cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1459237 - in /cxf/branches/2.7.x-fixes: rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ systests/ws-security/src/test/java/org/apache/cxf/syste...
Date Thu, 21 Mar 2013 11:39:36 GMT
Author: coheigea
Date: Thu Mar 21 11:39:36 2013
New Revision: 1459237

URL: http://svn.apache.org/r1459237
Log:
Merged revisions 1459228 via  git cherry-pick from
https://svn.apache.org/repos/asf/cxf/trunk

........
  r1459228 | coheigea | 2013-03-21 11:23:22 +0000 (Thu, 21 Mar 2013) | 2 lines

  Added a negative test for Signature Confirmation

........

Added:
    cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/sig-conf-policy.xml
Modified:
    cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
    cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/WSS11PolicyValidator.java
    cxf/branches/2.7.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/BindingPropertiesTest.java
    cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl
    cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/client/client.xml
    cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/server/server.xml

Modified: cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java?rev=1459237&r1=1459236&r2=1459237&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
Thu Mar 21 11:39:36 2013
@@ -142,6 +142,7 @@ public final class WSSecurityPolicyLoade
         List<QName> others = Arrays.asList(new QName[] {
             SP12Constants.INCLUDE_TIMESTAMP, SP11Constants.INCLUDE_TIMESTAMP,
             SP12Constants.ENCRYPT_SIGNATURE, SP11Constants.ENCRYPT_SIGNATURE,
+            SP12Constants.PROTECT_TOKENS, SP11Constants.PROTECT_TOKENS,
             SP12Constants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY, 
             SP11Constants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY,
             SP12Constants.WSS_X509_V1_TOKEN_10,

Modified: cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/WSS11PolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/WSS11PolicyValidator.java?rev=1459237&r1=1459236&r2=1459237&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/WSS11PolicyValidator.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/WSS11PolicyValidator.java
Thu Mar 21 11:39:36 2013
@@ -63,7 +63,8 @@ public class WSS11PolicyValidator implem
                 continue;
             }
             
-            if (wss11.isRequireSignatureConfirmation() && scResults.isEmpty()) {
+            if ((wss11.isRequireSignatureConfirmation() && scResults.isEmpty())
+                || (!wss11.isRequireSignatureConfirmation() && !scResults.isEmpty()))
{
                 ai.setNotAsserted(
                     "Signature Confirmation policy validation failed"
                 );

Modified: cxf/branches/2.7.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/BindingPropertiesTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/BindingPropertiesTest.java?rev=1459237&r1=1459236&r2=1459237&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/BindingPropertiesTest.java
(original)
+++ cxf/branches/2.7.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/BindingPropertiesTest.java
Thu Mar 21 11:39:36 2013
@@ -353,4 +353,41 @@ public class BindingPropertiesTest exten
         bus.shutdown(true);
     }
     
+    // Not strictly a BindingProperty but a property of WSS11...
+    @org.junit.Test
+    public void testSignatureConfirmation() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = BindingPropertiesTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = BindingPropertiesTest.class.getResource("DoubleItBindings.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+       
+        // This should work, as SignatureConfirmation is enabled
+        QName portQName = new QName(NAMESPACE, "DoubleItSignatureConfirmationPort");
+        DoubleItPortType port = service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(port, PORT);
+        port.doubleIt(25);
+        
+        // This should fail, as SignatureConfirmation is not enabled
+        portQName = new QName(NAMESPACE, "DoubleItSignatureConfirmationPort2");
+        port = service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(port, PORT);
+        
+        try {
+            port.doubleIt(25);
+            fail("Failure expected on not enabling SignatureConfirmation");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            String error = "Check Signature confirmation";
+            assertTrue(ex.getMessage().contains(error));
+        }
+        
+        ((java.io.Closeable)port).close();
+        bus.shutdown(true);
+    }
+    
 }

Modified: cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl?rev=1459237&r1=1459236&r2=1459237&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl
(original)
+++ cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl
Thu Mar 21 11:39:36 2013
@@ -116,6 +116,12 @@
         <wsdl:port name="DoubleItTokenProtectionPort2" binding="tns:DoubleItStandardBinding">
             <soap:address location="http://localhost:9010/DoubleItTokenProtection2" />
         </wsdl:port>
+        <wsdl:port name="DoubleItSignatureConfirmationPort" binding="tns:DoubleItStandardBinding">
+            <soap:address location="http://localhost:9010/DoubleItSignatureConfirmation"
/>
+        </wsdl:port>
+        <wsdl:port name="DoubleItSignatureConfirmationPort2" binding="tns:DoubleItStandardBinding">
+            <soap:address location="http://localhost:9010/DoubleItSignatureConfirmation2"
/>
+        </wsdl:port>
     </wsdl:service>
     
