cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r689924 - in /cxf/trunk: api/src/main/java/org/apache/cxf/ws/policy/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/ rt/ws/security/src/main/java/org/apache/cxf/ws/sec...
Date Thu, 28 Aug 2008 18:26:12 GMT
Author: dkulp
Date: Thu Aug 28 11:26:10 2008
New Revision: 689924

URL: http://svn.apache.org/viewvc?rev=689924&view=rev
Log:
Get UsernameToken security-policy working

Added:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java   (with props)
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java   (with props)
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java   (with props)
Modified:
    cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/AssertionInfo.java
    cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/AssertionInfoMap.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP11Constants.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SPConstants.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/LayoutBuilder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/Layout.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SupportingToken.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TransportBinding.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
    cxf/trunk/systests/src/test/java/org/apache/cxf/systest/mtom/MtomPolicyTest.java
    cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/policy/HTTPServerPolicyTest.java
    cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
    cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl

Modified: cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/AssertionInfo.java
URL: http://svn.apache.org/viewvc/cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/AssertionInfo.java?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/AssertionInfo.java (original)
+++ cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/AssertionInfo.java Thu Aug 28 11:26:10 2008
@@ -27,6 +27,7 @@
     
     private boolean asserted;
     private final PolicyAssertion assertion;
+    private String errorMessage;
     
     public AssertionInfo(PolicyAssertion a) {
         assertion = a;
@@ -37,6 +38,14 @@
     public void setAsserted(boolean a) {
         asserted = a;
     }
+    public void setNotAsserted(String message) {
+        asserted = false;
+        errorMessage = message;
+    }
+    public String getErrorMessage() {
+        return errorMessage;
+    }
+    
     public PolicyAssertion getAssertion() {
         return assertion;
     }

Modified: cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/AssertionInfoMap.java
URL: http://svn.apache.org/viewvc/cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/AssertionInfoMap.java?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/AssertionInfoMap.java (original)
+++ cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/AssertionInfoMap.java Thu Aug 28 11:26:10 2008
@@ -113,7 +113,22 @@
                 return;
             }
         }
-        throw new PolicyException(new Message("NO_ALTERNATIVE_EXC", BUNDLE, errors));
+        StringBuilder error = new StringBuilder("\n");
+        for (QName name : errors) {
+            Collection<AssertionInfo> ais = getAssertionInfo(name);
+            for (AssertionInfo ai : ais) {
+                if (!ai.isAsserted()) {
+                    error.append("\n      ");
+                    error.append(name.toString());
+                    if (ai.getErrorMessage() != null) {
+                        error.append(": ").append(ai.getErrorMessage());
+                    }
+                }
+            }
+        }
+        
+        
+        throw new PolicyException(new Message("NO_ALTERNATIVE_EXC", BUNDLE, error.toString()));
     }
 
     

Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=689924&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java (added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java Thu Aug 28 11:26:10 2008
@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security;
+
+/**
+ * 
+ */
+public final class SecurityConstants {
+    public static final String USERNAME = "ws-security.username";
+    public static final String PASSWORD = "ws-security.password";
+    public static final String CALLBACK_HANDLER = "ws-security.callback-handler";
+    
+    private SecurityConstants() {
+        //utility class
+    }
+}

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP11Constants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP11Constants.java?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP11Constants.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP11Constants.java Thu Aug 28 11:26:10 2008
@@ -62,18 +62,6 @@
     public static final QName LAYOUT = new QName(SP_NS, SPConstants.LAYOUT, SP_PREFIX);
 
 
-    public static final QName STRICT = new QName(SP11Constants.SP_NS, SPConstants.LAYOUT_STRICT,
-            SP11Constants.SP_PREFIX);
-
-    public static final QName LAX = new QName(SP11Constants.SP_NS, SPConstants.LAYOUT_LAX ,
-            SP11Constants.SP_PREFIX);
-
-    public static final QName LAXTSFIRST = new QName(SP11Constants.SP_NS,
-            SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST, SP11Constants.SP_PREFIX);
-
-    public static final QName LAXTSLAST = new QName(SP11Constants.SP_NS,
-            SPConstants.LAYOUT_LAX_TIMESTAMP_LAST, SP11Constants.SP_PREFIX);
-
     // ////////////////
 
     public static final QName INCLUDE_TIMESTAMP = new QName(SP_NS,

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java Thu Aug 28 11:26:10 2008
@@ -77,18 +77,6 @@
     public static final QName LAYOUT = new QName(SP_NS, SPConstants.LAYOUT, SP_PREFIX);
 
