cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1186845 [2/8] - in /cxf/trunk/services/sts/systests/advanced: ./ src/ src/test/ src/test/java/ src/test/java/org/ src/test/java/org/apache/ src/test/java/org/apache/cxf/ src/test/java/org/apache/cxf/systest/ src/test/java/org/apache/cxf/sy...
Date Thu, 20 Oct 2011 15:15:17 GMT
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/CommonCallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/CommonCallbackHandler.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/CommonCallbackHandler.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/CommonCallbackHandler.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,56 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.common;
+
+import java.io.IOException;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import org.apache.ws.security.WSPasswordCallback;
+
+public class CommonCallbackHandler implements CallbackHandler {
+
+    public void handle(Callback[] callbacks) throws IOException,
+            UnsupportedCallbackException {
+        for (int i = 0; i < callbacks.length; i++) {
+            if (callbacks[i] instanceof WSPasswordCallback) { // CXF
+                WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+                if ("myclientkey".equals(pc.getIdentifier())) {
+                    pc.setPassword("ckpass");
+                    break;
+                } else if ("myservicekey".equals(pc.getIdentifier())) {
+                    pc.setPassword("skpass");
+                    break;
+                } else if ("alice".equals(pc.getIdentifier())) {
+                    pc.setPassword("clarinet");
+                    break;
+                } else if ("bob".equals(pc.getIdentifier())) {
+                    pc.setPassword("trombone");
+                    break;
+                } else if ("eve".equals(pc.getIdentifier())) {
+                    pc.setPassword("evekpass");
+                    break;
+                } else if ("mystskey".equals(pc.getIdentifier())) {
+                    pc.setPassword("stskpass");
+                    break;
+                }
+            }
+        }
+    }
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/DoubleItPortTypeImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/DoubleItPortTypeImpl.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/DoubleItPortTypeImpl.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/DoubleItPortTypeImpl.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,49 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.common;
+
+import java.security.Principal;
+
+import javax.annotation.Resource;
+import javax.jws.WebService;
+import javax.xml.ws.WebServiceContext;
+
+import org.apache.cxf.feature.Features;
+import org.example.contract.doubleit.DoubleItPortType;
+import org.junit.Assert;
+
+@WebService(targetNamespace = "http://www.example.org/contract/DoubleIt", 
+            serviceName = "DoubleItService", 
+            endpointInterface = "org.example.contract.doubleit.DoubleItPortType")
+@Features(features = "org.apache.cxf.feature.LoggingFeature")              
+public class DoubleItPortTypeImpl implements DoubleItPortType {
+    
+    @Resource
+    WebServiceContext wsContext;
+
+    public int doubleIt(int numberToDouble) {
+        Principal pr = wsContext.getUserPrincipal();
+        
+        Assert.assertNotNull("Principal must not be null", pr);
+        Assert.assertNotNull("Principal.getName() must not return null", pr.getName());
+        
+        return numberToDouble * 2;
+    }
+    
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/TokenTestUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/TokenTestUtils.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/TokenTestUtils.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/TokenTestUtils.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,75 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.common;
+
+import java.util.List;
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.endpoint.Client;
+import org.apache.cxf.endpoint.Endpoint;
+import org.apache.cxf.frontend.ClientProxy;
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.cxf.ws.security.trust.STSClient;
+import org.example.contract.doubleit.DoubleItPortType;
+
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+public final class TokenTestUtils {
+    
+    private TokenTestUtils() {
+        //
+    }
+    
+    
+    public static void verifyToken(DoubleItPortType port) throws Exception {
+        Client client = ClientProxy.getClient(port);
+        Endpoint ep = client.getEndpoint();
+        String id = (String)ep.get(SecurityConstants.TOKEN_ID);
+        TokenStore store = (TokenStore)ep.getEndpointInfo().getProperty(TokenStore.class.getName());
+        org.apache.cxf.ws.security.tokenstore.SecurityToken tok = store.getToken(id);
+        assertNotNull(tok);
+        STSClient sts = (STSClient)ep.get(SecurityConstants.STS_CLIENT);
+        
+        List<SecurityToken> validTokens = sts.validateSecurityToken(tok);
+        assertTrue(validTokens != null && !validTokens.isEmpty());
+        
+        //mess with the token a bit to force it to fail to validate
+        Element e = tok.getToken();
+        Element e2 = DOMUtils.getFirstChildWithName(e, e.getNamespaceURI(), "Conditions");
+        String nb = e2.getAttribute("NotBefore");
+        String noa = e2.getAttribute("NotOnOrAfter");
+        nb = "2010" + nb.substring(4);
+        noa = "2010" + noa.substring(4);
+        e2.setAttribute("NotBefore", nb);
+        e2.setAttribute("NotOnOrAfter", noa);
+        try {
+            sts.validateSecurityToken(tok);
+            fail("Failure expected on an invalid token");
+        } catch (org.apache.cxf.ws.security.trust.TrustException ex) {
+            // expected
+        }
+    }
+
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/CustomBSTTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/CustomBSTTokenValidator.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/CustomBSTTokenValidator.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/CustomBSTTokenValidator.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,45 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.custom_onbehalfof;
+
+import org.apache.cxf.ws.security.trust.STSTokenValidator;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.ws.security.validate.Credential;
+
+/**
+ * This class validates a custom BinarySecurityToken by dispatching it to an STS. It then
+ * checks that we get back a SAML2 Assertion from the STS.
