Support the ability to store BASE-64 encoded (encryption) bytes in message attachments
Conflicts: rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/22937bb5 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/22937bb5 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/22937bb5 Branch: refs/heads/3.0.x-fixes Commit: 22937bb5827175d8f64e3db28bbeab3c816ca89d Parents: c780d3a Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Thu Jul 9 17:09:12 2015 +0100 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Thu Jul 9 17:11:28 2015 +0100 ---------------------------------------------------------------------- .../cxf/ws/security/SecurityConstants.java | 18 +++++ .../policyhandlers/AbstractBindingBuilder.java | 46 +++++++++++++ .../AsymmetricBindingHandler.java | 17 +++++ .../policyhandlers/SymmetricBindingHandler.java | 4 ++ .../cxf/systest/ws/mtom/MTOMSecurityTest.java | 51 +++++++++++++- .../cxf/systest/ws/mtom/DoubleItMtom.wsdl | 71 ++++++++++++++++++++ .../org/apache/cxf/systest/ws/mtom/client.xml | 43 +++++++++++- .../org/apache/cxf/systest/ws/mtom/server.xml | 38 +++++++++++ 8 files changed, 285 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/22937bb5/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java index 0516853..885a9b8 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java @@ -244,8 +244,21 @@ public final class SecurityConstants { * SAML Token contains Audience Restriction URIs, one of them must match either the * request URL or the Service QName. The default is "true". */ +<<<<<<< HEAD public static final String AUDIENCE_RESTRICTION_VALIDATION = "ws-security.validate.audience-restriction"; +======= + public static final String ENABLE_SAML_ONE_TIME_USE_CACHE = "ws-security.enable.saml.cache"; + + /** + * Whether to store bytes (CipherData or BinarySecurityToken) in an attachment. The default is + * true if MTOM is enabled. Set it to false to BASE-64 encode the bytes and "inlined" them in + * the message instead. Setting this to true is more efficient, as it means that the BASE-64 + * encoding step can be skipped. This only applies to the DOM WS-Security stack. + */ + public static final String STORE_BYTES_IN_ATTACHMENT = "ws-security.store.bytes.in.attachment"; + +>>>>>>> f399b92... Support the ability to store BASE-64 encoded (encryption) bytes in message attachments // // Non-boolean WS-Security Configuration parameters // @@ -650,8 +663,13 @@ public final class SecurityConstants { CACHE_IDENTIFIER, CACHE_ISSUED_TOKEN_IN_ENDPOINT, PREFER_WSMEX_OVER_STS_CLIENT_CONFIG, DELEGATED_CREDENTIAL, KERBEROS_USE_CREDENTIAL_DELEGATION, KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM, STS_TOKEN_IMMINENT_EXPIRY_VALUE, +<<<<<<< HEAD KERBEROS_REQUEST_CREDENTIAL_DELEGATION, ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, AUDIENCE_RESTRICTION_VALIDATION +======= + KERBEROS_REQUEST_CREDENTIAL_DELEGATION, POLICY_VALIDATOR_MAP, + STORE_BYTES_IN_ATTACHMENT +>>>>>>> f399b92... Support the ability to store BASE-64 encoded (encryption) bytes in message attachments })); ALL_PROPERTIES = Collections.unmodifiableSet(s); } http://git-wip-us.apache.org/repos/asf/cxf/blob/22937bb5/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java index 98de4de..0a3734c 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java @@ -50,7 +50,11 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; +<<<<<<< HEAD import org.apache.cxf.Bus; +======= +import org.apache.cxf.attachment.AttachmentUtil; +>>>>>>> f399b92... Support the ability to store BASE-64 encoded (encryption) bytes in message attachments import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.binding.soap.saaj.SAAJUtils; import org.apache.cxf.common.classloader.ClassLoaderUtils; @@ -111,6 +115,7 @@ import org.apache.wss4j.policy.SPConstants.IncludeTokenType; import org.apache.wss4j.policy.model.AbstractBinding; import org.apache.wss4j.policy.model.AbstractSecurityAssertion; import org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding; +import org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding.ProtectionOrder; import org.apache.wss4j.policy.model.AbstractToken; import org.apache.wss4j.policy.model.AbstractToken.DerivedKeys; import