cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1486045 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/ systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/ syst...
Date Fri, 24 May 2013 13:15:54 GMT
Author: coheigea
Date: Fri May 24 13:15:54 2013
New Revision: 1486045

URL: http://svn.apache.org/r1486045
Log:
Added a load more streaming interop tests (for SAML) along with some bug fixes

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/SecurityTestUtil.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/StaxUsernameTokenTest.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java?rev=1486045&r1=1486044&r2=1486045&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java Fri May 24 13:15:54 2013
@@ -267,38 +267,37 @@ public class SamlTokenInterceptor extend
             MessageUtils.getContextualBoolean(
                 message, SecurityConstants.SELF_SIGN_SAML_ASSERTION, false
             );
-        if (selfSignAssertion) {
-            Crypto crypto = 
-                getCrypto(
-                    token, SecurityConstants.SIGNATURE_CRYPTO,
-                    SecurityConstants.SIGNATURE_PROPERTIES, message
-                );
-
-            String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
-            String user = (String)message.getContextualProperty(userNameKey);
-            if (crypto != null && StringUtils.isEmpty(user)) {
-                try {
-                    user = crypto.getDefaultX509Identifier();
-                } catch (WSSecurityException e1) {
-                    throw new Fault(e1);
-                }
-            }
-            if (StringUtils.isEmpty(user)) {
-                return null;
-            }
-
-            String password = (String)message.getContextualProperty(SecurityConstants.PASSWORD);
-            if (StringUtils.isEmpty(password)) {
-                password = getPassword(user, token, WSPasswordCallback.Usage.SIGNATURE, message);
+        if (selfSignAssertion || samlCallback.isSignAssertion()) {
+            String issuerName = samlCallback.getIssuerKeyName();
+            if (issuerName == null) {
+                String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
+                issuerName = (String)message.getContextualProperty(userNameKey);
             }
+            String password = samlCallback.getIssuerKeyPassword();
             if (password == null) {
-                password = "";
+                password = (String)message.getContextualProperty(SecurityConstants.PASSWORD);
+                if (StringUtils.isEmpty(password)) {
+                    password = 
+                        getPassword(issuerName, token, WSPasswordCallback.Usage.SIGNATURE, message);
+                }
             }
-
-            // TODO configure using a KeyValue here
-            assertion.signAssertion(user, password, crypto, false);
+            Crypto crypto = samlCallback.getIssuerCrypto();
+            if (crypto == null) {
+                crypto = 
+                    getCrypto(token, SecurityConstants.SIGNATURE_CRYPTO, 
+                              SecurityConstants.SIGNATURE_PROPERTIES, message);
+            }
+            
+            assertion.signAssertion(
+                    issuerName,
+                    password,
+                    crypto,
+                    samlCallback.isSendKeyValue(),
+                    samlCallback.getCanonicalizationAlgorithm(),
+                    samlCallback.getSignatureAlgorithm()
+            );
         }
-
+        
         return assertion;
     }
 

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1486045&r1=1486044&r2=1486045&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Fri May 24 13:15:54 2013
@@ -992,27 +992,29 @@ public abstract class AbstractBindingBui
             MessageUtils.getContextualBoolean(
                 message, SecurityConstants.SELF_SIGN_SAML_ASSERTION, false
             );
-        if (selfSignAssertion) {
-            Crypto crypto = getSignatureCrypto(null);
-            
-            String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
-            String user = (String)message.getContextualProperty(userNameKey);
-            if (crypto != null && StringUtils.isEmpty(user)) {
-                try {
-                    user = crypto.getDefaultX509Identifier();
-                } catch (WSSecurityException e1) {
-                    throw new Fault(e1);
-                }
+        if (selfSignAssertion || samlCallback.isSignAssertion()) {
+            String issuerName = samlCallback.getIssuerKeyName();
+            if (issuerName == null) {
+                String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
+                issuerName = (String)message.getContextualProperty(userNameKey);
+            }
+            String password = samlCallback.getIssuerKeyPassword();
+            if (password == null) {
+                password = getPassword(issuerName, token, WSPasswordCallback.Usage.SIGNATURE);
+            }
+            Crypto crypto = samlCallback.getIssuerCrypto();
+            if (crypto == null) {
+                crypto = getSignatureCrypto(null);
             }
-            if (StringUtils.isEmpty(user)) {
-                policyNotAsserted(token, "No username found.");
-                return null;
-            }
-    
-            String password = getPassword(user, token, WSPasswordCallback.Usage.SIGNATURE);
-         
-            // TODO configure using a KeyValue here
-            assertion.signAssertion(user, password, crypto, false);
+            
+            assertion.signAssertion(
+                    issuerName,
+                    password,
+                    crypto,
+                    samlCallback.isSendKeyValue(),
+                    samlCallback.getCanonicalizationAlgorithm(),
+                    samlCallback.getSignatureAlgorithm()
+            );
         }
         
         return assertion;

