You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by pp...@apache.org on 2022/11/28 08:02:17 UTC
[camel-quarkus] 03/06: Add WS-Trust test for CXF SOAP
This is an automated email from the ASF dual-hosted git repository.
ppalaga pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-quarkus.git
commit b1917613ac043a08b51d991b3016b0a87c700e99
Author: Peter Palaga <pp...@redhat.com>
AuthorDate: Thu Oct 27 11:28:45 2022 +0200
Add WS-Trust test for CXF SOAP
---
.../cxf-soap/cxf-soap-ws-trust/pom.xml | 135 +++++++++
.../ws/trust/common/PasswordCallbackHandler.java | 52 ++++
.../it/ws/trust/server/ServerCallbackHandler.java | 30 ++
.../soap/it/ws/trust/server/TrustHelloService.java | 34 +++
.../it/ws/trust/server/WsTrustServerRoutes.java | 70 +++++
.../cxf/soap/it/ws/trust/sts/SampleSTS.java | 86 ++++++
.../soap/it/ws/trust/sts/StsCallbackHandler.java | 32 +++
.../src/main/resources/AsymmetricSAML2Policy.xml | 102 +++++++
.../src/main/resources/Input_Policy.xml | 48 ++++
.../src/main/resources/Output_Policy.xml | 48 ++++
.../src/main/resources/TrustHelloService.wsdl | 182 +++++++++++++
.../main/resources/TrustHelloService_schema1.xsd | 36 +++
.../src/main/resources/application.properties | 25 ++
.../src/main/resources/serviceKeystore.properties | 40 +++
.../src/main/resources/servicestore.jks | Bin 0 -> 3475 bytes
.../src/main/resources/stsKeystore.properties | 39 +++
.../src/main/resources/stsstore.jks | Bin 0 -> 5570 bytes
.../src/main/resources/ws-trust-1.4-service.wsdl | 303 +++++++++++++++++++++
.../soap/it/ws/trust/ClientCallbackHandler.java | 50 ++++
.../cxf/soap/it/ws/trust/CxfWsTrustIT.java | 24 ++
.../cxf/soap/it/ws/trust/CxfWsTrustTest.java | 167 ++++++++++++
.../src/test/resources/clientKeystore.properties | 40 +++
.../src/test/resources/clientstore.jks | Bin 0 -> 5571 bytes
integration-test-groups/cxf-soap/pom.xml | 1 +
integration-tests/cxf-soap-grouped/pom.xml | 232 ++++++++++++++++
25 files changed, 1776 insertions(+)
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/pom.xml b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/pom.xml
new file mode 100644
index 0000000000..bd2e3516dc
--- /dev/null
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/pom.xml
@@ -0,0 +1,135 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache.camel.quarkus</groupId>
+ <artifactId>camel-quarkus-build-parent-it</artifactId>
+ <version>2.14.0-SNAPSHOT</version>
+ <relativePath>../../../poms/build-parent-it/pom.xml</relativePath>
+ </parent>
+
+ <artifactId>camel-quarkus-integration-test-cxf-soap-ws-trust</artifactId>
+ <name>Camel Quarkus :: Integration Tests :: CXF SOAP WS-Trust</name>
+ <description>Integration tests for Camel Quarkus CXF extension acting as SOAP server having WS-Security enabled</description>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.camel.quarkus</groupId>
+ <artifactId>camel-quarkus-cxf-soap</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>io.quarkiverse.cxf</groupId>
+ <artifactId>quarkus-cxf-services-sts</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>io.quarkiverse.cxf</groupId>
+ <artifactId>quarkus-cxf-rt-features-logging</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>io.quarkus</groupId>
+ <artifactId>quarkus-junit5</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>io.rest-assured</groupId>
+ <artifactId>rest-assured</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>io.quarkiverse.cxf</groupId>
+ <artifactId>quarkus-cxf-test-util</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.assertj</groupId>
+ <artifactId>assertj-core</artifactId>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+
+ <profiles>
+ <profile>
+ <id>native</id>
+ <activation>
+ <property>
+ <name>native</name>
+ </property>
+ </activation>
+ <properties>
+ <quarkus.package.type>native</quarkus.package.type>
+ </properties>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-failsafe-plugin</artifactId>
+ <executions>
+ <execution>
+ <goals>
+ <goal>integration-test</goal>
+ <goal>verify</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+ <profile>
+ <id>virtualDependencies</id>
+ <activation>
+ <property>
+ <name>!noVirtualDependencies</name>
+ </property>
+ </activation>
+ <dependencies>
+ <!-- The following dependencies guarantee that this module is built after them. You can update them by running `mvn process-resources -Pformat -N` from the source tree root directory -->
+ <dependency>
+ <groupId>org.apache.camel.quarkus</groupId>
+ <artifactId>camel-quarkus-cxf-soap-deployment</artifactId>
+ <version>${project.version}</version>
+ <type>pom</type>
+ <scope>test</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>*</groupId>
+ <artifactId>*</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ </dependencies>
+ </profile>
+ <profile>
+ <id>skip-testcontainers-tests</id>
+ <activation>
+ <property>
+ <name>skip-testcontainers-tests</name>
+ </property>
+ </activation>
+ <properties>
+ <skipTests>true</skipTests>
+ </properties>
+ </profile>
+ </profiles>
+
+</project>
\ No newline at end of file
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/common/PasswordCallbackHandler.java b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/common/PasswordCallbackHandler.java
new file mode 100644
index 0000000000..a4c894137f
--- /dev/null
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/common/PasswordCallbackHandler.java
@@ -0,0 +1,52 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.quarkus.component.cxf.soap.it.ws.trust.common;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+
+public class PasswordCallbackHandler implements CallbackHandler {
+
+ private Map<String, String> passwords = new HashMap<String, String>();
+
+ public PasswordCallbackHandler(Map<String, String> initMap) {
+ passwords.putAll(initMap);
+ }
+
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ final Callback c = callbacks[i];
+ if (c != null && c instanceof WSPasswordCallback) {
+ final WSPasswordCallback pc = (WSPasswordCallback) c;
+
+ String pass = passwords.get(pc.getIdentifier());
+ if (pass != null) {
+ pc.setPassword(pass);
+ return;
+ }
+ }
+ }
+ }
+
+}
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/ServerCallbackHandler.java b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/ServerCallbackHandler.java
new file mode 100644
index 0000000000..9579a3e249
--- /dev/null
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/ServerCallbackHandler.java
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.quarkus.component.cxf.soap.it.ws.trust.server;
+
+import java.util.Map;
+
+import io.quarkus.runtime.annotations.RegisterForReflection;
+import org.apache.camel.quarkus.component.cxf.soap.it.ws.trust.common.PasswordCallbackHandler;
+
+@RegisterForReflection
+public class ServerCallbackHandler extends PasswordCallbackHandler {
+
+ public ServerCallbackHandler() {
+ super(Map.of("myservicekey", "skpass"));
+ }
+}
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/TrustHelloService.java b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/TrustHelloService.java