org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType; @@ -168,6 +173,12 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle protected Element bstElement; protected Element lastEncryptedKeyElement; +<<<<<<< HEAD +======= + protected final CallbackLookup callbackLookup; + protected boolean storeBytesInAttachment; + +>>>>>>> f399b92... Support the ability to store BASE-64 encoded (encryption) bytes in message attachments private Element lastSupportingTokenElement; private Element lastDerivedKeyElement; @@ -189,6 +200,32 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle this.secHeader = secHeader; this.saaj = saaj; message.getExchange().put(WSHandlerConstants.SEND_SIGV, signatures); +<<<<<<< HEAD +======= + + boolean storeBytes = + MessageUtils.getContextualBoolean( + message, SecurityConstants.STORE_BYTES_IN_ATTACHMENT, true + ); + if (storeBytes && AttachmentUtil.isMtomEnabled(message)) { + storeBytesInAttachment = true; + if (binding instanceof AbstractSymmetricAsymmetricBinding + && (ProtectionOrder.EncryptBeforeSigning + == ((AbstractSymmetricAsymmetricBinding)binding).getProtectionOrder()) + || ((AbstractSymmetricAsymmetricBinding)binding).isProtectTokens()) { + LOG.fine("Disabling SecurityConstants.STORE_BYTES_IN_ATTACHMENT due to " + + "EncryptBeforeSigning or ProtectTokens policy."); + storeBytesInAttachment = false; + } + } + + Element soapBody = SAAJUtils.getBody(saaj); + if (soapBody != null) { + callbackLookup = new CXFCallbackLookup(soapBody.getOwnerDocument(), soapBody); + } else { + callbackLookup = null; + } +>>>>>>> f399b92... Support the ability to store BASE-64 encoded (encryption) bytes in message attachments } protected void insertAfter(Element child, Element sib) { @@ -1382,7 +1419,15 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle } protected WSSecEncryptedKey getEncryptedKeyBuilder(AbstractToken token) throws WSSecurityException { +<<<<<<< HEAD WSSecEncryptedKey encrKey = new WSSecEncryptedKey(wssConfig); +======= + WSSecEncryptedKey encrKey = new WSSecEncryptedKey(); + encrKey.setIdAllocator(wssConfig.getIdAllocator()); + encrKey.setCallbackLookup(callbackLookup); + encrKey.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message)); + encrKey.setStoreBytesInAttachment(storeBytesInAttachment); +>>>>>>> f399b92... Support the ability to store BASE-64 encoded (encryption) bytes in message attachments Crypto crypto = getEncryptionCrypto(); message.getExchange().put(SecurityConstants.ENCRYPT_CRYPTO, crypto); setKeyIdentifierType(encrKey, token); @@ -1668,6 +1713,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle ) throws WSSecurityException { WSSecSignature sig = new WSSecSignature(wssConfig); sig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message)); + sig.setStoreBytesInAttachment(storeBytesInAttachment); checkForX509PkiPath(sig, token); if (token instanceof IssuedToken || token instanceof SamlToken) { assertPolicy(token); http://git-wip-us.apache.org/repos/asf/cxf/blob/22937bb5/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java index 82f99de..c41580f 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java @@ -453,7 +453,15 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { AlgorithmSuite algorithmSuite = abinding.getAlgorithmSuite(); if (encrToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) { try { +<<<<<<< HEAD WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(wssConfig); +======= + WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(); + dkEncr.setIdAllocator(wssConfig.getIdAllocator()); + dkEncr.setCallbackLookup(callbackLookup); + dkEncr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message)); + dkEncr.setStoreBytesInAttachment(storeBytesInAttachment); +>>>>>>> f399b92... Support the ability to store BASE-64 encoded (encryption) bytes in message attachments if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP11) { dkEncr.setWscVersion(ConversationConstants.VERSION_05_02); } @@ -483,6 +491,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { try { WSSecEncrypt encr = new WSSecEncrypt(wssConfig); encr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message)); + encr.setStoreBytesInAttachment(storeBytesInAttachment); encr.setDocument(saaj.getSOAPPart()); Crypto crypto = getEncryptionCrypto(); @@ -615,7 +624,15 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { // Set up the encrypted key to use setupEncryptedKey(wrapper, sigToken); +<<<<<<< HEAD WSSecDKSign dkSign = new WSSecDKSign(wssConfig); +======= + WSSecDKSign dkSign = new WSSecDKSign(); + dkSign.setIdAllocator(wssConfig.getIdAllocator()); + dkSign.setCallbackLookup(callbackLookup); + dkSign.