cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1186845 [3/8] - in /cxf/trunk/services/sts/systests/advanced: ./ src/ src/test/ src/test/java/ src/test/java/org/ src/test/java/org/apache/ src/test/java/org/apache/cxf/ src/test/java/org/apache/cxf/systest/ src/test/java/org/apache/cxf/sy...
Date Thu, 20 Oct 2011 15:15:17 GMT
Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SCTSAMLTokenProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SCTSAMLTokenProvider.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SCTSAMLTokenProvider.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SCTSAMLTokenProvider.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,277 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.sts.secure_conv;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.sts.STSConstants;
+import org.apache.cxf.sts.STSPropertiesMBean;
+import org.apache.cxf.sts.request.KeyRequirements;
+import org.apache.cxf.sts.request.TokenRequirements;
+import org.apache.cxf.sts.token.provider.AttributeStatementProvider;
+import org.apache.cxf.sts.token.provider.ConditionsProvider;
+import org.apache.cxf.sts.token.provider.DefaultAttributeStatementProvider;
+import org.apache.cxf.sts.token.provider.DefaultConditionsProvider;
+import org.apache.cxf.sts.token.provider.DefaultSubjectProvider;
+import org.apache.cxf.sts.token.provider.SamlCallbackHandler;
+import org.apache.cxf.sts.token.provider.SubjectProvider;
+import org.apache.cxf.sts.token.provider.TokenProvider;
+import org.apache.cxf.sts.token.provider.TokenProviderParameters;
+import org.apache.cxf.sts.token.provider.TokenProviderResponse;
+import org.apache.cxf.sts.token.validator.SCTValidator;
+import org.apache.cxf.ws.security.sts.provider.STSException;
+
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.ws.security.saml.ext.SAMLParms;
+import org.apache.ws.security.saml.ext.bean.AttributeStatementBean;
+import org.apache.ws.security.saml.ext.bean.ConditionsBean;
+import org.apache.ws.security.saml.ext.bean.SubjectBean;
+
+/**
+ * A TokenProvider implementation that provides a SAML Token that contains a Symmetric Key that is obtained
+ * from the TokenProviderParameter properties.
+ */
+public class SCTSAMLTokenProvider implements TokenProvider {
+
+    private static final Logger LOG = LogUtils.getL7dLogger(SCTSAMLTokenProvider.class);
+
+    private List<AttributeStatementProvider> attributeStatementProviders;
+    private SubjectProvider subjectProvider = new DefaultSubjectProvider();
+    private ConditionsProvider conditionsProvider = new DefaultConditionsProvider();
+    private boolean signToken = true;
+
+    /**
+     * Return true if this TokenProvider implementation is capable of providing a token
+     * that corresponds to the given TokenType.
+     */
+    public boolean canHandleToken(String tokenType) {
+        if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML2_NS.equals(tokenType)
+            || WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML_NS.equals(tokenType)) {
+            return true;
+        }
+        return false;
+    }
+
+    public boolean canHandleToken(String tokenType, String realm) {
+        return canHandleToken(tokenType);
+    }
+    
+    /**
+     * Create a token given a TokenProviderParameters
+     */
+    public TokenProviderResponse createToken(TokenProviderParameters tokenParameters) {
+        testKeyType(tokenParameters);
+        byte[] secret = null;
+        byte[] entropyBytes = null;
+        long keySize = 0;
+        boolean computedKey = false;
+        KeyRequirements keyRequirements = tokenParameters.getKeyRequirements();
+        TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
+        LOG.fine("Handling token of type: " + tokenRequirements.getTokenType());
+
+        keyRequirements.setKeyType(STSConstants.SYMMETRIC_KEY_KEYTYPE);
+        secret = (byte[])tokenParameters.getAdditionalProperties().get(SCTValidator.SCT_VALIDATOR_SECRET);
+
+        try {
+            Document doc = DOMUtils.createDocument();
+            AssertionWrapper assertion = createSamlToken(tokenParameters, secret, doc);
+            Element token = assertion.toDOM(doc);
+
+            TokenProviderResponse response = new TokenProviderResponse();
+            response.setToken(token);
+            String tokenType = tokenRequirements.getTokenType();
+            if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) 
+                    || WSConstants.SAML2_NS.equals(tokenType)) {
+                response.setTokenId(token.getAttribute("ID"));
+            } else {
+                response.setTokenId(token.getAttribute("AssertionID"));
+            }
+            response.setLifetime(conditionsProvider.getLifetime());
+            response.setEntropy(entropyBytes);
+            if (keySize > 0) {
+                response.setKeySize(keySize);
+            }
+            response.setComputedKey(computedKey);
+
+            return response;
+        } catch (Exception e) {
+            LOG.log(Level.WARNING, "", e);
+            throw new STSException("Can't serialize SAML assertion", e, STSException.REQUEST_FAILED);
+        }
+    }
+
+    /**
+     * Set the List of AttributeStatementProviders.
+     */
+    public void setAttributeStatementProviders(List<AttributeStatementProvider> attributeStatementProviders) {
+        this.attributeStatementProviders = attributeStatementProviders;
+    }
+
+    /**
+     * Get the List of AttributeStatementProviders.
+     */
+    public List<AttributeStatementProvider> getAttributeStatementProviders() {
+        return attributeStatementProviders;
+    }
+
+    /**
+     * Set the SubjectProvider.
+     */
+    public void setSubjectProvider(SubjectProvider subjectProvider) {
+        this.subjectProvider = subjectProvider;
+    }
+
+    /**
+     * Get the SubjectProvider.
