You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/07/02 17:22:26 UTC
svn commit: r1498972 - in /cxf/trunk:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/
systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/ sys...
Author: coheigea
Date: Tue Jul 2 15:22:25 2013
New Revision: 1498972
URL: http://svn.apache.org/r1498972
Log:
More streaming tests + various bug fixes
Added:
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/StaxWSSecurity10Test.java
- copied, changed from r1498971, cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10Test.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/StaxServer.java
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server/stax-server.xml
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server/stax-server_restricted.xml
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10Test.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java?rev=1498972&r1=1498971&r2=1498972&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java Tue Jul 2 15:22:25 2013
@@ -227,6 +227,11 @@ public class WSS4JStaxOutInterceptor ext
if (sigCrypto != null) {
config.put(ConfigurationConstants.SIG_PROP_REF_ID, "RefId-" + sigCrypto.hashCode());
config.put("RefId-" + sigCrypto.hashCode(), sigCrypto);
+ if (sigUser == null && sigCrypto.getDefaultX509Identifier() != null) {
+ // Fall back to default identifier
+ config.put(ConfigurationConstants.SIGNATURE_USER,
+ sigCrypto.getDefaultX509Identifier());
+ }
}
Crypto encCrypto =
@@ -238,6 +243,11 @@ public class WSS4JStaxOutInterceptor ext
if (encCrypto != null) {
config.put(ConfigurationConstants.ENC_PROP_REF_ID, "RefId-" + encCrypto.hashCode());
config.put("RefId-" + encCrypto.hashCode(), encCrypto);
+ if (encUser == null && encCrypto.getDefaultX509Identifier() != null) {
+ // Fall back to default identifier
+ config.put(ConfigurationConstants.ENCRYPTION_USER,
+ encCrypto.getDefaultX509Identifier());
+ }
}
}
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java?rev=1498972&r1=1498971&r2=1498972&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java Tue Jul 2 15:22:25 2013
@@ -90,6 +90,7 @@ import org.apache.xml.security.stax.secu
public abstract class AbstractStaxBindingHandler {
private static final Logger LOG = LogUtils.getL7dLogger(AbstractStaxBindingHandler.class);
protected boolean timestampAdded;
+ protected boolean signatureConfirmationAdded;
protected Set<SecurePart> encryptedTokensList = new HashSet<SecurePart>();
protected Map<AbstractToken, SecurePart> endEncSuppTokMap;
@@ -848,6 +849,7 @@ public abstract class AbstractStaxBindin
new SecurePart(WSSConstants.TAG_wsse11_SignatureConfirmation, Modifier.Element);
sigParts.add(securePart);
}
+ signatureConfirmationAdded = true;
}
/**
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java?rev=1498972&r1=1498971&r2=1498972&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java Tue Jul 2 15:22:25 2013
@@ -150,6 +150,11 @@ public class StaxAsymmetricBindingHandle
SecurePart part =
new SecurePart(new QName(WSSConstants.NS_DSIG, "Signature"), Modifier.Element);
enc.add(part);
+ if (signatureConfirmationAdded) {
+ SecurePart securePart =
+ new SecurePart(WSSConstants.TAG_wsse11_SignatureConfirmation, Modifier.Element);
+ enc.add(securePart);
+ }
}
//Do encryption
@@ -257,6 +262,11 @@ public class StaxAsymmetricBindingHandle
SecurePart part =
new SecurePart(new QName(WSSConstants.NS_DSIG, "Signature"), Modifier.Element);
encrParts.add(part);
+ if (signatureConfirmationAdded) {
+ SecurePart securePart =
+ new SecurePart(WSSConstants.TAG_wsse11_SignatureConfirmation, Modifier.Element);
+ encrParts.add(securePart);
+ }
}
doEncryption(wrapper, encrParts, true);
Copied: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/StaxWSSecurity10Test.java (from r1498971, cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10Test.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/StaxWSSecurity10Test.java?p2=cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/StaxWSSecurity10Test.java&p1=cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10Test.java&r1=1498971&r2=1498972&rev=1498972&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10Test.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/StaxWSSecurity10Test.java Tue Jul 2 15:22:25 2013
@@ -24,6 +24,7 @@ import java.net.MalformedURLException;
import java.net.URL;
import javax.xml.namespace.QName;
+import javax.xml.ws.BindingProvider;
import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
