cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1490619 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/ rt/...
Date Fri, 07 Jun 2013 12:51:04 GMT
Author: coheigea
Date: Fri Jun  7 12:51:03 2013
New Revision: 1490619

URL: http://svn.apache.org/r1490619
Log:
Adding streaming Kerberos support

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/StaxKerberosTokenTest.java
    cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/client/client.xml

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java?rev=1490619&r1=1490618&r2=1490619&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
Fri Jun  7 12:51:03 2013
@@ -138,8 +138,10 @@ public class KerberosClient implements C
         SecurityToken token = new SecurityToken(bst.getID());
         token.setToken(bst.getElement());
         token.setWsuId(bst.getID());
+        token.setData(bst.getToken());
         SecretKey secretKey = bst.getSecretKey();
         if (secretKey != null) {
+            token.setKey(secretKey);
             token.setSecret(secretKey.getEncoded());
         }
         String sha1 = Base64.encode(WSSecurityUtil.generateDigest(bst.getToken()));

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java?rev=1490619&r1=1490618&r2=1490619&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
Fri Jun  7 12:51:03 2013
@@ -78,8 +78,8 @@ public class KerberosTokenInterceptorPro
     public KerberosTokenInterceptorProvider() {
         super(Arrays.asList(SP11Constants.KERBEROS_TOKEN, SP12Constants.KERBEROS_TOKEN));
        
-        this.getOutInterceptors().add(new KerberosTokenDOMOutInterceptor());
-        this.getOutFaultInterceptors().add(new KerberosTokenDOMOutInterceptor());
+        this.getOutInterceptors().add(new KerberosTokenOutInterceptor());
+        this.getOutFaultInterceptors().add(new KerberosTokenOutInterceptor());
         this.getInInterceptors().add(new KerberosTokenDOMInInterceptor());
         this.getInFaultInterceptors().add(new KerberosTokenDOMInInterceptor());
         
@@ -112,16 +112,14 @@ public class KerberosTokenInterceptorPro
         }
     }
 
-    static class KerberosTokenDOMOutInterceptor extends AbstractPhaseInterceptor<Message>
{
-        public KerberosTokenDOMOutInterceptor() {
+    static class KerberosTokenOutInterceptor extends AbstractPhaseInterceptor<Message>
{
+        public KerberosTokenOutInterceptor() {
             super(Phase.PREPARE_SEND);
         }
         public void handleMessage(Message message) throws Fault {
             AssertionInfoMap aim = message.get(AssertionInfoMap.class);
             // extract Assertion information
-            boolean enableStax = 
-                MessageUtils.isTrue(message.getContextualProperty(SecurityConstants.ENABLE_STREAMING_SECURITY));
-            if (aim != null && !enableStax) {
+            if (aim != null) {
                 Collection<AssertionInfo> ais = 
                     NegotiationUtils.getAllAssertionsByLocalname(aim, SPConstants.KERBEROS_TOKEN);
                 if (ais.isEmpty()) {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java?rev=1490619&r1=1490618&r2=1490619&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
Fri Jun  7 12:51:03 2013
@@ -20,6 +20,7 @@
 package org.apache.cxf.ws.security.tokenstore;
 
 import java.io.Serializable;
+import java.security.Key;
 import java.security.Principal;
 import java.security.cert.X509Certificate;
 import java.text.DateFormat;
@@ -92,6 +93,16 @@ public class SecurityToken implements Se
     private byte[] secret;
     
     /**
+     * Some binary data associated with the token
+     */
+    private byte[] data;
+    
+    /**
+     * A key associated with the token
+     */
+    private transient Key key;
+    
+    /**
      * Created time
      */
     private Date created;
@@ -509,5 +520,21 @@ public class SecurityToken implements Se
     public SecurityContext getSecurityContext() {
         return securityContext;
     }
+
+    public Key getKey() {
+        return key;
+    }
+
+    public void setKey(Key key) {
+        this.key = key;
+    }
+
+    public byte[] getData() {
+        return data;
+    }
+
+    public void setData(byte[] data) {
+        this.data = data;
+    }
     
 } 

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java?rev=1490619&r1=1490618&r2=1490619&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
Fri Jun  7 12:51:03 2013
@@ -26,6 +26,7 @@ import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
+import java.util.Map;
 import java.util.Properties;
 import java.util.logging.Logger;
 