+     */
+    public SubjectProvider getSubjectProvider() {
+        return subjectProvider;
+    }
+
+    /**
+     * Set the ConditionsProvider
+     */
+    public void setConditionsProvider(ConditionsProvider conditionsProvider) {
+        this.conditionsProvider = conditionsProvider;
+    }
+
+    /**
+     * Get the ConditionsProvider
+     */
+    public ConditionsProvider getConditionsProvider() {
+        return conditionsProvider;
+    }
+
+    /**
+     * Return whether the provided token will be signed or not. Default is true.
+     */
+    public boolean isSignToken() {
+        return signToken;
+    }
+
+    /**
+     * Set whether the provided token will be signed or not. Default is true.
+     */
+    public void setSignToken(boolean signToken) {
+        this.signToken = signToken;
+    }
+
+    private AssertionWrapper createSamlToken(
+        TokenProviderParameters tokenParameters, byte[] secret, Document doc
+    ) throws Exception {
+        SamlCallbackHandler handler = createCallbackHandler(tokenParameters, secret, doc);
+
+        SAMLParms samlParms = new SAMLParms();
+        samlParms.setCallbackHandler(handler);
+        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+
+        if (signToken) {
+            STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
+
+            // Get the password
+            String alias = stsProperties.getSignatureUsername();
+            WSPasswordCallback[] cb = {new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE)};
+            LOG.fine("Creating SAML Token");
+            stsProperties.getCallbackHandler().handle(cb);
+            String password = cb[0].getPassword();
+
+            LOG.fine("Signing SAML Token");
+            boolean useKeyValue = stsProperties.getSignatureProperties().isUseKeyValue();
+            assertion.signAssertion(alias, password, stsProperties.getSignatureCrypto(), useKeyValue);
+        }
+
+        return assertion;
+    }
+
+    public SamlCallbackHandler createCallbackHandler(
+        TokenProviderParameters tokenParameters, byte[] secret, Document doc
+    ) throws Exception {
+        // Parse the AttributeStatements
+        List<AttributeStatementBean> attrBeanList = null;
+        if (attributeStatementProviders != null && attributeStatementProviders.size() > 0) {
+            attrBeanList = new ArrayList<AttributeStatementBean>();
+            for (AttributeStatementProvider statementProvider : attributeStatementProviders) {
+                AttributeStatementBean statementBean = statementProvider.getStatement(tokenParameters);
+                if (statementBean != null) {
+                    LOG.fine(
+                        "AttributeStatements" + statementBean.toString() 
+                        + "returned by AttributeStatementProvider " + statementProvider.getClass().getName()
+                    );
+                    attrBeanList.add(statementBean);
+                }
+            }
+        }
+
+        // If no statements, then default to the DefaultAttributeStatementProvider
+        if (attrBeanList == null || attrBeanList.isEmpty()) {
+            attrBeanList = new ArrayList<AttributeStatementBean>();
+            AttributeStatementProvider attributeProvider = new DefaultAttributeStatementProvider();
+            AttributeStatementBean attributeBean = attributeProvider.getStatement(tokenParameters);
+            attrBeanList.add(attributeBean);
+        }
+
+        // Get the Subject and Conditions
+        SubjectBean subjectBean = subjectProvider.getSubject(tokenParameters, doc, secret);
+        ConditionsBean conditionsBean = conditionsProvider.getConditions(tokenParameters);
+
+        // Set all of the beans on the SamlCallbackHandler
+        SamlCallbackHandler handler = new SamlCallbackHandler();
+        handler.setTokenProviderParameters(tokenParameters);
+        handler.setSubjectBean(subjectBean);
+        handler.setConditionsBean(conditionsBean);
+        handler.setAttributeBeans(attrBeanList);
+
+        return handler;
+    }
+
+    /**
+     * Do some tests on the KeyType parameter.
+     */
+    private void testKeyType(TokenProviderParameters tokenParameters) {
+        KeyRequirements keyRequirements = tokenParameters.getKeyRequirements();
+
+        String keyType = keyRequirements.getKeyType();
+        if (STSConstants.PUBLIC_KEY_KEYTYPE.equals(keyType)) {
+            if (keyRequirements.getCertificate() == null) {
+                LOG.log(Level.WARNING, "A PublicKey Keytype is requested, but no certificate is provided");
+                throw new STSException(
+                    "No client certificate for PublicKey KeyType", STSException.INVALID_REQUEST
+                );
+            }
+        } else if (!STSConstants.SYMMETRIC_KEY_KEYTYPE.equals(keyType)
+                && !STSConstants.BEARER_KEY_KEYTYPE.equals(keyType) && keyType != null) {
+            LOG.log(Level.WARNING, "An unknown KeyType was requested: " + keyType);
+            throw new STSException("Unknown KeyType", STSException.INVALID_REQUEST);
+        }
+
+    }
+
+
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SCTTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SCTTokenValidator.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SCTTokenValidator.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SCTTokenValidator.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,55 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.secure_conv;
+
+import org.w3c.dom.Document;
+
+import org.apache.cxf.ws.security.trust.STSTokenValidator;
+import org.apache.ws.security.WSDocInfo;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.saml.SAMLKeyInfo;
+import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.ws.security.validate.Credential;
+
+/**
+ * This class validates a SecurityContextToken by dispatching it to an STS. It then
+ * checks that we get back a SAML2 Assertion from the STS, and extracts the secret from it.
