Disable taking a UsernameToken with no password as the security context principal
# Conflicts: # rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java # rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java # rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java # rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/786604cf Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/786604cf Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/786604cf Branch: refs/heads/3.1.x-fixes Commit: 786604cf247878b8625b51d62e749caaf1559006 Parents: 03f4a10 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Tue Apr 4 08:36:35 2017 +0100 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Tue Apr 4 08:37:18 2017 +0100 ---------------------------------------------------------------------- .../cxf/rt/security/SecurityConstants.java | 12 ++++++ .../cxf/rt/security/utils/SecurityUtils.java | 5 +++ .../DefaultWSS4JSecurityContextCreator.java | 18 +++++++- .../wss4j/StaxSecurityContextInInterceptor.java | 44 +++++++++++++++++--- .../cxf/systest/wssec/examples/ut/server.xml | 1 + .../systest/wssec/examples/ut/stax-server.xml | 1 + .../apache/cxf/systest/ws/ut/server-derived.xml | 7 ++++ .../org/apache/cxf/systest/ws/ut/server.xml | 1 + .../apache/cxf/systest/ws/ut/stax-server.xml | 1 + 9 files changed, 84 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/786604cf/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java ---------------------------------------------------------------------- diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java b/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java index 5ee526b..80cf1bd 100644 --- a/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java +++ b/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java @@ -158,6 +158,13 @@ public class SecurityConstants { "security.enable.unsigned-saml-assertion.principal"; /** + * Whether to allow UsernameTokens with no password to be used as SecurityContext Principals. + * The default is false. + */ + public static final String ENABLE_UT_NOPASSWORD_PRINCIPAL = + "security.enable.ut-no-password.principal"; + + /** * Whether to validate the SubjectConfirmation requirements of a received SAML Token * (sender-vouches or holder-of-key). The default is true. */ @@ -345,7 +352,12 @@ public class SecurityConstants { CALLBACK_HANDLER, SAML_CALLBACK_HANDLER, SIGNATURE_PROPERTIES, SIGNATURE_CRYPTO, ENCRYPT_PROPERTIES, ENCRYPT_CRYPTO, ENCRYPT_CERT, ENABLE_REVOCATION, SUBJECT_CERT_CONSTRAINTS, ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, +<<<<<<< HEAD AUDIENCE_RESTRICTION_VALIDATION, SAML_ROLE_ATTRIBUTENAME, +======= + ENABLE_UT_NOPASSWORD_PRINCIPAL, + AUDIENCE_RESTRICTION_VALIDATION, SAML_ROLE_ATTRIBUTENAME, +>>>>>>> b77e43f... Disable taking a UsernameToken with no password as the security context principal ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, SC_FROM_JAAS_SUBJECT, STS_TOKEN_USE_CERT_FOR_KEYINFO, STS_TOKEN_DO_CANCEL, CACHE_ISSUED_TOKEN_IN_ENDPOINT, DISABLE_STS_CLIENT_WSMEX_CALL_USING_EPR_ADDRESS, STS_TOKEN_CRYPTO, http://git-wip-us.apache.org/repos/asf/cxf/blob/786604cf/rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java ---------------------------------------------------------------------- diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java b/rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java index b679edb..a0419de 100644 --- a/rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java +++ b/rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java @@ -183,11 +183,16 @@ public final class SecurityUtils { * values. If none is configured, then the defaultValue parameter is returned. */ public static boolean getSecurityPropertyBoolean(String property, Message message, boolean defaultValue) { +<<<<<<< HEAD Object value = message.getContextualProperty(property); if (value == null) { value = message.getContextualProperty("ws-" + property); } +======= + Object value = getSecurityPropertyValue(property, message); + +>>>>>>> b77e43f... Disable taking a UsernameToken with no password as the security context principal if (value != null) { return PropertyUtils.isTrue(value); } http://git-wip-us.apache.org/repos/asf/cxf/blob/786604cf/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java index 5a832ef..cd15d46 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java @@ -66,6 +66,7 @@ public class DefaultWSS4JSecurityContextCreator implements WSS4JSecurityContextC * Create a SecurityContext and store it on the SoapMessage parameter */ public void createSecurityContext(SoapMessage msg, WSHandlerResult handlerResult) { +<<<<<<< HEAD String allowUnsigned = (String)SecurityUtils.getSecurityPropertyValue( @@ -74,6 +75,20 @@ public class DefaultWSS4JSecurityContextCreator implements WSS4JSecurityContextC boolean allowUnsignedSamlPrincipals = Boolean.parseBoolean(allowUnsigned); boolean useJAASSubject = true; String useJAASSubjectStr = +======= + + boolean allowUnsignedSamlPrincipals = + SecurityUtils.getSecurityPropertyBoolean( + SecurityConstants.ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, msg, false + ); + boolean allowUTNoPassword = + SecurityUtils.getSecurityPropertyBoolean( + SecurityConstants.ENABLE_UT_NOPASSWORD_PRINCIPAL, msg, false + ); + + boolean useJAASSubject = true; + String useJAASSubjectStr = +>>>>>>> b77e43f... Disable taking a UsernameToken with no password as the security context principal (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.SC_FROM_JAAS_SUBJECT, msg); if (useJAASSubjectStr != null) { useJAASSubject = Boolean.parseBoolean(useJAASSubjectStr); @@ -82,7 +97,8 @@ public class DefaultWSS4JSecurityContextCreator implements WSS4JSecurityContextC // Now go through the results in a certain order to set up a security context. Highest priority is first. Map<Integer, List<WSSecurityEngineResult>> actionResults = handlerResult.getActionResults(); for (Integer resultPriority : securityPriorities) { - if (resultPriority == WSConstants.ST_UNSIGNED && !allowUnsignedSamlPrincipals) { + if ((resultPriority == WSConstants.ST_UNSIGNED && !allowUnsignedSamlPrincipals) + || (resultPriority == WSConstants.UT_NOPASSWORD && !allowUTNoPassword)) { continue; } http://git-wip-us.apache.org/repos/asf/cxf/blob/786604cf/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java index c20105a..82cc6a1 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java @@ -31,6 +31,7 @@ import org.apache.cxf.binding.soap.SoapVersion; import org.apache.cxf.interceptor.Fault; import org.apache.cxf.interceptor.security.DefaultSecurityContext; import org.apache.cxf.interceptor.security.RolePrefixSecurityContextImpl; +import org.apache.cxf.message.Message; import org.apache.cxf.phase.AbstractPhaseInterceptor; import org.apache.cxf.phase.Phase; import org.apache.cxf.rt.security.claims.ClaimCollection; @@ -101,7 +102,7 @@ public class StaxSecurityContextInInterceptor extends AbstractPhaseInterceptor<S for (Event desiredEvent : desiredSecurityEvents) { SubjectAndPrincipalSecurityToken token = null; try { - token = getSubjectPrincipalToken(incomingSecurityEventList, desiredEvent); + token = getSubjectPrincipalToken(incomingSecurityEventList, desiredEvent, msg); } catch (XMLSecurityException ex) { // proceed } @@ -159,13 +160,15 @@ public class StaxSecurityContextInInterceptor extends AbstractPhaseInterceptor<S } private SubjectAndPrincipalSecurityToken getSubjectPrincipalToken(List<SecurityEvent> incomingSecurityEventList, - Event desiredEvent) throws XMLSecurityException { + Event desiredEvent, + Message msg) throws XMLSecurityException { for (SecurityEvent event : incomingSecurityEventList) { if (desiredEvent == event.getSecurityEventType()) { - if (event.getSecurityEventType() == WSSecurityEventConstants.USERNAME_TOKEN) { + if (event.getSecurityEventType() == WSSecurityEventConstants.USERNAME_TOKEN + && isUsernameTokenEventAllowed((UsernameTokenSecurityEvent)event, msg)) { return ((UsernameTokenSecurityEvent)event).getSecurityToken(); } else if (event.getSecurityEventType() == WSSecurityEventConstants.SAML_TOKEN - && isSamlEventSigned((SamlTokenSecurityEvent)event)) { + && isSamlEventAllowed((SamlTokenSecurityEvent)event, msg)) { return ((SamlTokenSecurityEvent)event).getSecurityToken(); } else if (event.getSecurityEventType() == WSSecurityEventConstants.X509Token && isUsedForPublicKeySignature(((X509TokenSecurityEvent)event).getSecurityToken())) { @@ -209,6 +212,7 @@ public class StaxSecurityContextInInterceptor extends AbstractPhaseInterceptor<S return token.getPublicKey() != null || (token.getX509Certificates() != null && token.getX509Certificates().length > 0); } +<<<<<<< HEAD private boolean isSamlEventSigned(SamlTokenSecurityEvent event) { if (event == null) { @@ -216,8 +220,38 @@ public class StaxSecurityContextInInterceptor extends AbstractPhaseInterceptor<S } return event.getSecurityToken() != null +======= + + private boolean isSamlEventAllowed(SamlTokenSecurityEvent event, Message msg) { + if (event == null) { + return false; + } + + boolean allowUnsignedSamlPrincipals = + SecurityUtils.getSecurityPropertyBoolean( + SecurityConstants.ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, msg, false + ); + + // The SAML Assertion must be signed by default + return event.getSecurityToken() != null +>>>>>>> b77e43f... Disable taking a UsernameToken with no password as the security context principal && event.getSecurityToken().getSamlAssertionWrapper() != null - && event.getSecurityToken().getSamlAssertionWrapper().isSigned(); + && (allowUnsignedSamlPrincipals || event.getSecurityToken().getSamlAssertionWrapper().isSigned()); + } + + private boolean isUsernameTokenEventAllowed(UsernameTokenSecurityEvent event, Message msg) { + if (event == null) { + return false; + } + + boolean allowUTNoPassword = + SecurityUtils.getSecurityPropertyBoolean( + SecurityConstants.ENABLE_UT_NOPASSWORD_PRINCIPAL, msg, false + ); + + // The "no password" case is not allowed by default + return event.getSecurityToken() != null + && (allowUTNoPassword || event.getSecurityToken().getPassword() != null); } private SecurityContext createSecurityContext(final Principal p) { http://git-wip-us.apache.org/repos/asf/cxf/blob/786604cf/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/server.xml ---------------------------------------------------------------------- diff --git a/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/server.xml b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/server.xml index 0c6a11e..3491d4d 100644 --- a/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/server.xml +++ b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/server.xml @@ -32,6 +32,7 @@ </jaxws:endpoint> <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="PlaintextNoPassword" address="http://localhost:${testutil.ports.ut.Server}/DoubleItUTPlaintextNoPassword" serviceName="s:DoubleItService" endpointName="s:DoubleItPlaintextNoPasswordPort" implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/wssec/examples/ut/DoubleItUt.wsdl"> <jaxws:properties> + <entry key="security.enable.ut-no-password.principal" value="true"/> <entry key="security.callback-handler" value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/> </jaxws:properties> </jaxws:endpoint> http://git-wip-us.apache.org/repos/asf/cxf/blob/786604cf/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/stax-server.xml ---------------------------------------------------------------------- diff --git a/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/stax-server.xml b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/stax-server.xml index aa64f48..2d258d2 100644 --- a/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/stax-server.xml +++ b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/stax-server.xml @@ -33,6 +33,7 @@ </jaxws:endpoint> <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="PlaintextNoPassword" address="http://localhost:${testutil.ports.ut.StaxServer}/DoubleItUTPlaintextNoPassword" serviceName="s:DoubleItService" endpointName="s:DoubleItPlaintextNoPasswordPort" implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/wssec/examples/ut/DoubleItUt.wsdl"> <jaxws:properties> + <entry key="security.enable.ut-no-password.principal" value="true"/> <entry key="security.callback-handler" value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/> <entry key="ws-security.enable.streaming" value="true"/> </jaxws:properties> http://git-wip-us.apache.org/repos/asf/cxf/blob/786604cf/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server-derived.xml ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server-derived.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server-derived.xml index c114b8e..12e6d69 100644 --- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server-derived.xml +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server-derived.xml @@ -28,26 +28,31 @@ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="SymmetricSignature" address="http://localhost:${testutil.ports.ut.ServerDerived}/DoubleItUTDerivedSymmetricProtectionSig" serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetricProtectionSigPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUtDerived.wsdl"> <jaxws:properties> <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/> + <entry key="security.enable.ut-no-password.principal" value="true"/> </jaxws:properties> </jaxws:endpoint> <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="SymmetricSignatureDK" address="http://localhost:${testutil.ports.ut.ServerDerived}/DoubleItUTDerivedSymmetricProtectionSigDK" serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetricProtectionSigDKPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUtDerived.wsdl"> <jaxws:properties> <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/> + <entry key="security.enable.ut-no-password.principal" value="true"/> </jaxws:properties> </jaxws:endpoint> <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="SymmetricEncryption" address="http://localhost:${testutil.ports.ut.ServerDerived}/DoubleItUTDerivedSymmetricProtectionEnc" serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetricProtectionEncPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUtDerived.wsdl"> <jaxws:properties> <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/> + <entry