You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2011/08/15 11:06:33 UTC
svn commit: r1157743 - in /cxf/trunk:
rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/
systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/
Author: sergeyb
Date: Mon Aug 15 09:06:33 2011
New Revision: 1157743
URL: http://svn.apache.org/viewvc?rev=1157743&view=rev
Log:
[CXF-3677] Updating tests to receive encrypted content on the client side
Added:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java (with props)
Modified:
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncInHandler.java
cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/server.xml
Added: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java?rev=1157743&view=auto
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java (added)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java Mon Aug 15 09:06:33 2011
@@ -0,0 +1,247 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.rs.security.xml;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+import java.util.logging.Logger;
+
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import javax.security.auth.callback.CallbackHandler;
+import javax.xml.stream.XMLStreamReader;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.common.util.Base64Exception;
+import org.apache.cxf.common.util.Base64Utility;
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.rs.security.common.CryptoLoader;
+import org.apache.cxf.rs.security.common.SecurityUtils;
+import org.apache.cxf.rs.security.common.TrustValidator;
+import org.apache.cxf.staxutils.W3CDOMStreamReader;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.xml.security.encryption.XMLCipher;
+import org.apache.xml.security.encryption.XMLEncryptionException;
+import org.apache.xml.security.utils.Constants;
+
+
+public abstract class AbstractXmlEncInHandler {
+ private static final Logger LOG =
+ LogUtils.getL7dLogger(AbstractXmlEncInHandler.class);
+
+ static {
+ WSSConfig.init();
+ }
+
+
+ public void decryptContent(Message message) {
+ Message outMs = message.getExchange().getOutMessage();
+ Message inMsg = outMs == null ? message : outMs.getExchange().getInMessage();
+ String method = (String)inMsg.get(Message.HTTP_REQUEST_METHOD);
+ if ("GET".equals(method)) {
+ return;
+ }
+
+ InputStream is = message.getContent(InputStream.class);
+ Document doc = null;
+ try {
+ doc = DOMUtils.readXml(is);
+ } catch (Exception ex) {
+ String errorMessage = "Invalid XML payload";
+ LOG.warning(errorMessage);
+ throwFault(errorMessage, ex);
+ }
+
+
+ Element root = doc.getDocumentElement();
+
+ byte[] symmetricKeyBytes = getSymmetricKeyBytes(message, root);
+
+ String algorithm = getEncodingMethodAlgorithm(root);
+ byte[] decryptedPayload = null;
+ try {
+ decryptedPayload = decryptPayload(root, symmetricKeyBytes, algorithm);
+ } catch (Exception ex) {
+ throwFault("Payload can not be decrypted", ex);
+ }
+
+ Document payloadDoc = null;
+ try {
+ payloadDoc = DOMUtils.readXml(new InputStreamReader(new ByteArrayInputStream(decryptedPayload),
+ "UTF-8"));
+ } catch (Exception ex) {
+ throwFault("Payload document can not be created", ex);
+ }
+ message.setContent(XMLStreamReader.class,
+ new W3CDOMStreamReader(payloadDoc));
+ message.setContent(InputStream.class, null);
+ }
+
+ // Subclasses can overwrite it and return the bytes, assuming they know the actual key
+ protected byte[] getSymmetricKeyBytes(Message message, Element encDataElement) {
+ Crypto crypto = null;
+ try {
+ crypto = new CryptoLoader().getCrypto(message,
+ SecurityConstants.ENCRYPT_CRYPTO,
+ SecurityConstants.ENCRYPT_PROPERTIES);
+ } catch (Exception ex) {
+ throwFault("Crypto can not be loaded", ex);