+ */
+public class SCTTokenValidator extends STSTokenValidator {
+    
+    public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
+        Credential validatedCredential = super.validate(credential, data);
+        
+        AssertionWrapper transformedToken = validatedCredential.getTransformedToken();
+        if (transformedToken == null || transformedToken.getSaml2() == null
+            || !"DoubleItSTSIssuer".equals(transformedToken.getIssuerString())) {
+            throw new WSSecurityException(WSSecurityException.FAILURE);
+        }
+
+        Document doc = transformedToken.getElement().getOwnerDocument();
+        transformedToken.parseHOKSubject(data, new WSDocInfo(doc));
+        SAMLKeyInfo keyInfo = transformedToken.getSubjectKeyInfo();
+        byte[] secret = keyInfo.getSecret();
+        validatedCredential.setSecretKey(secret);
+        
+        return validatedCredential;
+    }
+
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/STSServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/STSServer.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/STSServer.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/STSServer.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.secure_conv;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class STSServer extends AbstractBusTestServerBase {
+
+    public STSServer() {
+
+    }
+
+    protected void run()  {
+        URL busFile = STSServer.class.getResource("cxf-sts.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new STSServer();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+    
+    public static void main(String args[]) {
+        new STSServer().run();
+    }
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecureConversationTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecureConversationTest.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecureConversationTest.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecureConversationTest.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,106 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.secure_conv;
+
+import java.net.URL;
+
+import javax.xml.namespace.QName;
+import javax.xml.ws.Service;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+
+import org.example.contract.doubleit.DoubleItPortType;
+import org.junit.BeforeClass;
+
+/**
+ * In this test case, a CXF client requests a SecurityContextToken from an STS, and then uses the 
+ * corresponding secret to secure a service request. The service endpoint must contact the STS to validate
+ * the received SCT and get the secret required to decrypt/verify the client request (via a SAML2 Assertion).
+ */
+public class SecureConversationTest extends AbstractBusClientServerTestBase {
+    
+    private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
+    private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
+    
+    private static final String PORT = allocatePort(Server.class);
+    private static final String PORT2 = allocatePort(Server.class, 2);
+    
+    @BeforeClass
+    public static void startServers() throws Exception {
+        assertTrue(
+                  "Server failed to launch",
+                  // run the server in the same process
+                  // set this to false to fork
+                  launchServer(Server.class, true)
+        );
+        assertTrue(
+                   "Server failed to launch",
+                   // run the server in the same process
+                   // set this to false to fork
+                   launchServer(STSServer.class, true)
+        );
+    }
+
+    @org.junit.Test
+    public void testSecureConversation() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = SecureConversationTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = SecureConversationTest.class.getResource("DoubleIt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItTransportSecureConvPort");
+        DoubleItPortType transportPort = 
+            service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(transportPort, PORT);
+
+        doubleIt(transportPort, 25);
+    }
+    
+    @org.junit.Test
+    public void testSecureConversationSymmetric() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = SecureConversationTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = SecureConversationTest.class.getResource("DoubleIt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSymmetricSecureConvPort");
+        DoubleItPortType symmetricPort = 
+            service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(symmetricPort, PORT2);
+
+        doubleIt(symmetricPort, 30);
+    }
+
+    private static void doubleIt(DoubleItPortType port, int numToDouble) {
+        int resp = port.doubleIt(numToDouble);
+        System.out.println("The number " + numToDouble + " doubled is " + resp);
+        assertTrue(resp == 2 * numToDouble);
+    }
+    
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecurityContextTokenCancelTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecurityContextTokenCancelTest.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecurityContextTokenCancelTest.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecurityContextTokenCancelTest.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,129 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.secure_conv;
+
+import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.trust.STSClient;
+
+import org.junit.BeforeClass;
+
+/**
+ * In this test case, a CXF client requests a SecurityContextToken from an STS and then cancels it. When
+ * cancelling the token, the WSDL of the STS has an EndorsingSupportingToken consisting of the 
+ * SecureConversationToken. The client must use the secret associated with the SecurityContextToken it gets 
+ * back from the STS to sign the Timestamp.