 
-    public static final QName STRICT = new QName(SP12Constants.SP_NS, SPConstants.LAYOUT_STRICT,
-            SP12Constants.SP_PREFIX);
-
-    public static final QName LAX = new QName(SP12Constants.SP_NS, SPConstants.LAYOUT_LAX ,
-            SP12Constants.SP_PREFIX);
-
-    public static final QName LAXTSFIRST = new QName(SP12Constants.SP_NS,
-            SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST, SP12Constants.SP_PREFIX);
-
-    public static final QName LAXTSLAST = new QName(SP12Constants.SP_NS,
-            SPConstants.LAYOUT_LAX_TIMESTAMP_LAST, SP12Constants.SP_PREFIX);
-
     // ////////////////
 
     public static final QName INCLUDE_TIMESTAMP = new QName(SP12Constants.SP_NS,

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SPConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SPConstants.java?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SPConstants.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SPConstants.java Thu Aug 28 11:26:10 2008
@@ -37,27 +37,16 @@
     
     ////////////////////////////////////////////////////////////////////////////////////////////////
     
+    
     public static final String LAYOUT = "Layout";
 
-    /**
-     * Security Header Layout : Strict
-     */
-    public static final String LAYOUT_STRICT = "Strict";
-
-    /**
-     * Security Header Layout : Lax
-     */
-    public static final String LAYOUT_LAX = "Lax";
-
-    /**
-     * Security Header Layout : LaxTimestampFirst
-     */
-    public static final String LAYOUT_LAX_TIMESTAMP_FIRST = "LaxTimestampFirst";
+    public enum Layout {
+        Lax,
+        Strict,
+        LaxTimestampFirst,
+        LaxTimestampLast
+    };
 
-    /**
-     * Security Header Layout : LaxTimestampLast
-     */
-    public static final String LAYOUT_LAX_TIMESTAMP_LAST = "LaxTimestampLast";
     
     ////////////////////////////////////////////////////////////////////////////////////////////////
 

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/LayoutBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/LayoutBuilder.java?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/LayoutBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/LayoutBuilder.java Thu Aug 28 11:26:10 2008
@@ -62,15 +62,7 @@
         if (polEl != null) {
             Element child = DOMUtils.getFirstElement(polEl);
             if (child != null) {
-                if (SPConstants.LAYOUT_STRICT.equals(child.getLocalName())) {
-                    parent.setValue(SPConstants.LAYOUT_STRICT);
-                } else if (SPConstants.LAYOUT_LAX.equals(child.getLocalName())) {
-                    parent.setValue(SPConstants.LAYOUT_LAX);
-                } else if (SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST.equals(child.getLocalName())) {
-                    parent.setValue(SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST);
-                } else if (SPConstants.LAYOUT_LAX_TIMESTAMP_LAST.equals(child.getLocalName())) {
-                    parent.setValue(SPConstants.LAYOUT_LAX_TIMESTAMP_LAST);
-                }
+                parent.setValue(SPConstants.Layout.valueOf(child.getLocalName()));
             }
         }
     }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java Thu Aug 28 11:26:10 2008
@@ -90,35 +90,34 @@
             for (AssertionInfo ai : ais) {
                 HttpsToken token = (HttpsToken)ai.getAssertion();
                 
-                boolean asserted = true;
                 HttpURLConnection connection = 
                     (HttpURLConnection) message.get("http.connection");
                 
+                ai.setAsserted(true);
                 Map<String, List<String>> headers = getSetProtocolHeaders(message);
                 if (connection instanceof HttpsURLConnection) {
                     HttpsURLConnection https = (HttpsURLConnection)connection;
                     if (token.isRequireClientCertificate()
                         && https.getLocalCertificates().length == 0) {
-                        asserted = false;
+                        ai.setNotAsserted("RequireClientCertificate is set, but no local certificates");
                     }
                     if (token.isHttpBasicAuthentication()) {
                         List<String> auth = headers.get("Authorization");
                         if (auth == null || auth.size() == 0 
                             || !auth.get(0).startsWith("Basic")) {
-                            asserted = false;
+                            ai.setNotAsserted("HttpBasicAuthentication is set, but not being used");
                         }
                     }
                     if (token.isHttpDigestAuthentication()) {
                         List<String> auth = headers.get("Authorization");
                         if (auth == null || auth.size() == 0 
                             || !auth.get(0).startsWith("Digest")) {
-                            asserted = false;
+                            ai.setNotAsserted("HttpDigestAuthentication is set, but not being used");
                         }                        
                     }
                 } else {
-                    asserted = false;
+                    ai.setNotAsserted("HttpURLConnection is not a HttpsURLConnection");
                 }
-                ai.setAsserted(asserted);
             }            
         }
 