+ }
+
+ Element encKeyElement = getNode(encDataElement, WSConstants.ENC_NS, "EncryptedKey", 0);
+ if (encKeyElement == null) {
+ //TODO: support EncryptedData/ds:KeyInfo - the encrypted key is passed out of band
+ throwFault("EncryptedKey element is not available", null);
+ }
+
+ X509Certificate cert = loadCertificate(crypto, encKeyElement);
+
+ try {
+ new TrustValidator().validateTrust(crypto, cert, null);
+ } catch (Exception ex) {
+ throwFault(ex.getMessage(), ex);
+ }
+
+ // now start decrypting
+ String algorithm = getEncodingMethodAlgorithm(encKeyElement);
+ Element cipherValue = getNode(encKeyElement, WSConstants.ENC_NS,
+ "CipherValue", 0);
+ if (cipherValue == null) {
+ throwFault("CipherValue element is not available", null);
+ }
+ try {
+ return decryptSymmetricKey(cipherValue.getTextContent().trim(),
+ cert,
+ crypto,
+ algorithm,
+ message);
+ } catch (Exception ex) {
+ throwFault(ex.getMessage(), ex);
+ }
+ return null;
+ }
+
+ private X509Certificate loadCertificate(Crypto crypto, Element encKeyElement) {
+ /**
+ * TODO: the following can be easily supported too
+ <X509SKI>31d97bd7</X509SKI>
+ <X509SubjectName>Subject of Certificate B</X509SubjectName>
+ *
+ */
+
+ Element certNode = getNode(encKeyElement,
+ Constants.SignatureSpecNS, "X509Certificate", 0);
+ if (certNode != null) {
+ try {
+ return SecurityUtils.loadX509Certificate(crypto, certNode);
+ } catch (Exception ex) {
+ throwFault("X509Certificate can not be created", ex);
+ }
+ }
+ certNode = getNode(encKeyElement,
+ Constants.SignatureSpecNS, "X509IssuerSerial", 0);
+ if (certNode != null) {
+ try {
+ return SecurityUtils.loadX509IssuerSerial(crypto, certNode);
+ } catch (Exception ex) {
+ throwFault("X509Certificate can not be created", ex);
+ }
+ }
+ throwFault("Certificate is missing", null);
+ return null;
+ }
+
+ private String getEncodingMethodAlgorithm(Element parent) {
+ Element encMethod = getNode(parent, WSConstants.ENC_NS, "EncryptionMethod", 0);
+ if (encMethod == null) {
+ throwFault("EncryptionMethod element is not available", null);
+ }
+ return encMethod.getAttribute("Algorithm");
+ }
+
+ //TODO: Support symmetric keys if requested
+ protected byte[] decryptSymmetricKey(String base64EncodedKey,
+ X509Certificate cert,
+ Crypto crypto,
+ String keyEncAlgo,
+ Message message) throws WSSecurityException {
+ CallbackHandler callback = SecurityUtils.getCallbackHandler(message, this.getClass());
+ PrivateKey key = null;
+ try {
+ key = crypto.getPrivateKey(cert, callback);
+ } catch (Exception ex) {
+ throwFault("Encrypted key can not be decrypted", ex);
+ }
+ Cipher cipher =
+ EncryptionUtils.initCipherWithKey(keyEncAlgo, Cipher.DECRYPT_MODE, key);
+ try {
+ byte[] encryptedBytes = Base64Utility.decode(base64EncodedKey);
+ return cipher.doFinal(encryptedBytes);
+ } catch (Base64Exception ex) {
+ throwFault("Base64 decoding has failed", ex);
+ } catch (Exception ex) {
+ throwFault("Encrypted key can not be decrypted", ex);
+ }
+ return null;
+
+ }
+
+ protected byte[] decryptPayload(Element root,
+ byte[] secretKeyBytes,
+ String symEncAlgo) throws WSSecurityException {
+ SecretKey key = WSSecurityUtil.prepareSecretKey(symEncAlgo, secretKeyBytes);
+ try {
+ XMLCipher xmlCipher =
+ EncryptionUtils.initXMLCipher(symEncAlgo, XMLCipher.DECRYPT_MODE, key);
+ return xmlCipher.decryptToByteArray(root);
+ } catch (XMLEncryptionException ex) {
+ throw new WSSecurityException(
+ WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, ex
+ );
+ }
+
+ }
+
+
+ private Element getNode(Element parent, String ns, String name, int index) {
+ NodeList list = parent.getElementsByTagNameNS(ns, name);
