Repository: cxf Updated Branches: refs/heads/2.7.x-fixes 837ed4c4a -> 9d402cbc9
[CXF-6327] - Adding @Ignore'd test Conflicts: services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/DoubleIt.wsdl services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-client.xml services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-service.xml services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-stax-service.xml Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/fcbb360b Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/fcbb360b Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/fcbb360b Branch: refs/heads/2.7.x-fixes Commit: fcbb360b0ac771128fd614825be986280892c2c7 Parents: 837ed4c Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Wed Apr 15 10:13:25 2015 +0100 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Wed Apr 15 10:16:46 2015 +0100 ---------------------------------------------------------------------- .../sts/transport/TransportBindingTest.java | 147 +++++++ .../cxf/systest/sts/transport/DoubleIt.wsdl | 406 +++++++++++++++++++ .../cxf/systest/sts/transport/cxf-client.xml | 55 +++ .../cxf/systest/sts/transport/cxf-service.xml | 50 +++ .../systest/sts/transport/cxf-stax-service.xml | 72 ++++ 5 files changed, 730 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/fcbb360b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java index bc9fb7e..8026dcb 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java @@ -227,6 +227,153 @@ public class TransportBindingTest extends AbstractBusClientServerTestBase { bus.shutdown(true); } +<<<<<<< HEAD +======= + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = TransportBindingTest.class.getResource("cxf-client.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + URL wsdl = TransportBindingTest.class.getResource("DoubleIt.wsdl"); + Service service = Service.create(wsdl, SERVICE_QNAME); + QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2Port"); + + Dispatch<DOMSource> dispatch = + service.createDispatch(portQName, DOMSource.class, Service.Mode.PAYLOAD); + updateAddressPort(dispatch, test.getPort()); + + // Setup STSClient + STSClient stsClient = createDispatchSTSClient(bus); + String wsdlLocation = "https://localhost:" + test.getStsPort() + "/SecurityTokenService/Transport?wsdl"; + stsClient.setWsdlLocation(wsdlLocation); + + // Creating a DOMSource Object for the request + DOMSource request = createDOMRequest(); + + // Make a successful request + Client client = ((DispatchImpl<DOMSource>) dispatch).getClient(); + client.getRequestContext().put("ws-security.username", "alice"); + client.getRequestContext().put("ws-security.sts.client", stsClient); + + if (test.isStreaming()) { + client.getRequestContext().put(SecurityConstants.ENABLE_STREAMING_SECURITY, "true"); + client.getResponseContext().put(SecurityConstants.ENABLE_STREAMING_SECURITY, "true"); + } + + DOMSource response = dispatch.invoke(request); + assertNotNull(response); + + bus.shutdown(true); + } + + @org.junit.Test + public void testSAML2DispatchLocation() throws Exception { + + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = TransportBindingTest.class.getResource("cxf-client.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + URL wsdl = TransportBindingTest.class.getResource("DoubleIt.wsdl"); + Service service = Service.create(wsdl, SERVICE_QNAME); + QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2Port"); + + Dispatch<DOMSource> dispatch = + service.createDispatch(portQName, DOMSource.class, Service.Mode.PAYLOAD); + updateAddressPort(dispatch, test.getPort()); + + // Setup STSClient + STSClient stsClient = createDispatchSTSClient(bus); + String location = "https://localhost:" + test.getStsPort() + "/SecurityTokenService/Transport"; + stsClient.setLocation(location); + stsClient.setPolicy("classpath:/org/apache/cxf/systest/sts/issuer/sts-transport-policy.xml"); + + // Creating a DOMSource Object for the request + DOMSource request = createDOMRequest(); + + // Make a successful request + Client client = ((DispatchImpl<DOMSource>) dispatch).getClient(); + client.getRequestContext().put("ws-security.username", "alice"); + client.getRequestContext().put("ws-security.sts.client", stsClient); + + if (test.isStreaming()) { + client.getRequestContext().put(SecurityConstants.ENABLE_STREAMING_SECURITY, "true"); + client.getResponseContext().put(SecurityConstants.ENABLE_STREAMING_SECURITY, "true"); + } + + DOMSource response = dispatch.invoke(request); + assertNotNull(response); + + bus.shutdown(true); + } + + // TODO Not supported for now + @org.junit.Test + @org.junit.Ignore + public void testSAML2EndorsingX509() throws Exception { + + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = TransportBindingTest.class.getResource("cxf-client.