cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1498972 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/ systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/ sys...
Date Tue, 02 Jul 2013 15:22:26 GMT
Author: coheigea
Date: Tue Jul  2 15:22:25 2013
New Revision: 1498972

URL: http://svn.apache.org/r1498972
Log:
More streaming tests + various bug fixes

Added:
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/StaxWSSecurity10Test.java
      - copied, changed from r1498971, cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10Test.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/StaxServer.java
    cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server/stax-server.xml
    cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server/stax-server_restricted.xml
Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10Test.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java?rev=1498972&r1=1498971&r2=1498972&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
Tue Jul  2 15:22:25 2013
@@ -227,6 +227,11 @@ public class WSS4JStaxOutInterceptor ext
             if (sigCrypto != null) {
                 config.put(ConfigurationConstants.SIG_PROP_REF_ID, "RefId-" + sigCrypto.hashCode());
                 config.put("RefId-" + sigCrypto.hashCode(), sigCrypto);
+                if (sigUser == null && sigCrypto.getDefaultX509Identifier() != null)
{
+                    // Fall back to default identifier
+                    config.put(ConfigurationConstants.SIGNATURE_USER, 
+                               sigCrypto.getDefaultX509Identifier());
+                }
             }
             
             Crypto encCrypto = 
@@ -238,6 +243,11 @@ public class WSS4JStaxOutInterceptor ext
             if (encCrypto != null) {
                 config.put(ConfigurationConstants.ENC_PROP_REF_ID, "RefId-" + encCrypto.hashCode());
                 config.put("RefId-" + encCrypto.hashCode(), encCrypto);
+                if (encUser == null && encCrypto.getDefaultX509Identifier() != null)
{
+                    // Fall back to default identifier
+                    config.put(ConfigurationConstants.ENCRYPTION_USER, 
+                               encCrypto.getDefaultX509Identifier());
+                }
             }
         }
     }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java?rev=1498972&r1=1498971&r2=1498972&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
Tue Jul  2 15:22:25 2013
@@ -90,6 +90,7 @@ import org.apache.xml.security.stax.secu
 public abstract class AbstractStaxBindingHandler {
     private static final Logger LOG = LogUtils.getL7dLogger(AbstractStaxBindingHandler.class);
     protected boolean timestampAdded;
+    protected boolean signatureConfirmationAdded;
     protected Set<SecurePart> encryptedTokensList = new HashSet<SecurePart>();
     
     protected Map<AbstractToken, SecurePart> endEncSuppTokMap;
@@ -848,6 +849,7 @@ public abstract class AbstractStaxBindin
                 new SecurePart(WSSConstants.TAG_wsse11_SignatureConfirmation, Modifier.Element);
             sigParts.add(securePart);
         }
+        signatureConfirmationAdded = true;
     }
     
     /**

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java?rev=1498972&r1=1498971&r2=1498972&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
Tue Jul  2 15:22:25 2013
@@ -150,6 +150,11 @@ public class StaxAsymmetricBindingHandle
                 SecurePart part = 
                     new SecurePart(new QName(WSSConstants.NS_DSIG, "Signature"), Modifier.Element);
                 enc.add(part);
+                if (signatureConfirmationAdded) {
+                    SecurePart securePart = 
+                        new SecurePart(WSSConstants.TAG_wsse11_SignatureConfirmation, Modifier.Element);
+                    enc.add(securePart);
+                }
             }
             
             //Do encryption
@@ -257,6 +262,11 @@ public class StaxAsymmetricBindingHandle
                     SecurePart part = 
                         new SecurePart(new QName(WSSConstants.NS_DSIG, "Signature"), Modifier.Element);
                     encrParts.add(part);
+                    if (signatureConfirmationAdded) {
+                        SecurePart securePart = 
+                            new SecurePart(WSSConstants.TAG_wsse11_SignatureConfirmation,
Modifier.Element);
+                        encrParts.add(securePart);
+                    }
                 }
                 
                 doEncryption(wrapper, encrParts, true);

