Support the ability to store BASE-64 encoded (encryption) bytes in message
attachments
Conflicts:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/22937bb5
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/22937bb5
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/22937bb5
Branch: refs/heads/3.0.x-fixes
Commit: 22937bb5827175d8f64e3db28bbeab3c816ca89d
Parents: c780d3a
Author: Colm O hEigeartaigh <cohei...@apache.org>
Authored: Thu Jul 9 17:09:12 2015 +0100
Committer: Colm O hEigeartaigh <cohei...@apache.org>
Committed: Thu Jul 9 17:11:28 2015 +0100
----------------------------------------------------------------------
.../cxf/ws/security/SecurityConstants.java | 18 +++++
.../policyhandlers/AbstractBindingBuilder.java | 46 +++++++++++++
.../AsymmetricBindingHandler.java | 17 +++++
.../policyhandlers/SymmetricBindingHandler.java | 4 ++
.../cxf/systest/ws/mtom/MTOMSecurityTest.java | 51 +++++++++++++-
.../cxf/systest/ws/mtom/DoubleItMtom.wsdl | 71 ++++++++++++++++++++
.../org/apache/cxf/systest/ws/mtom/client.xml | 43 +++++++++++-
.../org/apache/cxf/systest/ws/mtom/server.xml | 38 +++++++++++
8 files changed, 285 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/22937bb5/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
----------------------------------------------------------------------
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
index 0516853..885a9b8 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
@@ -244,8 +244,21 @@ public final class SecurityConstants {
* SAML Token contains Audience Restriction URIs, one of them must match
either the
* request URL or the Service QName. The default is "true".
*/
+<<<<<<< HEAD
public static final String AUDIENCE_RESTRICTION_VALIDATION =
"ws-security.validate.audience-restriction";
+=======
+ public static final String ENABLE_SAML_ONE_TIME_USE_CACHE =
"ws-security.enable.saml.cache";
+
+ /**
+ * Whether to store bytes (CipherData or BinarySecurityToken) in an
attachment. The default is
+ * true if MTOM is enabled. Set it to false to BASE-64 encode the bytes
and "inlined" them in
+ * the message instead. Setting this to true is more efficient, as it
means that the BASE-64
+ * encoding step can be skipped. This only applies to the DOM WS-Security
stack.
+ */
+ public static final String STORE_BYTES_IN_ATTACHMENT =
"ws-security.store.bytes.in.attachment";
+
+>>>>>>> f399b92... Support the ability to store BASE-64 encoded (encryption)
bytes in message attachments
//
// Non-boolean WS-Security Configuration parameters
//
@@ -650,8 +663,13 @@ public final class SecurityConstants {
CACHE_IDENTIFIER, CACHE_ISSUED_TOKEN_IN_ENDPOINT,
PREFER_WSMEX_OVER_STS_CLIENT_CONFIG,
DELEGATED_CREDENTIAL, KERBEROS_USE_CREDENTIAL_DELEGATION,
KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM,
STS_TOKEN_IMMINENT_EXPIRY_VALUE,
+<<<<<<< HEAD
KERBEROS_REQUEST_CREDENTIAL_DELEGATION,
ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL,
AUDIENCE_RESTRICTION_VALIDATION
+=======
+ KERBEROS_REQUEST_CREDENTIAL_DELEGATION, POLICY_VALIDATOR_MAP,
+ STORE_BYTES_IN_ATTACHMENT
+>>>>>>> f399b92... Support the ability to store BASE-64 encoded (encryption)
bytes in message attachments
}));
ALL_PROPERTIES = Collections.unmodifiableSet(s);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/22937bb5/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 98de4de..0a3734c 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -50,7 +50,11 @@ import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
+<<<<<<< HEAD
import org.apache.cxf.Bus;
+=======
+import org.apache.cxf.attachment.AttachmentUtil;
+>>>>>>> f399b92... Support the ability to store BASE-64 encoded (encryption)
bytes in message attachments
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.saaj.SAAJUtils;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
@@ -111,6 +115,7 @@ import org.apache.wss4j.policy.SPConstants.IncludeTokenType;
import org.apache.wss4j.policy.model.AbstractBinding;
import org.apache.wss4j.policy.model.AbstractSecurityAssertion;
import org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding;
+import
org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding.ProtectionOrder;
