You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2012/04/10 18:20:55 UTC
svn commit: r1311833 - in /cxf/trunk:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/
services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/re...
Author: coheigea
Date: Tue Apr 10 16:20:54 2012
New Revision: 1311833
URL: http://svn.apache.org/viewvc?rev=1311833&view=rev
Log:
[CXF-4158] - Added some initial system tests for renewing SAML tokens & did some reshuffling in the STSClient
Added:
cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/
cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/SAMLRenewUnitTest.java
cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/STSServer.java
cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/Server.java
cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/
cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/cxf-client-unit.xml
cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/cxf-sts.xml
cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/ws-trust-1.4-service.wsdl
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java?rev=1311833&r1=1311832&r2=1311833&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java Tue Apr 10 16:20:54 2012
@@ -68,7 +68,7 @@ class SecureConversationOutInterceptor e
if (tok == null) {
tok = issueToken(message, aim, itok);
} else {
- renewToken(message, aim, tok, itok);
+ tok = renewToken(message, aim, tok, itok);
}
if (tok != null) {
for (AssertionInfo ai : ais) {
@@ -91,12 +91,12 @@ class SecureConversationOutInterceptor e
}
- private void renewToken(SoapMessage message,
+ private SecurityToken renewToken(SoapMessage message,
AssertionInfoMap aim,
SecurityToken tok,
SecureConversationToken itok) {
if (!tok.isExpired()) {
- return;
+ return tok;
}
STSClient client = STSUtils.getClient(message, "sct");
@@ -107,7 +107,7 @@ class SecureConversationOutInterceptor e
maps = (AddressingProperties)message
.get("javax.xml.ws.addressing.context");
} else if (maps.getAction().getValue().endsWith("Renew")) {
- return;
+ return tok;
}
synchronized (client) {
try {
@@ -122,7 +122,7 @@ class SecureConversationOutInterceptor e
if (maps != null) {
client.setAddressingNamespace(maps.getNamespaceURI());
}
- client.renewSecurityToken(tok);
+ return client.renewSecurityToken(tok);
} catch (RuntimeException e) {
throw e;
} catch (Exception e) {
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=1311833&r1=1311832&r2=1311833&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java Tue Apr 10 16:20:54 2012
@@ -685,11 +685,7 @@ public class STSClient implements Config
if (target != null) {
writer.writeStartElement("wst", "RenewTarget", namespace);
client.getRequestContext().put(SecurityConstants.TOKEN, target);
- Element el = target.getUnattachedReference();
- if (el == null) {
- el = target.getAttachedReference();
- }
- StaxUtils.copy(el, writer);
+ StaxUtils.copy(target.getToken(), writer);
writer.writeEndElement();
}
@@ -852,12 +848,79 @@ public class STSClient implements Config
return (Element)nd;
}
- public void renewSecurityToken(SecurityToken tok) throws Exception {
- String action = null;
+ public SecurityToken renewSecurityToken(SecurityToken tok) throws Exception {
+ createClient();
+ BindingOperationInfo boi = findOperation("/RST/Renew");
+
+ client.getRequestContext().putAll(ctx);
if (isSecureConv) {
- action = namespace + "/RST/SCT/Renew";
+ client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, namespace + "/RST/SCT/Renew");
+ } else {
+ client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, namespace + "/RST/Renew");
+ }
+
+ W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
+ writer.writeStartElement("wst", "RequestSecurityToken", namespace);
+ writer.writeNamespace("wst", namespace);
+ if (context != null) {
+ writer.writeAttribute(null, "Context", context);
+ }
+
+ String sptt = null;
+ if (template != null) {
+ if (this.useSecondaryParameters()) {
+ writer.writeStartElement("wst", "SecondaryParameters", namespace);
+ }
+
+ Element tl = DOMUtils.getFirstElement(template);
+ while (tl != null) {
