cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From egl...@apache.org
Subject svn commit: r529583 [4/5] - in /incubator/cxf/trunk: rt/frontend/simple/src/main/java/org/apache/cxf/service/factory/ rt/transports/http/src/main/java/org/apache/cxf/transport/http/ rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/...
Date Tue, 17 Apr 2007 12:47:16 GMT
Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/GreeterImpl.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/GreeterImpl.java?view=auto&rev=529583
==============================================================================
--- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/GreeterImpl.java (added)
+++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/GreeterImpl.java Tue Apr 17 05:47:13 2007
@@ -0,0 +1,64 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.http;
+
+import java.util.logging.Logger;
+
+import javax.jws.WebService;
+
+import org.apache.hello_world.Greeter;
+
+
+@WebService(serviceName = "SOAPService", 
+            endpointInterface = "org.apache.hello_world.Greeter", 
+            targetNamespace = "http://apache.org/hello_world")
+public class GreeterImpl implements Greeter {
+
+    private static final Logger LOG = 
+        Logger.getLogger(GreeterImpl.class.getPackage().getName());
+    private String myName;
+    
+    public GreeterImpl() {
+        this("defaultGreeter");
+    }
+    
+    public GreeterImpl(String name) {
+        myName = name;
+    }
+
+    public String greetMe(String me) {
+        LOG.info("Executing operation greetMe");
+        //System.out.println("Executing operation greetMe");
+        //System.out.println("Message received: " + me + "\n");
+        return "Hello " + me;
+    }
+    
+
+    public String sayHi() {
+        LOG.info("Executing operation sayHi");
+        //System.out.println("Executing operation sayHi\n");
+        return "Bonjour from " + myName;
+    }
+    
+    public void pingMe() {
+    }
+
+    
+}

Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/GreeterImpl.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPConduitTest.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPConduitTest.java?view=auto&rev=529583
==============================================================================
--- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPConduitTest.java (added)
+++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPConduitTest.java Tue Apr 17 05:47:13 2007
@@ -0,0 +1,709 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.http;
+
+
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.TreeMap;
+
+import javax.xml.namespace.QName;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.configuration.security.AuthorizationPolicy;
+import org.apache.cxf.configuration.security.FiltersType;
+import org.apache.cxf.configuration.security.SSLClientPolicy;
+import org.apache.cxf.endpoint.Client;
+import org.apache.cxf.frontend.ClientProxy;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+
+import org.apache.cxf.transport.http.HTTPConduit;
+import org.apache.cxf.transport.http.HttpBasicAuthSupplier;
+import org.apache.cxf.transport.http.MessageTrustDecider;
+import org.apache.cxf.transport.http.URLConnectionInfo;
+import org.apache.cxf.transport.http.UntrustedURLConnectionIOException;
+
+import org.apache.cxf.transport.https.HttpsURLConnectionInfo;
+
+import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
+
+import org.apache.hello_world.Greeter;
+import org.apache.hello_world.services.SOAPService;
+
+import org.junit.Before;
+import org.junit.Test;
+
+/**
+ * This class tests several issues and Conduit policies based 
+ * on a set up of redirecting servers.
+ * <pre>
+ * 
+ * Http Redirection:
+ * 
+ * Rethwel(http:9004) ------\
+ *                           ----> Mortimer (http:9000)
+ * Poltim(https:9005) ------/
+ * 
+ * HttpS redirection/Trust:
+ * 
+ * Tarpin(https:9003) ----> Gordy(https:9001) ----> Bethal(https:9002)
+ * 
+ * Redirect Loop:
+ * 
+ * Hurlon (http:9006) ----> Abost(http:9007) ----\
+ *   ^                                            |
+ *   |-------------------------------------------/
+ * 
+ * Hostname Verifier Test
+ * 
+ * Morpit (https:9008)
+ * 
+ * </pre>
+ * The Bethal server issues 401 with differing realms depending on the
+ * User name given in the authorization header.
+ * <p>
+ * The Morpit has a CN that is not equal to "localhost" to kick in
+ * the Hostname Verifier.
+ */
+public class HTTPConduitTest extends AbstractBusClientServerTestBase {
+
+    private static final boolean IN_PROCESS = true;
+    
+    private static SSLClientPolicy sslClientPolicy = new SSLClientPolicy();
+    private static Map<String, String> addrMap = new TreeMap<String, String>();
+    private static List<String> servers = new ArrayList<String>();
+
+    static {
+        addrMap.put("Mortimer", "http://localhost:9000/");
+        addrMap.put("Tarpin",   "http://localhost:9003/");
+        addrMap.put("Rethwel",  "http://localhost:9004/");
+        addrMap.put("Poltim",   "http://localhost:9005/");
+        addrMap.put("Gordy",    "https://localhost:9001/");
+        addrMap.put("Bethal",   "https://localhost:9002/");
+        addrMap.put("Abost",    "http://localhost:9007/");
+        addrMap.put("Hurlon",   "http://localhost:9006/");
+        addrMap.put("Morpit",   "https://localhost:9008/");
+    }
+    
+    static {
+        String keystore = 
+            Server.class.getResource("resources/Morpit.jks").getFile();
+        //System.out.println("Keystore: " + keystore);
+        String truststore = 
+            Server.class.getResource("resources/Truststore.jks").getFile();
+        //System.out.println("Truststore: " + truststore);
+        sslClientPolicy.setKeystore(keystore);
+        sslClientPolicy.setKeystoreType("JKS");
+        sslClientPolicy.setKeystorePassword("password");
+        sslClientPolicy.setKeyPassword("password");
+        sslClientPolicy.setTrustStore(truststore);
+        sslClientPolicy.setTrustStoreType("JKS");
+        FiltersType filters = new FiltersType();
+        filters.getInclude().add(".*_EXPORT_.*");
+        filters.getInclude().add(".*_EXPORT1024_.*");
+        filters.getInclude().add(".*_WITH_DES_.*");
+        filters.getInclude().add(".*_WITH_NULL_.*");
+        filters.getInclude().add(".*_DH_anon_.*");
+        sslClientPolicy.setCiphersuiteFilters(filters);
+    }
+
+    private final QName serviceName = 
+        new QName("http://apache.org/hello_world", "SOAPService");
+    private final QName bethalQ = 
+        new QName("http://apache.org/hello_world", "Bethal");
+    private final QName gordyQ = 
+        new QName("http://apache.org/hello_world", "Gordy");
+    private final QName tarpinQ = 
+        new QName("http://apache.org/hello_world", "Tarpin");
+    private final QName rethwelQ = 
+        new QName("http://apache.org/hello_world", "Rethwel");
+    private final QName mortimerQ = 
+        new QName("http://apache.org/hello_world", "Mortimer");
+    private final QName poltimQ = 
+        new QName("http://apache.org/hello_world", "Poltim");
+    private final QName hurlonQ = 
+        new QName("http://apache.org/hello_world", "Hurlon");
+    // PMD Violation because it is not used, but 
+    // it is here for completeness.
+    //private final QName abostQ = 
+        //new QName("http://apache.org/hello_world", "Abost");
+    public HTTPConduitTest() {
+    }
+
+    /**
+     * This function is used to start up a server. It only "starts" a
+     * server if it hasn't been started before, hence its static nature.
+     * <p>
+     * This approach is used to start the needed servers for a particular test
+     * instead of starting them all in "startServers". This single needed
+     * server approach allieviates the pain in starting them all just to run
+     * a particular test in the debugger.
+     */
+    public static boolean startServer(String name) {
+        if (servers.contains(name)) {
+            return true;
+        }
+        URL serverC =
+            Server.class.getResource("resources/" + name + ".cxf");
+        boolean server = launchServer(Server.class, null,
+                new String[] { 
+                    name, 
+                    addrMap.get(name),
+                    serverC.toString() }, 
+                IN_PROCESS);
+        if (server) {
+            servers.add(name);
+        }
+        return server;
+    }
+    
+    @Before
+    public void setUp() {
+        // TODO: Do I need this?
+        System.setProperty("org.apache.cxf.bus.factory", 
+                "org.apache.cxf.bus.CXFBusFactory");
+    }
+
+    @Test
+    public void testBasicConnection() throws Exception {
+        startServer("Mortimer");
+        URL wsdl = getClass().getResource("resources/greeting.wsdl");
+        assertNotNull("WSDL is null", wsdl);
+
+        SOAPService service = new SOAPService(wsdl, serviceName);
+        assertNotNull("Service is null", service);
+
+        Greeter mortimer = service.getPort(mortimerQ, Greeter.class);
+        assertNotNull("Port is null", mortimer);
+        
+        String answer = mortimer.sayHi();
+        assertTrue("Unexpected answer: " + answer, 
+                "Bonjour from Mortimer".equals(answer));
+    }
+
+    /**
+     * This methods tests that a conduit that is not configured
+     * to follow redirects will not. The default is not to 
+     * follow redirects. 
+     * Rethwel redirects to Mortimer.
+     * 
+     * Note: Unfortunately, the invocation will 
+     * "fail" for any number of other reasons.
+     * 
+     */
+    @Test
+    public void testHttp2HttpRedirectFail() throws Exception {
+        startServer("Mortimer");
+        startServer("Rethwel");
+
+        URL wsdl = getClass().getResource("resources/greeting.wsdl");
+        assertNotNull("WSDL is null", wsdl);
+
+        SOAPService service = new SOAPService(wsdl, serviceName);
+        assertNotNull("Service is null", service);
+
+        Greeter rethwel = service.getPort(rethwelQ, Greeter.class);
+        assertNotNull("Port is null", rethwel);
+        
+        String answer = null;
+        try {
+            answer = rethwel.sayHi();
+            fail("Redirect didn't fail. Got answer: " + answer);
+        } catch (Exception e) {
+            //e.printStackTrace();
+        }
+        
+    }
+    
+    /**
+     * We use this class to reset the default bus.
+     * Note: This may not always work in the future.
+     * I was lucky in that "defaultBus" is actually a 
+     * protected static.
+     */
+    class DefaultBusFactory extends SpringBusFactory {
+        public Bus createBus(URL config) {
+            Bus bus = super.createBus(config, true);
+            defaultBus = bus;
+            return bus;
+        }
+    }
+    
+    /**
+     * This method tests if http to http redirects work.
+     * Rethwel redirects to Mortimer.
+     */
+    @Test
+    public void testHttp2HttpRedirect() throws Exception {
+        startServer("Mortimer");
+        startServer("Rethwel");
+
+        URL config = getClass().getResource("resources/Http2HttpRedirect.cxf");
+    
+        // We go through the back door, setting the default bus.
+        new DefaultBusFactory().createBus(config);
+        
+        URL wsdl = getClass().getResource("resources/greeting.wsdl");
+        assertNotNull("WSDL is null", wsdl);
+
+        SOAPService service = new SOAPService(wsdl, serviceName);
+        assertNotNull("Service is null", service);
+
+        Greeter rethwel = service.getPort(rethwelQ, Greeter.class);
+        assertNotNull("Port is null", rethwel);
+        
+        String answer = rethwel.sayHi();
+        assertTrue("Unexpected answer: " + answer, 
+                "Bonjour from Mortimer".equals(answer));
+    }
+    
+    /**
+     * This methods tests that a redirection loop will fail.
+     * Hurlon redirects to Abost, which redirects to Hurlon.
+     * 
+     * Note: Unfortunately, the invocation may "fail" for any
+     * number of reasons.
+     */
+    @Test
+    public void testHttp2HttpLoopRedirectFail() throws Exception {
+        startServer("Abost");
+        startServer("Hurlon");
+
+        URL config = getClass().getResource(
+                    "resources/Http2HttpLoopRedirectFail.cxf");
+        
+        // We go through the back door, setting the default bus.
+        new DefaultBusFactory().createBus(config);
+        
+        URL wsdl = getClass().getResource("resources/greeting.wsdl");
+        assertNotNull("WSDL is null", wsdl);
+
+        SOAPService service = new SOAPService(wsdl, serviceName);
+        assertNotNull("Service is null", service);
+
+        Greeter hurlon = service.getPort(hurlonQ, Greeter.class);
+        assertNotNull("Port is null", hurlon);
+        
+        String answer = null;
+        try {
+            answer = hurlon.sayHi();
+            fail("Redirect didn't fail. Got answer: " + answer);
+        } catch (Exception e) {
+            // This exception will be one of not being able to
+            // read from the StreamReader
+            //e.printStackTrace();
+        }
+        
+    }
+    /**
+     * This methods tests a basic https connection to Bethal.
+     * It supplies an authorization policy with premetive user/pass
+     * to avoid the 401.
+     */
+    @Test
+    public void testHttpsBasicConnection() throws Exception {
+        startServer("Bethal");
+
+        URL wsdl = getClass().getResource("resources/greeting.wsdl");
+        assertNotNull("WSDL is null", wsdl);
+
+        SOAPService service = new SOAPService(wsdl, serviceName);
+        assertNotNull("Service is null", service);
+
+        Greeter bethal = service.getPort(bethalQ, Greeter.class);
+        assertNotNull("Port is null", bethal);
+        
+        // Okay, I'm sick of configuration files.
+        // This also tests dynamic configuration of the conduit.
+        Client client = ClientProxy.getClient(bethal);
+        HTTPConduit http = 
+            (HTTPConduit) client.getConduit();
+        
+        HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
+        
+        httpClientPolicy.setAutoRedirect(false);
+        // If we set any name, but Edward, Mary, or George,
+        // and a password of "password" we will get through
+        // Bethal.
+        AuthorizationPolicy authPolicy = new AuthorizationPolicy();
+        authPolicy.setUserName("Betty");
+        authPolicy.setPassword("password");
+        
+        http.setClient(httpClientPolicy);
+        http.setSslClient(sslClientPolicy);
+        http.setAuthorization(authPolicy);
+        
+        String answer = bethal.sayHi();
+        assertTrue("Unexpected answer: " + answer, 
+                "Bonjour from Bethal".equals(answer));
+    }
+    
+
+    /**
+     * This test should fail when we hit Poltim, since it redirects
+     * to Mortimer, which is an http url, and Poltim is an https server.
+     */
+    @Test
+    public void testHttpsRedirectToHttpFail() throws Exception {
+        startServer("Mortimer");
+        startServer("Poltim");
+
+        URL wsdl = getClass().getResource("resources/greeting.wsdl");
+        assertNotNull("WSDL is null", wsdl);
+
+        SOAPService service = new SOAPService(wsdl, serviceName);
+        assertNotNull("Service is null", service);
+
+        Greeter poltim = service.getPort(poltimQ, Greeter.class);
+        assertNotNull("Port is null", poltim);
+        
+        // Okay, I'm sick of configuration files.
+        // This also tests dynamic configuration of the conduit.
+        Client client = ClientProxy.getClient(poltim);
+        HTTPConduit http = 
+            (HTTPConduit) client.getConduit();
+        
+        HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
+        
+        httpClientPolicy.setAutoRedirect(true);
+        
+        http.setClient(httpClientPolicy);
+        http.setSslClient(sslClientPolicy);
+        
+        try {
+            String answer = poltim.sayHi();
+            fail("Unexpected answer from Poltim: " + answer);
+        } catch (Exception e) {
+            //e.printStackTrace();
+        }
+    }
+    
+    class MyHttpsTrustDecider extends MessageTrustDecider {
+        
+        private String[] trustName;
+        private int      called;
+        
+        MyHttpsTrustDecider(String name) {
+            trustName = new String[] {name};
+        }
+        
+        MyHttpsTrustDecider(String[] name) {
+            trustName = name;
+        }
+        
+        public int wasCalled() {
+            return called;
+        }
+        
+        public void establishTrust(
+            String            conduitName,
+            URLConnectionInfo cinfo,
+            Message           message
+        ) throws UntrustedURLConnectionIOException {
+        
+            called++;
+
+            HttpsURLConnectionInfo ci = (HttpsURLConnectionInfo) cinfo;
+            boolean trusted = false;
+            for (int i = 0; i < trustName.length; i++) {
+                trusted = trusted 
+                         || ci.getPeerPrincipal()
+                                 .toString().contains("OU=" + trustName[i]);
+            }
+            if (!trusted) {
+                throw new UntrustedURLConnectionIOException(
+                        "Peer Principal \"" 
+                        + ci.getPeerPrincipal() 
+                        + "\" does not contain " 
+                        + getTrustNames());
+            }
+        }
+        
+        private String getTrustNames() {
+            StringBuffer sb = new StringBuffer();
+            for (int i = 0; i < trustName.length; i++) {
+                sb.append("\"OU=");
+                sb.append(trustName[i]);
+                sb.append("\"");
+                if (i < trustName.length - 1) {
+                    sb.append(", ");
+                }
+            }
+            return sb.toString();
+        }
+    }
+    
+
+    @Test
+    public void testHttpsTrust() throws Exception {
+        startServer("Bethal");
+
+        URL wsdl = getClass().getResource("resources/greeting.wsdl");
+        assertNotNull("WSDL is null", wsdl);
+
+        SOAPService service = new SOAPService(wsdl, serviceName);
+        assertNotNull("Service is null", service);
+
+        Greeter bethal = service.getPort(bethalQ, Greeter.class);
+        assertNotNull("Port is null", bethal);
+        
+        // Okay, I'm sick of configuration files.
+        // This also tests dynamic configuration of the conduit.
+        Client client = ClientProxy.getClient(bethal);
+        HTTPConduit http = 
+            (HTTPConduit) client.getConduit();
+        
+        HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
+        
+        httpClientPolicy.setAutoRedirect(false);
+        // If we set any name, but Edward, Mary, or George,
+        // and a password of "password" we will get through
+        // Bethal.
+        AuthorizationPolicy authPolicy = new AuthorizationPolicy();
+        authPolicy.setUserName("Betty");
+        authPolicy.setPassword("password");
+        
+        http.setClient(httpClientPolicy);
+        http.setSslClient(sslClientPolicy);
+        http.setAuthorization(authPolicy);
+        
+        // Our expected server should be OU=Bethal
+        http.setTrustDecider(new MyHttpsTrustDecider("Bethal"));
+        
+        String answer = bethal.sayHi();
+        assertTrue("Unexpected answer: " + answer, 
+                "Bonjour from Bethal".equals(answer));
+        
+        // Nobody will not equal OU=Bethal
+        MyHttpsTrustDecider trustDecider =
+                                 new MyHttpsTrustDecider("Nobody");
+        http.setTrustDecider(trustDecider);
+        try {
+            answer = bethal.sayHi();
+            fail("Unexpected answer from Bethal: " + answer);
+        } catch (Exception e) {
+            //e.printStackTrace();
+            //assertTrue("Trust Decider was not called", 
+            //              0 > trustDecider.wasCalled());
+        }
+    }
+
+    @Test
+    public void testHttpsTrustRedirect() throws Exception {
+        startServer("Tarpin");
+        startServer("Gordy");
+        startServer("Bethal");
+
+        URL wsdl = getClass().getResource("resources/greeting.wsdl");
+        assertNotNull("WSDL is null", wsdl);
+
+        SOAPService service = new SOAPService(wsdl, serviceName);
+        assertNotNull("Service is null", service);
+
+        Greeter tarpin = service.getPort(tarpinQ, Greeter.class);
+        assertNotNull("Port is null", tarpin);
+        
+        // Okay, I'm sick of configuration files.
+        // This also tests dynamic configuration of the conduit.
+        Client client = ClientProxy.getClient(tarpin);
+        HTTPConduit http = 
+            (HTTPConduit) client.getConduit();
+        
+        HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
+        
+        httpClientPolicy.setAutoRedirect(true);
+        // If we set any name, but Edward, Mary, or George,
+        // and a password of "password" we will get through
+        // Bethal.
+        AuthorizationPolicy authPolicy = new AuthorizationPolicy();
+        authPolicy.setUserName("Betty");
+        authPolicy.setPassword("password");
+        
+        http.setClient(httpClientPolicy);
+        http.setSslClient(sslClientPolicy);
+        http.setAuthorization(authPolicy);
+        
+        // We get redirected from Tarpin, to Gordy, to Bethal.
+        MyHttpsTrustDecider trustDecider =
+            new MyHttpsTrustDecider(
+                    new String[] {"Tarpin", "Gordy", "Bethal"});
+        http.setTrustDecider(trustDecider);
+        
+        // We actually get our answer from Bethal at the end of the
+        // redirects.
+        String answer = tarpin.sayHi();
+        
+        assertTrue("Trust Decider wasn't called correctly", 
+                       3 == trustDecider.wasCalled());
+        assertTrue("Unexpected answer: " + answer, 
+                "Bonjour from Bethal".equals(answer));
+        
+        // Limit the redirects to 1, since there are two, this should fail.
+        http.getClient().setMaxRetransmits(1);
+
+        try {
+            answer = tarpin.sayHi();
+            fail("Unexpected answer from Tarpin: " + answer);
+        } catch (Exception e) {
+            //e.printStackTrace();
+        }
+        
+        // Set back to unlimited.
+        http.getClient().setMaxRetransmits(-1);
+        
+        // Effectively we will not trust Gordy in the middle.
+        trustDecider = 
+                new MyHttpsTrustDecider(
+                    new String[] {"Tarpin", "Bethal"});
+        http.setTrustDecider(trustDecider);
+        
+        try {
+            answer = tarpin.sayHi();
+            fail("Unexpected answer from Tarpin: " + answer);
+        } catch (Exception e) {
+            //e.printStackTrace();
+            assertTrue("Trust Decider wasn't called correctly",
+                     2 == trustDecider.wasCalled());
+        }
+        
+    }
+
+    public class MyBasicAuthSupplier extends HttpBasicAuthSupplier {
+
+        String realm;
+        String user;
+        String pass;
+        
+        /**
+         * This will loop from Cronus, to Andromeda, to Zorantius
+         */
+        MyBasicAuthSupplier() {
+        }
+        
+        MyBasicAuthSupplier(String r, String u, String p) {
+            realm = r;
+            user  = u;
+            pass  = p;
+        }
+        @Override
+        public UserPass getPreemptiveUserPass(
+                String  conduitName,
+                URL     currentURL,
+                Message message
+        ) {
+            return null;
+        }
+
+        /**
+         * If we don't have the realm set, then we loop
+         * through the realms.
+         */
+        @Override
+        public UserPass getUserPassForRealm(
+                String  conduitName, 
+                URL     currentURL,
+                Message message, 
+                String  reqestedRealm
+        ) {
+            if (realm != null && realm.equals(reqestedRealm)) {
+                return createUserPass(user, pass);
+            }
+            if ("Andromeda".equals(reqestedRealm)) {
+                // This will get us another 401 to Zorantius
+                return createUserPass("Edward", "password");
+            }
+            if ("Zorantius".equals(reqestedRealm)) {
+                // George will get us another 401 to Cronus
+                return createUserPass("George", "password");
+            }
+            if ("Cronus".equals(reqestedRealm)) {
+                // Mary will get us another 401 to Andromeda
+                return createUserPass("Mary", "password");
+            }
+            return null;
+        }
+
+    }
+
+    /**
+     * This tests redirects through Gordy to Bethal. Bethal will
+     * supply a series of 401s. See PushBack401.
+     */
+    @Test
+    public void testHttpsRedirect401Response() throws Exception {
+        startServer("Gordy");
+        startServer("Bethal");
+
+        URL wsdl = getClass().getResource("resources/greeting.wsdl");
+        assertNotNull("WSDL is null", wsdl);
+
+        SOAPService service = new SOAPService(wsdl, serviceName);
+        assertNotNull("Service is null", service);
+
+        Greeter gordy = service.getPort(gordyQ, Greeter.class);
+        assertNotNull("Port is null", gordy);
+        
+        // Okay, I'm sick of configuration files.
+        // This also tests dynamic configuration of the conduit.
+        Client client = ClientProxy.getClient(gordy);
+        HTTPConduit http = 
+            (HTTPConduit) client.getConduit();
+        
+        HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
+        
+        httpClientPolicy.setAutoRedirect(true);
+        http.setClient(httpClientPolicy);
+        http.setSslClient(sslClientPolicy);
+        
+        // We get redirected from Gordy, to Bethal.
+        http.setTrustDecider(
+                new MyHttpsTrustDecider(
+                        new String[] {"Gordy", "Bethal"}));
+        
+        // Without preemptive user/pass Bethal returns a
+        // 401 for realm Cronus. If we supply any name other
+        // than Edward, George, or Mary, with the pass of "password"
+        // we should succeed.
+        http.setBasicAuthSupplier(
+                new MyBasicAuthSupplier("Cronus", "Betty", "password"));
+        
+        // We actually get our answer from Bethal at the end of the
+        // redirects.
+        String answer = gordy.sayHi();
+        assertTrue("Unexpected answer: " + answer, 
+                "Bonjour from Bethal".equals(answer));
+        
+        // Uhe loop auth supplier, 
+        // We should die with looping realms.
+        http.setBasicAuthSupplier(new MyBasicAuthSupplier());
+        
+        try {
+            answer = gordy.sayHi();
+            fail("Unexpected answer from Gordy: " + answer);
+        } catch (Exception e) {
+            //e.printStackTrace();
+        }
+    }
+    
+}

Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPConduitTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/PushBack401.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/PushBack401.java?view=auto&rev=529583
==============================================================================
--- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/PushBack401.java (added)
+++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/PushBack401.java Tue Apr 17 05:47:13 2007
@@ -0,0 +1,226 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.http;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.net.HttpURLConnection;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.cxf.common.util.Base64Utility;
+import org.apache.cxf.endpoint.Endpoint;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.Exchange;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.phase.AbstractPhaseInterceptor;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.transport.Conduit;
+import org.apache.cxf.ws.addressing.EndpointReferenceType;
+
+/*
+ * This interceptor will issue 401s
+ *    No Authorization Header  --> 401 Realm=Cronus
+ *    Username Mary            --> 401 Realm=Andromeda
+ *    Username Edward          --> 401 Realm=Zorantius
+ *    Username George          --> 401 Realm=Cronus
+ *    If the password is not "password" a 401 is issued without 
+ *    realm.
+ */
+public class PushBack401 extends AbstractPhaseInterceptor {
+    
+    PushBack401() {
+        super();
+        setPhase(Phase.RECEIVE);
+    }
+    
+    /**
+     * This function extracts the user:pass token from 
+     * the Authorization:Basic header. It returns a two element
+     * String array, the first being the userid, the second
+     * being the password. It returns null, if it cannot parse.
+     */
+    private String[] extractUserPass(String token) {
+        try {
+            byte[] userpass = Base64Utility.decode(token);
+            String up = new String(userpass);
+            String user = up.substring(0, up.indexOf(':'));
+            String pass = up.substring(up.indexOf(':') + 1);
+            return new String[] {user, pass};
+        } catch (Exception e) {
+            return null;
+        }
+        
+    }
+    
+    /**
+     * This function returns the realm which depends on 
+     * the user name, as follows:
+     * <pre>
+     *    Username Mary            --> Andromeda
+     *    Username Edward          --> Zorantius
+     *    Username George          --> Cronus
+     * </pre>
+     * However, if the password is not "password" this function 
+     * throws an exception, regardless.
+     */
+    private String checkUserPass(
+        String user,
+        String pass
+    ) throws Exception {
+        //System.out.println("Got user: " + user + " pass: " + pass);
+        if (!"password".equals(pass)) {
+            throw new Exception("bad password");
+        }
+        if ("Mary".equals(user)) {
+            return "Andromeda";
+        }
+        if ("Edward".equals(user)) {
+            return "Zorantius";
+        }
+        if ("George".equals(user)) {
+            return "Cronus";
+        }
+        return null;
+    }
+    
+    @SuppressWarnings("unchecked")
+    public void handleMessage(Message message) throws Fault {
+        
+        Map<String, List<String>> headers =
+            (Map<String, List<String>>) 
+                message.get(Message.PROTOCOL_HEADERS);
+        
+        List<String> auth = headers.get("Authorization");
+        if (auth == null) {
+            // No Auth Header, respond with 401 Realm=Cronus
+            replyUnauthorized(message, "Cronus");
+            return;
+        } else {
+            for (String a : auth) {
+                if (a.startsWith("Basic ")) {
+                    String[] userpass = 
+                        extractUserPass(a.substring("Basic ".length()));
+                    if (userpass != null) {
+                        try {
+                            String realm = 
+                                checkUserPass(userpass[0], userpass[1]);
+                            if (realm != null) {
+                                replyUnauthorized(message, realm);
+                                return;
+                            } else {
+                                // Password is good and no realm
+                                // We just return for successful fall thru.
+                                return;
+                            }
+                        } catch (Exception e) {
+                            // Bad Password
+                            replyUnauthorized(message, null);
+                            return;
+                        }
+                    }
+                }
+            }
+            // No Authorization: Basic
+            replyUnauthorized(message, null);
+            return;
+        }
+    }
+    
+    /**
+     * This function issues a 401 response back down the conduit.
+     * If the realm is not null, a WWW-Authenticate: Basic realm=
+     * header is sent. The interceptor chain is aborted stopping
+     * the Message from going to the servant.
+     */
+    private void replyUnauthorized(Message message, String realm) {
+        Message outMessage = getOutMessage(message);
+        outMessage.put(Message.RESPONSE_CODE, 
+                HttpURLConnection.HTTP_UNAUTHORIZED);
+        
+        if (realm != null) {
+            setHeader(outMessage, 
+                      "WWW-Authenticate", "Basic realm=" + realm);
+        }
+        message.getInterceptorChain().abort();
+        try {
+            getConduit(message).prepare(outMessage);
+            close(outMessage);
+        } catch (IOException e) {
+            //System.out.println("Prepare of message not working." + e);
+            e.printStackTrace();
+        }
+    }
+    
+    /**
+     * Retrieves/creates the corresponding Outbound Message.
+     */
+    private Message getOutMessage(Message message) {
+        Exchange exchange = message.getExchange();
+        Message outMessage = exchange.getOutMessage();
+        if (outMessage == null) {
+            Endpoint endpoint = exchange.get(Endpoint.class);
+            outMessage = endpoint.getBinding().createMessage();
+            exchange.setOutMessage(outMessage);
+        }
+        outMessage.putAll(message);
+        return outMessage;
+    }
+    
+    /**
+     * This function sets the header in the PROTOCO_HEADERS of
+     * the message.
+     */
+    @SuppressWarnings("unchecked")
+    private void setHeader(Message message, String key, String value) {
+        Map<String, List<String>> responseHeaders =
+            (Map<String, List<String>>) 
+                message.get(Message.PROTOCOL_HEADERS);
+        if (responseHeaders != null) {
+            responseHeaders.put(key, Arrays.asList(new String[] {value}));
+        }
+    }
+    
+    /**
+     * This method retrieves/creates the conduit for the response
+     * message.
+     */
+    private Conduit getConduit(Message message) throws IOException {
+        Exchange exchange = message.getExchange();
+        EndpointReferenceType target = 
+            exchange.get(EndpointReferenceType.class);
+        Conduit conduit =
+            exchange.getDestination().getBackChannel(message, null, target);
+        exchange.setConduit(conduit);
+        return conduit;
+    }
+    
+    /**
+     * This method closes the output stream associated with the
+     * message.
+     */
+    private void close(Message message) throws IOException {
+        OutputStream os = message.getContent(OutputStream.class);
+        os.flush();
+        os.close();
+    }
+
+}

Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/PushBack401.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/Server.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/Server.java?view=auto&rev=529583
==============================================================================
--- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/Server.java (added)
+++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/Server.java Tue Apr 17 05:47:13 2007
@@ -0,0 +1,90 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.http;
+
+import java.net.URL;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.jaxws.EndpointImpl;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class Server extends AbstractBusTestServerBase {
+
+    private String name;
+    private String address;
+    private URL configFileURL;
+    
+    public Server(String[] args) throws Exception {
+        this(args[0], args[1], args[2]);
+    }
+    
+    public Server(String n, String addr, String conf) throws Exception {
+        name    = n;
+        address = addr;
+        configFileURL = new URL(conf);
+        //System.out.println("Starting " + name 
+        //                     + " Server at " + address
+        //                     + " with config " + configFileURL);
+
+    }
+
+    protected void run()  {
+        // We use a null binding id in the call to EndpointImpl
+        // constructor. Why?
+        final String nullBindingID = null;
+
+        // We need to specify to use defaults on constructing the
+        // bus, because our configuration file doesn't have
+        // everything needed.
+        final boolean useDefaults = true;
+
+        // We configure a new bus for this server.
+        setBus(new SpringBusFactory().createBus(configFileURL, useDefaults));
+
+        // This impl class must have the appropriate annotations
+        // to match the WSDL file that we are using.
+        Object implementor = new GreeterImpl(name);
+        
+        // I don't know why this works.
+        EndpointImpl ep = 
+            new EndpointImpl(
+                    getBus(), 
+                    implementor,
+                    nullBindingID,
+                    this.getClass().getResource("resources/greeting.wsdl").toString());
+        // How the hell do I know what the name of the 
+        // http-destination is from using this call?
+        
+        ep.publish(address);
+    }
+
+
+    public static void main(String[] args) {
+        try {
+            Server s = new Server(args[0], args[1], args[3]);
+            s.start();
+        } catch (Exception ex) {
+            ex.printStackTrace();
+            System.exit(-1);
+        } /*finally {
+            System.out.println("done!");
+        } */
+    }
+}
+

Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/Server.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/TrustHandler.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/TrustHandler.java?view=auto&rev=529583
==============================================================================
--- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/TrustHandler.java (added)
+++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/TrustHandler.java Tue Apr 17 05:47:13 2007
@@ -0,0 +1,59 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.http;
+
+import org.apache.cxf.message.Message;
+import org.apache.cxf.transport.http.HttpURLConnectionInfo;
+import org.apache.cxf.transport.http.MessageTrustDecider;
+import org.apache.cxf.transport.http.URLConnectionInfo;
+import org.apache.cxf.transport.http.UntrustedURLConnectionIOException;
+import org.apache.cxf.transport.https.HttpsURLConnectionInfo;
+
+public class TrustHandler
+    extends MessageTrustDecider {
+    
+    public TrustHandler() {
+        // Set the logical name.
+        super("The System Test Trust Decider");
+    }
+    
+    public void establishTrust(
+        String                  conduitName,
+        URLConnectionInfo       connectionInfo,
+        Message                 message
+    ) throws UntrustedURLConnectionIOException {
+        System.out.println("Trust decision for conduit: "
+                + conduitName + " and " 
+                + connectionInfo.getURL());
+        if (connectionInfo instanceof HttpURLConnectionInfo) {
+            HttpURLConnectionInfo c = (HttpURLConnectionInfo) connectionInfo;
+            System.out.println("Http method: " 
+                    + c.getHttpRequestMethod() + " on " + c.getURL());
+        }
+        if (connectionInfo instanceof HttpsURLConnectionInfo) {
+            HttpsURLConnectionInfo c = (HttpsURLConnectionInfo) connectionInfo;
+            System.out.println("TLS Connection to: " + c.getURL());
+            System.out.println("Enabled Cipher: " + c.getEnabledCipherSuite());
+            System.out.println("Local Principal: " + c.getLocalPrincipal());
+            System.out.println("Peer Principal: " + c.getPeerPrincipal());
+        }
+        //throw new UntrustedURLConnectionIOException("No Way Jose"); 
+    }
+}

Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/TrustHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Abost.cxf
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Abost.cxf?view=auto&rev=529583
==============================================================================
--- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Abost.cxf (added)
+++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Abost.cxf Tue Apr 17 05:47:13 2007
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+  
+  http://www.apache.org/licenses/LICENSE-2.0
+  
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+
+<!-- 
+  ** This file configures the Abost Server.
+  ** It is an http server that redirects to Hurlon.
+ -->
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:sec="http://cxf.apache.org/configuration/security"
+  xmlns:http="http://cxf.apache.org/transports/http/configuration"
+  xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
+  xsi:schemaLocation="
+       http://cxf.apache.org/transports/http/configuration
+           http://cxf.apache.org/schema/transports/http.xsd
+       http://www.springframework.org/schema/beans
+           http://www.springframework.org/schema/beans/spring-beans.xsd">
+
+  <http:destination id="{http://apache.org/hello_world}GreeterImplPort.http-destination">
+
+    <http:server RedirectURL="http://localhost:9006/Hurlon"/>
+  </http:destination>
+  
+  <!-- We need a bean named "cxf", or SpringBusFactory barfs -->
+  <bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl"/>
+</beans>

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Bethal.cer
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Bethal.cer?view=auto&rev=529583
==============================================================================
Binary file - no diff available.

Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Bethal.cer
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Bethal.cxf
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Bethal.cxf?view=auto&rev=529583
==============================================================================
--- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Bethal.cxf (added)
+++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Bethal.cxf Tue Apr 17 05:47:13 2007
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+  
+  http://www.apache.org/licenses/LICENSE-2.0
+  
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+
+<!-- 
+  ** This file configures the Bethal Server.
+  ** It is an https server that conditionally responds
+  ** with 401s.
+  -->
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:sec="http://cxf.apache.org/configuration/security"
+  xmlns:http="http://cxf.apache.org/transports/http/configuration"
+  xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
+  xsi:schemaLocation="
+           http://cxf.apache.org/transports/http/configuration
+              http://cxf.apache.org/schema/transports/http.xsd
+           http://www.springframework.org/schema/beans
+              http://www.springframework.org/schema/beans/spring-beans.xsd">
+
+  <http:destination 
+    id="{http://apache.org/hello_world}GreeterImplPort.http-destination">
+    
+    <http:sslServer>
+      <sec:Keystore>src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks</sec:Keystore>
+      <sec:KeystoreType>JKS</sec:KeystoreType>
+      <sec:KeystorePassword>password</sec:KeystorePassword>
+      <sec:KeyPassword>password</sec:KeyPassword>
+      <sec:WantClientAuthentication>true</sec:WantClientAuthentication>
+      <sec:RequireClientAuthentication>true</sec:RequireClientAuthentication>
+      <sec:TrustStore>src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks</sec:TrustStore>
+      <sec:CiphersuiteFilters>
+        <!-- these filters ensure that a ciphersuite with
+          export-suitable or null encryption is used,
+          but exclude anonymous Diffie-Hellman key change as
+          this is vulnerable to man-in-the-middle attacks -->
+        <sec:include>.*_EXPORT_.*</sec:include>
+        <sec:include>.*_EXPORT1024_.*</sec:include>
+        <sec:include>.*_WITH_DES_.*</sec:include>
+        <sec:include>.*_WITH_NULL_.*</sec:include>
+        <sec:exclude>.*_DH_anon_.*</sec:exclude>
+      </sec:CiphersuiteFilters>
+    </http:sslServer>
+   </http:destination>
+  
+    <bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl">
+        <property name="inInterceptors">
+            <list>
+                <bean class="org.apache.cxf.systest.http.PushBack401"/>
+            </list>
+        </property>
+    </bean> 
+
+</beans>

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks?view=auto&rev=529583
==============================================================================
Binary file - no diff available.

Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Gordy.cer
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Gordy.cer?view=auto&rev=529583
==============================================================================
Binary file - no diff available.

Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Gordy.cer
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Gordy.cxf
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Gordy.cxf?view=auto&rev=529583
==============================================================================
--- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Gordy.cxf (added)
+++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Gordy.cxf Tue Apr 17 05:47:13 2007
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+  
+  http://www.apache.org/licenses/LICENSE-2.0
+  
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+
+<!-- 
+  ** This file configures the Gordy Server.
+  ** It is an https server that redirects to Bethal.
+ -->
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:sec="http://cxf.apache.org/configuration/security"
+  xmlns:http="http://cxf.apache.org/transports/http/configuration"
+  xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
+  xsi:schemaLocation="
+       http://cxf.apache.org/transports/http/configuration
+           http://cxf.apache.org/schema/transports/http.xsd
+       http://www.springframework.org/schema/beans
+           http://www.springframework.org/schema/beans/spring-beans.xsd">
+
+  <http:destination id="{http://apache.org/hello_world}GreeterImplPort.http-destination">
+    <http:sslServer>
+      <sec:Keystore>src/test/java/org/apache/cxf/systest/http/resources/Gordy.jks</sec:Keystore>
+      <sec:KeystoreType>JKS</sec:KeystoreType>
+      <sec:KeystorePassword>password</sec:KeystorePassword>
+      <sec:KeyPassword>password</sec:KeyPassword>
+      <sec:WantClientAuthentication>true</sec:WantClientAuthentication>
+      <sec:RequireClientAuthentication>true</sec:RequireClientAuthentication>
+      <sec:TrustStore>src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks</sec:TrustStore>
+      <sec:CiphersuiteFilters>
+        <!-- these filters ensure that a ciphersuite with
+          export-suitable or null encryption is used,
+          but exclude anonymous Diffie-Hellman key change as
+          this is vulnerable to man-in-the-middle attacks -->
+        <sec:include>.*_EXPORT_.*</sec:include>
+        <sec:include>.*_EXPORT1024_.*</sec:include>
+        <sec:include>.*_WITH_DES_.*</sec:include>
+        <sec:include>.*_WITH_NULL_.*</sec:include>
+        <sec:exclude>.*_DH_anon_.*</sec:exclude>
+      </sec:CiphersuiteFilters>
+    </http:sslServer>
+    <http:server RedirectURL="https://localhost:9002/Bethal"/>
+  </http:destination>
+  
+  <!-- We need a bean named "cxf", or SpringBusFactory barfs -->
+  <bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl"/>
+</beans>

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Gordy.jks
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Gordy.jks?view=auto&rev=529583
==============================================================================
Binary file - no diff available.

Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Gordy.jks
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Http2HttpLoopRedirectFail.cxf
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Http2HttpLoopRedirectFail.cxf?view=auto&rev=529583
==============================================================================
--- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Http2HttpLoopRedirectFail.cxf (added)
+++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Http2HttpLoopRedirectFail.cxf Tue Apr 17 05:47:13 2007
@@ -0,0 +1,16 @@
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http:www.w3.org/2001/XMLSchema-instance"
+       xmlns:http="http://cxf.apache.org/transports/http/configuration"
+       xmlns:sec="http://cxf.apache.org/configuration/security"
+       xmlns:schemaLocation="http://cxf.apache.org/transports/httpconfiguration
+         http://cxf.apache.org/schema/transports/http.xsd
+         http://www.springframework.org/schema/beans/
+         http://www.springframework.org/schema/beans/spring-beans.xsd">
+ 
+   <http:conduit id="{http://apache.org/hello_world}Hurlon.http-conduit">
+
+      <http:client AutoRedirect="true"/>
+    
+   </http:conduit>
+
+</beans>

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Http2HttpRedirect.cxf
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Http2HttpRedirect.cxf?view=auto&rev=529583
==============================================================================
--- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Http2HttpRedirect.cxf (added)
+++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Http2HttpRedirect.cxf Tue Apr 17 05:47:13 2007
@@ -0,0 +1,16 @@
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http:www.w3.org/2001/XMLSchema-instance"
+       xmlns:http="http://cxf.apache.org/transports/http/configuration"
+       xmlns:sec="http://cxf.apache.org/configuration/security"
+       xmlns:schemaLocation="http://cxf.apache.org/transports/httpconfiguration
+         http://cxf.apache.org/schema/transports/http.xsd
+         http://www.springframework.org/schema/beans/
+         http://www.springframework.org/schema/beans/spring-beans.xsd">
+ 
+   <http:conduit id="{http://apache.org/hello_world}Rethwel.http-conduit">
+
+      <http:client AutoRedirect="true"/>
+    
+   </http:conduit>
+
+</beans>