+ if (list != null && list.getLength() >= index + 1) {
+ return (Element)list.item(index);
+ }
+ return null;
+ }
+
+
+ protected abstract void throwFault(String error, Exception ex);
+
+}
Propchange: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncInHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncInHandler.java?rev=1157743&r1=1157742&r2=1157743&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncInHandler.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncInHandler.java Mon Aug 15 09:06:33 2011
@@ -19,231 +19,27 @@
package org.apache.cxf.rs.security.xml;
-import java.io.ByteArrayInputStream;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.security.PrivateKey;
-import java.security.cert.X509Certificate;
import java.util.logging.Logger;
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-import javax.security.auth.callback.CallbackHandler;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
-import javax.xml.stream.XMLStreamReader;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.NodeList;
-
import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.util.Base64Exception;
-import org.apache.cxf.common.util.Base64Utility;
-import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.jaxrs.ext.RequestHandler;
import org.apache.cxf.jaxrs.model.ClassResourceInfo;
import org.apache.cxf.message.Message;
-import org.apache.cxf.rs.security.common.CryptoLoader;
-import org.apache.cxf.rs.security.common.SecurityUtils;
-import org.apache.cxf.rs.security.common.TrustValidator;
-import org.apache.cxf.staxutils.W3CDOMStreamReader;
-import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSConfig;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.util.WSSecurityUtil;
-import org.apache.xml.security.encryption.XMLCipher;
-import org.apache.xml.security.encryption.XMLEncryptionException;
-import org.apache.xml.security.utils.Constants;
-public class XmlEncInHandler implements RequestHandler {
+public class XmlEncInHandler extends AbstractXmlEncInHandler implements RequestHandler {
private static final Logger LOG =
LogUtils.getL7dLogger(XmlEncInHandler.class);
- static {
- WSSConfig.init();
- }
-
public Response handleRequest(Message message, ClassResourceInfo resourceClass) {
- String method = (String)message.get(Message.HTTP_REQUEST_METHOD);
- if ("GET".equals(method)) {
- return null;
- }
-
- InputStream is = message.getContent(InputStream.class);
- Document doc = null;
- try {
- doc = DOMUtils.readXml(is);
- } catch (Exception ex) {
- throwFault("Invalid XML payload", ex);
- }
-
-
- Element root = doc.getDocumentElement();
-
- byte[] symmetricKeyBytes = getSymmetricKeyBytes(message, root);
-
- String algorithm = getEncodingMethodAlgorithm(root);
- byte[] decryptedPayload = null;
- try {
- decryptedPayload = decryptPayload(root, symmetricKeyBytes, algorithm);
- } catch (Exception ex) {
- throwFault("Payload can not be decrypted", ex);
- }
-
- Document payloadDoc = null;
- try {
- payloadDoc = DOMUtils.readXml(new InputStreamReader(new ByteArrayInputStream(decryptedPayload),
- "UTF-8"));
- } catch (Exception ex) {
- throwFault("Payload document can not be created", ex);
- }
- message.setContent(XMLStreamReader.class,
- new W3CDOMStreamReader(payloadDoc));
- message.setContent(InputStream.class, null);
- return null;
- }
-
- // Subclasses can overwrite it and return the bytes, assuming they know the actual key
- protected byte[] getSymmetricKeyBytes(Message message, Element encDataElement) {
- Crypto crypto = null;
- try {
- crypto = new CryptoLoader().getCrypto(message,
- SecurityConstants.ENCRYPT_CRYPTO,
- SecurityConstants.ENCRYPT_PROPERTIES);
- } catch (Exception ex) {
- throwFault("Crypto can not be loaded", ex);
