You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/10/15 12:16:55 UTC

svn commit: r1532274 - in /cxf/branches/2.7.x-fixes: rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/ systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/ systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x5...

Author: coheigea
Date: Tue Oct 15 10:16:55 2013
New Revision: 1532274

URL: http://svn.apache.org/r1532274
Log:
[CXF-5335] - Incorrect handle of ws-policy 1.1 (Incorrect inclusion value: null)


Conflicts:
	systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java
	systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
	systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
	systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client/client.xml
	systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml
	systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server.xml

Modified:
    cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP11Constants.java
    cxf/branches/2.7.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
    cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
    cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client/client.xml
    cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml

Modified: cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP11Constants.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP11Constants.java?rev=1532274&r1=1532273&r2=1532274&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP11Constants.java (original)
+++ cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP11Constants.java Tue Oct 15 10:16:55 2013
@@ -43,6 +43,9 @@ public final class SP11Constants extends
 
     public static final String INCLUDE_ALWAYS_TO_RECIPIENT = SP11Constants.SP_NS
         + SPConstants.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT_SUFFIX;
+    
+    public static final String INCLUDE_ALWAYS_TO_INITIATOR = SP11Constants.SP_NS
+        + SPConstants.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR_SUFFIX;
 
     public static final String INCLUDE_ALWAYS = SP11Constants.SP_NS
         + SPConstants.INCLUDE_TOKEN_ALWAYS_SUFFIX;
@@ -301,6 +304,8 @@ public final class SP11Constants extends
             return IncludeTokenType.INCLUDE_TOKEN_ALWAYS;
         } else if (INCLUDE_ALWAYS_TO_RECIPIENT.equals(value)) {
             return IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT;
+        } else if (INCLUDE_ALWAYS_TO_INITIATOR.equals(value)) {
+            return IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR;
         } else if (INCLUDE_NEVER.equals(value)) {
             return IncludeTokenType.INCLUDE_TOKEN_NEVER;
         } else if (INCLUDE_ONCE.equals(value)) {
@@ -316,6 +321,8 @@ public final class SP11Constants extends
             return SP11Constants.INCLUDE_ALWAYS;
         case INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT:
             return SP11Constants.INCLUDE_ALWAYS_TO_RECIPIENT;
+        case INCLUDE_TOKEN_ALWAYS_TO_INITIATOR:
+            return SP11Constants.INCLUDE_ALWAYS_TO_INITIATOR;
         case INCLUDE_TOKEN_NEVER:
             return SP11Constants.INCLUDE_NEVER;
         case INCLUDE_TOKEN_ONCE:

Modified: cxf/branches/2.7.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java?rev=1532274&r1=1532273&r2=1532274&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java (original)
+++ cxf/branches/2.7.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java Tue Oct 15 10:16:55 2013
@@ -230,6 +230,30 @@ public class X509TokenTest extends Abstr
         DoubleItPortType x509Port = 
                 service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(x509Port, PORT);
+
+        x509Port.doubleIt(25);
+        
+        ((java.io.Closeable)x509Port).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
+    public void testAsymmetricSP11() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = X509TokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSP11Port");
+        DoubleItPortType x509Port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(x509Port, PORT);
+        
         x509Port.doubleIt(25);
         
         ((java.io.Closeable)x509Port).close();

Modified: cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl?rev=1532274&r1=1532273&r2=1532274&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl (original)
+++ cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl Tue Oct 15 10:16:55 2013
@@ -125,6 +125,25 @@
             </wsdl:fault>
         </wsdl:operation>
     </wsdl:binding>
+    <wsdl:binding name="DoubleItAsymmetricSP11Binding" type="tns:DoubleItPortType">
+        <wsp:PolicyReference URI="#DoubleItAsymmetricSP11Policy" />
+        <soap:binding style="document"
+            transport="http://schemas.xmlsoap.org/soap/http" />
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction="" />
+            <wsdl:input>
+                <soap:body use="literal" />
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal" />
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+            </wsdl:output>
+            <wsdl:fault name="DoubleItFault">
+                <soap:body use="literal" name="DoubleItFault" />
+            </wsdl:fault>
+        </wsdl:operation>
+    </wsdl:binding>
     <wsdl:binding name="DoubleItAsymmetricSHA256Binding" type="tns:DoubleItPortType">
         <wsp:PolicyReference URI="#DoubleItAsymmetricSHA256Policy" />
         <soap:binding style="document"
@@ -441,6 +460,10 @@
                    binding="tns:DoubleItAsymmetricIssuerSerialBinding">
             <soap:address location="http://localhost:9001/DoubleItX509Asymmetric" />
         </wsdl:port>
+        <wsdl:port name="DoubleItAsymmetricSP11Port" 
+                   binding="tns:DoubleItAsymmetricSP11Binding">
+            <soap:address location="http://localhost:9001/DoubleItX509AsymmetricSP11" />
+        </wsdl:port>
         <wsdl:port name="DoubleItAsymmetricSHA256Port" 
                    binding="tns:DoubleItAsymmetricSHA256Binding">
             <soap:address location="http://localhost:9001/DoubleItX509AsymmetricSHA256" />
@@ -676,6 +699,51 @@
       </wsp:ExactlyOne>
     </wsp:Policy>
     
