You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/10/07 15:47:44 UTC
svn commit: r1529842 - in /cxf/trunk:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/
services/sts/systests/basic/src/test/java/org/apache/cxf/sy...
Author: coheigea
Date: Mon Oct 7 13:47:43 2013
New Revision: 1529842
URL: http://svn.apache.org/r1529842
Log:
Fixed a couple of streaming WS-Security bugs + added some tests
Added:
cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/StaxAsymmetricBindingTest.java
cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/StaxServer.java
cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/StaxBearerTest.java
cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/StaxServer.java
cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/StaxIntermediary.java
cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/StaxSenderVouchesTest.java
cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/StaxServer.java
cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-stax-service.xml
cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/bearer/cxf-stax-service.xml
- copied, changed from r1529201, cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml
cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-intermediary.xml
- copied, changed from r1529201, cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml
cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-service.xml
- copied, changed from r1529201, cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/DoubleItPortTypeImpl.java
cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/Saml2CallbackHandler.java
cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java?rev=1529842&r1=1529841&r2=1529842&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java Mon Oct 7 13:47:43 2013
@@ -67,6 +67,7 @@ public class HttpsTokenInterceptorProvid
public HttpsTokenInterceptorProvider() {
super(Arrays.asList(SP11Constants.TRANSPORT_TOKEN, SP12Constants.TRANSPORT_TOKEN,
+ SP11Constants.ISSUED_TOKEN, SP12Constants.ISSUED_TOKEN,
SP11Constants.HTTPS_TOKEN, SP12Constants.HTTPS_TOKEN));
this.getOutInterceptors().add(new HttpsTokenOutInterceptor());
this.getOutFaultInterceptors().add(new HttpsTokenOutInterceptor());
@@ -181,8 +182,7 @@ public class HttpsTokenInterceptorProvid
NegotiationUtils.getAllAssertionsByLocalname(aim, SPConstants.HTTPS_TOKEN);
boolean requestor = isRequestor(message);
if (ais.isEmpty()) {
- if (!requestor
- && !NegotiationUtils.getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_TOKEN).isEmpty()) {
+ if (!requestor) {
try {
assertNonHttpsTransportToken(message);
} catch (XMLSecurityException e) {
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java?rev=1529842&r1=1529841&r2=1529842&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java Mon Oct 7 13:47:43 2013
@@ -323,6 +323,14 @@ public class StaxAsymmetricBindingHandle
if (encUser != null) {
config.put(ConfigurationConstants.ENCRYPTION_USER, encUser);
}
+
+ //
+ // Using a stored cert is only suitable for the Issued Token case, where
+ // we're extracting the cert from a SAML Assertion on the provider side
+ //
+ if (!isRequestor() && recToken.getToken() instanceof IssuedToken) {
+ config.put(ConfigurationConstants.ENCRYPTION_USER, ConfigurationConstants.USE_REQ_SIG_CERT);
+ }
}
}
Added: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/StaxAsymmetricBindingTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/StaxAsymmetricBindingTest.java?rev=1529842&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/StaxAsymmetricBindingTest.java (added)
+++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/StaxAsymmetricBindingTest.java Mon Oct 7 13:47:43 2013
@@ -0,0 +1,204 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.asymmetric;
+
+import java.net.URL;
+import java.security.cert.X509Certificate;
+
+import javax.xml.namespace.QName;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.Service;
+
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.systest.sts.common.SecurityTestUtil;
+import org.apache.cxf.systest.sts.common.TokenTestUtils;
+import org.apache.cxf.systest.sts.deployment.STSServer;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.trust.STSClient;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.crypto.CryptoType;
+
+import org.example.contract.doubleit.DoubleItPortType;
+import org.junit.BeforeClass;
+
+/**
+ * Test the Asymmetric binding. The CXF client gets a token from the STS by authenticating via a
+ * Username Token over the symmetric binding, and then sends it to the CXF endpoint using
+ * the asymmetric binding.