+ StaxUtils.copy(tl, writer);
+ if ("TokenType".equals(tl.getLocalName())) {
+ sptt = DOMUtils.getContent(tl);
+ }
+ tl = DOMUtils.getNextElement(tl);
+ }
+
+ if (this.useSecondaryParameters()) {
+ writer.writeEndElement();
+ }
+ }
+
+ if (isSpnego) {
+ tokenType = STSUtils.getTokenTypeSCT(namespace);
}
- requestSecurityToken(tok.getIssuerAddress(), action, "/Renew", tok);
+
+ addRequestType("/Renew", writer);
+ if (enableAppliesTo) {
+ addAppliesTo(writer, tok.getIssuerAddress());
+ }
+
+ if (sptt == null) {
+ addTokenType(writer);
+ }
+ if (isSecureConv || enableLifetime) {
+ addLifetime(writer);
+ }
+
+ writer.writeStartElement("wst", "RenewTarget", namespace);
+ client.getRequestContext().put(SecurityConstants.TOKEN, tok);
+ StaxUtils.copy(tok.getToken(), writer);
+ writer.writeEndElement();
+
+ writer.writeEndElement();
+
+ Object obj[] = client.invoke(boi, new DOMSource(writer.getDocument().getDocumentElement()));
+
+ SecurityToken token = createSecurityToken(getDocumentElement((DOMSource)obj[0]), null);
+ if (token.getTokenType() == null) {
+ if (sptt != null) {
+ token.setTokenType(sptt);
+ } else if (tokenType != null) {
+ token.setTokenType(tokenType);
+ }
+ }
+ return token;
+
}
protected PrimitiveAssertion getAddressingAssertion() {
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/SAMLRenewUnitTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/SAMLRenewUnitTest.java?rev=1311833&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/SAMLRenewUnitTest.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/SAMLRenewUnitTest.java Tue Apr 10 16:20:54 2012
@@ -0,0 +1,234 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.renew;
+
+import java.net.URL;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.systest.sts.common.SecurityTestUtil;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.trust.STSClient;
+import org.apache.ws.security.WSConstants;
+import org.junit.BeforeClass;
+
+/**
+ * In this test case, a CXF client requests a SAML Token from an STS and then tries to renew it.
+ */
+public class SAMLRenewUnitTest extends AbstractBusClientServerTestBase {
+
+ static final String STSPORT = allocatePort(STSServer.class);
+
+ @BeforeClass
+ public static void startServers() throws Exception {
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(STSServer.class, true)
+ );
+ }
+
+ @org.junit.AfterClass
+ public static void cleanup() {
+ SecurityTestUtil.cleanup();
+ }
+
+ @org.junit.Test
+ public void testRenewSAML1Token() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SAMLRenewUnitTest.class.getResource("cxf-client-unit.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ String wsdlLocation =
+ "https://localhost:" + STSPORT + "/SecurityTokenService/Transport?wsdl";
+
+ // Request the token
+ SecurityToken token = requestSecurityToken(bus, wsdlLocation, WSConstants.WSS_SAML_TOKEN_TYPE, 5);
+ assertNotNull(token);
+ // Sleep to expire the token
+ Thread.sleep(5000);
+
+ // Renew the token
+ SecurityToken renewedToken = renewSecurityToken(bus, wsdlLocation, token);
+ assertFalse(token.equals(renewedToken));
+
+ // Try to validate old token -> fail.
+ try {
+ validateSecurityToken(bus, wsdlLocation, token);
+ fail("Failure expected on trying to renew the old token");
+ } catch (Exception ex) {
+ // expected
+ }
+
+ // Validate the renewed token
+ validateSecurityToken(bus, wsdlLocation, renewedToken);
+ }
+
+ @org.junit.Test
+ public void testRenewSAML2Token() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SAMLRenewUnitTest.class.getResource("cxf-client-unit.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ String wsdlLocation =
+ "https://localhost:" + STSPORT + "/SecurityTokenService/Transport?wsdl";
+
+ // Request the token
+ SecurityToken token = requestSecurityToken(bus, wsdlLocation, WSConstants.WSS_SAML2_TOKEN_TYPE, 5);
+ assertNotNull(token);
+ // Sleep to expire the token
+ Thread.sleep(5000);
+
+ // Renew the token
+ SecurityToken renewedToken = renewSecurityToken(bus, wsdlLocation, token);
+ assertFalse(token.equals(renewedToken));
+
+ // Try to validate old token -> fail.