@@ -52,6 +53,8 @@ import org.apache.wss4j.dom.handler.WSHa
 import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.SPConstants;
+import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
+import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
 
 /**
  * 
@@ -328,23 +331,25 @@ public class PolicyBasedWSS4JStaxOutInte
     }
     
     @Override
-    protected void configureProperties(SoapMessage msg) throws WSSecurityException {
+    protected void configureProperties(
+        SoapMessage msg, Map<String, SecurityTokenProvider<OutboundSecurityToken>>
outboundTokens
+    ) throws WSSecurityException {
         AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
         checkAsymmetricBinding(aim, msg);
         checkSymmetricBinding(aim, msg);
         checkTransportBinding(aim, msg);
         
-        super.configureProperties(msg);
+        super.configureProperties(msg, outboundTokens);
         
         Collection<AssertionInfo> ais = 
             getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
         if (!ais.isEmpty()) {
-            new StaxTransportBindingHandler(getProperties(), msg).handleBinding();
+            new StaxTransportBindingHandler(getProperties(), msg, outboundTokens).handleBinding();
         }
         
         ais = getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
         if (!ais.isEmpty()) {
-            new StaxAsymmetricBindingHandler(getProperties(), msg).handleBinding();
+            new StaxAsymmetricBindingHandler(getProperties(), msg, outboundTokens).handleBinding();
         }
     }
     

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java?rev=1490619&r1=1490618&r2=1490619&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
Fri Jun  7 12:51:03 2013
@@ -19,6 +19,7 @@
 package org.apache.cxf.ws.security.wss4j;
 
 import java.io.OutputStream;
+import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
@@ -45,8 +46,11 @@ import org.apache.wss4j.stax.Configurati
 import org.apache.wss4j.stax.WSSec;
 import org.apache.wss4j.stax.ext.OutboundWSSec;
 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
+import org.apache.xml.security.stax.impl.OutboundSecurityContextImpl;
 import org.apache.xml.security.stax.securityEvent.SecurityEvent;
 import org.apache.xml.security.stax.securityEvent.SecurityEventListener;
+import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
+import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
 
 public class WSS4JStaxOutInterceptor extends AbstractWSS4JStaxInterceptor {
     
@@ -116,7 +120,9 @@ public class WSS4JStaxOutInterceptor ext
                 (List<SecurityEvent>) mc.getExchange().get(SecurityEvent.class.getName()
+ ".in");
             
             translateProperties(mc);
-            configureProperties(mc);
+            Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens
= 
+                new HashMap<String, SecurityTokenProvider<OutboundSecurityToken>>();
+            configureProperties(mc, outboundTokens);
             configureCallbackHandler(mc);
             
             OutboundWSSec outboundWSSec = null;
@@ -132,8 +138,18 @@ public class WSS4JStaxOutInterceptor ext
             
             outboundWSSec = WSSec.getOutboundWSSec(secProps);
             
-            newXMLStreamWriter = 
-                outboundWSSec.processOutMessage(os, encoding, requestSecurityEvents, securityEventListener);
+            final OutboundSecurityContextImpl outboundSecurityContext = new OutboundSecurityContextImpl();
+            outboundSecurityContext.putList(SecurityEvent.class, requestSecurityEvents);
+            outboundSecurityContext.addSecurityEventListener(securityEventListener);
+            
+            // Save Tokens on the security context
+            for (String key : outboundTokens.keySet()) {
+                SecurityTokenProvider<OutboundSecurityToken> provider = outboundTokens.get(key);
+                outboundSecurityContext.registerSecurityTokenProvider(provider.getId(), provider);
+                outboundSecurityContext.put(key, provider.getId());
+            }
+            
+            newXMLStreamWriter = outboundWSSec.processOutMessage(os, encoding, outboundSecurityContext);
             mc.setContent(XMLStreamWriter.class, newXMLStreamWriter);
         } catch (WSSecurityException e) {
             throw new Fault(e);
@@ -175,7 +191,9 @@ public class WSS4JStaxOutInterceptor ext
         return securityEventListener;
     }
     
