You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/07/05 19:14:41 UTC
svn commit: r1500072 - in /cxf/trunk:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/
systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/
systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsu...
Author: coheigea
Date: Fri Jul 5 17:14:41 2013
New Revision: 1500072
URL: http://svn.apache.org/r1500072
Log:
Fixed a bug with TLS policies + added more streaming WS-Security system tests
Added:
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/StaxAlgorithmSuiteTest.java
- copied, changed from r1500029, cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/server/StaxServer.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/StaxHttpsTokenTest.java
- copied, changed from r1500029, cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/server/StaxServer.java
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/server/stax-server.xml
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/server/stax-server.xml
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/AlgorithmSuiteTest.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/DefaultCryptoCoverageCheckerTest.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java?rev=1500072&r1=1500071&r2=1500072&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java Fri Jul 5 17:14:41 2013
@@ -283,7 +283,7 @@ public class HttpsTokenInterceptorProvid
new HttpsSecurityTokenImpl((X509Certificate)tlsInfo.getPeerCertificates()[0]);
httpsSecurityToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_MainSignature);
httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
- } else {
+ } else if (httpsTokenSecurityEvent.getAuthenticationType() == null) {
httpsTokenSecurityEvent.setAuthenticationType(
HttpsTokenSecurityEvent.AuthenticationType.HttpsNoAuthentication
);
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/AlgorithmSuiteTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/AlgorithmSuiteTest.java?rev=1500072&r1=1500071&r2=1500072&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/AlgorithmSuiteTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/AlgorithmSuiteTest.java Fri Jul 5 17:14:41 2013
@@ -36,7 +36,8 @@ import org.junit.BeforeClass;
/**
* This is a test for AlgorithmSuites. Essentially it checks that a service endpoint will
- * reject a client request that uses a different AlgorithmSuite.
+ * reject a client request that uses a different AlgorithmSuite. It tests both DOM + StAX
+ * clients against the DOM server.
*/
public class AlgorithmSuiteTest extends AbstractBusClientServerTestBase {
static final String PORT = allocatePort(Server.class);
@@ -79,6 +80,11 @@ public class AlgorithmSuiteTest extends
updateAddressPort(port, PORT);
// This should succeed as the client + server policies match
+ // DOM
+ port.doubleIt(25);
+
+ // Streaming
+ SecurityTestUtil.enableStreaming(port);
port.doubleIt(25);
portQName = new QName(NAMESPACE, "DoubleItSymmetric128Port2");
@@ -87,12 +93,23 @@ public class AlgorithmSuiteTest extends
// This should fail as the client uses Basic128Rsa15 + the server uses Basic128
try {
+ // DOM
+ port.doubleIt(25);
+ fail("Failure expected on Rsa15 AlgorithmSuite");
+ } catch (Exception ex) {
+ // expected
+ }
+
+ try {
+ // Streaming
+ SecurityTestUtil.enableStreaming(port);
port.doubleIt(25);
fail("Failure expected on Rsa15 AlgorithmSuite");
} catch (Exception ex) {
// expected
}
+
// This should fail as the client uses Basic256 + the server uses Basic128
if (SecurityTestUtil.checkUnrestrictedPoliciesInstalled()) {
portQName = new QName(NAMESPACE, "DoubleItSymmetric128Port3");
@@ -101,6 +118,16 @@ public class AlgorithmSuiteTest extends
// This should fail as the client uses Basic128Rsa15 + the server uses Basic128
try {
+ // DOM
+ port.doubleIt(25);
+ fail("Failure expected on Basic256 AlgorithmSuite");
+ } catch (Exception ex) {
+ // expected
+ }
+
+ try {
+ // Streaming
+ SecurityTestUtil.enableStreaming(port);
port.doubleIt(25);
fail("Failure expected on Basic256 AlgorithmSuite");
} catch (Exception ex) {
@@ -134,6 +161,11 @@ public class AlgorithmSuiteTest extends
DoubleItPortType port = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(port, PORT);
+ // DOM
+ port.doubleIt(25);
+
+ // Streaming
+ SecurityTestUtil.enableStreaming(port);
port.doubleIt(25);
bus.shutdown(true);
Copied: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/StaxAlgorithmSuiteTest.java (from r1500029, cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/StaxAlgorithmSuiteTest.java?p2=cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/StaxAlgorithmSuiteTest.java&p1=cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java&r1=1500029&r2=1500072&rev=1500072&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/StaxAlgorithmSuiteTest.java Fri Jul 5 17:14:41 2013
@@ -17,7 +17,7 @@
* under the License.