+ *
+ * It tests both DOM + StAX clients against the StAX server
+ */
+public class StaxAsymmetricBindingTest extends AbstractBusClientServerTestBase {
+
+ static final String STSPORT = allocatePort(STSServer.class);
+ static final String STSPORT2 = allocatePort(STSServer.class, 2);
+
+ private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
+ private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
+
+ private static final String PORT = allocatePort(StaxServer.class);
+
+ private static boolean standalone;
+
+ @BeforeClass
+ public static void startServers() throws Exception {
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(StaxServer.class, true)
+ );
+ String deployment = System.getProperty("sts.deployment");
+ if ("standalone".equals(deployment) || deployment == null) {
+ standalone = true;
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(STSServer.class, true)
+ );
+ }
+ }
+
+ @org.junit.AfterClass
+ public static void cleanup() throws Exception {
+ SecurityTestUtil.cleanup();
+ stopAllServers();
+ }
+
+ @org.junit.Test
+ public void testUsernameTokenSAML1() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = StaxAsymmetricBindingTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = StaxAsymmetricBindingTest.class.getResource("DoubleIt.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSAML1Port");
+ DoubleItPortType asymmetricSaml1Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(asymmetricSaml1Port, PORT);
+ if (standalone) {
+ TokenTestUtils.updateSTSPort((BindingProvider)asymmetricSaml1Port, STSPORT2);
+ }
+
+ // DOM
+ doubleIt(asymmetricSaml1Port, 25);
+
+ // Streaming
+ asymmetricSaml1Port = service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(asymmetricSaml1Port, PORT);
+ if (standalone) {
+ TokenTestUtils.updateSTSPort((BindingProvider)asymmetricSaml1Port, STSPORT2);
+ }
+ SecurityTestUtil.enableStreaming(asymmetricSaml1Port);
+ doubleIt(asymmetricSaml1Port, 25);
+
+ ((java.io.Closeable)asymmetricSaml1Port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
+ public void testUsernameTokenSAML2() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = StaxAsymmetricBindingTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = StaxAsymmetricBindingTest.class.getResource("DoubleIt.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSAML2Port");
+ DoubleItPortType asymmetricSaml2Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(asymmetricSaml2Port, PORT);
+ if (standalone) {
+ TokenTestUtils.updateSTSPort((BindingProvider)asymmetricSaml2Port, STSPORT2);
+ }
+
+ // DOM
+ doubleIt(asymmetricSaml2Port, 30);
+ TokenTestUtils.verifyToken(asymmetricSaml2Port);
+
+ // Streaming
+ asymmetricSaml2Port = service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(asymmetricSaml2Port, PORT);
+ if (standalone) {
+ TokenTestUtils.updateSTSPort((BindingProvider)asymmetricSaml2Port, STSPORT2);
+ }
+ SecurityTestUtil.enableStreaming(asymmetricSaml2Port);
+ doubleIt(asymmetricSaml2Port, 25);
+
+ ((java.io.Closeable)asymmetricSaml2Port).close();
+ bus.shutdown(true);
+ }
+
+ // TODO Encrypted tokens not yet working with StAX
+ @org.junit.Test
+ @org.junit.Ignore
+ public void testUsernameTokenSAML1Encrypted() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = StaxAsymmetricBindingTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = StaxAsymmetricBindingTest.class.getResource("DoubleIt.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSAML1EncryptedPort");
+ DoubleItPortType asymmetricSaml1EncryptedPort =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(asymmetricSaml1EncryptedPort, PORT);
+ if (standalone) {
+ TokenTestUtils.updateSTSPort((BindingProvider)asymmetricSaml1EncryptedPort, STSPORT2);
+ }
+
+ // Set the X509Certificate manually on the STSClient (just to test that we can)
+ BindingProvider bindingProvider = (BindingProvider)asymmetricSaml1EncryptedPort;
+ STSClient stsClient =
+ (STSClient)bindingProvider.getRequestContext().get(SecurityConstants.STS_CLIENT);
+ Crypto crypto = CryptoFactory.getInstance("clientKeystore.properties");
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias("myclientkey");
+ X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
+ stsClient.setUseKeyCertificate(certs[0]);
+
+ doubleIt(asymmetricSaml1EncryptedPort, 40);
+
+ ((java.io.Closeable)asymmetricSaml1EncryptedPort).close();
+ bus.shutdown(true);
+ }
+
+ private static void doubleIt(DoubleItPortType port, int numToDouble) {
+ int resp = port.doubleIt(numToDouble);
+ assertEquals(numToDouble * 2 , resp);
+ }
+}
Added: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/StaxServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/StaxServer.java?rev=1529842&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/StaxServer.java (added)
+++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/StaxServer.java Mon Oct 7 13:47:43 2013
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.asymmetric;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class StaxServer extends AbstractBusTestServerBase {
+
+ public StaxServer() {
+
+ }
+
+ protected void run() {
+ URL busFile = StaxServer.class.getResource("cxf-stax-service.xml");
+ Bus busLocal = new SpringBusFactory().createBus(busFile);
+ BusFactory.setDefaultBus(busLocal);
+ setBus(busLocal);
+
+ try {
+ new StaxServer();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
Added: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/StaxBearerTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/StaxBearerTest.java?rev=1529842&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/StaxBearerTest.java (added)
+++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/StaxBearerTest.java Mon Oct 7 13:47:43 2013
@@ -0,0 +1,273 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.bearer;
+
+import java.net.URL;
+
+import javax.xml.namespace.QName;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.Service;
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.endpoint.Client;
+import org.apache.cxf.endpoint.Endpoint;
+import org.apache.cxf.frontend.ClientProxy;
+import org.apache.cxf.systest.sts.common.SecurityTestUtil;
+import org.apache.cxf.systest.sts.common.TokenTestUtils;
+import org.apache.cxf.systest.sts.deployment.STSServer;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.tokenstore.MemoryTokenStore;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.wss4j.common.saml.SAMLCallback;
+import org.apache.wss4j.common.saml.SAMLUtil;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.dom.WSConstants;
+import org.example.contract.doubleit.DoubleItPortType;
+import org.junit.BeforeClass;
+
+/**
+ * Test the Bearer TokenType over TLS.