Copied: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/StaxWSSecurity10Test.java
(from r1498971, cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10Test.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/StaxWSSecurity10Test.java?p2=cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/StaxWSSecurity10Test.java&p1=cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10Test.java&r1=1498971&r2=1498972&rev=1498972&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10Test.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/StaxWSSecurity10Test.java
Tue Jul  2 15:22:25 2013
@@ -24,6 +24,7 @@ import java.net.MalformedURLException;
 import java.net.URL;
 
 import javax.xml.namespace.QName;
+import javax.xml.ws.BindingProvider;
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.BusFactory;
@@ -31,10 +32,11 @@ import org.apache.cxf.bus.spring.SpringB
 import org.apache.cxf.endpoint.Client;
 import org.apache.cxf.frontend.ClientProxy;
 import org.apache.cxf.systest.ws.common.SecurityTestUtil;
-import org.apache.cxf.systest.ws.wssec10.server.Server;
+import org.apache.cxf.systest.ws.wssec10.server.StaxServer;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
 import org.apache.cxf.transport.http.HTTPConduit;
 import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
+import org.apache.cxf.ws.security.SecurityConstants;
 import org.junit.BeforeClass;
 import org.junit.Test;
 
@@ -43,11 +45,11 @@ import wssec.wssec10.PingService;
 
 
 /**
- *
+ * It tests both DOM + StAX clients against the StAX server
  */
-public class WSSecurity10Test extends AbstractBusClientServerTestBase {
-    static final String PORT = allocatePort(Server.class);
-    static final String SSL_PORT = allocatePort(Server.class, 1);
+public class StaxWSSecurity10Test extends AbstractBusClientServerTestBase {
+    static final String PORT = allocatePort(StaxServer.class);
+    static final String SSL_PORT = allocatePort(StaxServer.class, 1);
 
     private static final String INPUT = "foo";
     private static boolean unrestrictedPoliciesInstalled;
@@ -63,7 +65,7 @@ public class WSSecurity10Test extends Ab
             "Server failed to launch",
             // run the server in the same process
             // set this to false to fork
-            launchServer(Server.class, true)
+            launchServer(StaxServer.class, true)
         );
     }
     
@@ -74,7 +76,7 @@ public class WSSecurity10Test extends Ab
     }
 
     @Test
-    public void testClientServer() {
+    public void testClientServerDOM() {
 
         String[] argv = new String[] {
             "UserName",
@@ -115,7 +117,65 @@ public class WSSecurity10Test extends Ab
             httpClientPolicy.setReceiveTimeout(0);
              
             http.setClient(httpClientPolicy);
-            final String output = port.echo(INPUT);
+            String output = port.echo(INPUT);
+            assertEquals(INPUT, output);
+            
+            cl.destroy();
+        }
+        
+        bus.shutdown(true);
+    }
+    
+    @Test
+    public void testClientServerStreaming() {
+
+        String[] argv = new String[] {
+            // TODO - See WSS-458 "UserName",
+            "UserNameOverTransport",
+            "MutualCertificate10SignEncrypt",
+            "MutualCertificate10SignEncryptRsa15TripleDes"
+        };
+        //argv = new String[] {argv[1]};
+        Bus bus = null;
+        if (unrestrictedPoliciesInstalled) {
+            bus = new SpringBusFactory().createBus("org/apache/cxf/systest/ws/wssec10/client/client.xml");
+        } else {
+            bus = new SpringBusFactory().createBus(
+                    "org/apache/cxf/systest/ws/wssec10/client/client_restricted.xml");
+        }
+        BusFactory.setDefaultBus(bus);
+        BusFactory.setThreadDefaultBus(bus);
+        URL wsdlLocation = null;
+        for (String portPrefix : argv) {
+            PingService svc = null; 
+            wsdlLocation = getWsdlLocation(portPrefix); 
+            svc = new PingService(wsdlLocation);
+            final IPingService port = 
+                svc.getPort(
+                    new QName(
+                        "http://WSSec/wssec10",
+                        portPrefix + "_IPingService"
+                    ),
+                    IPingService.class
+                );
+         
+            // Streaming
+            ((BindingProvider)port).getRequestContext().put(
+                SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
+            );
+            ((BindingProvider)port).getResponseContext().put(
+                SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
+            );
+            Client cl = ClientProxy.getClient(port);
+            
+            HTTPConduit http = (HTTPConduit) cl.getConduit();
+             
+            HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
+            httpClientPolicy.setConnectionTimeout(0);
+            httpClientPolicy.setReceiveTimeout(0);
+             
+            http.setClient(httpClientPolicy);
+            String output = port.echo(INPUT);
             assertEquals(INPUT, output);
             
             cl.destroy();