+ */
+public class CustomBSTTokenValidator extends STSTokenValidator {
+    
+    public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
+        Credential validatedCredential = super.validate(credential, data);
+        
+        AssertionWrapper transformedToken = validatedCredential.getTransformedToken();
+        if (transformedToken == null || transformedToken.getSaml2() == null
+            || !"DoubleItSTSIssuer".equals(transformedToken.getIssuerString())) {
+            throw new WSSecurityException(WSSecurityException.FAILURE);
+        }
+        
+        return validatedCredential;
+    }
+
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/CustomOnBehalfOfTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/CustomOnBehalfOfTest.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/CustomOnBehalfOfTest.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/CustomOnBehalfOfTest.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,93 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.custom_onbehalfof;
+
+import java.net.URL;
+
+import javax.xml.namespace.QName;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.Service;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+
+import org.example.contract.doubleit.DoubleItPortType;
+import org.junit.BeforeClass;
+
+/**
+ * In this test case, a CXF client requests a Security Token from an STS, passing a username that
+ * it has obtained from an unknown client as an "OnBehalfOf" element. This username is obtained
+ * by parsing the "ws-security.username" property. The client then invokes on the service 
+ * provider using the returned (custom BinarySecurityToken) token from the STS. The service
+ * provider dispatches the received BinarySecurityToken to the STS for validation, and receives
+ * a transformed SAML Token in response.
+ */
+public class CustomOnBehalfOfTest extends AbstractBusClientServerTestBase {
+    
+    private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
+    private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
+    
+    private static final String PORT = allocatePort(Server.class);
+
+    @BeforeClass
+    public static void startServers() throws Exception {
+        assertTrue(
+                   "Server failed to launch",
+                   // run the server in the same process
+                   // set this to false to fork
+                   launchServer(Server.class, true)
+        );
+        assertTrue(
+                   "Server failed to launch",
+                   // run the server in the same process
+                   // set this to false to fork
+                   launchServer(org.apache.cxf.systest.sts.deployment.STSServer.class, true)
+        );
+    }
+
+    @org.junit.Test
+    public void testUsernameOnBehalfOf() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = CustomOnBehalfOfTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = CustomOnBehalfOfTest.class.getResource("DoubleIt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItTransportCustomBSTPort");
+        DoubleItPortType transportPort = 
+            service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(transportPort, PORT);
+
+        // Transport port
+        ((BindingProvider)transportPort).getRequestContext().put(
+            "ws-security.username", "alice"
+        );
+        doubleIt(transportPort, 25);
+    }
+
+    private static void doubleIt(DoubleItPortType port, int numToDouble) {
+        int resp = port.doubleIt(numToDouble);
+        System.out.println("The number " + numToDouble + " doubled is " + resp);
+        assertTrue(resp == 2 * numToDouble);
+    }
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/Server.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/Server.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/Server.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/Server.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.custom_onbehalfof;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class Server extends AbstractBusTestServerBase {
+
+    public Server() {
+
+    }
+
+    protected void run()  {
+        URL busFile = Server.class.getResource("cxf-service.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new Server();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomAttributeStatementProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomAttributeStatementProvider.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomAttributeStatementProvider.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomAttributeStatementProvider.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,79 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.deployment;
+
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.List;
+
+import org.apache.cxf.sts.claims.Claim;
+import org.apache.cxf.sts.claims.ClaimCollection;
+import org.apache.cxf.sts.claims.ClaimsManager;
+import org.apache.cxf.sts.token.provider.AttributeStatementProvider;
+import org.apache.cxf.sts.token.provider.TokenProviderParameters;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.saml.ext.bean.AttributeBean;
+import org.apache.ws.security.saml.ext.bean.AttributeStatementBean;
+
+public class CustomAttributeStatementProvider implements AttributeStatementProvider {