+ *
+ * It tests both DOM + StAX clients against the StAX server
+ */
+public class StaxBearerTest extends AbstractBusClientServerTestBase {
+
+ static final String STSPORT = allocatePort(STSServer.class);
+ static final String STSPORT2 = allocatePort(STSServer.class, 2);
+
+ private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
+ private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
+
+ private static final String PORT = allocatePort(StaxServer.class);
+
+ private static boolean standalone;
+
+ @BeforeClass
+ public static void startServers() throws Exception {
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(StaxServer.class, true)
+ );
+ String deployment = System.getProperty("sts.deployment");
+ if ("standalone".equals(deployment) || deployment == null) {
+ standalone = true;
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(STSServer.class, true)
+ );
+ }
+ }
+
+ @org.junit.AfterClass
+ public static void cleanup() throws Exception {
+ SecurityTestUtil.cleanup();
+ stopAllServers();
+ }
+
+ @org.junit.Test
+ public void testSAML2Bearer() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = StaxBearerTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = StaxBearerTest.class.getResource("DoubleIt.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2BearerPort");
+ DoubleItPortType transportSaml2Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(transportSaml2Port, PORT);
+ if (standalone) {
+ TokenTestUtils.updateSTSPort((BindingProvider)transportSaml2Port, STSPORT);
+ }
+
+ // DOM
+ doubleIt(transportSaml2Port, 45);
+
+ // Streaming
+ transportSaml2Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(transportSaml2Port, PORT);
+ if (standalone) {
+ TokenTestUtils.updateSTSPort((BindingProvider)transportSaml2Port, STSPORT);
+ }
+ SecurityTestUtil.enableStreaming(transportSaml2Port);
+ doubleIt(transportSaml2Port, 45);
+
+ ((java.io.Closeable)transportSaml2Port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
+ public void testSAML2UnsignedBearer() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = StaxBearerTest.class.getResource("cxf-unsigned-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = StaxBearerTest.class.getResource("DoubleIt.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2BearerPort");
+ DoubleItPortType transportSaml2Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(transportSaml2Port, PORT);
+ if (standalone) {
+ TokenTestUtils.updateSTSPort((BindingProvider)transportSaml2Port, STSPORT);
+ }
+
+ //
+ // Create a SAML2 Bearer Assertion and add it to the TokenStore so that the
+ // IssuedTokenInterceptorProvider does not invoke on the STS
+ //
+ Client client = ClientProxy.getClient(transportSaml2Port);
+ Endpoint ep = client.getEndpoint();
+ String id = "1234";
+ ep.getEndpointInfo().setProperty(TokenStore.class.getName(), new MemoryTokenStore());
+ ep.getEndpointInfo().setProperty(SecurityConstants.TOKEN_ID, id);
+ TokenStore store = (TokenStore)ep.getEndpointInfo().getProperty(TokenStore.class.getName());
+
+ SAMLCallback samlCallback = new SAMLCallback();
+ SAMLUtil.doSAMLCallback(new Saml2CallbackHandler(), samlCallback);
+ SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+ DocumentBuilder db = dbf.newDocumentBuilder();
+ Element assertionElement = assertion.toDOM(db.newDocument());
+
+ SecurityToken tok = new SecurityToken(id);
+ tok.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
+ tok.setToken(assertionElement);
+ store.add(tok);
+
+ doubleIt(transportSaml2Port, 50);
+
+ ((java.io.Closeable)transportSaml2Port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
+ public void testSAML2UnsignedBearerStreaming() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = StaxBearerTest.class.getResource("cxf-unsigned-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = StaxBearerTest.class.getResource("DoubleIt.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2BearerPort");
+ DoubleItPortType transportSaml2Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(transportSaml2Port, PORT);
+ if (standalone) {
+ TokenTestUtils.updateSTSPort((BindingProvider)transportSaml2Port, STSPORT);
+ }
+ SecurityTestUtil.enableStreaming(transportSaml2Port);
+
+ //
+ // Create a SAML2 Bearer Assertion and add it to the TokenStore so that the
+ // IssuedTokenInterceptorProvider does not invoke on the STS
+ //
+ Client client = ClientProxy.getClient(transportSaml2Port);
