cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1478740 - in /cxf/branches/wss4j2.0-port: rt/ws/security/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/ rt/ws/security/src/main/java/org/apache/cxf/ws/...
Date Fri, 03 May 2013 11:56:32 GMT
Author: coheigea
Date: Fri May  3 11:56:31 2013
New Revision: 1478740

URL: http://svn.apache.org/r1478740
Log:
Added a StAX WS-SecurityPolicy InInterceptor

Added:
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
    cxf/branches/wss4j2.0-port/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/DOMToStaxUsernameTokenTest.java
    cxf/branches/wss4j2.0-port/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/server/StaxServer.java
    cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server/stax-server.xml
Modified:
    cxf/branches/wss4j2.0-port/rt/ws/security/pom.xml
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityInterceptorProvider.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/pom.xml
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/pom.xml?rev=1478740&r1=1478739&r2=1478740&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/pom.xml (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/pom.xml Fri May  3 11:56:31 2013
@@ -111,6 +111,11 @@
             <artifactId>wss4j-ws-security-stax</artifactId>
             <version>${cxf.wss4j.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.apache.wss4j</groupId>
+            <artifactId>wss4j-ws-security-policy-stax</artifactId>
+            <version>${cxf.wss4j.version}</version>
+        </dependency>
 
         <dependency>
             <groupId>org.bouncycastle</groupId>

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=1478740&r1=1478739&r2=1478740&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java Fri May  3 11:56:31 2013
@@ -182,6 +182,13 @@ public final class SecurityConstants {
     public static final String VALIDATE_SAML_SUBJECT_CONFIRMATION = 
         "ws-security.validate.saml.subject.conf";
     
+    /**
+     * Whether to enable streaming WS-Security. If set to false (the default), the old DOM
+     * implementation is used. If set to true, the new streaming (StAX) implementation is used.
+     */
+    public static final String ENABLE_STREAMING_SECURITY = 
+        "ws-security.enable.streaming";
+    
     //
     // Non-boolean WS-Security Configuration parameters
     //

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityInterceptorProvider.java?rev=1478740&r1=1478739&r2=1478740&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityInterceptorProvider.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityInterceptorProvider.java Fri May  3 11:56:31 2013
@@ -27,6 +27,7 @@ import javax.xml.namespace.QName;
 import org.apache.cxf.ws.policy.AbstractPolicyInterceptorProvider;
 import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor;
 import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor;
+import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JStaxInInterceptor;
 import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
 
@@ -54,5 +55,8 @@ public class WSSecurityInterceptorProvid
         this.getOutFaultInterceptors().add(PolicyBasedWSS4JOutInterceptor.INSTANCE);
         this.getInInterceptors().add(PolicyBasedWSS4JInInterceptor.INSTANCE);
         this.getInFaultInterceptors().add(PolicyBasedWSS4JInInterceptor.INSTANCE);
+        
+        this.getInInterceptors().add(PolicyBasedWSS4JStaxInInterceptor.INSTANCE);
+        this.getInFaultInterceptors().add(PolicyBasedWSS4JStaxInInterceptor.INSTANCE);
     }
 }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=1478740&r1=1478739&r2=1478740&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java Fri May  3 11:56:31 2013
@@ -53,6 +53,7 @@ import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.helpers.MapNamespaceContext;
 import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.resource.ResourceManager;
 import org.apache.cxf.service.model.EndpointInfo;
 import org.apache.cxf.ws.policy.AssertionInfo;
@@ -118,7 +119,9 @@ public class PolicyBasedWSS4JInIntercept
     
     public void handleMessage(SoapMessage msg) throws Fault {
         AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
-        if (aim != null) {
+        boolean enableStax = 
+            MessageUtils.isTrue(msg.getContextualProperty(SecurityConstants.ENABLE_STREAMING_SECURITY));
+        if (aim != null && !enableStax) {
             super.handleMessage(msg);
         }
     }