import org.apache.wss4j.policy.model.AbstractToken;
import org.apache.wss4j.policy.model.AbstractToken.DerivedKeys;
import org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType;
@@ -168,6 +173,12 @@ public abstract class AbstractBindingBuilder extends
AbstractCommonBindingHandle
protected Element bstElement;
protected Element lastEncryptedKeyElement;
+<<<<<<< HEAD
+=======
+ protected final CallbackLookup callbackLookup;
+ protected boolean storeBytesInAttachment;
+
+>>>>>>> f399b92... Support the ability to store BASE-64 encoded (encryption)
bytes in message attachments
private Element lastSupportingTokenElement;
private Element lastDerivedKeyElement;
@@ -189,6 +200,32 @@ public abstract class AbstractBindingBuilder extends
AbstractCommonBindingHandle
this.secHeader = secHeader;
this.saaj = saaj;
message.getExchange().put(WSHandlerConstants.SEND_SIGV, signatures);
+<<<<<<< HEAD
+=======
+
+ boolean storeBytes =
+ MessageUtils.getContextualBoolean(
+ message, SecurityConstants.STORE_BYTES_IN_ATTACHMENT, true
+ );
+ if (storeBytes && AttachmentUtil.isMtomEnabled(message)) {
+ storeBytesInAttachment = true;
+ if (binding instanceof AbstractSymmetricAsymmetricBinding
+ && (ProtectionOrder.EncryptBeforeSigning
+ ==
((AbstractSymmetricAsymmetricBinding)binding).getProtectionOrder())
+ ||
((AbstractSymmetricAsymmetricBinding)binding).isProtectTokens()) {
+ LOG.fine("Disabling
SecurityConstants.STORE_BYTES_IN_ATTACHMENT due to "
+ + "EncryptBeforeSigning or ProtectTokens policy.");
+ storeBytesInAttachment = false;
+ }
+ }
+
+ Element soapBody = SAAJUtils.getBody(saaj);
+ if (soapBody != null) {
+ callbackLookup = new
CXFCallbackLookup(soapBody.getOwnerDocument(), soapBody);
+ } else {
+ callbackLookup = null;
+ }
+>>>>>>> f399b92... Support the ability to store BASE-64 encoded (encryption)
bytes in message attachments
}
protected void insertAfter(Element child, Element sib) {
@@ -1382,7 +1419,15 @@ public abstract class AbstractBindingBuilder extends
AbstractCommonBindingHandle
}
protected WSSecEncryptedKey getEncryptedKeyBuilder(AbstractToken token)
throws WSSecurityException {
+<<<<<<< HEAD
WSSecEncryptedKey encrKey = new WSSecEncryptedKey(wssConfig);
+=======
+ WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
+ encrKey.setIdAllocator(wssConfig.getIdAllocator());
+ encrKey.setCallbackLookup(callbackLookup);
+ encrKey.setAttachmentCallbackHandler(new
AttachmentCallbackHandler(message));
+ encrKey.setStoreBytesInAttachment(storeBytesInAttachment);
+>>>>>>> f399b92... Support the ability to store BASE-64 encoded (encryption)
bytes in message attachments
Crypto crypto = getEncryptionCrypto();
message.getExchange().put(SecurityConstants.ENCRYPT_CRYPTO, crypto);
setKeyIdentifierType(encrKey, token);
@@ -1668,6 +1713,7 @@ public abstract class AbstractBindingBuilder extends
AbstractCommonBindingHandle
) throws WSSecurityException {
WSSecSignature sig = new WSSecSignature(wssConfig);
sig.setAttachmentCallbackHandler(new
AttachmentCallbackHandler(message));
+ sig.setStoreBytesInAttachment(storeBytesInAttachment);
checkForX509PkiPath(sig, token);
if (token instanceof IssuedToken || token instanceof SamlToken) {
assertPolicy(token);
http://git-wip-us.apache.org/repos/asf/cxf/blob/22937bb5/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index 82f99de..c41580f 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -453,7 +453,15 @@ public class AsymmetricBindingHandler extends
AbstractBindingBuilder {
AlgorithmSuite algorithmSuite = abinding.getAlgorithmSuite();
if (encrToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
try {
+<<<<<<< HEAD
WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(wssConfig);
+=======
+ WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();
+ dkEncr.setIdAllocator(wssConfig.getIdAllocator());
+ dkEncr.setCallbackLookup(callbackLookup);
+ dkEncr.setAttachmentCallbackHandler(new
AttachmentCallbackHandler(message));
+ dkEncr.setStoreBytesInAttachment(storeBytesInAttachment);
+>>>>>>> f399b92... Support the ability to store BASE-64 encoded (encryption)
bytes in message attachments
if (recToken.getToken().getVersion() ==
SPConstants.SPVersion.SP11) {