+ Endpoint ep = client.getEndpoint();
+ String id = "1234";
+ ep.getEndpointInfo().setProperty(TokenStore.class.getName(), new MemoryTokenStore());
+ ep.getEndpointInfo().setProperty(SecurityConstants.TOKEN_ID, id);
+ TokenStore store = (TokenStore)ep.getEndpointInfo().getProperty(TokenStore.class.getName());
+
+ SAMLCallback samlCallback = new SAMLCallback();
+ SAMLUtil.doSAMLCallback(new Saml2CallbackHandler(), samlCallback);
+ SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+ DocumentBuilder db = dbf.newDocumentBuilder();
+ Element assertionElement = assertion.toDOM(db.newDocument());
+
+ SecurityToken tok = new SecurityToken(id);
+ tok.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
+ tok.setToken(assertionElement);
+ store.add(tok);
+
+ doubleIt(transportSaml2Port, 50);
+
+ ((java.io.Closeable)transportSaml2Port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
+ public void testSAML2BearerNoBinding() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = StaxBearerTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = StaxBearerTest.class.getResource("DoubleIt.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2BearerPort2");
+ DoubleItPortType transportSaml2Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(transportSaml2Port, PORT);
+ if (standalone) {
+ TokenTestUtils.updateSTSPort((BindingProvider)transportSaml2Port, STSPORT);
+ }
+
+ // DOM
+ doubleIt(transportSaml2Port, 45);
+
+ // Streaming
+ transportSaml2Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(transportSaml2Port, PORT);
+ if (standalone) {
+ TokenTestUtils.updateSTSPort((BindingProvider)transportSaml2Port, STSPORT);
+ }
+ SecurityTestUtil.enableStreaming(transportSaml2Port);
+ doubleIt(transportSaml2Port, 45);
+
+ ((java.io.Closeable)transportSaml2Port).close();
+ bus.shutdown(true);
+ }
+
+ private static void doubleIt(DoubleItPortType port, int numToDouble) {
+ int resp = port.doubleIt(numToDouble);
+ assertEquals(numToDouble * 2 , resp);
+ }
+}
Added: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/StaxServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/StaxServer.java?rev=1529842&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/StaxServer.java (added)
+++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/StaxServer.java Mon Oct 7 13:47:43 2013
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.bearer;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class StaxServer extends AbstractBusTestServerBase {
+
+ public StaxServer() {
+
+ }
+
+ protected void run() {
+ URL busFile = StaxServer.class.getResource("cxf-stax-service.xml");
+ Bus busLocal = new SpringBusFactory().createBus(busFile);
+ BusFactory.setDefaultBus(busLocal);
+ setBus(busLocal);
+
+ try {
+ new StaxServer();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
Modified: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/DoubleItPortTypeImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/DoubleItPortTypeImpl.java?rev=1529842&r1=1529841&r2=1529842&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/DoubleItPortTypeImpl.java (original)
+++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/DoubleItPortTypeImpl.java Mon Oct 7 13:47:43 2013
@@ -19,8 +19,6 @@
package org.apache.cxf.systest.sts.sendervouches;
import java.net.URL;
-import java.security.Principal;
-import java.util.List;
import javax.annotation.Resource;
import javax.jws.WebService;
@@ -28,17 +26,9 @@ import javax.xml.namespace.QName;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.Service;
import javax.xml.ws.WebServiceContext;
-import javax.xml.ws.handler.MessageContext;
import org.apache.cxf.feature.Features;
-import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
-import org.apache.wss4j.dom.WSConstants;
-import org.apache.wss4j.dom.WSSecurityEngineResult;
-import org.apache.wss4j.dom.handler.WSHandlerConstants;
-import org.apache.wss4j.dom.handler.WSHandlerResult;
-import org.apache.wss4j.dom.util.WSSecurityUtil;
-
import org.example.contract.doubleit.DoubleItPortType;
@WebService(targetNamespace = "http://www.example.org/contract/DoubleIt",
@@ -53,6 +43,8 @@ public class DoubleItPortTypeImpl extend
@Resource
WebServiceContext wsc;
+ private String port;
+
public int doubleIt(int numberToDouble) {
// Delegate request to a provider
URL wsdl = DoubleItPortTypeImpl.class.getResource("DoubleIt.wsdl");
@@ -61,7 +53,7 @@ public class DoubleItPortTypeImpl extend
DoubleItPortType transportSAML2SupportingPort =
