You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by ni...@apache.org on 2007/05/25 08:44:32 UTC
svn commit: r541568 [3/4] - in /incubator/cxf/trunk:
api/src/main/java/org/apache/cxf/configuration/jsse/
common/schemas/src/main/resources/schemas/configuration/
distribution/src/main/release/samples/hello_world_https/
distribution/src/main/release/sa...
Modified: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java (original)
+++ incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java Thu May 24 23:44:27 2007
@@ -37,13 +37,16 @@
import java.util.logging.Level;
import java.util.logging.Logger;
+import javax.annotation.Resource;
import javax.xml.namespace.QName;
import org.apache.cxf.Bus;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.Base64Utility;
import org.apache.cxf.configuration.Configurable;
+import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
+import org.apache.cxf.configuration.security.ProxyAuthorizationPolicy;
import org.apache.cxf.configuration.security.SSLClientPolicy;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.helpers.HttpHeaderHelper;
@@ -218,13 +221,20 @@
* configured proxy. This field is injected via spring configuration based
* on the conduit name.
*/
- private AuthorizationPolicy proxyAuthorizationPolicy;
+ private ProxyAuthorizationPolicy proxyAuthorizationPolicy;
/**
* This field holds the configuration TLS configuration which is
* "injected" by spring based on the conduit name.
*/
+ @Deprecated
private SSLClientPolicy sslClientSidePolicy;
+
+ /**
+ * This field holds the configuration TLS configuration which
+ * is programmatically configured.
+ */
+ private TLSClientParameters tlsClientParameters;
/**
* This field contains the MessageTrustDecider.
@@ -338,18 +348,20 @@
new AuthorizationPolicy(), AuthorizationPolicy.class);
}
- // This doesn't work well for proxyAuthorization because of the
- // sameness of the class.
- // TODO: Fix proxyAuthorization
if (this.proxyAuthorizationPolicy == null) {
proxyAuthorizationPolicy = endpointInfo.getTraversedExtensor(
- new AuthorizationPolicy(), AuthorizationPolicy.class);
+ new ProxyAuthorizationPolicy(), ProxyAuthorizationPolicy.class);
}
+ // TODO: remove once old SSL configuration is gone
if (this.sslClientSidePolicy == null) {
sslClientSidePolicy = endpointInfo.getTraversedExtensor(
null, SSLClientPolicy.class);
}
+ if (this.tlsClientParameters == null) {
+ tlsClientParameters = endpointInfo.getTraversedExtensor(
+ null, TLSClientParameters.class);
+ }
if (this.trustDecider == null) {
trustDecider = endpointInfo.getTraversedExtensor(
null, MessageTrustDecider.class);
@@ -1090,6 +1102,7 @@
* Using this method will override any Authorization Policy set in
* configuration.
*/
+ @Resource
public void setAuthorization(AuthorizationPolicy authorization) {
this.authorizationPolicy = authorization;
}
@@ -1110,24 +1123,28 @@
* This method sets the Client Side Policy for this HTTPConduit. Using this
* method will override any HTTPClientPolicy set in configuration.
*/
+ @Resource
public void setClient(HTTPClientPolicy client) {
this.clientSidePolicy = client;
}
/**
- * This method retrieves the Authorization Policy for a proxy that is
+ * This method retrieves the Proxy Authorization Policy for a proxy that is
* set/configured for this HTTPConduit.
*/
- public AuthorizationPolicy getProxyAuthorization() {
+ public ProxyAuthorizationPolicy getProxyAuthorization() {
return proxyAuthorizationPolicy;
}
/**
- * This method sets the Authorization Policy for a specified proxy.
+ * This method sets the Proxy Authorization Policy for a specified proxy.
* Using this method overrides any Authorization Policy for the proxy
* that is set in the configuration.
*/
- public void setProxyAuthorization(AuthorizationPolicy proxyAuthorization) {
+ @Resource
+ public void setProxyAuthorization(
+ ProxyAuthorizationPolicy proxyAuthorization
+ ) {
this.proxyAuthorizationPolicy = proxyAuthorization;
}
@@ -1135,6 +1152,7 @@
* This method returns the SSL Client Side Policy that is set/configured
* for this HTTPConduit.
*/
+ @Deprecated
public SSLClientPolicy getSslClient() {
return sslClientSidePolicy;
}
@@ -1144,7 +1162,11 @@
* Using this method overrides any SSL Client Side Policy that is configured
* for this HTTPConduit.
*/
+ @Deprecated
+ @Resource
public void setSslClient(SSLClientPolicy sslClientPolicy) {
+ LOG.info("The setSslClient method is deprecated. Please use setTlsClientParameters.");
+
this.sslClientSidePolicy = sslClientPolicy;
// If this is called after the HTTPTransportFactory called
// finalizeConfig, we need to update the connection factory.
@@ -1154,6 +1176,29 @@
}
/**
+ * This method returns the TLS Client Parameters that is set/configured
+ * for this HTTPConduit.
+ */
+ public TLSClientParameters getTlsClientParameters() {
+ return tlsClientParameters;
+ }
+
+ /**
+ * This method sets the TLS Client Parameters for this HTTPConduit.
+ * Using this method overrides any TLS Client Parameters that is configured
+ * for this HTTPConduit.
+ */
+ @Resource
+ public void setTlsClientParameters(TLSClientParameters params) {
+ this.tlsClientParameters = params;
+ // If this is called after the HTTPTransportFactory called
+ // finalizeConfig, we need to update the connection factory.
+ if (configFinalized) {
+ retrieveConnectionFactory();
+ }
+ }
+
+ /**
* This method gets the Trust Decider that was set/configured for this
* HTTPConduit.
* @return The Message Trust Decider or null.
@@ -1167,6 +1212,7 @@
* Using this method overrides any trust decider configured for this
* HTTPConduit.
*/
+ @Resource
public void setTrustDecider(MessageTrustDecider decider) {
this.trustDecider = decider;
}
@@ -1185,6 +1231,7 @@
* Using this method overrides any trust decider configured for this
* HTTPConduit.
*/
+ @Resource
public void setBasicAuthSupplier(HttpBasicAuthSupplier supplier) {
this.basicAuthSupplier = supplier;
}
Modified: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java (original)
+++ incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java Thu May 24 23:44:27 2007
@@ -18,6 +18,9 @@
*/
package org.apache.cxf.transport.http.spring;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.Unmarshaller;
import javax.xml.namespace.QName;
import org.w3c.dom.Element;
@@ -25,6 +28,9 @@
import org.w3c.dom.NodeList;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
+import org.apache.cxf.configuration.jsse.TLSClientParameters;
+import org.apache.cxf.configuration.jsse.spring.TLSClientParametersConfig;
+import org.apache.cxf.configuration.security.TLSClientParametersType;
import org.apache.cxf.configuration.spring.AbstractBeanDefinitionParser;
import org.apache.cxf.transport.http.HTTPConduit;
import org.apache.cxf.transport.http.HttpBasicAuthSupplier;
@@ -46,6 +52,8 @@
new QName(HTTP_NS, "proxyAuthorization"), "proxyAuthorization");
mapElementToJaxbProperty(element, bean,
new QName(HTTP_NS, "authorization"), "authorization");
+
+ // DEPRECATED: This element is deprecated in favor of tlsClientParameters
mapElementToJaxbProperty(element, bean,
new QName(HTTP_NS, "sslClient"), "sslClient");
@@ -70,18 +78,50 @@
if (n.getNodeType() == Node.ELEMENT_NODE
&& n.getLocalName().equals("trustDecider")
&& n.getNamespaceURI().equals(HTTP_NS)) {
- mapElement((Element)n, bean, MessageTrustDecider.class);
+
+ mapBeanOrClassElement((Element)n, bean, MessageTrustDecider.class);
}
if (n.getNodeType() == Node.ELEMENT_NODE
&& n.getLocalName().equals("basicAuthSupplier")
&& n.getNamespaceURI().equals(HTTP_NS)) {
- mapElement((Element)n, bean, HttpBasicAuthSupplier.class);
+
+ mapBeanOrClassElement((Element)n, bean, HttpBasicAuthSupplier.class);
+ }
+ if (n.getNodeType() == Node.ELEMENT_NODE
+ && n.getLocalName().equals("tlsClientParameters")
+ && n.getNamespaceURI().equals(HTTP_NS)) {
+
+ mapTLSClientParameters(n, bean);
}
}
}
/**
+ * Inject the "setTlsClientParameters" method with
+ * a TLSClientParametersConfig object initialized with the JAXB
+ * generated type unmarshalled from the selected node.