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java?rev=1486045&r1=1486044&r2=1486045&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java Fri May 24 13:15:54 2013
@@ -123,7 +123,11 @@ public abstract class AbstractStaxBindin
         return new SecurePart(WSSConstants.TAG_wsse_UsernameToken, Modifier.Element);
     }
     
-    protected SecurePart addSamlToken(SamlToken token) throws WSSecurityException {
+    protected SecurePart addSamlToken(
+        SamlToken token, 
+        boolean signed,
+        boolean endorsing
+    ) throws WSSecurityException {
         IncludeTokenType includeToken = token.getIncludeTokenType();
         if (!isTokenRequired(includeToken)) {
             return null;
@@ -154,12 +158,8 @@ public abstract class AbstractStaxBindin
         config.put(ConfigurationConstants.SAML_CALLBACK_REF, handler);
         
         // Action
-        boolean selfSignAssertion = 
-            MessageUtils.getContextualBoolean(
-                message, SecurityConstants.SELF_SIGN_SAML_ASSERTION, false
-            );
         String samlAction = ConfigurationConstants.SAML_TOKEN_UNSIGNED;
-        if (selfSignAssertion) {
+        if (signed || endorsing) {
             samlAction = ConfigurationConstants.SAML_TOKEN_SIGNED;
         }
         
@@ -170,7 +170,6 @@ public abstract class AbstractStaxBindin
             config.put(ConfigurationConstants.ACTION, samlAction);
         }
         
-        // TODO -> Set SAML Type from policy?
         QName qname = WSSConstants.TAG_saml2_Assertion;
         SamlTokenType tokenType = token.getSamlTokenType();
         if (tokenType == SamlTokenType.WssSamlV11Token10 || tokenType == SamlTokenType.WssSamlV11Token11) {
@@ -559,7 +558,7 @@ public abstract class AbstractStaxBindin
                 }
                 ret.put(token, new SecurePart(WSSConstants.TAG_dsig_Signature, Modifier.Element));
             } else if (token instanceof SamlToken) {
-                SecurePart securePart = addSamlToken((SamlToken)token);
+                SecurePart securePart = addSamlToken((SamlToken)token, false, endorse);
                 if (securePart != null) {
                     ret.put(token, securePart);
                     if (suppTokens.isEncryptedToken()) {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java?rev=1486045&r1=1486044&r2=1486045&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java Fri May 24 13:15:54 2013
@@ -34,6 +34,7 @@ import org.apache.cxf.ws.policy.Assertio
 import org.apache.wss4j.common.ConfigurationConstants;
 import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AbstractToken;
+import org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType;
 import org.apache.wss4j.policy.model.Header;
 import org.apache.wss4j.policy.model.IssuedToken;
 import org.apache.wss4j.policy.model.KeyValueToken;
@@ -53,6 +54,7 @@ import org.apache.wss4j.stax.ext.WSSCons
 public class StaxTransportBindingHandler extends AbstractStaxBindingHandler {
     
     private static final Logger LOG = LogUtils.getL7dLogger(StaxTransportBindingHandler.class);
+    private TransportBinding tbinding;
 
     public StaxTransportBindingHandler(Map<String, Object> properties, SoapMessage msg) {
         super(properties, msg);
@@ -64,8 +66,8 @@ public class StaxTransportBindingHandler
         configureLayout(aim);
         
         if (this.isRequestor()) {
-            TransportBinding binding = (TransportBinding)getBinding(aim);
-            TransportToken token = binding.getTransportToken();
+            tbinding = (TransportBinding)getBinding(aim);
+            TransportToken token = tbinding.getTransportToken();
             if (token.getToken() instanceof IssuedToken) {
                 // TODO
             }
@@ -149,7 +151,7 @@ public class StaxTransportBindingHandler
                 }
             } */
             } else if (token instanceof SamlToken) {
-                addSamlToken((SamlToken)token);
+                addSamlToken((SamlToken)token, false, false);
             } else {
                 //REVISIT - not supported for signed.  Exception?
             }
@@ -234,12 +236,16 @@ public class StaxTransportBindingHandler
         if (token instanceof X509Token
             || token instanceof KeyValueToken) {
             doX509TokenSignature(token, wrapper);
-        } /* TODO else if (token instanceof SamlToken) {
-            SamlAssertionWrapper assertionWrapper = addSamlToken((SamlToken)token);
-            assertionWrapper.toDOM(saaj.getSOAPPart());
-            storeAssertionAsSecurityToken(assertionWrapper);
-            addSig(doIssuedTokenSignature(token, wrapper));
-        } TODO else if (token instanceof UsernameToken) {
+        } else if (token instanceof SamlToken) {
+            addSamlToken((SamlToken)token, false, true);
+            signPartsAndElements(wrapper.getSignedParts(), wrapper.getSignedElements());
+            
+            Map<String, Object> config = getProperties();
+            config.put(ConfigurationConstants.SIG_ALGO, 
+                       tbinding.getAlgorithmSuite().getAsymmetricSignature());
+            AlgorithmSuiteType algType = tbinding.getAlgorithmSuite().getAlgorithmSuiteType();
+            config.put(ConfigurationConstants.SIG_DIGEST_ALGO, algType.getDigest());
+        } /*TODO else if (token instanceof UsernameToken) {
             // Create a UsernameToken object for derived keys and store the security token
             WSSecUsernameToken usernameToken = addDKUsernameToken((UsernameToken)token, true);
             String id = usernameToken.getId();