@@ -31,10 +32,11 @@ import org.apache.cxf.bus.spring.SpringB
import org.apache.cxf.endpoint.Client;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.systest.ws.common.SecurityTestUtil;
-import org.apache.cxf.systest.ws.wssec10.server.Server;
+import org.apache.cxf.systest.ws.wssec10.server.StaxServer;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.apache.cxf.transport.http.HTTPConduit;
import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
+import org.apache.cxf.ws.security.SecurityConstants;
import org.junit.BeforeClass;
import org.junit.Test;
@@ -43,11 +45,11 @@ import wssec.wssec10.PingService;
/**
- *
+ * It tests both DOM + StAX clients against the StAX server
*/
-public class WSSecurity10Test extends AbstractBusClientServerTestBase {
- static final String PORT = allocatePort(Server.class);
- static final String SSL_PORT = allocatePort(Server.class, 1);
+public class StaxWSSecurity10Test extends AbstractBusClientServerTestBase {
+ static final String PORT = allocatePort(StaxServer.class);
+ static final String SSL_PORT = allocatePort(StaxServer.class, 1);
private static final String INPUT = "foo";
private static boolean unrestrictedPoliciesInstalled;
@@ -63,7 +65,7 @@ public class WSSecurity10Test extends Ab
"Server failed to launch",
// run the server in the same process
// set this to false to fork
- launchServer(Server.class, true)
+ launchServer(StaxServer.class, true)
);
}
@@ -74,7 +76,7 @@ public class WSSecurity10Test extends Ab
}
@Test
- public void testClientServer() {
+ public void testClientServerDOM() {
String[] argv = new String[] {
"UserName",
@@ -115,7 +117,65 @@ public class WSSecurity10Test extends Ab
httpClientPolicy.setReceiveTimeout(0);
http.setClient(httpClientPolicy);
- final String output = port.echo(INPUT);
+ String output = port.echo(INPUT);
+ assertEquals(INPUT, output);
+
+ cl.destroy();
+ }
+
+ bus.shutdown(true);
+ }
+
+ @Test
+ public void testClientServerStreaming() {
+
+ String[] argv = new String[] {
+ // TODO - See WSS-458 "UserName",
+ "UserNameOverTransport",
+ "MutualCertificate10SignEncrypt",
+ "MutualCertificate10SignEncryptRsa15TripleDes"
+ };
+ //argv = new String[] {argv[1]};
+ Bus bus = null;
+ if (unrestrictedPoliciesInstalled) {
+ bus = new SpringBusFactory().createBus("org/apache/cxf/systest/ws/wssec10/client/client.xml");
+ } else {
+ bus = new SpringBusFactory().createBus(
+ "org/apache/cxf/systest/ws/wssec10/client/client_restricted.xml");
+ }
+ BusFactory.setDefaultBus(bus);
+ BusFactory.setThreadDefaultBus(bus);
+ URL wsdlLocation = null;
+ for (String portPrefix : argv) {
+ PingService svc = null;
+ wsdlLocation = getWsdlLocation(portPrefix);
+ svc = new PingService(wsdlLocation);
+ final IPingService port =
+ svc.getPort(
+ new QName(
+ "http://WSSec/wssec10",
+ portPrefix + "_IPingService"
+ ),
+ IPingService.class
+ );
+
+ // Streaming
+ ((BindingProvider)port).getRequestContext().put(
+ SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
+ );
+ ((BindingProvider)port).getResponseContext().put(
+ SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
+ );
+ Client cl = ClientProxy.getClient(port);
+
+ HTTPConduit http = (HTTPConduit) cl.getConduit();
+
+ HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
+ httpClientPolicy.setConnectionTimeout(0);
+ httpClientPolicy.setReceiveTimeout(0);
+
+ http.setClient(httpClientPolicy);
+ String output = port.echo(INPUT);
assertEquals(INPUT, output);
cl.destroy();
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10Test.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10Test.java?rev=1498972&r1=1498971&r2=1498972&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10Test.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10Test.java Tue Jul 2 15:22:25 2013
@@ -24,6 +24,7 @@ import java.net.MalformedURLException;
import java.net.URL;
import javax.xml.namespace.QName;
+import javax.xml.ws.BindingProvider;
import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
@@ -35,6 +36,7 @@ import org.apache.cxf.systest.ws.wssec10
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.apache.cxf.transport.http.HTTPConduit;
import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
+import org.apache.cxf.ws.security.SecurityConstants;
import org.junit.BeforeClass;
import org.junit.Test;
@@ -43,7 +45,7 @@ import wssec.wssec10.PingService;
/**
- *
+ * It tests both DOM + StAX clients against the DOM server
*/
public class WSSecurity10Test extends AbstractBusClientServerTestBase {
static final String PORT = allocatePort(Server.class);