+ */
+ public void mapTLSClientParameters(Node n, BeanDefinitionBuilder bean) {
+
+ // Unmarshal the JAXB Generated Type from Config and inject
+ // the configured TLSClientParameters into the HTTPConduit.
+ JAXBContext context = null;
+ try {
+ context = JAXBContext.newInstance(getJaxbPackage(),
+ getClass().getClassLoader());
+ Unmarshaller u = context.createUnmarshaller();
+ JAXBElement<TLSClientParametersType> jaxb =
+ u.unmarshal(n, TLSClientParametersType.class);
+ TLSClientParameters params =
+ new TLSClientParametersConfig(jaxb.getValue());
+ bean.addPropertyValue("tlsClientParameters", params);
+ } catch (Exception e) {
+ throw new RuntimeException("Could not process configuration.", e);
+ }
+ }
+
+ /**
* This method finds the class or bean associated with the named element
* and sets the bean property that is associated with the same name as
* the element.
@@ -93,7 +133,7 @@
* @param bean The Bean Definition Parser.
* @param elementClass The Class a bean or class is supposed to be.
*/
- protected void mapElement(
+ protected void mapBeanOrClassElement(
Element element,
BeanDefinitionBuilder bean,
Class elementClass
@@ -131,7 +171,6 @@
}
String beanref = element.getAttribute("bean");
if (beanref != null && !beanref.equals("")) {
- System.out.print("Bean property is " + beanref);
if (classProperty != null && !classProperty.equals("")) {
throw new IllegalArgumentException(
"Element '" + elementName + "' cannot have both "
Modified: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpDestinationBeanDefinitionParser.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpDestinationBeanDefinitionParser.java?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpDestinationBeanDefinitionParser.java (original)
+++ incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpDestinationBeanDefinitionParser.java Thu May 24 23:44:27 2007
@@ -18,10 +18,18 @@
*/
package org.apache.cxf.transport.http.spring;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.Unmarshaller;
import javax.xml.namespace.QName;
import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.apache.cxf.configuration.jsse.TLSServerParameters;
+import org.apache.cxf.configuration.jsse.spring.TLSServerParametersConfig;
+import org.apache.cxf.configuration.security.TLSServerParametersType;
import org.apache.cxf.configuration.spring.AbstractBeanDefinitionParser;
import org.apache.cxf.transport.http.AbstractHTTPDestination;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
@@ -34,14 +42,66 @@
public void doParse(Element element, BeanDefinitionBuilder bean) {
bean.setAbstract(true);
mapElementToJaxbProperty(element, bean, new QName(HTTP_NS, "server"), "server");
+
+ // DEPRECATED: This element is deprecated in favor of tlsServerParameters.
mapElementToJaxbProperty(element, bean, new QName(HTTP_NS, "sslServer"), "sslServer");
+
mapElementToJaxbProperty(element, bean, new QName(HTTP_NS, "authorization"), "authorization");
mapElementToJaxbProperty(element, bean, new QName(HTTP_NS, "fixedParameterOrder"),
"fixedParameterOrder");
mapElementToJaxbProperty(element, bean, new QName(HTTP_NS, "contextMatchStrategy"),
"contextMatchStrategy");
+
+ mapSpecificElements(element, bean);
}
-
+
+ /**
+ * This method specifically maps the "tlsServerParameters" on the
+ * HTTPDestination.
+ *
+ * @param parent This should represent "destination".
+ * @param bean The bean parser.
+ */
+ private void mapSpecificElements(
+ Element parent,
+ BeanDefinitionBuilder bean
+ ) {
+ NodeList nl = parent.getChildNodes();
+ for (int i = 0; i < nl.getLength(); i++) {
+ Node n = nl.item(i);
+ if (n.getNodeType() == Node.ELEMENT_NODE
+ && n.getLocalName().equals("tlsServerParameters")
+ && n.getNamespaceURI().equals(HTTP_NS)) {
+
+ this.mapTLSServerParameters(n, bean);
+ }
+ }
+ }
+
+ /**
+ * Inject the "setTlsServerParameters" method with
+ * a TLSServerParametersConfig object initialized with the JAXB
+ * generated type unmarshalled from the selected node.
+ */
+ public void mapTLSServerParameters(Node n, BeanDefinitionBuilder bean) {
+
+ // Unmarshal the JAXB Generated Type from Config and inject
+ // the configured TLSClientParameters into the HTTPDestination.
+ JAXBContext context = null;
+ try {
+ context = JAXBContext.newInstance(getJaxbPackage(),
+ getClass().getClassLoader());
+ Unmarshaller u = context.createUnmarshaller();
+ JAXBElement<TLSServerParametersType> jaxb =
+ u.unmarshal(n, TLSServerParametersType.class);
+ TLSServerParameters params =
+ new TLSServerParametersConfig(jaxb.getValue());
+ bean.addPropertyValue("tlsServerParameters", params);
+ } catch (Exception e) {
+ throw new RuntimeException("Could not process configuration.", e);
+ }
+ }
+
@Override
protected String getJaxbPackage() {
return "org.apache.cxf.transports.http.configuration";
Modified: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java (original)
+++ incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java Thu May 24 23:44:27 2007
@@ -23,16 +23,21 @@
import java.net.HttpURLConnection;
import java.net.Proxy;
import java.net.URL;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
import java.util.logging.Handler;
import java.util.logging.Level;
import java.util.logging.Logger;
+import javax.imageio.IIOException;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.configuration.security.SSLClientPolicy;
import org.apache.cxf.transport.http.HTTPConduit;
import org.apache.cxf.transport.http.HttpURLConnectionFactory;
@@ -78,9 +83,15 @@
* This field contains the TLS configuration for URLs created
* by this factory.
*/
+ @Deprecated
SSLClientPolicy sslPolicy;
-
+ /**
+ * This field contains the TLS configuration for the URLs created by
+ * this factory.
+ */
+ TLSClientParameters tlsClientParameters;
+
/**
* This constructor initialized the factory with the configured SSL Client
* Side Policy for the HTTPConduit for which this factory is used.
@@ -88,9 +99,22 @@
* @param policy The SSL Client Side Policy. This parameter is guaranteed
* to be non-null.
*/
+ @Deprecated
public HttpsURLConnectionFactory(SSLClientPolicy policy) {
sslPolicy = policy;
}
+
+ /**
+ * This constructor initialized the factory with the configured TLS
+ * Client Parameters for the HTTPConduit for which this factory is used.
+ *
+ * @param params The TLS Client Parameters. This parameter is guaranteed
+ * to be non-null.
+ */
+ public HttpsURLConnectionFactory(TLSClientParameters params) {
+ tlsClientParameters = params;
+ assert tlsClientParameters != null;
+ }
/**
* Create a HttpURLConnection, proxified if neccessary.