service.getPort(portQName, DoubleItPortType.class);
try {
- updateAddressPort(transportSAML2SupportingPort, SenderVouchesTest.PORT2);
+ updateAddressPort(transportSAML2SupportingPort, getPort());
} catch (Exception ex) {
ex.printStackTrace();
}
@@ -69,20 +61,20 @@ public class DoubleItPortTypeImpl extend
//
// Get the principal from the request context and construct a SAML Assertion
//
- MessageContext context = wsc.getMessageContext();
- final List<WSHandlerResult> handlerResults =
- CastUtils.cast((List<?>)context.get(WSHandlerConstants.RECV_RESULTS));
- WSSecurityEngineResult actionResult =
- WSSecurityUtil.fetchActionResult(handlerResults.get(0).getResults(), WSConstants.UT);
- Principal principal =
- (Principal)actionResult.get(WSSecurityEngineResult.TAG_PRINCIPAL);
-
- Saml2CallbackHandler callbackHandler = new Saml2CallbackHandler(principal);
+ Saml2CallbackHandler callbackHandler = new Saml2CallbackHandler(wsc.getUserPrincipal());
((BindingProvider)transportSAML2SupportingPort).getRequestContext().put(
"ws-security.saml-callback-handler", callbackHandler
);
return transportSAML2SupportingPort.doubleIt(numberToDouble);
}
+
+ public String getPort() {
+ return port;
+ }
+
+ public void setPort(String port) {
+ this.port = port;
+ }
}
Modified: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/Saml2CallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/Saml2CallbackHandler.java?rev=1529842&r1=1529841&r2=1529842&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/Saml2CallbackHandler.java (original)
+++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/Saml2CallbackHandler.java Mon Oct 7 13:47:43 2013
@@ -26,6 +26,9 @@ import javax.security.auth.callback.Call
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SAMLCallback;
import org.apache.wss4j.common.saml.bean.AttributeBean;
import org.apache.wss4j.common.saml.bean.AttributeStatementBean;
@@ -68,7 +71,17 @@ public class Saml2CallbackHandler implem
attributeBean.addAttributeValue("user");
attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
callback.setAttributeStatementData(Collections.singletonList(attrBean));
- callback.setSignAssertion(true);
+
+ try {
+ String file = "serviceKeystore.properties";
+ Crypto crypto = CryptoFactory.getInstance(file);
+ callback.setIssuerCrypto(crypto);
+ callback.setIssuerKeyName("myservicekey");
+ callback.setIssuerKeyPassword("skpass");
+ callback.setSignAssertion(true);
+ } catch (WSSecurityException e) {
+ throw new IOException(e);
+ }
}
}
}
Added: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/StaxIntermediary.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/StaxIntermediary.java?rev=1529842&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/StaxIntermediary.java (added)
+++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/StaxIntermediary.java Mon Oct 7 13:47:43 2013
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.sendervouches;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class StaxIntermediary extends AbstractBusTestServerBase {
+
+ public StaxIntermediary() {
+
+ }
+
+ protected void run() {
+ URL busFile = StaxIntermediary.class.getResource("cxf-stax-intermediary.xml");
+ Bus busLocal = new SpringBusFactory().createBus(busFile);
+ BusFactory.setDefaultBus(busLocal);
+ setBus(busLocal);
+
+ try {
+ new StaxIntermediary();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
Added: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/StaxSenderVouchesTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/StaxSenderVouchesTest.java?rev=1529842&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/StaxSenderVouchesTest.java (added)
+++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/StaxSenderVouchesTest.java Mon Oct 7 13:47:43 2013
@@ -0,0 +1,106 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.sendervouches;
+
+import java.net.URL;
+
+import javax.xml.namespace.QName;
+import javax.xml.ws.Service;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.systest.sts.common.SecurityTestUtil;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.example.contract.doubleit.DoubleItPortType;
+import org.junit.BeforeClass;
+
+/**
+ * In this test case, a CXF client sends a Username Token via (1-way) TLS to a CXF intermediary.
+ * The intermediary validates the UsernameToken, and then inserts the username into a SAML
+ * Assertion which it signs and sends to a provider (via TLS).
