Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 4DD90CCAE for ; Fri, 3 Aug 2012 14:48:44 +0000 (UTC) Received: (qmail 72365 invoked by uid 500); 3 Aug 2012 14:48:44 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 72263 invoked by uid 500); 3 Aug 2012 14:48:44 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 72238 invoked by uid 99); 3 Aug 2012 14:48:44 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 Aug 2012 14:48:44 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 03 Aug 2012 14:48:40 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 82988238890B; Fri, 3 Aug 2012 14:47:55 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1368995 - in /cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security: sign_enc/ sign_enc/src/main/java/demo/wssec/client/ sign_enc/src/main/java/demo/wssec/server/ ut/ ut_sign/ ut_sign/src/main/java/demo/wssec/client/ u... Date: Fri, 03 Aug 2012 14:47:55 -0000 To: commits@cxf.apache.org From: coheigea@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20120803144755.82988238890B@eris.apache.org> Author: coheigea Date: Fri Aug 3 14:47:54 2012 New Revision: 1368995 URL: http://svn.apache.org/viewvc?rev=1368995&view=rev Log: Merged revisions 1368990 via git cherry-pick from https://svn.apache.org/repos/asf/cxf/trunk ........ r1368990 | coheigea | 2012-08-03 15:43:45 +0100 (Fri, 03 Aug 2012) | 2 lines [CXF-4453] - Updated WS-Security samples to use the DefaultCryptoCoverageChecker ........ Modified: cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/README.txt cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/client/Client.java cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/server/Server.java cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/ut/README.txt cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/README.txt cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/src/main/java/demo/wssec/client/Client.java cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/src/main/java/demo/wssec/server/Server.java Modified: cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/README.txt URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/README.txt?rev=1368995&r1=1368994&r2=1368995&view=diff ============================================================================== --- cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/README.txt (original) +++ cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/README.txt Fri Aug 3 14:47:54 2012 @@ -3,11 +3,15 @@ WS-Security Demo (Signature and Encrypt This demo shows how WS-Security support in Apache CXF may be enabled. -WS-Security can be configured to the Client and Server endpoints by adding WSS4JInterceptors. -Both Server and Client can be configured for outgoing and incoming interceptors. Various Actions like, -Timestamp, UsernameToken, Signature, Encryption, etc., can be applied to the interceptors by passing +WS-Security can be configured to the Client and Server endpoints by adding +WSS4JInterceptors. Both Server and Client can be configured for outgoing and +incoming interceptors. Various Actions like, Timestamp, UsernameToken, +Signature, Encryption, etc., can be applied to the interceptors by passing appropriate configuration properties. +This demo also shows how the DefaultCryptoCoverageChecker can be used to +make sure that the correct Elements were signed and/or encrypted. + The logging feature is used to log the inbound and outbound SOAP messages and display these to the console. @@ -122,7 +126,5 @@ The server process starts in a new comma After running the client, terminate the server process. To remove the code generated from the WSDL file and the .class -files, either delete the build directory and its contents or run: - - ant clean +files, delete the build directory and its contents. Modified: cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/client/Client.java URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/client/Client.java?rev=1368995&r1=1368994&r2=1368995&view=diff ============================================================================== --- cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/client/Client.java (original) +++ cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/client/Client.java Fri Aug 3 14:47:54 2012 @@ -32,6 +32,7 @@ import org.apache.cxf.bus.spring.SpringB import org.apache.cxf.hello_world_soap_http.Greeter; import org.apache.cxf.hello_world_soap_http.GreeterService; +import org.apache.cxf.ws.security.wss4j.DefaultCryptoCoverageChecker; import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor; import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor; @@ -57,12 +58,9 @@ public final class Client { outProps.put("action", "UsernameToken Timestamp Signature Encrypt"); outProps.put("passwordType", "PasswordDigest"); - outProps.put("user", "clientx509v1"); - //If you are using the patch WSS-194, then uncomment below two lines and - //comment the above "user" prop