cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ningji...@apache.org
Subject svn commit: r541568 [3/4] - in /incubator/cxf/trunk: api/src/main/java/org/apache/cxf/configuration/jsse/ common/schemas/src/main/resources/schemas/configuration/ distribution/src/main/release/samples/hello_world_https/ distribution/src/main/release/sa...
Date Fri, 25 May 2007 06:44:32 GMT
Modified: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java (original)
+++ incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java Thu May 24 23:44:27 2007
@@ -37,13 +37,16 @@
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
+import javax.annotation.Resource;
 import javax.xml.namespace.QName;
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.Base64Utility;
 import org.apache.cxf.configuration.Configurable;
+import org.apache.cxf.configuration.jsse.TLSClientParameters;
 import org.apache.cxf.configuration.security.AuthorizationPolicy;
+import org.apache.cxf.configuration.security.ProxyAuthorizationPolicy;
 import org.apache.cxf.configuration.security.SSLClientPolicy;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.helpers.HttpHeaderHelper;
@@ -218,13 +221,20 @@
      * configured proxy. This field is injected via spring configuration based 
      * on the conduit name.
      */
-    private AuthorizationPolicy proxyAuthorizationPolicy;
+    private ProxyAuthorizationPolicy proxyAuthorizationPolicy;
     
     /**
      * This field holds the configuration TLS configuration which is
      * "injected" by spring based on the conduit name.
      */
+    @Deprecated
     private SSLClientPolicy sslClientSidePolicy;
+
+    /**
+     * This field holds the configuration TLS configuration which
+     * is programmatically configured. 
+     */
+    private TLSClientParameters tlsClientParameters;
     
     /**
      * This field contains the MessageTrustDecider.
@@ -338,18 +348,20 @@
                     new AuthorizationPolicy(), AuthorizationPolicy.class);
            
         }
-        // This doesn't work well for proxyAuthorization because of the
-        // sameness of the class.
-        // TODO: Fix proxyAuthorization
         if (this.proxyAuthorizationPolicy == null) {
             proxyAuthorizationPolicy = endpointInfo.getTraversedExtensor(
-                    new AuthorizationPolicy(), AuthorizationPolicy.class);
+                    new ProxyAuthorizationPolicy(), ProxyAuthorizationPolicy.class);
            
         }
+        // TODO: remove once old SSL configuration is gone
         if (this.sslClientSidePolicy == null) {
             sslClientSidePolicy = endpointInfo.getTraversedExtensor(
                     null, SSLClientPolicy.class);
         }
+        if (this.tlsClientParameters == null) {
+            tlsClientParameters = endpointInfo.getTraversedExtensor(
+                    null, TLSClientParameters.class);
+        }
         if (this.trustDecider == null) {
             trustDecider = endpointInfo.getTraversedExtensor(
                     null, MessageTrustDecider.class);
@@ -1090,6 +1102,7 @@
      * Using this method will override any Authorization Policy set in 
      * configuration.
      */
+    @Resource
     public void setAuthorization(AuthorizationPolicy authorization) {
         this.authorizationPolicy = authorization;
     }
@@ -1110,24 +1123,28 @@
      * This method sets the Client Side Policy for this HTTPConduit. Using this
      * method will override any HTTPClientPolicy set in configuration.
      */
+    @Resource
     public void setClient(HTTPClientPolicy client) {
         this.clientSidePolicy = client;
     }
 
     /**
-     * This method retrieves the Authorization Policy for a proxy that is
+     * This method retrieves the Proxy Authorization Policy for a proxy that is
      * set/configured for this HTTPConduit.
      */
-    public AuthorizationPolicy getProxyAuthorization() {
+    public ProxyAuthorizationPolicy getProxyAuthorization() {
         return proxyAuthorizationPolicy;
     }
 
     /**
-     * This method sets the Authorization Policy for a specified proxy. 
+     * This method sets the Proxy Authorization Policy for a specified proxy. 
      * Using this method overrides any Authorization Policy for the proxy 
      * that is set in the configuration.
      */
-    public void setProxyAuthorization(AuthorizationPolicy proxyAuthorization) {
+    @Resource
+    public void setProxyAuthorization(
+            ProxyAuthorizationPolicy proxyAuthorization
+    ) {
         this.proxyAuthorizationPolicy = proxyAuthorization;
     }
 
@@ -1135,6 +1152,7 @@
      * This method returns the SSL Client Side Policy that is set/configured
      * for this HTTPConduit.
      */
+    @Deprecated
     public SSLClientPolicy getSslClient() {
         return sslClientSidePolicy;
     }
@@ -1144,7 +1162,11 @@
      * Using this method overrides any SSL Client Side Policy that is configured
      * for this HTTPConduit.
      */
+    @Deprecated
+    @Resource
     public void setSslClient(SSLClientPolicy sslClientPolicy) {
+        LOG.info("The setSslClient method is deprecated. Please use setTlsClientParameters.");
+        
         this.sslClientSidePolicy = sslClientPolicy;
         // If this is called after the HTTPTransportFactory called 
         // finalizeConfig, we need to update the connection factory.
@@ -1154,6 +1176,29 @@
     }
 
     /**
+     * This method returns the TLS Client Parameters that is set/configured
+     * for this HTTPConduit.
+     */
+    public TLSClientParameters getTlsClientParameters() {
+        return tlsClientParameters;
+    }
+
+    /**
+     * This method sets the TLS Client Parameters for this HTTPConduit.
+     * Using this method overrides any TLS Client Parameters that is configured
+     * for this HTTPConduit.
+     */
+    @Resource
+    public void setTlsClientParameters(TLSClientParameters params) {
+        this.tlsClientParameters = params;
+        // If this is called after the HTTPTransportFactory called 
+        // finalizeConfig, we need to update the connection factory.
+        if (configFinalized) {
+            retrieveConnectionFactory();
+        }
+    }
+
+    /**
      * This method gets the Trust Decider that was set/configured for this 
      * HTTPConduit.
      * @return The Message Trust Decider or null.
@@ -1167,6 +1212,7 @@
      * Using this method overrides any trust decider configured for this 
      * HTTPConduit.
      */
+    @Resource
     public void setTrustDecider(MessageTrustDecider decider) {
         this.trustDecider = decider;
     }
@@ -1185,6 +1231,7 @@
      * Using this method overrides any trust decider configured for this 
      * HTTPConduit.
      */
+    @Resource
     public void setBasicAuthSupplier(HttpBasicAuthSupplier supplier) {
         this.basicAuthSupplier = supplier;
     }

Modified: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java (original)
+++ incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java Thu May 24 23:44:27 2007
@@ -18,6 +18,9 @@
  */
 package org.apache.cxf.transport.http.spring;
 
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.Unmarshaller;
 import javax.xml.namespace.QName;
 
 import org.w3c.dom.Element;
@@ -25,6 +28,9 @@
 import org.w3c.dom.NodeList;
 
 import org.apache.cxf.common.classloader.ClassLoaderUtils;
+import org.apache.cxf.configuration.jsse.TLSClientParameters;
+import org.apache.cxf.configuration.jsse.spring.TLSClientParametersConfig;
+import org.apache.cxf.configuration.security.TLSClientParametersType;
 import org.apache.cxf.configuration.spring.AbstractBeanDefinitionParser;
 import org.apache.cxf.transport.http.HTTPConduit;
 import org.apache.cxf.transport.http.HttpBasicAuthSupplier;
@@ -46,6 +52,8 @@
                 new QName(HTTP_NS, "proxyAuthorization"), "proxyAuthorization");
         mapElementToJaxbProperty(element, bean, 
                 new QName(HTTP_NS, "authorization"), "authorization");
+        
+       // DEPRECATED: This element is deprecated in favor of tlsClientParameters
         mapElementToJaxbProperty(element, bean, 
                 new QName(HTTP_NS, "sslClient"), "sslClient");
         
