleItKerberosAsymmetricEndorsing"
+ serviceName="s:DoubleItService"
+ endpointName="s:DoubleItKerberosAsymmetricEndorsingPort"
+ xmlns:s="http://WSSec/kerberos"
+ implementor="org.apache.cxf.systest.ws.kerberos.server.DoubleItImpl"
+ wsdlLocation="wsdl_systest_wssec/kerberos/DoubleItKerberos.wsdl">
+
+ <jaxws:properties>
+ <entry key="ws-security.username" value="bob"/>
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+ <entry key="ws-security.signature.properties"
+ value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
+ <entry key="ws-security.encryption.properties"
+ value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/>
+ <entry key="ws-security.encryption.username" value="alice"/>
+ <entry key="ws-security.bst.validator" value-ref="kerberosValidator"/>
+ <entry key="ws-security.is-bsp-compliant" value="false"/>
+ </jaxws:properties>
+
+ </jaxws:endpoint>
+
+ <jaxws:endpoint
+ id="KerberosOverSymmetricProtection"
+ address="http://localhost:${testutil.ports.Server}/DoubleItKerberosSymmetricProtection"
+ serviceName="s:DoubleItService"
+ endpointName="s:DoubleItKerberosSymmetricProtectionPort"
+ xmlns:s="http://WSSec/kerberos"
+ implementor="org.apache.cxf.systest.ws.kerberos.server.DoubleItImpl"
+ wsdlLocation="wsdl_systest_wssec/kerberos/DoubleItKerberos.wsdl">
+
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+ <entry key="ws-security.signature.properties"
+ value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
+ <entry key="ws-security.bst.validator" value-ref="kerberosValidator"/>
+ </jaxws:properties>
+
+ </jaxws:endpoint>
+
</beans>
Modified: cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/wsdl_systest_wssec/kerberos/DoubleItKerberos.wsdl
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/wsdl_systest_wssec/kerberos/DoubleItKerberos.wsdl?rev=1162151&r1=1162150&r2=1162151&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/wsdl_systest_wssec/kerberos/DoubleItKerberos.wsdl (original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/wsdl_systest_wssec/kerberos/DoubleItKerberos.wsdl Fri Aug 26 16:09:03 2011
@@ -154,6 +154,66 @@
</wsdl:operation>
</wsdl:binding>
+ <wsdl:binding name="DoubleItKerberosTransportEndorsingBinding" type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItKerberosTransportEndorsingPolicy" />
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http" />
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction="" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+ </wsdl:output>
+ <wsdl:fault name="DoubleItFault">
+ <soap:body use="literal" name="DoubleItFault" />
+ </wsdl:fault>
+ </wsdl:operation>
+ </wsdl:binding>
+
+ <wsdl:binding name="DoubleItKerberosAsymmetricEndorsingBinding" type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItKerberosAsymmetricEndorsingPolicy" />
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http" />
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction="" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+ </wsdl:output>
+ <wsdl:fault name="DoubleItFault">
+ <soap:body use="literal" name="DoubleItFault" />
+ </wsdl:fault>
+ </wsdl:operation>
+ </wsdl:binding>
+
+ <wsdl:binding name="DoubleItKerberosSymmetricProtectionBinding" type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItKerberosSymmetricProtectionPolicy" />
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http" />
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction="" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+ </wsdl:output>
+ <wsdl:fault name="DoubleItFault">
+ <soap:body use="literal" name="DoubleItFault" />
+ </wsdl:fault>
+ </wsdl:operation>
+ </wsdl:binding>
+
<wsdl:service name="DoubleItService">
<wsdl:port name="DoubleItKerberosTransportPort" binding="tns:DoubleItKerberosTransportBinding">
<soap:address location="https://localhost:9009/DoubleItKerberosTransport" />
@@ -170,6 +230,18 @@
binding="tns:DoubleItKerberosAsymmetricBinding">
<soap:address location="http://localhost:9001/DoubleItKerberosAsymmetric" />
</wsdl:port>
+ <wsdl:port name="DoubleItKerberosTransportEndorsingPort"
+ binding="tns:DoubleItKerberosTransportEndorsingBinding">
+ <soap:address location="https://localhost:9009/DoubleItKerberosTransportEndorsing" />
+ </wsdl:port>
+ <wsdl:port name="DoubleItKerberosAsymmetricEndorsingPort"
+ binding="tns:DoubleItKerberosAsymmetricEndorsingBinding">
+ <soap:address location="http://localhost:9001/DoubleItKerberosAsymmetricEndorsing" />
+ </wsdl:port>
+ <wsdl:port name="DoubleItKerberosSymmetricProtectionPort"
+ binding="tns:DoubleItKerberosSymmetricProtectionBinding">
+ <soap:address location="http://localhost:9001/DoubleItKerberosSymmetricProtection" />
+ </wsdl:port>
</wsdl:service>
<wsp:Policy wsu:Id="DoubleItKerberosTransportPolicy">
@@ -311,7 +383,7 @@
</wsp:ExactlyOne>
</wsp:Policy>
- <wsp:Policy wsu:Id="DoubleItKerberosAsymmetricPolicy">
+ <wsp:Policy wsu:Id="DoubleItKerberosAsymmetricPolicy">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding>
@@ -373,6 +445,145 @@
</wsp:ExactlyOne>
</wsp:Policy>
+ <wsp:Policy wsu:Id="DoubleItKerberosTransportEndorsingPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding>
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false" />
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:EndorsingSupportingTokens>
+ <wsp:Policy>
+ <sp:KerberosToken
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Once">
+ <wsp:Policy>
+ <sp:WssGssKerberosV5ApReqToken11/>
+ </wsp:Policy>
+ </sp:KerberosToken>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <wsp:Policy wsu:Id="DoubleItKerberosAsymmetricEndorsingPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10 />
+ <sp:RequireIssuerSerialReference />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10 />
+ <sp:RequireIssuerSerialReference />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:EndorsingSupportingTokens>
+ <wsp:Policy>
+ <sp:KerberosToken
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Once">
+ <wsp:Policy>
+ <sp:WssGssKerberosV5ApReqToken11/>
+ </wsp:Policy>
+ </sp:KerberosToken>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <wsp:Policy wsu:Id="DoubleItKerberosSymmetricProtectionPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:KerberosToken
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Once">
+ <wsp:Policy>
+ <sp:WssGssKerberosV5ApReqToken11/>
+ </wsp:Policy>
+ </sp:KerberosToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
<wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Input_Policy">
<wsp:ExactlyOne>
<wsp:All>