- }
-
- Element encKeyElement = getNode(encDataElement, WSConstants.ENC_NS, "EncryptedKey", 0);
- if (encKeyElement == null) {
- //TODO: support EncryptedData/ds:KeyInfo - the encrypted key is passed out of band
- throwFault("EncryptedKey element is not available", null);
- }
-
- X509Certificate cert = loadCertificate(crypto, encKeyElement);
-
- try {
- new TrustValidator().validateTrust(crypto, cert, null);
- } catch (Exception ex) {
- throwFault(ex.getMessage(), ex);
- }
-
- // now start decrypting
- String algorithm = getEncodingMethodAlgorithm(encKeyElement);
- Element cipherValue = getNode(encKeyElement, WSConstants.ENC_NS,
- "CipherValue", 0);
- if (cipherValue == null) {
- throwFault("CipherValue element is not available", null);
- }
- try {
- return decryptSymmetricKey(cipherValue.getTextContent().trim(),
- cert,
- crypto,
- algorithm,
- message);
- } catch (Exception ex) {
- throwFault(ex.getMessage(), ex);
- }
- return null;
- }
-
- private X509Certificate loadCertificate(Crypto crypto, Element encKeyElement) {
- /**
- * TODO: the following can be easily supported too
- <X509SKI>31d97bd7</X509SKI>
- <X509SubjectName>Subject of Certificate B</X509SubjectName>
- *
- */
-
- Element certNode = getNode(encKeyElement,
- Constants.SignatureSpecNS, "X509Certificate", 0);
- if (certNode != null) {
- try {
- return SecurityUtils.loadX509Certificate(crypto, certNode);
- } catch (Exception ex) {
- throwFault("X509Certificate can not be created", ex);
- }
- }
- certNode = getNode(encKeyElement,
- Constants.SignatureSpecNS, "X509IssuerSerial", 0);
- if (certNode != null) {
- try {
- return SecurityUtils.loadX509IssuerSerial(crypto, certNode);
- } catch (Exception ex) {
- throwFault("X509Certificate can not be created", ex);
- }
- }
- throwFault("Certificate is missing", null);
- return null;
- }
-
- private String getEncodingMethodAlgorithm(Element parent) {
- Element encMethod = getNode(parent, WSConstants.ENC_NS, "EncryptionMethod", 0);
- if (encMethod == null) {
- throwFault("EncryptionMethod element is not available", null);
- }
- return encMethod.getAttribute("Algorithm");
- }
-
- //TODO: Support symmetric keys if requested
- protected byte[] decryptSymmetricKey(String base64EncodedKey,
- X509Certificate cert,
- Crypto crypto,
- String keyEncAlgo,
- Message message) throws WSSecurityException {
- CallbackHandler callback = SecurityUtils.getCallbackHandler(message, this.getClass());
- PrivateKey key = null;
- try {
- key = crypto.getPrivateKey(cert, callback);
- } catch (Exception ex) {
- throwFault("Encrypted key can not be decrypted", ex);
- }
- Cipher cipher =
- EncryptionUtils.initCipherWithKey(keyEncAlgo, Cipher.DECRYPT_MODE, key);
- try {
- byte[] encryptedBytes = Base64Utility.decode(base64EncodedKey);
- return cipher.doFinal(encryptedBytes);
- } catch (Base64Exception ex) {
- throwFault("Base64 decoding has failed", ex);
- } catch (Exception ex) {
- throwFault("Encrypted key can not be decrypted", ex);
- }
- return null;
-
- }
-
- protected byte[] decryptPayload(Element root,
- byte[] secretKeyBytes,
- String symEncAlgo) throws WSSecurityException {
- SecretKey key = WSSecurityUtil.prepareSecretKey(symEncAlgo, secretKeyBytes);
- try {
- XMLCipher xmlCipher =
- EncryptionUtils.initXMLCipher(symEncAlgo, XMLCipher.DECRYPT_MODE, key);
- return xmlCipher.decryptToByteArray(root);
- } catch (XMLEncryptionException ex) {
- throw new WSSecurityException(
- WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, ex
- );
- }
-
- }
-
-
- private Element getNode(Element parent, String ns, String name, int index) {
- NodeList list = parent.getElementsByTagNameNS(ns, name);