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message)); + dkSign.setStoreBytesInAttachment(storeBytesInAttachment); +>>>>>>> f399b92... Support the ability to store BASE-64 encoded (encryption) bytes in message attachments if (wrapper.getToken().getVersion() == SPConstants.SPVersion.SP11) { dkSign.setWscVersion(ConversationConstants.VERSION_05_02); } http://git-wip-us.apache.org/repos/asf/cxf/blob/22937bb5/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java index 0b70426..451e2d2 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java @@ -399,6 +399,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { try { WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(wssConfig); dkEncr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message)); + dkEncr.setStoreBytesInAttachment(storeBytesInAttachment); if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP11) { dkEncr.setWscVersion(ConversationConstants.VERSION_05_02); } @@ -512,6 +513,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { try { WSSecEncrypt encr = new WSSecEncrypt(wssConfig); encr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message)); + encr.setStoreBytesInAttachment(storeBytesInAttachment); String encrTokId = encrTok.getId(); if (attached) { encrTokId = encrTok.getWsuId(); @@ -627,6 +629,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { Document doc = saaj.getSOAPPart(); WSSecDKSign dkSign = new WSSecDKSign(wssConfig); dkSign.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message)); + dkSign.setStoreBytesInAttachment(storeBytesInAttachment); if (policyAbstractTokenWrapper.getToken().getVersion() == SPConstants.SPVersion.SP11) { dkSign.setWscVersion(ConversationConstants.VERSION_05_02); } @@ -754,6 +757,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { } else { WSSecSignature sig = new WSSecSignature(wssConfig); sig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message)); + sig.setStoreBytesInAttachment(storeBytesInAttachment); // If a EncryptedKeyToken is used, set the correct value type to // be used in the wsse:Reference in ds:KeyInfo int type = included ? WSConstants.CUSTOM_SYMM_SIGNING http://git-wip-us.apache.org/repos/asf/cxf/blob/22937bb5/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java index 162e7b3..3c79a43 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java @@ -119,8 +119,7 @@ public class MTOMSecurityTest extends AbstractBusClientServerTestBase { // Here we moving encrypted bytes to attachments instead, and referencing them via xop:Include // This avoids the BASE-64 encoding/decoding step when the raw bytes are included in the SOAP Envelope @org.junit.Test - @org.junit.Ignore - public void testEncryptedDataInAttachment() throws Exception { + public void testAsymmetricBytesInAttachment() throws Exception { SpringBusFactory bf = new SpringBusFactory(); URL busFile = MTOMSecurityTest.class.getResource("client.xml"); @@ -142,4 +141,52 @@ public class MTOMSecurityTest extends AbstractBusClientServerTestBase { ((java.io.Closeable)port).close(); bus.shutdown(true); } + + @org.junit.Test + public void testSymmetricBytesInAttachment() throws Exception { + + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = MTOMSecurityTest.class.getResource("client.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + URL wsdl = MTOMSecurityTest.class.getResource("DoubleItMtom.wsdl"); + Service service = Service.create(wsdl, SERVICE_QNAME); + QName portQName = new QName(NAMESPACE, "DoubleItSymmetricPort"); + DoubleItPortType port = + service.getPort(portQName, DoubleItPortType.class); + updateAddressPort(port, PORT); + + int result = port.doubleIt(25); + assertEquals(result, 50); + + ((java.io.Closeable)port).close(); + bus.shutdown(true); + } + + @org.junit.Test + public void testActionBytesInAttachment() throws Exception { + + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = MTOMSecurityTest.class.getResource("client.