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/Layout.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/Layout.java?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/Layout.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/Layout.java Thu Aug 28 11:26:10 2008
@@ -26,8 +26,7 @@
 import org.apache.cxf.ws.security.policy.SPConstants;
 
 public class Layout extends AbstractSecurityAssertion {
-
-    private String value = SPConstants.LAYOUT_LAX;
+    private SPConstants.Layout value = SPConstants.Layout.Lax;
 
     public Layout(SPConstants version) {
         super(version);
@@ -36,22 +35,15 @@
     /**
      * @return Returns the value.
      */
-    public String getValue() {
+    public SPConstants.Layout getValue() {
         return value;
     }
 
     /**
      * @param value The value to set.
      */
-    public void setValue(String value) {
-        if (SPConstants.LAYOUT_LAX.equals(value) || SPConstants.LAYOUT_STRICT.equals(value)
-            || SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST.equals(value)
-            || SPConstants.LAYOUT_LAX_TIMESTAMP_LAST.equals(value)) {
-            this.value = value;
-        } else {
-            // throw new WSSPolicyException("Incorrect layout value : " +
-            // value);
-        }
+    public void setValue(SPConstants.Layout value) {
+        this.value = value;
     }
 
     public QName getRealName() {
@@ -81,20 +73,7 @@
                                  SPConstants.POLICY.getNamespaceURI());
 
         // .. <sp:Strict /> | <sp:Lax /> | <sp:LaxTsFirst /> | <sp:LaxTsLast /> ..
-        if (SPConstants.LAYOUT_STRICT.equals(value)) {
-            writer.writeStartElement(prefix, SPConstants.LAYOUT_STRICT, namespaceURI);
-
-        } else if (SPConstants.LAYOUT_LAX.equals(value)) {
-            writer.writeStartElement(prefix, SPConstants.LAYOUT_LAX, namespaceURI);
-
-        } else if (SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST.equals(value)) {
-            writer.writeStartElement(prefix, SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST, namespaceURI);
-
-        } else if (SPConstants.LAYOUT_LAX_TIMESTAMP_LAST.equals(value)) {
-            writer.writeStartElement(prefix, SPConstants.LAYOUT_LAX_TIMESTAMP_LAST, namespaceURI);
-        }
-
-        writer.writeEndElement();
+        writer.writeEmptyElement(prefix, value.name(), namespaceURI);
 
         // </wsp:Policy>
         writer.writeEndElement();

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SupportingToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SupportingToken.java?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SupportingToken.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SupportingToken.java Thu Aug 28 11:26:10 2008
@@ -19,7 +19,6 @@
 package org.apache.cxf.ws.security.policy.model;
 
 import java.util.ArrayList;
-import java.util.Iterator;
 import java.util.List;
 
 import javax.xml.namespace.QName;
@@ -29,6 +28,9 @@
 import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.policy.SPConstants;
 import org.apache.cxf.ws.security.policy.SPConstants.SupportTokenType;
+import org.apache.neethi.All;
+import org.apache.neethi.ExactlyOne;
+import org.apache.neethi.Policy;
 import org.apache.neethi.PolicyComponent;
 
 public class SupportingToken extends AbstractSecurityAssertion implements AlgorithmWrapper, TokenWrapper {
@@ -279,22 +281,17 @@
         writer.writeStartElement(pPrefix, SPConstants.POLICY.getLocalPart(), SPConstants.POLICY
             .getNamespaceURI());
 
-        Token token;
-        for (Iterator iterator = getTokens().iterator(); iterator.hasNext();) {
+        for (Token token : getTokens()) {
             // [Token Assertion] +
-            token = (Token)iterator.next();
             token.serialize(writer);
         }
 