-    protected void configureProperties(SoapMessage msg) throws WSSecurityException {
+    protected void configureProperties(
+        SoapMessage msg, Map<String, SecurityTokenProvider<OutboundSecurityToken>>
outboundTokens
+    ) throws WSSecurityException {
         Map<String, Object> config = getProperties();
         
         // Crypto loading only applies for Map

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java?rev=1490619&r1=1490618&r2=1490619&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
Fri Jun  7 12:51:03 2013
@@ -45,6 +45,7 @@ import org.apache.cxf.ws.policy.Assertio
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.policy.PolicyException;
 import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory;
 import org.apache.neethi.Assertion;
@@ -61,6 +62,7 @@ import org.apache.wss4j.policy.model.Abs
 import org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType;
 import org.apache.wss4j.policy.model.EncryptedParts;
 import org.apache.wss4j.policy.model.Header;
+import org.apache.wss4j.policy.model.KerberosToken;
 import org.apache.wss4j.policy.model.KeyValueToken;
 import org.apache.wss4j.policy.model.Layout;
 import org.apache.wss4j.policy.model.Layout.LayoutType;
@@ -76,8 +78,11 @@ import org.apache.wss4j.policy.model.Wss
 import org.apache.wss4j.policy.model.X509Token;
 import org.apache.wss4j.policy.model.X509Token.TokenType;
 import org.apache.wss4j.stax.ext.WSSConstants;
+import org.apache.wss4j.stax.impl.securityToken.KerberosClientSecurityToken;
 import org.apache.xml.security.stax.ext.SecurePart;
 import org.apache.xml.security.stax.ext.SecurePart.Modifier;
+import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
+import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
 
 /**
  * 
@@ -91,13 +96,19 @@ public abstract class AbstractStaxBindin
     protected Map<AbstractToken, SecurePart> endSuppTokMap;
     protected Map<AbstractToken, SecurePart> sgndEndEncSuppTokMap;
     protected Map<AbstractToken, SecurePart> sgndEndSuppTokMap;
+    protected Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens;
     
     private final Map<String, Object> properties;
     private final SoapMessage message;
     
-    public AbstractStaxBindingHandler(Map<String, Object> properties, SoapMessage msg)
{
+    public AbstractStaxBindingHandler(
+        Map<String, Object> properties, 
+        SoapMessage msg,
+        Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens
+    ) {
         this.properties = properties;
         this.message = msg;
+        this.outboundTokens = outboundTokens;
     }
 
     protected SecurePart addUsernameToken(UsernameToken usernameToken) {
@@ -139,6 +150,65 @@ public abstract class AbstractStaxBindin
         return new SecurePart(WSSConstants.TAG_wsse_UsernameToken, Modifier.Element);
     }
     
+    protected SecurePart addKerberosToken(
+        KerberosToken token, boolean signed, boolean endorsing
+    ) throws WSSecurityException {
+        IncludeTokenType includeToken = token.getIncludeTokenType();
+        if (!isTokenRequired(includeToken)) {
+            return null;
+        }
+
+        SecurityToken secToken = getSecurityToken();
+        if (secToken == null) {
+            policyNotAsserted(token, "Could not find KerberosToken");
+        }
+        
+        // Convert to WSS4J token
+        final KerberosClientSecurityToken wss4jToken = 
+            new KerberosClientSecurityToken(secToken.getData(), secToken.getKey(), secToken.getId());
+        
+        final SecurityTokenProvider<OutboundSecurityToken> kerberosSecurityTokenProvider
=
+            new SecurityTokenProvider<OutboundSecurityToken>() {
+
+                @Override
+                public OutboundSecurityToken getSecurityToken() throws WSSecurityException
{
+                    return wss4jToken;
+                }
+
+                @Override
+                public String getId() {
+                    return wss4jToken.getId();
+                }
+            };
+        outboundTokens.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_BST, 
+                           kerberosSecurityTokenProvider);
+        
+        // Action
+        Map<String, Object> config = getProperties();
+        String actionToPerform = ConfigurationConstants.KERBEROS_TOKEN;
+        if (endorsing) {
+            actionToPerform = ConfigurationConstants.SIGNATURE_WITH_KERBEROS_TOKEN;
+        }
+        
+        if (config.containsKey(ConfigurationConstants.ACTION)) {
+            String action = (String)config.get(ConfigurationConstants.ACTION);
+            config.put(ConfigurationConstants.ACTION, action + " " + actionToPerform);
+        } else {
+            config.put(ConfigurationConstants.ACTION, actionToPerform);
+        }
+        
+        /*
+        if (endorsing) {
+            String action = (String)config.get(ConfigurationConstants.ACTION);
+            config.put(ConfigurationConstants.ACTION,
+                ConfigurationConstants.SIGNATURE_WITH_KERBEROS_TOKEN  + " " + action);
+            // config.put(ConfigurationConstants.SIG_KEY_ID, "DirectReference");
+        }
+        */
+        
+        return new SecurePart(WSSConstants.TAG_wsse_BinarySecurityToken, Modifier.Element);
+    }
+    
     protected SecurePart addSamlToken(
         SamlToken token, 
         boolean signed,
@@ -602,6 +672,14 @@ public abstract class AbstractStaxBindin
                 }
 