@@ -70,18 +78,50 @@
             if (n.getNodeType() == Node.ELEMENT_NODE 
                 && n.getLocalName().equals("trustDecider")
                 && n.getNamespaceURI().equals(HTTP_NS)) {
-                mapElement((Element)n, bean, MessageTrustDecider.class);
+                
+                mapBeanOrClassElement((Element)n, bean, MessageTrustDecider.class);
             }
             if (n.getNodeType() == Node.ELEMENT_NODE 
                 && n.getLocalName().equals("basicAuthSupplier")
                 && n.getNamespaceURI().equals(HTTP_NS)) {
-                mapElement((Element)n, bean, HttpBasicAuthSupplier.class);
+                
+                mapBeanOrClassElement((Element)n, bean, HttpBasicAuthSupplier.class);
+            }
+            if (n.getNodeType() == Node.ELEMENT_NODE 
+                && n.getLocalName().equals("tlsClientParameters")
+                && n.getNamespaceURI().equals(HTTP_NS)) {
+                
+                mapTLSClientParameters(n, bean);
             }
         }
 
     }
     
     /**
+     * Inject the "setTlsClientParameters" method with
+     * a TLSClientParametersConfig object initialized with the JAXB
+     * generated type unmarshalled from the selected node.
+     */
+    public void mapTLSClientParameters(Node n, BeanDefinitionBuilder bean) {
+
+        // Unmarshal the JAXB Generated Type from Config and inject
+        // the configured TLSClientParameters into the HTTPConduit.
+        JAXBContext context = null;
+        try {
+            context = JAXBContext.newInstance(getJaxbPackage(), 
+                    getClass().getClassLoader());
+            Unmarshaller u = context.createUnmarshaller();
+            JAXBElement<TLSClientParametersType> jaxb = 
+                u.unmarshal(n, TLSClientParametersType.class);
+            TLSClientParameters params = 
+                new TLSClientParametersConfig(jaxb.getValue());
+            bean.addPropertyValue("tlsClientParameters", params);
+        } catch (Exception e) {
+            throw new RuntimeException("Could not process configuration.", e);
+        }
+    }
+    
+    /**
      * This method finds the class or bean associated with the named element
      * and sets the bean property that is associated with the same name as
      * the element.
@@ -93,7 +133,7 @@
      * @param bean         The Bean Definition Parser.
      * @param elementClass The Class a bean or class is supposed to be.
      */
-    protected void mapElement(
+    protected void mapBeanOrClassElement(
         Element               element, 
         BeanDefinitionBuilder bean,
         Class                 elementClass
@@ -131,7 +171,6 @@
         }
         String beanref = element.getAttribute("bean");
         if (beanref != null && !beanref.equals("")) {
-            System.out.print("Bean property is " + beanref);
             if (classProperty != null && !classProperty.equals("")) {
                 throw new IllegalArgumentException(
                         "Element '" + elementName + "' cannot have both "

Modified: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpDestinationBeanDefinitionParser.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpDestinationBeanDefinitionParser.java?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpDestinationBeanDefinitionParser.java (original)
+++ incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpDestinationBeanDefinitionParser.java Thu May 24 23:44:27 2007
@@ -18,10 +18,18 @@
  */
 package org.apache.cxf.transport.http.spring;
 
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.Unmarshaller;
 import javax.xml.namespace.QName;
 
 import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
 
+import org.apache.cxf.configuration.jsse.TLSServerParameters;
+import org.apache.cxf.configuration.jsse.spring.TLSServerParametersConfig;
+import org.apache.cxf.configuration.security.TLSServerParametersType;
 import org.apache.cxf.configuration.spring.AbstractBeanDefinitionParser;
 import org.apache.cxf.transport.http.AbstractHTTPDestination;
 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
@@ -34,14 +42,66 @@
     public void doParse(Element element, BeanDefinitionBuilder bean) {
         bean.setAbstract(true);
         mapElementToJaxbProperty(element, bean, new QName(HTTP_NS, "server"), "server");
+        
+        // DEPRECATED: This element is deprecated in favor of tlsServerParameters.
         mapElementToJaxbProperty(element, bean, new QName(HTTP_NS, "sslServer"), "sslServer");
+        
         mapElementToJaxbProperty(element, bean, new QName(HTTP_NS, "authorization"), "authorization");
         mapElementToJaxbProperty(element, bean, new QName(HTTP_NS, "fixedParameterOrder"),
                                  "fixedParameterOrder");
         mapElementToJaxbProperty(element, bean, new QName(HTTP_NS, "contextMatchStrategy"),
                                  "contextMatchStrategy");
+        
+        mapSpecificElements(element, bean);
     }
-    
+
+    /**
+     * This method specifically maps the "tlsServerParameters" on the 
+     * HTTPDestination.
+     * 
+     * @param parent This should represent "destination".
+     * @param bean   The bean parser.
+     */
+    private void mapSpecificElements(
+        Element               parent, 
+        BeanDefinitionBuilder bean
+    ) {
+        NodeList nl = parent.getChildNodes();
+        for (int i = 0; i < nl.getLength(); i++) {
+            Node n = nl.item(i);
+            if (n.getNodeType() == Node.ELEMENT_NODE 
+                && n.getLocalName().equals("tlsServerParameters")
+                && n.getNamespaceURI().equals(HTTP_NS)) {
+                
+                this.mapTLSServerParameters(n, bean);
+            }
+        }
+    }
+
+    /**
+     * Inject the "setTlsServerParameters" method with
+     * a TLSServerParametersConfig object initialized with the JAXB
+     * generated type unmarshalled from the selected node.
+     */
+    public void mapTLSServerParameters(Node n, BeanDefinitionBuilder bean) {
+
+        // Unmarshal the JAXB Generated Type from Config and inject
+        // the configured TLSClientParameters into the HTTPDestination.
+        JAXBContext context = null;
+        try {
+            context = JAXBContext.newInstance(getJaxbPackage(), 
+                                  getClass().getClassLoader());
+            Unmarshaller u = context.createUnmarshaller();
+            JAXBElement<TLSServerParametersType> jaxb = 
+                u.unmarshal(n, TLSServerParametersType.class);
+            TLSServerParameters params = 
+                new TLSServerParametersConfig(jaxb.getValue());
+            bean.addPropertyValue("tlsServerParameters", params);
+        } catch (Exception e) {
+            throw new RuntimeException("Could not process configuration.", e);
+        }
+    }
+
     @Override
     protected String getJaxbPackage() {
         return "org.apache.cxf.transports.http.configuration";

Modified: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java (original)
+++ incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java Thu May 24 23:44:27 2007
@@ -23,16 +23,21 @@
 import java.net.HttpURLConnection;
 import java.net.Proxy;
 import java.net.URL;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
 import java.util.logging.Handler;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
+import javax.imageio.IIOException;
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSession;
 
 import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.configuration.jsse.TLSClientParameters;
 import org.apache.cxf.configuration.security.SSLClientPolicy;
 import org.apache.cxf.transport.http.HTTPConduit;
 import org.apache.cxf.transport.http.HttpURLConnectionFactory;
@@ -78,9 +83,15 @@
      * This field contains the TLS configuration for URLs created
      * by this factory.
      */
+    @Deprecated
     SSLClientPolicy sslPolicy;
     
-   
+    /**
+     * This field contains the TLS configuration for the URLs created by
+     * this factory.
+     */
+    TLSClientParameters tlsClientParameters;
+    
     /**
      * This constructor initialized the factory with the configured SSL Client
      * Side Policy for the HTTPConduit for which this factory is used.
@@ -88,9 +99,22 @@
      * @param policy The SSL Client Side Policy. This parameter is guaranteed 
      *               to be non-null.
      */
+    @Deprecated
     public HttpsURLConnectionFactory(SSLClientPolicy policy) {
         sslPolicy        = policy;
     }
+
+    /**
+     * This constructor initialized the factory with the configured TLS
+     * Client Parameters for the HTTPConduit for which this factory is used.
+     * 
+     * @param params The TLS Client Parameters. This parameter is guaranteed 
+     *               to be non-null.
+     */
+    public HttpsURLConnectionFactory(TLSClientParameters params) {
+        tlsClientParameters        = params;
+        assert tlsClientParameters != null;
+    }
     
     /**
      * Create a HttpURLConnection, proxified if neccessary.
@@ -119,8 +143,26 @@
                                    ? url.openConnection(proxy)
                                    : url.openConnection());
                                    
-        decorate(connection);
-        
+        if (tlsClientParameters != null) {
+            Exception ex = null;
+            try {
+                decorateWithTLS(connection);
+            } catch (Exception e) {
+                ex = e;
+            } finally {
+                if (ex != null) {
+                    if (ex instanceof IOException) {
+                        throw (IOException) ex;
+                    }
+                    throw new IIOException("Error while initializing secure socket", ex);
+                }
+            }
+        } else if (sslPolicy != null) {
+            decorate(connection);
+        } else {
+            assert false;
+        }
+
         return connection;
     }
 