Added: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java?rev=1478740&view=auto
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java (added)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java Fri May  3 11:56:31 2013
@@ -0,0 +1,377 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.wss4j;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Properties;
+import java.util.logging.Logger;
+
+import javax.xml.namespace.QName;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.common.classloader.ClassLoaderUtils;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.endpoint.Endpoint;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.MessageUtils;
+import org.apache.cxf.resource.ResourceManager;
+import org.apache.cxf.service.model.EndpointInfo;
+import org.apache.cxf.ws.policy.AssertionInfo;
+import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.dom.handler.WSHandlerConstants;
+import org.apache.wss4j.policy.SP11Constants;
+import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SPConstants;
+
+/**
+ * 
+ */
+public class PolicyBasedWSS4JStaxInInterceptor extends WSS4JStaxInInterceptor {
+    public static final PolicyBasedWSS4JStaxInInterceptor INSTANCE 
+        = new PolicyBasedWSS4JStaxInInterceptor();
+    private static final Logger LOG = LogUtils.getL7dLogger(PolicyBasedWSS4JStaxInInterceptor.class);
+
+    public PolicyBasedWSS4JStaxInInterceptor() {
+        super(new HashMap<String, Object>());
+    }
+    
+    public void handleMessage(SoapMessage msg) throws Fault {
+        AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
+        boolean enableStax = 
+            MessageUtils.isTrue(msg.getContextualProperty(SecurityConstants.ENABLE_STREAMING_SECURITY));
+        if (aim != null && enableStax) {
+            super.handleMessage(msg);
+        }
+    }
+    
+    private static Properties getProps(Object o, URL propsURL, SoapMessage message) {
+        Properties properties = null;
+        if (o instanceof Properties) {
+            properties = (Properties)o;
+        } else if (propsURL != null) {
+            try {
+                properties = new Properties();
+                InputStream ins = propsURL.openStream();
+                properties.load(ins);
+                ins.close();
+            } catch (IOException e) {
+                properties = null;
+            }
+        }
+        
+        return properties;
+    }
+    
+    private URL getPropertiesFileURL(Object o, SoapMessage message) {
+        if (o instanceof String) {
+            URL url = null;
+            ResourceManager rm = message.getExchange().get(Bus.class).getExtension(ResourceManager.class);
+            url = rm.resolveResource((String)o, URL.class);
+            try {
+                if (url == null) {
+                    url = ClassLoaderUtils.getResource((String)o, AbstractWSS4JInterceptor.class);
+                }
+                if (url == null) {
+                    url = new URL((String)o);
+                }
+                return url;
+            } catch (IOException e) {
+                // Do nothing
+            }
+        } else if (o instanceof URL) {
+            return (URL)o;        
+        }
+        return null;
+    }
+    
+    private Collection<AssertionInfo> getAllAssertionsByLocalname(
+        AssertionInfoMap aim,
+        String localname
+    ) {
+        Collection<AssertionInfo> sp11Ais = aim.get(new QName(SP11Constants.SP_NS, localname));
+        Collection<AssertionInfo> sp12Ais = aim.get(new QName(SP12Constants.SP_NS, localname));
+        
+        if ((sp11Ais != null && !sp11Ais.isEmpty()) || (sp12Ais != null && !sp12Ais.isEmpty())) {
+            Collection<AssertionInfo> ais = new HashSet<AssertionInfo>();
+            if (sp11Ais != null) {
+                ais.addAll(sp11Ais);
+            }
+            if (sp12Ais != null) {
+                ais.addAll(sp12Ais);
+            }
+            return ais;
+        }
+            
+        return Collections.emptySet();
+    }
+
+    private void checkAsymmetricBinding(
+        AssertionInfoMap aim, SoapMessage message
+    ) throws WSSecurityException {
+        Collection<AssertionInfo> ais = 
+            getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
+        if (ais.isEmpty()) {
+            return;
+        }
+        
+        Object s = message.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
+        if (s == null) {
+            s = message.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
+        }
+        Object e = message.getContextualProperty(SecurityConstants.ENCRYPT_CRYPTO);
+        if (e == null) {
+            e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
+        }
+        
+        Crypto encrCrypto = getEncryptionCrypto(e, message);
+        Crypto signCrypto = null;
+        if (e != null && e.equals(s)) {
+            signCrypto = encrCrypto;
+        } else {
+            signCrypto = getSignatureCrypto(s, message);
+        }
+        
+        if (signCrypto != null) {
+            message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
+            message.put("RefId-" + signCrypto.hashCode(), signCrypto);
+        }
+        
+        if (encrCrypto != null) {
+            message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + encrCrypto.hashCode());
+            message.put("RefId-" + encrCrypto.hashCode(), (Crypto)encrCrypto);
+        } else if (signCrypto != null) {
+            message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
+            message.put("RefId-" + signCrypto.hashCode(), (Crypto)signCrypto);
+        }
+    }
+    
+    private void checkTransportBinding(
+        AssertionInfoMap aim, SoapMessage message
+    ) throws WSSecurityException {
+        Collection<AssertionInfo> ais = 
+            getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
+        if (ais.isEmpty()) {
+            return;
+        }
+        
+        Object s = message.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
+        if (s == null) {
+            s = message.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
+        }
+        Object e = message.getContextualProperty(SecurityConstants.ENCRYPT_CRYPTO);
+        if (e == null) {
+            e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
+        }
+        
+        Crypto encrCrypto = getEncryptionCrypto(e, message);
+        Crypto signCrypto = null;
+        if (e != null && e.equals(s)) {
+            signCrypto = encrCrypto;
+        } else {
+            signCrypto = getSignatureCrypto(s, message);
+        }
+        
+        if (signCrypto != null) {
+            message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
+            message.put("RefId-" + signCrypto.hashCode(), signCrypto);
+        }
+        
+        if (encrCrypto != null) {
+            message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + encrCrypto.hashCode());
+            message.put("RefId-" + encrCrypto.hashCode(), (Crypto)encrCrypto);
+        } else if (signCrypto != null) {