@@ -119,8 +143,26 @@
? url.openConnection(proxy)
: url.openConnection());
- decorate(connection);
-
+ if (tlsClientParameters != null) {
+ Exception ex = null;
+ try {
+ decorateWithTLS(connection);
+ } catch (Exception e) {
+ ex = e;
+ } finally {
+ if (ex != null) {
+ if (ex instanceof IOException) {
+ throw (IOException) ex;
+ }
+ throw new IIOException("Error while initializing secure socket", ex);
+ }
+ }
+ } else if (sslPolicy != null) {
+ decorate(connection);
+ } else {
+ assert false;
+ }
+
return connection;
}
@@ -153,6 +195,7 @@
*
* @param secureConnection the secure connection
*/
+ @Deprecated
protected void decorate(HttpsURLConnection secureConnection) {
String keyStoreLocation =
SSLUtils.getKeystore(sslPolicy.getKeystore(), LOG);
@@ -223,6 +266,46 @@
LOG);
}
+ /**
+ * This method assigns the various TLS parameters on the HttpsURLConnection
+ * from the TLS Client Parameters.
+ */
+ protected void decorateWithTLS(HttpsURLConnection connection)
+ throws NoSuchAlgorithmException,
+ NoSuchProviderException,
+ KeyManagementException {
+ String provider = tlsClientParameters.getJsseProvider();
+
+ String protocol = tlsClientParameters.getSecureSocketProtocol() != null
+ ? tlsClientParameters.getSecureSocketProtocol()
+ : "TLS";
+
+ SSLContext ctx = provider == null
+ ? SSLContext.getInstance(protocol)
+ : SSLContext.getInstance(protocol, provider);
+
+ ctx.init(
+ tlsClientParameters.getKeyManagers(),
+ tlsClientParameters.getTrustManagers(),
+ tlsClientParameters.getSecureRandom());
+
+ // The "false" argument means opposite of exclude.
+ String[] cipherSuites =
+ SSLUtils.getCiphersuites(tlsClientParameters.getCipherSuites(),
+ SSLUtils.getSupportedCipherSuites(ctx),
+ tlsClientParameters.getCipherSuitesFilter(),
+ LOG, false);
+
+ connection.setHostnameVerifier(
+ new AlwaysTrueHostnameVerifier());
+
+ // The SSLSocketFactoryWrapper enables certain cipher suites
+ // from the policy.
+ connection.setSSLSocketFactory(
+ new SSLSocketFactoryWrapper(ctx.getSocketFactory(),
+ cipherSuites));
+
+ }
/*
* For development and testing only
*/
Modified: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java (original)
+++ incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java Thu May 24 23:44:27 2007
@@ -166,7 +166,7 @@
return keystoreManagers;
}
- protected static TrustManager[] getTrustStoreManagers(
+ public static TrustManager[] getTrustStoreManagers(
boolean pkcs12,
String trustStoreType,
String trustStoreLocation,
Modified: incubator/cxf/trunk/rt/transports/http/src/main/resources/schemas/configuration/http-listener.xsd
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/resources/schemas/configuration/http-listener.xsd?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/resources/schemas/configuration/http-listener.xsd (original)
+++ incubator/cxf/trunk/rt/transports/http/src/main/resources/schemas/configuration/http-listener.xsd Thu May 24 23:44:27 2007
@@ -33,11 +33,16 @@
<xs:element name="listener" type="http-conf:HTTPListenerPolicy"/>
<xs:element name="sslServer" type="sec:SSLServerPolicy"/>
+ <xs:element name="tlsServerParameters" type="sec:TLSServerParametersType"/>
<xs:complexType name="HTTPListenerConfigBean">
<xs:sequence>
<xs:element ref="tns:listener" minOccurs="0"/>
+
+ <!-- The following element in deprecated in favor of tlsServerParameters -->
<xs:element ref="tns:sslServer" minOccurs="0"/>
+
+ <xs:element ref="tns:tlsServerParameters" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
Modified: incubator/cxf/trunk/rt/transports/http/src/main/resources/schemas/wsdl/http-conf.xsd
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/resources/schemas/wsdl/http-conf.xsd?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/resources/schemas/wsdl/http-conf.xsd (original)
+++ incubator/cxf/trunk/rt/transports/http/src/main/resources/schemas/wsdl/http-conf.xsd Thu May 24 23:44:27 2007
@@ -37,28 +37,31 @@
<xs:element name="server" type="http-conf:HTTPServerPolicy"/>
<xs:element name="authorization" type="sec:AuthorizationPolicy"/>
<xs:element name="sslServer" type="sec:SSLServerPolicy"/>
+ <xs:element name="tlsServerParameters" type="sec:TLSServerParametersType"/>
<xs:element name="contextMatchStrategy" type="xs:string" default="stem"/>
<xs:element name="fixedParameterOrder" type="xs:boolean" default="false"/>
<xs:element name="client" type="http-conf:HTTPClientPolicy"/>
<xs:element name="proxyAuthorization" type="sec:AuthorizationPolicy"/>
<xs:element name="sslClient" type="sec:SSLClientPolicy"/>
+ <xs:element name="tlsClientParameters" type="sec:TLSClientParametersType"/>
<xs:element name="trustDecider" type="http-conf:ClassOrBeanType"/>
<xs:element name="basicAuthSupplier" type="http-conf:ClassOrBeanType"/>
<xs:element name="conduit">
<xs:complexType>
- <xs:sequence>
+ <xs:all>
<xs:element ref="http-conf:client" minOccurs="0"/>
<xs:element ref="http-conf:authorization" minOccurs="0"/>
<xs:element ref="http-conf:proxyAuthorization" minOccurs="0"/>
<xs:element ref="http-conf:sslClient" minOccurs="0"/>
+ <xs:element ref="http-conf:tlsClientParameters" minOccurs="0"/>
<xs:element ref="http-conf:basicAuthSupplier"
minOccurs="0" maxOccurs="1"/>
<xs:element ref="http-conf:trustDecider"
minOccurs="0" maxOccurs="1"/>
- </xs:sequence>
+ </xs:all>
<xs:attribute name="id" type="xs:string" use="required"/>
</xs:complexType>
</xs:element>
@@ -69,14 +72,15 @@
</xs:complexType>
<xs:element name="destination">
- <xs:complexType>
- <xs:sequence>
+ <xs:complexType>
+ <xs:all>
<xs:element ref="http-conf:server" minOccurs="0"/>
<xs:element ref="http-conf:authorization" minOccurs="0"/>
<xs:element ref="http-conf:sslServer" minOccurs="0"/>
+ <xs:element ref="http-conf:tlsServerParameters" minOccurs="0"/>
<xs:element ref="http-conf:contextMatchStrategy" minOccurs="0"/>
<xs:element ref="http-conf:fixedParameterOrder" minOccurs="0"/>
- </xs:sequence>
+ </xs:all>
<xs:attribute name="id" type="xs:string" use="required"/>
</xs:complexType>
</xs:element>
Modified: incubator/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/HttpsURLConnectionFactoryTest.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/HttpsURLConnectionFactoryTest.java?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/HttpsURLConnectionFactoryTest.java (original)
+++ incubator/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/HttpsURLConnectionFactoryTest.java Thu May 24 23:44:27 2007
@@ -33,7 +33,10 @@
import org.junit.Before;
import org.junit.Test;
+//DEPRECATED: This class should be removed when we stick with tlsClientParameters
+// for configuration.