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + URL wsdl = TransportBindingTest.class.getResource("DoubleIt.wsdl"); + Service service = Service.create(wsdl, SERVICE_QNAME); + QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2X509EndorsingPort"); + DoubleItPortType transportSaml1Port = + service.getPort(portQName, DoubleItPortType.class); + updateAddressPort(transportSaml1Port, test.getPort()); + + TokenTestUtils.updateSTSPort((BindingProvider)transportSaml1Port, test.getStsPort()); + + if (test.isStreaming()) { + SecurityTestUtil.enableStreaming(transportSaml1Port); + } + + doubleIt(transportSaml1Port, 25); + + ((java.io.Closeable)transportSaml1Port).close(); + bus.shutdown(true); + } + + private DOMSource createDOMRequest() throws ParserConfigurationException { + // Creating a DOMSource Object for the request + DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); + DocumentBuilder db = dbf.newDocumentBuilder(); + Document requestDoc = db.newDocument(); + Element root = requestDoc.createElementNS("http://www.example.org/schema/DoubleIt", "ns2:DoubleIt"); + root.setAttributeNS(WSConstants.XMLNS_NS, "xmlns:ns2", "http://www.example.org/schema/DoubleIt"); + Element number = requestDoc.createElementNS(null, "numberToDouble"); + number.setTextContent("25"); + root.appendChild(number); + requestDoc.appendChild(root); + return new DOMSource(requestDoc); + } + + private STSClient createDispatchSTSClient(Bus bus) { + STSClient stsClient = new STSClient(bus); + stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"); + stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port"); + + Map<String, Object> properties = new HashMap<String, Object>(); + properties.put("ws-security.username", "alice"); + properties.put("ws-security.callback-handler", + "org.apache.cxf.systest.sts.common.CommonCallbackHandler"); + properties.put("ws-security.sts.token.username", "myclientkey"); + properties.put("ws-security.sts.token.properties", "clientKeystore.properties"); + properties.put("ws-security.sts.token.usecert", "true"); + stsClient.setProperties(properties); + + return stsClient; + } + +>>>>>>> 6a41413... [CXF-6327] - Adding @Ignore'd test private static void doubleIt(DoubleItPortType port, int numToDouble) { int resp = port.doubleIt(numToDouble); http://git-wip-us.apache.org/repos/asf/cxf/blob/fcbb360b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/DoubleIt.wsdl ---------------------------------------------------------------------- diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/DoubleIt.wsdl b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/DoubleIt.wsdl index f4342c1..bb84d91 100644 --- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/DoubleIt.wsdl +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/DoubleIt.wsdl @@ -16,6 +16,7 @@ specific language governing permissions and limitations under the License. --> +<<<<<<< HEAD <wsdl:definitions name="DoubleIt" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:di="http://www.example.org/schema/DoubleIt" @@ -363,4 +364,409 @@ </wsp:All> </wsp:ExactlyOne> </wsp:Policy> +======= +<wsdl:definitions xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:di="http://www.example.org/schema/DoubleIt" xmlns:tns="http://www.example.org/contract/DoubleIt" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsaw="http://www.w3.org/2005/08/addressing" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" name="DoubleIt" targetNamespace="http://www.example.org/contract/DoubleIt"> + <wsdl:import location="src/test/resources/DoubleItLogical.wsdl" namespace="http://www.example.org/contract/DoubleIt"/> + <wsdl:binding name="DoubleItTransportSAML1Binding" type="tns:DoubleItPortType"> + <wsp:PolicyReference URI="#DoubleItBindingTransportSAML1Policy"/> + <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> + <wsdl:operation name="DoubleIt"> + <soap:operation soapAction=""/> + <wsdl:input> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/> + </wsdl:input> + <wsdl:output> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/> + </wsdl:output> + </wsdl:operation> + </wsdl:binding> + <wsdl:binding name="DoubleItTransportSAML2Binding" type="tns:DoubleItPortType"> + <wsp:PolicyReference