         if (signedParts != null) {
             signedParts.serialize(writer);
-
         } else if (signedElements != null) {
             signedElements.serialize(writer);
-
         } else if (encryptedParts != null) {
             encryptedParts.serialize(writer);
-
         } else if (encryptedElements != null) {
             encryptedElements.serialize(writer);
         }
@@ -304,4 +301,37 @@
         writer.writeEndElement();
         // </sp:SupportingToken>
     }
+    
+    
+    public Policy getPolicy() {
+        Policy p = new Policy();
+        ExactlyOne ea = new ExactlyOne();
+        p.addPolicyComponent(ea);
+        All all = new All();
+
+        for (Token token : getTokens()) {
+            all.addPolicyComponent(token);
+        }
+        
+        if (signedParts != null) {
+            all.addPolicyComponent(signedParts);
+        } else if (signedElements != null) {
+            all.addPolicyComponent(signedElements);
+        } else if (encryptedParts != null) {
+            all.addPolicyComponent(encryptedParts);
+        } else if (encryptedElements != null) {
+            all.addPolicyComponent(encryptedElements);
+        }        
+        
+        ea.addPolicyComponent(all);
+        PolicyComponent pc = p.normalize(true);
+        if (pc instanceof Policy) {
+            return (Policy)pc;
+        } else {
+            p = new Policy();
+            p.addPolicyComponent(pc);
+            return p;
+        }
+    }
+
 }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TransportBinding.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TransportBinding.java?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TransportBinding.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TransportBinding.java Thu Aug 28 11:26:10 2008
@@ -126,30 +126,6 @@
     }
     public PolicyComponent normalize() {
         return this;
-        /*
-        Policy p = new Policy();
-        ExactlyOne ea = new ExactlyOne();
-        p.addPolicyComponent(ea);
-        All all = new All();
-        if (transportToken != null) {
-            all.addPolicyComponent(transportToken);
-        }
-        if (isIncludeTimestamp()) {
-            all.addPolicyComponent(new PrimitiveAssertion(SP12Constants.INCLUDE_TIMESTAMP));
-        }
-        if (getLayout() != null) {
-            all.addPolicyComponent(getLayout());
-        }
-        ea.addPolicyComponent(all);
-        PolicyComponent pc = p.normalize(true);
-        if (pc instanceof Policy) {
-            return new NestedPrimitiveAssertion(getName(), false, (Policy)pc, true);
-        } else {
-            p = new Policy();
-            p.addPolicyComponent(pc);
-            return new NestedPrimitiveAssertion(getName(), false, p, true);
-        }
-        */
     }
     public Policy getPolicy() {
         Policy p = new Policy();
@@ -174,6 +150,5 @@
             p.addPolicyComponent(pc);
             return p;
         }
-        
     }
 }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java Thu Aug 28 11:26:10 2008
@@ -22,6 +22,7 @@
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.HashSet;
+import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
@@ -37,6 +38,9 @@
 import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.policy.SPConstants;
 import org.apache.cxf.ws.security.policy.model.Layout;
+import org.apache.cxf.ws.security.policy.model.SupportingToken;
+import org.apache.cxf.ws.security.policy.model.Token;
+import org.apache.cxf.ws.security.policy.model.UsernameToken;
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.handler.RequestData;
 import org.apache.ws.security.handler.WSHandler;
@@ -145,20 +149,26 @@
         this.before = before;
     }
     
+    private boolean isRequestor(SoapMessage message) {
+        return Boolean.TRUE.equals(message.containsKey(
+            org.apache.cxf.message.Message.REQUESTOR_ROLE));
+    }  
+    
+    
     protected void checkPolicies(SoapMessage message, RequestData data) {
         AssertionInfoMap aim = message.get(AssertionInfoMap.class);
         // extract Assertion information
+        String action = getString(WSHandlerConstants.ACTION, message);
+        if (action == null) {
+            action = "";
+        }
         if (aim != null) {
             Collection<AssertionInfo> ais = aim.get(SP12Constants.INCLUDE_TIMESTAMP);
             if (ais != null) {
                 for (AssertionInfo ai : ais) {
-                    String action = getString(WSHandlerConstants.ACTION, message);
-                    if (action == null) {
-                        action = WSHandlerConstants.TIMESTAMP;
-                    } else {
-                        action += " " + WSHandlerConstants.TIMESTAMP;
+                    if (!action.contains(WSHandlerConstants.TIMESTAMP)) {
+                        action = WSHandlerConstants.TIMESTAMP + " " + action;
                     }
-                    message.put(WSHandlerConstants.ACTION, action);
                     ai.setAsserted(true);
                 }                    
             }
@@ -167,7 +177,7 @@
                 for (AssertionInfo ai : ais) {
                     Layout lay = (Layout)ai.getAssertion();
                     //wss4j can only do "Lax"
-                    if (SPConstants.LAYOUT_LAX.equals(lay.getValue())) {
+                    if (SPConstants.Layout.Lax == lay.getValue()) {
                         ai.setAsserted(true);
                     }
                 }                    
@@ -178,8 +188,38 @@
                     ai.setAsserted(true);
                 }                    
             }
-
+            ais = aim.get(SP12Constants.SIGNED_SUPPORTING_TOKENS);
+            if (ais != null) {
+                for (AssertionInfo ai : ais) {
+                    SupportingToken sp = (SupportingToken)ai.getAssertion();
+                    action = doTokens(sp.getTokens(), action, aim, message);
+                    ai.setAsserted(true);
+                }                    
+            }
+            message.put(WSHandlerConstants.ACTION, action.trim());
         }
     }
-
+    
+    private String doTokens(List<Token> tokens, 
+                            String action, 
+                            AssertionInfoMap aim,
+                            SoapMessage msg) {
+        for (Token token : tokens) {
+            if (token instanceof UsernameToken) {
+                if (!action.contains(WSHandlerConstants.USERNAME_TOKEN)
+                    && !isRequestor(msg)) {
+                    action = WSHandlerConstants.USERNAME_TOKEN + " " + action;
+                }
+                Collection<AssertionInfo> ais2 = aim.get(SP12Constants.USERNAME_TOKEN);
+                if (ais2 != null && !ais2.isEmpty()) {
+                    for (AssertionInfo ai2 : ais2) {
+                        if (ai2.getAssertion() == token) {
+                            ai2.setAsserted(true);
+                        }
+                    }                    
+                }
+            }
+        }        
+        return action;
+    }
 }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java Thu Aug 28 11:26:10 2008
@@ -33,10 +33,9 @@
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.policy.SP12Constants;
-import org.apache.cxf.ws.security.policy.SPConstants;
-import org.apache.cxf.ws.security.policy.model.Layout;
+import org.apache.cxf.ws.security.policy.model.TransportBinding;
+import org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler;
 import org.apache.ws.security.message.WSSecHeader;
-import org.apache.ws.security.message.WSSecTimestamp;
 