@@ -153,6 +195,7 @@
      * 
      * @param secureConnection the secure connection
      */
+    @Deprecated
     protected void decorate(HttpsURLConnection secureConnection) {
         String keyStoreLocation =
             SSLUtils.getKeystore(sslPolicy.getKeystore(), LOG);
@@ -223,6 +266,46 @@
                                         LOG);
     }
     
+    /**
+     * This method assigns the various TLS parameters on the HttpsURLConnection
+     * from the TLS Client Parameters.
+     */
+    protected void decorateWithTLS(HttpsURLConnection connection)
+        throws NoSuchAlgorithmException,
+               NoSuchProviderException,
+               KeyManagementException {
+        String provider = tlsClientParameters.getJsseProvider();
+        
+        String protocol = tlsClientParameters.getSecureSocketProtocol() != null
+                  ? tlsClientParameters.getSecureSocketProtocol()
+                  : "TLS";
+                  
+        SSLContext ctx = provider == null
+                  ? SSLContext.getInstance(protocol)
+                  : SSLContext.getInstance(protocol, provider);
+                  
+        ctx.init(
+            tlsClientParameters.getKeyManagers(), 
+            tlsClientParameters.getTrustManagers(), 
+            tlsClientParameters.getSecureRandom());
+        
+        // The "false" argument means opposite of exclude.
+        String[] cipherSuites =
+            SSLUtils.getCiphersuites(tlsClientParameters.getCipherSuites(),
+                                     SSLUtils.getSupportedCipherSuites(ctx),
+                                     tlsClientParameters.getCipherSuitesFilter(),
+                                     LOG, false);
+
+        connection.setHostnameVerifier(
+                    new AlwaysTrueHostnameVerifier());
+        
+        // The SSLSocketFactoryWrapper enables certain cipher suites
+        // from the policy.
+        connection.setSSLSocketFactory(
+            new SSLSocketFactoryWrapper(ctx.getSocketFactory(),
+                                        cipherSuites));
+        
+    }
     /*
      *  For development and testing only
      */

Modified: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java (original)
+++ incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java Thu May 24 23:44:27 2007
@@ -166,7 +166,7 @@
         return keystoreManagers;
     }
 
-    protected static TrustManager[] getTrustStoreManagers(
+    public static TrustManager[] getTrustStoreManagers(
                                         boolean pkcs12,
                                         String trustStoreType,
                                         String trustStoreLocation,

Modified: incubator/cxf/trunk/rt/transports/http/src/main/resources/schemas/configuration/http-listener.xsd
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/resources/schemas/configuration/http-listener.xsd?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/resources/schemas/configuration/http-listener.xsd (original)
+++ incubator/cxf/trunk/rt/transports/http/src/main/resources/schemas/configuration/http-listener.xsd Thu May 24 23:44:27 2007
@@ -33,11 +33,16 @@
 
     <xs:element name="listener" type="http-conf:HTTPListenerPolicy"/>
     <xs:element name="sslServer" type="sec:SSLServerPolicy"/>
+    <xs:element name="tlsServerParameters" type="sec:TLSServerParametersType"/>
 
     <xs:complexType name="HTTPListenerConfigBean">
         <xs:sequence>
             <xs:element ref="tns:listener" minOccurs="0"/>
+            
+            <!-- The following element in deprecated in favor of tlsServerParameters -->
             <xs:element ref="tns:sslServer" minOccurs="0"/>
+            
+            <xs:element ref="tns:tlsServerParameters" minOccurs="0"/>
         </xs:sequence>
     </xs:complexType>
 

Modified: incubator/cxf/trunk/rt/transports/http/src/main/resources/schemas/wsdl/http-conf.xsd
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/resources/schemas/wsdl/http-conf.xsd?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/resources/schemas/wsdl/http-conf.xsd (original)
+++ incubator/cxf/trunk/rt/transports/http/src/main/resources/schemas/wsdl/http-conf.xsd Thu May 24 23:44:27 2007
@@ -37,28 +37,31 @@
     <xs:element name="server" type="http-conf:HTTPServerPolicy"/>
     <xs:element name="authorization" type="sec:AuthorizationPolicy"/>
     <xs:element name="sslServer" type="sec:SSLServerPolicy"/>
+    <xs:element name="tlsServerParameters" type="sec:TLSServerParametersType"/>
     <xs:element name="contextMatchStrategy" type="xs:string" default="stem"/>
     <xs:element name="fixedParameterOrder" type="xs:boolean" default="false"/>
 
     <xs:element name="client" type="http-conf:HTTPClientPolicy"/>
     <xs:element name="proxyAuthorization" type="sec:AuthorizationPolicy"/>
     <xs:element name="sslClient" type="sec:SSLClientPolicy"/>
+    <xs:element name="tlsClientParameters" type="sec:TLSClientParametersType"/>
 
     <xs:element name="trustDecider"           type="http-conf:ClassOrBeanType"/>
     <xs:element name="basicAuthSupplier"      type="http-conf:ClassOrBeanType"/>
     
     <xs:element name="conduit">
         <xs:complexType>
-            <xs:sequence>
+            <xs:all>
                 <xs:element ref="http-conf:client" minOccurs="0"/>
                 <xs:element ref="http-conf:authorization" minOccurs="0"/>
                 <xs:element ref="http-conf:proxyAuthorization" minOccurs="0"/>
                 <xs:element ref="http-conf:sslClient" minOccurs="0"/>
+                <xs:element ref="http-conf:tlsClientParameters" minOccurs="0"/>
                 <xs:element ref="http-conf:basicAuthSupplier" 
                 			minOccurs="0" maxOccurs="1"/>
                 <xs:element ref="http-conf:trustDecider" 
                 			minOccurs="0" maxOccurs="1"/>
-            </xs:sequence>
+            </xs:all>
             <xs:attribute name="id" type="xs:string" use="required"/>
         </xs:complexType>
     </xs:element>
@@ -69,14 +72,15 @@
     </xs:complexType>
     
     <xs:element name="destination">
-      <xs:complexType>        
-        <xs:sequence>
+      <xs:complexType>
+        <xs:all>
             <xs:element ref="http-conf:server" minOccurs="0"/>
             <xs:element ref="http-conf:authorization" minOccurs="0"/>
             <xs:element ref="http-conf:sslServer" minOccurs="0"/>
+            <xs:element ref="http-conf:tlsServerParameters" minOccurs="0"/>
             <xs:element ref="http-conf:contextMatchStrategy" minOccurs="0"/>
             <xs:element ref="http-conf:fixedParameterOrder" minOccurs="0"/>
-        </xs:sequence>
+        </xs:all>
         <xs:attribute name="id" type="xs:string" use="required"/>
       </xs:complexType>
    </xs:element>

Modified: incubator/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/HttpsURLConnectionFactoryTest.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/HttpsURLConnectionFactoryTest.java?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/HttpsURLConnectionFactoryTest.java (original)
+++ incubator/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/HttpsURLConnectionFactoryTest.java Thu May 24 23:44:27 2007
@@ -33,7 +33,10 @@
 import org.junit.Before;
 import org.junit.Test;
 
+//DEPRECATED: This class should be removed when we stick with tlsClientParameters
+// for configuration.
 