line. - //outProps.put("user", "abcd"); - //outProps.put("signatureUser", "clientx509v1"); + outProps.put("user", "abcd"); + outProps.put("signatureUser", "clientx509v1"); outProps.put("passwordCallbackClass", "demo.wssec.client.UTPasswordCallback"); @@ -95,6 +93,14 @@ public final class Client { bus.getInInterceptors().add(new WSS4JInInterceptor(inProps)); + // Check to make sure that the SOAP Body and Timestamp were signed, + // and that the SOAP Body was encrypted + DefaultCryptoCoverageChecker coverageChecker = new DefaultCryptoCoverageChecker(); + coverageChecker.setSignBody(true); + coverageChecker.setSignTimestamp(true); + coverageChecker.setEncryptBody(true); + bus.getInInterceptors().add(coverageChecker); + GreeterService service = new GreeterService(); Greeter port = service.getGreeterPort(); @@ -106,7 +112,7 @@ public final class Client { System.out.println("response: " + response + "\n"); } - // allow aynchronous resends to occur + // allow asynchronous resends to occur Thread.sleep(30 * 1000); if (port instanceof Closeable) { Modified: cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/server/Server.java URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/server/Server.java?rev=1368995&r1=1368994&r2=1368995&view=diff ============================================================================== --- cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/server/Server.java (original) +++ cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/server/Server.java Fri Aug 3 14:47:54 2012 @@ -29,6 +29,8 @@ import javax.xml.ws.Endpoint; import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; + +import org.apache.cxf.ws.security.wss4j.DefaultCryptoCoverageChecker; import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor; import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor; @@ -55,13 +57,10 @@ public class Server { outProps.put("action", "UsernameToken Timestamp Signature Encrypt"); outProps.put("passwordType", "PasswordText"); - outProps.put("user", "serverx509v1"); outProps.put("passwordCallbackClass", "demo.wssec.server.UTPasswordCallback"); - //If you are using the patch WSS-194, then uncomment below two lines and - //comment the above "user" prop line. - //outProps.put("user", "Alice"); - //outProps.put("signatureUser", "serverx509v1"); + outProps.put("user", "Alice"); + outProps.put("signatureUser", "serverx509v1"); outProps.put("encryptionUser", "clientx509v1"); outProps.put("encryptionPropFile", "etc/Server_SignVerf.properties"); @@ -90,6 +89,14 @@ public class Server { bus.getInInterceptors().add(new WSS4JInInterceptor(inProps)); + // Check to make sure that the SOAP Body and Timestamp were signed, + // and that the SOAP Body was encrypted + DefaultCryptoCoverageChecker coverageChecker = new DefaultCryptoCoverageChecker(); + coverageChecker.setSignBody(true); + coverageChecker.setSignTimestamp(true); + coverageChecker.setEncryptBody(true); + bus.getInInterceptors().add(coverageChecker); + BusFactory.setDefaultBus(bus); new Server(); Modified: cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/ut/README.txt URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/ut/README.txt?rev=1368995&r1=1368994&r2=1368995&view=diff ============================================================================== --- cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/ut/README.txt (original) +++ cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/ut/README.txt Fri Aug 3 14:47:54 2012 @@ -3,9 +3,10 @@ WS-Security Demo (UsernameToken and Tim This demo shows how WS-Security support in Apache CXF may be enabled. -WS-Security can be configured to the Client and Server endpoints by adding WSS4JInterceptors. -Both Server and Client can be configured for outgoing and incoming interceptors. Various Actions like, -Timestamp, UsernameToken, Signature, Encryption, etc., can be applied to the interceptors by passing +WS-Security can be configured to the Client and Server endpoints by adding +WSS4JInterceptors. Both Server and Client can be configured for outgoing and +incoming interceptors. Various Actions like, Timestamp, UsernameToken, +Signature, Encryption, etc., can be applied to the interceptors by passing appropriate configuration properties. The logging feature is used to log the inbound and outbound Modified: cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/README.txt URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/README.txt?rev=1368995&r1=1368994&r2=1368995&view=diff ============================================================================== --- cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/README.txt (original) +++ cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/README.txt Fri Aug 3 14:47:54 2012 @@ -3,11 +3,15 @@ WS-Security Demo (Signature and Usernam This demo shows how WS-Security support in Apache CXF may be enabled. -WS-Security can be configured to the Client and Server endpoints by adding WSS4JInterceptors. -Both Server and Client can be configured for outgoing and incoming interceptors. Various Actions like, -Timestamp, UsernameToken, Signature, Encryption, etc., can be applied to