Repository: cxf Updated Branches: refs/heads/master 27e80bbff -> d014f6ac2
Adding another @Ignore'd cross domain test Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/dae61118 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/dae61118 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/dae61118 Branch: refs/heads/master Commit: dae61118761f921691633ff61aaebae79601a8e9 Parents: 35b9209 Author: Colm O hEigeartaigh <[email protected]> Authored: Wed Jun 25 18:41:32 2014 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Wed Jun 25 18:41:32 2014 +0100 ---------------------------------------------------------------------- services/sts/systests/advanced/pom.xml | 6 + .../sts/cross_domain/CrossDomainTest.java | 86 ++++-- .../cxf/systest/sts/cross_domain/DoubleIt.wsdl | 88 +++++++ .../cxf/systest/sts/cross_domain/cxf-client.xml | 24 ++ .../systest/sts/cross_domain/cxf-service.xml | 10 + .../systest/sts/cross_domain/cxf-sts-saml1.xml | 4 +- .../systest/sts/cross_domain/cxf-sts-saml2.xml | 5 +- .../cxf/systest/sts/cross_domain/sts-b.wsdl | 259 +++++++++++++++++++ .../cxf/systest/sts/issuer/IssuerTest.java | 18 +- 9 files changed, 477 insertions(+), 23 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/dae61118/services/sts/systests/advanced/pom.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/pom.xml b/services/sts/systests/advanced/pom.xml index 987c748..e8710bb 100644 --- a/services/sts/systests/advanced/pom.xml +++ b/services/sts/systests/advanced/pom.xml @@ -74,6 +74,12 @@ </dependency> <dependency> <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-ws-mex</artifactId> + <version>${project.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.apache.cxf</groupId> <artifactId>cxf-testutils</artifactId> <version>${project.version}</version> <scope>test</scope> http://git-wip-us.apache.org/repos/asf/cxf/blob/dae61118/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/cross_domain/CrossDomainTest.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/cross_domain/CrossDomainTest.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/cross_domain/CrossDomainTest.java index 19d268e..9b169fa 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/cross_domain/CrossDomainTest.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/cross_domain/CrossDomainTest.java @@ -18,6 +18,8 @@ */ package org.apache.cxf.systest.sts.cross_domain; +import java.io.IOException; +import java.net.ServerSocket; import java.net.URL; import javax.xml.namespace.QName; @@ -27,16 +29,12 @@ import org.apache.cxf.Bus; import org.apache.cxf.bus.spring.SpringBusFactory; import org.apache.cxf.systest.sts.common.SecurityTestUtil; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; - import org.example.contract.doubleit.DoubleItPortType; import org.junit.BeforeClass; /** - * In this test, a CXF client checks to see that the location defined on its STSClient is different - * from that configured in the Issuer of the IssuedToken policy supplied in the WSDL of the - * service provider. It obtains a SAML Token from the configured STS first, and then sends it in - * the security header to the second STS. The returned token is then sent to the service provider. - * This illustrates cross-domain SSO: https://issues.apache.org/jira/browse/CXF-3520 + * Some tests that illustrate how CXF clients can get tokens from different STS instances for + * service invocations. */ public class CrossDomainTest extends AbstractBusClientServerTestBase { @@ -48,6 +46,9 @@ public class CrossDomainTest extends AbstractBusClientServerTestBase { private static final String PORT = allocatePort(Server.class); + // These tests require port numbers in the WSDLs and so we can't easily do variable substitution + private static boolean portFree = true; + @BeforeClass public static void startServers() throws Exception { assertTrue( @@ -56,18 +57,30 @@ public class CrossDomainTest extends AbstractBusClientServerTestBase { // set this to false to fork launchServer(Server.class, true) ); - assertTrue( - "Server failed to launch", - // run the server in the same process - // set this to false to fork - launchServer(STSServer.class, true) - ); - assertTrue( - "Server failed to launch", - // run the server in the same process - // set this to false to fork - launchServer(STSServer2.class, true) - ); + try { + ServerSocket sock = new ServerSocket(30101); + sock.close(); + + assertTrue( + "Server failed to launch", + // run the server in the same process + // set this to false to fork + launchServer(STSServer.class, true) + ); + + sock = new ServerSocket(30102); + sock.close(); + + assertTrue( + "Server failed to launch", + // run the server in the same process + // set this to false to fork + launchServer(STSServer2.class, true) + ); + } catch (IOException ex) { + portFree = false; + // portFree is set to false + the test won't run + } } @org.junit.AfterClass @@ -76,6 +89,11 @@ public class CrossDomainTest extends AbstractBusClientServerTestBase { stopAllServers(); } + // In this test, a CXF client checks to see that the location defined on its STSClient is different + // from that configured in the Issuer of the IssuedToken policy supplied in the WSDL of the + // service provider. It obtains a SAML Token from the configured STS first, and then sends it in + // the security header to the second STS. The returned token is then sent to the service provider. + // This illustrates cross-domain SSO: https://issues.apache.org/jira/browse/CXF-3520 @org.junit.Test @org.junit.Ignore public void testCrossDomain() throws Exception { @@ -100,7 +118,39 @@ public class CrossDomainTest extends AbstractBusClientServerTestBase { bus.shutdown(true); } + // The Service references STS "b". The WSDL of STS "b" has an IssuedToken that references STS "a". + // So the client gets the WSDL of "b" via WS-MEX, which in turn has an IssuedToken policy. + // The client has a configured STSClient for this + uses it to get a token from "a", and in + // turn to use the returned token to get a token from "b", to access the service. + @org.junit.Test + @org.junit.Ignore + public void testCrossDomainMEX() throws Exception { + + if (!portFree) { + return; + } + + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = CrossDomainTest.class.getResource("cxf-client.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + URL wsdl = CrossDomainTest.class.getResource("DoubleIt.wsdl"); + Service service = Service.create(wsdl, SERVICE_QNAME); + QName portQName = new QName(NAMESPACE, "DoubleItCrossDomainMEXPort"); + DoubleItPortType transportPort = + service.getPort(portQName, DoubleItPortType.class); + updateAddressPort(transportPort, PORT); + // Transport port + doubleIt(transportPort, 25); + + ((java.io.Closeable)transportPort).close(); + bus.shutdown(true); + } + private static void doubleIt(DoubleItPortType port, int numToDouble) { int resp = port.doubleIt(numToDouble); assertEquals(numToDouble * 2 , resp); http://git-wip-us.apache.org/repos/asf/cxf/blob/dae61118/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/DoubleIt.wsdl ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/DoubleIt.wsdl b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/DoubleIt.wsdl index 9572d09..f6630f1 100644 --- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/DoubleIt.wsdl +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/DoubleIt.wsdl @@ -34,10 +34,28 @@ </wsdl:output> </wsdl:operation> </wsdl:binding> + <wsdl:binding name="DoubleItTransportMEXBinding" type="tns:DoubleItPortType"> + <wsp:PolicyReference URI="#DoubleItBindingTransportMEXPolicy"/> + <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> + <wsdl:operation name="DoubleIt"> + <soap:operation soapAction=""/> + <wsdl:input> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/> + </wsdl:input> + <wsdl:output> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/> + </wsdl:output> + </wsdl:operation> + </wsdl:binding> <wsdl:service name="DoubleItService"> <wsdl:port name="DoubleItCrossDomainPort" binding="tns:DoubleItTransportBinding"> <soap:address location="https://localhost:8081/doubleit/services/doubleitcrossdomain"/> </wsdl:port> + <wsdl:port name="DoubleItCrossDomainMEXPort" binding="tns:DoubleItTransportMEXBinding"> + <soap:address location="https://localhost:8081/doubleit/services/doubleitcrossdomainmex"/> + </wsdl:port> </wsdl:service> <wsp:Policy wsu:Id="DoubleItBindingTransportPolicy"> <wsp:ExactlyOne> @@ -101,6 +119,76 @@ </wsp:All> </wsp:ExactlyOne> </wsp:Policy> + <wsp:Policy wsu:Id="DoubleItBindingTransportMEXPolicy"> + <wsp:ExactlyOne> + <wsp:All> + <wsam:Addressing