new file mode 100644
index 0000000000..0fe5bdff84
--- /dev/null
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/TrustHelloService.java
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.quarkus.component.cxf.soap.it.ws.trust.server;
+
+import javax.jws.WebMethod;
+import javax.jws.WebService;
+
+import org.apache.cxf.annotations.Policies;
+import org.apache.cxf.annotations.Policy;
+
+@WebService(targetNamespace = "https://quarkiverse.github.io/quarkiverse-docs/quarkus-cxf/test/ws-trust")
+@Policy(placement = Policy.Placement.BINDING, uri = "classpath:/AsymmetricSAML2Policy.xml")
+public interface TrustHelloService {
+ @WebMethod
+ @Policies({
+ @Policy(placement = Policy.Placement.BINDING_OPERATION_INPUT, uri = "classpath:/Input_Policy.xml"),
+ @Policy(placement = Policy.Placement.BINDING_OPERATION_OUTPUT, uri = "classpath:/Output_Policy.xml")
+ })
+ String sayHello();
+}
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/WsTrustServerRoutes.java b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/WsTrustServerRoutes.java
new file mode 100644
index 0000000000..4176f7a384
--- /dev/null
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/WsTrustServerRoutes.java
@@ -0,0 +1,70 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.quarkus.component.cxf.soap.it.ws.trust.server;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.inject.Produces;
+import javax.inject.Named;
+import javax.xml.namespace.QName;
+
+import org.apache.camel.builder.RouteBuilder;
+import org.apache.camel.component.cxf.jaxws.CxfEndpoint;
+import org.apache.cxf.ext.logging.LoggingFeature;
+
+@ApplicationScoped
+public class WsTrustServerRoutes extends RouteBuilder {
+
+ @Override
+ public void configure() {
+
+ from("cxf:bean:wsTrustHelloService?dataFormat=POJO")
+ .setBody().constant("WS-Trust Hello World!");
+
+ }
+
+ @Produces
+ @ApplicationScoped
+ @Named
+ CxfEndpoint wsTrustHelloService() {
+ final CxfEndpoint result = new CxfEndpoint();
+ result.setServiceClass(TrustHelloService.class);
+ result.setAddress("/jaxws-samples-wsse-policy-trust");
+ result.setPortName("TrustHelloServicePort");
+ result.setServiceNameAsQName(
+ new QName("https://quarkiverse.github.io/quarkiverse-docs/quarkus-cxf/test/ws-trust", "TrustHelloService"));
+ result.setWsdlURL("TrustHelloService.wsdl");
+
+ final LoggingFeature lf = new LoggingFeature();
+ lf.setPrettyLogging(true);
+ result.getFeatures().add(lf);
+
+ Map<String, Object> props = new HashMap<>();
+
+ props.put("ws-security.signature.username", "myservicekey");
+ props.put("ws-security.signature.properties", "serviceKeystore.properties");
+ props.put("ws-security.encryption.properties", "serviceKeystore.properties");
+ props.put("ws-security.callback-handler",
+ "org.apache.camel.quarkus.component.cxf.soap.it.ws.trust.server.ServerCallbackHandler");
+ result.setProperties(props);
+
+ return result;
+ }
+
+}
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/sts/SampleSTS.java b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/sts/SampleSTS.java
new file mode 100644
index 0000000000..0ad041d4eb
--- /dev/null
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/sts/SampleSTS.java
@@ -0,0 +1,86 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.quarkus.component.cxf.soap.it.ws.trust.sts;
+
+import java.util.Arrays;
+import java.util.LinkedList;
+import java.util.List;
+
+import javax.xml.ws.WebServiceProvider;
+
+import io.quarkus.runtime.LaunchMode;
+import org.apache.cxf.annotations.EndpointProperties;
+import org.apache.cxf.annotations.EndpointProperty;
+import org.apache.cxf.sts.StaticSTSProperties;
+import org.apache.cxf.sts.operation.TokenIssueOperation;
+import org.apache.cxf.sts.operation.TokenValidateOperation;
+import org.apache.cxf.sts.service.ServiceMBean;
+import org.apache.cxf.sts.service.StaticService;
+import org.apache.cxf.sts.token.delegation.UsernameTokenDelegationHandler;
+import org.apache.cxf.sts.token.provider.SAMLTokenProvider;
+import org.apache.cxf.sts.token.validator.SAMLTokenValidator;
+import org.apache.cxf.sts.token.validator.UsernameTokenValidator;
+import org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider;
+import org.eclipse.microprofile.config.Config;
+import org.eclipse.microprofile.config.ConfigProvider;
+
+@WebServiceProvider(serviceName = "SecurityTokenService", portName = "UT_Port", targetNamespace = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/", wsdlLocation = "ws-trust-1.4-service.wsdl")
+@EndpointProperties(value = {
+ @EndpointProperty(key = "ws-security.signature.username", value = "mystskey"),
+ @EndpointProperty(key = "ws-security.signature.properties", value = "stsKeystore.properties"),
+ @EndpointProperty(key = "ws-security.callback-handler", value = "org.apache.camel.quarkus.component.cxf.soap.it.ws.trust.sts.StsCallbackHandler"),
+ @EndpointProperty(key = "ws-security.validate.token", value = "false")
+})
+public class SampleSTS extends SecurityTokenServiceProvider {
+
+ public SampleSTS() throws Exception {
+ super();
+
+ StaticSTSProperties props = new StaticSTSProperties();
+ props.setSignatureCryptoProperties("stsKeystore.properties");
+ props.setSignatureUsername("mystskey");
+ props.setCallbackHandlerClass(StsCallbackHandler.class.getName());
+ props.setIssuer("DoubleItSTSIssuer");
+
+ List<ServiceMBean> services = new LinkedList<ServiceMBean>();
+ StaticService service = new StaticService();
+ final Config config = ConfigProvider.getConfig();
+ final int port = LaunchMode.current().equals(LaunchMode.TEST) ? config.getValue("quarkus.http.test-port", Integer.class)
+ : config.getValue("quarkus.http.port", Integer.class);
+ service.setEndpoints(Arrays.asList(
+ "http://localhost:" + port + "/soapservice/jaxws-samples-wsse-policy-trust/TrustHelloService",
+ "http://localhost:" + port + "/soapservice/jaxws-samples-wsse-policy-trust-actas/ActAsService",
+ "http://localhost:" + port + "/soapservice/jaxws-samples-wsse-policy-trust-onbehalfof/OnBehalfOfService"));
+ services.add(service);
+
+ TokenIssueOperation issueOperation = new TokenIssueOperation();
+ issueOperation.setServices(services);
+ issueOperation.getTokenProviders().add(new SAMLTokenProvider());
+ // required for OnBehalfOf
+ issueOperation.getTokenValidators().add(new UsernameTokenValidator());
+ // added for OnBehalfOf and ActAs
+ issueOperation.getDelegationHandlers().add(new UsernameTokenDelegationHandler());
+ issueOperation.setStsProperties(props);
+
+ TokenValidateOperation validateOperation = new TokenValidateOperation();
+ validateOperation.getTokenValidators().add(new SAMLTokenValidator());
+ validateOperation.setStsProperties(props);
+
+ this.setIssueOperation(issueOperation);
+ this.setValidateOperation(validateOperation);
+ }
+}
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/sts/StsCallbackHandler.java b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/sts/StsCallbackHandler.java
new file mode 100644
index 0000000000..68e4b2e874
--- /dev/null