+
+    public AttributeStatementBean getStatement(TokenProviderParameters providerParameters) {
+
+        // Handle Claims
+        ClaimsManager claimsManager = providerParameters.getClaimsManager();
+        ClaimCollection retrievedClaims = new ClaimCollection();
+        if (claimsManager != null) {
+            retrievedClaims = 
+                claimsManager.retrieveClaimValues(
+                    providerParameters.getPrincipal(), providerParameters.getRequestedClaims()
+                );
+        }
+
+        List<AttributeBean> attributeList = new ArrayList<AttributeBean>();
+        String tokenType = providerParameters.getTokenRequirements().getTokenType();
+
+        Iterator<Claim> claimIterator = retrievedClaims.iterator();
+        if (!claimIterator.hasNext()) {
+            return null;
+        }
+
+        AttributeStatementBean attrBean = new AttributeStatementBean();
+        while (claimIterator.hasNext()) {
+            Claim claim = claimIterator.next();
+            AttributeBean attributeBean = new AttributeBean();
+            URI name = claim.getNamespace().relativize(claim.getClaimType());
+            if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
+                    || WSConstants.SAML2_NS.equals(tokenType)) {
+                attributeBean.setQualifiedName(name.toString());
+                attributeBean.setNameFormat(claim.getNamespace().toString());
+            } else {
+                attributeBean.setSimpleName(name.toString());
+                attributeBean.setQualifiedName(claim.getNamespace().toString());
+            }
+            attributeBean.setAttributeValues(Collections.singletonList(claim.getValue()));
+            attributeList.add(attributeBean);
+        }
+        attrBean.setSamlAttributes(attributeList);
+
+        return attrBean;
+    }
+
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomBSTTokenProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomBSTTokenProvider.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomBSTTokenProvider.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomBSTTokenProvider.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,78 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.sts.deployment;
+
+import org.w3c.dom.Document;
+
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.sts.token.provider.TokenProvider;
+import org.apache.cxf.sts.token.provider.TokenProviderParameters;
+import org.apache.cxf.sts.token.provider.TokenProviderResponse;
+import org.apache.cxf.ws.security.sts.provider.STSException;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.message.token.BinarySecurity;
+
+/**
+ * A TokenProvider implementation that creates a (custom) BinarySecurityToken.
+ */
+public class CustomBSTTokenProvider implements TokenProvider {
+
+    private static final String TOKEN_TYPE = 
+        "http://custom.apache.org/token";
+    private static final String BASE64_NS = 
+        WSConstants.SOAPMESSAGE_NS + "#Base64Binary";
+    
+    public boolean canHandleToken(String tokenType) {
+        if (TOKEN_TYPE.equals(tokenType)) {
+            return true;
+        }
+        return false;
+    }
+    
+    public boolean canHandleToken(String tokenType, String realm) {
+        return canHandleToken(tokenType);
+    }
+    
+    public TokenProviderResponse createToken(TokenProviderParameters tokenParameters) {
+        try {
+            Document doc = DOMUtils.createDocument();
+            
+            // Mock up a BinarySecurityToken
+            String id = "BST-1234";
+            BinarySecurity bst = new BinarySecurity(doc);
+            bst.addWSSENamespace();
+            bst.addWSUNamespace();
+            bst.setID(id);
+            bst.setValueType(TOKEN_TYPE);
+            bst.setEncodingType(BASE64_NS);
+            bst.setToken("12345678".getBytes());
+            
+            TokenProviderResponse response = new TokenProviderResponse();
+            response.setToken(bst.getElement());
+            response.setTokenId(id);
+            
+            return response;
+        } catch (Exception e) {
+            e.printStackTrace();
+            throw new STSException("Can't serialize SAML assertion", e, STSException.REQUEST_FAILED);
+        }
+    }
+
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomBSTTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomBSTTokenValidator.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomBSTTokenValidator.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomBSTTokenValidator.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,75 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.sts.deployment;
+
+import org.apache.cxf.sts.request.ReceivedToken;
+import org.apache.cxf.sts.request.TokenRequirements;
+import org.apache.cxf.sts.token.validator.TokenValidator;
+import org.apache.cxf.sts.token.validator.TokenValidatorParameters;
+import org.apache.cxf.sts.token.validator.TokenValidatorResponse;
+import org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType;
+import org.apache.ws.security.CustomTokenPrincipal;
+import org.apache.ws.security.util.Base64;
+
+
+/**
+ * A TokenProvider implementation that validates a (custom) BinarySecurityToken.