*/
-package org.apache.cxf.systest.ws.https;
+package org.apache.cxf.systest.ws.algsuite;
import java.net.URL;
@@ -26,17 +26,21 @@ import javax.xml.ws.Service;
import org.apache.cxf.Bus;
import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.systest.ws.algsuite.server.StaxServer;
import org.apache.cxf.systest.ws.common.SecurityTestUtil;
-import org.apache.cxf.systest.ws.https.server.Server;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+
import org.example.contract.doubleit.DoubleItPortType;
+
import org.junit.BeforeClass;
/**
- * A set of tests for the HttpsToken policy
+ * This is a test for AlgorithmSuites. Essentially it checks that a service endpoint will
+ * reject a client request that uses a different AlgorithmSuite. It tests both DOM + StAX
+ * clients against the StAX server.
*/
-public class HttpsTokenTest extends AbstractBusClientServerTestBase {
- static final String PORT = allocatePort(Server.class);
+public class StaxAlgorithmSuiteTest extends AbstractBusClientServerTestBase {
+ static final String PORT = allocatePort(StaxServer.class);
private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
@@ -47,7 +51,7 @@ public class HttpsTokenTest extends Abst
"Server failed to launch",
// run the server in the same process
// set this to false to fork
- launchServer(Server.class, true)
+ launchServer(StaxServer.class, true)
);
}
@@ -56,75 +60,82 @@ public class HttpsTokenTest extends Abst
SecurityTestUtil.cleanup();
stopAllServers();
}
-
+
@org.junit.Test
- public void testRequireClientCert() throws Exception {
+ public void testSecurityPolicy() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
- URL busFile = HttpsTokenTest.class.getResource("client/client.xml");
+ URL busFile = StaxAlgorithmSuiteTest.class.getResource("client/client.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
- URL wsdl = HttpsTokenTest.class.getResource("DoubleItHttps.wsdl");
+ URL wsdl = StaxAlgorithmSuiteTest.class.getResource("DoubleItAlgSuite.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
- QName portQName = new QName(NAMESPACE, "DoubleItRequireClientCertPort");
+ QName portQName = new QName(NAMESPACE, "DoubleItSymmetric128Port");
+
DoubleItPortType port =
service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(port, PORT);
+ // This should succeed as the client + server policies match
+ // DOM
+ port.doubleIt(25);
+
+ // Streaming
+ SecurityTestUtil.enableStreaming(port);
port.doubleIt(25);
- // This should fail, as the client does not use a client cert
- portQName = new QName(NAMESPACE, "DoubleItRequireClientCertPort2");
+ portQName = new QName(NAMESPACE, "DoubleItSymmetric128Port2");
port = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(port, PORT);
+ // This should fail as the client uses Basic128Rsa15 + the server uses Basic128
try {
+ // DOM
port.doubleIt(25);
- fail("Failure expected on not using a client cert");
- } catch (javax.xml.ws.soap.SOAPFaultException ex) {
- String error = "HttpsToken";
- assertTrue(ex.getMessage().contains(error));
+ fail("Failure expected on Rsa15 AlgorithmSuite");
+ } catch (Exception ex) {
+ // expected
}
- ((java.io.Closeable)port).close();
- bus.shutdown(true);
- }
-
- @org.junit.Test
- public void testBasicAuth() throws Exception {
-
- SpringBusFactory bf = new SpringBusFactory();
- URL busFile = HttpsTokenTest.class.getResource("client/client.xml");
-
- Bus bus = bf.createBus(busFile.toString());
- SpringBusFactory.setDefaultBus(bus);
- SpringBusFactory.setThreadDefaultBus(bus);
-
- URL wsdl = HttpsTokenTest.class.getResource("DoubleItHttps.wsdl");
- Service service = Service.create(wsdl, SERVICE_QNAME);