+ try {
+ validateSecurityToken(bus, wsdlLocation, token);
+ fail("Failure expected on trying to renew the old token");
+ } catch (Exception ex) {
+ // expected
+ }
+
+ // Validate the renewed token
+ validateSecurityToken(bus, wsdlLocation, renewedToken);
+ }
+
+ @org.junit.Test
+ public void testRenewValidSAML1Token() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SAMLRenewUnitTest.class.getResource("cxf-client-unit.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ String wsdlLocation =
+ "https://localhost:" + STSPORT + "/SecurityTokenService/Transport?wsdl";
+
+ // Request the token
+ SecurityToken token = requestSecurityToken(bus, wsdlLocation, WSConstants.WSS_SAML_TOKEN_TYPE, 300);
+ assertNotNull(token);
+
+ // Validate the token
+ List<SecurityToken> validatedTokens = validateSecurityToken(bus, wsdlLocation, token);
+ assertFalse(validatedTokens.isEmpty());
+ assertTrue(validatedTokens.get(0).equals(token));
+
+ // Renew the token - this should fail as the STS will reject an attempt to renew a valid token
+ // unless it has been configured otherwise
+ try {
+ renewSecurityToken(bus, wsdlLocation, token);
+ fail("Failure expected on trying to renew a valid token");
+ } catch (Exception ex) {
+ // expected
+ }
+ }
+
+ private SecurityToken requestSecurityToken(
+ Bus bus, String wsdlLocation, String tokenType, int ttl
+ ) throws Exception {
+ STSClient stsClient = new STSClient(bus);
+ stsClient.setWsdlLocation(wsdlLocation);
+ stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
+ stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port");
+ stsClient.setTokenType(tokenType);
+ stsClient.setKeyType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer");
+
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put(SecurityConstants.USERNAME, "alice");
+ properties.put(
+ SecurityConstants.CALLBACK_HANDLER,
+ "org.apache.cxf.systest.sts.common.CommonCallbackHandler"
+ );
+ properties.put(SecurityConstants.STS_TOKEN_PROPERTIES, "serviceKeystore.properties");
+
+ stsClient.setTtl(ttl);
+ stsClient.setEnableLifetime(true);
+
+ stsClient.setProperties(properties);
+ stsClient.setRequiresEntropy(true);
+ stsClient.setKeySize(128);
+ stsClient.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
+
+ return stsClient.requestSecurityToken("https://localhost:8081/doubleit/services/doubleittransport");
+ }
+
+ private List<SecurityToken> validateSecurityToken(
+ Bus bus, String wsdlLocation, SecurityToken securityToken
+ ) throws Exception {
+ STSClient stsClient = new STSClient(bus);
+ stsClient.setWsdlLocation(wsdlLocation);
+ stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
+ stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port");
+
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put(SecurityConstants.USERNAME, "alice");
+ properties.put(
+ SecurityConstants.CALLBACK_HANDLER,
+ "org.apache.cxf.systest.sts.common.CommonCallbackHandler"
+ );
+ properties.put(SecurityConstants.STS_TOKEN_PROPERTIES, "serviceKeystore.properties");
+
+ stsClient.setProperties(properties);
+ stsClient.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
+
+ return stsClient.validateSecurityToken(securityToken);
+ }
+
+ private SecurityToken renewSecurityToken(
+ Bus bus, String wsdlLocation, SecurityToken securityToken
+ ) throws Exception {
+ STSClient stsClient = new STSClient(bus);
+ stsClient.setWsdlLocation(wsdlLocation);
+ stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
+ stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port");
+
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put(SecurityConstants.USERNAME, "alice");
+ properties.put(
+ SecurityConstants.CALLBACK_HANDLER,
+ "org.apache.cxf.systest.sts.common.CommonCallbackHandler"
+ );
+ properties.put(SecurityConstants.STS_TOKEN_PROPERTIES, "serviceKeystore.properties");
+
+ stsClient.setEnableAppliesTo(false);
+ // Request a token with a TTL of 60 minutes
+ stsClient.setTtl(60 * 60);
+ stsClient.setEnableLifetime(true);
+ stsClient.setProperties(properties);
+ stsClient.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
+
+ return stsClient.renewSecurityToken(securityToken);
+ }
+
+}
