Adding test for custom parameters with claims handling
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9ac7471e Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9ac7471e Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9ac7471e Branch: refs/heads/3.1.x-fixes Commit: 9ac7471e08cf7a9c1e0dd002a926a8063fdf5945 Parents: 1ccbccb Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Thu Jan 26 10:56:53 2017 +0000 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Thu Jan 26 10:57:30 2017 +0000 ---------------------------------------------------------------------- .../systest/sts/custom/CustomClaimsHandler.java | 95 ++++++++++++++ .../systest/sts/custom/CustomParameterTest.java | 101 ++++++++++++++- .../src/test/resources/logging.properties | 2 +- .../apache/cxf/systest/sts/custom/DoubleIt.wsdl | 86 +++++++++++++ .../cxf/systest/sts/custom/cxf-client.xml | 4 + .../cxf/systest/sts/custom/cxf-service.xml | 6 + .../cxf/systest/sts/custom/cxf-sts-common.xml | 129 +++++++++++++++++++ .../apache/cxf/systest/sts/custom/cxf-sts.xml | 7 +- .../systest/sts/deployment/cxf-sts-common.xml | 1 - 9 files changed, 425 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/9ac7471e/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomClaimsHandler.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomClaimsHandler.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomClaimsHandler.java new file mode 100644 index 0000000..dd8ae8e --- /dev/null +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomClaimsHandler.java @@ -0,0 +1,95 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.systest.sts.custom; + +import java.net.URI; +import java.util.ArrayList; +import java.util.List; + +import org.w3c.dom.Element; + +import org.apache.cxf.rt.security.claims.Claim; +import org.apache.cxf.rt.security.claims.ClaimCollection; +import org.apache.cxf.sts.claims.ClaimsHandler; +import org.apache.cxf.sts.claims.ClaimsParameters; +import org.apache.cxf.sts.claims.ProcessedClaim; +import org.apache.cxf.sts.claims.ProcessedClaimCollection; +import org.apache.wss4j.common.util.XMLUtils; + +/** + * A custom ClaimsHandler implementation for use in the tests. + */ +public class CustomClaimsHandler implements ClaimsHandler { + + public static final URI ROLE = + URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"); + public static final URI GIVEN_NAME = + URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"); + public static final URI LANGUAGE = + URI.create("http://schemas.mycompany.com/claims/language"); + + public ProcessedClaimCollection retrieveClaimValues( + ClaimCollection claims, ClaimsParameters parameters) { + + if (claims != null && claims.size() > 0) { + ProcessedClaimCollection claimCollection = new ProcessedClaimCollection(); + List<Element> customContent = parameters.getTokenRequirements().getCustomContent(); + boolean foundContent = false; + if (customContent != null) { + for (Element customContentElement : customContent) { + Element realm = XMLUtils.findElement(customContentElement, "realm", "http://cxf.apache.org/custom"); + if (realm != null) { + String realmStr = realm.getTextContent(); + if ("custom-realm".equals(realmStr)) { + foundContent = true; + } + } + } + } + + for (Claim requestClaim : claims) { + ProcessedClaim claim = new ProcessedClaim(); + claim.setClaimType(requestClaim.getClaimType()); + claim.setIssuer("Test Issuer"); + claim.setOriginalIssuer("Original Issuer"); + if (foundContent) { + if (ROLE.equals(requestClaim.getClaimType())) { + claim.addValue("admin-user"); + } else if (GIVEN_NAME.equals(requestClaim.getClaimType())) { + claim.addValue(parameters.getPrincipal().getName()); + } else if (LANGUAGE.equals(requestClaim.getClaimType())) { + claim.addValue(parameters.getPrincipal().getName()); + } + } + claimCollection.add(claim); + } + return claimCollection; + } + return null; + } + + public List<URI> getSupportedClaimTypes() { + List<URI> list = new ArrayList<URI>(); + list.add(ROLE); + list.add(GIVEN_NAME); + list.add(LANGUAGE); + return list; + } + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/9ac7471e/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomParameterTest.