cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1486575 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/ systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/server/ systests/w...
Date Mon, 27 May 2013 11:14:13 GMT
Author: coheigea
Date: Mon May 27 11:14:12 2013
New Revision: 1486575

URL: http://svn.apache.org/r1486575
Log:
Added some X.509 WS-Security streaming interop tests

Added:
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java
      - copied, changed from r1486192, cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/server/StaxServer.java
    cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/stax-server.xml
Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
    cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java?rev=1486575&r1=1486574&r2=1486575&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java Mon May 27 11:14:12 2013
@@ -162,15 +162,15 @@ public class PolicyBasedWSS4JStaxOutInte
         }
         
         if (signCrypto != null) {
-            message.put(WSHandlerConstants.ENC_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
+            message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
             message.put("RefId-" + signCrypto.hashCode(), signCrypto);
         }
         
         if (encrCrypto != null) {
-            message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + encrCrypto.hashCode());
+            message.put(WSHandlerConstants.ENC_PROP_REF_ID, "RefId-" + encrCrypto.hashCode());
             message.put("RefId-" + encrCrypto.hashCode(), (Crypto)encrCrypto);
         } else if (signCrypto != null) {
-            message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
+            message.put(WSHandlerConstants.ENC_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
             message.put("RefId-" + signCrypto.hashCode(), (Crypto)signCrypto);
         }
     }
@@ -202,15 +202,15 @@ public class PolicyBasedWSS4JStaxOutInte
         }
         
         if (signCrypto != null) {
-            message.put(WSHandlerConstants.ENC_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
+            message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
             message.put("RefId-" + signCrypto.hashCode(), signCrypto);
         }
         
         if (encrCrypto != null) {
-            message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + encrCrypto.hashCode());
+            message.put(WSHandlerConstants.ENC_PROP_REF_ID, "RefId-" + encrCrypto.hashCode());
             message.put("RefId-" + encrCrypto.hashCode(), (Crypto)encrCrypto);
         } else if (signCrypto != null) {
-            message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
+            message.put(WSHandlerConstants.ENC_PROP_REF_ID, "RefId-" + signCrypto.hashCode());
             message.put("RefId-" + signCrypto.hashCode(), (Crypto)signCrypto);
         }
     }
@@ -247,7 +247,7 @@ public class PolicyBasedWSS4JStaxOutInte
                 crypto = signCrypto;
             }
             if (crypto != null) {
-                message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + crypto.hashCode());
+                message.put(WSHandlerConstants.ENC_PROP_REF_ID, "RefId-" + crypto.hashCode());
                 message.put("RefId-" + crypto.hashCode(), crypto);
             }
             
@@ -256,7 +256,7 @@ public class PolicyBasedWSS4JStaxOutInte
                 crypto = encrCrypto;
             }
             if (crypto != null) {
-                message.put(WSHandlerConstants.ENC_PROP_REF_ID, "RefId-" + crypto.hashCode());
+                message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + crypto.hashCode());
                 message.put("RefId-" + crypto.hashCode(), crypto);
             }
         } else {
@@ -265,7 +265,7 @@ public class PolicyBasedWSS4JStaxOutInte
                 crypto = encrCrypto;
             }
             if (crypto != null) {
-                message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + crypto.hashCode());
+                message.put(WSHandlerConstants.ENC_PROP_REF_ID, "RefId-" + crypto.hashCode());
                 message.put("RefId-" + crypto.hashCode(), crypto);
             }
             
@@ -274,7 +274,7 @@ public class PolicyBasedWSS4JStaxOutInte
                 crypto = signCrypto;
             }
             if (crypto != null) {
-                message.put(WSHandlerConstants.ENC_PROP_REF_ID, "RefId-" + crypto.hashCode());
+                message.put(WSHandlerConstants.SIG_PROP_REF_ID, "RefId-" + crypto.hashCode());
                 message.put("RefId-" + crypto.hashCode(), crypto);
             }
         }

Copied: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java (from r1486192, cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java?p2=cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java&p1=cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java&r1=1486192&r2=1486575&rev=1486575&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java Mon May 27 11:14:12 2013
@@ -29,14 +29,10 @@ import javax.xml.ws.Service;
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.bus.spring.SpringBusFactory;
-import org.apache.cxf.endpoint.Client;
-import org.apache.cxf.frontend.ClientProxy;
 import org.apache.cxf.headers.Header;
 import org.apache.cxf.jaxb.JAXBDataBinding;
 import org.apache.cxf.systest.ws.common.SecurityTestUtil;
-import org.apache.cxf.systest.ws.ut.SecurityHeaderCacheInterceptor;
-import org.apache.cxf.systest.ws.x509.server.Intermediary;
-import org.apache.cxf.systest.ws.x509.server.Server;
+import org.apache.cxf.systest.ws.x509.server.StaxServer;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.example.contract.doubleit.DoubleItPortType;
@@ -44,12 +40,12 @@ import org.example.contract.doubleit.Dou
 import org.junit.BeforeClass;
 