@@ -74,7 +76,7 @@ public class WSSecurity10Test extends Ab
}
@Test
- public void testClientServer() {
+ public void testClientServerDOM() {
String[] argv = new String[] {
"UserName",
@@ -115,7 +117,65 @@ public class WSSecurity10Test extends Ab
httpClientPolicy.setReceiveTimeout(0);
http.setClient(httpClientPolicy);
- final String output = port.echo(INPUT);
+ String output = port.echo(INPUT);
+ assertEquals(INPUT, output);
+
+ cl.destroy();
+ }
+
+ bus.shutdown(true);
+ }
+
+ @Test
+ public void testClientServerStreaming() {
+
+ String[] argv = new String[] {
+ // TODO - See WSS-458 "UserName",
+ "UserNameOverTransport",
+ "MutualCertificate10SignEncrypt",
+ "MutualCertificate10SignEncryptRsa15TripleDes"
+ };
+ //argv = new String[] {argv[1]};
+ Bus bus = null;
+ if (unrestrictedPoliciesInstalled) {
+ bus = new SpringBusFactory().createBus("org/apache/cxf/systest/ws/wssec10/client/client.xml");
+ } else {
+ bus = new SpringBusFactory().createBus(
+ "org/apache/cxf/systest/ws/wssec10/client/client_restricted.xml");
+ }
+ BusFactory.setDefaultBus(bus);
+ BusFactory.setThreadDefaultBus(bus);
+ URL wsdlLocation = null;
+ for (String portPrefix : argv) {
+ PingService svc = null;
+ wsdlLocation = getWsdlLocation(portPrefix);
+ svc = new PingService(wsdlLocation);
+ final IPingService port =
+ svc.getPort(
+ new QName(
+ "http://WSSec/wssec10",
+ portPrefix + "_IPingService"
+ ),
+ IPingService.class
+ );
+
+ // Streaming
+ ((BindingProvider)port).getRequestContext().put(
+ SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
+ );
+ ((BindingProvider)port).getResponseContext().put(
+ SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
+ );
+ Client cl = ClientProxy.getClient(port);
+
+ HTTPConduit http = (HTTPConduit) cl.getConduit();
+
+ HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
+ httpClientPolicy.setConnectionTimeout(0);
+ httpClientPolicy.setReceiveTimeout(0);
+
+ http.setClient(httpClientPolicy);
+ String output = port.echo(INPUT);
assertEquals(INPUT, output);
cl.destroy();
Added: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/StaxServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/StaxServer.java?rev=1498972&view=auto
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/StaxServer.java (added)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/StaxServer.java Tue Jul 2 15:22:25 2013
@@ -0,0 +1,54 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.ws.wssec10.server;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.systest.ws.common.SecurityTestUtil;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class StaxServer extends AbstractBusTestServerBase {
+ static final String PORT = allocatePort(StaxServer.class);
+ static final String SSL_PORT = allocatePort(StaxServer.class, 1);
+
+ private static boolean unrestrictedPoliciesInstalled;
+ private static String configFileName;
+
+ static {
+ unrestrictedPoliciesInstalled = SecurityTestUtil.checkUnrestrictedPoliciesInstalled();
+ if (unrestrictedPoliciesInstalled) {
+ configFileName = "org/apache/cxf/systest/ws/wssec10/server/stax-server.xml";
+ } else {
+ configFileName = "org/apache/cxf/systest/ws/wssec10/server/stax-server_restricted.xml";
+ }
+ };
+
+ public StaxServer() throws Exception {
+
+ }
+
+ protected void run() {
+ Bus busLocal = new SpringBusFactory().createBus(configFileName);
+ BusFactory.setDefaultBus(busLocal);
+ setBus(busLocal);
+ }
+
+}
+
Added: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server/stax-server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server/stax-server.xml?rev=1498972&view=auto
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server/stax-server.xml (added)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server/stax-server.xml Tue Jul 2 15:22:25 2013
@@ -0,0 +1,157 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:jaxws="http://cxf.apache.org/jaxws"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:security="http://schemas.iona.com/soa/security-config"
+ xmlns:interop="http://WSSec/wssec10"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:p="http://cxf.apache.org/policy"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd
+ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd
+ http://schemas.iona.com/soa/security-config http://schemas.iona.com/soa/security-config.xsd
+ ">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+
+ <cxf:bus>
+ <cxf:features>
+ <p:policies/>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+