+ */
+public class CustomBSTTokenValidator implements TokenValidator {
+
+    private static final String TOKEN_TYPE = 
+        "http://custom.apache.org/token";
+    
+    public boolean canHandleToken(ReceivedToken validateTarget) {
+        Object token = validateTarget.getToken();
+        if ((token instanceof BinarySecurityTokenType)
+            && TOKEN_TYPE.equals(((BinarySecurityTokenType)token).getValueType())) {
+            return true;
+        }
+        return false;
+    }
+    
+    public boolean canHandleToken(ReceivedToken validateTarget, String realm) {
+        return canHandleToken(validateTarget);
+    }
+    
+    public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
+        TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
+        ReceivedToken validateTarget = tokenRequirements.getValidateTarget();
+        if (validateTarget == null || !validateTarget.isBinarySecurityToken()) {
+            TokenValidatorResponse response = new TokenValidatorResponse();
+            response.setValid(false);
+            return response;
+        }
+        BinarySecurityTokenType binarySecurityToken = (BinarySecurityTokenType)validateTarget.getToken();
+        
+        TokenValidatorResponse response = new TokenValidatorResponse();
+        //
+        // Do some validation of the token here
+        //
+        if (Base64.encode("12345678".getBytes()).equals(binarySecurityToken.getValue())) {
+            response.setValid(true);
+        }
+        response.setPrincipal(new CustomTokenPrincipal("alice"));
+        
+        return response;
+    }
+    
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomClaimsHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomClaimsHandler.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomClaimsHandler.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/CustomClaimsHandler.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,62 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.deployment;
+
+import java.net.URI;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.cxf.sts.claims.Claim;
+import org.apache.cxf.sts.claims.ClaimCollection;
+import org.apache.cxf.sts.claims.ClaimsHandler;
+import org.apache.cxf.sts.claims.RequestClaim;
+import org.apache.cxf.sts.claims.RequestClaimCollection;
+
+/**
+ * A custom ClaimsHandler implementation for use in the tests.
+ */
+public class CustomClaimsHandler implements ClaimsHandler {
+
+    public static final URI ROLE = 
+            URI.create("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
+
+    public ClaimCollection retrieveClaimValues(Principal principal, RequestClaimCollection claims) {
+        if (claims != null && claims.size() > 0) {
+            ClaimCollection claimCollection = new ClaimCollection();
+            for (RequestClaim requestClaim : claims) {
+                Claim claim = new Claim();
+                claim.setClaimType(requestClaim.getClaimType());
+                claim.setIssuer("Test Issuer");
+                claim.setOriginalIssuer("Original Issuer");
+                claim.setValue("admin-user");
+                claimCollection.add(claim);
+            }
+            return claimCollection;
+        }
+        return null;
+    }
+
+    public List<URI> getSupportedClaimTypes() {
+        List<URI> list = new ArrayList<URI>();
+        list.add(ROLE);
+        return list;
+    }
+
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/STSServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/STSServer.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/STSServer.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/STSServer.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.deployment;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class STSServer extends AbstractBusTestServerBase {
+
+    public STSServer() {
+
+    }
+
+    protected void run()  {
+        URL busFile = STSServer.class.getResource("cxf-sts.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new STSServer();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+    
+    public static void main(String args[]) {
+        new STSServer().run();
+    }
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/CustomUsernameTokenProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/CustomUsernameTokenProvider.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/CustomUsernameTokenProvider.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/CustomUsernameTokenProvider.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,84 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.sts.distributed_caching;
+
+import org.w3c.dom.Document;
+
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.sts.token.provider.TokenProvider;
+import org.apache.cxf.sts.token.provider.TokenProviderParameters;
+import org.apache.cxf.sts.token.provider.TokenProviderResponse;
+import org.apache.cxf.ws.security.sts.provider.STSException;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.message.token.UsernameToken;
+
+/**
+ * A TokenProvider implementation that creates a UsernameToken.