- QName portQName = new QName(NAMESPACE, "DoubleItBasicAuthPort");
- DoubleItPortType port =
- service.getPort(portQName, DoubleItPortType.class);
- updateAddressPort(port, PORT);
-
- port.doubleIt(25);
-
- // This should fail, as the client does not send a UsernamePassword
- portQName = new QName(NAMESPACE, "DoubleItBasicAuthPort2");
- port = service.getPort(portQName, DoubleItPortType.class);
- updateAddressPort(port, PORT);
-
try {
+ // Streaming
+ SecurityTestUtil.enableStreaming(port);
port.doubleIt(25);
- fail("Failure expected on not sending a UsernamePassword");
- } catch (javax.xml.ws.soap.SOAPFaultException ex) {
- String error = "HttpsToken";
- assertTrue(ex.getMessage().contains(error));
+ fail("Failure expected on Rsa15 AlgorithmSuite");
+ } catch (Exception ex) {
+ // expected
}
+
+ // This should fail as the client uses Basic256 + the server uses Basic128
+ if (SecurityTestUtil.checkUnrestrictedPoliciesInstalled()) {
+ portQName = new QName(NAMESPACE, "DoubleItSymmetric128Port3");
+ port = service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(port, PORT);
+
+ // This should fail as the client uses Basic128Rsa15 + the server uses Basic128
+ try {
+ // DOM
+ port.doubleIt(25);
+ fail("Failure expected on Basic256 AlgorithmSuite");
+ } catch (Exception ex) {
+ // expected
+ }
+
+ try {
+ // Streaming
+ SecurityTestUtil.enableStreaming(port);
+ port.doubleIt(25);
+ fail("Failure expected on Basic256 AlgorithmSuite");
+ } catch (Exception ex) {
+ // expected
+ }
+ }
+
+ bus.shutdown(true);
}
-}
+}
\ No newline at end of file
Added: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/server/StaxServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/server/StaxServer.java?rev=1500072&view=auto
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/server/StaxServer.java (added)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/server/StaxServer.java Fri Jul 5 17:14:41 2013
@@ -0,0 +1,47 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.ws.algsuite.server;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class StaxServer extends AbstractBusTestServerBase {
+
+ public StaxServer() {
+
+ }
+
+ protected void run() {
+ URL busFile = StaxServer.class.getResource("stax-server.xml");
+ Bus busLocal = new SpringBusFactory().createBus(busFile);
+ BusFactory.setDefaultBus(busLocal);
+ setBus(busLocal);
+
+ try {
+ new StaxServer();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/DefaultCryptoCoverageCheckerTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/DefaultCryptoCoverageCheckerTest.java?rev=1500072&r1=1500071&r2=1500072&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/DefaultCryptoCoverageCheckerTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/DefaultCryptoCoverageCheckerTest.java Fri Jul 5 17:14:41 2013
@@ -36,7 +36,8 @@ import org.example.contract.doubleit.Dou
import org.junit.BeforeClass;
/**
- * A set of tests for the DefaultCryptoCoverageChecker.
+ * A set of tests for the DefaultCryptoCoverageChecker. It tests both DOM + StAX
+ * clients against the DOM server.
*/
public class DefaultCryptoCoverageCheckerTest extends AbstractBusClientServerTestBase {
public static final String PORT = allocatePort(Server.class);
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java?rev=1500072&r1=1500071&r2=1500072&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java Fri Jul 5 17:14:41 2013
@@ -33,7 +33,8 @@ import org.example.contract.doubleit.Dou
import org.junit.BeforeClass;
/**
- * A set of tests for the HttpsToken policy
+ * A set of tests for the HttpsToken policy. It tests both DOM + StAX clients against the
+ * DOM server.