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomParameterTest.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomParameterTest.java index 03b0f0a..9100f56 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomParameterTest.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomParameterTest.java @@ -72,9 +72,9 @@ public class CustomParameterTest extends AbstractBusClientServerTestBase { stopAllServers(); } - + // Here the custom parameter in the RST is parsed by the CustomUTValidator @org.junit.Test - public void testCustomParameterInRST() throws Exception { + public void testCustomParameterInRSTValidator() throws Exception { SpringBusFactory bf = new SpringBusFactory(); URL busFile = CustomParameterTest.class.getResource("cxf-client.xml"); @@ -117,8 +117,9 @@ public class CustomParameterTest extends AbstractBusClientServerTestBase { bus.shutdown(true); } + // Here the custom parameter in the RST is parsed by the CustomUTValidator @org.junit.Test - public void testCustomParameterInRST2() throws Exception { + public void testCustomParameterInRST2Validator() throws Exception { SpringBusFactory bf = new SpringBusFactory(); URL busFile = CustomParameterTest.class.getResource("cxf-client.xml"); @@ -166,6 +167,100 @@ public class CustomParameterTest extends AbstractBusClientServerTestBase { bus.shutdown(true); } + // Here the custom parameter in the RST is parsed by the CustomClaimsHandler + @org.junit.Test + public void testCustomParameterInRSTClaimsHandler() throws Exception { + + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = CustomParameterTest.class.getResource("cxf-client.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + URL wsdl = CustomParameterTest.class.getResource("DoubleIt.wsdl"); + Service service = Service.create(wsdl, SERVICE_QNAME); + QName portQName = new QName(NAMESPACE, "DoubleItTransportCustomParameterClaimsPort"); + DoubleItPortType transportClaimsPort = + service.getPort(portQName, DoubleItPortType.class); + updateAddressPort(transportClaimsPort, PORT); + + TokenTestUtils.updateSTSPort((BindingProvider)transportClaimsPort, STSPORT); + + STSClient stsClient = new STSClient(bus); + stsClient.setWsdlLocation("https://localhost:" + STSPORT + "/SecurityTokenService/Transport?wsdl"); + stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"); + stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port"); + + Map<String, Object> properties = new HashMap<>(); + properties.put("security.username", "alice"); + properties.put("security.callback-handler", "org.apache.cxf.systest.sts.common.CommonCallbackHandler"); + properties.put("security.sts.token.username", "myclientkey"); + properties.put("security.sts.token.properties", "clientKeystore.properties"); + properties.put("security.sts.token.usecert", "true"); + stsClient.setProperties(properties); + + ((BindingProvider)transportClaimsPort).getRequestContext().put(SecurityConstants.STS_CLIENT, stsClient); + + // Successful test + + // Add custom content to the RST + stsClient.setCustomContent("<realm xmlns=\"http://cxf.apache.org/custom\">custom-realm</realm>"); + doubleIt(transportClaimsPort, 25); + + ((java.io.Closeable)transportClaimsPort).close(); + bus.shutdown(true); + } + + // Here the custom parameter in the RST is parsed by the CustomClaimsHandler + @org.junit.Test + public void testCustomParameterInRSTClaimsHandler2() throws Exception { + + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = CustomParameterTest.class.getResource("cxf-client.