 /**
- * A set of tests for X.509 Tokens.
+ * A set of tests for X.509 Tokens using the streaming interceptors. 
+ * It tests both DOM + StAX clients against the StAX server
  */
-public class X509TokenTest extends AbstractBusClientServerTestBase {
-    public static final String PORT = allocatePort(Server.class);
-    public static final String INTERMEDIARY_PORT = allocatePort(Intermediary.class);
-    static final String PORT2 = allocatePort(Server.class, 2);
+public class StaxX509TokenTest extends AbstractBusClientServerTestBase {
+    public static final String PORT = allocatePort(StaxServer.class);
+    static final String PORT2 = allocatePort(StaxServer.class, 2);
 
     private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
     private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
@@ -60,14 +56,16 @@ public class X509TokenTest extends Abstr
                 "Server failed to launch",
                 // run the server in the same process
                 // set this to false to fork
-                launchServer(Server.class, true)
+                launchServer(StaxServer.class, true)
         );
+        /*
         assertTrue(
                 "Intermediary failed to launch",
                 // run the server in the same process
                 // set this to false to fork
                 launchServer(Intermediary.class, true)
         );
+        */
     }
     
     @org.junit.AfterClass
@@ -75,18 +73,19 @@ public class X509TokenTest extends Abstr
         SecurityTestUtil.cleanup();
         stopAllServers();
     }
-
+    /*
+    // TODO
     @org.junit.Test
     public void testKeyIdentifier() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = X509TokenTest.class.getResource("client/client.xml");
+        URL busFile = StaxX509TokenTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
         
-        URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl");
+        URL wsdl = StaxX509TokenTest.class.getResource("DoubleItX509.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItKeyIdentifierPort");
         DoubleItPortType x509Port = 
@@ -102,13 +101,13 @@ public class X509TokenTest extends Abstr
     public void testKeyIdentifierJaxwsClient() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = X509TokenTest.class.getResource("client/jaxws-client.xml");
+        URL busFile = StaxX509TokenTest.class.getResource("client/jaxws-client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
         
-        URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl");
+        URL wsdl = StaxX509TokenTest.class.getResource("DoubleItX509.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItKeyIdentifierPort");
         DoubleItPortType x509Port = 
@@ -129,13 +128,13 @@ public class X509TokenTest extends Abstr
     public void testIntermediary() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = X509TokenTest.class.getResource("client/intermediary-client.xml");
+        URL busFile = StaxX509TokenTest.class.getResource("client/intermediary-client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
         
-        URL wsdl = X509TokenTest.class.getResource("DoubleItIntermediary.wsdl");
+        URL wsdl = StaxX509TokenTest.class.getResource("DoubleItIntermediary.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItPort");
         DoubleItPortType x509Port = 
@@ -152,13 +151,13 @@ public class X509TokenTest extends Abstr
     public void testIssuerSerial() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = X509TokenTest.class.getResource("client/client.xml");
+        URL busFile = StaxX509TokenTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl");
+        URL wsdl = StaxX509TokenTest.class.getResource("DoubleItX509.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItIssuerSerialPort");
         DoubleItPortType x509Port = 
@@ -174,13 +173,13 @@ public class X509TokenTest extends Abstr
     public void testThumbprint() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = X509TokenTest.class.getResource("client/client.xml");
+        URL busFile = StaxX509TokenTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl");
+        URL wsdl = StaxX509TokenTest.class.getResource("DoubleItX509.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItThumbprintPort");
         DoubleItPortType x509Port = 
@@ -196,13 +195,13 @@ public class X509TokenTest extends Abstr
     public void testContentEncryptedElements() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = X509TokenTest.class.getResource("client/client.xml");
+        URL busFile = StaxX509TokenTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl");
+        URL wsdl = StaxX509TokenTest.class.getResource("DoubleItX509.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItContentEncryptedElementsPort");
         DoubleItPortType x509Port = 
@@ -218,13 +217,13 @@ public class X509TokenTest extends Abstr
     public void testAsymmetricIssuerSerial() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = X509TokenTest.class.getResource("client/client.xml");
+        URL busFile = StaxX509TokenTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl");
+        URL wsdl = StaxX509TokenTest.class.getResource("DoubleItX509.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricIssuerSerialPort");
         DoubleItPortType x509Port = 
@@ -240,13 +239,13 @@ public class X509TokenTest extends Abstr
     public void testAsymmetricThumbprint() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = X509TokenTest.class.getResource("client/client.xml");
+        URL busFile = StaxX509TokenTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl");
+        URL wsdl = StaxX509TokenTest.class.getResource("DoubleItX509.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricThumbprintPort");
         DoubleItPortType x509Port = 
@@ -262,13 +261,13 @@ public class X509TokenTest extends Abstr
     public void testAsymmetricProtectTokens() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = X509TokenTest.class.getResource("client/client.xml");
+        URL busFile = StaxX509TokenTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl");
+        URL wsdl = StaxX509TokenTest.class.getResource("DoubleItX509.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricProtectTokensPort");
         DoubleItPortType x509Port = 
@@ -284,13 +283,13 @@ public class X509TokenTest extends Abstr
     public void testSymmetricProtectTokens() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = X509TokenTest.class.getResource("client/client.xml");
+        URL busFile = StaxX509TokenTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl");
+        URL wsdl = StaxX509TokenTest.class.getResource("DoubleItX509.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItSymmetricProtectTokensPort");
         DoubleItPortType x509Port = 
@@ -301,23 +300,30 @@ public class X509TokenTest extends Abstr
         ((java.io.Closeable)x509Port).close();
         bus.shutdown(true);
     }
+    */
     