             } */
+            } else if (isRequestor() && token instanceof KerberosToken) {
+                SecurePart securePart = addKerberosToken((KerberosToken)token, signed, endorse);
+                if (securePart != null) {
+                    ret.put(token, securePart);
+                    if (suppTokens.isEncryptedToken()) {
+                        encryptedTokensList.add(securePart);
+                    }
+                }
             } else if (token instanceof X509Token || token instanceof KeyValueToken) {
                 configureSignature(suppTokens, token, false);
                 if (suppTokens.isEncryptedToken()) {
@@ -645,6 +723,22 @@ public abstract class AbstractStaxBindin
         }
     }
     
+    protected SecurityToken getSecurityToken() {
+        SecurityToken st = (SecurityToken)message.getContextualProperty(SecurityConstants.TOKEN);
+        if (st == null) {
+            String id = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
+            if (id != null) {
+                st = getTokenStore().getToken(id);
+            }
+        }
+        if (st != null) {
+            getTokenStore().add(st);
+            return st;
+        }
+        return null;
+    }
+
+    
     protected Collection<Assertion> findAndAssertPolicy(QName n) {
         AssertionInfoMap aim = message.get(AssertionInfoMap.class);
         Collection<AssertionInfo> ais = aim.getAssertionInfo(n);
@@ -854,5 +948,4 @@ public abstract class AbstractStaxBindin
         return encryptedParts;
     }
     
-      
 }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java?rev=1490619&r1=1490618&r2=1490619&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
Fri Jun  7 12:51:03 2013
@@ -46,6 +46,8 @@ import org.apache.wss4j.policy.model.X50
 import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.xml.security.stax.ext.SecurePart;
 import org.apache.xml.security.stax.ext.SecurePart.Modifier;
+import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
+import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
 
 /**
  * 
@@ -57,8 +59,12 @@ public class StaxAsymmetricBindingHandle
     private AsymmetricBinding abinding;
     private SoapMessage message;
     
-    public StaxAsymmetricBindingHandler(Map<String, Object> properties, SoapMessage
msg) {
-        super(properties, msg);
+    public StaxAsymmetricBindingHandler(
+        Map<String, Object> properties, 
+        SoapMessage msg,
+        Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens
+    ) {
+        super(properties, msg, outboundTokens);
         this.message = msg;
     }
     

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java?rev=1490619&r1=1490618&r2=1490619&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
Fri Jun  7 12:51:03 2013
@@ -38,6 +38,7 @@ import org.apache.wss4j.policy.model.Abs
 import org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType;
 import org.apache.wss4j.policy.model.Header;
 import org.apache.wss4j.policy.model.IssuedToken;
+import org.apache.wss4j.policy.model.KerberosToken;
 import org.apache.wss4j.policy.model.KeyValueToken;
 import org.apache.wss4j.policy.model.SamlToken;
 import org.apache.wss4j.policy.model.SignedElements;
@@ -48,6 +49,8 @@ import org.apache.wss4j.policy.model.Tra
 import org.apache.wss4j.policy.model.UsernameToken;
 import org.apache.wss4j.policy.model.X509Token;
 import org.apache.wss4j.stax.ext.WSSConstants;
+import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
+import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
 