+ */
+public class CustomUsernameTokenProvider implements TokenProvider {
+
+    private static final String TOKEN_TYPE = 
+        "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken";
+    
+    public boolean canHandleToken(String tokenType) {
+        if (TOKEN_TYPE.equals(tokenType)) {
+            return true;
+        }
+        return false;
+    }
+    
+    public boolean canHandleToken(String tokenType, String realm) {
+        return canHandleToken(tokenType);
+    }
+    
+    public TokenProviderResponse createToken(TokenProviderParameters tokenParameters) {
+        try {
+            Document doc = DOMUtils.createDocument();
+            
+            // Mock up a UsernameToken
+            UsernameToken usernameToken = new UsernameToken(true, doc, WSConstants.PASSWORD_TEXT);
+            usernameToken.setName("alice");
+            usernameToken.setPassword("password");
+            String id = "UT-1234";
+            usernameToken.addWSSENamespace();
+            usernameToken.addWSUNamespace();
+            usernameToken.setID(id);
+            
+            TokenProviderResponse response = new TokenProviderResponse();
+            response.setToken(usernameToken.getElement());
+            response.setTokenId(id);
+            
+            // Store the token in the cache
+            if (tokenParameters.getTokenStore() != null) {
+                SecurityToken secrutiyToken = new SecurityToken(usernameToken.getID());
+                secrutiyToken.setToken(usernameToken.getElement());
+                secrutiyToken.setAssociatedHash(usernameToken.hashCode());
+                tokenParameters.getTokenStore().add(secrutiyToken);
+            }
+            
+            return response;
+        } catch (Exception e) {
+            e.printStackTrace();
+            throw new STSException("Can't serialize SAML assertion", e, STSException.REQUEST_FAILED);
+        }
+    }
+
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/DistributedCachingTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/DistributedCachingTest.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/DistributedCachingTest.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/DistributedCachingTest.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,135 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.distributed_caching;
+
+import java.net.URL;
+
+import javax.xml.namespace.QName;
+import javax.xml.ws.Service;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+
+import org.example.contract.doubleit.DoubleItPortType;
+import org.junit.BeforeClass;
+
+/**
+ * This is a series of tests of the distributed caching abilities of the STS. In these test-cases,
+ * a CXF client invokes on an STS and obtains a security token, which is sent to a service provider.
+ * The service provider is configured to validate the received token against a second STS instance.
+ * Both STS instances must have a shared distributed cache, and enough time must have elapsed for
+ * the first STS instance to replicate the credential to the second STS instance for the test to 
+ * work.
+ */
+public class DistributedCachingTest extends AbstractBusClientServerTestBase {
+    
+    private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
+    private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
+
+    private static final String PORT = allocatePort(Server.class);
+
+    @BeforeClass
+    public static void startServers() throws Exception {
+        assertTrue(
+                   "Server failed to launch",
+                   // run the server in the same process
+                   // set this to false to fork
+                   launchServer(Server.class, true)
+        );
+        assertTrue(
+                   "Server failed to launch",
+                   // run the server in the same process
+                   // set this to false to fork
+                   launchServer(STSServer.class, true)
+        );
+        assertTrue(
+                "Server failed to launch",
+                // run the server in the same process
+                // set this to false to fork
+                launchServer(STSServer2.class, true)
+        );
+    }
+
+    @org.junit.Test
+    public void testSecurityContextToken() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = DistributedCachingTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = DistributedCachingTest.class.getResource("DoubleIt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSCTPort");
+        DoubleItPortType transportPort = 
+            service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(transportPort, PORT);
+
+        // Transport port
+        doubleIt(transportPort, 25);
+    }
+    
+    @org.junit.Test
+    public void testSAMLToken() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = DistributedCachingTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = DistributedCachingTest.class.getResource("DoubleIt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSAMLPort");
+        DoubleItPortType transportPort = 
+            service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(transportPort, PORT);
+
+        // Transport port
+        doubleIt(transportPort, 25);
+    }
+    
+    @org.junit.Test
+    public void testUsernameToken() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = DistributedCachingTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = DistributedCachingTest.class.getResource("DoubleIt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItUsernameTokenPort");
+        DoubleItPortType transportPort = 
+            service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(transportPort, PORT);
+
+        // Transport port
+        doubleIt(transportPort, 25);
+    }
+
+    private static void doubleIt(DoubleItPortType port, int numToDouble) {
+        int resp = port.doubleIt(numToDouble);
+        System.out.println("The number " + numToDouble + " doubled is " + resp);
+        assertTrue(resp == 2 * numToDouble);
+    }
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/SCTTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/SCTTokenValidator.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/SCTTokenValidator.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/SCTTokenValidator.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,69 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.distributed_caching;
+
+import java.util.Collection;
+
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.ws.policy.AssertionInfo;
+import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.cxf.ws.security.policy.SP12Constants;
+import org.apache.cxf.ws.security.trust.STSTokenValidator;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.validate.Credential;
+
+/**
+ * This class validates a SecurityContextToken by dispatching it to an STS. It pauses first to make sure
+ * that the SCT is replicated in the distributed cache to the (second) STS instance
+ */
+public class SCTTokenValidator extends STSTokenValidator {
+    
+    public SCTTokenValidator() {
+        super();
+    }
+    
+    public SCTTokenValidator(boolean alwaysValidateToSTS) {
+        super(alwaysValidateToSTS);