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/SecurityTestUtil.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/SecurityTestUtil.java?rev=1486045&r1=1486044&r2=1486045&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/SecurityTestUtil.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/SecurityTestUtil.java Fri May 24 13:15:54 2013
@@ -23,6 +23,10 @@ import java.io.File;
 import javax.crypto.Cipher;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
+import javax.xml.ws.BindingProvider;
+
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.example.contract.doubleit.DoubleItPortType;
 
 /**
  * A utility class for security tests
@@ -67,4 +71,13 @@ public final class SecurityTestUtil {
         return false;
     }
     
+    public static void enableStreaming(DoubleItPortType port) {
+        ((BindingProvider)port).getRequestContext().put(
+            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
+        );
+        ((BindingProvider)port).getResponseContext().put(
+            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
+        );
+    }
+    
 }

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java?rev=1486045&r1=1486044&r2=1486045&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java Fri May 24 13:15:54 2013
@@ -39,7 +39,8 @@ import org.example.contract.doubleit.Dou
 import org.junit.BeforeClass;
 
 /**
- * A set of tests for SAML Tokens.
+ * A set of tests for SAML Tokens. It tests both DOM + StAX clients against the 
+ * DOM server
  */
 public class SamlTokenTest extends AbstractBusClientServerTestBase {
     static final String PORT = allocatePort(Server.class);
@@ -126,6 +127,69 @@ public class SamlTokenTest extends Abstr
     }
     
     @org.junit.Test
+    public void testSaml1OverTransportStreaming() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSaml1TransportPort");
+        DoubleItPortType saml1Port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(saml1Port, PORT2);
+        SecurityTestUtil.enableStreaming(saml1Port);
+        
+        try {
+            saml1Port.doubleIt(25);
+            fail("Expected failure on an invocation with no SAML Assertion");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            // assertTrue(ex.getMessage().contains("No SAML CallbackHandler available"));
+        }
+        
+        ((BindingProvider)saml1Port).getRequestContext().put(
+            "ws-security.saml-callback-handler", new SamlCallbackHandler()
+        );
+        try {
+            saml1Port.doubleIt(25);
+            fail("Expected failure on an invocation with a SAML2 Assertion");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            // assertTrue(ex.getMessage().contains("Wrong SAML Version"));
+        }
+
+        ((BindingProvider)saml1Port).getRequestContext().put(
+            "ws-security.saml-callback-handler", new SamlCallbackHandler(false)
+        );
+        int result = saml1Port.doubleIt(25);
+        assertTrue(result == 50);
+        
+        // Don't send any Token...failure expected
+        portQName = new QName(NAMESPACE, "DoubleItSaml1TransportPort2");
+        saml1Port = service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(saml1Port, PORT2);
+        SecurityTestUtil.enableStreaming(saml1Port);
+        
+        ((BindingProvider)saml1Port).getRequestContext().put(
+            "ws-security.saml-callback-handler", new SamlCallbackHandler(false)
+        );
+        
+        try {
+            saml1Port.doubleIt(25);
+            fail("Failure expected on no token");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            // String error = "The received token does not match the token inclusion requirement";
+            // assertTrue(ex.getMessage().contains(error));
+        }
+        
+        ((java.io.Closeable)saml1Port).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
     public void testSaml1ElementOverTransport() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
@@ -160,6 +224,41 @@ public class SamlTokenTest extends Abstr
     }
     
     @org.junit.Test
+    public void testSaml1ElementOverTransportStreaming() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSaml1TransportPort");
+        DoubleItPortType saml1Port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(saml1Port, PORT2);
+        SecurityTestUtil.enableStreaming(saml1Port);
+        
+        try {
+            saml1Port.doubleIt(25);
+            fail("Expected failure on an invocation with no SAML Assertion");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            // assertTrue(ex.getMessage().contains("No SAML CallbackHandler available"));
+        }
+        
+        ((BindingProvider)saml1Port).getRequestContext().put(
+            "ws-security.saml-callback-handler", new SamlElementCallbackHandler(false)
+        );
+        int result = saml1Port.doubleIt(25);
+        assertTrue(result == 50);
+        
+        ((java.io.Closeable)saml1Port).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
     public void testSaml2OverSymmetric() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
@@ -216,11 +315,9 @@ public class SamlTokenTest extends Abstr
         bus.shutdown(true);
     }
     