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/sts/StsCallbackHandler.java
@@ -0,0 +1,32 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.quarkus.component.cxf.soap.it.ws.trust.sts;
+
+import java.util.Map;
+
+import io.quarkus.runtime.annotations.RegisterForReflection;
+import org.apache.camel.quarkus.component.cxf.soap.it.ws.trust.common.PasswordCallbackHandler;
+
+@RegisterForReflection(methods = false, fields = false)
+public class StsCallbackHandler extends PasswordCallbackHandler {
+
+ public StsCallbackHandler() {
+ super(Map.of(
+ "mystskey", "stskpass",
+ "alice", "clarinet"));
+ }
+}
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/AsymmetricSAML2Policy.xml b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/AsymmetricSAML2Policy.xml
new file mode 100644
index 0000000000..a0aff7d559
--- /dev/null
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/AsymmetricSAML2Policy.xml
@@ -0,0 +1,102 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+-->
+<wsp:Policy wsu:Id="AsymmetricSAML2Policy"
+ xmlns:tns="https://quarkiverse.github.io/quarkiverse-docs/quarkus-cxf/test/ws-trust"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+ xmlns="http://schemas.xmlsoap.org/wsdl/"
+ xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsaws="http://www.w3.org/2005/08/addressing"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
+ xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <wsam:Addressing wsp:Optional="false">
+ <wsp:Policy />
+ </wsam:Addressing>
+ <sp:AsymmetricBinding>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:IssuedToken
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <sp:RequestSecurityTokenTemplate>
+ <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType>
+ <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</t:KeyType>
+ </sp:RequestSecurityTokenTemplate>
+ <wsp:Policy>
+ <sp:RequireInternalReference />
+ </wsp:Policy>
+ <sp:Issuer>
+ <wsaws:Address>http://localhost:8081/jaxws-samples-wsse-policy-trust-sts/SecurityTokenService</wsaws:Address>
+ <wsaws:Metadata xmlns:wsdli="http://www.w3.org/2006/01/wsdl-instance"
+ wsdli:wsdlLocation="http://localhost:8081/jaxws-samples-wsse-policy-trust-sts/SecurityTokenService?wsdl">
+ <wsaw:ServiceName xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
+ xmlns:stsns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ EndpointName="UT_Port">stsns:SecurityTokenService</wsaw:ServiceName>
+ </wsaws:Metadata>
+ </sp:Issuer>
+ </sp:IssuedToken>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10 />
+ <sp:RequireIssuerSerialReference />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ <sp:OnlySignEntireHeadersAndBody />
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefIssuerSerial />
+ <sp:MustSupportRefThumbprint />
+ <sp:MustSupportRefEncryptedKey />
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust13>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens />
+ <sp:RequireClientEntropy />
+ <sp:RequireServerEntropy />
+ </wsp:Policy>
+ </sp:Trust13>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/Input_Policy.xml b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/Input_Policy.xml
new file mode 100644
index 0000000000..c968a184e0
--- /dev/null
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/Input_Policy.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+-->
+<wsp:Policy wsu:Id="Input_Policy"
+ xmlns:tns="https://quarkiverse.github.io/quarkiverse-docs/quarkus-cxf/test/ws-trust"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+ xmlns="http://schemas.xmlsoap.org/wsdl/"
+ xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsaws="http://www.w3.org/2005/08/addressing"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
+ xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:EncryptedParts>
+ <sp:Body />
+ </sp:EncryptedParts>
+ <sp:SignedParts>
+ <sp:Body />
+ <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing" />
+ </sp:SignedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/Output_Policy.xml b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/Output_Policy.xml
new file mode 100644
index 0000000000..9b7ab0cfe8
--- /dev/null
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/Output_Policy.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+-->
+<wsp:Policy wsu:Id="Output_Policy"
+ xmlns:tns="https://quarkiverse.github.io/quarkiverse-docs/quarkus-cxf/test/ws-trust"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+ xmlns="http://schemas.xmlsoap.org/wsdl/"
+ xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsaws="http://www.w3.org/2005/08/addressing"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
+ xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:EncryptedParts>
+ <sp:Body />
+ </sp:EncryptedParts>
+ <sp:SignedParts>
+ <sp:Body />
+ <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing" />
+ </sp:SignedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/TrustHelloService.wsdl b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/TrustHelloService.wsdl
new file mode 100644
index 0000000000..60651ab719
--- /dev/null
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/TrustHelloService.wsdl
@@ -0,0 +1,182 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+-->
+<definitions targetNamespace="https://quarkiverse.github.io/quarkiverse-docs/quarkus-cxf/test/ws-trust" name="TrustHelloService"
+ xmlns:tns="https://quarkiverse.github.io/quarkiverse-docs/quarkus-cxf/test/ws-trust"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+ xmlns="http://schemas.xmlsoap.org/wsdl/"
+ xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsaws="http://www.w3.org/2005/08/addressing"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
+ xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
+ <types>
+ <xsd:schema>
+ <xsd:import namespace="https://quarkiverse.github.io/quarkiverse-docs/quarkus-cxf/test/ws-trust" schemaLocation="TrustHelloService_schema1.xsd"/>
+ </xsd:schema>
+ </types>
+ <message name="sayHello">
+ <part name="parameters" element="tns:sayHello"/>
+ </message>
+ <message name="sayHelloResponse">
+ <part name="parameters" element="tns:sayHelloResponse"/>
+ </message>
+ <portType name="TrustHelloService">
+ <operation name="sayHello">
+ <input message="tns:sayHello"/>
+ <output message="tns:sayHelloResponse"/>
+ </operation>
+ </portType>
+ <binding name="TrustHelloServicePortBinding" type="tns:TrustHelloService">
+ <wsp:PolicyReference URI="#AsymmetricSAML2Policy" />
+ <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document"/>
+ <operation name="sayHello">
+ <soap:operation soapAction=""/>
+ <input>
+ <soap:body use="literal"/>
+ <wsp:PolicyReference URI="#Input_Policy" />
+ </input>
+ <output>
+ <soap:body use="literal"/>
+ <wsp:PolicyReference URI="#Output_Policy" />
+ </output>
+ </operation>
+ </binding>
+ <service name="TrustHelloService">
+ <port name="TrustHelloServicePort" binding="tns:TrustHelloServicePortBinding">