 /**
  * 
@@ -57,8 +60,12 @@ public class StaxTransportBindingHandler
     private static final Logger LOG = LogUtils.getL7dLogger(StaxTransportBindingHandler.class);
     private TransportBinding tbinding;
 
-    public StaxTransportBindingHandler(Map<String, Object> properties, SoapMessage
msg) {
-        super(properties, msg);
+    public StaxTransportBindingHandler(
+        Map<String, Object> properties, 
+        SoapMessage msg,
+        Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens
+    ) {
+        super(properties, msg, outboundTokens);
     }
     
     public void handleBinding() {
@@ -143,7 +150,7 @@ public class StaxTransportBindingHandler
             if (token instanceof UsernameToken) {
                 addUsernameToken((UsernameToken)token);
             /*TODO 
-              else if (token instanceof IssuedToken || token instanceof KerberosToken) {
+              else if (token instanceof IssuedToken) {
                 SecurityToken secTok = getSecurityToken();
                 
                 if (includeToken(token.getIncludeTokenType())) {
@@ -151,6 +158,8 @@ public class StaxTransportBindingHandler
                     addEncryptedKeyElement(cloneElement(secTok.getToken()));
                 }
             } */
+            } else if (token instanceof KerberosToken) {
+                addKerberosToken((KerberosToken)token, false, false);
             } else if (token instanceof SamlToken) {
                 addSamlToken((SamlToken)token, false, false);
             } else {
@@ -230,7 +239,6 @@ public class StaxTransportBindingHandler
         /* TODO if (token instanceof IssuedToken
             || token instanceof SecureConversationToken
             || token instanceof SecurityContextToken
-            || token instanceof KerberosToken
             || token instanceof SpnegoContextToken) {
             addSig(doIssuedTokenSignature(token, wrapper));
         } else */ 
@@ -248,6 +256,15 @@ public class StaxTransportBindingHandler
             config.put(ConfigurationConstants.SIG_DIGEST_ALGO, algType.getDigest());
         } else if (token instanceof UsernameToken) {
             throw new Exception("Endorsing UsernameTokens are not supported in the streaming
code");
+        } else if (token instanceof KerberosToken) {
+            addKerberosToken((KerberosToken)token, false, true);
+            signPartsAndElements(wrapper.getSignedParts(), wrapper.getSignedElements());
+            
+            Map<String, Object> config = getProperties();
+            config.put(ConfigurationConstants.SIG_ALGO, 
+                       tbinding.getAlgorithmSuite().getSymmetricSignature());
+            AlgorithmSuiteType algType = tbinding.getAlgorithmSuite().getAlgorithmSuiteType();
+            config.put(ConfigurationConstants.SIG_DIGEST_ALGO, algType.getDigest());
         }
     }
     

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java?rev=1490619&r1=1490618&r2=1490619&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java
Fri Jun  7 12:51:03 2013
@@ -89,8 +89,13 @@ public class KerberosTokenTest extends A
                 service.getPort(portQName, DoubleItPortType.class);
         
         updateAddressPort(kerberosPort, PORT2);
-        int result = kerberosPort.doubleIt(25);
-        assertTrue(result == 50);
+        
+        // DOM
+        kerberosPort.doubleIt(25);
+        
+        // Streaming
+        SecurityTestUtil.enableStreaming(kerberosPort);
+        kerberosPort.doubleIt(25);
         
         ((java.io.Closeable)kerberosPort).close();
         bus.shutdown(true);
@@ -205,8 +210,12 @@ public class KerberosTokenTest extends A
 
         updateAddressPort(kerberosPort, PORT);
         
-        int result = kerberosPort.doubleIt(25);
-        assertTrue(result == 50);
+        // DOM
+        kerberosPort.doubleIt(25);
+        
+        // Streaming
+        SecurityTestUtil.enableStreaming(kerberosPort);
+        kerberosPort.doubleIt(25);
         
         ((java.io.Closeable)kerberosPort).close();
         bus.shutdown(true);
@@ -229,8 +238,13 @@ public class KerberosTokenTest extends A
                 service.getPort(portQName, DoubleItPortType.class);
 
         updateAddressPort(kerberosPort, PORT2);
-        int result = kerberosPort.doubleIt(25);
-        assertTrue(result == 50);
+        
+        // DOM
+        kerberosPort.doubleIt(25);
+        
+        // Streaming
+        SecurityTestUtil.enableStreaming(kerberosPort);
+        kerberosPort.doubleIt(25);
         