+    }
+    
+    public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
+        // Sleep to make sure token gets replicated
+        try {
+            Thread.sleep(2 * 1000);
+        } catch (InterruptedException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+        
+        Credential validatedCredential = super.validate(credential, data);
+        
+        // Hack to verify the IssuedToken assertion, as this is not done by default in CXF for a 
+        // SecurityContextToken
+        SoapMessage soapMessage = (SoapMessage)data.getMsgContext();
+        AssertionInfoMap aim = soapMessage.get(AssertionInfoMap.class);
+        Collection<AssertionInfo> ais = aim.get(SP12Constants.ISSUED_TOKEN);
+        for (AssertionInfo ai : ais) {
+            ai.setAsserted(true);
+        }  
+        
+        return validatedCredential;
+    }
+
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/STSServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/STSServer.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/STSServer.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/STSServer.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.distributed_caching;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class STSServer extends AbstractBusTestServerBase {
+
+    public STSServer() {
+
+    }
+
+    protected void run()  {
+        URL busFile = STSServer.class.getResource("cxf-sts-1.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new STSServer();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+    
+    public static void main(String args[]) {
+        new STSServer().run();
+    }
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/STSServer2.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/STSServer2.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/STSServer2.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/STSServer2.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.distributed_caching;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class STSServer2 extends AbstractBusTestServerBase {
+
+    public STSServer2() {
+
+    }
+
+    protected void run()  {
+        URL busFile = STSServer2.class.getResource("cxf-sts-2.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new STSServer2();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+    
+    public static void main(String args[]) {
+        new STSServer2().run();
+    }
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/Server.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/Server.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/Server.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/Server.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.distributed_caching;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class Server extends AbstractBusTestServerBase {
+
+    public Server() {
+
+    }
+
+    protected void run()  {
+        URL busFile = Server.class.getResource("cxf-service.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new Server();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/KerberosTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/KerberosTokenTest.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/KerberosTokenTest.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/KerberosTokenTest.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,92 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.kerberos;
+
+import java.net.URL;
+
+import javax.xml.namespace.QName;
+import javax.xml.ws.Service;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+
+import org.example.contract.doubleit.DoubleItPortType;
+import org.junit.BeforeClass;
+
+/**
+ * In this test, a CXF client requests a SAML2 HOK Assertion from the STS, which has a policy of requiring
+ * a KerberosToken over the TransportBinding. The CXF client retrieves a service ticket from the KDC and
+ * inserts it into the security header of the request. The STS validates the ticket using the 
+ * KerberosTokenValidator.
+ * 
+ * The tests are @Ignored by default, as a KDC is needed. To replicate the test scenario, set up a KDC with 
+ * user principal "alice" (keytab in "/etc/alice.keytab"), and host service "bob@service.ws.apache.org" 
+ * (keytab in "/etc/bob.keytab").
+ */
+public class KerberosTokenTest extends AbstractBusClientServerTestBase {
+    
+    private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
+    private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
+
+    private static final String PORT = allocatePort(Server.class);
+    
+    @BeforeClass
+    public static void startServers() throws Exception {
+        assertTrue(
+                   "Server failed to launch",
+                   // run the server in the same process
+                   // set this to false to fork
+                   launchServer(Server.class, true)
+        );
+        assertTrue(
+                   "Server failed to launch",
+                   // run the server in the same process
+                   // set this to false to fork
+                   launchServer(org.apache.cxf.systest.sts.deployment.STSServer.class, true)
+        );
+    }
+
+    @org.junit.Test
+    @org.junit.Ignore
+    public void testKerberosToken() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = KerberosTokenTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+        
+        URL wsdl = KerberosTokenTest.class.getResource("DoubleIt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2Port");
+        DoubleItPortType transportSaml2Port = 
+            service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(transportSaml2Port, PORT);
+
+        doubleIt(transportSaml2Port, 25);
+    }
+    
+    private static void doubleIt(DoubleItPortType port, int numToDouble) {
+        int resp = port.doubleIt(numToDouble);
+        System.out.println("The number " + numToDouble + " doubled is " + resp);
+        assertTrue(resp == 2 * numToDouble);
+    }
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/Server.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/Server.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/Server.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/kerberos/Server.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.kerberos;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class Server extends AbstractBusTestServerBase {
+
+    public Server() {
+
+    }
+
+    protected void run()  {
+        URL busFile = Server.class.getResource("cxf-service.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new Server();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/CustomIdentityMapper.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/CustomIdentityMapper.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/CustomIdentityMapper.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/CustomIdentityMapper.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,47 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.realms;
+
+import java.security.Principal;
+
+import org.apache.cxf.sts.IdentityMapper;
+import org.apache.ws.security.CustomTokenPrincipal;
+
+/**
+ * A test implementation of RealmParser.