+ <soap:address location="http://@jboss.bind.address@:@add_int(port-offset.cxf-tests.jboss,8080)@/jaxws-samples-wsse-policy-trust/TrustHelloService"/>
+ </port>
+ </service>
+
+ <wsp:Policy wsu:Id="AsymmetricSAML2Policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <wsam:Addressing wsp:Optional="false">
+ <wsp:Policy />
+ </wsam:Addressing>
+ <sp:AsymmetricBinding>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:IssuedToken
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <sp:RequestSecurityTokenTemplate>
+ <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType>
+ <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</t:KeyType>
+ </sp:RequestSecurityTokenTemplate>
+ <wsp:Policy>
+ <sp:RequireInternalReference />
+ </wsp:Policy>
+ <sp:Issuer>
+ <wsaws:Address>http://localhost:8081/jaxws-samples-wsse-policy-trust-sts/SecurityTokenService</wsaws:Address>
+ <wsaws:Metadata xmlns:wsdli="http://www.w3.org/2006/01/wsdl-instance"
+ wsdli:wsdlLocation="http://localhost:8081/jaxws-samples-wsse-policy-trust-sts/SecurityTokenService?wsdl">
+ <wsaw:ServiceName xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
+ xmlns:stsns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ EndpointName="UT_Port">stsns:SecurityTokenService</wsaw:ServiceName>
+ </wsaws:Metadata>
+ </sp:Issuer>
+ </sp:IssuedToken>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10 />
+ <sp:RequireIssuerSerialReference />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ <sp:OnlySignEntireHeadersAndBody />
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefIssuerSerial />
+ <sp:MustSupportRefThumbprint />
+ <sp:MustSupportRefEncryptedKey />
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust13>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens />
+ <sp:RequireClientEntropy />
+ <sp:RequireServerEntropy />
+ </wsp:Policy>
+ </sp:Trust13>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <wsp:Policy wsu:Id="Input_Policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:EncryptedParts>
+ <sp:Body />
+ </sp:EncryptedParts>
+ <sp:SignedParts>
+ <sp:Body />
+ <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing" />
+ </sp:SignedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <wsp:Policy wsu:Id="Output_Policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:EncryptedParts>
+ <sp:Body />
+ </sp:EncryptedParts>
+ <sp:SignedParts>
+ <sp:Body />
+ <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing" />
+ </sp:SignedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</definitions>
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/TrustHelloService_schema1.xsd b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/TrustHelloService_schema1.xsd
new file mode 100644
index 0000000000..c4297b447f
--- /dev/null
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/TrustHelloService_schema1.xsd
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+-->
+<xs:schema version="1.0" targetNamespace="https://quarkiverse.github.io/quarkiverse-docs/quarkus-cxf/test/ws-trust" xmlns:tns="https://quarkiverse.github.io/quarkiverse-docs/quarkus-cxf/test/ws-trust" xmlns:xs="http://www.w3.org/2001/XMLSchema">
+
+ <xs:element name="sayHello" type="tns:sayHello"/>
+
+ <xs:element name="sayHelloResponse" type="tns:sayHelloResponse"/>
+
+ <xs:complexType name="sayHello">
+ <xs:sequence/>
+ </xs:complexType>
+
+ <xs:complexType name="sayHelloResponse">
+ <xs:sequence>
+ <xs:element name="return" type="xs:string" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+</xs:schema>
+
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/application.properties b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/application.properties
new file mode 100644
index 0000000000..2652146673
--- /dev/null
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/application.properties
@@ -0,0 +1,25 @@
+## ---------------------------------------------------------------------------
+## Licensed to the Apache Software Foundation (ASF) under one or more
+## contributor license agreements. See the NOTICE file distributed with
+## this work for additional information regarding copyright ownership.
+## The ASF licenses this file to You under the Apache License, Version 2.0
+## (the "License"); you may not use this file except in compliance with
+## the License. You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+## ---------------------------------------------------------------------------
+quarkus.cxf.path=/soapservice
+
+quarkus.cxf.endpoint."/jaxws-samples-wsse-policy-trust-sts".implementor=org.apache.camel.quarkus.component.cxf.soap.it.ws.trust.sts.SampleSTS
+quarkus.cxf.endpoint."/jaxws-samples-wsse-policy-trust-sts".features=org.apache.cxf.ext.logging.LoggingFeature
+
+#quarkus.cxf.endpoint."/jaxws-samples-wsse-policy-trust".implementor=org.apache.camel.quarkus.component.cxf.soap.it.ws.trust.server.TrustHelloServiceImpl
+#quarkus.cxf.endpoint."/jaxws-samples-wsse-policy-trust".features=org.apache.cxf.ext.logging.LoggingFeature
+
+quarkus.native.resources.includes=*.properties,*.jks,*.wsdl,*.xml
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/serviceKeystore.properties b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/serviceKeystore.properties
new file mode 100644
index 0000000000..58141f4679
--- /dev/null
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/serviceKeystore.properties
@@ -0,0 +1,40 @@
+## ---------------------------------------------------------------------------
+## Licensed to the Apache Software Foundation (ASF) under one or more
+## contributor license agreements. See the NOTICE file distributed with
+## this work for additional information regarding copyright ownership.
+## The ASF licenses this file to You under the Apache License, Version 2.0
+## (the "License"); you may not use this file except in compliance with
+## the License. You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+## ---------------------------------------------------------------------------
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=sspass
+org.apache.ws.security.crypto.merlin.keystore.alias=myservicekey
+org.apache.ws.security.crypto.merlin.keystore.file=servicestore.jks
+
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/servicestore.jks b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/servicestore.jks
new file mode 100644
index 0000000000..999ee824c3
Binary files /dev/null and b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/servicestore.jks differ
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsKeystore.properties b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsKeystore.properties
new file mode 100644
index 0000000000..c67a29ed4c
--- /dev/null
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsKeystore.properties
@@ -0,0 +1,39 @@
+## ---------------------------------------------------------------------------
+## Licensed to the Apache Software Foundation (ASF) under one or more
+## contributor license agreements. See the NOTICE file distributed with
+## this work for additional information regarding copyright ownership.