+            message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
+            message.put("RefId-" + signCrypto.hashCode(), (Crypto)signCrypto);
+        }
+    }
+    
+    private void checkSymmetricBinding(
+        AssertionInfoMap aim, SoapMessage message
+    ) throws WSSecurityException {
+        Collection<AssertionInfo> ais = 
+            getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
+        if (ais.isEmpty()) {
+            return;
+        }
+        
+        Object s = message.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
+        if (s == null) {
+            s = message.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
+        }
+        Object e = message.getContextualProperty(SecurityConstants.ENCRYPT_CRYPTO);
+        if (e == null) {
+            e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
+        }
+        
+        Crypto encrCrypto = getEncryptionCrypto(e, message);
+        Crypto signCrypto = null;
+        if (e != null && e.equals(s)) {
+            signCrypto = encrCrypto;
+        } else {
+            signCrypto = getSignatureCrypto(s, message);
+        }
+        
+        if (isRequestor(message)) {
+            Crypto crypto = encrCrypto;
+            if (crypto == null) {
+                crypto = signCrypto;
+            }
+            if (crypto != null) {
+                message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + crypto.hashCode());
+                message.put("RefId-" + crypto.hashCode(), crypto);
+            }
+            
+            crypto = signCrypto;
+            if (crypto == null) {
+                crypto = encrCrypto;
+            }
+            if (crypto != null) {
+                message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + crypto.hashCode());
+                message.put("RefId-" + crypto.hashCode(), crypto);
+            }
+        } else {
+            Crypto crypto = signCrypto;
+            if (crypto == null) {
+                crypto = encrCrypto;
+            }
+            if (crypto != null) {
+                message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + crypto.hashCode());
+                message.put("RefId-" + crypto.hashCode(), crypto);
+            }
+            
+            crypto = encrCrypto;
+            if (crypto == null) {
+                crypto = signCrypto;
+            }
+            if (crypto != null) {
+                message.put(WSHandlerConstants.DEC_PROP_REF_ID, "RefId-" + crypto.hashCode());
+                message.put("RefId-" + crypto.hashCode(), crypto);
+            }
+        }
+    }
+    
+    private Crypto getEncryptionCrypto(Object e, SoapMessage message) throws WSSecurityException {
+        Crypto encrCrypto = null;
+        if (e instanceof Crypto) {
+            encrCrypto = (Crypto)e;
+        } else if (e != null) {
+            URL propsURL = getPropertiesFileURL(e, message);
+            Properties props = getProps(e, propsURL, message);
+            if (props == null) {
+                LOG.fine("Cannot find Crypto Encryption properties: " + e);
+                Exception ex = new Exception("Cannot find Crypto Encryption properties: " + e);
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
+            }
+            
+            encrCrypto = CryptoFactory.getInstance(props);
+
+            EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
+            synchronized (info) {
+                info.setProperty(SecurityConstants.ENCRYPT_CRYPTO, encrCrypto);
+            }
+        }
+        return encrCrypto;
+    }
+    
+    private Crypto getSignatureCrypto(Object s, SoapMessage message) throws WSSecurityException {
+        Crypto signCrypto = null;
+        if (s instanceof Crypto) {
+            signCrypto = (Crypto)s;
+        } else if (s != null) {
+            URL propsURL = getPropertiesFileURL(s, message);
+            Properties props = getProps(s, propsURL, message);
+            if (props == null) {
+                LOG.fine("Cannot find Crypto Signature properties: " + s);
+                Exception ex = new Exception("Cannot find Crypto Signature properties: " + s);
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
+            }
+            
+            signCrypto = CryptoFactory.getInstance(props);
+
+            EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
+            synchronized (info) {
+                info.setProperty(SecurityConstants.SIGNATURE_CRYPTO, signCrypto);
+            }
+        }
+        return signCrypto;
+    }
+    
+    @Override
+    protected void configureProperties(SoapMessage msg) throws WSSecurityException {
+        super.configureProperties(msg);
+        
+        AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
+        checkAsymmetricBinding(aim, msg);
+        checkSymmetricBinding(aim, msg);
+        checkTransportBinding(aim, msg);
+    }
+    
+/*
+    protected void computeAction(SoapMessage message, RequestData data) throws WSSecurityException {
+        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+        if (aim != null) {
+            // stuff we can default to asserted and un-assert if a condition isn't met
+            assertPolicy(aim, SPConstants.KEY_VALUE_TOKEN);
+            assertPolicy(aim, SPConstants.RSA_KEY_VALUE);
+            assertPolicy(aim, SPConstants.REQUIRE_ISSUER_SERIAL_REFERENCE);
+            assertPolicy(aim, SPConstants.REQUIRE_THUMBPRINT_REFERENCE);
+            assertPolicy(aim, SPConstants.REQUIRE_KEY_IDENTIFIER_REFERENCE);
+            assertPolicy(aim, SPConstants.REQUIRE_EMBEDDED_TOKEN_REFERENCE);
+            assertPolicy(aim, SPConstants.REQUIRE_INTERNAL_REFERENCE);
+            
+            // WSS10
+            assertPolicy(aim, SPConstants.WSS10);
+            assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_KEY_IDENTIFIER);
+            assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_ISSUER_SERIAL);
+            assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_EXTERNAL_URI);
+            assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_EMBEDDED_TOKEN);
+            
+            // Trust 1.0
+            assertPolicy(aim, SPConstants.TRUST_10);
+            assertPolicy(aim, SPConstants.MUST_SUPPORT_CLIENT_CHALLENGE);
+            assertPolicy(aim, SPConstants.MUST_SUPPORT_SERVER_CHALLENGE);
+            assertPolicy(aim, SPConstants.REQUIRE_CLIENT_ENTROPY);
+            assertPolicy(aim, SPConstants.REQUIRE_SERVER_ENTROPY);
+            assertPolicy(aim, SPConstants.MUST_SUPPORT_ISSUED_TOKENS);
+            
+            // Trust 1.3
+            assertPolicy(aim, SPConstants.TRUST_13);
+            assertPolicy(aim, SP12Constants.REQUIRE_REQUEST_SECURITY_TOKEN_COLLECTION);
+            assertPolicy(aim, SP12Constants.REQUIRE_APPLIES_TO);
+            assertPolicy(aim, SP13Constants.SCOPE_POLICY_15);
+            assertPolicy(aim, SP13Constants.MUST_SUPPORT_INTERACTIVE_CHALLENGE);
+            
+            message.put(WSHandlerConstants.ACTION, action.trim());
+        }
+    }
+    */
+
+}