+ *
+ * It tests both DOM + StAX clients against the StAX server
+ */
+public class StaxSenderVouchesTest extends AbstractBusClientServerTestBase {
+
+ static final String PORT2 = allocatePort(StaxServer.class, 2);
+
+ private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
+ private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
+
+ private static final String PORT = allocatePort(StaxIntermediary.class);
+
+ @BeforeClass
+ public static void startServers() throws Exception {
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(StaxServer.class, true)
+ );
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(StaxIntermediary.class, true)
+ );
+ }
+
+ @org.junit.AfterClass
+ public static void cleanup() throws Exception {
+ SecurityTestUtil.cleanup();
+ stopAllServers();
+ }
+
+ @org.junit.Test
+ public void testSenderVouches() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = StaxSenderVouchesTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = StaxSenderVouchesTest.class.getResource("DoubleIt.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItTransportUTPort");
+ DoubleItPortType transportUTPort =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(transportUTPort, PORT);
+
+ // DOM
+ doubleIt(transportUTPort, 25);
+
+ // Streaming
+ transportUTPort =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(transportUTPort, PORT);
+ SecurityTestUtil.enableStreaming(transportUTPort);
+ doubleIt(transportUTPort, 45);
+
+ ((java.io.Closeable)transportUTPort).close();
+ bus.shutdown(true);
+ }
+
+ private static void doubleIt(DoubleItPortType port, int numToDouble) {
+ int resp = port.doubleIt(numToDouble);
+ assertEquals(numToDouble * 2 , resp);
+ }
+}
Added: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/StaxServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/StaxServer.java?rev=1529842&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/StaxServer.java (added)
+++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/StaxServer.java Mon Oct 7 13:47:43 2013
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.sendervouches;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class StaxServer extends AbstractBusTestServerBase {
+
+ public StaxServer() {
+
+ }
+
+ protected void run() {
+ URL busFile = StaxServer.class.getResource("cxf-stax-service.xml");
+ Bus busLocal = new SpringBusFactory().createBus(busFile);
+ BusFactory.setDefaultBus(busLocal);
+ setBus(busLocal);
+
+ try {
+ new StaxServer();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
Added: cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-stax-service.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-stax-service.xml?rev=1529842&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-stax-service.xml (added)
+++ cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-stax-service.xml Mon Oct 7 13:47:43 2013
@@ -0,0 +1,96 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+ xmlns:jaxws="http://cxf.apache.org/jaxws"
+ xsi:schemaLocation="
+ http://cxf.apache.org/core
+ http://cxf.apache.org/schemas/core.xsd
+ http://cxf.apache.org/configuration/security
+ http://cxf.apache.org/schemas/configuration/security.xsd
+ http://cxf.apache.org/jaxws
+ http://cxf.apache.org/schemas/jaxws.xsd
+ http://cxf.apache.org/transports/http/configuration
+ http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration
+ http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans.xsd">
+
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+
+ <jaxws:endpoint id="doubleitasymmetricsaml1"
+ implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl"
+ endpointName="s:DoubleItAsymmetricSAML1Port"
+ serviceName="s:DoubleItService"
+ address="http://localhost:${testutil.ports.StaxServer}/doubleit/services/doubleitasymmetricsaml1"
+ wsdlLocation="org/apache/cxf/systest/sts/asymmetric/DoubleIt.wsdl"
+ xmlns:s="http://www.example.org/contract/DoubleIt">
+
+ <jaxws:properties>
+ <entry key="ws-security.signature.username" value="myservicekey"/>
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
+ <entry key="ws-security.is-bsp-compliant" value="false"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+
+ <jaxws:endpoint id="doubleitasymmetricsaml2"
+ implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl"
+ endpointName="s:DoubleItAsymmetricSAML2Port"
+ serviceName="s:DoubleItService"
+ address="http://localhost:${testutil.ports.StaxServer}/doubleit/services/doubleitasymmetricsaml2"
+ wsdlLocation="org/apache/cxf/systest/sts/asymmetric/DoubleIt.wsdl"
+ xmlns:s="http://www.example.org/contract/DoubleIt">
+
+ <jaxws:properties>
+ <entry key="ws-security.signature.username" value="myservicekey"/>
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+
+ <jaxws:endpoint id="doubleitasymmetricsaml1encrypted"
+ implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl"
+ endpointName="s:DoubleItAsymmetricSAML1EncryptedPort"
+ serviceName="s:DoubleItService"
+ address="http://localhost:${testutil.ports.StaxServer}/doubleit/services/doubleitasymmetricsaml1encrypted"
+ wsdlLocation="org/apache/cxf/systest/sts/asymmetric/DoubleIt.wsdl"
+ xmlns:s="http://www.example.org/contract/DoubleIt">
+
+ <jaxws:properties>
+ <entry key="ws-security.signature.username" value="myservicekey"/>
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
+ <entry key="ws-security.is-bsp-compliant" value="false"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+
+</beans>
+
Copied: cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/bearer/cxf-stax-service.xml (from r1529201, cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml)