+ */
+public class SecurityContextTokenCancelTest extends AbstractBusClientServerTestBase {
+    
+    @BeforeClass
+    public static void startServers() throws Exception {
+        assertTrue(
+                   "Server failed to launch",
+                   // run the server in the same process
+                   // set this to false to fork
+                   launchServer(STSServer.class, true)
+        );
+    }
+
+    @org.junit.Test
+    public void testCancelSecurityContextToken() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = SecurityContextTokenCancelTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+        
+        String wsdlLocation = 
+            "https://localhost:8084/SecurityTokenService/TransportSCT?wsdl";
+        SecurityToken token = 
+            requestSecurityToken(bus, wsdlLocation, true);
+        assertTrue(token.getSecret() != null && token.getSecret().length > 0);
+        
+        // Cancel the SecurityContextToken - this should fail as the secret associated with the SCT
+        // is not used to sign some part of the message
+        String port = "{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port";
+        boolean cancelled = cancelSecurityToken(bus, wsdlLocation, port, true, token);
+        assertFalse(cancelled);
+        
+        String endorsingPort = "{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Endorsing_Port";
+        cancelled = cancelSecurityToken(bus, wsdlLocation, endorsingPort, true, token);
+        assertTrue(cancelled);
+    }
+    
+    private SecurityToken requestSecurityToken(
+        Bus bus, String wsdlLocation, boolean enableEntropy
+    ) throws Exception {
+        STSClient stsClient = new STSClient(bus);
+        stsClient.setWsdlLocation(wsdlLocation);
+        stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
+        stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port");
+
+        Map<String, Object> properties = new HashMap<String, Object>();
+        properties.put("ws-security.username", "alice");
+        properties.put(
+            "ws-security.callback-handler", 
+            "org.apache.cxf.systest.sts.common.CommonCallbackHandler"
+        );
+        properties.put("ws-security.sts.token.properties", "serviceKeystore.properties");
+
+        stsClient.setProperties(properties);
+        stsClient.setSecureConv(true);
+        stsClient.setRequiresEntropy(enableEntropy);
+        stsClient.setKeySize(192);
+        stsClient.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
+
+        return stsClient.requestSecurityToken(null);
+    }
+    
+    private boolean cancelSecurityToken(
+        Bus bus, String wsdlLocation, String port, boolean enableEntropy, SecurityToken securityToken
+    ) throws Exception {
+        STSClient stsClient = new STSClient(bus);
+        stsClient.setWsdlLocation(wsdlLocation);
+        stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
+        stsClient.setEndpointName(port);
+
+        Map<String, Object> properties = new HashMap<String, Object>();
+        properties.put("ws-security.username", "alice");
+        properties.put("ws-security.signature.username", "myservicekey");
+        properties.put(
+            "ws-security.callback-handler", 
+            "org.apache.cxf.systest.sts.common.CommonCallbackHandler"
+        );
+        properties.put("ws-security.sts.token.properties", "serviceKeystore.properties");
+        properties.put("ws-security.signature.properties", "serviceKeystore.properties");
+
+        stsClient.setProperties(properties);
+        stsClient.setSecureConv(true);
+        stsClient.setRequiresEntropy(enableEntropy);
+        stsClient.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
+
+        return stsClient.cancelSecurityToken(securityToken);
+    }
+
+    
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecurityContextTokenUnitTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecurityContextTokenUnitTest.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecurityContextTokenUnitTest.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecurityContextTokenUnitTest.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,137 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.secure_conv;
+
+import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.trust.STSClient;
+
+import org.junit.BeforeClass;
+
+/**
+ * In this test case, a CXF client requests a SecurityContextToken from an STS.
+ */
+public class SecurityContextTokenUnitTest extends AbstractBusClientServerTestBase {
+    
+    @BeforeClass
+    public static void startServers() throws Exception {
+        assertTrue(
+                   "Server failed to launch",
+                   // run the server in the same process
+                   // set this to false to fork
+                   launchServer(STSServer.class, true)
+        );
+    }
+
+    @org.junit.Test
+    public void testSecurityContextToken() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = SecurityContextTokenUnitTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+        
+        String wsdlLocation = 
+            "https://localhost:8084/SecurityTokenService/TransportSCT?wsdl";
+        SecurityToken token = 
+            requestSecurityToken(bus, wsdlLocation, true);
+        assertTrue(token.getSecret() != null && token.getSecret().length > 0);
+    }
+    
+    @org.junit.Test
+    public void testSecurityContextTokenNoEntropy() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = SecurityContextTokenUnitTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+        
+        String wsdlLocation = 
+            "https://localhost:8084/SecurityTokenService/TransportSCT?wsdl";
+        SecurityToken token = 
+            requestSecurityToken(bus, wsdlLocation, false);
+        assertTrue(token.getSecret() != null && token.getSecret().length > 0);
+    }
+    
+    @org.junit.Test
+    public void testSecurityContextTokenEncrypted() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = SecurityContextTokenUnitTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+        
+        String wsdlLocation = 
+            "https://localhost:8084/SecurityTokenService/TransportSCTEncrypted?wsdl";
+        SecurityToken token = 
+            requestSecurityToken(bus, wsdlLocation, true);
+        assertTrue(token.getSecret() != null && token.getSecret().length > 0);
+    }
+    
+    @org.junit.Test
+    public void testSecurityContextTokenNoEntropyEncrypted() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = SecurityContextTokenUnitTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+        
+        String wsdlLocation = 
+            "https://localhost:8084/SecurityTokenService/TransportSCTEncrypted?wsdl";
+        SecurityToken token = 
+            requestSecurityToken(bus, wsdlLocation, false);
+        assertTrue(token.getSecret() != null && token.getSecret().length > 0);
+    }
+    
+    private SecurityToken requestSecurityToken(
+        Bus bus, String wsdlLocation, boolean enableEntropy
+    ) throws Exception {
+        STSClient stsClient = new STSClient(bus);
+        stsClient.setWsdlLocation(wsdlLocation);
+        stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
+        stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port");
+
+        Map<String, Object> properties = new HashMap<String, Object>();
+        properties.put("ws-security.username", "alice");
+        properties.put(
+            "ws-security.callback-handler", 
+            "org.apache.cxf.systest.sts.common.CommonCallbackHandler"
+        );
+        properties.put("ws-security.sts.token.properties", "serviceKeystore.properties");
+
+        stsClient.setProperties(properties);
+        stsClient.setSecureConv(true);
+        stsClient.setRequiresEntropy(enableEntropy);
+        stsClient.setKeySize(192);
+        stsClient.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
+
+        return stsClient.requestSecurityToken(null);
+    }
+    
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/Server.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/Server.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/Server.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/Server.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.secure_conv;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class Server extends AbstractBusTestServerBase {
+
+    public Server() {
+
+    }
+
+    protected void run()  {
+        URL busFile = Server.class.getResource("cxf-service.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new Server();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/Server.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/Server.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/Server.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/Server.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.soap12;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class Server extends AbstractBusTestServerBase {
+
+    public Server() {
+
+    }
+
+    protected void run()  {
+        URL busFile = Server.class.getResource("cxf-service.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new Server();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/Soap12Test.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/Soap12Test.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/Soap12Test.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/Soap12Test.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,174 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.soap12;
+
+import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.xml.namespace.QName;
+import javax.xml.ws.Service;
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.binding.soap.SoapFault;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.systest.sts.deployment.STSServer;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.trust.STSClient;
+
+import org.example.contract.doubleit.DoubleItPortType;
+import org.junit.BeforeClass;
+
+/**
+ * This is a test for invoking on an STS using SOAP 1.2 via the TransportBinding. The CXF client gets a 
+ * token from the STS over TLS, and then sends it to the CXF endpoint over TLS.
