You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2014/01/15 19:01:15 UTC
svn commit: r1558488 - in
/cxf/trunk/distribution/src/main/release/samples/ws_security/ut_policy: ./
src/main/java/demo/wssec/client/ src/main/java/demo/wssec/server/
src/main/resources/
Author: coheigea
Date: Wed Jan 15 18:01:15 2014
New Revision: 1558488
URL: http://svn.apache.org/r1558488
Log:
StAX-enabling ut_policy sample
Added:
cxf/trunk/distribution/src/main/release/samples/ws_security/ut_policy/src/main/resources/ClientConfigStax.xml
cxf/trunk/distribution/src/main/release/samples/ws_security/ut_policy/src/main/resources/ServiceConfigStax.xml
Modified:
cxf/trunk/distribution/src/main/release/samples/ws_security/ut_policy/README.txt
cxf/trunk/distribution/src/main/release/samples/ws_security/ut_policy/pom.xml
cxf/trunk/distribution/src/main/release/samples/ws_security/ut_policy/src/main/java/demo/wssec/client/Client.java
cxf/trunk/distribution/src/main/release/samples/ws_security/ut_policy/src/main/java/demo/wssec/server/Server.java
Modified: cxf/trunk/distribution/src/main/release/samples/ws_security/ut_policy/README.txt
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/ws_security/ut_policy/README.txt?rev=1558488&r1=1558487&r2=1558488&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/ws_security/ut_policy/README.txt (original)
+++ cxf/trunk/distribution/src/main/release/samples/ws_security/ut_policy/README.txt Wed Jan 15 18:01:15 2014
@@ -5,6 +5,9 @@ This demo shows how WS-Security support
WS-Security can be configured to the Client and Server endpoints by adding
WS-SecurityPolicies into the WSDL.
+CXF 3.0.0 supports both a DOM-based (in-memory) and StAX-based (streaming)
+approach to WS-Security. This demo shows how to use both approaches.
+
The logging feature is used to log the inbound and outbound
SOAP messages and display these to the console.
@@ -29,9 +32,17 @@ located), the Maven pom.xml file can be
Using either UNIX or Windows:
mvn install (builds the demo)
+
+To use the DOM-based WS-Security functionality:
+
mvn -Pserver (from one command line window)
mvn -Pclient (from a second command line window)
+To use the StAX-based WS-Security functionality:
+
+ mvn -Pstax-server (from one command line window)
+ mvn -Pstax-client (from a second command line window)
+
On startup, the client makes one invocation.
You can also try mvn -Pclient.unauthenticated to show that the policy
Modified: cxf/trunk/distribution/src/main/release/samples/ws_security/ut_policy/pom.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/ws_security/ut_policy/pom.xml?rev=1558488&r1=1558487&r2=1558488&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/ws_security/ut_policy/pom.xml (original)
+++ cxf/trunk/distribution/src/main/release/samples/ws_security/ut_policy/pom.xml Wed Jan 15 18:01:15 2014
@@ -74,14 +74,40 @@
<execution>
<phase>test</phase>
<goals>
- <goal>exec</goal>
+ <goal>java</goal>
</goals>
<configuration>
- <executable>java</executable>
+ <mainClass>demo.wssec.server.Server</mainClass>
+ <arguments>
+ <argument>${basedir}/src/main/resources/ServiceConfig.xml</argument>
+ <argument>secure</argument>
+ </arguments>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+ <profile>
+ <id>stax-server</id>
+ <build>
+ <defaultGoal>test</defaultGoal>
+ <plugins>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>exec-maven-plugin</artifactId>
+ <executions>
+ <execution>
+ <phase>test</phase>
+ <goals>
+ <goal>java</goal>
+ </goals>
+ <configuration>
+ <mainClass>demo.wssec.server.Server</mainClass>
<arguments>
- <argument>-classpath</argument>
- <classpath/>
- <argument>demo.wssec.server.Server</argument>
+ <argument>${basedir}/src/main/resources/ServiceConfigStax.xml</argument>
+ <argument>secure</argument>
</arguments>
</configuration>
</execution>
@@ -108,6 +134,35 @@
<mainClass>demo.wssec.client.Client</mainClass>
<arguments>
<argument>${basedir}/src/main/config/hello_world.wsdl</argument>
+ <argument>${basedir}/src/main/resources/ClientConfig.xml</argument>
+ <argument>secure</argument>
+ </arguments>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+ <profile>
+ <id>stax-client</id>
+ <build>
+ <defaultGoal>test</defaultGoal>
+ <plugins>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>exec-maven-plugin</artifactId>