+@Deprecated
public class HttpsURLConnectionFactoryTest extends Assert {
protected static final String DROP_BACK_SRC_DIR =
@@ -127,6 +130,7 @@
}
*/
+
@Test
public void testSetAllData() throws Exception {
@@ -218,6 +222,7 @@
.checkLogContainsString("Unsupported SSLClientPolicy property : CertValidator"));
}
+
@Test
public void testDefaultedCipherSuiteFilters() throws Exception {
@@ -261,6 +266,7 @@
}
+
@Test
public void testNonDefaultedCipherSuiteFilters() throws Exception {
@@ -314,6 +320,7 @@
}
+
@Test
public void testAllValidDataJKS() throws Exception {
@@ -343,6 +350,7 @@
}
+
@Test
public void testAllValidDataPKCS12() throws Exception {
@@ -370,6 +378,7 @@
}
+
@Test
public void testNonExistentKeystoreJKS() throws Exception {
@@ -395,6 +404,7 @@
}
+
@Test
public void testNonExistentKeystorePKCS12() throws Exception {
@@ -419,6 +429,7 @@
}
+
@Test
public void testWrongKeystorePasswordJKS() throws Exception {
@@ -456,6 +467,7 @@
}
+
@Test
public void testWrongKeystorePasswordPKCS12() throws Exception {
@@ -493,6 +505,7 @@
}
+
@Test
public void testWrongKeyPasswordJKS() throws Exception {
@@ -526,6 +539,7 @@
}
+
@Test
public void testWrongKeyPasswordPKCS12() throws Exception {
@@ -558,6 +572,7 @@
}
+
@Test
public void testAllElementsHaveSetupMethod() throws Exception {
SSLClientPolicy policy = new SSLClientPolicy();
Modified: incubator/cxf/trunk/systests/pom.xml
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/pom.xml?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/systests/pom.xml (original)
+++ incubator/cxf/trunk/systests/pom.xml Thu May 24 23:44:27 2007
@@ -1,346 +1,296 @@
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <modelVersion>4.0.0</modelVersion>
+<?xml version="1.0"?><project>
+ <parent>
+ <artifactId>cxf-parent</artifactId>
<groupId>org.apache.cxf</groupId>
- <artifactId>cxf-systests</artifactId>
- <packaging>jar</packaging>
<version>2.0-incubator-SNAPSHOT</version>
- <name>Apache CXF System Tests</name>
- <url>http://cwiki.apache.org/CXF</url>
-
- <parent>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-parent</artifactId>
- <version>2.0-incubator-SNAPSHOT</version>
- <relativePath>../parent/pom.xml</relativePath>
- </parent>
-
- <properties>
- <surefire.fork.mode>pertest</surefire.fork.mode>
- <spring.validation.mode>VALIDATION_NONE</spring.validation.mode>
- </properties>
-
- <dependencies>
- <dependency>
- <groupId>org.apache.geronimo.specs</groupId>
- <artifactId>geronimo-servlet_2.5_spec</artifactId>
- </dependency>
-
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-common-utilities</artifactId>
- <version>${project.version}</version>
- </dependency>
-
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-tools-common</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-tools-java2wsdl</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-tools-validator</artifactId>
- <version>${project.version}</version>
- </dependency>
-
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-api</artifactId>
- <version>${project.version}</version>
- </dependency>
-
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-management</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-core</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-databinding-jaxb</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-frontend-jaxws</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-frontend-js</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-bindings-soap</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-bindings-http</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-transports-http</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-transports-http-jetty</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-transports-local</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-transports-jms</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-ws-addr</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-ws-rm</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-ws-policy</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-integration-jca</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-rt-bindings-coloc</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.cxf</groupId>
- <artifactId>cxf-testutils</artifactId>
- <version>${project.version}</version>
- <scope>test</scope>
- </dependency>
-
- <dependency>
- <groupId>org.apache.derby</groupId>
- <artifactId>derby</artifactId>
- <version>${derby.version}</version>
- <scope>test</scope>
- </dependency>
-
- <dependency>
- <groupId>org.apache.geronimo.specs</groupId>
- <artifactId>geronimo-j2ee-management_1.0_spec</artifactId>
- <scope>test</scope>
- </dependency>
-
- <dependency>
- <groupId>org.apache.activemq</groupId>
- <artifactId>activemq-core</artifactId>
- <scope>test</scope>
- </dependency>
-
- <dependency>
- <groupId>httpunit</groupId>
- <artifactId>httpunit</artifactId>
- <scope>test</scope>
- </dependency>
-
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-core</artifactId>
- </dependency>
-
- <!--dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-web</artifactId>
- <scope>test</scope>
- </dependency-->
-
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.easymock</groupId>
- <artifactId>easymockclassextension</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.geronimo.specs</groupId>
- <artifactId>geronimo-j2ee-connector_1.5_spec</artifactId>
- </dependency>
-
- <dependency>
- <groupId>ant</groupId>
- <artifactId>ant</artifactId>
- <scope>test</scope>
- </dependency>
-
- <dependency>
- <groupId>rhino</groupId>
- <artifactId>js</artifactId>
- <version>1.6R5</version>
- <scope>test</scope>
- </dependency>
-
- <dependency>
- <groupId>xmlbeans</groupId>
- <artifactId>xbean</artifactId>
- <scope>test</scope>
- </dependency>
-
- <dependency>
- <groupId>org.apache.derby</groupId>
- <artifactId>derby</artifactId>
- <version>${derby.version}</version>
- <scope>test</scope>
- </dependency>
-
- </dependencies>
-
- <build>
+ <relativePath>../parent/pom.xml</relativePath>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-systests</artifactId>
+ <name>Apache CXF System Tests</name>
+ <version>2.0-incubator-SNAPSHOT</version>
+ <url>http://cwiki.apache.org/CXF</url>
+ <scm>
+ <connection>scm:svn:http://svn.apache.org/repos/asf/incubator/cxf/trunk/systests</connection>
+ <developerConnection>scm:svn:https://svn.apache.org/repos/asf/incubator/cxf/trunk/systests</developerConnection>
+ <url>http://svn.apache.org/viewvc/incubator/cxf/trunk/cxf-parent/cxf-systests</url>
+ </scm>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-jar-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>attach-sources</id>
+ <goals>
+ <goal>test-jar</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ <profiles>
+ <profile>
+ <id>ibmjdk</id>
+ <activation>
+ <property>
+ <name>java.vendor</name>
+ <value>IBM Corporation</value>
+ </property>
+ </activation>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.geronimo.specs</groupId>
+ <artifactId>geronimo-ejb_2.1_spec</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ </dependencies>
+ </profile>
+ <profile>
+ <id>test.remoteresources</id>
+ <build>
<plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-jar-plugin</artifactId>
- <executions>
- <execution>
- <id>attach-sources</id>
- <goals>
- <goal>test-jar</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
+ <plugin>
+ <artifactId>maven-remote-resources-plugin</artifactId>
+ <version>1.0-alpha-2-SNAPSHOT</version>
+ <executions>
+ <execution>
+ <id>do-apache-stuff</id>
+ <phase>generate-sources</phase>
+ <goals>
+ <goal>process</goal>
+ </goals>
+ <configuration>
+ <resourceBundles>
+ <resourceBundle>org.apache:apache-jar-resource-bundle:1.1-SNAPSHOT</resourceBundle>
+ <resourceBundle>org.apache:apache-incubator-disclaimer-resource-bundle:1.0</resourceBundle>
+ </resourceBundles>
+ <properties>
+ <addLicense>true</addLicense>
+ </properties>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <artifactId>maven-jar-plugin</artifactId>
+ <executions>
+ <execution>
+ <goals>
+ <goal>test-jar</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
</plugins>
- </build>
-
-
- <profiles>
- <profile>