+    <wsp:Policy wsu:Id="DoubleItAsymmetricSP11Policy">
+      <wsp:ExactlyOne>
+         <wsp:All>
+            <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+               <wsp:Policy>
+                  <sp:InitiatorToken>
+                     <wsp:Policy>
+                        <sp:X509Token
+                           sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+                           <wsp:Policy>
+                              <sp:WssX509V3Token10 />
+                              <sp:RequireIssuerSerialReference />
+                           </wsp:Policy>
+                        </sp:X509Token>
+                     </wsp:Policy>
+                  </sp:InitiatorToken>
+                  <sp:RecipientToken>
+                     <wsp:Policy>
+                        <sp:X509Token
+                           sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToInitiator">
+                           <wsp:Policy>
+                              <sp:WssX509V3Token10 />
+                              <sp:RequireIssuerSerialReference />
+                           </wsp:Policy>
+                        </sp:X509Token>
+                     </wsp:Policy>
+                  </sp:RecipientToken>
+                  <sp:Layout>
+                     <wsp:Policy>
+                        <sp:Lax/>
+                     </wsp:Policy>
+                  </sp:Layout>
+                  <sp:IncludeTimestamp/>
+                  <sp:OnlySignEntireHeadersAndBody/>
+                  <sp:AlgorithmSuite>
+                     <wsp:Policy>
+                        <sp:Basic128/>
+                     </wsp:Policy>
+                  </sp:AlgorithmSuite>
+               </wsp:Policy>
+            </sp:AsymmetricBinding>
+         </wsp:All>
+      </wsp:ExactlyOne>
+    </wsp:Policy>
+    
     <wsp:Policy wsu:Id="DoubleItAsymmetricSHA256Policy">
       <wsp:ExactlyOne>
          <wsp:All>

Modified: cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client/client.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client/client.xml?rev=1532274&r1=1532273&r2=1532274&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client/client.xml (original)
+++ cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client/client.xml Tue Oct 15 10:16:55 2013
@@ -87,7 +87,21 @@
     <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItAsymmetricIssuerSerialPort" 
                   createdFromAPI="true">
        <jaxws:properties>
-           <entry key="ws-security.encryption.properties" 
+           <entry key="ws-security.encryption.properties"
+                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+           <entry key="ws-security.encryption.username" value="bob"/>
+           <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/> 
+           <entry key="ws-security.signature.username" value="alice"/>
+           <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+       </jaxws:properties>
+    </jaxws:client>
+    
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItAsymmetricSP11Port" 
+                  createdFromAPI="true">
+       <jaxws:properties>
+           <entry key="ws-security.encryption.properties"
                   value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
            <entry key="ws-security.encryption.username" value="bob"/>
            <entry key="ws-security.signature.properties" 

Modified: cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml?rev=1532274&r1=1532273&r2=1532274&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml (original)
+++ cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml Tue Oct 15 10:16:55 2013
@@ -187,6 +187,27 @@
     </jaxws:endpoint> 
     
     <jaxws:endpoint 
+       id="AsymmetricSP11"
+       address="http://localhost:${testutil.ports.Server}/DoubleItX509AsymmetricSP11" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItAsymmetricSP11Port"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl">
+        
+       <jaxws:properties>
+          <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+          <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+          <entry key="ws-security.encryption.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/> 
+          <entry key="ws-security.encryption.username" value="alice"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
        id="AsymmetricSHA256"
        address="http://localhost:${testutil.ports.Server}/DoubleItX509AsymmetricSHA256" 
        serviceName="s:DoubleItService"