wsp:Optional="false"> + <wsp:Policy/> + </wsam:Addressing> + <sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> + <wsp:Policy> + <sp:TransportToken> + <wsp:Policy> + <sp:HttpsToken> + <wsp:Policy/> + </sp:HttpsToken> + </wsp:Policy> + </sp:TransportToken> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:TripleDes/> + </wsp:Policy> + </sp:AlgorithmSuite> + <sp:Layout> + <wsp:Policy> + <sp:Lax/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + </wsp:Policy> + </sp:TransportBinding> + <sp:SupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> + <wsp:Policy> + <sp:IssuedToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";> + <sp:RequestSecurityTokenTemplate> + <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType> + <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</t:KeyType> + </sp:RequestSecurityTokenTemplate> + <wsp:Policy> + <sp:RequireInternalReference/> + </wsp:Policy> + <sp:Issuer> + <wsaw:Address>https://localhost:30102/SecurityTokenService/b</wsaw:Address> + <wsaw:Metadata> + <wsx:Metadata> + <wsx:MetadataSection> + <wsx:MetadataReference> + <wsaw:Address>https://localhost:30102/SecurityTokenService/b/mex</wsaw:Address> + </wsx:MetadataReference> + </wsx:MetadataSection> + </wsx:Metadata> + </wsaw:Metadata> + </sp:Issuer> + </sp:IssuedToken> + </wsp:Policy> + </sp:SupportingTokens> + <sp:Wss11> + <wsp:Policy> + <sp:MustSupportRefIssuerSerial/> + <sp:MustSupportRefThumbprint/> + <sp:MustSupportRefEncryptedKey/> + </wsp:Policy> + </sp:Wss11> + <sp:Trust13> + <wsp:Policy> + <sp:MustSupportIssuedTokens/> + <sp:RequireClientEntropy/> + <sp:RequireServerEntropy/> + </wsp:Policy> + </sp:Trust13> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> <wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Input_Policy"> <wsp:ExactlyOne> <wsp:All> http://git-wip-us.apache.org/repos/asf/cxf/blob/dae61118/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/cxf-client.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/cxf-client.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/cxf-client.xml index 33601de..f854682 100644 --- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/cxf-client.xml +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/cxf-client.xml @@ -45,6 +45,30 @@ </entry> </jaxws:properties> </jaxws:client> + + <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItCrossDomainMEXPort"; createdFromAPI="true"> + <jaxws:properties> + <entry key="ws-security.sts.client"> + <bean class="org.apache.cxf.ws.security.trust.STSClient"> + <constructor-arg ref="cxf"/> + <property name="wsdlLocation" value="https://localhost:30101/SecurityTokenService/a?wsdl"/> + <property name="serviceName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"/> + <property name="endpointName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port"/> + <property name="properties"> + <map> + <entry key="ws-security.username" value="alice"/> + <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/> + <entry key="ws-security.sts.token.username" value="myclientkey"/> + <entry key="ws-security.sts.token.properties" value="clientKeystore.properties"/> + <entry key="ws-security.sts.token.usecert" value="true"/> + </map> + </property> + <property name="enableAppliesTo" value="false"/> + </bean> + </entry> + </jaxws:properties> + </jaxws:client> + <http:conduit name="https://localhost:.*";> <http:tlsClientParameters disableCNCheck="true"> <sec:keyManagers keyPassword="ckpass"> http://git-wip-us.apache.org/repos/asf/cxf/blob/dae61118/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/cxf-service.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/cxf-service.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/cxf-service.xml index 575ae00..45c653f 100644 --- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/cxf-service.xml +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/cxf-service.xml @@ -28,6 +28,16 @@ <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/> </jaxws:properties> </jaxws:endpoint> + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt"; id="doubleitcrossdomainmex" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItCrossDomainMEXPort" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.Server}/doubleit/services/doubleitcrossdomainmex"; wsdlLocation="org/apache/cxf/systest/sts/cross_domain/DoubleIt.wsdl"> + <jaxws:properties> + <entry key="ws-security.saml2.validator"> + <bean class="org.apache.cxf.systest.sts.cross_domain.CrossDomainValidator"/> + </entry> + <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/> + <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/> + </jaxws:properties> + </jaxws:endpoint> + <httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf"> <httpj:engine port="${testutil.ports.Server}"> <httpj:tlsServerParameters> http://git-wip-us.apache.org/repos/asf/cxf/blob/dae61118/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/cxf-sts-saml1.