+@Deprecated
 public class HttpsURLConnectionFactoryTest extends Assert {
 
     protected static final String DROP_BACK_SRC_DIR = 
@@ -127,6 +130,7 @@
     }
     */
 
+    
     @Test
     public void testSetAllData() throws Exception {
         
@@ -218,6 +222,7 @@
             .checkLogContainsString("Unsupported SSLClientPolicy property : CertValidator"));
     }
     
+    
     @Test
     public void testDefaultedCipherSuiteFilters() throws Exception {
         
@@ -261,6 +266,7 @@
         
     }
     
+    
     @Test
     public void testNonDefaultedCipherSuiteFilters() throws Exception {
         
@@ -314,6 +320,7 @@
         
     }
 
+    
     @Test
     public void testAllValidDataJKS() throws Exception {
 
@@ -343,6 +350,7 @@
 
     }
 
+    
     @Test
     public void testAllValidDataPKCS12() throws Exception {
 
@@ -370,6 +378,7 @@
 
     }
 
+    
     @Test
     public void testNonExistentKeystoreJKS() throws Exception {
 
@@ -395,6 +404,7 @@
 
     }
 
+    
     @Test
     public void testNonExistentKeystorePKCS12() throws Exception {
 
@@ -419,6 +429,7 @@
 
     }
 
+    
     @Test
     public void testWrongKeystorePasswordJKS() throws Exception {
 
@@ -456,6 +467,7 @@
 
     }
 
+    
     @Test
     public void testWrongKeystorePasswordPKCS12() throws Exception {
 
@@ -493,6 +505,7 @@
 
     }
 
+    
     @Test
     public void testWrongKeyPasswordJKS() throws Exception {
 
@@ -526,6 +539,7 @@
 
     }
 
+    
     @Test
     public void testWrongKeyPasswordPKCS12() throws Exception {
 
@@ -558,6 +572,7 @@
 
     }
 
+    
     @Test
     public void testAllElementsHaveSetupMethod() throws Exception {
         SSLClientPolicy policy = new SSLClientPolicy();

Modified: incubator/cxf/trunk/systests/pom.xml
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/pom.xml?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/systests/pom.xml (original)
+++ incubator/cxf/trunk/systests/pom.xml Thu May 24 23:44:27 2007
@@ -1,346 +1,296 @@
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
-
-  http://www.apache.org/licenses/LICENSE-2.0
-
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-    <modelVersion>4.0.0</modelVersion>
+<?xml version="1.0"?><project>
+  <parent>
+    <artifactId>cxf-parent</artifactId>
     <groupId>org.apache.cxf</groupId>
-    <artifactId>cxf-systests</artifactId>
-    <packaging>jar</packaging>
     <version>2.0-incubator-SNAPSHOT</version>
-    <name>Apache CXF System Tests</name>
-    <url>http://cwiki.apache.org/CXF</url>
-
-    <parent>
-        <groupId>org.apache.cxf</groupId>
-        <artifactId>cxf-parent</artifactId>
-        <version>2.0-incubator-SNAPSHOT</version>
-        <relativePath>../parent/pom.xml</relativePath>
-    </parent>
-
-    <properties>
-        <surefire.fork.mode>pertest</surefire.fork.mode>
-        <spring.validation.mode>VALIDATION_NONE</spring.validation.mode>
-    </properties>
-
-    <dependencies>
-        <dependency>
-            <groupId>org.apache.geronimo.specs</groupId>
-            <artifactId>geronimo-servlet_2.5_spec</artifactId>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-common-utilities</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-tools-common</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-tools-java2wsdl</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-tools-validator</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-api</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-management</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-core</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-databinding-jaxb</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-frontend-jaxws</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-frontend-js</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-bindings-soap</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-bindings-http</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-transports-http</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-transports-http-jetty</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-transports-local</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-transports-jms</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-ws-addr</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-ws-rm</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-ws-policy</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-integration-jca</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-rt-bindings-coloc</artifactId>
-            <version>${project.version}</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.cxf</groupId>
-            <artifactId>cxf-testutils</artifactId>
-            <version>${project.version}</version>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.derby</groupId>
-            <artifactId>derby</artifactId>
-            <version>${derby.version}</version>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.geronimo.specs</groupId>
-            <artifactId>geronimo-j2ee-management_1.0_spec</artifactId>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.activemq</groupId>
-            <artifactId>activemq-core</artifactId>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>httpunit</groupId>
-            <artifactId>httpunit</artifactId>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>spring-core</artifactId>
-        </dependency>
-
-        <!--dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>spring-web</artifactId>
-            <scope>test</scope>
-        </dependency-->
-
-        <dependency>
-            <groupId>junit</groupId>
-            <artifactId>junit</artifactId>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.easymock</groupId>
-            <artifactId>easymockclassextension</artifactId>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.geronimo.specs</groupId>
-            <artifactId>geronimo-j2ee-connector_1.5_spec</artifactId>
-        </dependency>
-
-        <dependency>
-            <groupId>ant</groupId>
-            <artifactId>ant</artifactId>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>rhino</groupId>
-            <artifactId>js</artifactId>
-            <version>1.6R5</version>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>xmlbeans</groupId>
-            <artifactId>xbean</artifactId>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>org.apache.derby</groupId>
-            <artifactId>derby</artifactId>
-            <version>${derby.version}</version>
-            <scope>test</scope>
-        </dependency>
-
-    </dependencies>
-
-    <build>
+    <relativePath>../parent/pom.xml</relativePath>
+  </parent>
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>org.apache.cxf</groupId>
+  <artifactId>cxf-systests</artifactId>
+  <name>Apache CXF System Tests</name>
+  <version>2.0-incubator-SNAPSHOT</version>
+  <url>http://cwiki.apache.org/CXF</url>
+  <scm>
+    <connection>scm:svn:http://svn.apache.org/repos/asf/incubator/cxf/trunk/systests</connection>
+    <developerConnection>scm:svn:https://svn.apache.org/repos/asf/incubator/cxf/trunk/systests</developerConnection>
+    <url>http://svn.apache.org/viewvc/incubator/cxf/trunk/cxf-parent/cxf-systests</url>
+  </scm>
+  <build>
+    <plugins>
+      <plugin>
+        <artifactId>maven-jar-plugin</artifactId>
+        <executions>
+          <execution>
+            <id>attach-sources</id>
+            <goals>
+              <goal>test-jar</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
+  <profiles>
+    <profile>
+      <id>ibmjdk</id>
+      <activation>
+        <property>
+          <name>java.vendor</name>
+          <value>IBM Corporation</value>
+        </property>
+      </activation>
+      <dependencies>
+        <dependency>
+          <groupId>org.apache.geronimo.specs</groupId>
+          <artifactId>geronimo-ejb_2.1_spec</artifactId>
+          <scope>provided</scope>
+        </dependency>
+      </dependencies>
+    </profile>
+    <profile>
+      <id>test.remoteresources</id>
+      <build>
         <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-jar-plugin</artifactId>
-                <executions>
-                    <execution>
-                        <id>attach-sources</id>
-                        <goals>
-                            <goal>test-jar</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
+          <plugin>
+            <artifactId>maven-remote-resources-plugin</artifactId>
+            <version>1.0-alpha-2-SNAPSHOT</version>
+            <executions>
+              <execution>
+                <id>do-apache-stuff</id>
+                <phase>generate-sources</phase>
+                <goals>
+                  <goal>process</goal>
+                </goals>
+                <configuration>
+                  <resourceBundles>
+                    <resourceBundle>org.apache:apache-jar-resource-bundle:1.1-SNAPSHOT</resourceBundle>
+                    <resourceBundle>org.apache:apache-incubator-disclaimer-resource-bundle:1.0</resourceBundle>
+                  </resourceBundles>
+                  <properties>
+                    <addLicense>true</addLicense>
+                  </properties>
+                </configuration>
+              </execution>
+            </executions>
+          </plugin>
+          <plugin>
+            <artifactId>maven-jar-plugin</artifactId>
+            <executions>
+              <execution>
+                <goals>
+                  <goal>test-jar</goal>
+                </goals>
+              </execution>
+            </executions>
+          </plugin>
         </plugins>
-    </build>
-
-
-    <profiles>
-        <profile>
-            <id>ibmjdk</id>
-            <activation>
-                <property>
-                    <name>java.vendor</name>
-                    <value>IBM Corporation</value>
-                </property>
-            </activation>
-            <!-- ibmjdk also requires this dependency for
-                 the OutBoundConnectionTest -->
-            <dependencies>
-                <dependency>
-                    <groupId>org.apache.geronimo.specs</groupId>
-                    <artifactId>geronimo-ejb_2.1_spec</artifactId>
-                    <scope>provided</scope>
-                </dependency>
-            </dependencies>
-        </profile>
-        <profile>
-            <id>test.remoteresources</id>
-            <build>
-                <plugins>
-                    <plugin>
-                        <artifactId>maven-remote-resources-plugin</artifactId>
-                        <version>1.0-alpha-2-SNAPSHOT</version>
-                        <executions>
-                            <execution>
-                                <id>do-apache-stuff</id>
-                                <phase>generate-sources</phase>
-                                <goals>
-                                    <goal>process</goal>
-                                </goals>
-                                <configuration>
-                                    <resourceBundles>
-                                        <resourceBundle>org.apache:apache-jar-resource-bundle:1.1-SNAPSHOT</resourceBundle>
-                                        <resourceBundle>org.apache:apache-incubator-disclaimer-resource-bundle:1.0</resourceBundle>
-                                    </resourceBundles>
-                                    <properties>
-                                        <addLicense>true</addLicense>
-                                    </properties>
-                                </configuration>
-                            </execution>
-                        </executions>
-                    </plugin>
-                    <plugin>
-                        <groupId>org.apache.maven.plugins</groupId>
-                        <artifactId>maven-jar-plugin</artifactId>
-                        <executions>
-                            <execution>
-                                <goals>
-                                    <goal>test-jar</goal>
-                                </goals>
-                            </execution>
-                        </executions>
-                    </plugin>
-                </plugins>
-            </build>
-            <repositories>
-                <repository>
-                    <id>apache.snapshots</id>
-                    <name>Apache SNAPSHOT repository</name>
-                    <url>http://people.apache.org/repo/m2-snapshot-repository/</url>
-                </repository>
-            </repositories>
-            <pluginRepositories>
-                <pluginRepository>
-                    <id>apache.snapshots</id>
-                    <name>Apache Maven Snapshot Repository</name>
-                    <url>http://people.apache.org/repo/m2-snapshot-repository/</url>
-                    <layout>default</layout>
-                    <snapshots>
-                        <enabled>true</enabled>
-                    </snapshots>
-                    <releases>
-                        <enabled>false</enabled>
-                    </releases>
-                </pluginRepository>
-            </pluginRepositories>
-        </profile>
-    </profiles>
-
-    <scm>
-        <connection>scm:svn:http://svn.apache.org/repos/asf/incubator/cxf/trunk/systests</connection>
-        <developerConnection>scm:svn:https://svn.apache.org/repos/asf/incubator/cxf/trunk/systests</developerConnection>
-      <url>http://svn.apache.org/viewvc/incubator/cxf/trunk/cxf-parent/cxf-systests</url>
-  </scm>
-
-</project>
+      </build>
+      <repositories>
+        <repository>
+          <id>apache.snapshots</id>
+          <name>Apache SNAPSHOT repository</name>
+          <url>http://people.apache.org/repo/m2-snapshot-repository/</url>
+        </repository>
+      </repositories>
+      <pluginRepositories>
+        <pluginRepository>
+          <releases>
+            <enabled>false</enabled>
+          </releases>
+          <snapshots />
+          <id>apache.snapshots</id>
+          <name>Apache Maven Snapshot Repository</name>
+          <url>http://people.apache.org/repo/m2-snapshot-repository/</url>
+        </pluginRepository>
+      </pluginRepositories>
+    </profile>
+  </profiles>
+  <dependencies>
+    <dependency>
+      <groupId>org.apache.geronimo.specs</groupId>
+      <artifactId>geronimo-servlet_2.5_spec</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.cxf</groupId>
+      <artifactId>cxf-common-utilities</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.cxf</groupId>
+      <artifactId>cxf-tools-common</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.cxf</groupId>
+      <artifactId>cxf-tools-java2wsdl</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.cxf</groupId>
+      <artifactId>cxf-tools-validator</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.cxf</groupId>
+      <artifactId>cxf-api</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.cxf</groupId>
+      <artifactId>cxf-rt-management</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.cxf</groupId>
+      <artifactId>cxf-rt-core</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.cxf</groupId>
+      <artifactId>cxf-rt-databinding-jaxb</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.cxf</groupId>
+      <artifactId>cxf-rt-frontend-jaxws</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.cxf</groupId>
+      <artifactId>cxf-rt-frontend-js</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.cxf</groupId>
+      <artifactId>cxf-rt-bindings-soap</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.cxf</groupId>
+      <artifactId>cxf-rt-bindings-http</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.cxf</groupId>
+      <artifactId>cxf-rt-transports-http</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.cxf</groupId>
+      <artifactId>cxf-rt-transports-http-jetty</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.cxf</groupId>
+      <artifactId>cxf-rt-transports-local</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.cxf</groupId>
+      <artifactId>cxf-rt-transports-jms</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.cxf</groupId>
+      <artifactId>cxf-rt-ws-addr</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.cxf</groupId>
+      <artifactId>cxf-rt-ws-rm</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.cxf</groupId>
+      <artifactId>cxf-rt-ws-policy</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.cxf</groupId>
+      <artifactId>cxf-integration-jca</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.cxf</groupId>
+      <artifactId>cxf-rt-bindings-coloc</artifactId>
+      <version>${project.version}</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.cxf</groupId>
+      <artifactId>cxf-testutils</artifactId>
+      <version>${project.version}</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.derby</groupId>
+      <artifactId>derby</artifactId>
+      <version>${derby.version}</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.geronimo.specs</groupId>
+      <artifactId>geronimo-j2ee-management_1.0_spec</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.activemq</groupId>
+      <artifactId>activemq-core</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>httpunit</groupId>
+      <artifactId>httpunit</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework</groupId>
+      <artifactId>spring-core</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.easymock</groupId>
+      <artifactId>easymockclassextension</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.geronimo.specs</groupId>
+      <artifactId>geronimo-j2ee-connector_1.5_spec</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>ant</groupId>
+      <artifactId>ant</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>rhino</groupId>
+      <artifactId>js</artifactId>
+      <version>1.6R5</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>xmlbeans</groupId>
+      <artifactId>xbean</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.derby</groupId>
+      <artifactId>derby</artifactId>
+      <version>${derby.version}</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <version>4.3.1</version>
+    </dependency>
+  </dependencies>
+  <properties>
+    <surefire.fork.mode>pertest</surefire.fork.mode>
+    <spring.validation.mode>VALIDATION_NONE</spring.validation.mode>
+  </properties>
+</project>
\ No newline at end of file