         ((java.io.Closeable)kerberosPort).close();
         bus.shutdown(true);
@@ -360,8 +374,12 @@ public class KerberosTokenTest extends A
         
         updateAddressPort(kerberosPort, PORT);
         
-        int result = kerberosPort.doubleIt(25);
-        assertTrue(result == 50);
+        // DOM
+        kerberosPort.doubleIt(25);
+        
+        // Streaming
+        SecurityTestUtil.enableStreaming(kerberosPort);
+        kerberosPort.doubleIt(25);
         
         ((java.io.Closeable)kerberosPort).close();
         bus.shutdown(true);

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/StaxKerberosTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/StaxKerberosTokenTest.java?rev=1490619&r1=1490618&r2=1490619&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/StaxKerberosTokenTest.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/StaxKerberosTokenTest.java
Fri Jun  7 12:51:03 2013
@@ -39,7 +39,7 @@ import org.junit.BeforeClass;
  * "/etc/bob.keytab" (this can all be edited in src/test/resource/kerberos.jaas". Then disable
the
  * @Ignore annotations and run the tests with:
  *  
- * mvn test -Pnochecks -Dtest=KerberosTokenTest 
+ * mvn test -Pnochecks -Dtest=StaxKerberosTokenTest 
  *     -Djava.security.auth.login.config=src/test/resources/kerberos.jaas
  * 
  * See here for more information:
@@ -96,9 +96,9 @@ public class StaxKerberosTokenTest exten
         // DOM
         kerberosPort.doubleIt(25);
         
-        // TODO Streaming
-        // SecurityTestUtil.enableStreaming(kerberosPort);
-        // kerberosPort.doubleIt(25);
+        // Streaming
+        SecurityTestUtil.enableStreaming(kerberosPort);
+        kerberosPort.doubleIt(25);
         
         ((java.io.Closeable)kerberosPort).close();
         bus.shutdown(true);
@@ -190,16 +190,15 @@ public class StaxKerberosTokenTest exten
         // DOM
         kerberosPort.doubleIt(25);
         
-        // TODO Streaming
-        // SecurityTestUtil.enableStreaming(kerberosPort);
-        // kerberosPort.doubleIt(25);
+        // Streaming
+        SecurityTestUtil.enableStreaming(kerberosPort);
+        kerberosPort.doubleIt(25);
         
         ((java.io.Closeable)kerberosPort).close();
         bus.shutdown(true);
     }
     
     @org.junit.Test
-    @org.junit.Ignore
     public void testKerberosOverTransportEndorsing() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
@@ -220,9 +219,9 @@ public class StaxKerberosTokenTest exten
         // DOM
         kerberosPort.doubleIt(25);
         
-        // TODO Streaming
-        // SecurityTestUtil.enableStreaming(kerberosPort);
-        // kerberosPort.doubleIt(25);
+        // Streaming
+        SecurityTestUtil.enableStreaming(kerberosPort);
+        kerberosPort.doubleIt(25);
         
         ((java.io.Closeable)kerberosPort).close();
         bus.shutdown(true);
@@ -370,9 +369,9 @@ public class StaxKerberosTokenTest exten
         // DOM
         kerberosPort.doubleIt(25);
         
-        // TODO Streaming
-        // SecurityTestUtil.enableStreaming(kerberosPort);
-        // kerberosPort.doubleIt(25);
+        // Streaming
+        SecurityTestUtil.enableStreaming(kerberosPort);
+        kerberosPort.doubleIt(25);
         
         ((java.io.Closeable)kerberosPort).close();
         bus.shutdown(true);

Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/client/client.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/client/client.xml?rev=1490619&r1=1490618&r2=1490619&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/client/client.xml
(original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/client/client.xml
Fri Jun  7 12:51:03 2013
@@ -144,6 +144,11 @@
                    <property name="serviceName" value="bob@service.ws.apache.org"/>
                </bean>            
            </entry> 
+           <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/>
+           <entry key="ws-security.signature.username" value="alice"/> 
+           <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
        </jaxws:properties>
     </jaxws:client>
     



Mime
View raw message