+ <!-- -->
+ <!-- Any services listening on port 9001 must use the following -->
+ <!-- Transport Layer Security (TLS) settings -->
+ <!-- -->
+ <httpj:engine-factory id="tls-settings">
+ <httpj:engine port="${testutil.ports.StaxServer.1}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="jks" password="password" resource="org/apache/cxf/systest/ws/wssec10/certs/bob.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="jks" password="password" resource="org/apache/cxf/systest/ws/wssec10/certs/alice.jks"/>
+ </sec:trustManagers>
+
+ <sec:cipherSuitesFilter>
+ <sec:include>.*_EXPORT_.*</sec:include>
+ <sec:include>.*_EXPORT1024_.*</sec:include>
+ <sec:include>.*_WITH_DES_.*</sec:include>
+ <sec:include>.*_WITH_AES_.*</sec:include>
+ <sec:include>.*_WITH_NULL_.*</sec:include>
+ <sec:exclude>.*_DH_anon_.*</sec:exclude>
+ </sec:cipherSuitesFilter>
+ <!--
+ <sec:clientAuthentication want="true" required="true"/>
+ -->
+ </httpj:tlsServerParameters>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+ <!-- -->
+ <!-- Scenario 3.1 -->
+ <!-- -->
+ <jaxws:endpoint
+ id="UserNameOverTransport"
+ address="https://localhost:${testutil.ports.StaxServer.1}/UserNameOverTransport"
+ serviceName="interop:PingService"
+ endpointName="interop:UserNameOverTransport_IPingService"
+ implementor="org.apache.cxf.systest.ws.wssec10.server.UserNameOverTransport"
+ depends-on="tls-settings">
+
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice"/>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.wssec10.server.UTPasswordCallback"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+
+ </jaxws:endpoint>
+ <jaxws:endpoint
+ id="UserName"
+ address="http://localhost:${testutil.ports.StaxServer}/UserName"
+ serviceName="interop:PingService"
+ endpointName="interop:UserName_IPingService"
+ implementor="org.apache.cxf.systest.ws.wssec10.server.UserNameOverTransport">
+
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice"/>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.wssec10.server.UTPasswordCallback"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+
+ </jaxws:endpoint>
+
+ <!-- -->
+ <!-- Scenario 3.3 -->
+ <!-- -->
+ <jaxws:endpoint
+ name="{http://WSSec/wssec10}MutualCertificate10SignEncrypt_IPingService"
+ id="MutualCertificate10SignEncrypt"
+ address="http://localhost:${testutil.ports.StaxServer}/MutualCertificate10SignEncrypt"
+ serviceName="interop:PingService"
+ endpointName="interop:MutualCertificate10SignEncrypt_IPingService"
+ implementor="org.apache.cxf.systest.ws.wssec10.server.MutualCertificate10SignEncrypt">
+
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice"/>
+ <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/ws/wssec10/server/bob.properties"/>
+ <entry key="ws-security.encryption.username" value="useReqSigCert"/>
+ <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.wssec10.server.KeystorePasswordCallback"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+
+ </jaxws:endpoint>
+
+
+ <!-- -->
+ <!-- Scenario 3.4 -->
+ <!-- -->
+ <jaxws:endpoint
+ name="{http://WSSec/wssec10}MutualCertificate10SignEncryptRsa15TripleDes_IPingService"
+ id="MutualCertificate10SignEncryptRsa15TripleDes"
+ address="http://localhost:${testutil.ports.StaxServer}/MutualCertificate10SignEncryptRsa15TripleDes"
+ serviceName="interop:PingService"
+ endpointName="interop:MutualCertificate10SignEncryptRsa15TripleDes_IPingService"
+ implementor="org.apache.cxf.systest.ws.wssec10.server.MutualCertificate10SignEncryptRsa15TripleDes">
+
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice"/>
+ <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/ws/wssec10/server/bob.properties"/>
+ <entry key="ws-security.encryption.username" value="useReqSigCert"/>
+ <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.wssec10.server.KeystorePasswordCallback"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+
+ </jaxws:endpoint>
+
+
+</beans>
Added: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server/stax-server_restricted.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server/stax-server_restricted.xml?rev=1498972&view=auto
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server/stax-server_restricted.xml (added)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server/stax-server_restricted.xml Tue Jul 2 15:22:25 2013
@@ -0,0 +1,158 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:jaxws="http://cxf.apache.org/jaxws"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:security="http://schemas.iona.com/soa/security-config"