     @org.junit.Test
     public void testTransportEndorsing() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = X509TokenTest.class.getResource("client/client.xml");
+        URL busFile = StaxX509TokenTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl");
+        URL wsdl = StaxX509TokenTest.class.getResource("DoubleItX509.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItTransportEndorsingPort");
         DoubleItPortType x509Port = 
                 service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(x509Port, PORT2);
+        
+        // DOM
+        x509Port.doubleIt(25);
+        
+        // Streaming
+        SecurityTestUtil.enableStreaming(x509Port);
         x509Port.doubleIt(25);
         
         ((java.io.Closeable)x509Port).close();
@@ -328,18 +334,24 @@ public class X509TokenTest extends Abstr
     public void testTransportEndorsingSP11() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = X509TokenTest.class.getResource("client/client.xml");
+        URL busFile = StaxX509TokenTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl");
+        URL wsdl = StaxX509TokenTest.class.getResource("DoubleItX509.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItTransportEndorsingSP11Port");
         DoubleItPortType x509Port = 
                 service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(x509Port, PORT2);
+        
+        // DOM
+        x509Port.doubleIt(25);
+        
+        // Streaming
+        SecurityTestUtil.enableStreaming(x509Port);
         x509Port.doubleIt(25);
         
         ((java.io.Closeable)x509Port).close();
@@ -350,79 +362,103 @@ public class X509TokenTest extends Abstr
     public void testTransportSignedEndorsing() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = X509TokenTest.class.getResource("client/client.xml");
+        URL busFile = StaxX509TokenTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl");
+        URL wsdl = StaxX509TokenTest.class.getResource("DoubleItX509.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItTransportSignedEndorsingPort");
         DoubleItPortType x509Port = 
                 service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(x509Port, PORT2);
+        
+        // DOM
+        x509Port.doubleIt(25);
+        
+        // Streaming
+        SecurityTestUtil.enableStreaming(x509Port);
         x509Port.doubleIt(25);
         
         ((java.io.Closeable)x509Port).close();
         bus.shutdown(true);
     }
     
+    // TODO See WSS-443
     @org.junit.Test
+    @org.junit.Ignore
     public void testTransportEndorsingEncrypted() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = X509TokenTest.class.getResource("client/client.xml");
+        URL busFile = StaxX509TokenTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl");
+        URL wsdl = StaxX509TokenTest.class.getResource("DoubleItX509.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItTransportEndorsingEncryptedPort");
         DoubleItPortType x509Port = 
                 service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(x509Port, PORT2);
+        
+        // DOM
+        x509Port.doubleIt(25);
+        
+        // Streaming
+        SecurityTestUtil.enableStreaming(x509Port);
         x509Port.doubleIt(25);
         
         ((java.io.Closeable)x509Port).close();
         bus.shutdown(true);
     }
     
+    // TODO See WSS-443
     @org.junit.Test
+    @org.junit.Ignore
     public void testTransportSignedEndorsingEncrypted() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = X509TokenTest.class.getResource("client/client.xml");
+        URL busFile = StaxX509TokenTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl");
+        URL wsdl = StaxX509TokenTest.class.getResource("DoubleItX509.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItTransportSignedEndorsingEncryptedPort");
         DoubleItPortType x509Port = 
                 service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(x509Port, PORT2);
+        
+        // DOM
+        x509Port.doubleIt(25);
+        
+        // Streaming
+        SecurityTestUtil.enableStreaming(x509Port);
         x509Port.doubleIt(25);
         