- <id>ibmjdk</id>
- <activation>
- <property>
- <name>java.vendor</name>
- <value>IBM Corporation</value>
- </property>
- </activation>
- <!-- ibmjdk also requires this dependency for
- the OutBoundConnectionTest -->
- <dependencies>
- <dependency>
- <groupId>org.apache.geronimo.specs</groupId>
- <artifactId>geronimo-ejb_2.1_spec</artifactId>
- <scope>provided</scope>
- </dependency>
- </dependencies>
- </profile>
- <profile>
- <id>test.remoteresources</id>
- <build>
- <plugins>
- <plugin>
- <artifactId>maven-remote-resources-plugin</artifactId>
- <version>1.0-alpha-2-SNAPSHOT</version>
- <executions>
- <execution>
- <id>do-apache-stuff</id>
- <phase>generate-sources</phase>
- <goals>
- <goal>process</goal>
- </goals>
- <configuration>
- <resourceBundles>
- <resourceBundle>org.apache:apache-jar-resource-bundle:1.1-SNAPSHOT</resourceBundle>
- <resourceBundle>org.apache:apache-incubator-disclaimer-resource-bundle:1.0</resourceBundle>
- </resourceBundles>
- <properties>
- <addLicense>true</addLicense>
- </properties>
- </configuration>
- </execution>
- </executions>
- </plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-jar-plugin</artifactId>
- <executions>
- <execution>
- <goals>
- <goal>test-jar</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- </plugins>
- </build>
- <repositories>
- <repository>
- <id>apache.snapshots</id>
- <name>Apache SNAPSHOT repository</name>
- <url>http://people.apache.org/repo/m2-snapshot-repository/</url>
- </repository>
- </repositories>
- <pluginRepositories>
- <pluginRepository>
- <id>apache.snapshots</id>
- <name>Apache Maven Snapshot Repository</name>
- <url>http://people.apache.org/repo/m2-snapshot-repository/</url>
- <layout>default</layout>
- <snapshots>
- <enabled>true</enabled>
- </snapshots>
- <releases>
- <enabled>false</enabled>
- </releases>
- </pluginRepository>
- </pluginRepositories>
- </profile>
- </profiles>
-
- <scm>
- <connection>scm:svn:http://svn.apache.org/repos/asf/incubator/cxf/trunk/systests</connection>
- <developerConnection>scm:svn:https://svn.apache.org/repos/asf/incubator/cxf/trunk/systests</developerConnection>
- <url>http://svn.apache.org/viewvc/incubator/cxf/trunk/cxf-parent/cxf-systests</url>
- </scm>
-
-</project>
+ </build>
+ <repositories>
+ <repository>
+ <id>apache.snapshots</id>
+ <name>Apache SNAPSHOT repository</name>
+ <url>http://people.apache.org/repo/m2-snapshot-repository/</url>
+ </repository>
+ </repositories>
+ <pluginRepositories>
+ <pluginRepository>
+ <releases>
+ <enabled>false</enabled>
+ </releases>
+ <snapshots />
+ <id>apache.snapshots</id>
+ <name>Apache Maven Snapshot Repository</name>
+ <url>http://people.apache.org/repo/m2-snapshot-repository/</url>
+ </pluginRepository>
+ </pluginRepositories>
+ </profile>
+ </profiles>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.geronimo.specs</groupId>
+ <artifactId>geronimo-servlet_2.5_spec</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-common-utilities</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-tools-common</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-tools-java2wsdl</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-tools-validator</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-api</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-management</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-core</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-databinding-jaxb</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-frontend-jaxws</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-frontend-js</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-bindings-soap</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-bindings-http</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-transports-http</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-transports-http-jetty</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-transports-local</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-transports-jms</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-ws-addr</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-ws-rm</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-ws-policy</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-integration-jca</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-bindings-coloc</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-testutils</artifactId>
+ <version>${project.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.derby</groupId>
+ <artifactId>derby</artifactId>
+ <version>${derby.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.geronimo.specs</groupId>
+ <artifactId>geronimo-j2ee-management_1.0_spec</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.activemq</groupId>
+ <artifactId>activemq-core</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>httpunit</groupId>
+ <artifactId>httpunit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.easymock</groupId>
+ <artifactId>easymockclassextension</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.geronimo.specs</groupId>
+ <artifactId>geronimo-j2ee-connector_1.5_spec</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>ant</groupId>
+ <artifactId>ant</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>rhino</groupId>
+ <artifactId>js</artifactId>
+ <version>1.6R5</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>xmlbeans</groupId>
+ <artifactId>xbean</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.derby</groupId>
+ <artifactId>derby</artifactId>
+ <version>${derby.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.3.1</version>
+ </dependency>
+ </dependencies>
+ <properties>
+ <surefire.fork.mode>pertest</surefire.fork.mode>
+ <spring.validation.mode>VALIDATION_NONE</spring.validation.mode>
+ </properties>
+</project>
\ No newline at end of file
Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPConduit2Test.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPConduit2Test.java?view=auto&rev=541568
==============================================================================
--- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPConduit2Test.java (added)
+++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPConduit2Test.java Thu May 24 23:44:27 2007
@@ -0,0 +1,777 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.http;
+
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.TreeMap;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.xml.namespace.QName;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.configuration.jsse.TLSClientParameters;
+import org.apache.cxf.configuration.security.AuthorizationPolicy;
+import org.apache.cxf.configuration.security.FiltersType;
+import org.apache.cxf.endpoint.Client;
+import org.apache.cxf.frontend.ClientProxy;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+
+import org.apache.cxf.transport.http.HTTPConduit;
+import org.apache.cxf.transport.http.HttpBasicAuthSupplier;
+import org.apache.cxf.transport.http.MessageTrustDecider;
+import org.apache.cxf.transport.http.URLConnectionInfo;
+import org.apache.cxf.transport.http.UntrustedURLConnectionIOException;
+
+import org.apache.cxf.transport.https.HttpsURLConnectionInfo;
+
+import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
+
+import org.apache.hello_world.Greeter;
+import org.apache.hello_world.services.SOAPService;
+
+import org.junit.Before;
+import org.junit.Test;
+
+/**
+ * This class tests several issues and Conduit policies based
+ * on a set up of redirecting servers.
+ * <pre>
+ *
+ * Http Redirection:
+ *
+ * Rethwel(http:9004) ------\
+ * ----> Mortimer (http:9000)
+ * Poltim(https:9005) ------/
+ *
+ * HttpS redirection/Trust:
+ *
+ * Tarpin(https:9003) ----> Gordy(https:9001) ----> Bethal(https:9002)
+ *
+ * Redirect Loop:
+ *
+ * Hurlon (http:9006) ----> Abost(http:9007) ----\
+ * ^ |
+ * |-------------------------------------------/
+ *
+ * Hostname Verifier Test
+ *
+ * Morpit (https:9008)
+ *
+ * </pre>
+ * The Bethal server issues 401 with differing realms depending on the
+ * User name given in the authorization header.
+ * <p>
+ * The Morpit has a CN that is not equal to "localhost" to kick in
+ * the Hostname Verifier.