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPConduit2Test.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPConduit2Test.java?view=auto&rev=541568
==============================================================================
--- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPConduit2Test.java (added)
+++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPConduit2Test.java Thu May 24 23:44:27 2007
@@ -0,0 +1,777 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.http;
+
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.TreeMap;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.xml.namespace.QName;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.configuration.jsse.TLSClientParameters;
+import org.apache.cxf.configuration.security.AuthorizationPolicy;
+import org.apache.cxf.configuration.security.FiltersType;
+import org.apache.cxf.endpoint.Client;
+import org.apache.cxf.frontend.ClientProxy;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+
+import org.apache.cxf.transport.http.HTTPConduit;
+import org.apache.cxf.transport.http.HttpBasicAuthSupplier;
+import org.apache.cxf.transport.http.MessageTrustDecider;
+import org.apache.cxf.transport.http.URLConnectionInfo;
+import org.apache.cxf.transport.http.UntrustedURLConnectionIOException;
+
+import org.apache.cxf.transport.https.HttpsURLConnectionInfo;
+
+import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
+
+import org.apache.hello_world.Greeter;
+import org.apache.hello_world.services.SOAPService;
+
+import org.junit.Before;
+import org.junit.Test;
+
+/**
+ * This class tests several issues and Conduit policies based 
+ * on a set up of redirecting servers.
+ * <pre>
+ * 
+ * Http Redirection:
+ * 
+ * Rethwel(http:9004) ------\
+ *                           ----> Mortimer (http:9000)
+ * Poltim(https:9005) ------/
+ * 
+ * HttpS redirection/Trust:
+ * 
+ * Tarpin(https:9003) ----> Gordy(https:9001) ----> Bethal(https:9002)
+ * 
+ * Redirect Loop:
+ * 
+ * Hurlon (http:9006) ----> Abost(http:9007) ----\
+ *   ^                                            |
+ *   |-------------------------------------------/
+ * 
+ * Hostname Verifier Test
+ * 
+ * Morpit (https:9008)
+ * 
+ * </pre>
+ * The Bethal server issues 401 with differing realms depending on the
+ * User name given in the authorization header.
+ * <p>
+ * The Morpit has a CN that is not equal to "localhost" to kick in
+ * the Hostname Verifier.
+ */
+public class HTTPConduit2Test extends AbstractBusClientServerTestBase {
+
+    private static final boolean IN_PROCESS = true;
+    
+    private static TLSClientParameters tlsClientParameters = new TLSClientParameters();
+    private static Map<String, String> addrMap = new TreeMap<String, String>();
+    private static List<String> servers = new ArrayList<String>();
+
+    static {
+        addrMap.put("Mortimer", "http://localhost:9000/");
+        addrMap.put("Tarpin",   "https://localhost:9003/");
+        addrMap.put("Rethwel",  "http://localhost:9004/");
+        addrMap.put("Poltim",   "https://localhost:9005/");
+        addrMap.put("Gordy",    "https://localhost:9001/");
+        addrMap.put("Bethal",   "https://localhost:9002/");
+        addrMap.put("Abost",    "http://localhost:9007/");
+        addrMap.put("Hurlon",   "http://localhost:9006/");
+        addrMap.put("Morpit",   "https://localhost:9008/");
+    }
+    
+    static {
+        try {
+            String keystore = 
+                Server.class.getResource("resources/Morpit.jks").getFile();
+            //System.out.println("Keystore: " + keystore);
+            KeyManager[] kmgrs = getKeyManagers(getKeyStore("JKS", keystore, "password"), "password");
+            
+            String truststore = 
+                Server.class.getResource("resources/Truststore.jks").getFile();
+            //System.out.println("Truststore: " + truststore);
+            TrustManager[] tmgrs = getTrustManagers(getKeyStore("JKS", truststore, "password"));
+            
+            tlsClientParameters.setKeyManagers(kmgrs);
+            tlsClientParameters.setTrustManagers(tmgrs);
+            FiltersType filters = new FiltersType();
+            filters.getInclude().add(".*_EXPORT_.*");
+            filters.getInclude().add(".*_EXPORT1024_.*");
+            filters.getInclude().add(".*_WITH_DES_.*");
+            filters.getInclude().add(".*_WITH_NULL_.*");
+            filters.getInclude().add(".*_DH_anon_.*");
+            tlsClientParameters.setCipherSuitesFilter(filters);
+        } catch (Exception e) {
+            throw new RuntimeException("Static initialization failed", e);
+        }
+    }
+
+    private final QName serviceName = 
+        new QName("http://apache.org/hello_world", "SOAPService");
+    private final QName bethalQ = 
+        new QName("http://apache.org/hello_world", "Bethal");
+    private final QName gordyQ = 
+        new QName("http://apache.org/hello_world", "Gordy");
+    private final QName tarpinQ = 
+        new QName("http://apache.org/hello_world", "Tarpin");
+    private final QName rethwelQ = 
+        new QName("http://apache.org/hello_world", "Rethwel");
+    private final QName mortimerQ = 
+        new QName("http://apache.org/hello_world", "Mortimer");
+    private final QName poltimQ = 
+        new QName("http://apache.org/hello_world", "Poltim");
+    private final QName hurlonQ = 
+        new QName("http://apache.org/hello_world", "Hurlon");
+    // PMD Violation because it is not used, but 
+    // it is here for completeness.
+    //private final QName abostQ = 
+        //new QName("http://apache.org/hello_world", "Abost");
+    public HTTPConduit2Test() {
+    }
+
+    /**
+     * This function is used to start up a server. It only "starts" a
+     * server if it hasn't been started before, hence its static nature.
+     * <p>
+     * This approach is used to start the needed servers for a particular test
+     * instead of starting them all in "startServers". This single needed
+     * server approach allieviates the pain in starting them all just to run
+     * a particular test in the debugger.
+     */
+    public static synchronized boolean startServer(String name) {
+        if (servers.contains(name)) {
+            return true;
+        }
+        URL serverC =
+            Server.class.getResource("resources/" + name + "-2.cxf");
+        boolean server = launchServer(Server.class, null,
+                new String[] { 
+                    name, 
+                    addrMap.get(name),
+                    serverC.toString() }, 
+                IN_PROCESS);
+        if (server) {
+            servers.add(name);
+        }
+        return server;
+    }
+    
+    @Before
+    public void setUp() {
+        // TODO: Do I need this?
+        System.setProperty("org.apache.cxf.bus.factory", 
+                "org.apache.cxf.bus.CXFBusFactory");
+    }
+
+    public static KeyStore getKeyStore(String ksType, String file, String ksPassword)
+        throws GeneralSecurityException,
+               IOException {
+        
+        String type = ksType != null
+                    ? ksType
+                    : KeyStore.getDefaultType();
+                    
+        char[] password = ksPassword != null
+                    ? ksPassword.toCharArray()
+                    : null;
+
+        // We just use the default Keystore provider
+        KeyStore keyStore = KeyStore.getInstance(type);
+        
+        keyStore.load(new FileInputStream(file), password);
+        
+        return keyStore;
+    }
+
+    public static KeyManager[] getKeyManagers(KeyStore keyStore, String keyPassword) 
+        throws GeneralSecurityException,
+               IOException {
+        // For tests, we just use the default algorithm
+        String alg = KeyManagerFactory.getDefaultAlgorithm();
+        
+        char[] keyPass = keyPassword != null
+                     ? keyPassword.toCharArray()
+                     : null;
+        
+        // For tests, we just use the default provider.
+        KeyManagerFactory fac = KeyManagerFactory.getInstance(alg);
+                     
+        fac.init(keyStore, keyPass);
+        
+        return fac.getKeyManagers();
+    }
+
+    public static TrustManager[] getTrustManagers(KeyStore keyStore) 
+        throws GeneralSecurityException,
+               IOException {
+        // For tests, we just use the default algorithm
+        String alg = TrustManagerFactory.getDefaultAlgorithm();
+        
+        // For tests, we just use the default provider.
+        TrustManagerFactory fac = TrustManagerFactory.getInstance(alg);
+                     
+        fac.init(keyStore);
+        
+        return fac.getTrustManagers();
+    }
+    
+    
+    @Test
+    public void testBasicConnection() throws Exception {
+        startServer("Mortimer");
+        URL wsdl = getClass().getResource("resources/greeting.wsdl");
+        assertNotNull("WSDL is null", wsdl);
+
+        SOAPService service = new SOAPService(wsdl, serviceName);
+        assertNotNull("Service is null", service);
+
+        Greeter mortimer = service.getPort(mortimerQ, Greeter.class);