*/
public class HttpsTokenTest extends AbstractBusClientServerTestBase {
static final String PORT = allocatePort(Server.class);
@@ -74,6 +75,11 @@ public class HttpsTokenTest extends Abst
service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(port, PORT);
+ // DOM
+ port.doubleIt(25);
+
+ // Streaming
+ SecurityTestUtil.enableStreaming(port);
port.doubleIt(25);
// This should fail, as the client does not use a client cert
@@ -82,6 +88,7 @@ public class HttpsTokenTest extends Abst
updateAddressPort(port, PORT);
try {
+ // DOM
port.doubleIt(25);
fail("Failure expected on not using a client cert");
} catch (javax.xml.ws.soap.SOAPFaultException ex) {
@@ -89,6 +96,15 @@ public class HttpsTokenTest extends Abst
assertTrue(ex.getMessage().contains(error));
}
+ try {
+ // Streaming
+ SecurityTestUtil.enableStreaming(port);
+ port.doubleIt(25);
+ fail("Failure expected on not using a client cert");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // expected
+ }
+
((java.io.Closeable)port).close();
bus.shutdown(true);
}
@@ -110,14 +126,20 @@ public class HttpsTokenTest extends Abst
service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(port, PORT);
+ // DOM
port.doubleIt(25);
+ // Streaming
+ SecurityTestUtil.enableStreaming(port);
+ port.doubleIt(25);
+
// This should fail, as the client does not send a UsernamePassword
portQName = new QName(NAMESPACE, "DoubleItBasicAuthPort2");
port = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(port, PORT);
try {
+ // DOM
port.doubleIt(25);
fail("Failure expected on not sending a UsernamePassword");
} catch (javax.xml.ws.soap.SOAPFaultException ex) {
@@ -125,6 +147,15 @@ public class HttpsTokenTest extends Abst
assertTrue(ex.getMessage().contains(error));
}
+ try {
+ // Streaming
+ SecurityTestUtil.enableStreaming(port);
+ port.doubleIt(25);
+ fail("Failure expected on not sending a UsernamePassword");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // expected
+ }
+
}
}
Copied: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/StaxHttpsTokenTest.java (from r1500029, cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/StaxHttpsTokenTest.java?p2=cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/StaxHttpsTokenTest.java&p1=cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java&r1=1500029&r2=1500072&rev=1500072&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/StaxHttpsTokenTest.java Fri Jul 5 17:14:41 2013
@@ -27,16 +27,17 @@ import javax.xml.ws.Service;
import org.apache.cxf.Bus;
import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.systest.ws.common.SecurityTestUtil;
-import org.apache.cxf.systest.ws.https.server.Server;
+import org.apache.cxf.systest.ws.https.server.StaxServer;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.example.contract.doubleit.DoubleItPortType;
import org.junit.BeforeClass;
/**
- * A set of tests for the HttpsToken policy
+ * A set of tests for the HttpsToken policy. It tests both DOM + StAX clients against the
+ * StAX server.
*/
-public class HttpsTokenTest extends AbstractBusClientServerTestBase {
- static final String PORT = allocatePort(Server.class);
+public class StaxHttpsTokenTest extends AbstractBusClientServerTestBase {
+ static final String PORT = allocatePort(StaxServer.class);
private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
@@ -47,7 +48,7 @@ public class HttpsTokenTest extends Abst
"Server failed to launch",
// run the server in the same process
// set this to false to fork
- launchServer(Server.class, true)
+ launchServer(StaxServer.class, true)
);
}
@@ -61,19 +62,24 @@ public class HttpsTokenTest extends Abst
public void testRequireClientCert() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
- URL busFile = HttpsTokenTest.class.getResource("client/client.xml");
+ URL busFile = StaxHttpsTokenTest.class.getResource("client/client.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
- URL wsdl = HttpsTokenTest.class.getResource("DoubleItHttps.wsdl");
+ URL wsdl = StaxHttpsTokenTest.class.getResource("DoubleItHttps.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItRequireClientCertPort");
DoubleItPortType port =
service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(port, PORT);
+ // DOM
+ port.doubleIt(25);
+
+ // Streaming
+ SecurityTestUtil.enableStreaming(port);
port.doubleIt(25);
// This should fail, as the client does not use a client cert
@@ -82,11 +88,20 @@ public class HttpsTokenTest extends Abst
updateAddressPort(port, PORT);
try {
+ // DOM
+ port.doubleIt(25);
+ fail("Failure expected on not using a client cert");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // expected
+ }
+
+ try {
+ // Streaming
+ SecurityTestUtil.enableStreaming(port);
port.doubleIt(25);
fail("Failure expected on not using a client cert");
} catch (javax.xml.ws.soap.SOAPFaultException ex) {
- String error = "HttpsToken";
- assertTrue(ex.getMessage().contains(error));
+ // expected
}
((java.io.Closeable)port).close();
@@ -97,32 +112,46 @@ public class HttpsTokenTest extends Abst