         ((java.io.Closeable)x509Port).close();
         bus.shutdown(true);
     }
     
+    /*
+    TODO
     @org.junit.Test
     public void testAsymmetricSignature() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = X509TokenTest.class.getResource("client/client.xml");
+        URL busFile = StaxX509TokenTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = X509TokenTest.class.getResource("DoubleItX509Signature.wsdl");
+        URL wsdl = StaxX509TokenTest.class.getResource("DoubleItX509Signature.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSignaturePort");
         DoubleItPortType x509Port = 
@@ -438,13 +474,13 @@ public class X509TokenTest extends Abstr
     public void testAsymmetricSignatureSP11() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = X509TokenTest.class.getResource("client/client.xml");
+        URL busFile = StaxX509TokenTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = X509TokenTest.class.getResource("DoubleItX509Signature.wsdl");
+        URL wsdl = StaxX509TokenTest.class.getResource("DoubleItX509Signature.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSignatureSP11Port");
         DoubleItPortType x509Port = 
@@ -460,13 +496,13 @@ public class X509TokenTest extends Abstr
     public void testAsymmetricEncryption() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = X509TokenTest.class.getResource("client/client.xml");
+        URL busFile = StaxX509TokenTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = X509TokenTest.class.getResource("DoubleItX509Signature.wsdl");
+        URL wsdl = StaxX509TokenTest.class.getResource("DoubleItX509Signature.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricEncryptionPort");
         DoubleItPortType x509Port = 
@@ -482,13 +518,13 @@ public class X509TokenTest extends Abstr
     public void testAsymmetricSignatureReplay() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = X509TokenTest.class.getResource("client/client.xml");
+        URL busFile = StaxX509TokenTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = X509TokenTest.class.getResource("DoubleItX509Signature.wsdl");
+        URL wsdl = StaxX509TokenTest.class.getResource("DoubleItX509Signature.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSignaturePort");
         DoubleItPortType x509Port = 
@@ -513,40 +549,49 @@ public class X509TokenTest extends Abstr
         ((java.io.Closeable)x509Port).close();
         bus.shutdown(true);
     }
+    */
     
     @org.junit.Test
     public void testTransportSupportingSigned() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = X509TokenTest.class.getResource("client/client.xml");
+        URL busFile = StaxX509TokenTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl");
+        URL wsdl = StaxX509TokenTest.class.getResource("DoubleItX509.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItTransportSupportingSignedPort");
         DoubleItPortType x509Port = 
                 service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(x509Port, PORT2);
+        
+        // DOM
+        x509Port.doubleIt(25);
+        
+        // Streaming
+        SecurityTestUtil.enableStreaming(x509Port);
         x509Port.doubleIt(25);
         
         ((java.io.Closeable)x509Port).close();
         bus.shutdown(true);
     }
     
+    // TODO WSS-438
     @org.junit.Test
+    @org.junit.Ignore
     public void testTransportSupportingSignedCertConstraints() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = X509TokenTest.class.getResource("client/client.xml");
+        URL busFile = StaxX509TokenTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl");
+        URL wsdl = StaxX509TokenTest.class.getResource("DoubleItX509.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItTransportSupportingSignedCertConstraintsPort");
         DoubleItPortType x509Port = 
@@ -578,35 +623,43 @@ public class X509TokenTest extends Abstr
     public void testTransportKVT() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = X509TokenTest.class.getResource("client/client.xml");
+        URL busFile = StaxX509TokenTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl");
+        URL wsdl = StaxX509TokenTest.class.getResource("DoubleItX509.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItTransportKVTPort");
         DoubleItPortType x509Port = 
                 service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(x509Port, PORT2);
+        
+        // DOM
+        x509Port.doubleIt(25);
+        
+        // Streaming
+        SecurityTestUtil.enableStreaming(x509Port);
         x509Port.doubleIt(25);
         
         ((java.io.Closeable)x509Port).close();
         bus.shutdown(true);
     }
     
+    // TODO
     @org.junit.Test
+    @org.junit.Ignore
     public void testKeyIdentifier2() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = X509TokenTest.class.getResource("client/client.xml");
+        URL busFile = StaxX509TokenTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
         
-        URL wsdl = X509TokenTest.class.getResource("DoubleItOperations.wsdl");
+        URL wsdl = StaxX509TokenTest.class.getResource("DoubleItOperations.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItKeyIdentifierPort2");
         DoubleItPortType2 x509Port = 
@@ -629,17 +682,18 @@ public class X509TokenTest extends Abstr
         bus.shutdown(true);
     }
     