-    /**
-     * Some negative tests. Send a sender-vouches assertion as a SupportingToken...this will
-     * fail as the provider will demand that there is a signature covering both the assertion
-     * and the message body.
-     */
+    // Some negative tests. Send a sender-vouches assertion as a SupportingToken...this will
+    // fail as the provider will demand that there is a signature covering both the assertion
+    // and the message body.
     @org.junit.Test
     public void testSaml2OverSymmetricSupporting() throws Exception {
 
@@ -342,6 +439,34 @@ public class SamlTokenTest extends Abstr
     }
     
     @org.junit.Test
+    public void testSaml1SelfSignedOverTransportStreaming() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSaml1SelfSignedTransportPort");
+        DoubleItPortType saml1Port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(saml1Port, PORT2);
+        SecurityTestUtil.enableStreaming(saml1Port);
+        
+        ((BindingProvider)saml1Port).getRequestContext().put(
+            "ws-security.saml-callback-handler", new SamlCallbackHandler(false, true)
+        );
+        int result = saml1Port.doubleIt(25);
+        assertTrue(result == 50);
+        
+        ((java.io.Closeable)saml1Port).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
     public void testSaml1SelfSignedOverTransportSP11() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
@@ -369,6 +494,34 @@ public class SamlTokenTest extends Abstr
     }
     
     @org.junit.Test
+    public void testSaml1SelfSignedOverTransportSP11Streaming() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSaml1SelfSignedTransportSP11Port");
+        DoubleItPortType saml1Port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(saml1Port, PORT2);
+        SecurityTestUtil.enableStreaming(saml1Port);
+        
+        ((BindingProvider)saml1Port).getRequestContext().put(
+            "ws-security.saml-callback-handler", new SamlCallbackHandler(false, true)
+        );
+        int result = saml1Port.doubleIt(25);
+        assertTrue(result == 50);
+        
+        ((java.io.Closeable)saml1Port).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
     public void testAsymmetricSamlInitiator() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
@@ -455,6 +608,37 @@ public class SamlTokenTest extends Abstr
     }
     
     @org.junit.Test
+    public void testSaml2EndorsingOverTransportStreaming() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSaml2EndorsingTransportPort");
+        DoubleItPortType saml2Port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(saml2Port, PORT2);
+        SecurityTestUtil.enableStreaming(saml2Port);
+        
+        SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true, true);
+        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
+        ((BindingProvider)saml2Port).getRequestContext().put(
+            "ws-security.saml-callback-handler", callbackHandler
+        );
+
+        int result = saml2Port.doubleIt(25);
+        assertTrue(result == 50);
+        
+        ((java.io.Closeable)saml2Port).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
     public void testSaml2EndorsingPKOverTransport() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
@@ -486,6 +670,38 @@ public class SamlTokenTest extends Abstr
     }
     
     @org.junit.Test
+    public void testSaml2EndorsingPKOverTransportStreaming() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSaml2EndorsingTransportPort");
+        DoubleItPortType saml2Port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(saml2Port, PORT2);
+        SecurityTestUtil.enableStreaming(saml2Port);
+        
+        SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true, true);
+        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
+        callbackHandler.setKeyInfoIdentifier(CERT_IDENTIFIER.KEY_VALUE);
+        ((BindingProvider)saml2Port).getRequestContext().put(
+            "ws-security.saml-callback-handler", callbackHandler
+        );
+
+        int result = saml2Port.doubleIt(25);
+        assertTrue(result == 50);
+        
+        ((java.io.Closeable)saml2Port).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
     public void testSaml2EndorsingOverTransportSP11() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
@@ -514,7 +730,38 @@ public class SamlTokenTest extends Abstr
         ((java.io.Closeable)saml2Port).close();
         bus.shutdown(true);
     }
+    
+    @org.junit.Test
+    public void testSaml2EndorsingOverTransportSP11Streaming() throws Exception {
 
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSaml2EndorsingTransportSP11Port");
+        DoubleItPortType saml2Port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(saml2Port, PORT2);
+        SecurityTestUtil.enableStreaming(saml2Port);
+        
+        SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true, true);
+        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
+        ((BindingProvider)saml2Port).getRequestContext().put(
+            "ws-security.saml-callback-handler", callbackHandler
+        );
+
+        int result = saml2Port.doubleIt(25);
+        assertTrue(result == 50);
+        
+        ((java.io.Closeable)saml2Port).close();
+        bus.shutdown(true);
+    }
+    
     @org.junit.Test
     public void testSaml2OverAsymmetricSignedEncrypted() throws Exception {
 
@@ -571,7 +818,6 @@ public class SamlTokenTest extends Abstr
         bus.shutdown(true);
     }
     
-    
     @org.junit.Test
     public void testSaml2EndorsingEncryptedOverTransport() throws Exception {
 