+ */
+public class Soap12Test extends AbstractBusClientServerTestBase {
+    
+    private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
+    private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
+    
+    private static final String SAML1_TOKEN_TYPE = 
+        "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";
+    private static final String PUBLIC_KEY_KEYTYPE = 
+        "http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey";
+    private static final String BEARER_KEYTYPE = 
+        "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer";
+    
+    private static final String PORT = allocatePort(Server.class);
+
+    @BeforeClass
+    public static void startServers() throws Exception {
+        assertTrue(
+                "Server failed to launch",
+                // run the server in the same process
+                // set this to false to fork
+                launchServer(Server.class, true)
+        );
+        assertTrue(
+                "Server failed to launch",
+                // run the server in the same process
+                // set this to false to fork
+                launchServer(STSServer.class, true)
+        );
+    }
+
+    @org.junit.Test
+    public void testSAML2() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = Soap12Test.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = Soap12Test.class.getResource("DoubleIt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2Port");
+        DoubleItPortType transportSaml2Port = 
+            service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(transportSaml2Port, PORT);
+        
+        doubleIt(transportSaml2Port, 30);
+    }
+    
+    /**
+     * Test the endpoint address sent to the STS as part of AppliesTo. If the STS does not
+     * recognise the endpoint address it does not issue a token.
+     */
+    @org.junit.Test
+    public void testFaultCode() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = Soap12Test.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        try {
+            String badAddress = 
+                "https://localhost:" + PORT + "/doubleit/services/doubleitbadtransportsaml1";
+            requestSecurityToken(SAML1_TOKEN_TYPE, BEARER_KEYTYPE, bus, badAddress);
+            fail("Failure expected on a bad endpoint address");
+        } catch (SoapFault ex) {
+            // expected
+        }
+    }
+    
+    private SecurityToken requestSecurityToken(
+        String tokenType, 
+        String keyType, 
+        Bus bus,
+        String endpointAddress
+    ) throws Exception {
+        return requestSecurityToken(tokenType, keyType, null, bus, endpointAddress, null);
+    }
+
+    private SecurityToken requestSecurityToken(
+        String tokenType, 
+        String keyType,
+        Element supportingToken,
+        Bus bus,
+        String endpointAddress,
+        String context
+    ) throws Exception {
+        STSClient stsClient = new STSClient(bus);
+        stsClient.setWsdlLocation("https://localhost:8084/SecurityTokenService/TransportSoap12?wsdl");
+        stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
+        stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Soap12_Port");
+
+        Map<String, Object> properties = new HashMap<String, Object>();
+        properties.put("ws-security.username", "alice");
+        properties.put(
+            "ws-security.callback-handler", 
+            "org.apache.cxf.systest.sts.common.CommonCallbackHandler"
+        );
+        properties.put("ws-security.encryption.properties", "clientKeystore.properties");
+        properties.put("ws-security.encryption.username", "mystskey");
+        properties.put("ws-security.is-bsp-compliant", "false");
+
+        if (PUBLIC_KEY_KEYTYPE.equals(keyType)) {
+            properties.put("ws-security.sts.token.username", "myclientkey");
+            properties.put("ws-security.sts.token.properties", "clientKeystore.properties");
+            stsClient.setUseCertificateForConfirmationKeyInfo(true);
+        }
+        if (supportingToken != null) {
+            stsClient.setOnBehalfOf(supportingToken);
+        }
+        if (context != null) {
+            stsClient.setContext(context);
+        }
+
+        stsClient.setProperties(properties);
+        stsClient.setTokenType(tokenType);
+        stsClient.setKeyType(keyType);
+        stsClient.setAddressingNamespace("http://www.w3.org/2005/08/addressing");
+
+        return stsClient.requestSecurityToken(endpointAddress);
+    }
+    
+    private static void doubleIt(DoubleItPortType port, int numToDouble) {
+        int resp = port.doubleIt(numToDouble);
+        System.out.println("The number " + numToDouble + " doubled is " + resp);
+    }
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/transformation/DoubleItPortTypeImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/transformation/DoubleItPortTypeImpl.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/transformation/DoubleItPortTypeImpl.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/transformation/DoubleItPortTypeImpl.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,65 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.transformation;
+
+import java.util.List;
+
+import javax.annotation.Resource;
+import javax.jws.WebService;
+import javax.xml.ws.WebServiceContext;
+import javax.xml.ws.handler.MessageContext;
+
+import junit.framework.Assert;
+
+import org.apache.cxf.feature.Features;
+import org.apache.cxf.helpers.CastUtils;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.example.contract.doubleit.DoubleItPortType;
+
+@WebService(targetNamespace = "http://www.example.org/contract/DoubleIt", 
+            serviceName = "DoubleItService", 
+            endpointInterface = "org.example.contract.doubleit.DoubleItPortType")
+@Features(features = "org.apache.cxf.feature.LoggingFeature")              