+    // Just sending an X.509 Token without a Signature is not supported in the StAX layer (yet) 
     @org.junit.Test
     public void testSupportingToken() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = X509TokenTest.class.getResource("client/client.xml");
+        URL busFile = StaxX509TokenTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl");
+        URL wsdl = StaxX509TokenTest.class.getResource("DoubleItX509.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
        
         // Successful invocation
@@ -657,8 +711,8 @@ public class X509TokenTest extends Abstr
             port.doubleIt(25);
             fail("Failure expected on not sending an X.509 Supporting Token");
         } catch (javax.xml.ws.soap.SOAPFaultException ex) {
-            String error = "These policy alternatives can not be satisfied";
-            assertTrue(ex.getMessage().contains(error));
+            // String error = "These policy alternatives can not be satisfied";
+            // assertTrue(ex.getMessage().contains(error));
         }
         
         // This should fail, as the client is not sending a PKI Token
@@ -670,8 +724,8 @@ public class X509TokenTest extends Abstr
             port.doubleIt(25);
             fail("Failure expected on not sending a PKI token");
         } catch (javax.xml.ws.soap.SOAPFaultException ex) {
-            String error = "These policy alternatives can not be satisfied";
-            assertTrue(ex.getMessage().contains(error));
+            // String error = "These policy alternatives can not be satisfied";
+            // assertTrue(ex.getMessage().contains(error));
         }
         
         ((java.io.Closeable)port).close();
@@ -682,19 +736,25 @@ public class X509TokenTest extends Abstr
     public void testNegativeEndorsing() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = X509TokenTest.class.getResource("client/client.xml");
+        URL busFile = StaxX509TokenTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl");
+        URL wsdl = StaxX509TokenTest.class.getResource("DoubleItX509.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
        
         // Successful invocation
         QName portQName = new QName(NAMESPACE, "DoubleItTransportNegativeEndorsingPort");
         DoubleItPortType port = service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(port, PORT2);
+        
+        // DOM
+        port.doubleIt(25);
+        
+        // Streaming
+        SecurityTestUtil.enableStreaming(port);
         port.doubleIt(25);
         
         // This should fail, as the client is not endorsing the token
@@ -703,16 +763,26 @@ public class X509TokenTest extends Abstr
         updateAddressPort(port, PORT2);
         
         try {
+            // DOM
             port.doubleIt(25);
             fail("Failure expected on not endorsing the token");
         } catch (javax.xml.ws.soap.SOAPFaultException ex) {
-            String error = "These policy alternatives can not be satisfied";
-            assertTrue(ex.getMessage().contains(error));
+            // String error = "These policy alternatives can not be satisfied";
+            // assertTrue(ex.getMessage().contains(error));
+        }
+        
+        try {
+            // Streaming
+            SecurityTestUtil.enableStreaming(port);
+            port.doubleIt(25);
+            fail("Failure expected on not endorsing the token");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            // String error = "These policy alternatives can not be satisfied";
+            // assertTrue(ex.getMessage().contains(error));
         }
         
         ((java.io.Closeable)port).close();
         bus.shutdown(true);
     }
     
-    
 }

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java?rev=1486575&r1=1486574&r2=1486575&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java Mon May 27 11:14:12 2013
@@ -44,7 +44,8 @@ import org.example.contract.doubleit.Dou
 import org.junit.BeforeClass;
 
 /**
- * A set of tests for X.509 Tokens.
+ * A set of tests for X.509 Tokens. It tests both DOM + StAX clients against the 
+ * DOM server
  */
 public class X509TokenTest extends AbstractBusClientServerTestBase {
     public static final String PORT = allocatePort(Server.class);
@@ -318,6 +319,12 @@ public class X509TokenTest extends Abstr
         DoubleItPortType x509Port = 
                 service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(x509Port, PORT2);
+        
+        // DOM
+        x509Port.doubleIt(25);
+        
+        // Streaming
+        SecurityTestUtil.enableStreaming(x509Port);
         x509Port.doubleIt(25);
         
         ((java.io.Closeable)x509Port).close();
@@ -340,6 +347,12 @@ public class X509TokenTest extends Abstr
         DoubleItPortType x509Port = 
                 service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(x509Port, PORT2);
+        
+        // DOM
+        x509Port.doubleIt(25);
+        
+        // Streaming
+        SecurityTestUtil.enableStreaming(x509Port);
         x509Port.doubleIt(25);
         