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/STSServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/STSServer.java?rev=1311833&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/STSServer.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/STSServer.java Tue Apr 10 16:20:54 2012
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.renew;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class STSServer extends AbstractBusTestServerBase {
+
+ public STSServer() {
+
+ }
+
+ protected void run() {
+ URL busFile = STSServer.class.getResource("cxf-sts.xml");
+ Bus busLocal = new SpringBusFactory().createBus(busFile);
+ BusFactory.setDefaultBus(busLocal);
+ setBus(busLocal);
+
+ try {
+ new STSServer();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ public static void main(String args[]) {
+ new STSServer().run();
+ }
+}
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/Server.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/Server.java?rev=1311833&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/Server.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/Server.java Tue Apr 10 16:20:54 2012
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.renew;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class Server extends AbstractBusTestServerBase {
+
+ public Server() {
+
+ }
+
+ protected void run() {
+ URL busFile = Server.class.getResource("cxf-service.xml");
+ Bus busLocal = new SpringBusFactory().createBus(busFile);
+ BusFactory.setDefaultBus(busLocal);
+ setBus(busLocal);
+
+ try {
+ new Server();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
Added: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/cxf-client-unit.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/cxf-client-unit.xml?rev=1311833&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/cxf-client-unit.xml (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/cxf-client-unit.xml Tue Apr 10 16:20:54 2012
@@ -0,0 +1,52 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:jaxws="http://cxf.apache.org/jaxws"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xsi:schemaLocation="
+http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd
+http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
+
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+
+ <http:conduit name="https://localhost:.*">
+ <http:tlsClientParameters disableCNCheck="true">
+ <sec:trustManagers>
+ <sec:keyStore type="jks" password="cspass" resource="clientstore.jks"/>
+ </sec:trustManagers>
+ <sec:keyManagers keyPassword="ckpass">
+ <sec:keyStore type="jks" password="cspass" resource="clientstore.jks"/>
+ </sec:keyManagers>
+ </http:tlsClientParameters>
+ </http:conduit>
+
+</beans>
+
Added: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/cxf-sts.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/cxf-sts.xml?rev=1311833&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/cxf-sts.xml (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/cxf-sts.xml Tue Apr 10 16:20:54 2012
@@ -0,0 +1,192 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+ xmlns:jaxws="http://cxf.apache.org/jaxws"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xsi:schemaLocation="
+ http://cxf.apache.org/core
+ http://cxf.apache.org/schemas/core.xsd
+ http://cxf.apache.org/configuration/security
+ http://cxf.apache.org/schemas/configuration/security.xsd
+ http://cxf.apache.org/jaxws
+ http://cxf.apache.org/schemas/jaxws.xsd
+ http://cxf.apache.org/transports/http/configuration
+ http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration
+ http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/util
+ http://www.springframework.org/schema/util/spring-util-2.0.xsd">
+
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+
+ <bean id="transportSTSProviderBean"
+ class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
+ <property name="issueOperation" ref="transportIssueDelegate" />
+ <property name="validateOperation" ref="transportValidateDelegate" />
+ <property name="renewOperation" ref="transportRenewDelegate" />
+ </bean>
+
+ <bean id="transportIssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation">
+ <property name="tokenProviders" ref="transportTokenProviders" />
+ <property name="services" ref="transportService" />
+ <property name="stsProperties" ref="transportSTSProperties" />
+ <property name="claimsManager" ref="claimsManager" />