+## The ASF licenses this file to You under the Apache License, Version 2.0
+## (the "License"); you may not use this file except in compliance with
+## the License. You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+## ---------------------------------------------------------------------------
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=stsspass
+org.apache.ws.security.crypto.merlin.keystore.file=stsstore.jks
+
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsstore.jks b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsstore.jks
new file mode 100644
index 0000000000..4ba33e40ef
Binary files /dev/null and b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsstore.jks differ
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/ws-trust-1.4-service.wsdl b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/ws-trust-1.4-service.wsdl
new file mode 100644
index 0000000000..76bc7b8ea2
--- /dev/null
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/ws-trust-1.4-service.wsdl
@@ -0,0 +1,303 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+-->
+<wsdl:definitions targetNamespace="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" xmlns:tns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" xmlns:wstrust="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsap10="http://www.w3.org/2006/05/addressing/wsdl" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://www.w3.org/ [...]
+
+ <wsdl:types>
+ <xs:schema elementFormDefault="qualified" targetNamespace="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
+
+ <xs:element name="RequestSecurityToken" type="wst:AbstractRequestSecurityTokenType" />
+ <xs:element name="RequestSecurityTokenResponse" type="wst:AbstractRequestSecurityTokenType" />
+
+ <xs:complexType name="AbstractRequestSecurityTokenType">
+ <xs:sequence>
+ <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded" />
+ </xs:sequence>
+ <xs:attribute name="Context" type="xs:anyURI" use="optional" />
+ <xs:anyAttribute namespace="##other" processContents="lax" />
+ </xs:complexType>
+ <xs:element name="RequestSecurityTokenCollection" type="wst:RequestSecurityTokenCollectionType" />
+ <xs:complexType name="RequestSecurityTokenCollectionType">
+ <xs:sequence>
+ <xs:element name="RequestSecurityToken" type="wst:AbstractRequestSecurityTokenType" minOccurs="2" maxOccurs="unbounded" />
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:element name="RequestSecurityTokenResponseCollection" type="wst:RequestSecurityTokenResponseCollectionType" />
+ <xs:complexType name="RequestSecurityTokenResponseCollectionType">
+ <xs:sequence>
+ <xs:element ref="wst:RequestSecurityTokenResponse" minOccurs="1" maxOccurs="unbounded" />
+ </xs:sequence>
+ <xs:anyAttribute namespace="##other" processContents="lax" />
+ </xs:complexType>
+
+ </xs:schema>
+ </wsdl:types>
+
+ <!-- WS-Trust defines the following GEDs -->
+ <wsdl:message name="RequestSecurityTokenMsg">
+ <wsdl:part name="request" element="wst:RequestSecurityToken" />
+ </wsdl:message>
+ <wsdl:message name="RequestSecurityTokenResponseMsg">
+ <wsdl:part name="response" element="wst:RequestSecurityTokenResponse" />
+ </wsdl:message>
+ <wsdl:message name="RequestSecurityTokenCollectionMsg">
+ <wsdl:part name="requestCollection" element="wst:RequestSecurityTokenCollection" />
+ </wsdl:message>
+ <wsdl:message name="RequestSecurityTokenResponseCollectionMsg">
+ <wsdl:part name="responseCollection" element="wst:RequestSecurityTokenResponseCollection" />
+ </wsdl:message>
+
+ <!-- This portType an example of a Requestor (or other) endpoint that
+ Accepts SOAP-based challenges from a Security Token Service -->
+ <wsdl:portType name="WSSecurityRequestor">
+ <wsdl:operation name="Challenge">
+ <wsdl:input message="tns:RequestSecurityTokenResponseMsg" />
+ <wsdl:output message="tns:RequestSecurityTokenResponseMsg" />
+ </wsdl:operation>
+ </wsdl:portType>
+
+ <!-- This portType is an example of an STS supporting full protocol -->
+ <wsdl:portType name="STS">
+ <wsdl:operation name="Cancel">
+ <wsdl:input wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel" message="tns:RequestSecurityTokenMsg" />
+ <wsdl:output wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/CancelFinal" message="tns:RequestSecurityTokenResponseMsg" />
+ </wsdl:operation>
+ <wsdl:operation name="Issue">
+ <wsdl:input wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" message="tns:RequestSecurityTokenMsg" />
+ <wsdl:output wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal" message="tns:RequestSecurityTokenResponseCollectionMsg" />
+ </wsdl:operation>
+ <wsdl:operation name="Renew">
+ <wsdl:input wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew" message="tns:RequestSecurityTokenMsg" />
+ <wsdl:output wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/RenewFinal" message="tns:RequestSecurityTokenResponseMsg" />
+ </wsdl:operation>
+ <wsdl:operation name="Validate">
+ <wsdl:input wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate" message="tns:RequestSecurityTokenMsg" />
+ <wsdl:output wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/ValidateFinal" message="tns:RequestSecurityTokenResponseMsg" />
+ </wsdl:operation>
+ <wsdl:operation name="KeyExchangeToken">
+ <wsdl:input wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KET" message="tns:RequestSecurityTokenMsg" />
+ <wsdl:output wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/KETFinal" message="tns:RequestSecurityTokenResponseMsg" />
+ </wsdl:operation>
+ <wsdl:operation name="RequestCollection">
+ <wsdl:input message="tns:RequestSecurityTokenCollectionMsg" />
+ <wsdl:output message="tns:RequestSecurityTokenResponseCollectionMsg" />
+ </wsdl:operation>
+ </wsdl:portType>
+
+ <!-- This portType is an example of an endpoint that accepts
+ Unsolicited RequestSecurityTokenResponse messages -->
+ <wsdl:portType name="SecurityTokenResponseService">
+ <wsdl:operation name="RequestSecurityTokenResponse">
+ <wsdl:input message="tns:RequestSecurityTokenResponseMsg" />
+ </wsdl:operation>
+ </wsdl:portType>
+
+ <wsdl:binding name="UT_Binding" type="wstrust:STS">
+ <wsp:PolicyReference URI="#UT_policy" />
+ <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http" />
+ <wsdl:operation name="Issue">
+ <soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" />
+ <wsdl:input>
+ <wsp:PolicyReference URI="#Input_policy" />
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <wsp:PolicyReference URI="#Output_policy" />
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Validate">
+ <soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate" />
+ <wsdl:input>
+ <wsp:PolicyReference URI="#Input_policy" />
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <wsp:PolicyReference URI="#Output_policy" />
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Cancel">
+ <soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Renew">
+ <soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="KeyExchangeToken">
+ <soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="RequestCollection">
+ <soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
+
+ <wsdl:service name="SecurityTokenService">
+ <wsdl:port name="UT_Port" binding="tns:UT_Binding">
+ <soap:address location="http://localhost:8081/jaxws-samples-wsse-policy-trust-sts/SecurityTokenService/UT" />
+ </wsdl:port>
+ </wsdl:service>
+
+ <wsp:Policy wsu:Id="UT_policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <wsap10:UsingAddressing />
+ <sp:SymmetricBinding
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys />
+ <sp:RequireThumbprintReference />
+ <sp:WssX509V3Token10 />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ <sp:EncryptSignature />
+ <sp:OnlySignEntireHeadersAndBody />
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SignedSupportingTokens
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:UsernameToken
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssUsernameToken10 />
+ </wsp:Policy>
+ </sp:UsernameToken>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:Wss11