@@ -603,6 +849,37 @@ public class SamlTokenTest extends Abstr
     }
     
     @org.junit.Test
+    public void testSaml2EndorsingEncryptedOverTransportStreaming() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSaml2EndorsingEncryptedTransportPort");
+        DoubleItPortType saml2Port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(saml2Port, PORT2);
+        SecurityTestUtil.enableStreaming(saml2Port);
+        
+        SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true, true);
+        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
+        ((BindingProvider)saml2Port).getRequestContext().put(
+            "ws-security.saml-callback-handler", callbackHandler
+        );
+
+        int result = saml2Port.doubleIt(25);
+        assertTrue(result == 50);
+        
+        ((java.io.Closeable)saml2Port).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
     public void testNoSamlToken() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
@@ -631,6 +908,36 @@ public class SamlTokenTest extends Abstr
         bus.shutdown(true);
     }
     
+    @org.junit.Test
+    public void testNoSamlTokenStreaming() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItInlinePolicyPort");
+        DoubleItPortType saml2Port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(saml2Port, PORT2);
+        SecurityTestUtil.enableStreaming(saml2Port);
+        
+        try {
+            saml2Port.doubleIt(25);
+            fail("Failure expected on no SamlToken");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            // String error = "The received token does not match the token inclusion requirement";
+            // assertTrue(ex.getMessage().contains(error));
+        }
+        
+        ((java.io.Closeable)saml2Port).close();
+        bus.shutdown(true);
+    }
+    
     // In this test-case, the WSP is configured with a XACML PEP interceptor, which in this
     // case just mocks the call to the PDP + enforces the decision
     @org.junit.Test

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java?rev=1486045&r1=1486044&r2=1486045&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java Fri May 24 13:15:54 2013
@@ -39,7 +39,8 @@ import org.example.contract.doubleit.Dou
 import org.junit.BeforeClass;
 
 /**
- * A set of tests for SAML Tokens using the streaming interceptors.
+ * A set of tests for SAML Tokens using the streaming interceptors. It tests both DOM + StAX 
+ * clients against the StAX server
  */
 public class StaxSamlTokenTest extends AbstractBusClientServerTestBase {
     static final String PORT = allocatePort(StaxServer.class);
@@ -126,6 +127,69 @@ public class StaxSamlTokenTest extends A
     }
     
     @org.junit.Test
+    public void testSaml1OverTransportStreaming() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = StaxSamlTokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSaml1TransportPort");
+        DoubleItPortType saml1Port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(saml1Port, PORT2);
+        SecurityTestUtil.enableStreaming(saml1Port);
+        
+        try {
+            saml1Port.doubleIt(25);
+            fail("Expected failure on an invocation with no SAML Assertion");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            // assertTrue(ex.getMessage().contains("No SAML CallbackHandler available"));
+        }
+        
+        ((BindingProvider)saml1Port).getRequestContext().put(
+            "ws-security.saml-callback-handler", new SamlCallbackHandler()
+        );
+        try {
+            saml1Port.doubleIt(25);
+            fail("Expected failure on an invocation with a SAML2 Assertion");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            // assertTrue(ex.getMessage().contains("Policy enforces SamlVersion11Profile11 but we got 2.0"));
+        }
+
+        ((BindingProvider)saml1Port).getRequestContext().put(
+            "ws-security.saml-callback-handler", new SamlCallbackHandler(false)
+        );
+        int result = saml1Port.doubleIt(25);
+        assertTrue(result == 50);
+        
+        // Don't send any Token...failure expected
+        portQName = new QName(NAMESPACE, "DoubleItSaml1TransportPort2");
+        saml1Port = service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(saml1Port, PORT2);
+        SecurityTestUtil.enableStreaming(saml1Port);
+        
+        ((BindingProvider)saml1Port).getRequestContext().put(
+            "ws-security.saml-callback-handler", new SamlCallbackHandler(false)
+        );
+        
+        try {
+            saml1Port.doubleIt(25);
+            fail("Failure expected on no token");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            // String error = "SamlToken not satisfied";
+            // assertTrue(ex.getMessage().contains(error));
+        }
+        
+        ((java.io.Closeable)saml1Port).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
     public void testSaml1ElementOverTransport() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
@@ -159,6 +223,41 @@ public class StaxSamlTokenTest extends A
         bus.shutdown(true);
     }
     
+    @org.junit.Test
+    public void testSaml1ElementOverTransportStreaming() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = StaxSamlTokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSaml1TransportPort");
+        DoubleItPortType saml1Port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(saml1Port, PORT2);
+        SecurityTestUtil.enableStreaming(saml1Port);
+        
+        try {
+            saml1Port.doubleIt(25);
+            fail("Expected failure on an invocation with no SAML Assertion");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            // assertTrue(ex.getMessage().contains("No SAML CallbackHandler available"));
+        }
+        
+        ((BindingProvider)saml1Port).getRequestContext().put(
+            "ws-security.saml-callback-handler", new SamlElementCallbackHandler(false)
+        );
+        int result = saml1Port.doubleIt(25);
+        assertTrue(result == 50);
+        
+        ((java.io.Closeable)saml1Port).close();
+        bus.shutdown(true);
+    }
+    
     // TODO See WSS-442
     @org.junit.Test
     @org.junit.Ignore
@@ -218,11 +317,9 @@ public class StaxSamlTokenTest extends A
         bus.shutdown(true);
     }
     