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + URL wsdl = MTOMSecurityTest.class.getResource("DoubleItMtom.wsdl"); + Service service = Service.create(wsdl, SERVICE_QNAME); + QName portQName = new QName(NAMESPACE, "DoubleItActionPort"); + DoubleItPortType port = + service.getPort(portQName, DoubleItPortType.class); + updateAddressPort(port, PORT); + + int result = port.doubleIt(25); + assertEquals(result, 50); + + ((java.io.Closeable)port).close(); + bus.shutdown(true); + } } http://git-wip-us.apache.org/repos/asf/cxf/blob/22937bb5/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/DoubleItMtom.wsdl ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/DoubleItMtom.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/DoubleItMtom.wsdl index c50a8ae..57bc5e9 100644 --- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/DoubleItMtom.wsdl +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/DoubleItMtom.wsdl @@ -52,6 +52,39 @@ </wsdl:fault> </wsdl:operation> </wsdl:binding> + <wsdl:binding name="DoubleItSymmetricBinding" type="tns:DoubleItPortType"> + <wsp:PolicyReference URI="#DoubleItSymmetricPolicy"/> + <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> + <wsdl:operation name="DoubleIt"> + <soap:operation soapAction=""/> + <wsdl:input> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/> + </wsdl:input> + <wsdl:output> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/> + </wsdl:output> + <wsdl:fault name="DoubleItFault"> + <soap:body use="literal" name="DoubleItFault"/> + </wsdl:fault> + </wsdl:operation> + </wsdl:binding> + <wsdl:binding name="DoubleItActionBinding" type="tns:DoubleItPortType"> + <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> + <wsdl:operation name="DoubleIt"> + <soap:operation soapAction=""/> + <wsdl:input> + <soap:body use="literal"/> + </wsdl:input> + <wsdl:output> + <soap:body use="literal"/> + </wsdl:output> + <wsdl:fault name="DoubleItFault"> + <soap:body use="literal" name="DoubleItFault"/> + </wsdl:fault> + </wsdl:operation> + </wsdl:binding> <wsdl:service name="DoubleItService"> <wsdl:port name="DoubleItSignedMTOMInlinePort" binding="tns:DoubleItNoSecurityBinding"> @@ -63,6 +96,12 @@ <wsdl:port name="DoubleItAsymmetricPort" binding="tns:DoubleItAsymmetricBinding"> <soap:address location="http://localhost:9001/DoubleItX509Asymmetric"/> </wsdl:port> + <wsdl:port name="DoubleItSymmetricPort" binding="tns:DoubleItSymmetricBinding"> + <soap:address location="http://localhost:9001/DoubleItX509Symmetric"/> + </wsdl:port> + <wsdl:port name="DoubleItActionPort" binding="tns:DoubleItActionBinding"> + <soap:address location="http://localhost:9001/DoubleItX509Action"/> + </wsdl:port> </wsdl:service> <wsp:Policy wsu:Id="DoubleItAsymmetricPolicy"> @@ -106,6 +145,38 @@ </wsp:ExactlyOne> </wsp:Policy> + <wsp:Policy wsu:Id="DoubleItSymmetricPolicy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:SymmetricBinding> + <wsp:Policy> + <sp:ProtectionToken> + <wsp:Policy> + <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never"> + <wsp:Policy> + <sp:WssX509V3Token10/> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:ProtectionToken> + <sp:Layout> + <wsp:Policy> + <sp:Lax/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + <sp:OnlySignEntireHeadersAndBody/> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:Basic128/> + </wsp:Policy> + </sp:AlgorithmSuite> + </wsp:Policy> + </sp:SymmetricBinding> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> + <wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Input_Policy"> <wsp:ExactlyOne> <wsp:All> http://git-wip-us.apache.org/repos/asf/cxf/blob/22937bb5/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/client.xml ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/client.