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier />
+ <sp:MustSupportRefIssuerSerial />
+ <sp:MustSupportRefThumbprint />
+ <sp:MustSupportRefEncryptedKey />
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust13
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens />
+ <sp:RequireClientEntropy />
+ <sp:RequireServerEntropy />
+ </wsp:Policy>
+ </sp:Trust13>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+ <wsp:Policy wsu:Id="Input_policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SignedParts
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body />
+ <sp:Header Name="To"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="From"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="FaultTo"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="ReplyTo"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="MessageID"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="RelatesTo"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="Action"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ </sp:SignedParts>
+ <sp:EncryptedParts
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body />
+ </sp:EncryptedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <wsp:Policy wsu:Id="Output_policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SignedParts
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body />
+ <sp:Header Name="To"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="From"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="FaultTo"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="ReplyTo"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="MessageID"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="RelatesTo"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="Action"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ </sp:SignedParts>
+ <sp:EncryptedParts
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body />
+ </sp:EncryptedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</wsdl:definitions>
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/ClientCallbackHandler.java b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/ClientCallbackHandler.java
new file mode 100644
index 0000000000..6ede4fa0e2
--- /dev/null
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/ClientCallbackHandler.java
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.quarkus.component.cxf.soap.it.ws.trust;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+
+public class ClientCallbackHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ if (callbacks[i] instanceof WSPasswordCallback) {
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+ if ("myclientkey".equals(pc.getIdentifier())) {
+ pc.setPassword("ckpass");
+ break;
+ } else if ("alice".equals(pc.getIdentifier())) {
+ pc.setPassword("clarinet");
+ break;
+ } else if ("bob".equals(pc.getIdentifier())) {
+ pc.setPassword("trombone");
+ break;
+ } else if ("myservicekey".equals(pc.getIdentifier())) { // rls test added for bearer test
+ pc.setPassword("skpass");
+ break;
+ }
+ }
+ }
+ }
+}
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/CxfWsTrustIT.java b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/CxfWsTrustIT.java
new file mode 100644
index 0000000000..cf3b6cba8a
--- /dev/null
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/CxfWsTrustIT.java
@@ -0,0 +1,24 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.quarkus.component.cxf.soap.it.ws.trust;
+
+import io.quarkus.test.junit.QuarkusIntegrationTest;
+
+@QuarkusIntegrationTest
+public class CxfWsTrustIT extends CxfWsTrustTest {
+
+}
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/CxfWsTrustTest.java b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/CxfWsTrustTest.java
new file mode 100644
index 0000000000..0c1b496f66
--- /dev/null
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/CxfWsTrustTest.java
@@ -0,0 +1,167 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.quarkus.component.cxf.soap.it.ws.trust;
+
+import java.net.URL;
+import java.util.Map;
+
+import javax.xml.namespace.QName;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.Service;
+
+import io.quarkiverse.cxf.test.QuarkusCxfClientTestUtil;
+import io.quarkus.test.junit.QuarkusTest;
+import io.restassured.RestAssured;
+import io.restassured.config.RestAssuredConfig;
+import org.apache.camel.quarkus.component.cxf.soap.it.ws.trust.server.TrustHelloService;
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.trust.STSClient;
+import org.assertj.core.api.Assertions;
+import org.hamcrest.CoreMatchers;
+import org.hamcrest.Matchers;
+import org.junit.jupiter.api.Test;
+
+import static io.quarkiverse.cxf.test.QuarkusCxfClientTestUtil.anyNs;
+import static io.restassured.RestAssured.given;
+
+@QuarkusTest
+public class CxfWsTrustTest {
+
+ /**
+ * Make sure the ws-trust-1.4-service.wsdl file is served
+ */
+ @Test
+ void stsWsdl() {
+ RestAssuredConfig config = RestAssured.config();
+ config.getXmlConfig().namespaceAware(false);
+ given()
+ .config(config)
+ .when().get("/soapservice/jaxws-samples-wsse-policy-trust-sts?wsdl")
+ .then()
+ .statusCode(200)
+ .body(
+ Matchers.hasXPath(
+ anyNs("definitions", "Policy")
+ + "/@*[local-name() = 'Id']",
+ CoreMatchers.is("UT_policy")));
+ }
+
+ @Test
+ void wsdl() {
+ RestAssuredConfig config = RestAssured.config();
+ config.getXmlConfig().namespaceAware(false);
+ given()
+ .config(config)
+ .when().get("/soapservice/jaxws-samples-wsse-policy-trust?wsdl")
+ .then()
+ .statusCode(200)
+ .body(
+ Matchers.hasXPath(
+ anyNs("definitions", "Policy")
+ + "[1]/@*[local-name() = 'Id']",
+ CoreMatchers.is("AsymmetricSAML2Policy")),
+ Matchers.hasXPath(
+ anyNs("definitions", "Policy")
+ + "[2]/@*[local-name() = 'Id']",
+ CoreMatchers.is("Input_Policy")),
+ Matchers.hasXPath(
+ anyNs("definitions", "Policy")
+ + "[3]/@*[local-name() = 'Id']",
+ CoreMatchers.is("Output_Policy"))
+
+ );
+ }
+
+ @Test
+ public void programmaticSts() throws Exception {
+ Bus bus = BusFactory.newInstance().createBus();
+ try {
+ BusFactory.setThreadDefaultBus(bus);
+
+ final QName serviceName = new QName("https://quarkiverse.github.io/quarkiverse-docs/quarkus-cxf/test/ws-trust",
+ "TrustHelloService");
+ final URL wsdlURL = new URL(io.quarkiverse.cxf.test.QuarkusCxfClientTestUtil.getServerUrl()
+ + "/soapservice/jaxws-samples-wsse-policy-trust/TrustHelloService?wsdl");
+ Service service = Service.create(wsdlURL, serviceName);
+ TrustHelloService proxy = (TrustHelloService) service.getPort(TrustHelloService.class);
+
+ final QName stsServiceName = new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512/", "SecurityTokenService");
+ final QName stsPortName = new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512/", "UT_Port");
+
+ String stsURL = QuarkusCxfClientTestUtil.getServerUrl()
+ + "/soapservice/jaxws-samples-wsse-policy-trust-sts/SecurityTokenService?wsdl";
+ setupWsseAndSTSClient(proxy, bus, stsURL, stsServiceName, stsPortName);
+
+ Assertions.assertThat(proxy.sayHello()).isEqualTo("WS-Trust Hello World!");
+ } finally {
+ bus.shutdown(true);
+ }
+
+ }
+
+ public static void setupWsseAndSTSClient(TrustHelloService proxy, Bus bus, String stsWsdlLocation, QName stsService,
+ QName stsPort) {
+ Map<String, Object> ctx = ((BindingProvider) proxy).getRequestContext();
+ setServiceContextAttributes(ctx);
+ ctx.put(SecurityConstants.STS_CLIENT, createSTSClient(bus, stsWsdlLocation, stsService, stsPort));
+ }
+
+ private static void setServiceContextAttributes(Map<String, Object> ctx) {
+ ctx.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
+ ctx.put(SecurityConstants.SIGNATURE_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource("clientKeystore.properties"));
+ ctx.put(SecurityConstants.ENCRYPT_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource("clientKeystore.properties"));
+ ctx.put(SecurityConstants.SIGNATURE_USERNAME, "myclientkey");
+ ctx.put(SecurityConstants.ENCRYPT_USERNAME, "myservicekey");
+ }
+
+ /**
+ * Create and configure an STSClient for use by service TrustHelloServiceImpl.