+ */
+public class HTTPConduit2Test extends AbstractBusClientServerTestBase {
+
+ private static final boolean IN_PROCESS = true;
+
+ private static TLSClientParameters tlsClientParameters = new TLSClientParameters();
+ private static Map<String, String> addrMap = new TreeMap<String, String>();
+ private static List<String> servers = new ArrayList<String>();
+
+ static {
+ addrMap.put("Mortimer", "http://localhost:9000/");
+ addrMap.put("Tarpin", "https://localhost:9003/");
+ addrMap.put("Rethwel", "http://localhost:9004/");
+ addrMap.put("Poltim", "https://localhost:9005/");
+ addrMap.put("Gordy", "https://localhost:9001/");
+ addrMap.put("Bethal", "https://localhost:9002/");
+ addrMap.put("Abost", "http://localhost:9007/");
+ addrMap.put("Hurlon", "http://localhost:9006/");
+ addrMap.put("Morpit", "https://localhost:9008/");
+ }
+
+ static {
+ try {
+ String keystore =
+ Server.class.getResource("resources/Morpit.jks").getFile();
+ //System.out.println("Keystore: " + keystore);
+ KeyManager[] kmgrs = getKeyManagers(getKeyStore("JKS", keystore, "password"), "password");
+
+ String truststore =
+ Server.class.getResource("resources/Truststore.jks").getFile();
+ //System.out.println("Truststore: " + truststore);
+ TrustManager[] tmgrs = getTrustManagers(getKeyStore("JKS", truststore, "password"));
+
+ tlsClientParameters.setKeyManagers(kmgrs);
+ tlsClientParameters.setTrustManagers(tmgrs);
+ FiltersType filters = new FiltersType();
+ filters.getInclude().add(".*_EXPORT_.*");
+ filters.getInclude().add(".*_EXPORT1024_.*");
+ filters.getInclude().add(".*_WITH_DES_.*");
+ filters.getInclude().add(".*_WITH_NULL_.*");
+ filters.getInclude().add(".*_DH_anon_.*");
+ tlsClientParameters.setCipherSuitesFilter(filters);
+ } catch (Exception e) {
+ throw new RuntimeException("Static initialization failed", e);
+ }
+ }
+
+ private final QName serviceName =
+ new QName("http://apache.org/hello_world", "SOAPService");
+ private final QName bethalQ =
+ new QName("http://apache.org/hello_world", "Bethal");
+ private final QName gordyQ =
+ new QName("http://apache.org/hello_world", "Gordy");
+ private final QName tarpinQ =
+ new QName("http://apache.org/hello_world", "Tarpin");
+ private final QName rethwelQ =
+ new QName("http://apache.org/hello_world", "Rethwel");
+ private final QName mortimerQ =
+ new QName("http://apache.org/hello_world", "Mortimer");
+ private final QName poltimQ =
+ new QName("http://apache.org/hello_world", "Poltim");
+ private final QName hurlonQ =
+ new QName("http://apache.org/hello_world", "Hurlon");
+ // PMD Violation because it is not used, but
+ // it is here for completeness.
+ //private final QName abostQ =
+ //new QName("http://apache.org/hello_world", "Abost");
+ public HTTPConduit2Test() {
+ }
+
+ /**
+ * This function is used to start up a server. It only "starts" a
+ * server if it hasn't been started before, hence its static nature.
+ * <p>
+ * This approach is used to start the needed servers for a particular test
+ * instead of starting them all in "startServers". This single needed
+ * server approach allieviates the pain in starting them all just to run
+ * a particular test in the debugger.
+ */
+ public static synchronized boolean startServer(String name) {
+ if (servers.contains(name)) {
+ return true;
+ }
+ URL serverC =
+ Server.class.getResource("resources/" + name + "-2.cxf");
+ boolean server = launchServer(Server.class, null,
+ new String[] {
+ name,
+ addrMap.get(name),
+ serverC.toString() },
+ IN_PROCESS);
+ if (server) {
+ servers.add(name);
+ }
+ return server;
+ }
+
+ @Before
+ public void setUp() {
+ // TODO: Do I need this?
+ System.setProperty("org.apache.cxf.bus.factory",
+ "org.apache.cxf.bus.CXFBusFactory");
+ }
+
+ public static KeyStore getKeyStore(String ksType, String file, String ksPassword)
+ throws GeneralSecurityException,
+ IOException {
+
+ String type = ksType != null
+ ? ksType
+ : KeyStore.getDefaultType();
+
+ char[] password = ksPassword != null
+ ? ksPassword.toCharArray()
+ : null;
+
+ // We just use the default Keystore provider
+ KeyStore keyStore = KeyStore.getInstance(type);
+
+ keyStore.load(new FileInputStream(file), password);
+
+ return keyStore;
+ }
+
+ public static KeyManager[] getKeyManagers(KeyStore keyStore, String keyPassword)
+ throws GeneralSecurityException,
+ IOException {
+ // For tests, we just use the default algorithm
+ String alg = KeyManagerFactory.getDefaultAlgorithm();
+
+ char[] keyPass = keyPassword != null
+ ? keyPassword.toCharArray()
+ : null;
+
+ // For tests, we just use the default provider.
+ KeyManagerFactory fac = KeyManagerFactory.getInstance(alg);
+
+ fac.init(keyStore, keyPass);
+
+ return fac.getKeyManagers();
+ }
+
+ public static TrustManager[] getTrustManagers(KeyStore keyStore)
+ throws GeneralSecurityException,
+ IOException {
+ // For tests, we just use the default algorithm
+ String alg = TrustManagerFactory.getDefaultAlgorithm();
+
+ // For tests, we just use the default provider.
+ TrustManagerFactory fac = TrustManagerFactory.getInstance(alg);
+
+ fac.init(keyStore);
+
+ return fac.getTrustManagers();
+ }
+
+
+ @Test
+ public void testBasicConnection() throws Exception {
+ startServer("Mortimer");
+ URL wsdl = getClass().getResource("resources/greeting.wsdl");
+ assertNotNull("WSDL is null", wsdl);
+
+ SOAPService service = new SOAPService(wsdl, serviceName);
+ assertNotNull("Service is null", service);
+
+ Greeter mortimer = service.getPort(mortimerQ, Greeter.class);
+ assertNotNull("Port is null", mortimer);
+
+ String answer = mortimer.sayHi();
+ assertTrue("Unexpected answer: " + answer,
+ "Bonjour from Mortimer".equals(answer));
+ }
+
+ /**
+ * This methods tests that a conduit that is not configured
+ * to follow redirects will not. The default is not to
+ * follow redirects.
+ * Rethwel redirects to Mortimer.
+ *
+ * Note: Unfortunately, the invocation will
+ * "fail" for any number of other reasons.
+ *
+ */
+ @Test
+ public void testHttp2HttpRedirectFail() throws Exception {
+ startServer("Mortimer");
+ startServer("Rethwel");
+
+ URL wsdl = getClass().getResource("resources/greeting.wsdl");
+ assertNotNull("WSDL is null", wsdl);
+
+ SOAPService service = new SOAPService(wsdl, serviceName);
+ assertNotNull("Service is null", service);
+
+ Greeter rethwel = service.getPort(rethwelQ, Greeter.class);
+ assertNotNull("Port is null", rethwel);
+
+ String answer = null;
+ try {
+ answer = rethwel.sayHi();
+ fail("Redirect didn't fail. Got answer: " + answer);
+ } catch (Exception e) {
+ //e.printStackTrace();
+ }
+
+ }
+
+ /**
+ * We use this class to reset the default bus.
+ * Note: This may not always work in the future.
+ * I was lucky in that "defaultBus" is actually a
+ * protected static.
+ */
+ class DefaultBusFactory extends SpringBusFactory {
+ public Bus createBus(URL config) {
+ Bus bus = super.createBus(config, true);
+ BusFactory.setDefaultBus(bus);
+ BusFactory.setThreadDefaultBus(bus);
+ return bus;
+ }
+ }
+
+ /**
+ * This method tests if http to http redirects work.
+ * Rethwel redirects to Mortimer.
+ */
+ @Test
+ public void testHttp2HttpRedirect() throws Exception {
+ startServer("Mortimer");
+ startServer("Rethwel");
+
+ URL config = getClass().getResource("resources/Http2HttpRedirect.cxf");
+
+ // We go through the back door, setting the default bus.
+ new DefaultBusFactory().createBus(config);
+
+ URL wsdl = getClass().getResource("resources/greeting.wsdl");
+ assertNotNull("WSDL is null", wsdl);
+
+ SOAPService service = new SOAPService(wsdl, serviceName);
+ assertNotNull("Service is null", service);
+
+ Greeter rethwel = service.getPort(rethwelQ, Greeter.class);
+ assertNotNull("Port is null", rethwel);
+
+ String answer = rethwel.sayHi();
+ assertTrue("Unexpected answer: " + answer,
+ "Bonjour from Mortimer".equals(answer));
+ }
+
+ /**
+ * This methods tests that a redirection loop will fail.
+ * Hurlon redirects to Abost, which redirects to Hurlon.
