Repository: cxf Updated Branches: refs/heads/3.0.x-fixes f9921ef62 -> 27d990856
Adding @Ignore'd SecureConversation test with Spnego Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/27d99085 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/27d99085 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/27d99085 Branch: refs/heads/3.0.x-fixes Commit: 27d990856e2c135a6037de850ad3171903202c3c Parents: f9921ef Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Mon Feb 2 11:42:50 2015 +0000 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Mon Feb 2 11:46:03 2015 +0000 ---------------------------------------------------------------------- .../kerberos/wssec/spnego/SpnegoTokenTest.java | 14 +++ .../kerberos/wssec/spnego/DoubleItSpnego.wsdl | 111 +++++++++++++++++++ .../systest/kerberos/wssec/spnego/client.xml | 7 ++ .../systest/kerberos/wssec/spnego/server.xml | 6 + 4 files changed, 138 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/27d99085/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/SpnegoTokenTest.java ---------------------------------------------------------------------- diff --git a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/SpnegoTokenTest.java b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/SpnegoTokenTest.java index 684006e..ff4e120 100644 --- a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/SpnegoTokenTest.java +++ b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/SpnegoTokenTest.java @@ -247,6 +247,20 @@ public class SpnegoTokenTest extends AbstractLdapTestUnit { // runKerberosTest(portName, true, STAX_PORT2); } + @org.junit.Test + @org.junit.Ignore + public void testSpnegoOverSymmetricSecureConversation() throws Exception { + if (!runTests || !unrestrictedPoliciesInstalled) { + return; + } + + String portName = "DoubleItSpnegoSymmetricSecureConversationPort"; + runKerberosTest(portName, false, PORT); + //runKerberosTest(portName, false, STAX_PORT); + //runKerberosTest(portName, true, PORT); + //runKerberosTest(portName, true, STAX_PORT); + } + private void runKerberosTest(String portName, boolean streaming, String portNumber) throws Exception { SpringBusFactory bf = new SpringBusFactory(); http://git-wip-us.apache.org/repos/asf/cxf/blob/27d99085/systests/kerberos/src/test/resources/org/apache/cxf/systest/kerberos/wssec/spnego/DoubleItSpnego.wsdl ---------------------------------------------------------------------- diff --git a/systests/kerberos/src/test/resources/org/apache/cxf/systest/kerberos/wssec/spnego/DoubleItSpnego.wsdl b/systests/kerberos/src/test/resources/org/apache/cxf/systest/kerberos/wssec/spnego/DoubleItSpnego.wsdl index c744437..a318642 100644 --- a/systests/kerberos/src/test/resources/org/apache/cxf/systest/kerberos/wssec/spnego/DoubleItSpnego.wsdl +++ b/systests/kerberos/src/test/resources/org/apache/cxf/systest/kerberos/wssec/spnego/DoubleItSpnego.wsdl @@ -109,6 +109,24 @@ </wsdl:fault> </wsdl:operation> </wsdl:binding> + <wsdl:binding name="DoubleItSpnegoSymmetricSecureConversationBinding" type="tns:DoubleItPortType"> + <wsp:PolicyReference URI="#DoubleItSpnegoSymmetricSecureConversationPolicy"/> + <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> + <wsdl:operation name="DoubleIt"> + <soap:operation soapAction=""/> + <wsdl:input> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/> + </wsdl:input> + <wsdl:output> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/> + </wsdl:output> + <wsdl:fault name="DoubleItFault"> + <soap:body use="literal" name="DoubleItFault"/> + </wsdl:fault> + </wsdl:operation> + </wsdl:binding> <wsdl:service name="DoubleItService"> <wsdl:port name="DoubleItSpnegoSymmetricPort" binding="tns:DoubleItSpnegoSymmetricProtectionBinding"> <soap:address location="http://localhost:9001/DoubleItSpnegoSymmetric"/> @@ -125,6 +143,9 @@ <wsdl:port name="DoubleItSpnegoTransportEndorsingPort" binding="tns:DoubleItSpnegoTransportEndorsingBinding"> <soap:address location="https://localhost:9001/DoubleItSpnegoTransportEndorsing"/> </wsdl:port> + <wsdl:port name="DoubleItSpnegoSymmetricSecureConversationPort" binding="tns:DoubleItSpnegoSymmetricSecureConversationBinding"> + <soap:address location="http://localhost:9001/DoubleItSpnegoSymmetricSecureConversation"/> + </wsdl:port> </wsdl:service> <wsp:Policy wsu:Id="DoubleItSpnegoSymmetricProtectionPolicy"> <wsp:ExactlyOne> @@ -365,6 +386,96 @@ </wsp:All> </wsp:ExactlyOne> </wsp:Policy> + <wsp:Policy wsu:Id="DoubleItSpnegoSymmetricSecureConversationPolicy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:SymmetricBinding> + <wsp:Policy> + <sp:ProtectionToken> + <wsp:Policy> + <sp:SecureConversationToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"> + <wsp:Policy> + <sp:RequireDerivedKeys /> + <sp:BootstrapPolicy> + <wsp:Policy> + <sp:SymmetricBinding> + <wsp:Policy> + <sp:ProtectionToken> + <wsp:Policy> + <sp:SpnegoContextToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"> + <wsp:Policy> + <sp:RequireDerivedKeys/> + </wsp:Policy> + </sp:SpnegoContextToken> + </wsp:Policy> + </sp:ProtectionToken> + <sp:Layout> + <wsp:Policy> + <sp:Lax/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + <sp:EncryptSignature/> + <sp:OnlySignEntireHeadersAndBody/> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:Basic128/> + </wsp:Policy> + </sp:AlgorithmSuite> + </wsp:Policy> + </sp:SymmetricBinding> + <sp:Wss11> + <wsp:Policy> + <sp:MustSupportRefIssuerSerial/> + <sp:MustSupportRefThumbprint/> + <sp:MustSupportRefEncryptedKey/> + </wsp:Policy> + </sp:Wss11> + <sp:Trust13> + <wsp:Policy> + <sp:MustSupportIssuedTokens /> + <sp:RequireClientEntropy /> + <sp:RequireServerEntropy /> + </wsp:Policy> + </sp:Trust13> + </wsp:Policy> + </sp:BootstrapPolicy> + </wsp:Policy> + </sp:SecureConversationToken> + </wsp:Policy> + </sp:ProtectionToken> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:Basic128 /> + </wsp:Policy> + </sp:AlgorithmSuite> + <sp:Layout> + <wsp:Policy> + <sp:Lax /> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp /> + <sp:EncryptSignature /> + <sp:OnlySignEntireHeadersAndBody /> + </wsp:Policy> + </sp:SymmetricBinding> + <sp:Wss11> + <wsp:Policy> + <sp:MustSupportRefIssuerSerial/> + <sp:MustSupportRefThumbprint/> + <sp:MustSupportRefEncryptedKey/> + </wsp:Policy> + </sp:Wss11> + <sp:Trust13> + <wsp:Policy> + <sp:MustSupportIssuedTokens /> + <sp:RequireClientEntropy /> + <sp:RequireServerEntropy /> + </wsp:Policy> + </sp:Trust13> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> <wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Input_Policy"> <wsp:ExactlyOne> <wsp:All> http://git-wip-us.apache.org/repos/asf/cxf/blob/27d99085/systests/kerberos/src/test/resources/org/apache/cxf/systest/kerberos/wssec/spnego/client.xml ---------------------------------------------------------------------- diff --git a/systests/kerberos/src/test/resources/org/apache/cxf/systest/kerberos/wssec/spnego/client.xml b/systests/kerberos/src/test/resources/org/apache/cxf/systest/kerberos/wssec/spnego/client.xml index 613b06a..136bd0a 100644 --- a/systests/kerberos/src/test/resources/org/apache/cxf/systest/kerberos/wssec/spnego/client.xml +++ b/systests/kerberos/src/test/resources/org/apache/cxf/systest/kerberos/wssec/spnego/client.xml @@ -64,6 +64,13 @@ <entry key="ws-security.callback-handler" value-ref="kerberosCallbackHandler"/> </jaxws:properties> </jaxws:client> + <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSpnegoSymmetricSecureConversationPort" createdFromAPI="true"> + <jaxws:properties> + <entry key="ws-security.kerberos.jaas.context" value="alice"/> + <entry key="ws-security.kerberos.spn" value="b...@service.ws.apache.org"/> + <entry key="ws-security.callback-handler" value-ref="kerberosCallbackHandler"/> + </jaxws:properties> + </jaxws:client> <http:conduit name="https://localhost.*"> <http:tlsClientParameters disableCNCheck="true"> http://git-wip-us.apache.org/repos/asf/cxf/blob/27d99085/systests/kerberos/src/test/resources/org/apache/cxf/systest/kerberos/wssec/spnego/server.xml ---------------------------------------------------------------------- diff --git a/systests/kerberos/src/test/resources/org/apache/cxf/systest/kerberos/wssec/spnego/server.xml b/systests/kerberos/src/test/resources/org/apache/cxf/systest/kerberos/wssec/spnego/server.xml index 911635c..8b575d8 100644 --- a/systests/kerberos/src/test/resources/org/apache/cxf/systest/kerberos/wssec/spnego/server.xml +++ b/systests/kerberos/src/test/resources/org/apache/cxf/systest/kerberos/wssec/spnego/server.xml @@ -77,4 +77,10 @@ <entry key="ws-security.callback-handler" value-ref="kerberosCallbackHandler"/> </jaxws:properties> </jaxws:endpoint> + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="SpnegoOverSymmetricSecureConversation" address="http://localhost:${testutil.ports.Server}/DoubleItSpnegoSymmetricSecureConversation" serviceName="s:DoubleItService" endpointName="s:DoubleItSpnegoSymmetricSecureConversationPort" implementor="org.apache.cxf.systest.kerberos.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/kerberos/wssec/spnego/DoubleItSpnego.wsdl"> + <jaxws:properties> + <entry key="ws-security.kerberos.jaas.context" value="bob"/> + <entry key="ws-security.callback-handler" value-ref="kerberosCallbackHandler"/> + </jaxws:properties> + </jaxws:endpoint> </beans>