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1478740&r1=1478739&r2=1478740&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Fri May  3 11:56:31 2013
@@ -22,7 +22,6 @@ import java.io.IOException;
 import java.security.Principal;
 import java.security.cert.Certificate;
 import java.util.ArrayList;
-import java.util.Collection;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
@@ -64,7 +63,6 @@ import org.apache.cxf.interceptor.securi
 import org.apache.cxf.interceptor.security.SAMLSecurityContext;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.phase.Phase;
-import org.apache.cxf.phase.PhaseInterceptor;
 import org.apache.cxf.security.SecurityContext;
 import org.apache.cxf.security.transport.TLSSessionInfo;
 import org.apache.cxf.staxutils.StaxUtils;
@@ -148,16 +146,6 @@ public class WSS4JInInterceptor extends 
             secEngineOverride = createSecurityEngine(validatorMap);
         }
     }
-
-    @Override
-    public Collection<PhaseInterceptor<? extends org.apache.cxf.message.Message>>
-    getAdditionalInterceptors() {
-        List<PhaseInterceptor<? extends org.apache.cxf.message.Message>> extras 
-            = new ArrayList<PhaseInterceptor<? extends org.apache.cxf.message.Message>>(1);
-        extras.add(SAAJInInterceptor.SAAJPreInInterceptor.INSTANCE);
-        return extras;
-    }
-
     