+public class DoubleItPortTypeImpl implements DoubleItPortType {
+    
+    @Resource
+    WebServiceContext wsc;
+
+    public int doubleIt(int numberToDouble) {
+        //
+        // Get the transformed SAML Assertion from the STS and check it
+        //
+        MessageContext context = wsc.getMessageContext();
+        final List<WSHandlerResult> handlerResults = 
+            CastUtils.cast((List<?>)context.get(WSHandlerConstants.RECV_RESULTS));
+        WSSecurityEngineResult actionResult =
+            WSSecurityUtil.fetchActionResult(handlerResults.get(0).getResults(), WSConstants.UT);
+        AssertionWrapper assertion = 
+            (AssertionWrapper)actionResult.get(WSSecurityEngineResult.TAG_TRANSFORMED_TOKEN);
+        Assert.assertTrue(assertion != null && "DoubleItSTSIssuer".equals(assertion.getIssuerString()));
+        
+        return numberToDouble * 2;
+    }
+    
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/transformation/Server.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/transformation/Server.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/transformation/Server.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/transformation/Server.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.transformation;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class Server extends AbstractBusTestServerBase {
+
+    public Server() {
+
+    }
+
+    protected void run()  {
+        URL busFile = Server.class.getResource("cxf-service.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new Server();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/transformation/TransformationTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/transformation/TransformationTest.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/transformation/TransformationTest.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/transformation/TransformationTest.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,88 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.transformation;
+
+import java.net.URL;
+
+import javax.xml.namespace.QName;
+import javax.xml.ws.Service;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.systest.sts.deployment.STSServer;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+
+import org.example.contract.doubleit.DoubleItPortType;
+import org.junit.BeforeClass;
+
+/**
+ * In this test case, a CXF client sends a Username Token via (1-way) TLS to a CXF provider.
+ * The provider dispatches the Username Token to an STS for validation (via TLS), and also
+ * send a TokenType corresponding to a SAML2 Assertion. The STS will create the requested
+ * SAML Assertion after validation and return it to the provider.
+ */
+public class TransformationTest extends AbstractBusClientServerTestBase {
+    
+    private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
+    private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
+    
+    private static final String PORT = allocatePort(Server.class);
+
+    @BeforeClass
+    public static void startServers() throws Exception {
+        assertTrue(
+            "Server failed to launch",
+            // run the server in the same process
+            // set this to false to fork
+            launchServer(Server.class, true)
+        );
+        assertTrue(
+            "Server failed to launch",
+            // run the server in the same process
+            // set this to false to fork
+            launchServer(STSServer.class, true)
+        );
+    }
+
+    @org.junit.Test
+    public void testTokenTransformation() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = TransformationTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = TransformationTest.class.getResource("DoubleIt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItTransportUTPort");
+        DoubleItPortType transportUTPort = 
+            service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(transportUTPort, PORT);
+        
+        doubleIt(transportUTPort, 25);
+    }
+    
+    private static void doubleIt(DoubleItPortType port, int numToDouble) {
+        int resp = port.doubleIt(numToDouble);
+        System.out.println("The number " + numToDouble + " doubled is " + resp);
+        assertTrue(resp == 2 * numToDouble);
+    }
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/usernametoken/Server.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/usernametoken/Server.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/usernametoken/Server.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/usernametoken/Server.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.usernametoken;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class Server extends AbstractBusTestServerBase {
+
+    public Server() {
+
+    }
+
+    protected void run()  {
+        URL busFile = Server.class.getResource("cxf-service.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new Server();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/usernametoken/UsernameTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/usernametoken/UsernameTokenTest.java?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/usernametoken/UsernameTokenTest.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/usernametoken/UsernameTokenTest.java Thu Oct 20 15:15:10 2011
@@ -0,0 +1,113 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.usernametoken;
+
+import java.net.URL;
+
+import javax.xml.namespace.QName;
+import javax.xml.ws.Service;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.systest.sts.deployment.STSServer;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+
+import org.example.contract.doubleit.DoubleItPortType;
+import org.junit.BeforeClass;
+
+/**
+ * In this test case, a CXF client sends a Username Token via (1-way) TLS to a CXF provider.
+ * The provider dispatches the Username Token to an STS for validation (via TLS).