+ *
+ * Whenever an "<sp:IssuedToken>" policy is configured on a WSDL port, as is the
+ * case for TrustHelloServiceImpl, a STSClient must be created and configured in
+ * order for the service to connect to the STS-server to obtain a token.
+ *
+ * @param bus
+ * @param stsWsdlLocation
+ * @param stsService
+ * @param stsPort
+ * @return
+ */
+ private static STSClient createSTSClient(Bus bus, String stsWsdlLocation, QName stsService, QName stsPort) {
+ STSClient stsClient = new STSClient(bus);
+ if (stsWsdlLocation != null) {
+ stsClient.setWsdlLocation(stsWsdlLocation);
+ stsClient.setServiceQName(stsService);
+ stsClient.setEndpointQName(stsPort);
+ }
+ Map<String, Object> props = stsClient.getProperties();
+ props.put(SecurityConstants.USERNAME, "alice");
+ props.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
+ props.put(SecurityConstants.ENCRYPT_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource("clientKeystore.properties"));
+ props.put(SecurityConstants.ENCRYPT_USERNAME, "mystskey");
+ props.put(SecurityConstants.STS_TOKEN_USERNAME, "myclientkey");
+ props.put(SecurityConstants.STS_TOKEN_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource("clientKeystore.properties"));
+ props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true");
+ return stsClient;
+ }
+}
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientKeystore.properties b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientKeystore.properties
new file mode 100644
index 0000000000..f864336040
--- /dev/null
+++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientKeystore.properties
@@ -0,0 +1,40 @@
+## ---------------------------------------------------------------------------
+## Licensed to the Apache Software Foundation (ASF) under one or more
+## contributor license agreements. See the NOTICE file distributed with
+## this work for additional information regarding copyright ownership.
+## The ASF licenses this file to You under the Apache License, Version 2.0
+## (the "License"); you may not use this file except in compliance with
+## the License. You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+## ---------------------------------------------------------------------------
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=cspass
+org.apache.ws.security.crypto.merlin.keystore.alias=myclientkey
+org.apache.ws.security.crypto.merlin.keystore.file=clientstore.jks
+
diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientstore.jks b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientstore.jks
new file mode 100644
index 0000000000..5c48cb437d
Binary files /dev/null and b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientstore.jks differ
diff --git a/integration-test-groups/cxf-soap/pom.xml b/integration-test-groups/cxf-soap/pom.xml
index 9d43128744..09d4858f97 100644
--- a/integration-test-groups/cxf-soap/pom.xml
+++ b/integration-test-groups/cxf-soap/pom.xml
@@ -43,6 +43,7 @@
<module>cxf-soap-server</module>
<module>cxf-soap-ws-security-client</module>
<module>cxf-soap-ws-security-server</module>
+ <module>cxf-soap-ws-trust</module>
</modules>
</project>
diff --git a/integration-tests/cxf-soap-grouped/pom.xml b/integration-tests/cxf-soap-grouped/pom.xml
index 26da0b0f36..41c16b359b 100644
--- a/integration-tests/cxf-soap-grouped/pom.xml
+++ b/integration-tests/cxf-soap-grouped/pom.xml
@@ -44,10 +44,18 @@
<groupId>org.apache.camel.quarkus</groupId>
<artifactId>camel-quarkus-cxf-soap</artifactId>
</dependency>
+ <dependency>
+ <groupId>io.quarkiverse.cxf</groupId>
+ <artifactId>quarkus-cxf-rt-features-logging</artifactId>
+ </dependency>
<dependency>
<groupId>io.quarkiverse.cxf</groupId>
<artifactId>quarkus-cxf-rt-ws-security</artifactId>
</dependency>
+ <dependency>
+ <groupId>io.quarkiverse.cxf</groupId>
+ <artifactId>quarkus-cxf-services-sts</artifactId>
+ </dependency>
<dependency>
<groupId>org.apache.cxf.xjc-utils</groupId>
<artifactId>cxf-xjc-runtime</artifactId>
@@ -106,6 +114,230 @@
<build>
<plugins>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>keytool-maven-plugin</artifactId>
+ <configuration>
+ <keypass>password</keypass>
+ <validity>365</validity>
+ <keyalg>RSA</keyalg>
+ <storepass>password</storepass>
+ </configuration>
+ <executions>
+ <execution>
+ <id>generate-cxfca-keypair</id>
+ <phase>generate-sources</phase>
+ <goals>
+ <goal>clean</goal>
+ <goal>generateKeyPair</goal>
+ </goals>
+ <configuration>
+ <alias>cxfca</alias>
+ <dname>CN=cxfca, OU=eng, O=apache.org</dname>
+ <exts>
+ <ext>bc:c=ca:true,pathlen:2147483647</ext>
+ <ext>IssuerAlternativeName=DNS:NOT-FOR-PRODUCTION-USE</ext>
+ </exts>
+ <keystore>${project.build.outputDirectory}/cxfca.jks</keystore>
+ </configuration>
+ </execution>
+ <execution>
+ <id>export-cxfca-certificate</id>
+ <phase>generate-sources</phase>
+ <goals>
+ <goal>exportCertificate</goal>
+ </goals>
+ <configuration>
+ <alias>cxfca</alias>
+ <keystore>${project.build.outputDirectory}/cxfca.jks</keystore>
+ <rfc>true</rfc>
+ <file>${project.build.outputDirectory}/cxfca.pem</file>
+ </configuration>
+ </execution>
+ <execution>
+ <id>generate-alice-keypair</id>
+ <phase>generate-sources</phase>
+ <goals>
+ <goal>clean</goal>
+ <goal>generateKeyPair</goal>
+ </goals>
+ <configuration>