     public void setIgnoreActions(boolean i) {
         ignoreActions = i;

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java?rev=1478740&r1=1478739&r2=1478740&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java Fri May  3 11:56:31 2013
@@ -56,14 +56,14 @@ public class WSS4JStaxInInterceptor exte
     
     private List<String> actions;
     
-    public WSS4JStaxInInterceptor(WSSSecurityProperties securityProperties) throws WSSecurityException {
+    public WSS4JStaxInInterceptor(WSSSecurityProperties securityProperties) {
         super();
         setPhase(Phase.POST_STREAM);
         getAfter().add(StaxInInterceptor.class.getName());
         setSecurityProperties(securityProperties);
     }
     
-    public WSS4JStaxInInterceptor(Map<String, Object> props) throws WSSecurityException {
+    public WSS4JStaxInInterceptor(Map<String, Object> props) {
         super(props);
         setPhase(Phase.POST_STREAM);
         getAfter().add(StaxInInterceptor.class.getName());
@@ -97,15 +97,6 @@ public class WSS4JStaxInInterceptor exte
         XMLStreamReader originalXmlStreamReader = soapMessage.getContent(XMLStreamReader.class);
         XMLStreamReader newXmlStreamReader;
 
-        final List<SecurityEvent> incomingSecurityEventList = new LinkedList<SecurityEvent>();
-        SecurityEventListener securityEventListener = new SecurityEventListener() {
-            @Override
-            public void registerSecurityEvent(SecurityEvent securityEvent) throws WSSecurityException {
-                incomingSecurityEventList.add(securityEvent);
-            }
-        };
-        soapMessage.getExchange().put(SecurityEvent.class.getName() + ".in", incomingSecurityEventList);
-        soapMessage.put(SecurityEvent.class.getName() + ".in", incomingSecurityEventList);
         soapMessage.getInterceptorChain().add(new StaxSecurityContextInInterceptor());
         
         if (actions != null && !actions.isEmpty()) {
@@ -128,6 +119,9 @@ public class WSS4JStaxInInterceptor exte
                 inboundWSSec = WSSec.getInboundWSSec(getProperties());
             }
             
+            SecurityEventListener securityEventListener = 
+                configureSecurityEventListener(soapMessage, inboundWSSec);
+            
             newXmlStreamReader = 
                 inboundWSSec.processInMessage(originalXmlStreamReader, requestSecurityEvents, securityEventListener);
             soapMessage.setContent(XMLStreamReader.class, newXmlStreamReader);
@@ -145,7 +139,21 @@ public class WSS4JStaxInInterceptor exte
         }
     }
     
-    private void configureProperties(SoapMessage msg) throws WSSecurityException {
+    protected SecurityEventListener configureSecurityEventListener(SoapMessage msg, InboundWSSec inboundWSSec) {
+        final List<SecurityEvent> incomingSecurityEventList = new LinkedList<SecurityEvent>();
+        SecurityEventListener securityEventListener = new SecurityEventListener() {
+            @Override
+            public void registerSecurityEvent(SecurityEvent securityEvent) throws WSSecurityException {
+                incomingSecurityEventList.add(securityEvent);
+            }
+        };
+        msg.getExchange().put(SecurityEvent.class.getName() + ".in", incomingSecurityEventList);
+        msg.put(SecurityEvent.class.getName() + ".in", incomingSecurityEventList);
+        
+        return securityEventListener;
+    }
+    
+    protected void configureProperties(SoapMessage msg) throws WSSecurityException {
         WSSSecurityProperties securityProperties = getSecurityProperties();
         Map<String, Object> config = getProperties();
         

