Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@cxf.apache.org
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1215176 - in
 /cxf/trunk/systests/ws-security-examples/src/test:
 java/org/apache/cxf/systest/wssec/examples/saml/
 java/org/apache/cxf/systest/wssec/examples/secconv/
 java/org/apache/cxf/systest/wssec/examples/secconv/server/ resources/org/a...
Date: Fri, 16 Dec 2011 15:17:43 -0000
To: commits@cxf.apache.org
From: coheigea@apache.org
Message-Id: <20111216151743.7C1DE23888CD@eris.apache.org>

Author: coheigea
Date: Fri Dec 16 15:17:42 2011
New Revision: 1215176

URL: http://svn.apache.org/viewvc?rev=1215176&view=rev
Log:
Added in some more saml ws-security-example tests and a secure-conversation test

Added:
    cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/
    cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/SecureConversationTest.java
    cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/server/
    cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/server/Server.java
    cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/
    cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/DoubleItSecConv.wsdl
    cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/client/
    cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/client/client.xml
    cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/server/
    cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/server/server.xml
Modified:
    cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java
    cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl
    cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/client/client.xml
    cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server/server.xml

Modified: cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java?rev=1215176&r1=1215175&r2=1215176&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java (original)
+++ cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java Fri Dec 16 15:17:42 2011
@@ -216,4 +216,50 @@ public class SamlTokenTest extends Abstr
         
         samlPort.doubleIt(25);
     }
+    
+    /**
+     * 2.3.2.3 (WSS1.1) SAML2.0 HoK over SSL
+     */
+    @org.junit.Test
+    public void testTLSHOKSignedEndorsingSaml2() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItTLSHOKSignedEndorsingSaml2Port");
+        DoubleItPortType samlPort = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(samlPort, PORT2);
+        
+        samlPort.doubleIt(25);
+    }
+    
+    /**
+     * 2.3.2.4 (WSS1.1) SAML1.1/2.0 Sender Vouches with X.509 Certificate, Sign, Encrypt
+     */
+    @org.junit.Test
+    public void testSymmetricSV() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSymmetricSVPort");
+        DoubleItPortType samlPort = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(samlPort, PORT);
+        
+        samlPort.doubleIt(25);
+    }
 }

Added: cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/SecureConversationTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/SecureConversationTest.java?rev=1215176&view=auto
==============================================================================
--- cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/SecureConversationTest.java (added)
+++ cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/SecureConversationTest.java Fri Dec 16 15:17:42 2011
@@ -0,0 +1,80 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.wssec.examples.secconv;
+
+import java.net.URL;
+
+import javax.xml.namespace.QName;
+import javax.xml.ws.Service;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.systest.wssec.examples.secconv.server.Server;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+
+import org.example.contract.doubleit.DoubleItPortType;
+
+import org.junit.BeforeClass;
+
+/**
+ * A set of tests for SecureConversation using policies defined in the OASIS spec:
+ * "WS-SecurityPolicy Examples Version 1.0".
+ */
+public class SecureConversationTest extends AbstractBusClientServerTestBase {
+    static final String PORT = allocatePort(Server.class);
+    
+    private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
+    private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
+
+    @BeforeClass
+    public static void startServers() throws Exception {
+        assertTrue(
+            "Server failed to launch",
+            // run the server in the same process
+            // set this to false to fork
+            launchServer(Server.class, true)
+        );
+    }
+
+    /**
+     * 2.4.1 (WSS 1.0) Secure Conversation bootstrapped by Mutual
+     * Authentication with X.509 Certificates
+     */
+    @org.junit.Test
+    public void testSecureConversation() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = SecureConversationTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = SecureConversationTest.class.getResource("DoubleItSecConv.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSecureConversationPort");
+        DoubleItPortType samlPort = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(samlPort, PORT);
+        
+        samlPort.doubleIt(25);
+    }
+    
+}

Added: cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/server/Server.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/server/Server.java?rev=1215176&view=auto
==============================================================================
--- cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/server/Server.java (added)
+++ cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/server/Server.java Fri Dec 16 15:17:42 2011
@@ -0,0 +1,47 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.wssec.examples.secconv.server;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class Server extends AbstractBusTestServerBase {
+
+    public Server() {
+
+    }
+
+    protected void run()  {
+        URL busFile = Server.class.getResource("server.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new Server();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}