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/cxf-sts-saml1.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/cxf-sts-saml1.xml index 9c8fa0b..ee431cb 100644 --- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/cxf-sts-saml1.xml +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/cxf-sts-saml1.xml @@ -62,13 +62,13 @@ <property name="callbackHandlerClass" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/> <property name="issuer" value="a-issuer"/> </bean> - <jaxws:endpoint xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; id="DefaultSTS" implementor="#transportSTSProviderBean" address="https://localhost:${testutil.ports.STSServer.2}/SecurityTokenService/a"; wsdlLocation="src/test/resources/org/apache/cxf/systest/sts/deployment/ws-trust-1.4-service.wsdl" depends-on="ClientAuthHttpsSettings" serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Port"> + <jaxws:endpoint xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; id="DefaultSTS" implementor="#transportSTSProviderBean" address="https://localhost:30101/SecurityTokenService/a"; wsdlLocation="src/test/resources/org/apache/cxf/systest/sts/deployment/ws-trust-1.4-service.wsdl" depends-on="ClientAuthHttpsSettings" serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Port"> <jaxws:properties> <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/> </jaxws:properties> </jaxws:endpoint> <httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf"> - <httpj:engine port="${testutil.ports.STSServer.2}"> + <httpj:engine port="30101"> <httpj:tlsServerParameters> <sec:trustManagers> <sec:keyStore type="jks" password="stsspass" resource="stsstore.jks"/> http://git-wip-us.apache.org/repos/asf/cxf/blob/dae61118/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/cxf-sts-saml2.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/cxf-sts-saml2.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/cxf-sts-saml2.xml index ac3f810..87156b7 100644 --- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/cxf-sts-saml2.xml +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/cxf-sts-saml2.xml @@ -61,13 +61,14 @@ <property name="callbackHandlerClass" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/> <property name="issuer" value="b-issuer"/> </bean> - <jaxws:endpoint xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; id="BSTS" implementor="#transportSTSProviderBean" address="https://localhost:${testutil.ports.STSServer}/SecurityTokenService/b"; wsdlLocation="src/test/resources/org/apache/cxf/systest/sts/deployment/ws-trust-1.4-service.wsdl" depends-on="ClientAuthHttpsSettings" serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Port"> + <jaxws:endpoint xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; id="BSTS" implementor="#transportSTSProviderBean" address="https://localhost:30102/SecurityTokenService/b"; wsdlLocation="src/test/resources/org/apache/cxf/systest/sts/cross_domain/sts-b.wsdl" depends-on="ClientAuthHttpsSettings" serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_STSB_Port"> <jaxws:properties> <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/> + <entry key="ws-security.signature.properties" value="stsKeystore.properties"/> </jaxws:properties> </jaxws:endpoint> <httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf"> - <httpj:engine port="${testutil.ports.STSServer}"> + <httpj:engine port="30102"> <httpj:tlsServerParameters> <sec:trustManagers> <sec:keyStore type="jks" password="stsspass" resource="stsstore.jks"/> http://git-wip-us.apache.org/repos/asf/cxf/blob/dae61118/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/sts-b.wsdl ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/sts-b.wsdl b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/sts-b.wsdl new file mode 100644 index 0000000..d0b59f1 --- /dev/null +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/cross_domain/sts-b.wsdl @@ -0,0 +1,259 @@ +<?xml version="1.0" encoding="UTF-8"?