the interceptors by passing +WS-Security can be configured to the Client and Server endpoints by adding +WSS4JInterceptors. Both Server and Client can be configured for outgoing and +incoming interceptors. Various Actions like, Timestamp, UsernameToken, +Signature, Encryption, etc., can be applied to the interceptors by passing appropriate configuration properties. +This demo also shows how the DefaultCryptoCoverageChecker can be used to +make sure that the correct Elements were signed and/or encrypted. + The logging feature is used to log the inbound and outbound SOAP messages and display these to the console. @@ -122,7 +126,5 @@ The server process starts in a new comma After running the client, terminate the server process. To remove the code generated from the WSDL file and the .class -files, either delete the build directory and its contents or run: - - ant clean +files, delete the build directory and its contents. Modified: cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/src/main/java/demo/wssec/client/Client.java URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/src/main/java/demo/wssec/client/Client.java?rev=1368995&r1=1368994&r2=1368995&view=diff ============================================================================== --- cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/src/main/java/demo/wssec/client/Client.java (original) +++ cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/src/main/java/demo/wssec/client/Client.java Fri Aug 3 14:47:54 2012 @@ -31,6 +31,7 @@ import org.apache.cxf.bus.spring.SpringB import org.apache.cxf.hello_world_soap_http.Greeter; import org.apache.cxf.hello_world_soap_http.GreeterService; +import org.apache.cxf.ws.security.wss4j.DefaultCryptoCoverageChecker; import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor; import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor; @@ -56,13 +57,10 @@ public final class Client { outProps.put("action", "UsernameToken Timestamp Signature"); outProps.put("passwordType", "PasswordDigest"); - outProps.put("user", "clientx509v1"); outProps.put("passwordCallbackClass", "demo.wssec.client.UTPasswordCallback"); - //If you are using the patch WSS-194, then uncomment below two lines and comment - //the above "user" prop line. - //outProps.put("user", "abcd"); - //outProps.put("signatureUser", "clientx509v1"); + outProps.put("user", "abcd"); + outProps.put("signatureUser", "clientx509v1"); outProps.put("signaturePropFile", "etc/Client_Sign.properties"); outProps.put("signatureKeyIdentifier", "DirectReference"); outProps.put("signatureParts", @@ -82,6 +80,12 @@ public final class Client { bus.getInInterceptors().add(new WSS4JInInterceptor(inProps)); + // Check to make sure that the SOAP Body and Timestamp were signed + DefaultCryptoCoverageChecker coverageChecker = new DefaultCryptoCoverageChecker(); + coverageChecker.setSignBody(true); + coverageChecker.setSignTimestamp(true); + bus.getInInterceptors().add(coverageChecker); + GreeterService service = new GreeterService(); Greeter port = service.getGreeterPort(); Modified: cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/src/main/java/demo/wssec/server/Server.java URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/src/main/java/demo/wssec/server/Server.java?rev=1368995&r1=1368994&r2=1368995&view=diff ============================================================================== --- cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/src/main/java/demo/wssec/server/Server.java (original) +++ cxf/branches/2.6.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/src/main/java/demo/wssec/server/Server.java Fri Aug 3 14:47:54 2012 @@ -29,6 +29,7 @@ import javax.xml.ws.Endpoint; import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.ws.security.wss4j.DefaultCryptoCoverageChecker; import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor; import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor; @@ -56,12 +57,8 @@ public class Server { outProps.put("action", "UsernameToken Timestamp Signature"); outProps.put("passwordType", "PasswordText"); - outProps.put("user", "serverx509v1"); - - //If you are using WSS4J which includes a patch for WSS-194, then uncomment following 2 - //lines for "user" and "signatureUser" props and comment the above line for "user" props. - //outProps.put("user", "Alice"); - //outProps.put("signatureUser", "serverx509v1"); + outProps.put("user", "Alice"); + outProps.put("signatureUser", "serverx509v1"); outProps.put("passwordCallbackClass", "demo.wssec.server.UTPasswordCallback"); outProps.put("signaturePropFile", "etc/Server_Decrypt.properties"); @@ -82,6 +79,12 @@ public class Server { bus.getInInterceptors().add(new WSS4JInInterceptor(inProps)); + // Check to make sure that the SOAP Body and Timestamp were signed + DefaultCryptoCoverageChecker coverageChecker = new DefaultCryptoCoverageChecker(); + coverageChecker.setSignBody(true); + coverageChecker.setSignTimestamp(true); + bus.getInInterceptors().add(coverageChecker); + BusFactory.setDefaultBus(bus); new Server();