 public class PolicyBasedWSS4JOutInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
     private PolicyBasedWSS4JOutInterceptorInternal ending;
@@ -83,46 +82,21 @@
             AssertionInfoMap aim = message.get(AssertionInfoMap.class);
             // extract Assertion information
             if (aim != null) {
-                WSSecTimestamp timestamp = null;
-                ais = aim.get(SP12Constants.INCLUDE_TIMESTAMP);
-                if (ais != null) {
-                    for (AssertionInfo ai : ais) {
-                        timestamp = new WSSecTimestamp();
-                        timestamp.prepare(saaj.getSOAPPart());
-                        ai.setAsserted(true);
-                    }                    
-                }
-                ais = aim.get(SP12Constants.LAYOUT);
-                if (ais != null) {
-                    for (AssertionInfo ai : ais) {
-                        Layout layout = (Layout)ai.getAssertion();
-                        if (SPConstants.LAYOUT_LAX_TIMESTAMP_LAST.equals(layout.getValue())) {
-                            if (timestamp == null) {
-                                ai.setAsserted(false);
-                            } else {
-                                ai.setAsserted(true);
-                                //get the timestamp into the header first before anything else
-                                timestamp.prependToHeader(secHeader);
-                                timestamp = null;
-                            }
-                        } else if (SPConstants.LAYOUT_STRICT.equals(layout.getValue())) {
-                            //FIXME - don't have strict writing working yet
-                            ai.setAsserted(false);
-                        } else {
-                            ai.setAsserted(true);                            
-                        }
-                    }                    
-                }
+                TransportBinding transport = null;
                 ais = aim.get(SP12Constants.TRANSPORT_BINDING);
                 if (ais != null) {
                     for (AssertionInfo ai : ais) {
+                        transport = (TransportBinding)ai.getAssertion();
                         ai.setAsserted(true);
                     }                    
                 }
-                if (timestamp != null) {
-                    timestamp.prependToHeader(secHeader);
+                
+                
+                if (transport != null) {
+                    new TransportBindingHandler(transport, saaj, secHeader, aim, message).handleBinding();
                 }
             }
+            
         }
 
         public Set<String> getAfter() {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Thu Aug 28 11:26:10 2008
@@ -46,6 +46,7 @@
 import org.apache.cxf.phase.Phase;
 import org.apache.cxf.security.SecurityContext;
 import org.apache.cxf.staxutils.StaxUtils;
+import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSSConfig;
 import org.apache.ws.security.WSSecurityEngine;
@@ -325,7 +326,12 @@
          */
         CallbackHandler cbHandler = null;
         if ((doAction & (WSConstants.ENCR | WSConstants.UT)) != 0) {
-            cbHandler = getPasswordCB(reqData);
+            cbHandler 
+                = (CallbackHandler)((SoapMessage)reqData.getMsgContext())
+                    .getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
+            if (cbHandler == null) {
+                cbHandler = getPasswordCB(reqData);
+            }
         }
         return cbHandler;
     }

Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java?rev=689924&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java (added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java Thu Aug 28 11:26:10 2008
@@ -0,0 +1,155 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.wss4j.policyhandlers;
+
+import java.util.Collection;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.xml.soap.SOAPMessage;
+
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.ws.policy.AssertionInfo;
+import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.policy.model.Binding;
+import org.apache.cxf.ws.security.policy.model.SupportingToken;
+import org.apache.cxf.ws.security.policy.model.Token;
+import org.apache.cxf.ws.security.policy.model.UsernameToken;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.message.WSSecHeader;
+import org.apache.ws.security.message.WSSecUsernameToken;
+
+/**
+ * 
+ */
+public class BindingBuilder {
+    SOAPMessage saaj;
+    WSSecHeader secHeader;
+    AssertionInfoMap aim;
+    Binding binding;
+    SoapMessage message;
+    
+    public BindingBuilder(Binding binding,
+                           SOAPMessage saaj,
+                           WSSecHeader secHeader,
+                           AssertionInfoMap aim,
+                           SoapMessage message) {
+        this.binding = binding;
+        this.aim = aim;
+        this.secHeader = secHeader;
+        this.saaj = saaj;
+        this.message = message;
+    }
+
+    
+    private boolean isRequestor() {
+        return Boolean.TRUE.equals(message.containsKey(
+            org.apache.cxf.message.Message.REQUESTOR_ROLE));
+    }  
+    
+    
+    protected void handleSupportingTokens(SupportingToken suppTokens) {
+        for (Token token : suppTokens.getTokens()) {
+            if (token instanceof UsernameToken) {
+                WSSecUsernameToken utBuilder = addUsernameToken((UsernameToken)token);
+                if (utBuilder != null) {
+                    utBuilder.prepare(saaj.getSOAPPart());
+                    utBuilder.appendToHeader(secHeader);
+                }
+            }
+        }
+    }
+    
+    
+    
+    protected WSSecUsernameToken addUsernameToken(UsernameToken token) {
+        
+        AssertionInfo info = null;
+        Collection<AssertionInfo> ais = aim.getAssertionInfo(token.getName());
+        for (AssertionInfo ai : ais) {
+            if (ai.getAssertion() == token) {
+                info = ai;
+                if (!isRequestor()) {
+                    info.setAsserted(true);
+                    return null;
+                }
+            }
+        }
+        
+        String userName = (String)message.getContextualProperty(SecurityConstants.USERNAME);
+        
+        if (!StringUtils.isEmpty(userName)) {
+            // If NoPassword property is set we don't need to set the password
+            if (token.isNoPassword()) {
+                WSSecUsernameToken utBuilder = new WSSecUsernameToken();
+                utBuilder.setUserInfo(userName, null);
+                utBuilder.setPasswordType(null);
+                info.setAsserted(true);
+                return utBuilder;
+            }
+            
+            String password = (String)message.getContextualProperty(SecurityConstants.PASSWORD);
+            if (StringUtils.isEmpty(password)) {
+                
+                //Then try to get the password from the given callback handler
+                CallbackHandler handler 
+                    = (CallbackHandler)message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
+            
+                if (handler == null) {
+                    info.setNotAsserted("No callback handler and not password available");
+                    return null;
+                }
+                
+                WSPasswordCallback[] cb = {new WSPasswordCallback(userName,
+                                                                  WSPasswordCallback.USERNAME_TOKEN)};
+                try {
+                    handler.handle(cb);
+                } catch (Exception e) {
+                    //REVISIT - Exception?
+                }
+                
+                //get the password
+                password = cb[0].getPassword();
+            }
+            
+            if (!StringUtils.isEmpty(password)) {
+                //If the password is available then build the token
+                WSSecUsernameToken utBuilder = new WSSecUsernameToken();
+                if (token.isHashPassword()) {
+                    utBuilder.setPasswordType(WSConstants.PASSWORD_DIGEST);  
+                } else {
+                    utBuilder.setPasswordType(WSConstants.PASSWORD_TEXT);
+                }
+                
+                utBuilder.setUserInfo(userName, password);
+                info.setAsserted(true);
+                return utBuilder;
+            } else {
+                info.setNotAsserted("No password available");
+            }
+        } else {
+            info.setNotAsserted("No username available");
+        }
+        return null;
+    }
+
+}