         ((java.io.Closeable)x509Port).close();
@@ -362,6 +375,12 @@ public class X509TokenTest extends Abstr
         DoubleItPortType x509Port = 
                 service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(x509Port, PORT2);
+        
+        // DOM
+        x509Port.doubleIt(25);
+        
+        // Streaming
+        SecurityTestUtil.enableStreaming(x509Port);
         x509Port.doubleIt(25);
         
         ((java.io.Closeable)x509Port).close();
@@ -384,6 +403,12 @@ public class X509TokenTest extends Abstr
         DoubleItPortType x509Port = 
                 service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(x509Port, PORT2);
+        
+        // DOM
+        x509Port.doubleIt(25);
+        
+        // Streaming
+        SecurityTestUtil.enableStreaming(x509Port);
         x509Port.doubleIt(25);
         
         ((java.io.Closeable)x509Port).close();
@@ -406,6 +431,12 @@ public class X509TokenTest extends Abstr
         DoubleItPortType x509Port = 
                 service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(x509Port, PORT2);
+        
+        // DOM
+        x509Port.doubleIt(25);
+        
+        // Streaming
+        SecurityTestUtil.enableStreaming(x509Port);
         x509Port.doubleIt(25);
         
         ((java.io.Closeable)x509Port).close();
@@ -530,8 +561,14 @@ public class X509TokenTest extends Abstr
         DoubleItPortType x509Port = 
                 service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(x509Port, PORT2);
+        
+        // DOM
         x509Port.doubleIt(25);
         
+        // Streaming - TODO SignedElements not supported
+        // SecurityTestUtil.enableStreaming(x509Port);
+        // x509Port.doubleIt(25);
+        
         ((java.io.Closeable)x509Port).close();
         bus.shutdown(true);
     }
@@ -590,6 +627,12 @@ public class X509TokenTest extends Abstr
         DoubleItPortType x509Port = 
                 service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(x509Port, PORT2);
+        
+        // DOM
+        x509Port.doubleIt(25);
+        
+        // Streaming
+        SecurityTestUtil.enableStreaming(x509Port);
         x509Port.doubleIt(25);
         
         ((java.io.Closeable)x509Port).close();

Added: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/server/StaxServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/server/StaxServer.java?rev=1486575&view=auto
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/server/StaxServer.java (added)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/server/StaxServer.java Mon May 27 11:14:12 2013
@@ -0,0 +1,41 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.ws.x509.server;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class StaxServer extends AbstractBusTestServerBase {
+
+    public StaxServer() {
+
+    }
+
+    protected void run()  {
+        URL busFile = StaxServer.class.getResource("stax-server.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+    }
+}

Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl?rev=1486575&r1=1486574&r2=1486575&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl Mon May 27 11:14:12 2013
@@ -959,7 +959,7 @@
                 <sp:EndorsingSupportingTokens>
                    <wsp:Policy>
                         <sp:KeyValueToken
-                           sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+                           sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
                            <wsp:Policy>
                               <sp:RsaKeyValue />
                            </wsp:Policy>