> +<wsdl:definitions xmlns:tns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; xmlns:wstrust="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"; xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"; xmlns:wsap10="http://www.w3.org/2006/05/addressing/wsdl"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wsp="http://www.w3.org/ns/ws-policy"; xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/"; xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"; xmlns:xs="http://www.w3.org/2001/XMLSchema"; xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"; xmlns:wsaw="http://www.w3.org/2005/08/addressing"; xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"; targetNamespace="http://docs.oasis-open.org/ws-sx/ws-trust/200512/";> + <wsdl:types> + <xs:schema elementFormDefault="qualified" targetNamespace="http://docs.oasis-open.org/ws-sx/ws-trust/200512";> + <xs:element name="RequestSecurityToken" type="wst:AbstractRequestSecurityTokenType"/> + <xs:element name="RequestSecurityTokenResponse" type="wst:AbstractRequestSecurityTokenType"/> + <xs:complexType name="AbstractRequestSecurityTokenType"> + <xs:sequence> + <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + <xs:attribute name="Context" type="xs:anyURI" use="optional"/> + <xs:anyAttribute namespace="##other" processContents="lax"/> + </xs:complexType> + <xs:element name="RequestSecurityTokenCollection" type="wst:RequestSecurityTokenCollectionType"/> + <xs:complexType name="RequestSecurityTokenCollectionType"> + <xs:sequence> + <xs:element name="RequestSecurityToken" type="wst:AbstractRequestSecurityTokenType" minOccurs="2" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + <xs:element name="RequestSecurityTokenResponseCollection" type="wst:RequestSecurityTokenResponseCollectionType"/> + <xs:complexType name="RequestSecurityTokenResponseCollectionType"> + <xs:sequence> + <xs:element ref="wst:RequestSecurityTokenResponse" minOccurs="1" maxOccurs="unbounded"/> + </xs:sequence> + <xs:anyAttribute namespace="##other" processContents="lax"/> + </xs:complexType> + </xs:schema> + </wsdl:types> + <!-- WS-Trust defines the following GEDs --> + <wsdl:message name="RequestSecurityTokenMsg"> + <wsdl:part name="request" element="wst:RequestSecurityToken"/> + </wsdl:message> + <wsdl:message name="RequestSecurityTokenResponseMsg"> + <wsdl:part name="response" element="wst:RequestSecurityTokenResponse"/> + </wsdl:message> + <wsdl:message name="RequestSecurityTokenCollectionMsg"> + <wsdl:part name="requestCollection" element="wst:RequestSecurityTokenCollection"/> + </wsdl:message> + <wsdl:message name="RequestSecurityTokenResponseCollectionMsg"> + <wsdl:part name="responseCollection" element="wst:RequestSecurityTokenResponseCollection"/> + </wsdl:message> + <!-- This portType an example of a Requestor (or other) endpoint that + Accepts SOAP-based challenges from a Security Token Service --> + <wsdl:portType name="WSSecurityRequestor"> + <wsdl:operation name="Challenge"> + <wsdl:input message="tns:RequestSecurityTokenResponseMsg"/> + <wsdl:output message="tns:RequestSecurityTokenResponseMsg"/> + </wsdl:operation> + </wsdl:portType> + <!-- This portType is an example of an STS supporting full protocol --> + <wsdl:portType name="STS"> + <wsdl:operation name="Cancel"> + <wsdl:input wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel"; message="tns:RequestSecurityTokenMsg"/> + <wsdl:output wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/CancelFinal"; message="tns:RequestSecurityTokenResponseMsg"/> + </wsdl:operation> + <wsdl:operation name="Issue"> + <wsdl:input wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"; message="tns:RequestSecurityTokenMsg"/> + <wsdl:output wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal"; message="tns:RequestSecurityTokenResponseCollectionMsg"/> + </wsdl:operation> + <wsdl:operation name="Renew"> + <wsdl:input wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew"; message="tns:RequestSecurityTokenMsg"/> + <wsdl:output wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/RenewFinal"; message="tns:RequestSecurityTokenResponseMsg"/> + </wsdl:operation> + <wsdl:operation name="Validate"> + <wsdl:input wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate"; message="tns:RequestSecurityTokenMsg"/> + <wsdl:output wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/ValidateFinal"; message="tns:RequestSecurityTokenResponseMsg"/> + </wsdl:operation> + <wsdl:operation name="KeyExchangeToken"> + <wsdl:input wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KET"; message="tns:RequestSecurityTokenMsg"/> + <wsdl:output wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/KETFinal"; message="tns:RequestSecurityTokenResponseMsg"/> + </wsdl:operation> + <wsdl:operation name="RequestCollection"> + <wsdl:input message="tns:RequestSecurityTokenCollectionMsg"/> + <wsdl:output message="tns:RequestSecurityTokenResponseCollectionMsg"/> + </wsdl:operation> + </wsdl:portType> + <!-- This portType is an example of an endpoint that accepts + Unsolicited RequestSecurityTokenResponse messages --> + <wsdl:portType name="SecurityTokenResponseService"> + <wsdl:operation name="RequestSecurityTokenResponse"> + <wsdl:input message="tns:RequestSecurityTokenResponseMsg"/> + </wsdl:operation> + </wsdl:portType> + <wsdl:binding name="Transport_Binding" type="wstrust:STS"> + <wsp:PolicyReference URI="#Transport_policy"/> + <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> + <wsdl:operation name="Issue"> + <soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"/> + <wsdl:input> + <wsp:PolicyReference URI="#Input_policy"/> + <soap:body use="literal"/> + </wsdl:input> + <wsdl:output> + <wsp:PolicyReference URI="#Output_policy"/> + <soap:body use="literal"/> + </wsdl:output> + </wsdl:operation> + <wsdl:operation name="Validate"> + <soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate"/> + <wsdl:input> + <wsp:PolicyReference URI="#Input_policy"/> + <soap:body use="literal"/> + </wsdl:input> + <wsdl:output> + <wsp:PolicyReference URI="#Output_policy"/> + <soap:body use="literal"/> + </wsdl:output> + </wsdl:operation> + <wsdl:operation name="Cancel"> + <soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel"/> + <wsdl:input> + <soap:body use="literal"/> + </wsdl:input> + <wsdl:output> + <soap:body use="literal"/> + </wsdl:output> + </wsdl:operation> + <wsdl:operation name="Renew"> + <soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew"/> + <wsdl:input> + <soap:body use="literal"/> + </wsdl:input> + <wsdl:output> + <soap:body use="literal"/> + </wsdl:output> + </wsdl:operation> + <wsdl:operation name="KeyExchangeToken"> + <soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken"/> + <wsdl:input> + <soap:body use="literal"/> + </wsdl:input> + <wsdl:output> + <soap:body use="literal"/> + </wsdl:output> + </wsdl:operation> + <wsdl:operation name="RequestCollection"> + <soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection"/> + <wsdl:input> + <soap:body use="literal"/> + </wsdl:input> + <wsdl:output> + <soap:body use="literal"/> + </wsdl:output> + </wsdl:operation> + </wsdl:binding> + <wsdl:service name="SecurityTokenService"> + <wsdl:port name="Transport_STSB_Port" binding="tns:Transport_Binding"> + <soap:address location="https://localhost:8084/SecurityTokenService/Transport"/> + </wsdl:port> + </wsdl:service> + <wsp:Policy wsu:Id="Transport_policy"> + <wsp:ExactlyOne> + <wsp:All> + <wsap10:UsingAddressing/> + <sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> + <wsp:Policy> + <sp:TransportToken> + <wsp:Policy> + <sp:HttpsToken> + <wsp:Policy /> + </sp:HttpsToken> + </wsp:Policy> + </sp:TransportToken> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:TripleDes/> + </wsp:Policy> + </sp:AlgorithmSuite> + <sp:Layout> + <wsp:Policy> + <sp:Lax/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + </wsp:Policy> + </sp:TransportBinding> + <sp:SupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> + <wsp:Policy> + <sp:IssuedToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"; + xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512";> + <sp:RequestSecurityTokenTemplate> + <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType> + <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</t:KeyType> + </sp:RequestSecurityTokenTemplate> + <wsp:Policy> + <sp:RequireInternalReference/> + </wsp:Policy> + <!