public void testBasicAuth() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
- URL busFile = HttpsTokenTest.class.getResource("client/client.xml");
+ URL busFile = StaxHttpsTokenTest.class.getResource("client/client.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
- URL wsdl = HttpsTokenTest.class.getResource("DoubleItHttps.wsdl");
+ URL wsdl = StaxHttpsTokenTest.class.getResource("DoubleItHttps.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItBasicAuthPort");
DoubleItPortType port =
service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(port, PORT);
+ // DOM
port.doubleIt(25);
+ // Streaming
+ SecurityTestUtil.enableStreaming(port);
+ port.doubleIt(25);
+
// This should fail, as the client does not send a UsernamePassword
portQName = new QName(NAMESPACE, "DoubleItBasicAuthPort2");
port = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(port, PORT);
try {
+ // DOM
+ port.doubleIt(25);
+ fail("Failure expected on not sending a UsernamePassword");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // expected
+ }
+
+ try {
+ // Streaming
+ SecurityTestUtil.enableStreaming(port);
port.doubleIt(25);
fail("Failure expected on not sending a UsernamePassword");
} catch (javax.xml.ws.soap.SOAPFaultException ex) {
- String error = "HttpsToken";
- assertTrue(ex.getMessage().contains(error));
+ // expected
}
}
Added: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/server/StaxServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/server/StaxServer.java?rev=1500072&view=auto
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/server/StaxServer.java (added)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/server/StaxServer.java Fri Jul 5 17:14:41 2013
@@ -0,0 +1,47 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.ws.https.server;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class StaxServer extends AbstractBusTestServerBase {
+
+ public StaxServer() {
+
+ }
+
+ protected void run() {
+ URL busFile = StaxServer.class.getResource("stax-server.xml");
+ Bus busLocal = new SpringBusFactory().createBus(busFile);
+ BusFactory.setDefaultBus(busLocal);
+ setBus(busLocal);
+
+ try {
+ new StaxServer();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
Added: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/server/stax-server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/server/stax-server.xml?rev=1500072&view=auto
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/server/stax-server.xml (added)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/server/stax-server.xml Fri Jul 5 17:14:41 2013
@@ -0,0 +1,162 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:jaxws="http://cxf.apache.org/jaxws"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:p="http://cxf.apache.org/policy"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd
+ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd
+ http://www.w3.org/ns/ws-policy http://www.w3.org/2007/02/ws-policy.xsd
+ ">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+
+ <cxf:bus>
+ <cxf:features>
+ <p:policies/>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+
+ <jaxws:endpoint id="Symmetric128Endpoint"
+ address="http://localhost:${testutil.ports.StaxServer}/DoubleItSymmetric128"
+ serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetric128Port"
+ xmlns:s="http://www.example.org/contract/DoubleIt"
+ implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+ wsdlLocation="org/apache/cxf/systest/ws/algsuite/DoubleItAlgSuite.wsdl">
+
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+ <entry key="ws-security.signature.properties"
+ value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+ <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ URI="#DoubleItSymmetric128Policy" />
+ </p:policies>
+ </jaxws:features>
+
+ </jaxws:endpoint>
+
+ <jaxws:endpoint id="Symmetric128Endpoint2"
+ address="http://localhost:${testutil.ports.StaxServer}/DoubleItSymmetric128no2"
+ serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetric128Port2"
+ xmlns:s="http://www.example.org/contract/DoubleIt"
+ implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+ wsdlLocation="org/apache/cxf/systest/ws/algsuite/DoubleItAlgSuite.wsdl">
+
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+ <entry key="ws-security.signature.properties"
+ value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+ <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ URI="#DoubleItSymmetric128Policy" />
+ </p:policies>
+ </jaxws:features>
+
+ </jaxws:endpoint>
+
+ <jaxws:endpoint id="Symmetric128Endpoint3"
+ address="http://localhost:${testutil.ports.StaxServer}/DoubleItSymmetric128no3"
+ serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetric128Port3"
+ xmlns:s="http://www.example.org/contract/DoubleIt"
+ implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+ wsdlLocation="org/apache/cxf/systest/ws/algsuite/DoubleItAlgSuite.wsdl">
+
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+ <entry key="ws-security.signature.properties"