Modified: cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl?rev=1215176&r1=1215175&r2=1215176&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl (original)
+++ cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl Fri Dec 16 15:17:42 2011
@@ -160,6 +160,44 @@
         </wsdl:operation>
     </wsdl:binding>
     
+    <wsdl:binding name="DoubleItTLSHOKSignedEndorsingSaml2Binding" type="tns:DoubleItPortType">
+        <wsp:PolicyReference URI="#DoubleItTLSHOKSignedEndorsingSaml2Policy" />
+        <soap:binding style="document"
+            transport="http://schemas.xmlsoap.org/soap/http" />
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction="" />
+            <wsdl:input>
+                <soap:body use="literal" />
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal" />
+            </wsdl:output>
+            <wsdl:fault name="DoubleItFault">
+                <soap:body use="literal" name="DoubleItFault" />
+            </wsdl:fault>
+        </wsdl:operation>
+    </wsdl:binding>
+    
+    <wsdl:binding name="DoubleItSymmetricSVBinding" type="tns:DoubleItPortType">
+        <wsp:PolicyReference URI="#DoubleItSymmetricSVPolicy" />
+        <soap:binding style="document"
+            transport="http://schemas.xmlsoap.org/soap/http" />
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction="" />
+            <wsdl:input>
+                <soap:body use="literal" />
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal" />
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+            </wsdl:output>
+            <wsdl:fault name="DoubleItFault">
+                <soap:body use="literal" name="DoubleItFault" />
+            </wsdl:fault>
+        </wsdl:operation>
+    </wsdl:binding>
+    
     <wsdl:service name="DoubleItService">
         <wsdl:port name="DoubleItBearerPort" binding="tns:DoubleItBearerBinding">
             <soap:address location="http://localhost:9009/DoubleItSamlBearer" />
@@ -182,6 +220,13 @@
         <wsdl:port name="DoubleItTLSSenderVouchesSaml2Port" binding="tns:DoubleItTLSSenderVouchesSaml2Binding">
             <soap:address location="https://localhost:9010/DoubleItSamlTLSSenderVouchesSaml2" />
         </wsdl:port>
+        <wsdl:port name="DoubleItTLSHOKSignedEndorsingSaml2Port" 
+                   binding="tns:DoubleItTLSHOKSignedEndorsingSaml2Binding">
+            <soap:address location="https://localhost:9010/DoubleItSamlTLSHOKSignedEndorsingSaml2" />
+        </wsdl:port>
+        <wsdl:port name="DoubleItSymmetricSVPort" binding="tns:DoubleItSymmetricSVBinding">
+            <soap:address location="http://localhost:9009/DoubleItSamlSymmetricSV" />
+        </wsdl:port>
     </wsdl:service>
 
     <!-- 2.3.1.1 (WSS1.0) SAML1.1 Assertion (Bearer) -->
@@ -482,6 +527,109 @@
         </sp:SignedSupportingTokens>
     </wsp:Policy>
     