+ */
+public class UsernameTokenTest extends AbstractBusClientServerTestBase {
+    
+    private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
+    private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
+
+    private static final String PORT = allocatePort(Server.class);
+    
+    @BeforeClass
+    public static void startServers() throws Exception {
+        assertTrue(
+                   "Server failed to launch",
+                   // run the server in the same process
+                   // set this to false to fork
+                   launchServer(Server.class, true)
+        );
+        assertTrue(
+                   "Server failed to launch",
+                   // run the server in the same process
+                   // set this to false to fork
+                   launchServer(STSServer.class, true)
+        );
+    }
+
+    @org.junit.Test
+    public void testUsernameToken() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = UsernameTokenTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+        
+        URL wsdl = UsernameTokenTest.class.getResource("DoubleIt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItTransportUTPort");
+        DoubleItPortType transportUTPort = 
+            service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(transportUTPort, PORT);
+
+        doubleIt(transportUTPort, 25);
+    }
+    
+    @org.junit.Test
+    public void testBadUsernameToken() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = UsernameTokenTest.class.getResource("cxf-bad-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = UsernameTokenTest.class.getResource("DoubleIt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItTransportUTPort");
+        DoubleItPortType transportUTPort = 
+            service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(transportUTPort, PORT);
+        
+        try {
+            doubleIt(transportUTPort, 30);
+            fail("Expected failure on a bad password");
+        } catch (javax.xml.ws.soap.SOAPFaultException fault) {
+            String message = fault.getMessage();
+            assertTrue(message.contains("STS Authentication failed")
+                || message.contains("Validation of security token failed"));
+        }
+    }
+
+    private static void doubleIt(DoubleItPortType port, int numToDouble) {
+        int resp = port.doubleIt(numToDouble);
+        System.out.println("The number " + numToDouble + " doubled is " + resp);
+        assertTrue(resp == 2 * numToDouble);
+    }
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/resources/DoubleItLogical.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/DoubleItLogical.wsdl?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/DoubleItLogical.wsdl (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/DoubleItLogical.wsdl Thu Oct 20 15:15:10 2011
@@ -0,0 +1,60 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<wsdl:definitions name="DoubleIt"
+	xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
+	xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:di="http://www.example.org/schema/DoubleIt"
+	xmlns:tns="http://www.example.org/contract/DoubleIt" xmlns:wsp="http://www.w3.org/ns/ws-policy"
+	xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+	xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
+	xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsaw="http://www.w3.org/2005/08/addressing"
+	xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" targetNamespace="http://www.example.org/contract/DoubleIt">
+	<!-- Replaced for wsp: http://schemas.xmlsoap.org/ws/2004/09/policy -->
+	
+	<wsdl:types>
+		<xsd:schema targetNamespace="http://www.example.org/schema/DoubleIt">
+			<xsd:element name="DoubleIt">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="numberToDouble" type="xsd:int" />
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="DoubleItResponse">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="doubledNumber" type="xsd:int" />
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:schema>
+	</wsdl:types>
+	<wsdl:message name="DoubleItRequest">
+		<wsdl:part element="di:DoubleIt" name="parameters" />
+	</wsdl:message>
+	<wsdl:message name="DoubleItResponse">
+		<wsdl:part element="di:DoubleItResponse" name="parameters" />
+	</wsdl:message>
+	<wsdl:portType name="DoubleItPortType">
+		<wsdl:operation name="DoubleIt">
+			<wsdl:input message="tns:DoubleItRequest" />
+			<wsdl:output message="tns:DoubleItResponse" />
+		</wsdl:operation>
+	</wsdl:portType>
+	
+</wsdl:definitions>

Added: cxf/trunk/services/sts/systests/advanced/src/test/resources/clientKeystore.properties
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/clientKeystore.properties?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/clientKeystore.properties (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/clientKeystore.properties Thu Oct 20 15:15:10 2011
@@ -0,0 +1,24 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=cspass
+org.apache.ws.security.crypto.merlin.keystore.alias=myclientkey
+org.apache.ws.security.crypto.merlin.keystore.file=clientstore.jks
+

Added: cxf/trunk/services/sts/systests/advanced/src/test/resources/clientstore.jks
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/clientstore.jks?rev=1186845&view=auto
==============================================================================
Files cxf/trunk/services/sts/systests/advanced/src/test/resources/clientstore.jks (added) and cxf/trunk/services/sts/systests/advanced/src/test/resources/clientstore.jks Thu Oct 20 15:15:10 2011 differ

Added: cxf/trunk/services/sts/systests/advanced/src/test/resources/eve.jks
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/eve.jks?rev=1186845&view=auto
==============================================================================
Files cxf/trunk/services/sts/systests/advanced/src/test/resources/eve.jks (added) and cxf/trunk/services/sts/systests/advanced/src/test/resources/eve.jks Thu Oct 20 15:15:10 2011 differ

Added: cxf/trunk/services/sts/systests/advanced/src/test/resources/eveKeystore.properties
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/eveKeystore.properties?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/eveKeystore.properties (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/eveKeystore.properties Thu Oct 20 15:15:10 2011
@@ -0,0 +1,23 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=evespass
+org.apache.ws.security.crypto.merlin.keystore.file=eve.jks
+

Added: cxf/trunk/services/sts/systests/advanced/src/test/resources/kerberos.jaas
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/kerberos.jaas?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/kerberos.jaas (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/kerberos.jaas Thu Oct 20 15:15:10 2011
@@ -0,0 +1,8 @@
+
+alice {
+    com.sun.security.auth.module.Krb5LoginModule required refreshKrb5Config=true useKeyTab=true keyTab="/etc/alice.keytab" principal="alice";
+};
+
+bob {
+    com.sun.security.auth.module.Krb5LoginModule required refreshKrb5Config=true useKeyTab=true storeKey=true keyTab="/etc/bob.keytab" principal="bob/service.ws.apache.org";
+};

Added: cxf/trunk/services/sts/systests/advanced/src/test/resources/logging.properties
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/logging.properties?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/logging.properties (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/logging.properties Thu Oct 20 15:15:10 2011
@@ -0,0 +1,70 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+############################################################
+#  	Default Logging Configuration File
+#
+# You can use a different file by specifying a filename
+# with the java.util.logging.config.file system property.  
+# For example java -Djava.util.logging.config.file=myfile
+############################################################
+
+############################################################
+#  	Global properties
+############################################################
+
+# "handlers" specifies a comma separated list of log Handler 
+# classes.  These handlers will be installed during VM startup.
