Repository: cxf Updated Branches: refs/heads/master afa521931 -> eb746f58d
Adding a SecureConversation test for Kerberos Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/eb746f58 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/eb746f58 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/eb746f58 Branch: refs/heads/master Commit: eb746f58d608fff25049e76e922b2bf2730ff5cb Parents: afa5219 Author: Colm O hEigeartaigh <[email protected]> Authored: Wed Nov 5 14:49:01 2014 +0000 Committer: Colm O hEigeartaigh <[email protected]> Committed: Wed Nov 5 14:49:16 2014 +0000 ---------------------------------------------------------------------- .../systest/ws/kerberos/KerberosTokenTest.java | 37 +++++- .../systest/ws/kerberos/DoubleItKerberos.wsdl | 114 +++++++++++++++++++ .../apache/cxf/systest/ws/kerberos/client.xml | 13 +++ .../apache/cxf/systest/ws/kerberos/server.xml | 8 ++ 4 files changed, 171 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/eb746f58/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java index 29d112c..1d4c89e 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java @@ -100,7 +100,7 @@ public class KerberosTokenTest extends AbstractBusClientServerTestBase { SecurityTestUtil.cleanup(); stopAllServers(); } - + @org.junit.Test public void testKerberosOverTransport() throws Exception { @@ -552,4 +552,39 @@ public class KerberosTokenTest extends AbstractBusClientServerTestBase { bus.shutdown(true); } + + @org.junit.Test + public void testKerberosOverSymmetricSecureConversation() throws Exception { + + if (!unrestrictedPoliciesInstalled) { + return; + } + + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = KerberosTokenTest.class.getResource("client.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + URL wsdl = KerberosTokenTest.class.getResource("DoubleItKerberos.wsdl"); + Service service = Service.create(wsdl, SERVICE_QNAME); + QName portQName = new QName(NAMESPACE, "DoubleItKerberosSymmetricSecureConversationPort"); + DoubleItPortType kerberosPort = + service.getPort(portQName, DoubleItPortType.class); + + updateAddressPort(kerberosPort, test.getPort()); + + if (test.isStreaming()) { + SecurityTestUtil.enableStreaming(kerberosPort); + } + + // TODO Streaming + if (!test.isStreaming() && !STAX_PORT.equals(test.getPort())) { + kerberosPort.doubleIt(25); + } + + ((java.io.Closeable)kerberosPort).close(); + bus.shutdown(true); + } } http://git-wip-us.apache.org/repos/asf/cxf/blob/eb746f58/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/DoubleItKerberos.wsdl ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/DoubleItKerberos.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/DoubleItKerberos.wsdl index 86f24b5..cd858e4 100644 --- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/DoubleItKerberos.wsdl +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/DoubleItKerberos.wsdl @@ -251,6 +251,24 @@ </wsdl:fault> </wsdl:operation> </wsdl:binding> + <wsdl:binding name="DoubleItKerberosSymmetricSecureConversationBinding" type="tns:DoubleItPortType"> + <wsp:PolicyReference URI="#DoubleItKerberosSymmetricSecureConversationPolicy"/> + <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> + <wsdl:operation name="DoubleIt"> + <soap:operation soapAction=""/> + <wsdl:input> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/> + </wsdl:input> + <wsdl:output> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/> + </wsdl:output> + <wsdl:fault name="DoubleItFault"> + <soap:body use="literal" name="DoubleItFault"/> + </wsdl:fault> + </wsdl:operation> + </wsdl:binding> <wsdl:service name="DoubleItService"> <wsdl:port name="DoubleItKerberosTransportPort" binding="tns:DoubleItKerberosTransportBinding"> <soap:address location="https://localhost:9009/DoubleItKerberosTransport"/> @@ -294,6 +312,10 @@ <wsdl:port name="DoubleItKerberosSymmetricSignedEndorsingEncryptedPort" binding="tns:DoubleItKerberosSymmetricSignedEndorsingEncryptedBinding"> <soap:address location="http://localhost:9001/DoubleItKerberosSymmetricSignedEndorsingEncrypted"/> </wsdl:port> + <wsdl:port name="DoubleItKerberosSymmetricSecureConversationPort" + binding="tns:DoubleItKerberosSymmetricSecureConversationBinding"> + <soap:address location="http://localhost:9001/DoubleItKerberosSymmetricSecureConversation"/> + </wsdl:port> </wsdl:service> <wsp:Policy wsu:Id="DoubleItKerberosTransportPolicy"> <wsp:ExactlyOne> @@ -887,6 +909,98 @@ </wsp:All> </wsp:ExactlyOne> </wsp:Policy> + <wsp:Policy wsu:Id="DoubleItKerberosSymmetricSecureConversationPolicy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:SymmetricBinding> + <wsp:Policy> + <sp:ProtectionToken> + <wsp:Policy> + <sp:SecureConversationToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";> + <wsp:Policy> + <sp:RequireDerivedKeys/> + <sp:BootstrapPolicy> + <wsp:Policy> + <sp:SymmetricBinding> + <wsp:Policy> + <sp:ProtectionToken> + <wsp:Policy> + <sp:KerberosToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Once";> + <wsp:Policy> + <sp:RequireDerivedKeys/> + <sp:WssGssKerberosV5ApReqToken11/> + </wsp:Policy> + </sp:KerberosToken> + </wsp:Policy> + </sp:ProtectionToken> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:Basic128/> + </wsp:Policy> + </sp:AlgorithmSuite> + <sp:Layout> + <wsp:Policy> + <sp:Strict/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + <sp:EncryptSignature/> + <sp:OnlySignEntireHeadersAndBody/> + </wsp:Policy> + </sp:SymmetricBinding> + <sp:Trust13> + <wsp:Policy> + <sp:MustSupportIssuedTokens/> + <sp:RequireClientEntropy/> + <sp:RequireServerEntropy/> + </wsp:Policy> + </sp:Trust13> + <sp:Wss11> + <wsp:Policy> + <sp:MustSupportRefIssuerSerial/> + <sp:MustSupportRefThumbprint/> + <sp:MustSupportRefEncryptedKey/> + </wsp:Policy> + </sp:Wss11> + </wsp:Policy> + </sp:BootstrapPolicy> + </wsp:Policy> + </sp:SecureConversationToken> + </wsp:Policy> + </sp:ProtectionToken> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:Basic128/> + </wsp:Policy> + </sp:AlgorithmSuite> + <sp:Layout> + <wsp:Policy> + <sp:Strict/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + <sp:EncryptSignature/> + <sp:OnlySignEntireHeadersAndBody/> + </wsp:Policy> + </sp:SymmetricBinding> + <sp:Trust13> + <wsp:Policy> + <sp:MustSupportIssuedTokens/> + <sp:RequireClientEntropy/> + <sp:RequireServerEntropy/> + </wsp:Policy> + </sp:Trust13> + <sp:Wss11> + <wsp:Policy> + <sp:MustSupportRefIssuerSerial/> + <sp:MustSupportRefThumbprint/> + <sp:MustSupportRefEncryptedKey/> + </wsp:Policy> + </sp:Wss11> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> + <wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Input_Policy"> <wsp:ExactlyOne> <wsp:All> http://git-wip-us.apache.org/repos/asf/cxf/blob/eb746f58/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/client.xml ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/client.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/client.xml index 8d276c3..a9c77a8 100644 --- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/client.xml +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/client.xml @@ -221,4 +221,17 @@ </entry> </jaxws:properties> </jaxws:client> + <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItKerberosSymmetricSecureConversationPort"; createdFromAPI="true"> + <jaxws:properties> + <entry key="ws-security.encryption.properties" value="bob.properties"/> + <entry key="ws-security.encryption.username" value="bob"/> + <entry key="ws-security.kerberos.client"> + <bean class="org.apache.cxf.ws.security.kerberos.KerberosClient"> + <constructor-arg ref="cxf"/> + <property name="contextName" value="alice"/> + <property name="serviceName" value="[email protected]"/> + </bean> + </entry> + </jaxws:properties> + </jaxws:client> </beans> http://git-wip-us.apache.org/repos/asf/cxf/blob/eb746f58/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/server.xml ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/server.xml index d8a0250..381b5f2 100644 --- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/server.xml +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/server.xml @@ -162,4 +162,12 @@ <entry key="ws-security.bst.validator" value-ref="kerberosValidator"/> </jaxws:properties> </jaxws:endpoint> + + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt"; id="KerberosOverSymmetricSecureConversation" address="http://localhost:${testutil.ports.Server}/DoubleItKerberosSymmetricSecureConversation"; serviceName="s:DoubleItService" endpointName="s:DoubleItKerberosSymmetricSecureConversationPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/kerberos/DoubleItKerberos.wsdl"> + <jaxws:properties> + <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/> + <entry key="ws-security.signature.properties" value="bob.properties"/> + <entry key="ws-security.bst.validator" value-ref="kerberosValidator"/> + </jaxws:properties> + </jaxws:endpoint> </beans>