+ <property name="tokenStore" ref="defaultTokenStore" />
+ </bean>
+
+ <bean id="transportValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation">
+ <property name="tokenProviders" ref="transportTokenProviders" />
+ <property name="tokenValidators" ref="transportTokenValidators" />
+ <property name="stsProperties" ref="transportSTSProperties" />
+ <property name="tokenStore" ref="defaultTokenStore" />
+ </bean>
+
+ <bean id="transportRenewDelegate" class="org.apache.cxf.sts.operation.TokenRenewOperation">
+ <property name="tokenRenewers" ref="transportTokenRenewers" />
+ <property name="tokenValidators" ref="transportTokenValidators" />
+ <property name="stsProperties" ref="transportSTSProperties" />
+ <property name="tokenStore" ref="defaultTokenStore" />
+ </bean>
+
+ <bean id="defaultTokenStore" class="org.apache.cxf.sts.cache.DefaultInMemoryTokenStore">
+ </bean>
+
+ <util:list id="transportTokenProviders">
+ <ref bean="transportSamlTokenProvider" />
+ </util:list>
+
+ <util:list id="transportTokenValidators">
+ <ref bean="transportSamlTokenValidator" />
+ </util:list>
+
+ <util:list id="transportTokenRenewers">
+ <ref bean="transportSamlTokenRenewer" />
+ </util:list>
+
+ <bean id="transportSamlTokenProvider" class="org.apache.cxf.sts.token.provider.SAMLTokenProvider">
+ <property name="attributeStatementProviders" ref="attributeStatementProvidersList" />
+ <property name="conditionsProvider" ref="SAMLConditionsProvider"/>
+ </bean>
+
+ <util:list id="attributeStatementProvidersList">
+ <ref bean="defaultAttributeProvider" />
+ <ref bean="customAttributeProvider" />
+ </util:list>
+
+ <bean id="defaultAttributeProvider"
+ class="org.apache.cxf.sts.token.provider.DefaultAttributeStatementProvider">
+ </bean>
+
+ <bean id="customAttributeProvider"
+ class="org.apache.cxf.systest.sts.deployment.CustomAttributeStatementProvider">
+ </bean>
+
+ <bean id="claimsManager" class="org.apache.cxf.sts.claims.ClaimsManager">
+ <property name="claimHandlers" ref="claimHandlerList" />
+ </bean>
+
+ <util:list id="claimHandlerList">
+ <ref bean="customClaimsHandler" />
+ </util:list>
+
+ <bean id="customClaimsHandler"
+ class="org.apache.cxf.systest.sts.deployment.CustomClaimsHandler">
+ </bean>
+
+ <bean id="transportX509TokenValidator" class="org.apache.cxf.sts.token.validator.X509TokenValidator">
+ </bean>
+
+ <bean id="transportSamlTokenValidator" class="org.apache.cxf.sts.token.validator.SAMLTokenValidator">
+ </bean>
+
+ <bean id="transportSamlTokenRenewer" class="org.apache.cxf.sts.token.renewer.SAMLTokenRenewer">
+ <property name="verifyProofOfPossession" value="false"/>
+ <property name="conditionsProvider" ref="SAMLConditionsProvider"/>
+ </bean>
+
+ <bean id="SAMLConditionsProvider" class="org.apache.cxf.sts.token.provider.DefaultConditionsProvider">
+ <property name="acceptClientLifetime" value="true"/>
+ </bean>
+
+ <bean id="transportService" class="org.apache.cxf.sts.service.StaticService">
+ <property name="endpoints" ref="transportEndpoints" />
+ </bean>
+
+ <util:list id="transportEndpoints">
+ <value>https://localhost:(\d)*/doubleit/services/doubleittransport.*
+ </value>
+ </util:list>
+
+ <bean id="transportSTSProperties" class="org.apache.cxf.sts.StaticSTSProperties">
+ <property name="signaturePropertiesFile" value="stsKeystore.properties" />
+ <property name="signatureUsername" value="mystskey" />
+ <property name="callbackHandlerClass"
+ value="org.apache.cxf.systest.sts.common.CommonCallbackHandler" />
+ <property name="encryptionPropertiesFile" value="stsKeystore.properties" />
+ <property name="issuer" value="DoubleItSTSIssuer" />
+ <property name="encryptionUsername" value="myservicekey" />
+ </bean>
+
+ <jaxws:endpoint id="localSTS" implementor="#transportSTSProviderBean"
+ address="https://localhost:${testutil.ports.STSServer}/SecurityTokenService/Transport"
+ wsdlLocation="src/test/resources/org/apache/cxf/systest/sts/deployment/ws-trust-1.4-service.wsdl"
+ xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ depends-on="ClientAuthHttpsSettings" serviceName="ns1:SecurityTokenService"
+ endpointName="ns1:Transport_Port">
+ </jaxws:endpoint>
+
+ <httpj:engine-factory id="ClientAuthHttpsSettings"
+ bus="cxf">
+ <httpj:engine port="${testutil.ports.STSServer}">