-    /**
-     * Some negative tests. Send a sender-vouches assertion as a SupportingToken...this will
-     * fail as the provider will demand that there is a signature covering both the assertion
-     * and the message body.
-     */
+    // Some negative tests. Send a sender-vouches assertion as a SupportingToken...this will
+    // fail as the provider will demand that there is a signature covering both the assertion
+    // and the message body.
     // TODO See WSS-442
     @org.junit.Test
     @org.junit.Ignore
@@ -348,6 +445,34 @@ public class StaxSamlTokenTest extends A
     }
     
     @org.junit.Test
+    public void testSaml1SelfSignedOverTransportStreaming() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = StaxSamlTokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSaml1SelfSignedTransportPort");
+        DoubleItPortType saml1Port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(saml1Port, PORT2);
+        SecurityTestUtil.enableStreaming(saml1Port);
+        
+        ((BindingProvider)saml1Port).getRequestContext().put(
+            "ws-security.saml-callback-handler", new SamlCallbackHandler(false, true)
+        );
+        int result = saml1Port.doubleIt(25);
+        assertTrue(result == 50);
+        
+        ((java.io.Closeable)saml1Port).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
     public void testSaml1SelfSignedOverTransportSP11() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
@@ -374,6 +499,34 @@ public class StaxSamlTokenTest extends A
         bus.shutdown(true);
     }
     
+    @org.junit.Test
+    public void testSaml1SelfSignedOverTransportSP11Streaming() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = StaxSamlTokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSaml1SelfSignedTransportSP11Port");
+        DoubleItPortType saml1Port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(saml1Port, PORT2);
+        SecurityTestUtil.enableStreaming(saml1Port);
+        
+        ((BindingProvider)saml1Port).getRequestContext().put(
+            "ws-security.saml-callback-handler", new SamlCallbackHandler(false, true)
+        );
+        int result = saml1Port.doubleIt(25);
+        assertTrue(result == 50);
+        
+        ((java.io.Closeable)saml1Port).close();
+        bus.shutdown(true);
+    }
+    
     // TODO See WSS-442
     @org.junit.Test
     @org.junit.Ignore
@@ -434,7 +587,7 @@ public class StaxSamlTokenTest extends A
         bus.shutdown(true);
     }
     
-    // NPE in outbound DOM because of SignatureConfirmation - should be fixed with StaX out
+    // See WSS-446
     @org.junit.Test
     @org.junit.Ignore
     public void testSaml2EndorsingOverTransport() throws Exception {
@@ -466,7 +619,7 @@ public class StaxSamlTokenTest extends A
         bus.shutdown(true);
     }
     
-    // NPE in outbound DOM because of SignatureConfirmation - should be fixed with StaX out
+    // See WSS-446
     @org.junit.Test
     @org.junit.Ignore
     public void testSaml2EndorsingPKOverTransport() throws Exception {
@@ -528,6 +681,37 @@ public class StaxSamlTokenTest extends A
         ((java.io.Closeable)saml2Port).close();
         bus.shutdown(true);
     }
+    
+    @org.junit.Test
+    public void testSaml2EndorsingOverTransportSP11Streaming() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = StaxSamlTokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSaml2EndorsingTransportSP11Port");
+        DoubleItPortType saml2Port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(saml2Port, PORT2);
+        SecurityTestUtil.enableStreaming(saml2Port);
+        
+        SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true, true);
+        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
+        ((BindingProvider)saml2Port).getRequestContext().put(
+            "ws-security.saml-callback-handler", callbackHandler
+        );
+
+        int result = saml2Port.doubleIt(25);
+        assertTrue(result == 50);
+        
+        ((java.io.Closeable)saml2Port).close();
+        bus.shutdown(true);
+    }
 
     // TODO See WSS-442
     @org.junit.Test
@@ -650,6 +834,36 @@ public class StaxSamlTokenTest extends A
         bus.shutdown(true);
     }
     
+    @org.junit.Test
+    public void testNoSamlTokenStreaming() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = StaxSamlTokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItInlinePolicyPort");
+        DoubleItPortType saml2Port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(saml2Port, PORT2);
+        SecurityTestUtil.enableStreaming(saml2Port);
+        
+        try {
+            saml2Port.doubleIt(25);
+            fail("Failure expected on no SamlToken");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            // String error = "SamlToken not satisfied";
+            // assertTrue(ex.getMessage().contains(error));
+        }
+        
+        ((java.io.Closeable)saml2Port).close();
+        bus.shutdown(true);
+    }
+    
     // In this test-case, the WSP is configured with a XACML PEP interceptor, which in this
     // case just mocks the call to the PDP + enforces the decision
     // TODO See WSS-442