     <wsp:Policy wsu:Id="SignBodyChildPolicy">

Modified: cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/client/client.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/client/client.xml?rev=1459237&r1=1459236&r2=1459237&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/client/client.xml
(original)
+++ cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/client/client.xml
Thu Mar 21 11:39:36 2013
@@ -391,5 +391,49 @@
             </p:policies>
         </jaxws:features>
     </jaxws:client>
+    
+    <jaxws:client
+        name="{http://www.example.org/contract/DoubleIt}DoubleItSignatureConfirmationPort"
+        createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="ws-security.username" value="Alice" />
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+            <entry key="ws-security.encryption.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+            <entry key="ws-security.encryption.username" value="bob" />
+            <entry key="ws-security.signature.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/alice.properties" />
+            <entry key="ws-security.signature.username" value="alice" />
+        </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/bindings/sig-conf-policy.xml"
/>
+            </p:policies>
+        </jaxws:features>
+    </jaxws:client>
+    
+    <jaxws:client
+        name="{http://www.example.org/contract/DoubleIt}DoubleItSignatureConfirmationPort2"
+        createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="ws-security.username" value="Alice" />
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+            <entry key="ws-security.encryption.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+            <entry key="ws-security.encryption.username" value="bob" />
+            <entry key="ws-security.signature.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/alice.properties" />
+            <entry key="ws-security.signature.username" value="alice" />
+        </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/bindings/sig-conf-policy.xml"
/>
+            </p:policies>
+        </jaxws:features>
+    </jaxws:client>
 	
 </beans>

Modified: cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/server/server.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/server/server.xml?rev=1459237&r1=1459236&r2=1459237&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/server/server.xml
(original)
+++ cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/server/server.xml
Thu Mar 21 11:39:36 2013
@@ -412,6 +412,51 @@
 
     </jaxws:endpoint>
     
+    <jaxws:endpoint id="SignatureConfirmationEndpoint"
+        address="http://localhost:${testutil.ports.Server}/DoubleItSignatureConfirmation"
+        serviceName="s:DoubleItService" endpointName="s:DoubleItSignatureConfirmationPort"
+        xmlns:s="http://www.example.org/contract/DoubleIt" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+        wsdlLocation="org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl">
+
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+            <entry key="ws-security.signature.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+            <entry key="ws-security.encryption.username" value="useReqSigCert" />
+            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+        </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/bindings/sig-conf-policy.xml"
/>
+            </p:policies>
+        </jaxws:features>
+
+    </jaxws:endpoint>
+    
+    <jaxws:endpoint id="SignatureConfirmationEndpoint2"
+        address="http://localhost:${testutil.ports.Server}/DoubleItSignatureConfirmation2"
+        serviceName="s:DoubleItService" endpointName="s:DoubleItSignatureConfirmationPort2"
+        xmlns:s="http://www.example.org/contract/DoubleIt" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+        wsdlLocation="org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl">
+
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+            <entry key="ws-security.signature.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+            <entry key="ws-security.encryption.username" value="useReqSigCert" />
+            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+        </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/bindings/clean-policy.xml"
/>
+            </p:policies>
+        </jaxws:features>
+
+    </jaxws:endpoint>
     
     
 </beans>

Added: cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/sig-conf-policy.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/sig-conf-policy.xml?rev=1459237&view=auto
==============================================================================
--- cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/sig-conf-policy.xml
(added)
+++ cxf/branches/2.7.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/sig-conf-policy.xml
Thu Mar 21 11:39:36 2013
@@ -0,0 +1,50 @@
+<wsp:Policy wsu:Id="CleanPolicy"
+        xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+        xmlns:wsp="http://www.w3.org/ns/ws-policy">
+        <wsp:ExactlyOne>
+            <wsp:All>
+                <sp:AsymmetricBinding
+                    xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+                    <wsp:Policy>
+                        <sp:InitiatorToken>
+                            <wsp:Policy>
+                                <sp:X509Token
+                                    sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                                    <wsp:Policy>
+                                        <sp:WssX509V3Token10 />
+                                    </wsp:Policy>
+                                </sp:X509Token>
+                            </wsp:Policy>
+                        </sp:InitiatorToken>
+                        <sp:RecipientToken>
+                            <wsp:Policy>
+                                <sp:X509Token
+                                    sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+                                    <wsp:Policy>
+                                        <sp:WssX509V3Token10 />
+                                        <sp:RequireIssuerSerialReference />
+                                    </wsp:Policy>
+                                </sp:X509Token>
+                            </wsp:Policy>
+                        </sp:RecipientToken>
+                        <sp:Layout>
+                            <wsp:Policy>
+                                <sp:Lax />
+                            </wsp:Policy>
+                        </sp:Layout>
+                        <sp:AlgorithmSuite>
+                            <wsp:Policy>
+                                <sp:Basic128 />
+                            </wsp:Policy>
+                        </sp:AlgorithmSuite>
+                    </wsp:Policy>
+                </sp:AsymmetricBinding>
+                <sp:Wss11
+                    xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+                    <wsp:Policy>
+                        <sp:RequireSignatureConfirmation />
+                    </wsp:Policy>
+                </sp:Wss11>
+            </wsp:All>
+        </wsp:ExactlyOne>
+    </wsp:Policy>
\ No newline at end of file



Mime
View raw message