+    <!-- 2.3.2.3 (WSS1.1) SAML2.0 HoK over SSL -->
+    <wsp:Policy wsu:Id="DoubleItTLSHOKSignedEndorsingSaml2Policy">
+        <sp:TransportBinding>
+            <wsp:Policy>
+                <sp:TransportToken>
+                    <wsp:Policy>
+                        <sp:HttpsToken>
+                            <wsp:Policy>
+                                <sp:RequireClientCertificate/>
+                            </wsp:Policy>
+                        </sp:HttpsToken>
+                    </wsp:Policy>
+                </sp:TransportToken>
+                <sp:AlgorithmSuite>
+                    <wsp:Policy>
+                        <sp:Basic128 />
+                    </wsp:Policy>
+                </sp:AlgorithmSuite>
+                <sp:Layout>
+                    <wsp:Policy>
+                        <sp:Strict />
+                    </wsp:Policy>
+                </sp:Layout>
+                <sp:IncludeTimestamp />
+            </wsp:Policy>
+        </sp:TransportBinding>
+        <sp:SignedEndorsingSupportingTokens>
+            <wsp:Policy>
+                <sp:SamlToken
+                    sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                    <wsp:Policy>
+                        <sp:WssSamlV20Token11/>
+                    </wsp:Policy>
+                </sp:SamlToken>
+            </wsp:Policy>
+        </sp:SignedEndorsingSupportingTokens>
+    </wsp:Policy>
+    
+    <!-- 2.3.2.4 (WSS1.1) SAML1.1/2.0 Sender Vouches with X.509 Certificate, Sign, Encrypt -->
+    <wsp:Policy wsu:Id="DoubleItSymmetricSVPolicy">
+        <wsp:ExactlyOne>
+            <wsp:All>
+                <sp:SymmetricBinding>
+                    <wsp:Policy>
+                        <sp:ProtectionToken>
+                            <wsp:Policy>
+                                <sp:X509Token
+                                    sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+                                    <wsp:Policy>
+                                        <sp:RequireThumbprintReference />
+                                        <sp:RequireDerivedKeys wsp:Optional="true"/>
+                                        <sp:WssX509V3Token10/>
+                                    </wsp:Policy>
+                                </sp:X509Token>
+                            </wsp:Policy>
+                        </sp:ProtectionToken>
+                        <sp:AlgorithmSuite>
+                            <wsp:Policy>
+                                <sp:Basic128/>
+                            </wsp:Policy>
+                        </sp:AlgorithmSuite>
+                        <sp:Layout>
+                            <wsp:Policy>
+                                <sp:Strict/>
+                            </wsp:Policy>
+                        </sp:Layout>
+                        <sp:IncludeTimestamp/>
+                        <sp:OnlySignEntireHeadersAndBody/>
+                    </wsp:Policy>
+                </sp:SymmetricBinding>
+                <sp:SignedSupportingTokens>
+                    <wsp:Policy>
+                        <sp:SamlToken
+                            sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                            <wsp:Policy>
+                                <sp:WssSamlV11Token11/>
+                            </wsp:Policy>
+                        </sp:SamlToken>
+                    </wsp:Policy>
+                </sp:SignedSupportingTokens>
+                <sp:EndorsingSupportingTokens>
+                    <wsp:Policy>
+                        <sp:X509Token
+                            sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                            <wsp:Policy>
+                                <sp:WssX509V3Token11/>
+                            </wsp:Policy>
+                        </sp:X509Token>
+                    </wsp:Policy>
+                </sp:EndorsingSupportingTokens>
+                <sp:Wss11>
+                    <wsp:Policy>
+                        <sp:MustSupportRefKeyIdentifier/>
+                        <sp:MustSupportRefIssuerSerial/>
+                        <sp:MustSupportRefThumbprint/>
+                        <sp:MustSupportRefEncryptedKey/>
+                    </wsp:Policy>
+                </sp:Wss11>
+            </wsp:All>
+        </wsp:ExactlyOne>
+    </wsp:Policy>
+    
+    
     <wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Input_Policy">
         <wsp:ExactlyOne>
             <wsp:All>

Modified: cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/client/client.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/client/client.xml?rev=1215176&r1=1215175&r2=1215176&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/client/client.xml (original)
+++ cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/client/client.xml Fri Dec 16 15:17:42 2011
@@ -113,6 +113,31 @@
        </jaxws:properties>
     </jaxws:client>
     
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTLSHOKSignedEndorsingSaml2Port" 
+                  createdFromAPI="true">
+       <jaxws:properties>
+           <entry key="ws-security.saml-callback-handler" value-ref="saml2HOKHandler"/>
+           <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/>
+           <entry key="ws-security.signature.properties" value="alice.properties"/> 
+           <entry key="ws-security.signature.username" value="alice"/>
+           <entry key="ws-security.self-sign-saml-assertion" value="true"/>
+       </jaxws:properties>
+    </jaxws:client>
+    
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSymmetricSVPort" 
+                  createdFromAPI="true">
+       <jaxws:properties>
+           <entry key="ws-security.saml-callback-handler" value-ref="saml1SenderVouchesHandler"/>
+           <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/>
+           <entry key="ws-security.signature.properties" value="alice.properties"/> 
+           <entry key="ws-security.signature.username" value="alice"/>
+           <entry key="ws-security.encryption.properties" value="bob.properties"/> 
+           <entry key="ws-security.encryption.username" value="bob"/>
+       </jaxws:properties>
+    </jaxws:client>
+    
     <bean id="saml1SenderVouchesHandler" 
           class="org.apache.cxf.systest.wssec.examples.saml.SamlCallbackHandler">
           <property name="confirmationMethod" value="urn:oasis:names:tc:SAML:1.0:cm:sender-vouches"/>
@@ -129,6 +154,12 @@
           <property name="confirmationMethod" value="urn:oasis:names:tc:SAML:1.0:cm:holder-of-key"/>
     </bean>
     