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Hurlon.cxf
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Hurlon.cxf?view=auto&rev=529583
==============================================================================
--- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Hurlon.cxf (added)
+++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Hurlon.cxf Tue Apr 17 05:47:13 2007
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+  
+  http://www.apache.org/licenses/LICENSE-2.0
+  
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+
+<!-- 
+  ** This file configures the Hurlon Server.
+  ** It is an http server that redirects to Abost.
+ -->
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:sec="http://cxf.apache.org/configuration/security"
+  xmlns:http="http://cxf.apache.org/transports/http/configuration"
+  xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
+  xsi:schemaLocation="
+       http://cxf.apache.org/transports/http/configuration
+           http://cxf.apache.org/schema/transports/http.xsd
+       http://www.springframework.org/schema/beans
+           http://www.springframework.org/schema/beans/spring-beans.xsd">
+
+  <http:destination id="{http://apache.org/hello_world}GreeterImplPort.http-destination">
+
+    <http:server RedirectURL="http://localhost:9007/Abost"/>
+  </http:destination>
+  
+  <!-- We need a bean named "cxf", or SpringBusFactory barfs -->
+  <bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl"/>
+</beans>

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Morpit.cxf
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Morpit.cxf?view=auto&rev=529583
==============================================================================
--- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Morpit.cxf (added)
+++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Morpit.cxf Tue Apr 17 05:47:13 2007
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+  
+  http://www.apache.org/licenses/LICENSE-2.0
+  
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+
+<!-- 
+  ** This file configures the Morpit Server. It is just an
+  ** Https server with a name that will kick in the HostnameVerifier.
+ -->
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:sec="http://cxf.apache.org/configuration/security"
+  xmlns:http="http://cxf.apache.org/transports/http/configuration"
+  xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
+  xsi:schemaLocation="
+       http://cxf.apache.org/transports/http/configuration
+           http://cxf.apache.org/schema/transports/http.xsd
+       http://www.springframework.org/schema/beans
+           http://www.springframework.org/schema/beans/spring-beans.xsd">
+
+  <http:destination id="{http://apache.org/hello_world}GreeterImplPort.http-destination">
+    <http:sslServer>
+      <sec:Keystore>src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks</sec:Keystore>
+      <sec:KeystoreType>JKS</sec:KeystoreType>
+      <sec:KeystorePassword>password</sec:KeystorePassword>
+      <sec:KeyPassword>password</sec:KeyPassword>
+      <sec:WantClientAuthentication>true</sec:WantClientAuthentication>
+      <sec:RequireClientAuthentication>true</sec:RequireClientAuthentication>
+      <sec:TrustStore>src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks</sec:TrustStore>
+      <sec:CiphersuiteFilters>
+        <!-- these filters ensure that a ciphersuite with
+          export-suitable or null encryption is used,
+          but exclude anonymous Diffie-Hellman key change as
+          this is vulnerable to man-in-the-middle attacks -->
+        <sec:include>.*_EXPORT_.*</sec:include>
+        <sec:include>.*_EXPORT1024_.*</sec:include>
+        <sec:include>.*_WITH_DES_.*</sec:include>
+        <sec:include>.*_WITH_NULL_.*</sec:include>
+        <sec:exclude>.*_DH_anon_.*</sec:exclude>
+      </sec:CiphersuiteFilters>
+    </http:sslServer>
+  </http:destination>
+  
+  <!-- We need a bean named "cxf", or SpringBusFactory barfs -->
+  <bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl"/>
+</beans>

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks?view=auto&rev=529583
==============================================================================
Binary file - no diff available.

Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Mortimer.cxf
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Mortimer.cxf?view=auto&rev=529583
==============================================================================
--- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Mortimer.cxf (added)
+++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Mortimer.cxf Tue Apr 17 05:47:13 2007
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+  
+  http://www.apache.org/licenses/LICENSE-2.0
+  
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+
+<!-- 
+  ** This file configures the Mortimer Server.
+  ** It is an http server.
+  -->
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:sec="http://cxf.apache.org/configuration/security"
+  xmlns:http="http://cxf.apache.org/transports/http/configuration"
+  xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
+  xsi:schemaLocation="
+       http://cxf.apache.org/transports/http/configuration
+           http://cxf.apache.org/schema/transports/http.xsd
+       http://www.springframework.org/schema/beans
+           http://www.springframework.org/schema/beans/spring-beans.xsd">
+
+  <http:destination id="{http://apache.org/hello_world}GreeterImplPort.http-destination">
+    <!-- Nothing to Configure here for Mortimer -->
+  </http:destination>
+  
+  <!-- We need a bean named "cxf", or SpringBusFactory barfs -->
+  <bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl"/>
+</beans>

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Poltim.cer
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Poltim.cer?view=auto&rev=529583
==============================================================================
Binary file - no diff available.

Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Poltim.cer
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Poltim.cxf
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Poltim.cxf?view=auto&rev=529583
==============================================================================
--- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Poltim.cxf (added)
+++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Poltim.cxf Tue Apr 17 05:47:13 2007
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+  
+  http://www.apache.org/licenses/LICENSE-2.0
+  
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+
+<!-- 
+  ** This file configures the Poltim Server.
+  ** It is an https server that redirects to Mortimer.
+ -->
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:sec="http://cxf.apache.org/configuration/security"
+  xmlns:http="http://cxf.apache.org/transports/http/configuration"
+  xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
+  xsi:schemaLocation="
+       http://cxf.apache.org/transports/http/configuration
+           http://cxf.apache.org/schema/transports/http.xsd
+       http://www.springframework.org/schema/beans
+           http://www.springframework.org/schema/beans/spring-beans.xsd">
+
+  <http:destination id="{http://apache.org/hello_world}GreeterImplPort.http-destination">
+    <http:sslServer>
+      <sec:Keystore>src/test/java/org/apache/cxf/systest/http/resources/Poltim.jks</sec:Keystore>
+      <sec:KeystoreType>JKS</sec:KeystoreType>
+      <sec:KeystorePassword>password</sec:KeystorePassword>
+      <sec:KeyPassword>password</sec:KeyPassword>
+      <sec:WantClientAuthentication>true</sec:WantClientAuthentication>
+      <sec:RequireClientAuthentication>true</sec:RequireClientAuthentication>
+      <sec:TrustStore>src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks</sec:TrustStore>
+      <sec:CiphersuiteFilters>
+        <!-- these filters ensure that a ciphersuite with
+          export-suitable or null encryption is used,
+          but exclude anonymous Diffie-Hellman key change as
+          this is vulnerable to man-in-the-middle attacks -->
+        <sec:include>.*_EXPORT_.*</sec:include>
+        <sec:include>.*_EXPORT1024_.*</sec:include>
+        <sec:include>.*_WITH_DES_.*</sec:include>
+        <sec:include>.*_WITH_NULL_.*</sec:include>
+        <sec:exclude>.*_DH_anon_.*</sec:exclude>
+      </sec:CiphersuiteFilters>
+    </http:sslServer>
+    <http:server RedirectURL="http://localhost:9000/Mortimer"/>
+  </http:destination>
+  
+  <!-- We need a bean named "cxf", or SpringBusFactory barfs -->
+  <bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl"/>
+</beans>

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Poltim.jks
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Poltim.jks?view=auto&rev=529583
==============================================================================
Binary file - no diff available.

Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Poltim.jks
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Rethwel.cxf
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Rethwel.cxf?view=auto&rev=529583
==============================================================================
--- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Rethwel.cxf (added)
+++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Rethwel.cxf Tue Apr 17 05:47:13 2007
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+  
+  http://www.apache.org/licenses/LICENSE-2.0
+  
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+
+<!-- 
+  ** This file configures the Rethwel Server.
+  ** It is an http server that redirects to Mortimer.
+ -->
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:sec="http://cxf.apache.org/configuration/security"
+  xmlns:http="http://cxf.apache.org/transports/http/configuration"
+  xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
+  xsi:schemaLocation="
+       http://cxf.apache.org/transports/http/configuration
+           http://cxf.apache.org/schema/transports/http.xsd
+       http://www.springframework.org/schema/beans
+           http://www.springframework.org/schema/beans/spring-beans.xsd">
+
+  <http:destination id="{http://apache.org/hello_world}GreeterImplPort.http-destination">
+
+    <http:server RedirectURL="http://localhost:9000/Mortimer"/>
+  </http:destination>
+  
+  <!-- We need a bean named "cxf", or SpringBusFactory barfs -->
+  <bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl"/>
+</beans>

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Tarpin.cer
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Tarpin.cer?view=auto&rev=529583
==============================================================================
Binary file - no diff available.

Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Tarpin.cer
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Tarpin.cxf
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Tarpin.cxf?view=auto&rev=529583
==============================================================================
--- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Tarpin.cxf (added)
+++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Tarpin.cxf Tue Apr 17 05:47:13 2007
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+  
+  http://www.apache.org/licenses/LICENSE-2.0
+  
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+
+<!-- 
+  ** This file configures the Tarpin Server.
+  ** It is an https server that redirects to Gordy.
+ -->
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:sec="http://cxf.apache.org/configuration/security"
+  xmlns:http="http://cxf.apache.org/transports/http/configuration"
+  xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
+  xsi:schemaLocation="
+       http://cxf.apache.org/transports/http/configuration
+           http://cxf.apache.org/schema/transports/http.xsd
+       http://www.springframework.org/schema/beans
+           http://www.springframework.org/schema/beans/spring-beans.xsd">
+
+  <http:destination id="{http://apache.org/hello_world}GreeterImplPort.http-destination">
+    <http:sslServer>
+      <sec:Keystore>src/test/java/org/apache/cxf/systest/http/resources/Tarpin.jks</sec:Keystore>
+      <sec:KeystoreType>JKS</sec:KeystoreType>
+      <sec:KeystorePassword>password</sec:KeystorePassword>
+      <sec:KeyPassword>password</sec:KeyPassword>
+      <sec:WantClientAuthentication>true</sec:WantClientAuthentication>
+      <sec:RequireClientAuthentication>true</sec:RequireClientAuthentication>
+      <sec:TrustStore>src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks</sec:TrustStore>
+      <sec:CiphersuiteFilters>
+        <!-- these filters ensure that a ciphersuite with
+          export-suitable or null encryption is used,
+          but exclude anonymous Diffie-Hellman key change as
+          this is vulnerable to man-in-the-middle attacks -->
+        <sec:include>.*_EXPORT_.*</sec:include>
+        <sec:include>.*_EXPORT1024_.*</sec:include>
+        <sec:include>.*_WITH_DES_.*</sec:include>
+        <sec:include>.*_WITH_NULL_.*</sec:include>
+        <sec:exclude>.*_DH_anon_.*</sec:exclude>
+      </sec:CiphersuiteFilters>
+    </http:sslServer>
+    <http:server RedirectURL="https://localhost:9001/Gordy"/>
+  </http:destination>
+  
+  <!-- We need a bean named "cxf", or SpringBusFactory barfs -->
+  <bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl"/>
+</beans>

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Tarpin.jks
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Tarpin.jks?view=auto&rev=529583
==============================================================================
Binary file - no diff available.

Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Tarpin.jks
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks?view=auto&rev=529583
==============================================================================
Binary file - no diff available.

Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/client1.xml
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/client1.xml?view=auto&rev=529583
==============================================================================
--- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/client1.xml (added)
+++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/client1.xml Tue Apr 17 05:47:13 2007
@@ -0,0 +1,40 @@
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http:www.w3.org/2001/XMLSchema-instance"
+       xmlns:http="http://cxf.apache.org/transports/http/configuration"
+       xmlns:sec="http://cxf.apache.org/configuration/security"
+       xmlns:schemaLocation="
+         http://cxf.apache.org/transports/httpconfiguration
+             http://cxf.apache.org/schema/transports/http.xsd
+         http://www.springframework.org/schema/beans/
+             http://www.springframework.org/schema/beans/spring-beans.xsd">
+ 
+   <http:conduit id="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit">
+    <http:sslClient>
+      <sec:Keystore>src/demo/hw/resources/Bethal.jks</sec:Keystore>
+      <sec:KeystoreType>JKS</sec:KeystoreType>
+      <sec:KeystorePassword>password</sec:KeystorePassword>
+      <sec:KeyPassword>password</sec:KeyPassword>
+      <sec:TrustStore>src/demo/hw/resources/Truststore.jks</sec:TrustStore>
+      <sec:CiphersuiteFilters>
+        <!-- these filters ensure that a ciphersuite with
+          export-suitable but non-null encryption is used,
+          and prefers the stronger SHA over MD5 message digests -->
+        <sec:include>.*_EXPORT_.*</sec:include>
+        <sec:include>.*_EXPORT1024_.*</sec:include>
+        <sec:include>.*_WITH_DES_.*</sec:include>
+        <sec:exclude>.*_WITH_NULL_.*</sec:exclude>
+        <sec:exclude>.*_MD5</sec:exclude>
+      </sec:CiphersuiteFilters>
+    </http:sslClient>
+    
+    <http:client AutoRedirect="true"/>
+    
+    <http:trustDecider
+    	class="org.apache.cxf.systest.http.TrustHandler"/>
+    	
+    <http:basicAuthSupplier 
+    	class="org.apache.cxf.systest.http.UserPassSupplier"/>
+    	
+  </http:conduit>
+
+</beans>

Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/client1.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/client1.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/genkeys.sh
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/genkeys.sh?view=auto&rev=529583
==============================================================================
--- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/genkeys.sh (added)
+++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/genkeys.sh Tue Apr 17 05:47:13 2007
@@ -0,0 +1,33 @@
+#
+# This file generates a number of keys/certificates and keystores for 
+# names to be used with corresponding CXF configuration files (*.cxf).
+#
+
+#
+# Start with a clean slate. Remove all keystores.
+#
+rm -f *.jks
+
+#
+# This function generates a key/self-signed certificate with the following DN.
+#  "CN=$1, OU=$2, O=ApacheTest, L=Syracuse, C=US" and adds it to 
+# the truststore.
+#
+function genkey {
+    keytool -genkey -alias $2 -keystore $2.jks -dname "CN=$1, OU=$2, O=ApacheTest, L=Syracuse, C=US" -keyalg RSA -keypass password -storepass password -storetype jks -validity 10000
+    keytool -export -file $2.cer -alias $2 -keystore $2.jks -storepass password
+    keytool -import -file $2.cer -alias $2 -noprompt -keystore Truststore.jks -storepass password
+}
+
+#
+# We generate keys/certificates with the following CN=<name> OU=<name>
+# The CN used to be "localhost" to conform to the default HostnameVerifier of
+# HttpsURLConnection so it would work for tests. However, we have enhanced
+# the HTTP Conduit logic to accept anything in the CN in favor of the 
+# MessageTrustDecider callback making the verification determination.
+#
+for name in Bethal Gordy Tarpin Poltim Morpit
+do
+   genkey $name $name
+done
+

Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/genkeys.sh
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/genkeys.sh
------------------------------------------------------------------------------
    svn:executable = *



Mime
View raw message