+        assertNotNull("Port is null", mortimer);
+        
+        String answer = mortimer.sayHi();
+        assertTrue("Unexpected answer: " + answer, 
+                "Bonjour from Mortimer".equals(answer));
+    }
+
+    /**
+     * This methods tests that a conduit that is not configured
+     * to follow redirects will not. The default is not to 
+     * follow redirects. 
+     * Rethwel redirects to Mortimer.
+     * 
+     * Note: Unfortunately, the invocation will 
+     * "fail" for any number of other reasons.
+     * 
+     */
+    @Test
+    public void testHttp2HttpRedirectFail() throws Exception {
+        startServer("Mortimer");
+        startServer("Rethwel");
+
+        URL wsdl = getClass().getResource("resources/greeting.wsdl");
+        assertNotNull("WSDL is null", wsdl);
+
+        SOAPService service = new SOAPService(wsdl, serviceName);
+        assertNotNull("Service is null", service);
+
+        Greeter rethwel = service.getPort(rethwelQ, Greeter.class);
+        assertNotNull("Port is null", rethwel);
+        
+        String answer = null;
+        try {
+            answer = rethwel.sayHi();
+            fail("Redirect didn't fail. Got answer: " + answer);
+        } catch (Exception e) {
+            //e.printStackTrace();
+        }
+        
+    }
+    
+    /**
+     * We use this class to reset the default bus.
+     * Note: This may not always work in the future.
+     * I was lucky in that "defaultBus" is actually a 
+     * protected static.
+     */
+    class DefaultBusFactory extends SpringBusFactory {
+        public Bus createBus(URL config) {
+            Bus bus = super.createBus(config, true);
+            BusFactory.setDefaultBus(bus);
+            BusFactory.setThreadDefaultBus(bus);
+            return bus;
+        }
+    }
+    
+    /**
+     * This method tests if http to http redirects work.
+     * Rethwel redirects to Mortimer.
+     */
+    @Test
+    public void testHttp2HttpRedirect() throws Exception {
+        startServer("Mortimer");
+        startServer("Rethwel");
+
+        URL config = getClass().getResource("resources/Http2HttpRedirect.cxf");
+    
+        // We go through the back door, setting the default bus.
+        new DefaultBusFactory().createBus(config);
+        
+        URL wsdl = getClass().getResource("resources/greeting.wsdl");
+        assertNotNull("WSDL is null", wsdl);
+
+        SOAPService service = new SOAPService(wsdl, serviceName);
+        assertNotNull("Service is null", service);
+
+        Greeter rethwel = service.getPort(rethwelQ, Greeter.class);
+        assertNotNull("Port is null", rethwel);
+        
+        String answer = rethwel.sayHi();
+        assertTrue("Unexpected answer: " + answer, 
+                "Bonjour from Mortimer".equals(answer));
+    }
+    
+    /**
+     * This methods tests that a redirection loop will fail.
+     * Hurlon redirects to Abost, which redirects to Hurlon.
+     * 
+     * Note: Unfortunately, the invocation may "fail" for any
+     * number of reasons.
+     */
+    @Test
+    public void testHttp2HttpLoopRedirectFail() throws Exception {
+        startServer("Abost");
+        startServer("Hurlon");
+
+        URL config = getClass().getResource(
+                    "resources/Http2HttpLoopRedirectFail.cxf");
+        
+        // We go through the back door, setting the default bus.
+        new DefaultBusFactory().createBus(config);
+        
+        URL wsdl = getClass().getResource("resources/greeting.wsdl");
+        assertNotNull("WSDL is null", wsdl);
+
+        SOAPService service = new SOAPService(wsdl, serviceName);
+        assertNotNull("Service is null", service);
+
+        Greeter hurlon = service.getPort(hurlonQ, Greeter.class);
+        assertNotNull("Port is null", hurlon);
+        
+        String answer = null;
+        try {
+            answer = hurlon.sayHi();
+            fail("Redirect didn't fail. Got answer: " + answer);
+        } catch (Exception e) {
+            // This exception will be one of not being able to
+            // read from the StreamReader
+            //e.printStackTrace();
+        }
+        
+    }
+    /**
+     * This methods tests a basic https connection to Bethal.
+     * It supplies an authorization policy with premetive user/pass
+     * to avoid the 401.
+     */
+    @Test
+    public void testHttpsBasicConnection() throws Exception {
+        startServer("Bethal");
+
+        URL wsdl = getClass().getResource("resources/greeting.wsdl");
+        assertNotNull("WSDL is null", wsdl);
+
+        SOAPService service = new SOAPService(wsdl, serviceName);
+        assertNotNull("Service is null", service);
+
+        Greeter bethal = service.getPort(bethalQ, Greeter.class);
+        assertNotNull("Port is null", bethal);
+        
+        // Okay, I'm sick of configuration files.
+        // This also tests dynamic configuration of the conduit.
+        Client client = ClientProxy.getClient(bethal);
+        HTTPConduit http = 
+            (HTTPConduit) client.getConduit();
+        
+        HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
+        
+        httpClientPolicy.setAutoRedirect(false);
+        // If we set any name, but Edward, Mary, or George,
+        // and a password of "password" we will get through
+        // Bethal.
+        AuthorizationPolicy authPolicy = new AuthorizationPolicy();
+        authPolicy.setUserName("Betty");
+        authPolicy.setPassword("password");
+        
+        http.setClient(httpClientPolicy);
+        http.setTlsClientParameters(tlsClientParameters);
+        http.setAuthorization(authPolicy);
+        
+        String answer = bethal.sayHi();
+        assertTrue("Unexpected answer: " + answer, 
+                "Bonjour from Bethal".equals(answer));
+    }
+    
+
+    /**
+     * This test should fail when we hit Poltim, since it redirects
+     * to Mortimer, which is an http url, and Poltim is an https server.
+     */
+    @Test
+    public void testHttpsRedirectToHttpFail() throws Exception {
+        startServer("Mortimer");
+        startServer("Poltim");
+
+        URL wsdl = getClass().getResource("resources/greeting.wsdl");
+        assertNotNull("WSDL is null", wsdl);
+
+        SOAPService service = new SOAPService(wsdl, serviceName);
+        assertNotNull("Service is null", service);
+
+        Greeter poltim = service.getPort(poltimQ, Greeter.class);
+        assertNotNull("Port is null", poltim);
+        
+        // Okay, I'm sick of configuration files.
+        // This also tests dynamic configuration of the conduit.
+        Client client = ClientProxy.getClient(poltim);
+        HTTPConduit http = 
+            (HTTPConduit) client.getConduit();
+        
+        HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
+        
+        httpClientPolicy.setAutoRedirect(true);
+        
+        http.setClient(httpClientPolicy);
+        http.setTlsClientParameters(tlsClientParameters);
+        
+        try {
+            String answer = poltim.sayHi();
+            fail("Unexpected answer from Poltim: " + answer);
+        } catch (Exception e) {
+            //e.printStackTrace();
+        }
+    }
+    
+    class MyHttpsTrustDecider extends MessageTrustDecider {
+        
+        private String[] trustName;
+        private int      called;
+        
+        MyHttpsTrustDecider(String name) {
+            trustName = new String[] {name};
+        }
+        
+        MyHttpsTrustDecider(String[] name) {
+            trustName = name;
+        }
+        
+        public int wasCalled() {
+            return called;
+        }
+        
+        public void establishTrust(
+            String            conduitName,
+            URLConnectionInfo cinfo,
+            Message           message
+        ) throws UntrustedURLConnectionIOException {
+        
+            called++;
+
+            HttpsURLConnectionInfo ci = (HttpsURLConnectionInfo) cinfo;
+            boolean trusted = false;
+            for (int i = 0; i < trustName.length; i++) {
+                trusted = trusted 
+                         || ci.getPeerPrincipal()
+                                 .toString().contains("OU=" + trustName[i]);
+            }
+            if (!trusted) {
+                throw new UntrustedURLConnectionIOException(
+                        "Peer Principal \"" 
+                        + ci.getPeerPrincipal() 
+                        + "\" does not contain " 
+                        + getTrustNames());
+            }
+        }
+        
+        private String getTrustNames() {
+            StringBuffer sb = new StringBuffer();
+            for (int i = 0; i < trustName.length; i++) {
+                sb.append("\"OU=");
+                sb.append(trustName[i]);
+                sb.append("\"");
+                if (i < trustName.length - 1) {
+                    sb.append(", ");
+                }
+            }
+            return sb.toString();
+        }
+    }
+    
+
+    @Test
+    public void testHttpsTrust() throws Exception {