+ xmlns:interop="http://WSSec/wssec10"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:p="http://cxf.apache.org/policy"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd
+ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd
+ http://schemas.iona.com/soa/security-config http://schemas.iona.com/soa/security-config.xsd
+ ">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+
+ <cxf:bus>
+ <cxf:features>
+ <p:policies/>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+
+ <!-- -->
+ <!-- Any services listening on port 9001 must use the following -->
+ <!-- Transport Layer Security (TLS) settings -->
+ <!-- -->
+ <httpj:engine-factory id="tls-settings">
+ <httpj:engine port="${testutil.ports.StaxServer.1}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="jks" password="password" resource="org/apache/cxf/systest/ws/wssec10/certs/restricted/bob.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="jks" password="password" resource="org/apache/cxf/systest/ws/wssec10/certs/restricted/alice.jks"/>
+ </sec:trustManagers>
+
+ <sec:cipherSuitesFilter>
+ <sec:include>.*_EXPORT_.*</sec:include>
+ <sec:include>.*_EXPORT1024_.*</sec:include>
+ <sec:include>.*_WITH_DES_.*</sec:include>
+ <sec:include>.*_WITH_AES_.*</sec:include>
+ <sec:include>.*_WITH_NULL_.*</sec:include>
+ <sec:exclude>.*_DH_anon_.*</sec:exclude>
+ </sec:cipherSuitesFilter>
+ <!--
+ <sec:clientAuthentication want="true" required="true"/>
+ -->
+ </httpj:tlsServerParameters>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+ <!-- -->
+ <!-- Scenario 3.1 -->
+ <!-- -->
+ <jaxws:endpoint
+ id="UserNameOverTransport"
+ address="https://localhost:${testutil.ports.StaxServer.1}/UserNameOverTransport"
+ serviceName="interop:PingService"
+ endpointName="interop:UserNameOverTransport_IPingService"
+ implementor="org.apache.cxf.systest.ws.wssec10.server.UserNameOverTransportRestricted"
+ depends-on="tls-settings">
+
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice"/>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.wssec10.server.UTPasswordCallback"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+
+ </jaxws:endpoint>
+ <jaxws:endpoint
+ id="UserName"
+ address="http://localhost:${testutil.ports.StaxServer}/UserName"
+ serviceName="interop:PingService"
+ endpointName="interop:UserName_IPingService"
+ implementor="org.apache.cxf.systest.ws.wssec10.server.UserNameOverTransportRestricted">
+
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice"/>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.wssec10.server.UTPasswordCallback"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+
+ </jaxws:endpoint>
+
+
+ <!-- -->
+ <!-- Scenario 3.3 -->
+ <!-- -->
+ <jaxws:endpoint
+ name="{http://WSSec/wssec10}MutualCertificate10SignEncrypt_IPingService"
+ id="MutualCertificate10SignEncrypt"
+ address="http://localhost:${testutil.ports.StaxServer}/MutualCertificate10SignEncrypt"
+ serviceName="interop:PingService"
+ endpointName="interop:MutualCertificate10SignEncrypt_IPingService"
+ implementor="org.apache.cxf.systest.ws.wssec10.server.MutualCertificate10SignEncryptRestricted">
+
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice"/>
+ <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/ws/wssec10/server/bob.properties"/>
+ <entry key="ws-security.encryption.username" value="useReqSigCert"/>
+ <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.wssec10.server.KeystorePasswordCallback"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+
+ </jaxws:endpoint>
+
+
+ <!-- -->
+ <!-- Scenario 3.4 -->
+ <!-- -->
+ <jaxws:endpoint
+ name="{http://WSSec/wssec10}MutualCertificate10SignEncryptRsa15TripleDes_IPingService"
+ id="MutualCertificate10SignEncryptRsa15TripleDes"
+ address="http://localhost:${testutil.ports.StaxServer}/MutualCertificate10SignEncryptRsa15TripleDes"
+ serviceName="interop:PingService"
+ endpointName="interop:MutualCertificate10SignEncryptRsa15TripleDes_IPingService"
+ implementor="org.apache.cxf.systest.ws.wssec10.server.MutualCertificate10SignEncryptRsa15TripleDesRestricted">
+
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice"/>
+ <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/ws/wssec10/server/bob.properties"/>
+ <entry key="ws-security.encryption.username" value="useReqSigCert"/>
+ <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.wssec10.server.KeystorePasswordCallback"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+
+ </jaxws:endpoint>
+
+
+</beans>