--<sp:Issuer> + <wsaw:Address>https://localhost:30101/SecurityTokenService/a</wsaw:Address> + <wsaw:Metadata> + <wsx:Metadata> + <wsx:MetadataSection> + <wsx:MetadataReference> + <wsaw:Address>https://localhost:30101/SecurityTokenService/a/mex</wsaw:Address> + </wsx:MetadataReference> + </wsx:MetadataSection> + </wsx:Metadata> + </wsaw:Metadata> + </sp:Issuer>--> + </sp:IssuedToken> + </wsp:Policy> + </sp:SupportingTokens> + <sp:Wss11 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> + <wsp:Policy> + <sp:MustSupportRefKeyIdentifier/> + <sp:MustSupportRefIssuerSerial/> + <sp:MustSupportRefThumbprint/> + <sp:MustSupportRefEncryptedKey/> + </wsp:Policy> + </sp:Wss11> + <sp:Trust13 xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> + <wsp:Policy> + <sp:MustSupportIssuedTokens/> + <sp:RequireClientEntropy/> + <sp:RequireServerEntropy/> + </wsp:Policy> + </sp:Trust13> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> + <wsp:Policy wsu:Id="Input_policy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:SignedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> + <sp:Body/> + <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/> + <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/> + <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/> + <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/> + <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/> + <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/> + <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/> + </sp:SignedParts> + <sp:EncryptedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> + <sp:Body/> + </sp:EncryptedParts> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> + <wsp:Policy wsu:Id="Output_policy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:SignedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> + <sp:Body/> + <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/> + <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/> + <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/> + <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/> + <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/> + <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/> + <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/> + </sp:SignedParts> + <sp:EncryptedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> + <sp:Body/> + </sp:EncryptedParts> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> +</wsdl:definitions> http://git-wip-us.apache.org/repos/asf/cxf/blob/dae61118/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issuer/IssuerTest.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issuer/IssuerTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issuer/IssuerTest.java index b633f19..48c51cc 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issuer/IssuerTest.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issuer/IssuerTest.java @@ -42,6 +42,9 @@ public class IssuerTest extends AbstractBusClientServerTestBase { private static final String PORT = allocatePort(Server.class); + // These tests require port numbers in the WSDLs and so we can't easily do variable substitution + private static boolean portFree = true; + @BeforeClass public static void startServers() throws Exception { assertTrue( @@ -62,7 +65,8 @@ public class IssuerTest extends AbstractBusClientServerTestBase { launchServer(STSServer.class, true) ); } catch (IOException ex) { - // standalone is set to false + the test won't run + portFree = false; + // portFree is set to false + the test won't run } } @@ -78,6 +82,10 @@ public class IssuerTest extends AbstractBusClientServerTestBase { @org.junit.Test public void testSAML1Issuer() throws Exception { + if (!portFree) { + return; + } + SpringBusFactory bf = new SpringBusFactory(); URL busFile = IssuerTest.class.getResource("cxf-client.xml"); @@ -102,6 +110,10 @@ public class IssuerTest extends AbstractBusClientServerTestBase { @org.junit.Test public void testSAML2MEX() throws Exception { + if (!portFree) { + return; + } + SpringBusFactory bf = new SpringBusFactory(); URL busFile = IssuerTest.class.getResource("cxf-client.xml"); @@ -126,6 +138,10 @@ public class IssuerTest extends AbstractBusClientServerTestBase { @org.junit.Test public void testSAML2MEXSoap12() throws Exception { + if (!portFree) { + return; + } + SpringBusFactory bf = new SpringBusFactory(); URL busFile = IssuerTest.class.getResource("cxf-client.xml");