+    <bean id="saml2HOKHandler" 
+          class="org.apache.cxf.systest.wssec.examples.saml.SamlCallbackHandler">
+          <property name="confirmationMethod" value="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"/>
+          <property name="saml2" value="true"/>
+    </bean>
+    
     <bean id="saml2BearerHandler" 
           class="org.apache.cxf.systest.wssec.examples.saml.SamlCallbackHandler">
           <property name="confirmationMethod" value="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>

Modified: cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server/server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server/server.xml?rev=1215176&r1=1215175&r2=1215176&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server/server.xml (original)
+++ cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server/server.xml Fri Dec 16 15:17:42 2011
@@ -146,6 +146,39 @@
        </jaxws:properties> 
     </jaxws:endpoint>
     
+    <jaxws:endpoint 
+       id="TLSHOKSignedEndorsingSaml2"
+       address="https://localhost:${testutil.ports.Server.2}/DoubleItSamlTLSHOKSignedEndorsingSaml2" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItTLSHOKSignedEndorsingSaml2Port"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl"
+       wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl"
+       depends-on="tls-settings">
+       <jaxws:properties>
+           <entry key="ws-security.signature.properties" value="bob.properties"/> 
+       </jaxws:properties> 
+    </jaxws:endpoint>
+    
+    <jaxws:endpoint 
+       id="SymmetricSV"
+       address="http://localhost:${testutil.ports.Server}/DoubleItSamlSymmetricSV" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItSymmetricSVPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl"
+       wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl">
+       <jaxws:properties>
+           <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/>
+           <!-- TODO Fix the way these properties are inverted -->
+           <entry key="ws-security.signature.username" value="bob"/> 
+           <entry key="ws-security.encryption.properties" value="bob.properties"/> 
+           <entry key="ws-security.signature.properties" value="alice.properties"/> 
+           <entry key="ws-security.encryption.username" value="alice"/>
+       </jaxws:properties> 
+    </jaxws:endpoint>
+    
     <!-- -->
     <!-- Any services listening on port ${testutil.ports.Server} must use the following -->
     <!-- Transport Layer Security (TLS) settings -->