+ */
+public class CustomIdentityMapper implements IdentityMapper {
+
+    /**
+     * Map a principal in the source realm to the target realm
+     * @param sourceRealm the source realm of the Principal
+     * @param sourcePrincipal the principal in the source realm
+     * @param targetRealm the target realm of the Principal
+     * @return the principal in the target realm
+     */
+    public Principal mapPrincipal(String sourceRealm, Principal sourcePrincipal, String targetRealm) {
+        if ("A".equals(sourceRealm) && "B".equals(targetRealm)) {
+            return new CustomTokenPrincipal("B-Principal");
+        } else if ("B".equals(sourceRealm) && "A".equals(targetRealm)) {
+            return new CustomTokenPrincipal("A-Principal");
+        }
+        return null;
+    }
+
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/DifferentRealmTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/DifferentRealmTest.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/DifferentRealmTest.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/DifferentRealmTest.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,174 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.realms;
+
+import java.net.URL;
+
+import javax.xml.namespace.QName;
+import javax.xml.ws.Service;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+
+import org.example.contract.doubleit.DoubleItPortType;
+import org.junit.BeforeClass;
+
+/**
+ * In this test, a CXF client obtains a SAML token from an STS in one realm and sends it to a CXF
+ * endpoint. The CXF endpoint dispatches it for validation to a different STS.
+ */
+public class DifferentRealmTest extends AbstractBusClientServerTestBase {
+    
+    private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
+    private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
+
+    private static final String PORT = allocatePort(Server.class);
+    
+    @BeforeClass
+    public static void startServers() throws Exception {
+        assertTrue(
+                   "Server failed to launch",
+                   // run the server in the same process
+                   // set this to false to fork
+                   launchServer(Server.class, true)
+        );
+        assertTrue(
+                   "Server failed to launch",
+                   // run the server in the same process
+                   // set this to false to fork
+                   launchServer(STSServer.class, true)
+        );
+        assertTrue(
+                "Server failed to launch",
+                // run the server in the same process
+                // set this to false to fork
+                launchServer(STSServer2.class, true)
+        );
+    }
+
+    /**
+     * In this test, a token is issued by the first STS in realm "A". The second STS is configured
+     * to trust the signing cert of realm "A" (via a cert constraint) and so authentication succeeds.
+     */
+    @org.junit.Test
+    public void testKnownRealm() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = DifferentRealmTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = DifferentRealmTest.class.getResource("DoubleIt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItRealmAPort");
+        DoubleItPortType transportPort = 
+            service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(transportPort, PORT);
+
+        // Transport port
+        doubleIt(transportPort, 25);
+    }
+    
+    /**
+     * In this test, a token is issued by the first STS in the default realm. The second STS is 
+     * configured to trust the signing cert of the default realm (via a cert constraint) and so 
+     * authentication succeeds.
+     */
+    @org.junit.Test
+    public void testDefaultRealm() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = DifferentRealmTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = DifferentRealmTest.class.getResource("DoubleIt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItDefaultRealmPort");
+        DoubleItPortType transportPort = 
+            service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(transportPort, PORT);
+
+        // Transport port
+        doubleIt(transportPort, 25);
+    }
+    
+    /**
+     * In this test, a token is issued by the first STS in realm "C". The second STS is not
+     * configured to trust realm "C" (via a cert constraint) and so authentication does not succeed.
+     */
+    @org.junit.Test
+    public void testUnknownRealm() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = DifferentRealmTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = DifferentRealmTest.class.getResource("DoubleIt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItRealmCPort");
+        DoubleItPortType transportPort = 
+            service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(transportPort, PORT);
+
+        // Transport port
+        try {
+            doubleIt(transportPort, 25);
+        } catch (Exception ex) {
+            // expected
+        }
+    }
+    
+    /**
+     * In this test, a token is issued by the first STS in realm "A". The second STS is configured
+     * to trust realm "A" (via a cert constraint) and so authentication succeeds. The service
+     * endpoint also sends a tokenType (SAML2) to the second STS, and so the IdentityMapper is
+     * invoked to transform the authenticated principal into a principal in the current realm.
+     */
+    @org.junit.Test
+    public void testRealmTransform() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = DifferentRealmTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = DifferentRealmTest.class.getResource("DoubleIt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItRealmTransformPort");
+        DoubleItPortType transportPort = 
+            service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(transportPort, PORT);
+
+        // Transport port
+        doubleIt(transportPort, 25);
+    }
+
+    private static void doubleIt(DoubleItPortType port, int numToDouble) {
+        int resp = port.doubleIt(numToDouble);
+        System.out.println("The number " + numToDouble + " doubled is " + resp);
+        assertTrue(resp == 2 * numToDouble);
+    }
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/DifferentRealmValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/DifferentRealmValidator.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/DifferentRealmValidator.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/DifferentRealmValidator.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.realms;
+
+import org.apache.cxf.ws.security.trust.STSTokenValidator;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.ws.security.validate.Credential;
+import org.opensaml.saml2.core.Assertion;
+
+/**
+ * This class validates a SAML Assertion by dispatching it to an STS. It then
+ * checks that we get back a SAML2 Assertion from the STS with a specific principal name as the
+ * subject.