+ <executions>
+ <execution>
+ <phase>test</phase>
+ <goals>
+ <goal>java</goal>
+ </goals>
+ <configuration>
+ <mainClass>demo.wssec.client.Client</mainClass>
+ <arguments>
+ <argument>${basedir}/src/main/config/hello_world.wsdl</argument>
+ <argument>${basedir}/src/main/resources/ClientConfigStax.xml</argument>
<argument>secure</argument>
</arguments>
</configuration>
@@ -135,6 +190,7 @@
<mainClass>demo.wssec.client.Client</mainClass>
<arguments>
<argument>${basedir}/src/main/config/hello_world_no_policy.wsdl</argument>
+ <argument>${basedir}/src/main/resources/ClientConfig.xml</argument>
<argument>secure</argument>
</arguments>
</configuration>
Modified: cxf/trunk/distribution/src/main/release/samples/ws_security/ut_policy/src/main/java/demo/wssec/client/Client.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/ws_security/ut_policy/src/main/java/demo/wssec/client/Client.java?rev=1558488&r1=1558487&r2=1558488&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/ws_security/ut_policy/src/main/java/demo/wssec/client/Client.java (original)
+++ cxf/trunk/distribution/src/main/release/samples/ws_security/ut_policy/src/main/java/demo/wssec/client/Client.java Wed Jan 15 18:01:15 2014
@@ -42,8 +42,8 @@ public final class Client {
public static void main(String args[]) throws Exception {
- if (args.length == 0) {
- System.out.println("please specify wsdl");
+ if (args.length < 2) {
+ System.out.println("please specify wsdl and configuration file");
System.exit(1);
}
@@ -56,7 +56,13 @@ public final class Client {
}
SpringBusFactory bf = new SpringBusFactory();
- URL busFile = Client.class.getResource("/ClientConfig.xml");
+ URL busURL;
+ File busFile = new File(args[1]);
+ if (busFile.exists()) {
+ busURL = busFile.toURI().toURL();
+ } else {
+ busURL = new URL(args[1]);
+ }
Bus bus = bf.createBus(busFile.toString());
BusFactory.setDefaultBus(bus);
Modified: cxf/trunk/distribution/src/main/release/samples/ws_security/ut_policy/src/main/java/demo/wssec/server/Server.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/ws_security/ut_policy/src/main/java/demo/wssec/server/Server.java?rev=1558488&r1=1558487&r2=1558488&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/ws_security/ut_policy/src/main/java/demo/wssec/server/Server.java (original)
+++ cxf/trunk/distribution/src/main/release/samples/ws_security/ut_policy/src/main/java/demo/wssec/server/Server.java Wed Jan 15 18:01:15 2014
@@ -19,21 +19,20 @@
package demo.wssec.server;
+import java.io.File;
import java.net.URL;
-
import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
import org.apache.cxf.bus.spring.SpringBusFactory;
public class Server {
- protected Server() throws Exception {
+ protected Server(URL busURL) throws Exception {
System.out.println("Starting Server");
SpringBusFactory bf = new SpringBusFactory();
- URL busFile = Server.class.getResource("/ServiceConfig.xml");
- Bus bus = bf.createBus(busFile.toString());
+ Bus bus = bf.createBus(busURL.toString());
BusFactory.setDefaultBus(bus);
//Object implementor = new GreeterImpl();
@@ -42,12 +41,27 @@ public class Server {
}
public static void main(String args[]) throws Exception {
+
+ if (args.length == 0) {
+ System.out.println("please specify configuration file");
+ System.exit(1);
+ }
+
System.out.println("The server's security configuration will be taken "
+ "from server.xml using the bean name : "
+ "\"{http://apache.org/hello_world_soap_http}"
+ "GreeterImplPort.http-destination\".");
System.out.println();
- new Server();
+
+ URL busURL;
+ File busFile = new File(args[0]);
+ if (busFile.exists()) {
+ busURL = busFile.toURI().toURL();
+ } else {
+ busURL = new URL(args[0]);
+ }
+
+ new Server(busURL);
System.out.println("Server ready...");
Thread.sleep(5 * 60 * 1000);
Added: cxf/trunk/distribution/src/main/release/samples/ws_security/ut_policy/src/main/resources/ClientConfigStax.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/ws_security/ut_policy/src/main/resources/ClientConfigStax.xml?rev=1558488&view=auto
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/ws_security/ut_policy/src/main/resources/ClientConfigStax.xml (added)
+++ cxf/trunk/distribution/src/main/release/samples/ws_security/ut_policy/src/main/resources/ClientConfigStax.xml Wed Jan 15 18:01:15 2014
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<!--