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/bearer/cxf-stax-service.xml?p2=cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/bearer/cxf-stax-service.xml&p1=cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml&r1=1529201&r2=1529842&rev=1529842&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml (original)
+++ cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/bearer/cxf-stax-service.xml Mon Oct 7 13:47:43 2013
@@ -37,35 +37,53 @@
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd">
- <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
-
- <cxf:bus>
- <cxf:features>
- <cxf:logging/>
- </cxf:features>
- </cxf:bus>
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
- <jaxws:endpoint id="doubleittransportut"
- implementor="org.apache.cxf.systest.sts.sendervouches.DoubleItPortTypeImpl"
- endpointName="s:DoubleItTransportUTPort"
+ <jaxws:endpoint id="doubleittransportsaml2bearer"
+ implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl"
+ endpointName="s:DoubleItTransportSAML2BearerPort"
serviceName="s:DoubleItService"
depends-on="ClientAuthHttpsSettings"
- address="https://localhost:${testutil.ports.Intermediary}/doubleit/services/doubleittransportut"
- wsdlLocation="org/apache/cxf/systest/sts/sendervouches/DoubleIt.wsdl"
+ address="https://localhost:${testutil.ports.StaxServer}/doubleit/services/doubleittransportsaml2bearer"
+ wsdlLocation="org/apache/cxf/systest/sts/bearer/DoubleIt.wsdl"
xmlns:s="http://www.example.org/contract/DoubleIt">
<jaxws:properties>
- <entry key="ws-security.callback-handler"
- value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
+ <entry key="ws-security.is-bsp-compliant" value="false"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+
+ <jaxws:endpoint id="doubleittransportsaml2bearer2"
+ implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl"
+ endpointName="s:DoubleItTransportSAML2BearerPort2"
+ serviceName="s:DoubleItService"
+ depends-on="ClientAuthHttpsSettings"
+ address="https://localhost:${testutil.ports.StaxServer}/doubleit/services/doubleittransportsaml2bearer2"
+ wsdlLocation="org/apache/cxf/systest/sts/bearer/DoubleIt.wsdl"
+ xmlns:s="http://www.example.org/contract/DoubleIt">
+
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
+ <entry key="ws-security.is-bsp-compliant" value="false"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
</jaxws:properties>
</jaxws:endpoint>
<httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf">
- <httpj:engine port="${testutil.ports.Intermediary}">
+ <httpj:engine port="${testutil.ports.StaxServer}">
<httpj:tlsServerParameters>
<sec:keyManagers keyPassword="skpass">
- <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
+ <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
</sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="jks" password="stsspass" resource="stsstore.jks"/>
+ </sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
@@ -74,30 +92,10 @@
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
- <sec:clientAuthentication want="false" required="false"/>
+ <sec:clientAuthentication want="true" required="true"/>
</httpj:tlsServerParameters>
</httpj:engine>
</httpj:engine-factory>
- <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2SupportingPort"
- createdFromAPI="true">
- <jaxws:properties>
- <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
- <entry key="ws-security.signature.username" value="myservicekey"/>
- <entry key="ws-security.callback-handler"
- value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
- </jaxws:properties>
- </jaxws:client>
-
- <http:conduit name="https://localhost.*">
- <http:tlsClientParameters disableCNCheck="true">
- <sec:trustManagers>
- <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
- </sec:trustManagers>
- <sec:keyManagers keyPassword="skpass">
- <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
- </sec:keyManagers>
- </http:tlsClientParameters>
- </http:conduit>
</beans>
Modified: cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml?rev=1529842&r1=1529841&r2=1529842&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml (original)
+++ cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml Mon Oct 7 13:47:43 2013
@@ -45,8 +45,12 @@
</cxf:features>
</cxf:bus>
+ <bean id="doubleItImpl" class="org.apache.cxf.systest.sts.sendervouches.DoubleItPortTypeImpl">
+ <property name="port" value="${testutil.ports.Server.2}" />
+ </bean>
+
<jaxws:endpoint id="doubleittransportut"
- implementor="org.apache.cxf.systest.sts.sendervouches.DoubleItPortTypeImpl"
+ implementor="#doubleItImpl"
endpointName="s:DoubleItTransportUTPort"
serviceName="s:DoubleItService"
depends-on="ClientAuthHttpsSettings"
@@ -79,16 +83,6 @@
</httpj:engine>
</httpj:engine-factory>
- <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2SupportingPort"
- createdFromAPI="true">
- <jaxws:properties>
- <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
- <entry key="ws-security.signature.username" value="myservicekey"/>
- <entry key="ws-security.callback-handler"
- value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
- </jaxws:properties>
- </jaxws:client>
-
<http:conduit name="https://localhost.*">
<http:tlsClientParameters disableCNCheck="true">
<sec:trustManagers>
Copied: cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-intermediary.xml (from r1529201, cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml)
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-intermediary.xml?p2=cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-intermediary.xml&p1=cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml&r1=1529201&r2=1529842&rev=1529842&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml (original)