+ <httpj:tlsServerParameters>
+ <sec:trustManagers>
+ <sec:keyStore type="jks" password="stsspass" resource="stsstore.jks" />
+ </sec:trustManagers>
+ <sec:keyManagers keyPassword="stskpass">
+ <sec:keyStore type="jks" password="stsspass" resource="stsstore.jks" />
+ </sec:keyManagers>
+ <sec:cipherSuitesFilter>
+ <sec:include>.*_EXPORT_.*</sec:include>
+ <sec:include>.*_EXPORT1024_.*</sec:include>
+ <sec:include>.*_WITH_DES_.*</sec:include>
+ <sec:include>.*_WITH_AES_.*</sec:include>
+ <sec:include>.*_WITH_NULL_.*</sec:include>
+ <sec:exclude>.*_DH_anon_.*</sec:exclude>
+ </sec:cipherSuitesFilter>
+ <sec:clientAuthentication want="true"
+ required="true" />
+ </httpj:tlsServerParameters>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+</beans>
+
Added: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/ws-trust-1.4-service.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/ws-trust-1.4-service.wsdl?rev=1311833&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/ws-trust-1.4-service.wsdl (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/ws-trust-1.4-service.wsdl Tue Apr 10 16:20:54 2012
@@ -0,0 +1,432 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<wsdl:definitions
+ targetNamespace="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ xmlns:tns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ xmlns:wstrust="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
+ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+ xmlns:wsap10="http://www.w3.org/2006/05/addressing/wsdl"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/"
+ xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
+ >
+
+ <wsdl:types>
+ <xs:schema elementFormDefault="qualified" targetNamespace='http://docs.oasis-open.org/ws-sx/ws-trust/200512'>
+
+ <xs:element name='RequestSecurityToken' type='wst:AbstractRequestSecurityTokenType' />
+ <xs:element name='RequestSecurityTokenResponse' type='wst:AbstractRequestSecurityTokenType' />
+
+ <xs:complexType name='AbstractRequestSecurityTokenType' >
+ <xs:sequence>
+ <xs:any namespace='##any' processContents='lax' minOccurs='0' maxOccurs='unbounded' />
+ </xs:sequence>
+ <xs:attribute name='Context' type='xs:anyURI' use='optional' />
+ <xs:anyAttribute namespace='##other' processContents='lax' />
+ </xs:complexType>
+ <xs:element name='RequestSecurityTokenCollection' type='wst:RequestSecurityTokenCollectionType' />
+ <xs:complexType name='RequestSecurityTokenCollectionType' >
+ <xs:sequence>
+ <xs:element name='RequestSecurityToken' type='wst:AbstractRequestSecurityTokenType' minOccurs='2' maxOccurs='unbounded'/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:element name='RequestSecurityTokenResponseCollection' type='wst:RequestSecurityTokenResponseCollectionType' />
+ <xs:complexType name='RequestSecurityTokenResponseCollectionType' >
+ <xs:sequence>
+ <xs:element ref='wst:RequestSecurityTokenResponse' minOccurs='1' maxOccurs='unbounded' />
+ </xs:sequence>
+ <xs:anyAttribute namespace='##other' processContents='lax' />
+ </xs:complexType>
+
+ </xs:schema>
+ </wsdl:types>
+
+ <!-- WS-Trust defines the following GEDs -->
+ <wsdl:message name="RequestSecurityTokenMsg">
+ <wsdl:part name="request" element="wst:RequestSecurityToken" />
+ </wsdl:message>
+ <wsdl:message name="RequestSecurityTokenResponseMsg">
+ <wsdl:part name="response"
+ element="wst:RequestSecurityTokenResponse" />
+ </wsdl:message>
+ <wsdl:message name="RequestSecurityTokenCollectionMsg">
+ <wsdl:part name="requestCollection"
+ element="wst:RequestSecurityTokenCollection"/>
+ </wsdl:message>
+ <wsdl:message name="RequestSecurityTokenResponseCollectionMsg">
+ <wsdl:part name="responseCollection"
+ element="wst:RequestSecurityTokenResponseCollection"/>
+ </wsdl:message>
+
+ <!-- This portType an example of a Requestor (or other) endpoint that
+ Accepts SOAP-based challenges from a Security Token Service -->
+ <wsdl:portType name="WSSecurityRequestor">
+ <wsdl:operation name="Challenge">
+ <wsdl:input message="tns:RequestSecurityTokenResponseMsg"/>
+ <wsdl:output message="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ </wsdl:portType>
+
+ <!-- This portType is an example of an STS supporting full protocol -->
+ <wsdl:portType name="STS">
+ <wsdl:operation name="Cancel">