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + URL wsdl = CustomParameterTest.class.getResource("DoubleIt.wsdl"); + Service service = Service.create(wsdl, SERVICE_QNAME); + QName portQName = new QName(NAMESPACE, "DoubleItTransportCustomParameterClaimsPort"); + DoubleItPortType transportClaimsPort = + service.getPort(portQName, DoubleItPortType.class); + updateAddressPort(transportClaimsPort, PORT); + + TokenTestUtils.updateSTSPort((BindingProvider)transportClaimsPort, STSPORT); + + STSClient stsClient = new STSClient(bus); + stsClient.setWsdlLocation("https://localhost:" + STSPORT + "/SecurityTokenService/Transport?wsdl"); + stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"); + stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port"); + + Map<String, Object> properties = new HashMap<>(); + properties.put("security.username", "alice"); + properties.put("security.callback-handler", "org.apache.cxf.systest.sts.common.CommonCallbackHandler"); + properties.put("security.sts.token.username", "myclientkey"); + properties.put("security.sts.token.properties", "clientKeystore.properties"); + properties.put("security.sts.token.usecert", "true"); + stsClient.setProperties(properties); + + ((BindingProvider)transportClaimsPort).getRequestContext().put(SecurityConstants.STS_CLIENT, stsClient); + + // Failing test + + // Add custom content to the RST + stsClient.setCustomContent("<realm xmlns=\"http://cxf.apache.org/custom\">custom-unknown-realm</realm>"); + try { + doubleIt(transportClaimsPort, 25); + fail("Failure expected on the wrong realm"); + } catch (Exception ex) { + // expected + } + + ((java.io.Closeable)transportClaimsPort).close(); + bus.shutdown(true); + } private static void doubleIt(DoubleItPortType port, int numToDouble) { int resp = port.doubleIt(numToDouble); http://git-wip-us.apache.org/repos/asf/cxf/blob/9ac7471e/services/sts/systests/advanced/src/test/resources/logging.properties ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/resources/logging.properties b/services/sts/systests/advanced/src/test/resources/logging.properties index 743f1ef..4d286d1 100644 --- a/services/sts/systests/advanced/src/test/resources/logging.properties +++ b/services/sts/systests/advanced/src/test/resources/logging.properties @@ -56,7 +56,7 @@ java.util.logging.FileHandler.count = 1 java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter # Limit the message that are printed on the console to WARNING and above. -java.util.logging.ConsoleHandler.level = SEVERE +java.util.logging.ConsoleHandler.level = INFO java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter http://git-wip-us.apache.org/repos/asf/cxf/blob/9ac7471e/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/DoubleIt.wsdl ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/DoubleIt.wsdl b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/DoubleIt.wsdl index a76996f..3d2c09d 100644 --- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/DoubleIt.wsdl +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/DoubleIt.wsdl @@ -34,10 +34,28 @@ </wsdl:output> </wsdl:operation> </wsdl:binding> + <wsdl:binding name="DoubleItTransportCustomParameterClaimsBinding" type="tns:DoubleItPortType"> + <wsp:PolicyReference URI="#DoubleItBindingTransportClaimsPolicy"/> + <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> + <wsdl:operation name="DoubleIt"> + <soap:operation soapAction=""/> + <wsdl:input> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/> + </wsdl:input> + <wsdl:output> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/> + </wsdl:output> + </wsdl:operation> + </wsdl:binding> <wsdl:service name="DoubleItService"> <wsdl:port name="DoubleItTransportCustomParameterPort" binding="tns:DoubleItTransportCustomParameterBinding"> <soap:address location="https://localhost:8081/doubleit/services/doubleittransportcustomparameter"/> </wsdl:port> + <wsdl:port name="DoubleItTransportCustomParameterClaimsPort" binding="tns:DoubleItTransportCustomParameterClaimsBinding"> + <soap:address location="https://localhost:8081/doubleit/services/doubleittransportcustomparameterclaims"/> + </wsdl:port> </wsdl:service> <wsp:Policy wsu:Id="DoubleItBindingTransportPolicy"> <wsp:ExactlyOne> @@ -104,6 +122,74 @@ </wsp:All> </wsp:ExactlyOne> </wsp:Policy> + <wsp:Policy wsu:Id="DoubleItBindingTransportClaimsPolicy"> + <wsp:ExactlyOne> + <wsp:All> + <wsam:Addressing wsp:Optional="false"> + <wsp:Policy/> + </wsam:Addressing> + <sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> + <wsp:Policy> + <sp:TransportToken> + <wsp:Policy> + <sp:IssuedToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"> + <sp:RequestSecurityTokenTemplate> + <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType> + <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</t:KeyType> + <t:Claims