dkEncr.setWscVersion(ConversationConstants.VERSION_05_02);
}
@@ -483,6 +491,7 @@ public class AsymmetricBindingHandler extends
AbstractBindingBuilder {
try {
WSSecEncrypt encr = new WSSecEncrypt(wssConfig);
encr.setAttachmentCallbackHandler(new
AttachmentCallbackHandler(message));
+ encr.setStoreBytesInAttachment(storeBytesInAttachment);
encr.setDocument(saaj.getSOAPPart());
Crypto crypto = getEncryptionCrypto();
@@ -615,7 +624,15 @@ public class AsymmetricBindingHandler extends
AbstractBindingBuilder {
// Set up the encrypted key to use
setupEncryptedKey(wrapper, sigToken);
+<<<<<<< HEAD
WSSecDKSign dkSign = new WSSecDKSign(wssConfig);
+=======
+ WSSecDKSign dkSign = new WSSecDKSign();
+ dkSign.setIdAllocator(wssConfig.getIdAllocator());
+ dkSign.setCallbackLookup(callbackLookup);
+ dkSign.setAttachmentCallbackHandler(new
AttachmentCallbackHandler(message));
+ dkSign.setStoreBytesInAttachment(storeBytesInAttachment);
+>>>>>>> f399b92... Support the ability to store BASE-64 encoded (encryption)
bytes in message attachments
if (wrapper.getToken().getVersion() == SPConstants.SPVersion.SP11)
{
dkSign.setWscVersion(ConversationConstants.VERSION_05_02);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/22937bb5/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index 0b70426..451e2d2 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -399,6 +399,7 @@ public class SymmetricBindingHandler extends
AbstractBindingBuilder {
try {
WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(wssConfig);
dkEncr.setAttachmentCallbackHandler(new
AttachmentCallbackHandler(message));
+ dkEncr.setStoreBytesInAttachment(storeBytesInAttachment);
if (recToken.getToken().getVersion() ==
SPConstants.SPVersion.SP11) {
dkEncr.setWscVersion(ConversationConstants.VERSION_05_02);
}
@@ -512,6 +513,7 @@ public class SymmetricBindingHandler extends
AbstractBindingBuilder {
try {
WSSecEncrypt encr = new WSSecEncrypt(wssConfig);
encr.setAttachmentCallbackHandler(new
AttachmentCallbackHandler(message));
+ encr.setStoreBytesInAttachment(storeBytesInAttachment);
String encrTokId = encrTok.getId();
if (attached) {
encrTokId = encrTok.getWsuId();
@@ -627,6 +629,7 @@ public class SymmetricBindingHandler extends
AbstractBindingBuilder {
Document doc = saaj.getSOAPPart();
WSSecDKSign dkSign = new WSSecDKSign(wssConfig);
dkSign.setAttachmentCallbackHandler(new
AttachmentCallbackHandler(message));
+ dkSign.setStoreBytesInAttachment(storeBytesInAttachment);
if (policyAbstractTokenWrapper.getToken().getVersion() ==
SPConstants.SPVersion.SP11) {
dkSign.setWscVersion(ConversationConstants.VERSION_05_02);
}
@@ -754,6 +757,7 @@ public class SymmetricBindingHandler extends
AbstractBindingBuilder {
} else {
WSSecSignature sig = new WSSecSignature(wssConfig);
sig.setAttachmentCallbackHandler(new
AttachmentCallbackHandler(message));
+ sig.setStoreBytesInAttachment(storeBytesInAttachment);
// If a EncryptedKeyToken is used, set the correct value type to
// be used in the wsse:Reference in ds:KeyInfo
int type = included ? WSConstants.CUSTOM_SYMM_SIGNING
http://git-wip-us.apache.org/repos/asf/cxf/blob/22937bb5/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java
----------------------------------------------------------------------
diff --git
a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java
index 162e7b3..3c79a43 100644
---
a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java
+++
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java
@@ -119,8 +119,7 @@ public class MTOMSecurityTest extends
AbstractBusClientServerTestBase {
// Here we moving encrypted bytes to attachments instead, and referencing
them via xop:Include
// This avoids the BASE-64 encoding/decoding step when the raw bytes are
included in the SOAP Envelope
@org.junit.Test
- @org.junit.Ignore
- public void testEncryptedDataInAttachment() throws Exception {
+ public void testAsymmetricBytesInAttachment() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
URL busFile = MTOMSecurityTest.class.getResource("client.xml");
@@ -142,4 +141,52 @@ public class MTOMSecurityTest extends
AbstractBusClientServerTestBase {
((java.io.Closeable)port).close();
bus.shutdown(true);
}
+
+ @org.junit.Test