Added: cxf/branches/wss4j2.0-port/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/DOMToStaxUsernameTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/DOMToStaxUsernameTokenTest.java?rev=1478740&view=auto
==============================================================================
--- cxf/branches/wss4j2.0-port/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/DOMToStaxUsernameTokenTest.java (added)
+++ cxf/branches/wss4j2.0-port/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/DOMToStaxUsernameTokenTest.java Fri May  3 11:56:31 2013
@@ -0,0 +1,363 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.ws.ut;
+
+import java.net.URL;
+
+import javax.xml.namespace.QName;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.Service;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.endpoint.Client;
+import org.apache.cxf.frontend.ClientProxy;
+import org.apache.cxf.systest.ws.common.SecurityTestUtil;
+import org.apache.cxf.systest.ws.ut.server.StaxServer;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.example.contract.doubleit.DoubleItPortType;
+import org.junit.BeforeClass;
+
+/**
+ * A set of tests for Username Tokens over the Transport Binding. The client is using
+ * DOM and the service is using StAX.
+ */
+@org.junit.Ignore
+public class DOMToStaxUsernameTokenTest extends AbstractBusClientServerTestBase {
+    static final String PORT = allocatePort(StaxServer.class);
+    
+    private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
+    private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
+
+    @BeforeClass
+    public static void startServers() throws Exception {
+        assertTrue(
+            "Server failed to launch",
+            // run the server in the same process
+            // set this to false to fork
+            launchServer(StaxServer.class, true)
+        );
+    }
+    
+    @org.junit.AfterClass
+    public static void cleanup() throws Exception {
+        SecurityTestUtil.cleanup();
+        stopAllServers();
+    }
+
+    @org.junit.Test
+    public void testPlaintext() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = DOMToStaxUsernameTokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = DOMToStaxUsernameTokenTest.class.getResource("DoubleItUt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItPlaintextPort");
+        DoubleItPortType utPort = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(utPort, PORT);
+        
+        utPort.doubleIt(25);
+        
+        ((java.io.Closeable)utPort).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
+    public void testPlaintextCreated() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = DOMToStaxUsernameTokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = DOMToStaxUsernameTokenTest.class.getResource("DoubleItUt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItPlaintextCreatedPort");
+        DoubleItPortType utPort = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(utPort, PORT);
+        
+        utPort.doubleIt(25);
+        
+        ((java.io.Closeable)utPort).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
+    public void testPasswordHashed() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = DOMToStaxUsernameTokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = DOMToStaxUsernameTokenTest.class.getResource("DoubleItUt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItHashedPort");
+        DoubleItPortType utPort = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(utPort, PORT);
+        
+        utPort.doubleIt(25);
+        
+        ((java.io.Closeable)utPort).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
+    public void testNoPassword() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = DOMToStaxUsernameTokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = DOMToStaxUsernameTokenTest.class.getResource("DoubleItUt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItNoPasswordPort");
+        DoubleItPortType utPort = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(utPort, PORT);
+        
+        utPort.doubleIt(25);
+        
+        ((java.io.Closeable)utPort).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
+    public void testSignedEndorsing() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = DOMToStaxUsernameTokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = DOMToStaxUsernameTokenTest.class.getResource("DoubleItUt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSignedEndorsingPort");
+        DoubleItPortType utPort = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(utPort, PORT);
+        utPort.doubleIt(25);
+        
+        ((java.io.Closeable)utPort).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
+    public void testSignedEncrypted() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = DOMToStaxUsernameTokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = DOMToStaxUsernameTokenTest.class.getResource("DoubleItUt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSignedEncryptedPort");
+        DoubleItPortType utPort = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(utPort, PORT);
+        utPort.doubleIt(25);
+        
+        ((java.io.Closeable)utPort).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
+    public void testEncrypted() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = DOMToStaxUsernameTokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = DOMToStaxUsernameTokenTest.class.getResource("DoubleItUt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItEncryptedPort");
+        DoubleItPortType utPort = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(utPort, PORT);
+        utPort.doubleIt(25);
+        
+        ((java.io.Closeable)utPort).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
+    public void testNoUsernameToken() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = DOMToStaxUsernameTokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = DOMToStaxUsernameTokenTest.class.getResource("DoubleItUt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItInlinePolicyPort");
+        DoubleItPortType utPort = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(utPort, PORT);
+        
+        try {
+            utPort.doubleIt(25);
+            fail("Failure expected on no UsernameToken");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            String error = "The received token does not match the token inclusion requirement";
+            assertTrue(ex.getMessage().contains(error));
+        }
+        
+        ((java.io.Closeable)utPort).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
+    public void testPasswordHashedReplay() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = DOMToStaxUsernameTokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = DOMToStaxUsernameTokenTest.class.getResource("DoubleItUt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        
+        QName portQName = new QName(NAMESPACE, "DoubleItHashedPort");
+        DoubleItPortType utPort = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(utPort, PORT);
+        
+        Client cxfClient = ClientProxy.getClient(utPort);
+        SecurityHeaderCacheInterceptor cacheInterceptor =
+            new SecurityHeaderCacheInterceptor();
+        cxfClient.getOutInterceptors().add(cacheInterceptor);
+        
+        // Make two invocations with the same UsernameToken
+        utPort.doubleIt(25);
+        try {
+            utPort.doubleIt(25);
+            fail("Failure expected on a replayed UsernameToken");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            String error = "A replay attack has been detected";
+            assertTrue(ex.getMessage().contains(error));
+        }
+        
+        ((java.io.Closeable)utPort).close();
+        bus.shutdown(true);
+    }
+    
+    // In this test, the service is using the UsernameTokenInterceptor, but the
+    // client is using the WSS4JOutInterceptor
+    @org.junit.Test
+    public void testPasswordHashedNoBindingReplay() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = DOMToStaxUsernameTokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = DOMToStaxUsernameTokenTest.class.getResource("DoubleItUt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        
+        QName portQName = new QName(NAMESPACE, "DoubleItDigestNoBindingPort");
+        DoubleItPortType utPort = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(utPort, PORT);
+        
+        Client cxfClient = ClientProxy.getClient(utPort);
+        SecurityHeaderCacheInterceptor cacheInterceptor =
+            new SecurityHeaderCacheInterceptor();
+        cxfClient.getOutInterceptors().add(cacheInterceptor);
+        
+        // Make two invocations with the same UsernameToken
+        utPort.doubleIt(25);
+        try {
+            utPort.doubleIt(25);
+            fail("Failure expected on a replayed UsernameToken");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            String error = "A replay attack has been detected";
+            assertTrue(ex.getMessage().contains(error));
+        }
+        
+        ((java.io.Closeable)utPort).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
+    public void testPlaintextPrincipal() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = DOMToStaxUsernameTokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = DOMToStaxUsernameTokenTest.class.getResource("DoubleItUt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItPlaintextPrincipalPort");
+        DoubleItPortType utPort = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(utPort, PORT);
+        
+        ((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME, "Alice");
+        
+        utPort.doubleIt(25);
+        
+        try {
+            ((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME, "Frank");
+            utPort.doubleIt(30);
+            fail("Failure expected on a user with the wrong role");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            String error = "Unauthorized";
+            assertTrue(ex.getMessage().contains(error));
+        }
+        
+        ((java.io.Closeable)utPort).close();
+        bus.shutdown(true);
+    }
+    
+}

Added: cxf/branches/wss4j2.0-port/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/server/StaxServer.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/server/StaxServer.java?rev=1478740&view=auto
==============================================================================
--- cxf/branches/wss4j2.0-port/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/server/StaxServer.java (added)
+++ cxf/branches/wss4j2.0-port/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/server/StaxServer.java Fri May  3 11:56:31 2013
@@ -0,0 +1,47 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.ws.ut.server;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class StaxServer extends AbstractBusTestServerBase {
+
+    public StaxServer() {
+
+    }
+
+    protected void run()  {
+        URL busFile = StaxServer.class.getResource("stax-server.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new StaxServer();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}