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java?rev=1486045&r1=1486044&r2=1486045&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java Fri May 24 13:15:54 2013
@@ -30,6 +30,7 @@ import javax.security.auth.callback.Unsu
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.CryptoFactory;
 import org.apache.wss4j.common.crypto.CryptoType;
+import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.saml.SAMLCallback;
 import org.apache.wss4j.common.saml.bean.AttributeBean;
 import org.apache.wss4j.common.saml.bean.AttributeStatementBean;
@@ -47,6 +48,7 @@ public class SamlCallbackHandler impleme
     private boolean saml2 = true;
     private String confirmationMethod = SAML2Constants.CONF_SENDER_VOUCHES;
     private CERT_IDENTIFIER keyInfoIdentifier = CERT_IDENTIFIER.X509_CERT;
+    private boolean signAssertion;
     
     public SamlCallbackHandler() {
         //
@@ -56,6 +58,11 @@ public class SamlCallbackHandler impleme
         this.saml2 = saml2;
     }
     
+    public SamlCallbackHandler(boolean saml2, boolean signAssertion) {
+        this.saml2 = saml2;
+        this.signAssertion = signAssertion;
+    }
+    
     public void setConfirmationMethod(String confirmationMethod) {
         this.confirmationMethod = confirmationMethod;
     }
@@ -107,6 +114,19 @@ public class SamlCallbackHandler impleme
                 attributeBean.setAttributeValues(Collections.singletonList("system-user"));
                 attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
                 callback.setAttributeStatementData(Collections.singletonList(attrBean));
+                
+                try {
+                    if (signAssertion) {
+                        String file = "org/apache/cxf/systest/ws/wssec10/client/alice.properties";
+                        Crypto crypto = CryptoFactory.getInstance(file);
+                        callback.setIssuerCrypto(crypto);
+                        callback.setIssuerKeyName("alice");
+                        callback.setIssuerKeyPassword("password");
+                    }
+                    callback.setSignAssertion(signAssertion);
+                } catch (WSSecurityException e) {
+                    throw new IOException(e);
+                }
             }
         }
     }
@@ -128,5 +148,13 @@ public class SamlCallbackHandler impleme
         
         return keyInfo;
     }
+
+    public boolean isSignAssertion() {
+        return signAssertion;
+    }
+
+    public void setSignAssertion(boolean signAssertion) {
+        this.signAssertion = signAssertion;
+    }
     
 }

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/StaxUsernameTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/StaxUsernameTokenTest.java?rev=1486045&r1=1486044&r2=1486045&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/StaxUsernameTokenTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/StaxUsernameTokenTest.java Fri May 24 13:15:54 2013
@@ -83,12 +83,7 @@ public class StaxUsernameTokenTest exten
         utPort.doubleIt(25);
         
         // Streaming
-        ((BindingProvider)utPort).getRequestContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
-        ((BindingProvider)utPort).getResponseContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
+        SecurityTestUtil.enableStreaming(utPort);
         utPort.doubleIt(25);
         
         ((java.io.Closeable)utPort).close();
@@ -116,12 +111,7 @@ public class StaxUsernameTokenTest exten
         utPort.doubleIt(25);
         
         // Streaming
-        ((BindingProvider)utPort).getRequestContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
-        ((BindingProvider)utPort).getResponseContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
+        SecurityTestUtil.enableStreaming(utPort);
         utPort.doubleIt(25);
         
         ((java.io.Closeable)utPort).close();
@@ -149,12 +139,7 @@ public class StaxUsernameTokenTest exten
         utPort.doubleIt(25);
         
         // Streaming
-        ((BindingProvider)utPort).getRequestContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
-        ((BindingProvider)utPort).getResponseContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
+        SecurityTestUtil.enableStreaming(utPort);
         utPort.doubleIt(25);
         
         ((java.io.Closeable)utPort).close();
@@ -182,12 +167,7 @@ public class StaxUsernameTokenTest exten
         utPort.doubleIt(25);
         
         // Streaming
-        ((BindingProvider)utPort).getRequestContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
-        ((BindingProvider)utPort).getResponseContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
+        SecurityTestUtil.enableStreaming(utPort);
         utPort.doubleIt(25);
         
         ((java.io.Closeable)utPort).close();
@@ -215,12 +195,7 @@ public class StaxUsernameTokenTest exten
         utPort.doubleIt(25);
         
         // Streaming
-        ((BindingProvider)utPort).getRequestContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
-        ((BindingProvider)utPort).getResponseContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
+        SecurityTestUtil.enableStreaming(utPort);
         utPort.doubleIt(25);
         
         ((java.io.Closeable)utPort).close();
@@ -248,12 +223,7 @@ public class StaxUsernameTokenTest exten
         utPort.doubleIt(25);
         
         // Streaming
-        ((BindingProvider)utPort).getRequestContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
-        ((BindingProvider)utPort).getResponseContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
+        SecurityTestUtil.enableStreaming(utPort);
         utPort.doubleIt(25);
         