xmlns:ic="http://schemas.xmlsoap.org/ws/2005/05/identity" Dialect="http://schemas.xmlsoap.org/ws/2005/05/identity"> + <ic:ClaimType Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"/> + </t:Claims> + </sp:RequestSecurityTokenTemplate> + <wsp:Policy> + <sp:RequireInternalReference/> + </wsp:Policy> + <sp:Issuer> + <wsaw:Address>http://localhost:8080/SecurityTokenService/UT + </wsaw:Address> + <wsaw:Metadata> + <wsx:Metadata> + <wsx:MetadataSection> + <wsx:MetadataReference> + <wsaw:Address>http://localhost:8080/SecurityTokenService/UT/mex + </wsaw:Address> + </wsx:MetadataReference> + </wsx:MetadataSection> + </wsx:Metadata> + </wsaw:Metadata> + </sp:Issuer> + </sp:IssuedToken> + </wsp:Policy> + </sp:TransportToken> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:TripleDes/> + </wsp:Policy> + </sp:AlgorithmSuite> + <sp:Layout> + <wsp:Policy> + <sp:Lax/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + </wsp:Policy> + </sp:TransportBinding> + <sp:Wss11> + <wsp:Policy> + <sp:MustSupportRefIssuerSerial/> + <sp:MustSupportRefThumbprint/> + <sp:MustSupportRefEncryptedKey/> + </wsp:Policy> + </sp:Wss11> + <sp:Trust13> + <wsp:Policy> + <sp:MustSupportIssuedTokens/> + <sp:RequireClientEntropy/> + <sp:RequireServerEntropy/> + </wsp:Policy> + </sp:Trust13> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> <wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Input_Policy"> <wsp:ExactlyOne> <wsp:All> http://git-wip-us.apache.org/repos/asf/cxf/blob/9ac7471e/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-client.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-client.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-client.xml index fac1ee6..846b55d 100644 --- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-client.xml +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-client.xml @@ -28,6 +28,10 @@ <jaxws:properties> </jaxws:properties> </jaxws:client> + <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportCustomParameterClaimsPort" createdFromAPI="true"> + <jaxws:properties> + </jaxws:properties> + </jaxws:client> <http:conduit name="https://localhost:.*"> <http:tlsClientParameters disableCNCheck="true"> <sec:trustManagers> http://git-wip-us.apache.org/repos/asf/cxf/blob/9ac7471e/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-service.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-service.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-service.xml index 831185e..9f90717 100644 --- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-service.xml +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-service.xml @@ -25,6 +25,12 @@ <entry key="security.signature.properties" value="serviceKeystore.properties"/> </jaxws:properties> </jaxws:endpoint> + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportcustomparameterclaims" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportCustomParameterClaimsPort" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.custom.Server}/doubleit/services/doubleittransportcustomparameterclaims" wsdlLocation="org/apache/cxf/systest/sts/custom/DoubleIt.wsdl"> + <jaxws:properties> + <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/> + <entry key="security.signature.properties" value="serviceKeystore.properties"/> + </jaxws:properties> + </jaxws:endpoint> <httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf"> <httpj:engine port="${testutil.ports.custom.Server}"> <httpj:tlsServerParameters> http://git-wip-us.apache.org/repos/asf/cxf/blob/9ac7471e/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-sts-common.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-sts-common.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-sts-common.xml new file mode 100644 index 0000000..84bd04b --- /dev/null +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-sts-common.xml @@ -0,0 +1,129 @@ +<?xml version="1.0"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans" xmlns:cxf="http://cxf.apache.org/core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation=" http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/transports/http-jetty/configuration http://c xf.apache.org/schemas/configuration/http-jetty.