+ value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+ <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ URI="#DoubleItSymmetric128Policy" />
+ </p:policies>
+ </jaxws:features>
+
+ </jaxws:endpoint>
+
+ <wsp:Policy wsu:Id="DoubleItSymmetric128Policy"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10 />
+ <sp:RequireKeyIdentifierReference />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EncryptedParts>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SignedParts>
+ <sp:Body/>
+ </sp:SignedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</beans>
Added: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/server/stax-server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/server/stax-server.xml?rev=1500072&view=auto
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/server/stax-server.xml (added)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/server/stax-server.xml Fri Jul 5 17:14:41 2013
@@ -0,0 +1,161 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:jaxws="http://cxf.apache.org/jaxws"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:p="http://cxf.apache.org/policy"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd
+ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd
+ ">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+
+ <cxf:bus>
+ <cxf:features>
+ <p:policies/>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+
+ <!-- -->
+ <!-- Any services listening on port 9009 must use the following -->
+ <!-- Transport Layer Security (TLS) settings -->
+ <!-- -->
+ <httpj:engine-factory id="tls-settings">
+ <httpj:engine port="${testutil.ports.StaxServer}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="jks" password="password" resource="org/apache/cxf/systest/ws/security/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="jks" password="password" resource="org/apache/cxf/systest/ws/security/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:cipherSuitesFilter>
+ <sec:include>.*_EXPORT_.*</sec:include>
+ <sec:include>.*_EXPORT1024_.*</sec:include>
+ <sec:include>.*_WITH_DES_.*</sec:include>
+ <sec:include>.*_WITH_AES_.*</sec:include>
+ <sec:include>.*_WITH_NULL_.*</sec:include>
+ <sec:exclude>.*_DH_anon_.*</sec:exclude>
+ </sec:cipherSuitesFilter>
+ <sec:clientAuthentication want="true" required="false"/>
+ </httpj:tlsServerParameters>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+ <jaxws:endpoint
+ id="RequireClientCert"
+ address="https://localhost:${testutil.ports.StaxServer}/DoubleItRequireClientCert"
+ serviceName="s:DoubleItService"
+ endpointName="s:DoubleItRequireClientCertPort"
+ xmlns:s="http://www.example.org/contract/DoubleIt"
+ implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+ wsdlLocation="org/apache/cxf/systest/ws/https/DoubleItHttps.wsdl"
+ depends-on="tls-settings">
+
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ URI="classpath:/org/apache/cxf/systest/ws/https/req-client-cert-policy.xml" />
+ </p:policies>
+ </jaxws:features>
+ <jaxws:properties>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+
+ </jaxws:endpoint>
+
+ <jaxws:endpoint
+ id="RequireClientCert2"
+ address="https://localhost:${testutil.ports.StaxServer}/DoubleItRequireClientCert2"
+ serviceName="s:DoubleItService"
+ endpointName="s:DoubleItRequireClientCertPort2"
+ xmlns:s="http://www.example.org/contract/DoubleIt"
+ implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+ wsdlLocation="org/apache/cxf/systest/ws/https/DoubleItHttps.wsdl"
+ depends-on="tls-settings">
+
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ URI="classpath:/org/apache/cxf/systest/ws/https/req-client-cert-policy.xml" />
+ </p:policies>
+ </jaxws:features>
+ <jaxws:properties>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+
+ </jaxws:endpoint>
+
+ <jaxws:endpoint
+ id="BasicAuth"
+ address="https://localhost:${testutil.ports.StaxServer}/DoubleItBasicAuth"
+ serviceName="s:DoubleItService"
+ endpointName="s:DoubleItBasicAuthPort"
+ xmlns:s="http://www.example.org/contract/DoubleIt"
+ implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+ wsdlLocation="org/apache/cxf/systest/ws/https/DoubleItHttps.wsdl"
+ depends-on="tls-settings">
+
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ URI="classpath:/org/apache/cxf/systest/ws/https/basic-auth-policy.xml" />
+ </p:policies>
+ </jaxws:features>
+ <jaxws:properties>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+
+ </jaxws:endpoint>
+
+ <jaxws:endpoint
+ id="BasicAuth2"
+ address="https://localhost:${testutil.ports.StaxServer}/DoubleItBasicAuth2"
+ serviceName="s:DoubleItService"
+ endpointName="s:DoubleItBasicAuthPort2"
+ xmlns:s="http://www.example.org/contract/DoubleIt"
+ implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+ wsdlLocation="org/apache/cxf/systest/ws/https/DoubleItHttps.wsdl"
+ depends-on="tls-settings">
+
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ URI="classpath:/org/apache/cxf/systest/ws/https/basic-auth-policy.xml" />
+ </p:policies>
+ </jaxws:features>
+ <jaxws:properties>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+
+ </jaxws:endpoint>
+
+
+</beans>