cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r1401805 - in /cxf/branches/2.6.x-fixes: rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/ systests/ws-security/src/test/resources/org/apache...
Date Wed, 24 Oct 2012 18:17:10 GMT
Author: dkulp
Date: Wed Oct 24 18:17:09 2012
New Revision: 1401805

URL: http://svn.apache.org/viewvc?rev=1401805&view=rev
Log:
Merged revisions 1401791 via  git cherry-pick from
https://svn.apache.org/repos/asf/cxf/trunk

........
  r1401791 | dkulp | 2012-10-24 13:32:25 -0400 (Wed, 24 Oct 2012) | 3 lines

  [CXF-4595] RequireClientCertificate is not validated
  Patch from Jason Pell applied

........

Modified:
    cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java
    cxf/branches/2.6.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/PolicyAlternativeTest.java
    cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/DoubleItPolicy.wsdl
    cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/client/client.xml
    cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/server/server.xml

Modified: cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java?rev=1401805&r1=1401804&r2=1401805&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java
Wed Oct 24 18:17:09 2012
@@ -68,7 +68,6 @@ public class TransportBindingPolicyValid
             // HttpsToken is validated by the HttpsTokenInterceptorProvider
             if (binding.getTransportToken() != null) {
                 assertPolicy(aim, binding.getTransportToken());
-                assertPolicy(aim, binding.getTransportToken().getToken());
             }
             
             // Check the AlgorithmSuite

Modified: cxf/branches/2.6.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/PolicyAlternativeTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/PolicyAlternativeTest.java?rev=1401805&r1=1401804&r2=1401805&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/PolicyAlternativeTest.java
(original)
+++ cxf/branches/2.6.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/PolicyAlternativeTest.java
Wed Oct 24 18:17:09 2012
@@ -143,6 +143,38 @@ public class PolicyAlternativeTest exten
         ((java.io.Closeable)utPort).close();
         bus.shutdown(true);
     }
+
+    /**
+     * The client does not require a client cert so invocation should fail
+     * 
+     * @throws Exception
+     */
+    @org.junit.Test
+    public void testRequireClientCertToken() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = PolicyAlternativeTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = PolicyAlternativeTest.class.getResource("DoubleItPolicy.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItClientCertPort");
+        DoubleItPortType utPort = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(utPort, PORT2);
+        
+        try {
+            utPort.doubleIt(25);
+            fail("Failure expected because no client certificate");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            assertTrue(ex.getMessage().contains("HttpsToken"));
+        }
+        
+        ((java.io.Closeable)utPort).close();
+        bus.shutdown(true);
+    }
     
     /**
      * The client uses a Transport binding policy with a Endorsing Supporting X509 Token.
The client does

Modified: cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/DoubleItPolicy.wsdl
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/DoubleItPolicy.wsdl?rev=1401805&r1=1401804&r2=1401805&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/DoubleItPolicy.wsdl
(original)
+++ cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/DoubleItPolicy.wsdl
Wed Oct 24 18:17:09 2012
@@ -54,6 +54,9 @@
         <wsdl:port name="DoubleItUsernameTokenPort" binding="tns:DoubleItInlinePolicyBinding">
             <soap:address location="http://localhost:9010/DoubleItUsernameToken" />
         </wsdl:port>
+        <wsdl:port name="DoubleItClientCertPort" binding="tns:DoubleItInlinePolicyBinding">
+            <soap:address location="https://localhost:9011/DoubleItClientCert" />
+        </wsdl:port>
         <wsdl:port name="DoubleItNoSecurityPort" binding="tns:DoubleItInlinePolicyBinding">
             <soap:address location="http://localhost:9010/DoubleItNoSecurity" />
         </wsdl:port>

Modified: cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/client/client.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/client/client.xml?rev=1401805&r1=1401804&r2=1401805&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/client/client.xml
(original)
+++ cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/client/client.xml
Wed Oct 24 18:17:09 2012
@@ -98,6 +98,22 @@
         </jaxws:features>
     </jaxws:client>
     
+    <jaxws:client
+        name="{http://www.example.org/contract/DoubleIt}DoubleItClientCertPort" createdFromAPI="true">
+        
+                <jaxws:properties>
+            <entry key="ws-security.username" value="Alice" />
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+        </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" URI="#UsernameToken"
/>
+            </p:policies>
+        </jaxws:features>
+        
+    </jaxws:client>
+    
     <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSupportingSignedPort"

                   createdFromAPI="true">
        <jaxws:properties>

Modified: cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/server/server.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/server/server.xml?rev=1401805&r1=1401804&r2=1401805&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/server/server.xml
(original)
+++ cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/server/server.xml
Wed Oct 24 18:17:09 2012
@@ -134,6 +134,26 @@
 
     </jaxws:endpoint>
     
+    <jaxws:endpoint id="ClientCertTokenEndpoint"
+		address="https://localhost:${testutil.ports.Server.2}/DoubleItClientCert"
+		serviceName="s:DoubleItService" endpointName="s:DoubleItClientCertPort"
+		xmlns:s="http://www.example.org/contract/DoubleIt" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl"
+		wsdlLocation="org/apache/cxf/systest/ws/policy/DoubleItPolicy.wsdl">
+
+		<jaxws:properties>
+			<entry key="ws-security.callback-handler"
+				value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+		</jaxws:properties>
+		
+		<jaxws:features>
+			<p:policies>
+				<wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy"
+					URI="#RequireClientCertificatePolicy" />
+			</p:policies>
+		</jaxws:features>
+
+	</jaxws:endpoint>
+    
     <jaxws:endpoint 
        id="TransportSupportingSigned"
        address="https://localhost:${testutil.ports.Server.2}/DoubleItTransportSupportingSigned"

@@ -305,6 +325,38 @@
         </wsp:ExactlyOne>
     </wsp:Policy>
 	
+	<wsp:Policy wsu:Id="RequireClientCertificatePolicy"
+		xmlns:wsp="http://www.w3.org/ns/ws-policy"
+		xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+		xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+		<wsp:ExactlyOne>
+			<wsp:All>
+				<sp:TransportBinding>
+					<wsp:Policy>
+						<sp:TransportToken>
+							<wsp:Policy>
+								<sp:HttpsToken RequireClientCertificate="true" />
+							</wsp:Policy>
+						</sp:TransportToken>
+						<sp:AlgorithmSuite>
+							<wsp:Policy>
+								<sp:Basic256 />
+							</wsp:Policy>
+						</sp:AlgorithmSuite>
+					</wsp:Policy>
+				</sp:TransportBinding>
 
+				<sp:SupportingTokens>
+					<wsp:Policy>
+						<sp:UsernameToken>
+							<wsp:Policy>
+								<sp:WssUsernameToken11 />
+							</wsp:Policy>
+						</sp:UsernameToken>
+					</wsp:Policy>
+				</sp:SupportingTokens>
+			</wsp:All>
+		</wsp:ExactlyOne>
+	</wsp:Policy>
     
 </beans>



Mime
View raw message