+ <alias>alice</alias>
+ <dname>CN=alice, OU=eng, O=apache.org</dname>
+ <exts>
+ <ext>IssuerAlternativeName=DNS:NOT-FOR-PRODUCTION-USE</ext>
+ <ext>SubjectAlternativeName=DNS:localhost,IP:127.0.0.1</ext>
+ </exts>
+ <keystore>${project.build.outputDirectory}/alice.jks</keystore>
+ </configuration>
+ </execution>
+ <execution>
+ <id>generate-bob-keypair</id>
+ <phase>generate-sources</phase>
+ <goals>
+ <goal>clean</goal>
+ <goal>generateKeyPair</goal>
+ </goals>
+ <configuration>
+ <alias>bob</alias>
+ <dname>CN=bob, OU=eng, O=apache.org</dname>
+ <exts>
+ <ext>IssuerAlternativeName=DNS:NOT-FOR-PRODUCTION-USE</ext>
+ <ext>SubjectAlternativeName=DNS:localhost,IP:127.0.0.1</ext>
+ </exts>
+ <keystore>${project.build.outputDirectory}/bob.jks</keystore>
+ </configuration>
+ </execution>
+ <execution>
+ <id>generate-alice-certificate-request</id>
+ <phase>generate-sources</phase>
+ <goals>
+ <goal>generateCertificateRequest</goal>
+ </goals>
+ <configuration>
+ <alias>alice</alias>
+ <keystore>${project.build.outputDirectory}/alice.jks</keystore>
+ <file>${project.build.outputDirectory}/alice.csr</file>
+ </configuration>
+ </execution>
+ <execution>
+ <id>generate-alice-certificate</id>
+ <phase>generate-sources</phase>
+ <goals>
+ <goal>generateCertificate</goal>
+ </goals>
+ <configuration>
+ <alias>cxfca</alias>
+ <keystore>${project.build.outputDirectory}/cxfca.jks</keystore>
+ <rfc>true</rfc>
+ <infile>${project.build.outputDirectory}/alice.csr</infile>
+ <outfile>${project.build.outputDirectory}/alice.pem</outfile>
+ </configuration>
+ </execution>
+ <execution>
+ <id>generate-bob-certificate-request</id>
+ <phase>generate-sources</phase>
+ <goals>
+ <goal>generateCertificateRequest</goal>
+ </goals>
+ <configuration>
+ <alias>bob</alias>
+ <keystore>${project.build.outputDirectory}/bob.jks</keystore>
+ <file>${project.build.outputDirectory}/bob.csr</file>
+ </configuration>
+ </execution>
+ <execution>
+ <id>generate-bob-certificate</id>
+ <phase>generate-sources</phase>
+ <goals>
+ <goal>generateCertificate</goal>
+ </goals>
+ <configuration>
+ <alias>cxfca</alias>
+ <keystore>${project.build.outputDirectory}/cxfca.jks</keystore>
+ <rfc>true</rfc>
+ <infile>${project.build.outputDirectory}/bob.csr</infile>
+ <outfile>${project.build.outputDirectory}/bob.pem</outfile>
+ </configuration>
+ </execution>
+ <execution>
+ <id>import-cxfca-certificate-to-alice</id>
+ <phase>generate-sources</phase>
+ <goals>
+ <goal>importCertificate</goal>
+ </goals>
+ <configuration>
+ <alias>cxfca</alias>
+ <trustcacerts>true</trustcacerts>
+ <noprompt>true</noprompt>
+ <keystore>${project.build.outputDirectory}/alice.jks</keystore>
+ <file>${project.build.outputDirectory}/cxfca.pem</file>
+ </configuration>
+ </execution>
+ <execution>
+ <id>import-cxfca-certificate-to-bob</id>
+ <phase>generate-sources</phase>
+ <goals>
+ <goal>importCertificate</goal>
+ </goals>
+ <configuration>
+ <alias>cxfca</alias>
+ <trustcacerts>true</trustcacerts>
+ <noprompt>true</noprompt>
+ <keystore>${project.build.outputDirectory}/bob.jks</keystore>
+ <file>${project.build.outputDirectory}/cxfca.pem</file>
+ </configuration>
+ </execution>
+ <execution>
+ <id>import-alice-certificate</id>
+ <phase>generate-sources</phase>
+ <goals>
+ <goal>importCertificate</goal>
+ </goals>
+ <configuration>
+ <alias>alice</alias>
+ <trustcacerts>true</trustcacerts>
+ <noprompt>true</noprompt>
+ <keystore>${project.build.outputDirectory}/alice.jks</keystore>
+ <file>${project.build.outputDirectory}/alice.pem</file>
+ </configuration>
+ </execution>
+ <execution>
+ <id>import-bob-certificate</id>
+ <phase>generate-sources</phase>
+ <goals>
+ <goal>importCertificate</goal>
+ </goals>
+ <configuration>
+ <alias>bob</alias>
+ <trustcacerts>true</trustcacerts>
+ <noprompt>true</noprompt>
+ <keystore>${project.build.outputDirectory}/bob.jks</keystore>
+ <file>${project.build.outputDirectory}/bob.pem</file>
+ </configuration>
+ </execution>
+ <execution>
+ <id>import-bob-certificate-to-alice</id>
+ <phase>generate-sources</phase>
+ <goals>
+ <goal>importCertificate</goal>
+ </goals>
+ <configuration>
+ <alias>bob</alias>
+ <trustcacerts>true</trustcacerts>
+ <noprompt>true</noprompt>
+ <keystore>${project.build.outputDirectory}/alice.jks</keystore>
+ <file>${project.build.outputDirectory}/bob.pem</file>
+ </configuration>
+ </execution>
+ <execution>
+ <id>import-alice-certificate-to-bob</id>
+ <phase>generate-sources</phase>
+ <goals>
+ <goal>importCertificate</goal>
+ </goals>
+ <configuration>
+ <alias>alice</alias>
+ <trustcacerts>true</trustcacerts>
+ <noprompt>true</noprompt>
+ <keystore>${project.build.outputDirectory}/bob.jks</keystore>
+ <file>${project.build.outputDirectory}/alice.pem</file>
+ </configuration>
+ </execution>
+<!-- Uncomment execution block below for local testing -->
+<!-- <execution>-->
+<!-- <id>list</id>-->
+<!-- <phase>generate-sources</phase>-->
+<!-- <goals>-->
+<!-- <goal>list</goal>-->
+<!-- </goals>-->
+<!-- <configuration>-->
+<!-- <verbose>true</verbose>-->
+<!-- <keystore>${project.build.outputDirectory}/bob.jks</keystore>-->
+<!-- </configuration>-->
+<!-- </execution>-->
+ </executions>
+ </plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>build-helper-maven-plugin</artifactId>