+ *
+ * Note: Unfortunately, the invocation may "fail" for any
+ * number of reasons.
+ */
+ @Test
+ public void testHttp2HttpLoopRedirectFail() throws Exception {
+ startServer("Abost");
+ startServer("Hurlon");
+
+ URL config = getClass().getResource(
+ "resources/Http2HttpLoopRedirectFail.cxf");
+
+ // We go through the back door, setting the default bus.
+ new DefaultBusFactory().createBus(config);
+
+ URL wsdl = getClass().getResource("resources/greeting.wsdl");
+ assertNotNull("WSDL is null", wsdl);
+
+ SOAPService service = new SOAPService(wsdl, serviceName);
+ assertNotNull("Service is null", service);
+
+ Greeter hurlon = service.getPort(hurlonQ, Greeter.class);
+ assertNotNull("Port is null", hurlon);
+
+ String answer = null;
+ try {
+ answer = hurlon.sayHi();
+ fail("Redirect didn't fail. Got answer: " + answer);
+ } catch (Exception e) {
+ // This exception will be one of not being able to
+ // read from the StreamReader
+ //e.printStackTrace();
+ }
+
+ }
+ /**
+ * This methods tests a basic https connection to Bethal.
+ * It supplies an authorization policy with premetive user/pass
+ * to avoid the 401.
+ */
+ @Test
+ public void testHttpsBasicConnection() throws Exception {
+ startServer("Bethal");
+
+ URL wsdl = getClass().getResource("resources/greeting.wsdl");
+ assertNotNull("WSDL is null", wsdl);
+
+ SOAPService service = new SOAPService(wsdl, serviceName);
+ assertNotNull("Service is null", service);
+
+ Greeter bethal = service.getPort(bethalQ, Greeter.class);
+ assertNotNull("Port is null", bethal);
+
+ // Okay, I'm sick of configuration files.
+ // This also tests dynamic configuration of the conduit.
+ Client client = ClientProxy.getClient(bethal);
+ HTTPConduit http =
+ (HTTPConduit) client.getConduit();
+
+ HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
+
+ httpClientPolicy.setAutoRedirect(false);
+ // If we set any name, but Edward, Mary, or George,
+ // and a password of "password" we will get through
+ // Bethal.
+ AuthorizationPolicy authPolicy = new AuthorizationPolicy();
+ authPolicy.setUserName("Betty");
+ authPolicy.setPassword("password");
+
+ http.setClient(httpClientPolicy);
+ http.setTlsClientParameters(tlsClientParameters);
+ http.setAuthorization(authPolicy);
+
+ String answer = bethal.sayHi();
+ assertTrue("Unexpected answer: " + answer,
+ "Bonjour from Bethal".equals(answer));
+ }
+
+
+ /**
+ * This test should fail when we hit Poltim, since it redirects
+ * to Mortimer, which is an http url, and Poltim is an https server.
+ */
+ @Test
+ public void testHttpsRedirectToHttpFail() throws Exception {
+ startServer("Mortimer");
+ startServer("Poltim");
+
+ URL wsdl = getClass().getResource("resources/greeting.wsdl");
+ assertNotNull("WSDL is null", wsdl);
+
+ SOAPService service = new SOAPService(wsdl, serviceName);
+ assertNotNull("Service is null", service);
+
+ Greeter poltim = service.getPort(poltimQ, Greeter.class);
+ assertNotNull("Port is null", poltim);
+
+ // Okay, I'm sick of configuration files.
+ // This also tests dynamic configuration of the conduit.
+ Client client = ClientProxy.getClient(poltim);
+ HTTPConduit http =
+ (HTTPConduit) client.getConduit();
+
+ HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
+
+ httpClientPolicy.setAutoRedirect(true);
+
+ http.setClient(httpClientPolicy);
+ http.setTlsClientParameters(tlsClientParameters);
+
+ try {
+ String answer = poltim.sayHi();
+ fail("Unexpected answer from Poltim: " + answer);
+ } catch (Exception e) {
+ //e.printStackTrace();
+ }
+ }
+
+ class MyHttpsTrustDecider extends MessageTrustDecider {
+
+ private String[] trustName;
+ private int called;
+
+ MyHttpsTrustDecider(String name) {
+ trustName = new String[] {name};
+ }
+
+ MyHttpsTrustDecider(String[] name) {
+ trustName = name;
+ }
+
+ public int wasCalled() {
+ return called;
+ }
+
+ public void establishTrust(
+ String conduitName,
+ URLConnectionInfo cinfo,
+ Message message
+ ) throws UntrustedURLConnectionIOException {
+
+ called++;
+
+ HttpsURLConnectionInfo ci = (HttpsURLConnectionInfo) cinfo;
+ boolean trusted = false;
+ for (int i = 0; i < trustName.length; i++) {
+ trusted = trusted
+ || ci.getPeerPrincipal()
+ .toString().contains("OU=" + trustName[i]);
+ }
+ if (!trusted) {
+ throw new UntrustedURLConnectionIOException(
+ "Peer Principal \""
+ + ci.getPeerPrincipal()
+ + "\" does not contain "
+ + getTrustNames());
+ }
+ }
+
+ private String getTrustNames() {
+ StringBuffer sb = new StringBuffer();
+ for (int i = 0; i < trustName.length; i++) {
+ sb.append("\"OU=");
+ sb.append(trustName[i]);
+ sb.append("\"");
+ if (i < trustName.length - 1) {
+ sb.append(", ");
+ }
+ }
+ return sb.toString();
+ }
+ }
+
+
+ @Test
+ public void testHttpsTrust() throws Exception {
+ startServer("Bethal");
+
+ URL wsdl = getClass().getResource("resources/greeting.wsdl");
+ assertNotNull("WSDL is null", wsdl);
+
+ SOAPService service = new SOAPService(wsdl, serviceName);
+ assertNotNull("Service is null", service);
+
+ Greeter bethal = service.getPort(bethalQ, Greeter.class);
+ assertNotNull("Port is null", bethal);
+
+ // Okay, I'm sick of configuration files.
+ // This also tests dynamic configuration of the conduit.
+ Client client = ClientProxy.getClient(bethal);
+ HTTPConduit http =
+ (HTTPConduit) client.getConduit();
+
+ HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
+
+ httpClientPolicy.setAutoRedirect(false);
+ // If we set any name, but Edward, Mary, or George,
+ // and a password of "password" we will get through
+ // Bethal.
+ AuthorizationPolicy authPolicy = new AuthorizationPolicy();
+ authPolicy.setUserName("Betty");
+ authPolicy.setPassword("password");
+
+ http.setClient(httpClientPolicy);
+ http.setTlsClientParameters(tlsClientParameters);
+ http.setAuthorization(authPolicy);
+
+ // Our expected server should be OU=Bethal
+ http.setTrustDecider(new MyHttpsTrustDecider("Bethal"));
+
+ String answer = bethal.sayHi();
+ assertTrue("Unexpected answer: " + answer,
+ "Bonjour from Bethal".equals(answer));
+
+ // Nobody will not equal OU=Bethal
+ MyHttpsTrustDecider trustDecider =
+ new MyHttpsTrustDecider("Nobody");
+ http.setTrustDecider(trustDecider);
+ try {
+ answer = bethal.sayHi();
+ fail("Unexpected answer from Bethal: " + answer);
+ } catch (Exception e) {
+ //e.printStackTrace();
+ //assertTrue("Trust Decider was not called",
+ // 0 > trustDecider.wasCalled());
+ }
+ }
+
+ @Test
+ public void testHttpsTrustRedirect() throws Exception {
+ startServer("Tarpin");
+ startServer("Gordy");
+ startServer("Bethal");
+
+ URL wsdl = getClass().getResource("resources/greeting.wsdl");
+ assertNotNull("WSDL is null", wsdl);
+
+ SOAPService service = new SOAPService(wsdl, serviceName);
+ assertNotNull("Service is null", service);
+
+ Greeter tarpin = service.getPort(tarpinQ, Greeter.class);
+ assertNotNull("Port is null", tarpin);
+
+ // Okay, I'm sick of configuration files.