+ public void testSymmetricBytesInAttachment() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = MTOMSecurityTest.class.getResource("client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = MTOMSecurityTest.class.getResource("DoubleItMtom.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSymmetricPort");
+ DoubleItPortType port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(port, PORT);
+
+ int result = port.doubleIt(25);
+ assertEquals(result, 50);
+
+ ((java.io.Closeable)port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
+ public void testActionBytesInAttachment() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = MTOMSecurityTest.class.getResource("client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = MTOMSecurityTest.class.getResource("DoubleItMtom.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItActionPort");
+ DoubleItPortType port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(port, PORT);
+
+ int result = port.doubleIt(25);
+ assertEquals(result, 50);
+
+ ((java.io.Closeable)port).close();
+ bus.shutdown(true);
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/22937bb5/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/DoubleItMtom.wsdl
----------------------------------------------------------------------
diff --git
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/DoubleItMtom.wsdl
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/DoubleItMtom.wsdl
index c50a8ae..57bc5e9 100644
---
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/DoubleItMtom.wsdl
+++
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/DoubleItMtom.wsdl
@@ -52,6 +52,39 @@
</wsdl:fault>
</wsdl:operation>
</wsdl:binding>
+ <wsdl:binding name="DoubleItSymmetricBinding" type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItSymmetricPolicy"/>
+ <soap:binding style="document"
transport="http://schemas.xmlsoap.org/soap/http"/>
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction=""/>
+ <wsdl:input>
+ <soap:body use="literal"/>
+ <wsp:PolicyReference
URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal"/>
+ <wsp:PolicyReference
URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+ </wsdl:output>
+ <wsdl:fault name="DoubleItFault">
+ <soap:body use="literal" name="DoubleItFault"/>
+ </wsdl:fault>
+ </wsdl:operation>
+ </wsdl:binding>
+ <wsdl:binding name="DoubleItActionBinding" type="tns:DoubleItPortType">
+ <soap:binding style="document"
transport="http://schemas.xmlsoap.org/soap/http"/>
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction=""/>
+ <wsdl:input>
+ <soap:body use="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal"/>
+ </wsdl:output>
+ <wsdl:fault name="DoubleItFault">
+ <soap:body use="literal" name="DoubleItFault"/>
+ </wsdl:fault>
+ </wsdl:operation>
+ </wsdl:binding>
<wsdl:service name="DoubleItService">
<wsdl:port name="DoubleItSignedMTOMInlinePort"
binding="tns:DoubleItNoSecurityBinding">
@@ -63,6 +96,12 @@
<wsdl:port name="DoubleItAsymmetricPort"
binding="tns:DoubleItAsymmetricBinding">
<soap:address
location="http://localhost:9001/DoubleItX509Asymmetric"/>
</wsdl:port>
+ <wsdl:port name="DoubleItSymmetricPort"
binding="tns:DoubleItSymmetricBinding">
+ <soap:address
location="http://localhost:9001/DoubleItX509Symmetric"/>
+ </wsdl:port>
+ <wsdl:port name="DoubleItActionPort"
binding="tns:DoubleItActionBinding">
+ <soap:address location="http://localhost:9001/DoubleItX509Action"/>
+ </wsdl:port>
</wsdl:service>
<wsp:Policy wsu:Id="DoubleItAsymmetricPolicy">
@@ -106,6 +145,38 @@
</wsp:ExactlyOne>
</wsp:Policy>
+ <wsp:Policy wsu:Id="DoubleItSymmetricPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";>
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
<wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Input_Policy">
<wsp:ExactlyOne>
<wsp:All>
http://git-wip-us.apache.org/repos/asf/cxf/blob/22937bb5/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/client.xml
----------------------------------------------------------------------
diff --git
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/client.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/client.xml
index b668025..003c64e 100644
---