URI="#DoubleItBindingTransportSAML2Policy"/> + <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> + <wsdl:operation name="DoubleIt"> + <soap:operation soapAction=""/> + <wsdl:input> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/> + </wsdl:input> + <wsdl:output> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/> + </wsdl:output> + </wsdl:operation> + </wsdl:binding> + <wsdl:binding name="DoubleItTransportSAML1EndorsingBinding" type="tns:DoubleItPortType"> + <wsp:PolicyReference URI="#DoubleItBindingTransportSAML1EndorsingPolicy"/> + <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> + <wsdl:operation name="DoubleIt"> + <soap:operation soapAction=""/> + <wsdl:input> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/> + </wsdl:input> + <wsdl:output> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/> + </wsdl:output> + </wsdl:operation> + </wsdl:binding> + <wsdl:binding name="DoubleItTransportSAML2X509EndorsingBinding" type="tns:DoubleItPortType"> + <wsp:PolicyReference URI="#DoubleItBindingTransportSAML2X509EndorsingPolicy"/> + <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> + <wsdl:operation name="DoubleIt"> + <soap:operation soapAction=""/> + <wsdl:input> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/> + </wsdl:input> + <wsdl:output> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/> + </wsdl:output> + </wsdl:operation> + </wsdl:binding> + <wsdl:service name="DoubleItService"> + <wsdl:port name="DoubleItTransportSAML1Port" binding="tns:DoubleItTransportSAML1Binding"> + <soap:address location="https://localhost:8081/doubleit/services/doubleittransportsaml1"/> + </wsdl:port> + <wsdl:port name="DoubleItTransportSAML2Port" binding="tns:DoubleItTransportSAML2Binding"> + <soap:address location="https://localhost:8081/doubleit/services/doubleittransportsaml2"/> + </wsdl:port> + <wsdl:port name="DoubleItTransportSAML1EndorsingPort" binding="tns:DoubleItTransportSAML1EndorsingBinding"> + <soap:address location="https://localhost:8081/doubleit/services/doubleittransportsaml1endorsing"/> + </wsdl:port> + <wsdl:port name="DoubleItTransportSAML2X509EndorsingPort" + binding="tns:DoubleItTransportSAML2X509EndorsingBinding"> + <soap:address location="https://localhost:8081/doubleit/services/doubleittransportsaml2x509endorsing"/> + </wsdl:port> + </wsdl:service> + <wsp:Policy wsu:Id="DoubleItBindingTransportSAML1Policy"> + <wsp:ExactlyOne> + <wsp:All> + <wsam:Addressing wsp:Optional="false"> + <wsp:Policy/> + </wsam:Addressing> + <sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> + <wsp:Policy> + <sp:TransportToken> + <wsp:Policy> + <sp:IssuedToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"> + <sp:RequestSecurityTokenTemplate> + <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</t:TokenType> + <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</t:KeyType> + </sp:RequestSecurityTokenTemplate> + <wsp:Policy> + <sp:RequireInternalReference/> + </wsp:Policy> + <sp:Issuer> + <wsaw:Address>http://localhost:8080/STS/STSUT + </wsaw:Address> + <wsaw:Metadata> + <wsx:Metadata> + <wsx:MetadataSection> + <wsx:MetadataReference> + <wsaw:Address>http://localhost:8080/SecurityTokenService/UT/mex + </wsaw:Address> + </wsx:MetadataReference> + </wsx:MetadataSection> + </wsx:Metadata> + </wsaw:Metadata> + </sp:Issuer> + </sp:IssuedToken> + </wsp:Policy> + </sp:TransportToken> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:TripleDes/> + </wsp:Policy> + </sp:AlgorithmSuite> + <sp:Layout> + <wsp:Policy> + <sp:Lax/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + </wsp:Policy> + </sp:TransportBinding> + <sp:Wss11> + <wsp:Policy> + <sp:MustSupportRefIssuerSerial/> + <sp:MustSupportRefThumbprint/> + <sp:MustSupportRefEncryptedKey/> + </wsp:Policy> + </sp:Wss11> + <sp:Trust13> + <wsp:Policy> + <sp:MustSupportIssuedTokens/> + <sp:RequireClientEntropy/> + <sp:RequireServerEntropy/> + </wsp:Policy> + </sp:Trust13> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> + <wsp:Policy wsu:Id="DoubleItBindingTransportSAML2Policy"> + <wsp:ExactlyOne> + <wsp:All> + <wsam:Addressing wsp:Optional="false"> + <wsp:Policy/> + </wsam:Addressing> + <sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> + <wsp:Policy> + <sp:TransportToken> + <wsp:Policy> + <sp:IssuedToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"> + <sp:RequestSecurityTokenTemplate> + <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType> + <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</t:KeyType> + </sp:RequestSecurityTokenTemplate> + <wsp:Policy> + <sp:RequireInternalReference/> + </wsp:Policy> + <sp:Issuer> + <wsaw:Address>http://localhost:8080/SecurityTokenService/UT + </wsaw:Address> + <wsaw:Metadata> + <wsx:Metadata> + <wsx:MetadataSection> + <wsx:MetadataReference> + <wsaw:Address>http://localhost:8080/SecurityTokenService/UT/mex + </wsaw:Address> + </wsx:MetadataReference> + </wsx:MetadataSection> + </wsx:Metadata> + </wsaw:Metadata> + </sp:Issuer> + </sp:IssuedToken> + </wsp:Policy> + </sp:TransportToken> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:TripleDes/> + </wsp:Policy> + </sp:AlgorithmSuite> + <sp:Layout> + <wsp:Policy> + <sp:Lax/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + </wsp:Policy> + </sp:TransportBinding> + <sp:Wss11> + <wsp:Policy> + <sp:MustSupportRefIssuerSerial/> + <sp:MustSupportRefThumbprint/> + <sp:MustSupportRefEncryptedKey/> + </wsp:Policy> + </sp:Wss11> + <sp:Trust13> + <wsp:Policy> + <sp:MustSupportIssuedTokens/> + <sp:RequireClientEntropy/> + <sp:RequireServerEntropy/> + </wsp:Policy> + </sp:Trust13> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> + <wsp:Policy wsu:Id="DoubleItBindingTransportSAML1EndorsingPolicy"> + <wsp:ExactlyOne> + <wsp:All> + <wsam:Addressing wsp:Optional="false"> + <wsp:Policy/> + </wsam:Addressing> + <sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> + <wsp:Policy> + <sp:TransportToken> + <wsp:Policy> + <sp:HttpsToken> + <wsp:Policy/> + </sp:HttpsToken> + </wsp:Policy> + </sp:TransportToken> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:TripleDes/> + </wsp:Policy> + </sp:AlgorithmSuite> + <sp:Layout> + <wsp:Policy> + <sp:Lax/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + </wsp:Policy> + </sp:TransportBinding> + <sp:EndorsingSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> + <wsp:Policy> + <sp:IssuedToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"> + <sp:RequestSecurityTokenTemplate> + <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</t:TokenType> + <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</t:KeyType> + </sp:RequestSecurityTokenTemplate> + <wsp:Policy> + <sp:RequireInternalReference/> + </wsp:Policy> + <sp:Issuer> + <wsaw:Address>http://localhost:8080/STS/STSUT + </wsaw:Address> + <wsaw:Metadata> + <wsx:Metadata> + <wsx:MetadataSection> + <wsx:MetadataReference> + <wsaw:Address>http://localhost:8080/SecurityTokenService/UT/mex + </wsaw:Address> + </wsx:MetadataReference> + </wsx:MetadataSection> + </wsx:Metadata> + </wsaw:Metadata> + </sp:Issuer> + </sp:IssuedToken> + </wsp:Policy> + </sp:EndorsingSupportingTokens> + <sp:Wss11> + <wsp:Policy> + <sp:MustSupportRefIssuerSerial/> + <sp:MustSupportRefThumbprint/> + <sp:MustSupportRefEncryptedKey/> + </wsp:Policy> + </sp:Wss11> + <sp:Trust13> + <wsp:Policy> + <sp:MustSupportIssuedTokens/> + <sp:RequireClientEntropy/> + <sp:RequireServerEntropy/> + </wsp:Policy> + </sp:Trust13> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> + <wsp:Policy wsu:Id="DoubleItBindingTransportSAML2X509EndorsingPolicy"> + <wsp:ExactlyOne> + <wsp:All> + <wsam:Addressing wsp:Optional="false"> + <wsp:Policy/> + </wsam:Addressing> + <sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> + <wsp:Policy> + <sp:TransportToken> + <wsp:Policy> + <sp:HttpsToken> + <wsp:Policy/> + </sp:HttpsToken> + </wsp:Policy> + </sp:TransportToken> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:TripleDes/> + </wsp:Policy> + </sp:AlgorithmSuite> + <sp:Layout> + <wsp:Policy> + <sp:Lax/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + </wsp:Policy> + </sp:TransportBinding> + <sp:EndorsingSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> + <wsp:Policy> + <sp:IssuedToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"> + <sp:RequestSecurityTokenTemplate> + <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType> + <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</t:KeyType> + </sp:RequestSecurityTokenTemplate> + <wsp:Policy> + <sp:RequireInternalReference/> + </wsp:Policy> + <sp:Issuer> + <wsaw:Address>http://localhost:8080/STS/STSUT + </wsaw:Address> + <wsaw:Metadata> + <wsx:Metadata> + <wsx:MetadataSection> + <wsx:MetadataReference> + <wsaw:Address>http://localhost:8080/SecurityTokenService/UT/mex + </wsaw:Address> + </wsx:MetadataReference> + </wsx:MetadataSection> + </wsx:Metadata> + </wsaw:Metadata> + </sp:Issuer> + </sp:IssuedToken> + <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never"> + <wsp:Policy> + <sp:WssX509V3Token10/> + <sp:RequireIssuerSerialReference/> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:EndorsingSupportingTokens> + <sp:Wss11> + <wsp:Policy> + <sp:MustSupportRefIssuerSerial/> + <sp:MustSupportRefThumbprint/> + <sp:MustSupportRefEncryptedKey/> + </wsp:Policy> + </sp:Wss11> + <sp:Trust13> + <wsp:Policy> + <sp:MustSupportIssuedTokens/> + <sp:RequireClientEntropy/> + <sp:RequireServerEntropy/> + </wsp:Policy> + </sp:Trust13> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> + <wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Input_Policy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:EncryptedParts> + <sp:Body/> + </sp:EncryptedParts> + <sp:SignedParts> + <sp:Body/> + <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/> + <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/> + <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/> + <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/> + <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/> + <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/> + <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/> + <sp:Header Name="AckRequested" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/> + <sp:Header Name="SequenceAcknowledgement" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/> + <sp:Header Name="Sequence" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/> + <sp:Header Name="CreateSequence" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/> + </sp:SignedParts> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> + <wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Output_Policy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:EncryptedParts> + <sp:Body/> + </sp:EncryptedParts> + <sp:SignedParts> + <sp:Body/> + <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/> + <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/> + <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/> + <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/> + <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/> + <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/> + <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/> + <sp:Header Name="AckRequested" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/> + <sp:Header Name="SequenceAcknowledgement" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/> + <sp:Header Name="Sequence" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/> + <sp:Header Name="CreateSequence" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/> + </sp:SignedParts> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> +>>>>>>> 6a41413... [CXF-6327] - Adding @Ignore'd test </wsdl:definitions> http://git-wip-us.apache.org/repos/asf/cxf/blob/fcbb360b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-client.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-client.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-client.xml index 78d4a23..76c8ecd 100644 --- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-client.xml +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-client.xml @@ -54,6 +54,7 @@ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/confi </map> </property> </bean> +<<<<<<< HEAD <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML1Port" createdFromAPI="true"> <jaxws:properties> @@ -109,5 +110,59 @@ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/confi </http:tlsClientParameters> </http:conduit> +======= + <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML1Port" createdFromAPI="true"> + <jaxws:properties> + <entry key="ws-security.sts.client" value-ref="stsClient"/> + </jaxws:properties> + </jaxws:client> + <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2Port" createdFromAPI="true"> + <jaxws:properties> + <entry key="ws-security.sts.client"> + <bean class="org.apache.cxf.ws.security.trust.STSClient"> + <constructor-arg ref="cxf"/> + <property name="wsdlLocation" value="https://localhost:8443/SecurityTokenService/Transport?wsdl"/> + <property name="serviceName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"/> + <property name="endpointName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port"/> + <property name="properties"> + <map> + <entry key="ws-security.username" value="alice"/> + <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/> + <entry key="ws-security.sts.token.username" value="myclientkey"/> + <entry key="ws-security.sts.token.properties" value="clientKeystore.properties"/> + <entry