key="security.enable.ut-no-password.principal" value="true"/> </jaxws:properties> </jaxws:endpoint> <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="TransportEndorsing" address="https://localhost:${testutil.ports.ut.ServerDerived.2}/DoubleItUTDerivedTransportEndorsing" serviceName="s:DoubleItService" endpointName="s:DoubleItTransportEndorsingPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" depends-on="tls-settings" wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUtDerived.wsdl"> <jaxws:properties> <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/> + <entry key="security.enable.ut-no-password.principal" value="true"/> </jaxws:properties> </jaxws:endpoint> <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="SymmetricSignedEndorsing" address="http://localhost:${testutil.ports.ut.ServerDerived}/DoubleItUTDerivedSymmetricSignedEndorsing" serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetricSignedEndorsingPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUtDerived.wsdl"> <jaxws:properties> <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/> + <entry key="security.enable.ut-no-password.principal" value="true"/> <entry key="security.signature.properties" value="bob.properties"/> <entry key="security.subject.cert.constraints" value=".*O=apache.org.*"/> </jaxws:properties> @@ -55,6 +60,7 @@ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="SymmetricEndorsingEncrypted" address="http://localhost:${testutil.ports.ut.ServerDerived}/DoubleItUTDerivedSymmetricEndorsingEncrypted" serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetricEndorsingEncryptedPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUtDerived.wsdl"> <jaxws:properties> <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/> + <entry key="security.enable.ut-no-password.principal" value="true"/> <entry key="security.signature.properties" value="bob.properties"/> <entry key="security.subject.cert.constraints" value=".*O=apache.org.*"/> </jaxws:properties> @@ -62,6 +68,7 @@ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="SymmetricSignedEndorsingEncrypted" address="http://localhost:${testutil.ports.ut.ServerDerived}/DoubleItUTDerivedSymmetricSignedEndorsingEncrypted" serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetricSignedEndorsingEncryptedPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUtDerived.wsdl"> <jaxws:properties> <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/> + <entry key="security.enable.ut-no-password.principal" value="true"/> <entry key="security.signature.properties" value="bob.properties"/> <entry key="security.subject.cert.constraints" value=".*O=apache.org.*"/> </jaxws:properties> http://git-wip-us.apache.org/repos/asf/cxf/blob/786604cf/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server.xml ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server.xml index 8084a66..0da6275 100644 --- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server.xml +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server.xml @@ -70,6 +70,7 @@ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="NoPassword" address="https://localhost:${testutil.ports.ut.Server}/DoubleItUTNoPassword" serviceName="s:DoubleItService" endpointName="s:DoubleItNoPasswordPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUt.wsdl" depends-on="tls-settings"> <jaxws:properties> <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/> + <entry key="security.enable.ut-no-password.principal" value="true"/> </jaxws:properties> </jaxws:endpoint> <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="SignedEndorsing" address="https://localhost:${testutil.ports.ut.Server}/DoubleItUTSignedEndorsing" serviceName="s:DoubleItService" endpointName="s:DoubleItSignedEndorsingPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUt.wsdl" depends-on="tls-settings"> http://git-wip-us.apache.org/repos/asf/cxf/blob/786604cf/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/stax-server.xml ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/stax-server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/stax-server.xml index 3a32e5e..bb829a2 100644 --- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/stax-server.xml +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/stax-server.xml @@ -75,6 +75,7 @@ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="NoPassword" address="https://localhost:${testutil.ports.ut.StaxServer}/DoubleItUTNoPassword" serviceName="s:DoubleItService" endpointName="s:DoubleItNoPasswordPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUt.wsdl" depends-on="tls-settings"> <jaxws:properties> <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/> + <entry key="security.enable.ut-no-password.principal" value="true"/> <entry key="ws-security.enable.streaming" value="true"/> </jaxws:properties> </jaxws:endpoint>