Added: cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server/stax-server.xml
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server/stax-server.xml?rev=1478740&view=auto
==============================================================================
--- cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server/stax-server.xml (added)
+++ cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server/stax-server.xml Fri May  3 11:56:31 2013
@@ -0,0 +1,335 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:jaxws="http://cxf.apache.org/jaxws"
+    xmlns:http="http://cxf.apache.org/transports/http/configuration"
+    xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+    xmlns:sec="http://cxf.apache.org/configuration/security"
+    xmlns:cxf="http://cxf.apache.org/core"
+    xmlns:p="http://cxf.apache.org/policy"
+    xsi:schemaLocation="
+        http://www.springframework.org/schema/beans                     http://www.springframework.org/schema/beans/spring-beans.xsd
+        http://cxf.apache.org/jaxws                                     http://cxf.apache.org/schemas/jaxws.xsd
+        http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+        http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd
+        http://cxf.apache.org/transports/http/configuration             http://cxf.apache.org/schemas/configuration/http-conf.xsd
+        http://cxf.apache.org/transports/http-jetty/configuration       http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+        http://cxf.apache.org/configuration/security                    http://cxf.apache.org/schemas/configuration/security.xsd
+    ">
+    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+    
+    <cxf:bus>
+        <cxf:features>
+            <p:policies/>
+            <cxf:logging/>
+        </cxf:features>
+    </cxf:bus>
+
+    <!-- -->
+    <!-- Any services listening on port 9009 must use the following -->
+    <!-- Transport Layer Security (TLS) settings -->
+    <!-- -->
+    <httpj:engine-factory id="tls-settings">
+        <httpj:engine port="${testutil.ports.StaxServer}">
+            <httpj:tlsServerParameters>
+                <sec:keyManagers keyPassword="password">
+                    <sec:keyStore type="jks" password="password" resource="org/apache/cxf/systest/ws/security/Bethal.jks"/>
+                </sec:keyManagers>
+                <sec:trustManagers>
+                    <sec:keyStore type="jks" password="password" resource="org/apache/cxf/systest/ws/security/Truststore.jks"/>
+                </sec:trustManagers> 
+                <sec:cipherSuitesFilter>
+                    <sec:include>.*_EXPORT_.*</sec:include>
+                    <sec:include>.*_EXPORT1024_.*</sec:include>
+                    <sec:include>.*_WITH_DES_.*</sec:include>
+                    <sec:include>.*_WITH_AES_.*</sec:include>
+                    <sec:include>.*_WITH_NULL_.*</sec:include>
+                    <sec:exclude>.*_DH_anon_.*</sec:exclude>
+                </sec:cipherSuitesFilter>
+                <sec:clientAuthentication want="true" required="false"/>
+            </httpj:tlsServerParameters>
+        </httpj:engine>
+    </httpj:engine-factory>
+    
+    <jaxws:endpoint 
+       id="Plaintext"
+       address="https://localhost:${testutil.ports.StaxServer}/DoubleItUTPlaintext" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItPlaintextPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUt.wsdl"
+       depends-on="tls-settings">
+        
+       <jaxws:properties>
+           <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback"/>
+           <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties>
+    </jaxws:endpoint> 
+    <!--
+    <jaxws:endpoint 
+       id="PlaintextCreated"
+       address="https://localhost:${testutil.ports.Server}/DoubleItUTPlaintextCreated" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItPlaintextCreatedPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUt.wsdl"
+       depends-on="tls-settings">
+        
+       <jaxws:properties>
+           <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint>
+    
+    <jaxws:endpoint 
+       id="Hashed"
+       address="https://localhost:${testutil.ports.Server}/DoubleItUTHashed" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItHashedPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUt.wsdl"
+       depends-on="tls-settings">
+        
+       <jaxws:properties>
+           <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
+       id="NoPassword"
+       address="https://localhost:${testutil.ports.Server}/DoubleItUTNoPassword" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItNoPasswordPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUt.wsdl"
+       depends-on="tls-settings">
+        
+       <jaxws:properties>
+           <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
+       id="SignedEndorsing"
+       address="https://localhost:${testutil.ports.Server}/DoubleItUTSignedEndorsing" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItSignedEndorsingPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUt.wsdl"
+       depends-on="tls-settings">
+        
+       <jaxws:properties>
+           <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback"/>
+           <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/server/bob.properties"/> 
+           <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
+       id="SignedEncrypted"
+       address="https://localhost:${testutil.ports.Server}/DoubleItUTSignedEncrypted" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItSignedEncryptedPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUt.wsdl"
+       depends-on="tls-settings">
+        
+       <jaxws:properties>
+           <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback"/>
+           <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/server/bob.properties"/> 
+           <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
+       id="Encrypted"