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.2.xsd"> + + <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> + <property name="location" value="classpath:org/apache/cxf/systest/sts/deployment/sts.properties"/> + </bean> + + <cxf:bus> + <cxf:features> + <cxf:logging/> + </cxf:features> + </cxf:bus> + <bean id="transportSTSProviderBean" class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider"> + <property name="issueOperation" ref="transportIssueDelegate"/> + <property name="validateOperation" ref="transportValidateDelegate"/> + </bean> + <bean id="utDelegationHandler" class="org.apache.cxf.sts.token.delegation.UsernameTokenDelegationHandler"/> + <bean id="transportIssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation"> + <property name="tokenProviders" ref="transportTokenProviders"/> + <property name="services" ref="transportService"/> + <property name="stsProperties" ref="transportSTSProperties"/> + <property name="claimsManager" ref="claimsManager"/> + <property name="tokenStore" ref="defaultTokenStore"/> + <property name="delegationHandlers" ref="utDelegationHandler"/> + <property name="tokenValidators" ref="transportTokenValidators"/> + <property name="allowCustomContent" value="true" /> + </bean> + <bean id="transportValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation"> + <property name="tokenProviders" ref="transportTokenProviders"/> + <property name="tokenValidators" ref="transportTokenValidators"/> + <property name="stsProperties" ref="transportSTSProperties"/> + <property name="claimsManager" ref="claimsManager"/> + <property name="tokenStore" ref="defaultTokenStore"/> + </bean> + <bean id="defaultTokenStore" class="org.apache.cxf.sts.cache.DefaultInMemoryTokenStore"> + </bean> + <util:list id="transportTokenProviders"> + <ref bean="transportSamlTokenProvider"/> + <ref bean="transportCustomBSTTokenProvider"/> + <ref bean="transportJWTTokenProvider"/> + </util:list> + <util:list id="transportTokenValidators"> + <ref bean="transportSamlTokenValidator"/> + <ref bean="transportX509TokenValidator"/> + <ref bean="transportUsernameTokenValidator"/> + <ref bean="transportCustomBSTTokenValidator"/> + <ref bean="transportJWTTokenValidator"/> + </util:list> + <bean id="transportCustomBSTTokenProvider" class="org.apache.cxf.systest.sts.deployment.CustomBSTTokenProvider"> + </bean> + <bean id="transportSamlTokenProvider" class="org.apache.cxf.sts.token.provider.SAMLTokenProvider"> + <!-- <property name="attributeStatementProviders" ref="attributeStatementProvidersList" />--> + </bean> + <bean id="transportJWTTokenProvider" class="org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider"> + </bean> + <!-- + <util:list id="attributeStatementProvidersList"> + <ref bean="defaultAttributeProvider" /> + <ref bean="customAttributeProvider" /> + </util:list> + + <bean id="defaultAttributeProvider" + class="org.apache.cxf.sts.token.provider.DefaultAttributeStatementProvider"> + </bean> + + <bean id="customAttributeProvider" + class="org.apache.cxf.systest.sts.deployment.CustomAttributeStatementProvider"> + </bean> +--> + <bean id="claimsManager" class="org.apache.cxf.sts.claims.ClaimsManager"> + <property name="claimHandlers" ref="claimHandlerList"/> + <property name="claimParsers" ref="claimParserList"/> + </bean> + <util:list id="claimParserList"> + <ref bean="customClaimsParser"/> + <ref bean="identityClaimsParser"/> + </util:list> + <bean id="customClaimsParser" class="org.apache.cxf.systest.sts.deployment.CustomClaimsParser"> + </bean> + <bean id="identityClaimsParser" class="org.apache.cxf.sts.claims.IdentityClaimsParser"> + </bean> + <util:list id="claimHandlerList"> + <ref bean="customClaimsHandler"/> + </util:list> + <bean id="customClaimsHandler" class="org.apache.cxf.systest.sts.custom.CustomClaimsHandler"> + </bean> + <bean id="transportCustomBSTTokenValidator" class="org.apache.cxf.systest.sts.deployment.CustomBSTTokenValidator"> + </bean> + <bean