+ // This also tests dynamic configuration of the conduit.
+ Client client = ClientProxy.getClient(tarpin);
+ HTTPConduit http =
+ (HTTPConduit) client.getConduit();
+
+ HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
+
+ httpClientPolicy.setAutoRedirect(true);
+ // If we set any name, but Edward, Mary, or George,
+ // and a password of "password" we will get through
+ // Bethal.
+ AuthorizationPolicy authPolicy = new AuthorizationPolicy();
+ authPolicy.setUserName("Betty");
+ authPolicy.setPassword("password");
+
+ http.setClient(httpClientPolicy);
+ http.setTlsClientParameters(tlsClientParameters);
+ http.setAuthorization(authPolicy);
+
+ // We get redirected from Tarpin, to Gordy, to Bethal.
+ MyHttpsTrustDecider trustDecider =
+ new MyHttpsTrustDecider(
+ new String[] {"Tarpin", "Gordy", "Bethal"});
+ http.setTrustDecider(trustDecider);
+
+ // We actually get our answer from Bethal at the end of the
+ // redirects.
+ String answer = tarpin.sayHi();
+
+ assertTrue("Trust Decider wasn't called correctly",
+ 3 == trustDecider.wasCalled());
+ assertTrue("Unexpected answer: " + answer,
+ "Bonjour from Bethal".equals(answer));
+
+ // Limit the redirects to 1, since there are two, this should fail.
+ http.getClient().setMaxRetransmits(1);
+
+ try {
+ answer = tarpin.sayHi();
+ fail("Unexpected answer from Tarpin: " + answer);
+ } catch (Exception e) {
+ //e.printStackTrace();
+ }
+
+ // Set back to unlimited.
+ http.getClient().setMaxRetransmits(-1);
+
+ // Effectively we will not trust Gordy in the middle.
+ trustDecider =
+ new MyHttpsTrustDecider(
+ new String[] {"Tarpin", "Bethal"});
+ http.setTrustDecider(trustDecider);
+
+ try {
+ answer = tarpin.sayHi();
+ fail("Unexpected answer from Tarpin: " + answer);
+ } catch (Exception e) {
+ //e.printStackTrace();
+ assertTrue("Trust Decider wasn't called correctly",
+ 2 == trustDecider.wasCalled());
+ }
+
+ }
+
+ public class MyBasicAuthSupplier extends HttpBasicAuthSupplier {
+
+ String realm;
+ String user;
+ String pass;
+
+ /**
+ * This will loop from Cronus, to Andromeda, to Zorantius
+ */
+ MyBasicAuthSupplier() {
+ }
+
+ MyBasicAuthSupplier(String r, String u, String p) {
+ realm = r;
+ user = u;
+ pass = p;
+ }
+ @Override
+ public UserPass getPreemptiveUserPass(
+ String conduitName,
+ URL currentURL,
+ Message message
+ ) {
+ return null;
+ }
+
+ /**
+ * If we don't have the realm set, then we loop
+ * through the realms.
+ */
+ @Override
+ public UserPass getUserPassForRealm(
+ String conduitName,
+ URL currentURL,
+ Message message,
+ String reqestedRealm
+ ) {
+ if (realm != null && realm.equals(reqestedRealm)) {
+ return createUserPass(user, pass);
+ }
+ if ("Andromeda".equals(reqestedRealm)) {
+ // This will get us another 401 to Zorantius
+ return createUserPass("Edward", "password");
+ }
+ if ("Zorantius".equals(reqestedRealm)) {
+ // George will get us another 401 to Cronus
+ return createUserPass("George", "password");
+ }
+ if ("Cronus".equals(reqestedRealm)) {
+ // Mary will get us another 401 to Andromeda
+ return createUserPass("Mary", "password");
+ }
+ return null;
+ }
+
+ }
+
+ /**
+ * This tests redirects through Gordy to Bethal. Bethal will
+ * supply a series of 401s. See PushBack401.
+ */
+ @Test
+ public void testHttpsRedirect401Response() throws Exception {
+ startServer("Gordy");
+ startServer("Bethal");
+
+ URL wsdl = getClass().getResource("resources/greeting.wsdl");
+ assertNotNull("WSDL is null", wsdl);
+
+ SOAPService service = new SOAPService(wsdl, serviceName);
+ assertNotNull("Service is null", service);
+
+ Greeter gordy = service.getPort(gordyQ, Greeter.class);
+ assertNotNull("Port is null", gordy);
+
+ // Okay, I'm sick of configuration files.
+ // This also tests dynamic configuration of the conduit.
+ Client client = ClientProxy.getClient(gordy);
+ HTTPConduit http =
+ (HTTPConduit) client.getConduit();
+
+ HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
+
+ httpClientPolicy.setAutoRedirect(true);
+ http.setClient(httpClientPolicy);
+ http.setTlsClientParameters(tlsClientParameters);
+
+ // We get redirected from Gordy, to Bethal.
+ http.setTrustDecider(
+ new MyHttpsTrustDecider(
+ new String[] {"Gordy", "Bethal"}));
+
+ // Without preemptive user/pass Bethal returns a
+ // 401 for realm Cronus. If we supply any name other
+ // than Edward, George, or Mary, with the pass of "password"
+ // we should succeed.
+ http.setBasicAuthSupplier(
+ new MyBasicAuthSupplier("Cronus", "Betty", "password"));
+
+ // We actually get our answer from Bethal at the end of the
+ // redirects.
+ String answer = gordy.sayHi();
+ assertTrue("Unexpected answer: " + answer,
+ "Bonjour from Bethal".equals(answer));
+
+ // Uhe loop auth supplier,
+ // We should die with looping realms.
+ http.setBasicAuthSupplier(new MyBasicAuthSupplier());
+
+ try {
+ answer = gordy.sayHi();
+ fail("Unexpected answer from Gordy: " + answer);
+ } catch (Exception e) {
+ //e.printStackTrace();
+ }
+ }
+
+}
+
Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPConduit2Test.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPConduit2Test.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPConduitTest.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPConduitTest.java?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPConduitTest.java (original)
+++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPConduitTest.java Thu May 24 23:44:27 2007
@@ -97,9 +97,9 @@
static {
addrMap.put("Mortimer", "http://localhost:9000/");
- addrMap.put("Tarpin", "http://localhost:9003/");
+ addrMap.put("Tarpin", "https://localhost:9003/");
addrMap.put("Rethwel", "http://localhost:9004/");
- addrMap.put("Poltim", "http://localhost:9005/");
+ addrMap.put("Poltim", "https://localhost:9005/");
addrMap.put("Gordy", "https://localhost:9001/");
addrMap.put("Bethal", "https://localhost:9002/");
addrMap.put("Abost", "http://localhost:9007/");
Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Abost-2.cxf
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Abost-2.cxf?view=auto&rev=541568
==============================================================================
--- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Abost-2.cxf (added)
+++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Abost-2.cxf Thu May 24 23:44:27 2007
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<!--
+ ** This file configures the Abost Server.
+ ** It is an http server that redirects to Hurlon.
+ -->
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
+ xsi:schemaLocation="
+ http://cxf.apache.org/transports/http/configuration
+ http://cxf.apache.org/schema/transports/http.xsd
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans.xsd">
+
+ <http:destination id="{http://apache.org/hello_world}GreeterImplPort.http-destination">
+
+ <http:server RedirectURL="http://localhost:9006/Hurlon"/>
+ </http:destination>
+
+ <!-- We need a bean named "cxf", or SpringBusFactory barfs -->
+ <bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl"/>
+</beans>