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/client.xml
+++
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/client.xml
@@ -83,7 +83,7 @@
</jaxws:properties>
</jaxws:client>
- <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItAsymmetricPort";
createdFromAPI="true">
+ <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItAsymmetricPort";
createdFromAPI="true">
<jaxws:properties>
<entry key="security.encryption.properties"
value="bob.properties"/>
<entry key="security.encryption.username" value="bob"/>
@@ -94,4 +94,45 @@
</jaxws:properties>
</jaxws:client>
+ <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItSymmetricPort";
createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="security.encryption.properties"
value="bob.properties"/>
+ <entry key="security.encryption.username" value="bob"/>
+ <entry key="mtom-enabled" value="true"/>
+ </jaxws:properties>
+ </jaxws:client>
+
+ <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItActionPort";
createdFromAPI="true">
+ <jaxws:outInterceptors>
+ <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Signature Timestamp"/>
+ <entry key="signatureUser" value="alice"/>
+ <entry key="signaturePropFile"
value="alice.properties"/>
+ <entry key="signatureKeyIdentifier"
value="DirectReference"/>
+ <entry key="signatureParts"
+
value="{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{}{http://schemas.xmlsoap.org/soap/envelope/}Body;"/>
+ <entry key="passwordCallbackClass"
value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+ <entry key="storeBytesInAttachment" value="true"/>
+ </map>
+ </constructor-arg>
+ </bean>
+ </jaxws:outInterceptors>
+ <jaxws:inInterceptors>
+ <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Signature"/>
+ <entry key="signatureVerificationPropFile"
value="alice.properties"/>
+ </map>
+ </constructor-arg>
+ </bean>
+ </jaxws:inInterceptors>
+ <jaxws:properties>
+ <entry key="mtom-enabled" value="true"/>
+ </jaxws:properties>
+ </jaxws:client>
+
+
</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/22937bb5/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/server.xml
----------------------------------------------------------------------
diff --git
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/server.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/server.xml
index aa034e0..98051fb 100644
---
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/server.xml
+++
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/server.xml
@@ -103,4 +103,42 @@
</jaxws:properties>
</jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="Symmetric"
address="http://localhost:${testutil.ports.mtom.Server}/DoubleItX509Symmetric";
serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetricPort"
implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/mtom/DoubleItMtom.wsdl">
+ <jaxws:properties>
+ <entry key="security.callback-handler"
value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+ <entry key="security.signature.properties" value="bob.properties"/>
+ <entry key="mtom-enabled" value="true"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="Action"
address="http://localhost:${testutil.ports.mtom.Server}/DoubleItX509Action";
serviceName="s:DoubleItService" endpointName="s:DoubleItActionPort"
implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/mtom/DoubleItMtom.wsdl">
+ <jaxws:outInterceptors>
+ <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Signature"/>
+ <entry key="signatureUser" value="bob"/>
+ <entry key="signaturePropFile" value="bob.properties"/>
+ <entry key="signatureKeyIdentifier"
value="DirectReference"/>
+ <entry key="passwordCallbackClass"
value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+ <entry key="storeBytesInAttachment" value="true"/>
+ </map>
+ </constructor-arg>
+ </bean>
+ </jaxws:outInterceptors>
+ <jaxws:inInterceptors>
+ <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Signature Timestamp"/>
+ <entry key="signatureVerificationPropFile"
value="bob.properties"/>
+ </map>
+ </constructor-arg>
+ </bean>
+ </jaxws:inInterceptors>
+ <jaxws:properties>
+ <entry key="mtom-enabled" value="true"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+
</beans>