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/client.xml index b668025..003c64e 100644 --- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/client.xml +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/client.xml @@ -83,7 +83,7 @@ </jaxws:properties> </jaxws:client> - <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItAsymmetricPort" createdFromAPI="true"> + <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItAsymmetricPort" createdFromAPI="true"> <jaxws:properties> <entry key="security.encryption.properties" value="bob.properties"/> <entry key="security.encryption.username" value="bob"/> @@ -94,4 +94,45 @@ </jaxws:properties> </jaxws:client> + <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSymmetricPort" createdFromAPI="true"> + <jaxws:properties> + <entry key="security.encryption.properties" value="bob.properties"/> + <entry key="security.encryption.username" value="bob"/> + <entry key="mtom-enabled" value="true"/> + </jaxws:properties> + </jaxws:client> + + <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItActionPort" createdFromAPI="true"> + <jaxws:outInterceptors> + <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> + <constructor-arg> + <map> + <entry key="action" value="Signature Timestamp"/> + <entry key="signatureUser" value="alice"/> + <entry key="signaturePropFile" value="alice.properties"/> + <entry key="signatureKeyIdentifier" value="DirectReference"/> + <entry key="signatureParts" + value="{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{}{http://schemas.xmlsoap.org/soap/envelope/}Body;"/> + <entry key="passwordCallbackClass" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/> + <entry key="storeBytesInAttachment" value="true"/> + </map> + </constructor-arg> + </bean> + </jaxws:outInterceptors> + <jaxws:inInterceptors> + <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> + <constructor-arg> + <map> + <entry key="action" value="Signature"/> + <entry key="signatureVerificationPropFile" value="alice.properties"/> + </map> + </constructor-arg> + </bean> + </jaxws:inInterceptors> + <jaxws:properties> + <entry key="mtom-enabled" value="true"/> + </jaxws:properties> + </jaxws:client> + + </beans> http://git-wip-us.apache.org/repos/asf/cxf/blob/22937bb5/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/server.xml ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/server.xml index aa034e0..98051fb 100644 --- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/server.xml +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/server.xml @@ -103,4 +103,42 @@ </jaxws:properties> </jaxws:endpoint> + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Symmetric" address="http://localhost:${testutil.ports.mtom.Server}/DoubleItX509Symmetric" serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetricPort" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/ws/mtom/DoubleItMtom.wsdl"> + <jaxws:properties> + <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/> + <entry key="security.signature.properties" value="bob.properties"/> + <entry key="mtom-enabled" value="true"/> + </jaxws:properties> + </jaxws:endpoint> + + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Action" address="http://localhost:${testutil.ports.mtom.Server}/DoubleItX509Action" serviceName="s:DoubleItService" endpointName="s:DoubleItActionPort" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/ws/mtom/DoubleItMtom.wsdl"> + <jaxws:outInterceptors> + <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor"> + <constructor-arg> + <map> + <entry key="action" value="Signature"/> + <entry key="signatureUser" value="bob"/> + <entry key="signaturePropFile" value="bob.properties"/> + <entry key="signatureKeyIdentifier" value="DirectReference"/> + <entry key="passwordCallbackClass" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/> + <entry key="storeBytesInAttachment" value="true"/> + </map> + </constructor-arg> + </bean> + </jaxws:outInterceptors> + <jaxws:inInterceptors> + <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> + <constructor-arg> + <map> + <entry key="action" value="Signature Timestamp"/> + <entry key="signatureVerificationPropFile" value="bob.properties"/> + </map> + </constructor-arg> + </bean> + </jaxws:inInterceptors> + <jaxws:properties> + <entry key="mtom-enabled" value="true"/> + </jaxws:properties> + </jaxws:endpoint> + </beans>