Added: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/stax-server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/stax-server.xml?rev=1486575&view=auto
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/stax-server.xml (added)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/stax-server.xml Mon May 27 11:14:12 2013
@@ -0,0 +1,595 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:util="http://www.springframework.org/schema/util"
+    xmlns:jaxws="http://cxf.apache.org/jaxws"
+    xmlns:http="http://cxf.apache.org/transports/http/configuration"
+    xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+    xmlns:sec="http://cxf.apache.org/configuration/security"
+    xmlns:cxf="http://cxf.apache.org/core"
+    xmlns:p="http://cxf.apache.org/policy"
+    xsi:schemaLocation="
+        http://www.springframework.org/schema/beans                     http://www.springframework.org/schema/beans/spring-beans.xsd
+        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd
+        http://cxf.apache.org/jaxws                                     http://cxf.apache.org/schemas/jaxws.xsd
+        http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+        http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd
+        http://cxf.apache.org/transports/http/configuration             http://cxf.apache.org/schemas/configuration/http-conf.xsd
+        http://cxf.apache.org/transports/http-jetty/configuration       http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+        http://cxf.apache.org/configuration/security                    http://cxf.apache.org/schemas/configuration/security.xsd
+    ">
+    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+    
+    <cxf:bus>
+        <cxf:features>
+            <p:policies/>
+            <cxf:logging/>
+        </cxf:features>
+    </cxf:bus>
+    
+    <!-- -->
+    <!-- Any services listening on port 9009 must use the following -->
+    <!-- Transport Layer Security (TLS) settings -->
+    <!-- -->
+    <httpj:engine-factory id="tls-settings">
+        <httpj:engine port="${testutil.ports.StaxServer.2}">
+            <httpj:tlsServerParameters>
+                <sec:keyManagers keyPassword="password">
+                    <sec:keyStore type="jks" password="password" resource="org/apache/cxf/systest/ws/security/Bethal.jks"/>
+                </sec:keyManagers>
+                <sec:cipherSuitesFilter>
+                    <sec:include>.*_EXPORT_.*</sec:include>
+                    <sec:include>.*_EXPORT1024_.*</sec:include>
+                    <sec:include>.*_WITH_DES_.*</sec:include>
+                    <sec:include>.*_WITH_AES_.*</sec:include>
+                    <sec:include>.*_WITH_NULL_.*</sec:include>
+                    <sec:exclude>.*_DH_anon_.*</sec:exclude>
+                </sec:cipherSuitesFilter>
+                <sec:clientAuthentication want="true" required="false"/>
+            </httpj:tlsServerParameters>
+        </httpj:engine>
+    </httpj:engine-factory>
+
+    <jaxws:endpoint 
+       id="KeyIdentifier"
+       address="http://localhost:${testutil.ports.StaxServer}/DoubleItX509KeyIdentifier" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItKeyIdentifierPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl">
+        
+       <jaxws:properties>
+          <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+          <entry key="ws-security.signature.crypto" value-ref="crypto"/>
+          <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+    <bean id="crypto" class="org.apache.wss4j.common.crypto.CryptoFactory" 
+        factory-method="getInstance">
+        <constructor-arg>
+            <util:properties id="cryptoProperties" 
+                     location="classpath:org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
+        </constructor-arg>
+    </bean>
+    
+    <jaxws:endpoint 
+       id="KeyIdentifier2"
+       address="http://localhost:${testutil.ports.StaxServer}/DoubleItX509KeyIdentifier2" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItKeyIdentifierPort2"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleIt2Impl"
+       wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItOperations.wsdl">
+        
+       <jaxws:properties>
+          <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+          <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+          <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
+       id="IssuerSerial"
+       address="http://localhost:${testutil.ports.StaxServer}/DoubleItX509IssuerSerial" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItIssuerSerialPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl">
+        
+       <jaxws:properties>
+          <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+          <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+          <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
+       id="Thumbprint"
+       address="http://localhost:${testutil.ports.StaxServer}/DoubleItX509Thumbprint" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItThumbprintPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl">
+        
+       <jaxws:properties>
+          <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+          <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+          <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
+       id="ContentEncryptedElements"
+       address="http://localhost:${testutil.ports.StaxServer}/DoubleItX509ContentEncryptedElements" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItContentEncryptedElementsPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl">
+        
+       <jaxws:properties>
+          <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+          <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+          <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
+       id="Asymmetric"
+       address="http://localhost:${testutil.ports.StaxServer}/DoubleItX509Asymmetric" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItAsymmetricIssuerSerialPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl">
+        
+       <jaxws:properties>
+          <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+          <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+          <entry key="ws-security.encryption.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/> 
+          <entry key="ws-security.encryption.username" value="alice"/>
+          <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
+       id="AsymmetricThumbprint"
+       address="http://localhost:${testutil.ports.StaxServer}/DoubleItX509AsymmetricThumbprint" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItAsymmetricThumbprintPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl">
+        
+       <jaxws:properties>
+          <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+          <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+          <entry key="ws-security.encryption.username" value="useReqSigCert"/>
+          <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+          <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
+       id="AsymmetricSignature"
+       address="http://localhost:${testutil.ports.StaxServer}/DoubleItX509AsymmetricSignature" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItAsymmetricSignaturePort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509Signature.wsdl">
+        
+       <jaxws:properties>
+          <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+          <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+          <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+          <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
+       id="AsymmetricSignatureSP11"
+       address="http://localhost:${testutil.ports.StaxServer}/DoubleItX509AsymmetricSignatureSP11" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItAsymmetricSignatureSP11Port"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509Signature.wsdl">
+        
+       <jaxws:properties>
+          <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+          <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+          <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+          <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
+       id="AsymmetricEncryption"
+       address="http://localhost:${testutil.ports.StaxServer}/DoubleItX509AsymmetricEncryption" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItAsymmetricEncryptionPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509Signature.wsdl">
+        
+       <jaxws:properties>
+          <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+          <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+          <entry key="ws-security.encryption.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/> 
+          <entry key="ws-security.encryption.username" value="alice"/>
+          <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
+       id="AsymmetricProtectTokens"
+       address="http://localhost:${testutil.ports.StaxServer}/DoubleItX509AsymmetricProtect" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItAsymmetricProtectTokensPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl">