         ((java.io.Closeable)utPort).close();
@@ -281,12 +251,7 @@ public class StaxUsernameTokenTest exten
         utPort.doubleIt(25);
         
         // Streaming
-        ((BindingProvider)utPort).getRequestContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
-        ((BindingProvider)utPort).getResponseContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
+        SecurityTestUtil.enableStreaming(utPort);
         utPort.doubleIt(25);
         
         ((java.io.Closeable)utPort).close();
@@ -321,12 +286,7 @@ public class StaxUsernameTokenTest exten
         /*
         // TODO
         // Streaming
-        ((BindingProvider)utPort).getRequestContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
-        ((BindingProvider)utPort).getResponseContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
+        SecurityTestUtil.enableStreaming(utPort);
         try {
             utPort.doubleIt(25);
             fail("Failure expected on no UsernameToken");
@@ -409,12 +369,7 @@ public class StaxUsernameTokenTest exten
         /*
         // TODO
         // Streaming
-        ((BindingProvider)utPort).getRequestContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
-        ((BindingProvider)utPort).getResponseContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
+        SecurityTestUtil.enableStreaming(utPort);
         
         ((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME, "Alice");
         utPort.doubleIt(25);

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java?rev=1486045&r1=1486044&r2=1486045&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java Fri May 24 13:15:54 2013
@@ -83,12 +83,7 @@ public class UsernameTokenTest extends A
         utPort.doubleIt(25);
         
         // Streaming
-        ((BindingProvider)utPort).getRequestContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
-        ((BindingProvider)utPort).getResponseContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
+        SecurityTestUtil.enableStreaming(utPort);
         utPort.doubleIt(25);
         
         ((java.io.Closeable)utPort).close();
@@ -116,12 +111,7 @@ public class UsernameTokenTest extends A
         utPort.doubleIt(25);
         
         // Streaming
-        ((BindingProvider)utPort).getRequestContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
-        ((BindingProvider)utPort).getResponseContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
+        SecurityTestUtil.enableStreaming(utPort);
         utPort.doubleIt(25);
         
         ((java.io.Closeable)utPort).close();
@@ -149,12 +139,7 @@ public class UsernameTokenTest extends A
         utPort.doubleIt(25);
         
         // Streaming
-        ((BindingProvider)utPort).getRequestContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
-        ((BindingProvider)utPort).getResponseContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
+        SecurityTestUtil.enableStreaming(utPort);
         utPort.doubleIt(25);
         
         ((java.io.Closeable)utPort).close();
@@ -182,12 +167,7 @@ public class UsernameTokenTest extends A
         utPort.doubleIt(25);
         
         // Streaming
-        ((BindingProvider)utPort).getRequestContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
-        ((BindingProvider)utPort).getResponseContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
+        SecurityTestUtil.enableStreaming(utPort);
         utPort.doubleIt(25);
         
         ((java.io.Closeable)utPort).close();
@@ -215,12 +195,7 @@ public class UsernameTokenTest extends A
         utPort.doubleIt(25);
         
         // Streaming
-        ((BindingProvider)utPort).getRequestContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
-        ((BindingProvider)utPort).getResponseContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
+        SecurityTestUtil.enableStreaming(utPort);
         utPort.doubleIt(25);
         
         ((java.io.Closeable)utPort).close();
@@ -248,12 +223,7 @@ public class UsernameTokenTest extends A
         utPort.doubleIt(25);
         
         // Streaming
-        ((BindingProvider)utPort).getRequestContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
-        ((BindingProvider)utPort).getResponseContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
+        SecurityTestUtil.enableStreaming(utPort);
         utPort.doubleIt(25);
         
         ((java.io.Closeable)utPort).close();
@@ -281,12 +251,7 @@ public class UsernameTokenTest extends A
         utPort.doubleIt(25);
         
         // Streaming
-        ((BindingProvider)utPort).getRequestContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
-        ((BindingProvider)utPort).getResponseContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
+        SecurityTestUtil.enableStreaming(utPort);
         utPort.doubleIt(25);
         
         ((java.io.Closeable)utPort).close();
@@ -322,12 +287,7 @@ public class UsernameTokenTest extends A
         /*
         // TODO
         // Streaming
-        ((BindingProvider)utPort).getRequestContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
-        ((BindingProvider)utPort).getResponseContext().put(
-            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
-        );
+        SecurityTestUtil.enableStreaming(utPort);
         try {
             utPort.doubleIt(25);
             fail("Failure expected on no UsernameToken");
@@ -450,6 +410,7 @@ public class UsernameTokenTest extends A
         // Streaming
         /*
         // TODO
+        SecurityTestUtil.enableStreaming(utPort);
         ((BindingProvider)utPort).getRequestContext().put(SecurityConstants.USERNAME, "Alice");
         utPort.doubleIt(25);
         



Mime
View raw message