+ <wsdl:input wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel" message="tns:RequestSecurityTokenMsg"/>
+ <wsdl:output wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/CancelFinal" message="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ <wsdl:operation name="Issue">
+ <wsdl:input wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" message="tns:RequestSecurityTokenMsg"/>
+ <wsdl:output wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal" message="tns:RequestSecurityTokenResponseCollectionMsg"/>
+ </wsdl:operation>
+ <wsdl:operation name="Renew">
+ <wsdl:input wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew" message="tns:RequestSecurityTokenMsg"/>
+ <wsdl:output wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/RenewFinal" message="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ <wsdl:operation name="Validate">
+ <wsdl:input wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate" message="tns:RequestSecurityTokenMsg"/>
+ <wsdl:output wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/ValidateFinal" message="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ <wsdl:operation name="KeyExchangeToken">
+ <wsdl:input wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KET" message="tns:RequestSecurityTokenMsg"/>
+ <wsdl:output wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/KETFinal" message="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ <wsdl:operation name="RequestCollection">
+ <wsdl:input message="tns:RequestSecurityTokenCollectionMsg"/>
+ <wsdl:output message="tns:RequestSecurityTokenResponseCollectionMsg"/>
+ </wsdl:operation>
+ </wsdl:portType>
+
+ <!-- This portType is an example of an endpoint that accepts
+ Unsolicited RequestSecurityTokenResponse messages -->
+ <wsdl:portType name="SecurityTokenResponseService">
+ <wsdl:operation name="RequestSecurityTokenResponse">
+ <wsdl:input message="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ </wsdl:portType>
+
+ <wsdl:binding name="Transport_Binding" type="wstrust:STS">
+ <wsp:PolicyReference URI="#Transport_policy" />
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http" />
+ <wsdl:operation name="Issue">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" />
+ <wsdl:input>
+ <wsp:PolicyReference
+ URI="#Input_policy" />
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <wsp:PolicyReference
+ URI="#Output_policy" />
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Validate">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate" />
+ <wsdl:input>
+ <wsp:PolicyReference
+ URI="#Input_policy" />
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <wsp:PolicyReference
+ URI="#Output_policy" />
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Cancel">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Renew">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="KeyExchangeToken">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="RequestCollection">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
+
+ <wsdl:binding name="Transport_Soap12_Binding" type="wstrust:STS">
+ <wsp:PolicyReference URI="#Transport_policy" />
+ <soap12:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http" />
+ <wsdl:operation name="Issue">
+ <soap12:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" />
+ <wsdl:input>
+ <wsp:PolicyReference
+ URI="#Input_policy" />
+ <soap12:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <wsp:PolicyReference
+ URI="#Output_policy" />
+ <soap12:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Validate">
+ <soap12:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate" />
+ <wsdl:input>
+ <wsp:PolicyReference
+ URI="#Input_policy" />
+ <soap12:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <wsp:PolicyReference
+ URI="#Output_policy" />
+ <soap12:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
+
+ <wsdl:binding name="Transport_Kerberos_Binding" type="wstrust:STS">
+ <wsp:PolicyReference URI="#Transport_Kerberos_policy" />
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http" />
+ <wsdl:operation name="Issue">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" />
+ <wsdl:input>
+ <wsp:PolicyReference
+ URI="#Input_policy" />
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <wsp:PolicyReference
+ URI="#Output_policy" />