+        
+       <jaxws:properties>
+          <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+          <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+          <entry key="ws-security.encryption.username" value="useReqSigCert"/>
+          <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+          <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
+       id="SymmetricProtectTokens"
+       address="http://localhost:${testutil.ports.StaxServer}/DoubleItX509SymmetricProtect" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItSymmetricProtectTokensPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl">
+        
+       <jaxws:properties>
+          <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+          <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+          <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
+       id="TransportEndorsing"
+       address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItX509TransportEndorsing" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItTransportEndorsingPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl"
+       depends-on="tls-settings">
+        
+       <jaxws:properties>
+          <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+          <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+          <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
+       id="TransportEndorsingSP11"
+       address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItX509TransportEndorsingSP11" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItTransportEndorsingSP11Port"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl"
+       depends-on="tls-settings">
+        
+       <jaxws:properties>
+          <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+          <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+          <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
+       id="TransportSignedEndorsing"
+       address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItX509TransportSignedEndorsing" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItTransportSignedEndorsingPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl"
+       depends-on="tls-settings">
+        
+       <jaxws:properties>
+          <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+          <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+          <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
+       id="TransportEndorsingEncrypted"
+       address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItX509TransportEndorsingEncrypted" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItTransportEndorsingEncryptedPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl"
+       depends-on="tls-settings">
+        
+       <jaxws:properties>
+          <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+          <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+          <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint>
+    
+    <jaxws:endpoint 
+       id="TransportSignedEndorsingEncrypted"
+       address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItX509TransportSignedEndorsingEncrypted" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItTransportSignedEndorsingEncryptedPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl"
+       depends-on="tls-settings">
+        
+       <jaxws:properties>
+          <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+          <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+          <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
+       id="TransportSupportingSigned"
+       address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItX509TransportSupportingSigned" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItTransportSupportingSignedPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl"
+       depends-on="tls-settings">
+        
+       <jaxws:properties>
+          <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+          <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+          <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
+       id="TransportSupportingSignedCertConstraints"
+       address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItX509TransportSupportingSignedCertConstraints" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItTransportSupportingSignedCertConstraintsPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl"
+       depends-on="tls-settings">
+        
+       <jaxws:properties>
+          <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/cxfca.properties"/> 
+          <entry key="ws-security.subject.cert.constraints" value=".*CN=alice.*"/>
+          <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
+       id="TransportKVT"
+       address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItX509TransportKVT" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItTransportKVTPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl"
+       depends-on="tls-settings">
+        
+       <jaxws:properties>
+          <entry key="ws-security.encryption.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/> 
+          <entry key="ws-security.is-bsp-compliant" value="false"/>
+          <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
+       id="TransportSupportingToken"
+       address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItX509TransportSupportingToken" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItTransportSupportingTokenPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl"
+       depends-on="tls-settings">
+        
+       <jaxws:properties>
+          <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+          <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+          <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties>
+       <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/x509/supp-token-policy.xml" />
+            </p:policies>
+        </jaxws:features>
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
+       id="TransportSupportingToken2"
+       address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItX509TransportSupportingToken2" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItTransportSupportingTokenPort2"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl"
+       depends-on="tls-settings">
+        
+       <jaxws:properties>
+          <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+          <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+          <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties>
+       <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/x509/supp-token-policy.xml" />
+            </p:policies>
+        </jaxws:features>
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
+       id="TransportPKISupportingToken"
+       address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItX509TransportPKISupportingToken" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItTransportPKISupportingTokenPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl"
+       depends-on="tls-settings">
+        
+       <jaxws:properties>
+          <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+          <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+          <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties>
+       <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/x509/supp-token-pki-policy.xml" />
+            </p:policies>
+        </jaxws:features>
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
+       id="TransportEndorsingNegativeTest"
+       address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItX509TransportNegativeEndorsing" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItTransportNegativeEndorsingPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl"
+       depends-on="tls-settings">
+        
+       <jaxws:properties>
+          <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+          <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+          <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties>
+       <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/x509/end-supp-token-policy.xml" />
+            </p:policies>
+        </jaxws:features>
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
+       id="TransportEndorsingNegativeTest2"
+       address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItX509TransportNegativeEndorsing2" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItTransportNegativeEndorsingPort2"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl"
+       depends-on="tls-settings">
+        
+       <jaxws:properties>
+          <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+          <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+          <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties>
+       <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/x509/end-supp-token-policy.xml" />
+            </p:policies>
+        </jaxws:features>
+     
+    </jaxws:endpoint> 
+    
+</beans>



Mime
View raw message