+ ** This file configures the web service client
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:cxf="http://cxf.apache.org/core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xsi:schemaLocation=" http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+ <http:conduit name="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit">
+ <http:tlsClientParameters>
+ <sec:keyManagers keyPassword="ckpass">
+ <sec:keyStore file="src/main/config/clientKeystore.jks" password="cspass" type="JKS"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore file="src/main/config/clientKeystore.jks" password="cspass" type="JKS"/>
+ </sec:trustManagers>
+ <sec:cipherSuitesFilter>
+ <!-- these filters ensure that a ciphersuite with
+ export-suitable or null encryption is used,
+ but exclude anonymous Diffie-Hellman key change as
+ this is vulnerable to man-in-the-middle attacks -->
+ <sec:include>.*_EXPORT_.*</sec:include>
+ <sec:include>.*_EXPORT1024_.*</sec:include>
+ <sec:include>.*_WITH_DES_.*</sec:include>
+ <sec:include>.*_WITH_AES_.*</sec:include>
+ <sec:include>.*_WITH_NULL_.*</sec:include>
+ <sec:exclude>.*_DH_anon_.*</sec:exclude>
+ </sec:cipherSuitesFilter>
+ </http:tlsClientParameters>
+ </http:conduit>
+ <jaxws:client name="{http://apache.org/hello_world_soap_http}SoapPort" createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice"/>
+ <entry key="ws-security.callback-handler" value="demo.wssec.client.UTPasswordCallback"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ </jaxws:client>
+</beans>
Added: cxf/trunk/distribution/src/main/release/samples/ws_security/ut_policy/src/main/resources/ServiceConfigStax.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/ws_security/ut_policy/src/main/resources/ServiceConfigStax.xml?rev=1558488&view=auto
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/ws_security/ut_policy/src/main/resources/ServiceConfigStax.xml (added)
+++ cxf/trunk/distribution/src/main/release/samples/ws_security/ut_policy/src/main/resources/ServiceConfigStax.xml Wed Jan 15 18:01:15 2014
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<!--
+ ** This file configures the web service provider.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:cxf="http://cxf.apache.org/core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xsi:schemaLocation=" http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jett
y.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+ <!--
+ <http:destination name="{http://apache.org/hello_world_soap_http}GreeterPort.http-destination">
+ </http:destination>
+ -->
+ <jaxws:endpoint xmlns:s="http://apache.org/hello_world_soap_http" id="server" endpointName="s:SoapPort" serviceName="s:SOAPService" implementor="demo.wssec.server.GreeterImpl" address="https://localhost:9001/SoapContext/SoapPort" wsdlLocation="src/main/config/hello_world.wsdl" depends-on="ClientAuthHttpsSettings">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler" value="demo.wssec.server.UTPasswordCallback"/>
+ <!--<entry key="passwordCallbackRef">
+ <ref bean="myPasswordCallback"/>
+ </entry>-->
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+ <!--
+ <bean id="myPasswordCallback"
+ class="demo.hw_https.server.UTPasswordCallback"/>
+ -->
+ <httpj:engine-factory id="ClientAuthHttpsSettings">
+ <httpj:engine port="9001">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="skpass">
+ <sec:keyStore file="src/main/config/serviceKeystore.jks" password="sspass" type="JKS"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore file="src/main/config/serviceKeystore.jks" password="sspass" type="JKS"/>
+ </sec:trustManagers>
+ <sec:cipherSuitesFilter>
+ <!-- these filters ensure that a ciphersuite with
+ export-suitable or null encryption is used,
+ but exclude anonymous Diffie-Hellman key change as
+ this is vulnerable to man-in-the-middle attacks -->
+ <sec:include>.*_EXPORT_.*</sec:include>
+ <sec:include>.*_EXPORT1024_.*</sec:include>
+ <sec:include>.*_WITH_DES_.*</sec:include>
+ <sec:include>.*_WITH_AES_.*</sec:include>
+ <sec:include>.*_WITH_NULL_.*</sec:include>
+ <sec:exclude>.*_DH_anon_.*</sec:exclude>
+ </sec:cipherSuitesFilter>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpj:tlsServerParameters>
+ </httpj:engine>
+ </httpj:engine-factory>
+</beans>