Added: cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/DoubleItSecConv.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/DoubleItSecConv.wsdl?rev=1215176&view=auto
==============================================================================
--- cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/DoubleItSecConv.wsdl (added)
+++ cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/DoubleItSecConv.wsdl Fri Dec 16 15:17:42 2011
@@ -0,0 +1,183 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<wsdl:definitions name="DoubleIt"
+    xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
+    xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="http://www.example.org/contract/DoubleIt"
+    targetNamespace="http://www.example.org/contract/DoubleIt" 
+    xmlns:wsp="http://www.w3.org/ns/ws-policy"
+    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+    xmlns:wsaws="http://www.w3.org/2005/08/addressing" 
+    xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy"
+    xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
+    xmlns:sp13="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802">
+    
+    <wsdl:import location="src/test/resources/DoubleItLogical.wsdl" 
+                 namespace="http://www.example.org/contract/DoubleIt"/>
+                 
+    <wsdl:binding name="DoubleItSecureConversationBinding" type="tns:DoubleItPortType">
+        <wsp:PolicyReference URI="#DoubleItSecureConversation_policy" />
+        <soap:binding style="document"
+            transport="http://schemas.xmlsoap.org/soap/http" />
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction="" />
+            <wsdl:input>
+                <soap:body use="literal" />
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal" />
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+            </wsdl:output>
+            <wsdl:fault name="DoubleItFault">
+                <soap:body use="literal" name="DoubleItFault" />
+            </wsdl:fault>
+        </wsdl:operation>
+    </wsdl:binding>
+    
+    <wsdl:service name="DoubleItService">
+        <wsdl:port name="DoubleItSecureConversationPort" 
+                   binding="tns:DoubleItSecureConversationBinding">
+            <soap:address location="http://localhost:9009/DoubleItSecureConversation" />
+        </wsdl:port>
+    </wsdl:service>
+
+    <!-- 2.4.1 (WSS 1.0) Secure Conversation bootstrapped by Mutual -->
+    <!-- Authentication with X.509 Certificates -->
+    <wsp:Policy wsu:Id="DoubleItSecureConversation_policy">
+		<wsp:ExactlyOne>
+			<wsp:All>
+				<sp:SymmetricBinding>
+					<wsp:Policy>
+						<sp:ProtectionToken>
+							<wsp:Policy>
+								<sp:SecureConversationToken
+									sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+									<wsp:Policy>
+										<sp:RequireDerivedKeys />
+										<sp:BootstrapPolicy>
+											<wsp:Policy>
+												<sp:AsymmetricBinding>
+													<wsp:Policy>
+														<sp:InitiatorToken>
+                                                            <wsp:Policy>
+                                                                <sp:X509Token
+                                                                    sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                                                                    <wsp:Policy>
+                                                                        <sp:WssX509V3Token10 />
+                                                                    </wsp:Policy>
+                                                                </sp:X509Token>
+                                                            </wsp:Policy>
+                                                         </sp:InitiatorToken>
+                                                         <sp:RecipientToken>
+                                                             <wsp:Policy>
+                                                                 <!-- NOTE Changing below to "Never" as I believe the policy is incorrect -->
+                                                                 <sp:X509Token
+                                                                     sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+                                                                     <wsp:Policy>
+                                                                         <sp:WssX509V3Token10 />
+                                                                     </wsp:Policy>
+                                                                 </sp:X509Token>
+                                                             </wsp:Policy>
+                                                         </sp:RecipientToken>
+														 <sp:AlgorithmSuite>
+														 	<wsp:Policy>
+													 			<sp:Basic128 />
+													  		</wsp:Policy>
+													     </sp:AlgorithmSuite>
+														<sp:Layout>
+															<wsp:Policy>
+																<sp:Strict />
+															</wsp:Policy>
+														</sp:Layout>
+														<sp:IncludeTimestamp />
+														<sp:OnlySignEntireHeadersAndBody />
+													</wsp:Policy>
+												</sp:AsymmetricBinding>
+												<sp:Wss10>
+													<wsp:Policy>
+														<sp:MustSupportRefKeyIdentifier />
+													</wsp:Policy>
+												</sp:Wss10>
+												<sp:SignedParts>
+                                                    <sp:Body/>
+                                                    <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
+                                                </sp:SignedParts>
+                                                <sp:EncryptedParts>
+                                                    <sp:Body/>
+                                                </sp:EncryptedParts>
+											</wsp:Policy>
+										</sp:BootstrapPolicy>
+									</wsp:Policy>
+								</sp:SecureConversationToken>
+							</wsp:Policy>
+						</sp:ProtectionToken>
+						<sp:AlgorithmSuite>
+							<wsp:Policy>
+								<sp:Basic128 />
+							</wsp:Policy>
+						</sp:AlgorithmSuite>
+						<sp:Layout>
+							<wsp:Policy>
+								<sp:Strict />
+							</wsp:Policy>
+						</sp:Layout>
+						<sp:IncludeTimestamp />
+						<sp:OnlySignEntireHeadersAndBody />
+					</wsp:Policy>
+				</sp:SymmetricBinding>
+				<sp:Trust13>
+					<wsp:Policy>
+						<sp:RequireClientEntropy />
+						<sp:RequireServerEntropy />
+					</wsp:Policy>
+				</sp:Trust13>
+				<!--<wsap:UsingAddressing /> --> 
+			</wsp:All>
+		</wsp:ExactlyOne>
+	</wsp:Policy>
+    
+    <wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Input_Policy">
+        <wsp:ExactlyOne>
+            <wsp:All>
+                <sp:SignedParts>
+                    <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
+                    <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
+                    <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
+                    <sp:Body/>
+                </sp:SignedParts>
+            </wsp:All>
+        </wsp:ExactlyOne>
+    </wsp:Policy>
+    
+    <wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Output_Policy">
+        <wsp:ExactlyOne>
+            <wsp:All>
+                <sp:SignedParts>
+                    <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
+                    <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
+                    <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
+                    <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
+                    <sp:Body/>
+                </sp:SignedParts>
+            </wsp:All>
+        </wsp:ExactlyOne>
+   </wsp:Policy>
+   
+</wsdl:definitions>