key="ws-security.sts.token.usecert" value="false"/> + </map> + </property> + </bean> + </entry> + </jaxws:properties> + </jaxws:client> + <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML1EndorsingPort" createdFromAPI="true"> + <jaxws:properties> + <entry key="ws-security.username" value="myclientkey"/> + <entry key="ws-security.signature.properties" value="clientKeystore.properties"/> + <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/> + <entry key="ws-security.sts.client" value-ref="stsClient"/> + </jaxws:properties> + </jaxws:client> + <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2X509EndorsingPort" createdFromAPI="true"> + <jaxws:properties> + <entry key="ws-security.username" value="myclientkey"/> + <entry key="ws-security.signature.properties" value="clientKeystore.properties"/> + <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/> + <entry key="ws-security.sts.client" value-ref="stsClient"/> + </jaxws:properties> + </jaxws:client> + <http:conduit name="https://localhost.*"> + <http:tlsClientParameters disableCNCheck="true"> + <sec:keyManagers keyPassword="ckpass"> + <sec:keyStore type="jks" password="cspass" resource="clientstore.jks"/> + </sec:keyManagers> + <sec:trustManagers> + <sec:keyStore type="jks" password="cspass" resource="clientstore.jks"/> + </sec:trustManagers> + </http:tlsClientParameters> + </http:conduit> +>>>>>>> 6a41413... [CXF-6327] - Adding @Ignore'd test </beans> http://git-wip-us.apache.org/repos/asf/cxf/blob/fcbb360b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-service.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-service.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-service.xml index af3e48d..83b51f3 100644 --- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-service.xml +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-service.xml @@ -16,6 +16,7 @@ specific language governing permissions and limitations under the License. --> +<<<<<<< HEAD <beans xmlns="http://www.springframework.org/schema/beans" xmlns:cxf="http://cxf.apache.org/core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" @@ -117,5 +118,54 @@ </httpj:engine> </httpj:engine-factory> +======= +<beans xmlns="http://www.springframework.org/schema/beans" xmlns:cxf="http://cxf.apache.org/core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xsi:schemaLocation=" http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"> + <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml1" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML1Port" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.Server}/doubleit/services/doubleittransportsaml1" wsdlLocation="org/apache/cxf/systest/sts/transport/DoubleIt.wsdl"> + <jaxws:properties> + <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/> + <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/> + <entry key="ws-security.saml1.validator"> + <bean class="org.apache.cxf.ws.security.trust.STSTokenValidator"/> + </entry> + <entry key="ws-security.is-bsp-compliant" value="false"/> + </jaxws:properties> + </jaxws:endpoint> + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml2" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML2Port" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.Server}/doubleit/services/doubleittransportsaml2" wsdlLocation="org/apache/cxf/systest/sts/transport/DoubleIt.wsdl"> + <jaxws:properties> + <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/> + <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/> + <entry key="ws-security.saml2.validator"> + <bean class="org.apache.cxf.ws.security.trust.STSTokenValidator"/> + </entry> + </jaxws:properties> + </jaxws:endpoint> + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml1endorsing" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML1EndorsingPort" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.Server}/doubleit/services/doubleittransportsaml1endorsing" wsdlLocation="org/apache/cxf/systest/sts/transport/DoubleIt.wsdl"> + <jaxws:properties> + <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/> + <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/> + <entry key="ws-security.is-bsp-compliant" value="false"/> + </jaxws:properties> + </jaxws:endpoint> + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml2x509" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML2X509EndorsingPort" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.Server}/doubleit/services/doubleittransportsaml2x509endorsing" wsdlLocation="org/apache/cxf/systest/sts/transport/DoubleIt.wsdl"> + <jaxws:properties> + <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/> + <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/> + </jaxws:properties> + </jaxws:endpoint> + <httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf"> + <httpj:engine