+        startServer("Bethal");
+
+        URL wsdl = getClass().getResource("resources/greeting.wsdl");
+        assertNotNull("WSDL is null", wsdl);
+
+        SOAPService service = new SOAPService(wsdl, serviceName);
+        assertNotNull("Service is null", service);
+
+        Greeter bethal = service.getPort(bethalQ, Greeter.class);
+        assertNotNull("Port is null", bethal);
+        
+        // Okay, I'm sick of configuration files.
+        // This also tests dynamic configuration of the conduit.
+        Client client = ClientProxy.getClient(bethal);
+        HTTPConduit http = 
+            (HTTPConduit) client.getConduit();
+        
+        HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
+        
+        httpClientPolicy.setAutoRedirect(false);
+        // If we set any name, but Edward, Mary, or George,
+        // and a password of "password" we will get through
+        // Bethal.
+        AuthorizationPolicy authPolicy = new AuthorizationPolicy();
+        authPolicy.setUserName("Betty");
+        authPolicy.setPassword("password");
+        
+        http.setClient(httpClientPolicy);
+        http.setTlsClientParameters(tlsClientParameters);
+        http.setAuthorization(authPolicy);
+        
+        // Our expected server should be OU=Bethal
+        http.setTrustDecider(new MyHttpsTrustDecider("Bethal"));
+        
+        String answer = bethal.sayHi();
+        assertTrue("Unexpected answer: " + answer, 
+                "Bonjour from Bethal".equals(answer));
+        
+        // Nobody will not equal OU=Bethal
+        MyHttpsTrustDecider trustDecider =
+                                 new MyHttpsTrustDecider("Nobody");
+        http.setTrustDecider(trustDecider);
+        try {
+            answer = bethal.sayHi();
+            fail("Unexpected answer from Bethal: " + answer);
+        } catch (Exception e) {
+            //e.printStackTrace();
+            //assertTrue("Trust Decider was not called", 
+            //              0 > trustDecider.wasCalled());
+        }
+    }
+
+    @Test
+    public void testHttpsTrustRedirect() throws Exception {
+        startServer("Tarpin");
+        startServer("Gordy");
+        startServer("Bethal");
+
+        URL wsdl = getClass().getResource("resources/greeting.wsdl");
+        assertNotNull("WSDL is null", wsdl);
+
+        SOAPService service = new SOAPService(wsdl, serviceName);
+        assertNotNull("Service is null", service);
+
+        Greeter tarpin = service.getPort(tarpinQ, Greeter.class);
+        assertNotNull("Port is null", tarpin);
+        
+        // Okay, I'm sick of configuration files.
+        // This also tests dynamic configuration of the conduit.
+        Client client = ClientProxy.getClient(tarpin);
+        HTTPConduit http = 
+            (HTTPConduit) client.getConduit();
+        
+        HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
+        
+        httpClientPolicy.setAutoRedirect(true);
+        // If we set any name, but Edward, Mary, or George,
+        // and a password of "password" we will get through
+        // Bethal.
+        AuthorizationPolicy authPolicy = new AuthorizationPolicy();
+        authPolicy.setUserName("Betty");
+        authPolicy.setPassword("password");
+        
+        http.setClient(httpClientPolicy);
+        http.setTlsClientParameters(tlsClientParameters);
+        http.setAuthorization(authPolicy);
+        
+        // We get redirected from Tarpin, to Gordy, to Bethal.
+        MyHttpsTrustDecider trustDecider =
+            new MyHttpsTrustDecider(
+                    new String[] {"Tarpin", "Gordy", "Bethal"});
+        http.setTrustDecider(trustDecider);
+        
+        // We actually get our answer from Bethal at the end of the
+        // redirects.
+        String answer = tarpin.sayHi();
+        
+        assertTrue("Trust Decider wasn't called correctly", 
+                       3 == trustDecider.wasCalled());
+        assertTrue("Unexpected answer: " + answer, 
+                "Bonjour from Bethal".equals(answer));
+        
+        // Limit the redirects to 1, since there are two, this should fail.
+        http.getClient().setMaxRetransmits(1);
+
+        try {
+            answer = tarpin.sayHi();
+            fail("Unexpected answer from Tarpin: " + answer);
+        } catch (Exception e) {
+            //e.printStackTrace();
+        }
+        
+        // Set back to unlimited.
+        http.getClient().setMaxRetransmits(-1);
+        
+        // Effectively we will not trust Gordy in the middle.
+        trustDecider = 
+                new MyHttpsTrustDecider(
+                    new String[] {"Tarpin", "Bethal"});
+        http.setTrustDecider(trustDecider);
+        
+        try {
+            answer = tarpin.sayHi();
+            fail("Unexpected answer from Tarpin: " + answer);
+        } catch (Exception e) {
+            //e.printStackTrace();
+            assertTrue("Trust Decider wasn't called correctly",
+                     2 == trustDecider.wasCalled());
+        }
+        
+    }
+
+    public class MyBasicAuthSupplier extends HttpBasicAuthSupplier {
+
+        String realm;
+        String user;
+        String pass;
+        
+        /**
+         * This will loop from Cronus, to Andromeda, to Zorantius
+         */
+        MyBasicAuthSupplier() {
+        }
+        
+        MyBasicAuthSupplier(String r, String u, String p) {
+            realm = r;
+            user  = u;
+            pass  = p;
+        }
+        @Override
+        public UserPass getPreemptiveUserPass(
+                String  conduitName,
+                URL     currentURL,
+                Message message
+        ) {
+            return null;
+        }
+
+        /**
+         * If we don't have the realm set, then we loop
+         * through the realms.
+         */
+        @Override
+        public UserPass getUserPassForRealm(
+                String  conduitName, 
+                URL     currentURL,
+                Message message, 
+                String  reqestedRealm
+        ) {
+            if (realm != null && realm.equals(reqestedRealm)) {
+                return createUserPass(user, pass);
+            }
+            if ("Andromeda".equals(reqestedRealm)) {
+                // This will get us another 401 to Zorantius
+                return createUserPass("Edward", "password");
+            }
+            if ("Zorantius".equals(reqestedRealm)) {
+                // George will get us another 401 to Cronus
+                return createUserPass("George", "password");
+            }
+            if ("Cronus".equals(reqestedRealm)) {
+                // Mary will get us another 401 to Andromeda
+                return createUserPass("Mary", "password");
+            }
+            return null;
+        }
+
+    }
+
+    /**
+     * This tests redirects through Gordy to Bethal. Bethal will
+     * supply a series of 401s. See PushBack401.
+     */
+    @Test
+    public void testHttpsRedirect401Response() throws Exception {
+        startServer("Gordy");
+        startServer("Bethal");
+
+        URL wsdl = getClass().getResource("resources/greeting.wsdl");
+        assertNotNull("WSDL is null", wsdl);
+
+        SOAPService service = new SOAPService(wsdl, serviceName);
+        assertNotNull("Service is null", service);
+
+        Greeter gordy = service.getPort(gordyQ, Greeter.class);
+        assertNotNull("Port is null", gordy);
+        
+        // Okay, I'm sick of configuration files.
+        // This also tests dynamic configuration of the conduit.
+        Client client = ClientProxy.getClient(gordy);
+        HTTPConduit http = 
+            (HTTPConduit) client.getConduit();
+        
+        HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
+        
+        httpClientPolicy.setAutoRedirect(true);
+        http.setClient(httpClientPolicy);
+        http.setTlsClientParameters(tlsClientParameters);
+        
+        // We get redirected from Gordy, to Bethal.
+        http.setTrustDecider(
+                new MyHttpsTrustDecider(
+                        new String[] {"Gordy", "Bethal"}));
+        
+        // Without preemptive user/pass Bethal returns a
+        // 401 for realm Cronus. If we supply any name other
+        // than Edward, George, or Mary, with the pass of "password"
+        // we should succeed.
+        http.setBasicAuthSupplier(
+                new MyBasicAuthSupplier("Cronus", "Betty", "password"));
+        
+        // We actually get our answer from Bethal at the end of the
+        // redirects.
+        String answer = gordy.sayHi();
+        assertTrue("Unexpected answer: " + answer, 
+                "Bonjour from Bethal".equals(answer));
+        
+        // Uhe loop auth supplier, 
+        // We should die with looping realms.
+        http.setBasicAuthSupplier(new MyBasicAuthSupplier());
+        
+        try {
+            answer = gordy.sayHi();
+            fail("Unexpected answer from Gordy: " + answer);
+        } catch (Exception e) {
+            //e.printStackTrace();
+        }
+    }
+    
+}
+

Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPConduit2Test.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPConduit2Test.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPConduitTest.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPConduitTest.java?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPConduitTest.java (original)
+++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/HTTPConduitTest.java Thu May 24 23:44:27 2007
@@ -97,9 +97,9 @@
 
     static {
         addrMap.put("Mortimer", "http://localhost:9000/");
-        addrMap.put("Tarpin",   "http://localhost:9003/");
+        addrMap.put("Tarpin",   "https://localhost:9003/");
         addrMap.put("Rethwel",  "http://localhost:9004/");
-        addrMap.put("Poltim",   "http://localhost:9005/");
+        addrMap.put("Poltim",   "https://localhost:9005/");
         addrMap.put("Gordy",    "https://localhost:9001/");
         addrMap.put("Bethal",   "https://localhost:9002/");
         addrMap.put("Abost",    "http://localhost:9007/");

Added: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Abost-2.cxf
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Abost-2.cxf?view=auto&rev=541568
==============================================================================
--- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Abost-2.cxf (added)
+++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/Abost-2.cxf Thu May 24 23:44:27 2007
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+  
+  http://www.apache.org/licenses/LICENSE-2.0
+  
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+
+<!-- 
+  ** This file configures the Abost Server.
+  ** It is an http server that redirects to Hurlon.
+ -->
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:sec="http://cxf.apache.org/configuration/security"
+  xmlns:http="http://cxf.apache.org/transports/http/configuration"
+  xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
+  xsi:schemaLocation="
+       http://cxf.apache.org/transports/http/configuration
+           http://cxf.apache.org/schema/transports/http.xsd
+       http://www.springframework.org/schema/beans
+           http://www.springframework.org/schema/beans/spring-beans.xsd">
+
+  <http:destination id="{http://apache.org/hello_world}GreeterImplPort.http-destination">
+
+    <http:server RedirectURL="http://localhost:9006/Hurlon"/>
+  </http:destination>
+  
+  <!-- We need a bean named "cxf", or SpringBusFactory barfs -->
+  <bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl"/>
+</beans>



Mime
View raw message