+       address="https://localhost:${testutil.ports.Server}/DoubleItUTEncrypted" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItEncryptedPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUt.wsdl"
+       depends-on="tls-settings">
+        
+       <jaxws:properties>
+           <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+     <jaxws:endpoint 
+       id="InlinePolicy"
+       address="https://localhost:${testutil.ports.Server}/DoubleItUTInlinePolicy" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItInlinePolicyPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUt.wsdl"
+       depends-on="tls-settings">
+        
+       <jaxws:properties>
+           <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback"/>
+       </jaxws:properties> 
+       <jaxws:features>
+         <p:policies>
+            <wsp:Policy xmlns:wsp="http://www.w3.org/ns/ws-policy">
+                <wsp:ExactlyOne>
+                    <wsp:All>
+                        <wsp:Policy wsu:Id="UsernameToken"
+                            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+                            xmlns:wsp="http://www.w3.org/ns/ws-policy"
+                            xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+                            <wsp:ExactlyOne>
+                                <wsp:All>
+                                    <sp:TransportBinding>
+                                       <wsp:Policy>
+                                          <sp:TransportToken>
+                                             <wsp:Policy>
+                                                <sp:HttpsToken>
+                                                    <wsp:Policy/>
+                                                </sp:HttpsToken>
+                                             </wsp:Policy>
+                                          </sp:TransportToken>
+                                          <sp:Layout>
+                                             <wsp:Policy>
+                                                <sp:Lax />
+                                             </wsp:Policy>
+                                           </sp:Layout>
+                                           <sp:IncludeTimestamp />
+                                           <sp:AlgorithmSuite>
+                                              <wsp:Policy>
+                                                 <sp:Basic128 />
+                                              </wsp:Policy>
+                                          </sp:AlgorithmSuite>
+                                        </wsp:Policy>
+                                    </sp:TransportBinding>
+                                    <sp:SupportingTokens>
+                                        <wsp:Policy>
+                                            <sp:UsernameToken
+                                                sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                                                <wsp:Policy/>
+                                            </sp:UsernameToken>
+                                        </wsp:Policy>
+                                    </sp:SupportingTokens>
+                                </wsp:All>
+                            </wsp:ExactlyOne>
+                        </wsp:Policy>
+                    </wsp:All>
+                </wsp:ExactlyOne>
+            </wsp:Policy>
+          </p:policies>
+        </jaxws:features>
+     
+    </jaxws:endpoint> 
+    
+     <jaxws:endpoint 
+       id="HashedNoBinding"
+       address="https://localhost:${testutil.ports.Server}/DoubleItUTDigestNoBinding" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItDigestNoBindingPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUt.wsdl"
+       depends-on="tls-settings">
+        
+       <jaxws:properties>
+           <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback"/>
+       </jaxws:properties> 
+       <jaxws:features>
+         <p:policies>
+            <wsp:Policy xmlns:wsp="http://www.w3.org/ns/ws-policy">
+                <wsp:ExactlyOne>
+                    <wsp:All>
+                        <wsp:Policy>
+                          <sp:SupportingTokens
+                            xmlns:wsp="http://www.w3.org/ns/ws-policy"
+                            xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+                            <wsp:Policy>
+                              <sp:UsernameToken
+                                sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                                <wsp:Policy>
+                                  <sp:HashPassword/>
+                                </wsp:Policy>
+                              </sp:UsernameToken>
+                            </wsp:Policy>
+                          </sp:SupportingTokens>
+                        </wsp:Policy>
+                    </wsp:All>
+                </wsp:ExactlyOne>
+            </wsp:Policy>
+          </p:policies>
+        </jaxws:features>
+     
+    </jaxws:endpoint> 
+    
+    <bean id="subjectValidator" class="org.apache.cxf.systest.ws.ut.server.CustomUTValidator" />
+    
+    <bean id="authzInterceptor" 
+         class="org.apache.cxf.interceptor.security.SimpleAuthorizingInterceptor">
+       <property name="methodRolesMap">
+           <map>
+               <entry key="doubleIt" value="manager"/>
+           </map>
+       </property> 
+    </bean>
+    
+    <jaxws:endpoint 
+       id="PlaintextPrincipal"
+       address="https://localhost:${testutil.ports.Server}/DoubleItUTPlaintextPrincipal" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItPlaintextPrincipalPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUt.wsdl"
+       depends-on="tls-settings">
+        
+       <jaxws:properties>
+           <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback"/>
+           <entry key="ws-security.ut.validator" value-ref="subjectValidator"/>
+       </jaxws:properties> 
+       <jaxws:inInterceptors>
+          <ref bean="authzInterceptor"/>
+       </jaxws:inInterceptors>
+    </jaxws:endpoint> 
+    -->
+</beans>



Mime
View raw message