port="${testutil.ports.Server}"> + <httpj:tlsServerParameters> + <sec:keyManagers keyPassword="skpass"> + <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/> + </sec:keyManagers> + <sec:trustManagers> + <sec:keyStore type="jks" password="stsspass" resource="stsstore.jks"/> + </sec:trustManagers> + <sec:clientAuthentication want="true" required="true"/> + </httpj:tlsServerParameters> + </httpj:engine> + </httpj:engine-factory> +>>>>>>> 6a41413... [CXF-6327] - Adding @Ignore'd test </beans> http://git-wip-us.apache.org/repos/asf/cxf/blob/fcbb360b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-stax-service.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-stax-service.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-stax-service.xml new file mode 100644 index 0000000..f9d7a0c --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-stax-service.xml @@ -0,0 +1,72 @@ +<?xml version="1.0"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans" xmlns:cxf="http://cxf.apache.org/core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xsi:schemaLocation=" http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"> + <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml1" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML1Port" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.StaxServer}/doubleit/services/doubleittransportsaml1" wsdlLocation="org/apache/cxf/systest/sts/transport/DoubleIt.wsdl"> + <jaxws:properties> + <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/> + <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/> + <entry key="ws-security.saml1.validator"> + <bean class="org.apache.cxf.ws.security.trust.STSStaxTokenValidator"/> + </entry> + <entry key="ws-security.is-bsp-compliant" value="false"/> + <entry key="ws-security.enable.streaming" value="true"/> + </jaxws:properties> + </jaxws:endpoint> + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml2" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML2Port" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.StaxServer}/doubleit/services/doubleittransportsaml2" wsdlLocation="org/apache/cxf/systest/sts/transport/DoubleIt.wsdl"> + <jaxws:properties> + <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/> + <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/> + <entry key="ws-security.saml2.validator"> + <bean class="org.apache.cxf.ws.security.trust.STSStaxTokenValidator"/> + </entry> + <entry key="ws-security.enable.streaming" value="true"/> + </jaxws:properties> + </jaxws:endpoint> + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml1endorsing" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML1EndorsingPort" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.StaxServer}/doubleit/services/doubleittransportsaml1endorsing" wsdlLocation="org/apache/cxf/systest/sts/transport/DoubleIt.wsdl"> + <jaxws:properties> + <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/> + <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/> + <entry key="ws-security.is-bsp-compliant" value="false"/> + <entry key="ws-security.enable.streaming" value="true"/> + </jaxws:properties> + </jaxws:endpoint> + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml2x509endorsing" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML2X509EndorsingPort" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.StaxServer}/doubleit/services/doubleittransportsaml2x509endorsing" wsdlLocation="org/apache/cxf/systest/sts/transport/DoubleIt.wsdl"> + <jaxws:properties> + <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/> + <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/> + <entry key="ws-security.is-bsp-compliant" value="false"/> + <entry key="ws-security.enable.streaming" value="true"/> + </jaxws:properties> + </jaxws:endpoint> + <httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf"> + <httpj:engine port="${testutil.ports.StaxServer}"> + <httpj:tlsServerParameters> + <sec:keyManagers keyPassword="skpass"> + <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/> + </sec:keyManagers> + <sec:trustManagers> + <sec:keyStore type="jks" password="stsspass" resource="stsstore.jks"/> + </sec:trustManagers> + <sec:clientAuthentication want="true" required="true"/> + </httpj:tlsServerParameters> + </httpj:engine> + </httpj:engine-factory> +</beans>