+# Note that these classes must be on the system classpath.
+# By default we only configure a ConsoleHandler, which will only
+# show messages at the WARNING and above levels.
+handlers= java.util.logging.ConsoleHandler
+#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler
+
+# Default global logging level.
+# This specifies which kinds of events are logged across
+# all loggers.  For any given facility this global level
+# can be overridden by a facility specific level
+# Note that the ConsoleHandler also has a separate level
+# setting to limit messages printed to the console.
+.level= INFO
+
+############################################################
+# Handler specific properties.
+# Describes specific configuration info for Handlers.
+############################################################
+
+# default file output is in user's home directory.
+java.util.logging.FileHandler.pattern = %h/java%u.log
+java.util.logging.FileHandler.limit = 50000
+java.util.logging.FileHandler.count = 1
+java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
+
+# Limit the message that are printed on the console to WARNING and above.
+java.util.logging.ConsoleHandler.level = FINE
+java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
+
+
+############################################################
+# Facility specific properties.
+# Provides extra control for each logger.
+############################################################
+
+# For example, set the com.xyz.foo logger to only log SEVERE
+# messages:
+#com.xyz.foo.level = SEVERE

Added: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/asymmetric_encr/cxf-client.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/asymmetric_encr/cxf-client.xml?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/asymmetric_encr/cxf-client.xml (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/asymmetric_encr/cxf-client.xml Thu Oct 20 15:15:10 2011
@@ -0,0 +1,39 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+   xmlns:jaxws="http://cxf.apache.org/jaxws"
+   xmlns:cxf="http://cxf.apache.org/core"
+   xmlns:http="http://cxf.apache.org/transports/http/configuration"
+   xmlns:sec="http://cxf.apache.org/configuration/security"
+   xsi:schemaLocation="
+http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd
+http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
+
+    <cxf:bus>
+        <cxf:features>
+            <cxf:logging/>
+        </cxf:features>
+    </cxf:bus>
+    
+</beans>
+

Added: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/asymmetric_encr/cxf-sts.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/asymmetric_encr/cxf-sts.xml?rev=1186845&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/asymmetric_encr/cxf-sts.xml (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/asymmetric_encr/cxf-sts.xml Thu Oct 20 15:15:10 2011
@@ -0,0 +1,96 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans 
+    xmlns="http://www.springframework.org/schema/beans"
+    xmlns:cxf="http://cxf.apache.org/core"
+    xmlns:jaxws="http://cxf.apache.org/jaxws"
+    xmlns:test="http://apache.org/hello_world_soap_http"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:util="http://www.springframework.org/schema/util"
+    xsi:schemaLocation="
+        http://cxf.apache.org/core
+        http://cxf.apache.org/schemas/core.xsd
+        http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+        http://cxf.apache.org/jaxws                                     
+        http://cxf.apache.org/schemas/jaxws.xsd
+        http://www.springframework.org/schema/util
+        http://www.springframework.org/schema/util/spring-util-2.0.xsd">
+
+    <cxf:bus>
+        <cxf:features>
+            <cxf:logging/>
+        </cxf:features>
+    </cxf:bus>
+
+    <bean id="x509STSProviderBean"
+		class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
+		<property name="issueOperation" ref="x509IssueDelegate"/>
+	</bean>	
+
+	<bean id="x509IssueDelegate"
+		class="org.apache.cxf.sts.operation.TokenIssueOperation">
+		<property name="tokenProviders" ref="x509SamlTokenProvider"/>
+		<property name="services" ref="x509Service"/>
+		<property name="stsProperties" ref="x509STSProperties"/>
+		<property name="encryptIssuedToken" value="true"/>
+	</bean>
+	
+	<bean id="x509SamlTokenProvider"
+		class="org.apache.cxf.sts.token.provider.SAMLTokenProvider">
+    </bean>
+    
+    <bean id="x509Service"
+        class="org.apache.cxf.sts.service.StaticService">
+        <property name="endpoints" ref="x509Endpoints"/>
+    </bean>
+    
+    <util:list id="x509Endpoints">
+		<value>https://localhost:(\d)*/doubleit/services/doubleittransport.*</value>
+	</util:list>
+	
+	<bean id="x509STSProperties"
+	     class="org.apache.cxf.sts.StaticSTSProperties">
+	    <property name="signaturePropertiesFile" value="stsKeystore.properties"/>
+		<property name="signatureUsername" value="mystskey"/>
+		<property name="callbackHandlerClass" 
+		          value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+		<property name="encryptionPropertiesFile" value="stsKeystore.properties"/>
+		<property name="issuer" value="DoubleItSTSIssuer"/>
+		<property name="encryptionUsername" value="useReqSigCert"/>
+    </bean>
+    
+	<jaxws:endpoint id="X509STS"
+		implementor="#x509STSProviderBean"
+		address="http://localhost:8084/SecurityTokenService/X509" 
+        wsdlLocation="src/test/resources/org/apache/cxf/systest/sts/asymmetric_encr/ws-trust-1.4-service.wsdl"
+        xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+        serviceName="ns1:SecurityTokenService"
+        endpointName="ns1:X509_Port">
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler" 
+                   value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+            <entry key="ws-security.signature.properties" value="stsKeystore.properties"/>
+            <entry key="ws-security.signature.username" value="mystskey"/>
+        </jaxws:properties> 
+	</jaxws:endpoint>
+	
+
+</beans>
+



Mime
View raw message