id="transportX509TokenValidator" class="org.apache.cxf.sts.token.validator.X509TokenValidator"> + </bean> + <bean id="transportUsernameTokenValidator" class="org.apache.cxf.sts.token.validator.UsernameTokenValidator"> + </bean> + <bean id="transportSamlTokenValidator" class="org.apache.cxf.sts.token.validator.SAMLTokenValidator"> + </bean> + <bean id="transportJWTTokenValidator" class="org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator"> + </bean> + <bean id="transportService" class="org.apache.cxf.sts.service.StaticService"> + <property name="endpoints" ref="transportEndpoints"/> + </bean> + <util:list id="transportEndpoints"> + <value>https://localhost:(\d)*/doubleit/services/doubleit.*</value> + </util:list> + <bean id="transportSTSProperties" class="org.apache.cxf.sts.StaticSTSProperties"> + <property name="signaturePropertiesFile" value="${signature.properties}"/> + <property name="signatureUsername" value="${signature.username}"/> + <property name="callbackHandlerClass" value="${callback.handler}"/> + <property name="encryptionPropertiesFile" value="${encryption.properties}"/> + <property name="issuer" value="${issuer}"/> + <property name="encryptionUsername" value="${encryption.username}"/> + </bean> +</beans> http://git-wip-us.apache.org/repos/asf/cxf/blob/9ac7471e/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-sts.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-sts.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-sts.xml index 112e9b9..12fe24d 100644 --- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-sts.xml +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-sts.xml @@ -19,7 +19,7 @@ --> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:cxf="http://cxf.apache.org/core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation=" http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/transports/http-jetty/configuration http://c xf.apache.org/schemas/configuration/http-jetty.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"> - <import resource="../deployment/cxf-sts-common.xml" /> + <import resource="./cxf-sts-common.xml" /> <jaxws:endpoint xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" id="localSTS" implementor="#transportSTSProviderBean" address="https://localhost:${testutil.ports.custom.STSServer}/SecurityTokenService/UT" wsdlLocation="src/test/resources/org/apache/cxf/systest/sts/deployment/ws-trust-1.4-service.wsdl" depends-on="ClientAuthHttpsSettings" serviceName="ns1:SecurityTokenService" endpointName="ns1:UT_Port"> <jaxws:properties> @@ -27,6 +27,11 @@ <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/> </jaxws:properties> </jaxws:endpoint> + <jaxws:endpoint xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" id="localSTS2" implementor="#transportSTSProviderBean" address="https://localhost:${testutil.ports.custom.STSServer}/SecurityTokenService/Transport" wsdlLocation="src/test/resources/org/apache/cxf/systest/sts/deployment/ws-trust-1.4-service.wsdl" depends-on="ClientAuthHttpsSettings" serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Port"> + <jaxws:properties> + <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/> + </jaxws:properties> + </jaxws:endpoint> <httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf"> <httpj:engine port="${testutil.ports.custom.STSServer}"> <httpj:tlsServerParameters> http://git-wip-us.apache.org/repos/asf/cxf/blob/9ac7471e/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts-common.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts-common.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts-common.xml index 0bd4463..440cabe 100644 --- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts-common.xml +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts-common.xml @@ -41,7 +41,6 @@ <property name="tokenStore" ref="defaultTokenStore"/> <property name="delegationHandlers" ref="utDelegationHandler"/> <property name="tokenValidators" ref="transportTokenValidators"/> - <property name="allowCustomContent" value="true" /> </bean> <bean id="transportValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation"> <property name="tokenProviders" ref="transportTokenProviders"/>