+++ cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-intermediary.xml Mon Oct 7 13:47:43 2013
@@ -45,23 +45,28 @@
</cxf:features>
</cxf:bus>
+ <bean id="doubleItImpl" class="org.apache.cxf.systest.sts.sendervouches.DoubleItPortTypeImpl">
+ <property name="port" value="${testutil.ports.StaxServer.2}" />
+ </bean>
+
<jaxws:endpoint id="doubleittransportut"
- implementor="org.apache.cxf.systest.sts.sendervouches.DoubleItPortTypeImpl"
+ implementor="#doubleItImpl"
endpointName="s:DoubleItTransportUTPort"
serviceName="s:DoubleItService"
depends-on="ClientAuthHttpsSettings"
- address="https://localhost:${testutil.ports.Intermediary}/doubleit/services/doubleittransportut"
+ address="https://localhost:${testutil.ports.StaxIntermediary}/doubleit/services/doubleittransportut"
wsdlLocation="org/apache/cxf/systest/sts/sendervouches/DoubleIt.wsdl"
xmlns:s="http://www.example.org/contract/DoubleIt">
<jaxws:properties>
<entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
</jaxws:properties>
</jaxws:endpoint>
<httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf">
- <httpj:engine port="${testutil.ports.Intermediary}">
+ <httpj:engine port="${testutil.ports.StaxIntermediary}">
<httpj:tlsServerParameters>
<sec:keyManagers keyPassword="skpass">
<sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
@@ -82,10 +87,7 @@
<jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2SupportingPort"
createdFromAPI="true">
<jaxws:properties>
- <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
- <entry key="ws-security.signature.username" value="myservicekey"/>
- <entry key="ws-security.callback-handler"
- value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
</jaxws:properties>
</jaxws:client>
Copied: cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-service.xml (from r1529201, cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml)
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-service.xml?p2=cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-service.xml&p1=cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml&r1=1529201&r2=1529842&rev=1529842&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml (original)
+++ cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-service.xml Mon Oct 7 13:47:43 2013
@@ -38,66 +38,51 @@
http://www.springframework.org/schema/beans/spring-beans.xsd">
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
-
+
<cxf:bus>
<cxf:features>
<cxf:logging/>
</cxf:features>
</cxf:bus>
- <jaxws:endpoint id="doubleittransportut"
- implementor="org.apache.cxf.systest.sts.sendervouches.DoubleItPortTypeImpl"
- endpointName="s:DoubleItTransportUTPort"
+ <jaxws:endpoint id="doubleittransportsaml2supporting"
+ implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl"
+ endpointName="s:DoubleItTransportSAML2SupportingPort"
serviceName="s:DoubleItService"
depends-on="ClientAuthHttpsSettings"
- address="https://localhost:${testutil.ports.Intermediary}/doubleit/services/doubleittransportut"
+ address="https://localhost:${testutil.ports.StaxServer.2}/doubleit/services/doubleittransportsaml2supporting"
wsdlLocation="org/apache/cxf/systest/sts/sendervouches/DoubleIt.wsdl"
xmlns:s="http://www.example.org/contract/DoubleIt">
<jaxws:properties>
- <entry key="ws-security.callback-handler"
- value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="ws-security.encryption.properties" value="serviceKeystore.properties"/>
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
</jaxws:properties>
</jaxws:endpoint>
<httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf">
- <httpj:engine port="${testutil.ports.Intermediary}">
- <httpj:tlsServerParameters>
- <sec:keyManagers keyPassword="skpass">
- <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
- </sec:keyManagers>
- <sec:cipherSuitesFilter>
- <sec:include>.*_EXPORT_.*</sec:include>
- <sec:include>.*_EXPORT1024_.*</sec:include>
- <sec:include>.*_WITH_DES_.*</sec:include>
- <sec:include>.*_WITH_AES_.*</sec:include>
- <sec:include>.*_WITH_NULL_.*</sec:include>
- <sec:exclude>.*_DH_anon_.*</sec:exclude>
- </sec:cipherSuitesFilter>
- <sec:clientAuthentication want="false" required="false"/>
- </httpj:tlsServerParameters>
- </httpj:engine>
- </httpj:engine-factory>
-
- <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2SupportingPort"
- createdFromAPI="true">
- <jaxws:properties>
- <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
- <entry key="ws-security.signature.username" value="myservicekey"/>
- <entry key="ws-security.callback-handler"
- value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
- </jaxws:properties>
- </jaxws:client>
-
- <http:conduit name="https://localhost.*">
- <http:tlsClientParameters disableCNCheck="true">
+ <httpj:engine port="${testutil.ports.StaxServer.2}">
+ <httpj:tlsServerParameters>
<sec:trustManagers>
- <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
+ <sec:keyStore type="jks" password="stsspass" resource="stsstore.jks"/>
</sec:trustManagers>
- <sec:keyManagers keyPassword="skpass">
- <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
+ <sec:keyManagers keyPassword="stskpass">
+ <sec:keyStore type="jks" password="stsspass" resource="stsstore.jks"/>
</sec:keyManagers>
- </http:tlsClientParameters>
- </http:conduit>
+ <sec:cipherSuitesFilter>
+ <sec:include>.*_EXPORT_.*</sec:include>
+ <sec:include>.*_EXPORT1024_.*</sec:include>
+ <sec:include>.*_WITH_DES_.*</sec:include>
+ <sec:include>.*_WITH_AES_.*</sec:include>
+ <sec:include>.*_WITH_NULL_.*</sec:include>
+ <sec:exclude>.*_DH_anon_.*</sec:exclude>
+ </sec:cipherSuitesFilter>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpj:tlsServerParameters>
+ </httpj:engine>
+ </httpj:engine-factory>
+
</beans>