Added: cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/client/client.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/client/client.xml?rev=1215176&view=auto
==============================================================================
--- cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/client/client.xml (added)
+++ cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/client/client.xml Fri Dec 16 15:17:42 2011
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns:http="http://cxf.apache.org/transports/http/configuration"
+       xmlns:jaxws="http://cxf.apache.org/jaxws"
+       xmlns:cxf="http://cxf.apache.org/core"
+       xmlns:p="http://cxf.apache.org/policy"
+       xmlns:sec="http://cxf.apache.org/configuration/security"
+       xsi:schemaLocation="
+          http://www.springframework.org/schema/beans           http://www.springframework.org/schema/beans/spring-beans.xsd
+          http://cxf.apache.org/jaxws                           http://cxf.apache.org/schemas/jaxws.xsd
+          http://cxf.apache.org/transports/http/configuration   http://cxf.apache.org/schemas/configuration/http-conf.xsd
+          http://cxf.apache.org/configuration/security          http://cxf.apache.org/schemas/configuration/security.xsd
+          http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+          http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd"
+>
+    <cxf:bus>
+        <cxf:features>
+            <p:policies/>
+            <cxf:logging/>
+        </cxf:features>
+    </cxf:bus>
+    
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSecureConversationPort" 
+                  createdFromAPI="true">
+       <jaxws:properties>
+           <entry key="ws-security.callback-handler.sct" 
+                  value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/>
+           <entry key="ws-security.signature.properties.sct" value="alice.properties"/> 
+           <entry key="ws-security.signature.username.sct" value="alice"/>
+           <entry key="ws-security.encryption.properties.sct" value="bob.properties"/> 
+           <entry key="ws-security.encryption.username.sct" value="bob"/>
+       </jaxws:properties>
+    </jaxws:client>
+    
+</beans>

Added: cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/server/server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/server/server.xml?rev=1215176&view=auto
==============================================================================
--- cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/server/server.xml (added)
+++ cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/server/server.xml Fri Dec 16 15:17:42 2011
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:jaxws="http://cxf.apache.org/jaxws"
+    xmlns:http="http://cxf.apache.org/transports/http/configuration"
+    xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+    xmlns:sec="http://cxf.apache.org/configuration/security"
+    xmlns:cxf="http://cxf.apache.org/core"
+    xmlns:p="http://cxf.apache.org/policy"
+    xsi:schemaLocation="
+        http://www.springframework.org/schema/beans                     http://www.springframework.org/schema/beans/spring-beans.xsd
+        http://cxf.apache.org/jaxws                                     http://cxf.apache.org/schemas/jaxws.xsd
+        http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+        http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd
+        http://cxf.apache.org/transports/http/configuration             http://cxf.apache.org/schemas/configuration/http-conf.xsd
+        http://cxf.apache.org/transports/http-jetty/configuration       http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+        http://cxf.apache.org/configuration/security                    http://cxf.apache.org/schemas/configuration/security.xsd
+    ">
+    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+    
+    <cxf:bus>
+        <cxf:features>
+            <p:policies/>
+            <cxf:logging/>
+        </cxf:features>
+    </cxf:bus>
+
+    <jaxws:endpoint 
+       id="SecureConversation"
+       address="http://localhost:${testutil.ports.Server}/DoubleItSecureConversation" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItSecureConversationPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/wssec/examples/secconv/DoubleItSecConv.wsdl">
+       <jaxws:properties>
+           <entry key="ws-security.callback-handler.sct" 
+                  value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/>
+           <entry key="ws-security.signature.properties.sct" value="bob.properties"/> 
+           <entry key="ws-security.encryption.properties.sct" value="alice.properties"/> 
+           <entry key="ws-security.encryption.username.sct" value="alice"/>
+       </jaxws:properties> 
+    </jaxws:endpoint>
+    
+</beans>