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Validate">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate" />
+ <wsdl:input>
+ <wsp:PolicyReference
+ URI="#Input_policy" />
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <wsp:PolicyReference
+ URI="#Output_policy" />
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
+
+ <wsdl:service name="SecurityTokenService">
+ <wsdl:port name="Transport_Port" binding="tns:Transport_Binding">
+ <soap:address location="https://localhost:8084/SecurityTokenService/Transport" />
+ </wsdl:port>
+ <wsdl:port name="Transport_Soap12_Port" binding="tns:Transport_Soap12_Binding">
+ <soap12:address location="https://localhost:8084/SecurityTokenService/TransportSoap12" />
+ </wsdl:port>
+ <wsdl:port name="Transport_Kerberos_Port" binding="tns:Transport_Kerberos_Binding">
+ <soap:address location="https://localhost:8084/SecurityTokenService/Kerberos" />
+ </wsdl:port>
+ </wsdl:service>
+
+ <wsp:Policy wsu:Id="Transport_policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <wsap10:UsingAddressing/>
+ <sp:TransportBinding
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken>
+ <wsp:Policy>
+ <sp:RequireClientCertificate />
+ </wsp:Policy>
+ </sp:HttpsToken>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:Wss11
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier />
+ <sp:MustSupportRefIssuerSerial />
+ <sp:MustSupportRefThumbprint />
+ <sp:MustSupportRefEncryptedKey />
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust13
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens />
+ <sp:RequireClientEntropy />
+ <sp:RequireServerEntropy />
+ </wsp:Policy>
+ </sp:Trust13>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <wsp:Policy wsu:Id="Transport_Kerberos_policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <wsap10:UsingAddressing/>
+ <sp:TransportBinding
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken>
+ <wsp:Policy>
+ <sp:RequireClientCertificate />
+ </wsp:Policy>
+ </sp:HttpsToken>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:KerberosToken
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Once">
+ <wsp:Policy>
+ <sp:WssGssKerberosV5ApReqToken11/>
+ </wsp:Policy>
+ </sp:KerberosToken>
+ </wsp:Policy>
+ </sp:SupportingTokens>
+ <sp:Wss11
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier />
+ <sp:MustSupportRefIssuerSerial />
+ <sp:MustSupportRefThumbprint />
+ <sp:MustSupportRefEncryptedKey />
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust13
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens />
+ <sp:RequireClientEntropy />
+ <sp:RequireServerEntropy />
+ </wsp:Policy>
+ </sp:Trust13>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <wsp:Policy wsu:Id="Input_policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SignedParts
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body />
+ <sp:Header Name="To"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="From"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="FaultTo"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="ReplyTo"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="MessageID"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="RelatesTo"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="Action"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ </sp:SignedParts>
+ <sp:EncryptedParts
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body />
+ </sp:EncryptedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <wsp:Policy wsu:Id="Output_policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SignedParts
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body />
+ <sp:Header Name="To"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="From"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="FaultTo"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="ReplyTo"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="MessageID"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="RelatesTo"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="Action"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ </sp:SignedParts>
+ <sp:EncryptedParts
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body />
+ </sp:EncryptedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</wsdl:definitions>