+ */
+public class DifferentRealmValidator extends STSTokenValidator {
+    
+    public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
+        Credential validatedCredential = super.validate(credential, data);
+        
+        AssertionWrapper transformedToken = validatedCredential.getTransformedToken();
+        if (transformedToken == null || transformedToken.getSaml2() == null
+            || !"B-Issuer".equals(transformedToken.getIssuerString())) {
+            throw new WSSecurityException(WSSecurityException.FAILURE);
+        }
+
+        Assertion assertion = transformedToken.getSaml2();
+        if (!"B-Principal".equals(assertion.getSubject().getNameID().getValue())) {
+            throw new WSSecurityException(WSSecurityException.FAILURE);
+        }
+        
+        return validatedCredential;
+    }
+
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/IssuerSAMLRealmCodec.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/IssuerSAMLRealmCodec.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/IssuerSAMLRealmCodec.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/IssuerSAMLRealmCodec.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,45 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.sts.realms;
+
+import org.apache.cxf.sts.token.realm.SAMLRealmCodec;
+import org.apache.ws.security.saml.ext.AssertionWrapper;
+
+
+/**
+ * This class returns a realm associated with a SAML Assertion depending on the issuer.
+ */
+public class IssuerSAMLRealmCodec implements SAMLRealmCodec {
+    
+    /**
+     * Get the realm associated with the AssertionWrapper parameter
+     * @param assertion a SAML Assertion wrapper object
+     * @return the realm associated with the AssertionWrapper parameter
+     */
+    public String getRealmFromToken(AssertionWrapper assertion) {
+        if ("A-Issuer".equals(assertion.getIssuerString())) {
+            return "A";
+        } else if ("B-Issuer".equals(assertion.getIssuerString())) {
+            return "B";
+        }
+        return null;
+    }
+    
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/STSServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/STSServer.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/STSServer.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/STSServer.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.realms;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class STSServer extends AbstractBusTestServerBase {
+
+    public STSServer() {
+
+    }
+
+    protected void run()  {
+        URL busFile = STSServer.class.getResource("cxf-sts-saml1.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new STSServer();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+    
+    public static void main(String args[]) {
+        new STSServer().run();
+    }
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/STSServer2.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/STSServer2.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/STSServer2.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/STSServer2.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.realms;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class STSServer2 extends AbstractBusTestServerBase {
+
+    public STSServer2() {
+
+    }
+
+    protected void run()  {
+        URL busFile = STSServer2.class.getResource("cxf-sts-saml2.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new STSServer2();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+    
+    public static void main(String args[]) {
+        new STSServer2().run();
+    }
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/Server.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/Server.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/Server.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/Server.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.realms;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class Server extends AbstractBusTestServerBase {
+
+    public Server() {
+
+    }
+
+    protected void run()  {
+        URL busFile = Server.class.getResource("cxf-service.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new Server();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/URLRealmParser.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/URLRealmParser.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/URLRealmParser.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/URLRealmParser.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,45 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.realms;
+
+import javax.xml.ws.WebServiceContext;
+
+import org.apache.cxf.sts.RealmParser;
+import org.apache.cxf.ws.security.sts.provider.STSException;
+
+/**
+ * A test implementation of RealmParser which returns a realm depending on a String contained
+ * in the URL of the service request.
+ */
+public class URLRealmParser implements RealmParser {
+
+    public String parseRealm(WebServiceContext context) throws STSException {
+        String url = (String)context.getMessageContext().get("org.apache.cxf.request.url");
+        if (url.contains("realmA")) {
+            return "A";
+        } else if (url.contains("realmB")) {
+            return "B";
+        } else if (url.contains("realmC")) {
+            return "C";
+        }
+        
+        return null;
+    }
+    
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/DoubleItPortTypeImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/DoubleItPortTypeImpl.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/DoubleItPortTypeImpl.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/DoubleItPortTypeImpl.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,36 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.secure_conv;
+
+import javax.jws.WebService;
+
+import org.apache.cxf.feature.Features;
+import org.example.contract.doubleit.DoubleItPortType;
+
+@WebService(targetNamespace = "http://www.example.org/contract/DoubleIt", 
+            serviceName = "DoubleItService", 
+            endpointInterface = "org.example.contract.doubleit.DoubleItPortType")
+@Features(features = "org.apache.cxf.feature.LoggingFeature")              
+public class DoubleItPortTypeImpl implements DoubleItPortType {
+    
+    public int doubleIt(int numberToDouble) {
+        return numberToDouble * 2;
+    }
+    
+}



Mime
View raw message