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=689924&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java (added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java Thu Aug 28 11:26:10 2008
@@ -0,0 +1,102 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.wss4j.policyhandlers;
+
+import java.util.Collection;
+
+import javax.xml.soap.SOAPMessage;
+
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.ws.policy.AssertionInfo;
+import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.cxf.ws.security.policy.SP12Constants;
+import org.apache.cxf.ws.security.policy.SPConstants;
+import org.apache.cxf.ws.security.policy.model.Layout;
+import org.apache.cxf.ws.security.policy.model.SupportingToken;
+import org.apache.cxf.ws.security.policy.model.TransportBinding;
+import org.apache.ws.security.message.WSSecHeader;
+import org.apache.ws.security.message.WSSecTimestamp;
+
+/**
+ * 
+ */
+public class TransportBindingHandler extends BindingBuilder {
+    TransportBinding tbinding;
+    
+    public TransportBindingHandler(TransportBinding binding,
+                                    SOAPMessage saaj,
+                                    WSSecHeader secHeader,
+                                    AssertionInfoMap aim,
+                                    SoapMessage message) {
+        super(binding, saaj, secHeader, aim, message);
+        this.tbinding = binding;
+    }
+    
+    public void handleBinding() {
+        Collection<AssertionInfo> ais;
+        WSSecTimestamp timestamp = null;
+        ais = aim.get(SP12Constants.INCLUDE_TIMESTAMP);
+        if (ais != null) {
+            for (AssertionInfo ai : ais) {
+                timestamp = new WSSecTimestamp();
+                timestamp.prepare(saaj.getSOAPPart());
+                ai.setAsserted(true);
+            }                    
+        }
+        ais = aim.get(SP12Constants.LAYOUT);
+        if (ais != null) {
+            for (AssertionInfo ai : ais) {
+                Layout layout = (Layout)ai.getAssertion();
+                if (SPConstants.Layout.LaxTimestampLast == layout.getValue()) {
+                    if (timestamp == null) {
+                        ai.setAsserted(false);
+                    } else {
+                        ai.setAsserted(true);
+                        //get the timestamp into the header first before anything else
+                        timestamp.prependToHeader(secHeader);
+                        timestamp = null;
+                    }
+                } else if (SPConstants.Layout.Strict == layout.getValue()) {
+                    //FIXME - don't have strict writing working yet
+                    ai.setAsserted(false);
+                } else {
+                    ai.setAsserted(true);                            
+                }
+            }                    
+        }
+        ais = aim.get(SP12Constants.SIGNED_SUPPORTING_TOKENS);
+        if (ais != null) {
+            SupportingToken sgndSuppTokens = null;
+            for (AssertionInfo ai : ais) {
+                sgndSuppTokens = (SupportingToken)ai.getAssertion();
+                ai.setAsserted(true);
+            }
+            if (sgndSuppTokens != null && sgndSuppTokens.getTokens() != null 
+                && sgndSuppTokens.getTokens().size() > 0) {
+                handleSupportingTokens(sgndSuppTokens);
+            }
+        }
+
+        if (timestamp != null) {
+            timestamp.prependToHeader(secHeader);
+        }
+    }
+
+}

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/trunk/systests/src/test/java/org/apache/cxf/systest/mtom/MtomPolicyTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/mtom/MtomPolicyTest.java?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/systests/src/test/java/org/apache/cxf/systest/mtom/MtomPolicyTest.java (original)
+++ cxf/trunk/systests/src/test/java/org/apache/cxf/systest/mtom/MtomPolicyTest.java Thu Aug 28 11:26:10 2008
@@ -28,6 +28,7 @@
 
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.BusException;
@@ -76,9 +77,11 @@
         
         Node res = invoke(address, "http://schemas.xmlsoap.org/soap/http", "nonmtom.xml");
         
-        assertValid("//faultstring[text()='These policy alternatives can not be satisfied: "
-                    + "[{http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization}"
-                    + "OptimizedMimeSerialization]']", res);
+        NodeList list = assertValid("//faultstring", res);
+        String text = list.item(0).getTextContent();
+        assertTrue(text.contains("These policy alternatives can not be satisfied: "));
+        assertTrue(text.contains("{http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization}"
+                    + "OptimizedMimeSerialization"));
     }
     
     @Test

Modified: cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/policy/HTTPServerPolicyTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/policy/HTTPServerPolicyTest.java?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/policy/HTTPServerPolicyTest.java (original)
+++ cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/policy/HTTPServerPolicyTest.java Thu Aug 28 11:26:10 2008
@@ -119,9 +119,10 @@
         } catch (WebServiceException wse) {
             SoapFault sf = (SoapFault)wse.getCause();
             assertEquals("Server", sf.getFaultCode().getLocalPart());
-            assertEquals("These policy alternatives can not be satisfied: "
-                         + "[{http://cxf.apache.org/transports/http/configuration}server]",
-                         sf.getMessage());
+            
+            String text = sf.getMessage();
+            assertTrue(text.contains("{http://cxf.apache.org/transports/http/configuration}server"));
+            
             // assertEquals("INCOMPATIBLE_HTTPSERVERPOLICY_ASSERTIONS", ex.getCode());
         }
         

Modified: cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java (original)
+++ cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java Thu Aug 28 11:26:10 2008
@@ -19,17 +19,24 @@
 
 package org.apache.cxf.systest.ws.security;
 