- if (list != null && list.getLength() >= index + 1) {
- return (Element)list.item(index);
- }
+ decryptContent(message);
return null;
}
-
protected void throwFault(String error, Exception ex) {
// TODO: get bundle resource message once this filter is moved
// to rt/rs/security
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java?rev=1157743&r1=1157742&r2=1157743&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java Mon Aug 15 09:06:33 2011
@@ -53,6 +53,7 @@ import org.apache.ws.security.util.UUIDG
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.encryption.XMLCipher;
+import org.apache.xml.security.utils.EncryptionConstants;
public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
@@ -76,6 +77,9 @@ public class XmlEncOutInterceptor extend
}
public void setSymmetricEncAlgorithm(String algo) {
+ if (!algo.startsWith(EncryptionConstants.EncryptionSpecNS)) {
+ algo = EncryptionConstants.EncryptionSpecNS + algo;
+ }
symEncAlgo = algo;
}
Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java?rev=1157743&r1=1157742&r2=1157743&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java (original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java Mon Aug 15 09:06:33 2011
@@ -30,6 +30,7 @@ import org.apache.cxf.jaxrs.client.JAXRS
import org.apache.cxf.jaxrs.client.ServerWebApplicationException;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.rs.security.common.SecurityUtils;
+import org.apache.cxf.rs.security.xml.XmlEncInInterceptor;
import org.apache.cxf.rs.security.xml.XmlEncOutInterceptor;
import org.apache.cxf.rs.security.xml.XmlSigOutInterceptor;
import org.apache.cxf.systest.jaxrs.security.Book;
@@ -215,6 +216,7 @@ public class JAXRSXmlSecTest extends Abs
encInterceptor.setSymmetricEncAlgorithm(XMLCipher.AES_128);
bean.getOutInterceptors().add(encInterceptor);
+ bean.getInInterceptors().add(new XmlEncInInterceptor());
WebClient wc = bean.createWebClient();
try {
Modified: cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/server.xml?rev=1157743&r1=1157742&r2=1157743&view=diff
==============================================================================
--- cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/server.xml (original)
+++ cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/server.xml Mon Aug 15 09:06:33 2011
@@ -67,6 +67,9 @@ under the License.
<bean id="serviceBean" class="org.apache.cxf.systest.jaxrs.security.BookStore"/>
<bean id="xmlSigHandler" class="org.apache.cxf.rs.security.xml.XmlSigInHandler"/>
<bean id="xmlEncHandler" class="org.apache.cxf.rs.security.xml.XmlEncInHandler"/>
+ <bean id="xmlEncOutHandler" class="org.apache.cxf.rs.security.xml.XmlEncOutInterceptor">
+ <property name="symmetricEncAlgorithm" value="aes128-cbc"/>
+ </bean>
<jaxrs:server
address="https://localhost:${testutil.ports.jaxrs-xmlsec}/xmlsig">
@@ -90,7 +93,10 @@ under the License.
</jaxrs:serviceBeans>
<jaxrs:providers>
<ref bean="xmlEncHandler"/>
- </jaxrs:providers>
+ </jaxrs:providers>
+ <jaxrs:outInterceptors>
+ <ref bean="xmlEncOutHandler"/>
+ </jaxrs:outInterceptors>
<jaxrs:properties>
<entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
@@ -109,6 +115,9 @@ under the License.
<ref bean="xmlEncHandler"/>
<ref bean="xmlSigHandler"/>
</jaxrs:providers>
+ <jaxrs:outInterceptors>
+ <ref bean="xmlEncOutHandler"/>
+ </jaxrs:outInterceptors>
<jaxrs:properties>
<entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
@@ -130,6 +139,9 @@ under the License.
<ref bean="xmlEncHandler"/>
<ref bean="xmlSigHandler"/>
</jaxrs:providers>
+ <jaxrs:outInterceptors>
+ <ref bean="xmlEncOutHandler"/>
+ </jaxrs:outInterceptors>
<jaxrs:properties>
<entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>