+import java.io.IOException;
 import java.math.BigInteger;
 
 import javax.jws.WebService;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.xml.ws.BindingProvider;
 import javax.xml.ws.Endpoint;
 
 import org.apache.cxf.interceptor.LoggingOutInterceptor;
+import org.apache.cxf.jaxws.EndpointImpl;
 import org.apache.cxf.policytest.doubleit.DoubleItPortType;
 import org.apache.cxf.policytest.doubleit.DoubleItService;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
 import org.apache.cxf.ws.policy.PolicyEngine;
-import org.apache.cxf.ws.policy.PolicyException;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.ws.security.WSPasswordCallback;
 import org.junit.BeforeClass;
 import org.junit.Test;
 
@@ -38,14 +45,32 @@
     public static final String POLICY_ADDRESS = "http://localhost:9010/SecPolTest";
     public static final String POLICY_HTTPS_ADDRESS = "https://localhost:9009/SecPolTest";
 
+    
+    public static class ServerPasswordCallback implements CallbackHandler {
+        public void handle(Callback[] callbacks) throws IOException,
+                UnsupportedCallbackException {
+            WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];
+
+            if (pc.getIdentifer().equals("bob")) {
+                // set the password on the callback. This will be compared to the
+                // password which was sent from the client.
+                pc.setPassword("pwd");
+            }
+        }
+    }
+    
+    
+    
     @BeforeClass 
     public static void init() throws Exception {
         
         createStaticBus(SecurityPolicyTest.class.getResource("https_config.xml").toString())
             .getExtension(PolicyEngine.class).setEnabled(true);
         getStaticBus().getOutInterceptors().add(new LoggingOutInterceptor());
-        Endpoint.publish(POLICY_HTTPS_ADDRESS,
-                         new DoubleItImplHttps());
+        EndpointImpl ep = (EndpointImpl)Endpoint.publish(POLICY_HTTPS_ADDRESS,
+                                       new DoubleItImplHttps());
+        ep.getServer().getEndpoint().getEndpointInfo().setProperty(SecurityConstants.CALLBACK_HANDLER,
+                                                                   new ServerPasswordCallback());
         Endpoint.publish(POLICY_ADDRESS,
                          new DoubleItImpl());
     }
@@ -56,6 +81,16 @@
         DoubleItPortType pt;
 
         pt = service.getDoubleItPortHttps();
+        try {
+            pt.doubleIt(BigInteger.valueOf(25));
+        } catch (Exception ex) {
+            String msg = ex.getMessage();
+            if (!msg.contains("UsernameToken: No user")) {
+                throw ex;
+            }
+        }
+        ((BindingProvider)pt).getRequestContext().put(SecurityConstants.USERNAME, "bob");
+        ((BindingProvider)pt).getRequestContext().put(SecurityConstants.PASSWORD, "pwd");
         pt.doubleIt(BigInteger.valueOf(25));
         
         try {
@@ -63,7 +98,8 @@
             pt.doubleIt(BigInteger.valueOf(25));
             fail("https policy should have triggered");
         } catch (Exception ex) {
-            if (!(ex.getCause().getCause() instanceof PolicyException)) {
+            String msg = ex.getMessage();
+            if (!msg.contains("HttpsToken")) {
                 throw ex;
             }
         }

Modified: cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl?rev=689924&r1=689923&r2=689924&view=diff
==============================================================================
--- cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl (original)
+++ cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl Thu Aug 28 11:26:10 2008
@@ -90,11 +90,11 @@
                         <sp:HttpsToken RequireClientCertificate="false"/>
                      </wsp:Policy>
                   </sp:TransportToken>
-                  <!--sp:Layout>
+                  <sp:Layout>
                      <wsp:Policy>
                         <sp:Lax/>
                      </wsp:Policy>
-                  </sp:Layout-->
+                  </sp:Layout>
                   <sp:IncludeTimestamp/>
                   <!--sp:AlgorithmSuite>
                      <wsp:Policy>
@@ -108,7 +108,7 @@
                   <sp:MustSupportRefKeyIdentifier/>
                </wsp:Policy>
             </sp:Wss10-->
-            <!-- sp:SignedSupportingTokens>
+            <sp:SignedSupportingTokens>
                <wsp:Policy>
                   <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
                      <wsp:Policy>
@@ -116,7 +116,7 @@
                      </wsp:Policy>
                   </sp:UsernameToken>
                </wsp:Policy>
-            </sp:SignedSupportingTokens-->
+            </sp:SignedSupportingTokens>
          </wsp:All>
       </wsp:ExactlyOne>
    </wsp:Policy>



Mime
View raw message