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10Test.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10Test.java?rev=1498972&r1=1498971&r2=1498972&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10Test.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10Test.java
Tue Jul  2 15:22:25 2013
@@ -24,6 +24,7 @@ import java.net.MalformedURLException;
 import java.net.URL;
 
 import javax.xml.namespace.QName;
+import javax.xml.ws.BindingProvider;
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.BusFactory;
@@ -35,6 +36,7 @@ import org.apache.cxf.systest.ws.wssec10
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
 import org.apache.cxf.transport.http.HTTPConduit;
 import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
+import org.apache.cxf.ws.security.SecurityConstants;
 import org.junit.BeforeClass;
 import org.junit.Test;
 
@@ -43,7 +45,7 @@ import wssec.wssec10.PingService;
 
 
 /**
- *
+ * It tests both DOM + StAX clients against the DOM server
  */
 public class WSSecurity10Test extends AbstractBusClientServerTestBase {
     static final String PORT = allocatePort(Server.class);
@@ -74,7 +76,7 @@ public class WSSecurity10Test extends Ab
     }
 
     @Test
-    public void testClientServer() {
+    public void testClientServerDOM() {
 
         String[] argv = new String[] {
             "UserName",
@@ -115,7 +117,65 @@ public class WSSecurity10Test extends Ab
             httpClientPolicy.setReceiveTimeout(0);
              
             http.setClient(httpClientPolicy);
-            final String output = port.echo(INPUT);
+            String output = port.echo(INPUT);
+            assertEquals(INPUT, output);
+            
+            cl.destroy();
+        }
+        
+        bus.shutdown(true);
+    }
+    
+    @Test
+    public void testClientServerStreaming() {
+
+        String[] argv = new String[] {
+            // TODO - See WSS-458 "UserName",
+            "UserNameOverTransport",
+            "MutualCertificate10SignEncrypt",
+            "MutualCertificate10SignEncryptRsa15TripleDes"
+        };
+        //argv = new String[] {argv[1]};
+        Bus bus = null;
+        if (unrestrictedPoliciesInstalled) {
+            bus = new SpringBusFactory().createBus("org/apache/cxf/systest/ws/wssec10/client/client.xml");
+        } else {
+            bus = new SpringBusFactory().createBus(
+                    "org/apache/cxf/systest/ws/wssec10/client/client_restricted.xml");
+        }
+        BusFactory.setDefaultBus(bus);
+        BusFactory.setThreadDefaultBus(bus);
+        URL wsdlLocation = null;
+        for (String portPrefix : argv) {
+            PingService svc = null; 
+            wsdlLocation = getWsdlLocation(portPrefix); 
+            svc = new PingService(wsdlLocation);
+            final IPingService port = 
+                svc.getPort(
+                    new QName(
+                        "http://WSSec/wssec10",
+                        portPrefix + "_IPingService"
+                    ),
+                    IPingService.class
+                );
+         
+            // Streaming
+            ((BindingProvider)port).getRequestContext().put(
+                SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
+            );
+            ((BindingProvider)port).getResponseContext().put(
+                SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
+            );
+            Client cl = ClientProxy.getClient(port);
+            
+            HTTPConduit http = (HTTPConduit) cl.getConduit();
+             
+            HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
+            httpClientPolicy.setConnectionTimeout(0);
+            httpClientPolicy.setReceiveTimeout(0);
+             
+            http.setClient(httpClientPolicy);
+            String output = port.echo(INPUT);
             assertEquals(INPUT, output);
             
             cl.destroy();

Added: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/StaxServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/StaxServer.java?rev=1498972&view=auto
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/StaxServer.java
(added)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/StaxServer.java
Tue Jul  2 15:22:25 2013
@@ -0,0 +1,54 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.ws.wssec10.server;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.systest.ws.common.SecurityTestUtil;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class StaxServer extends AbstractBusTestServerBase {
+    static final String PORT = allocatePort(StaxServer.class);
+    static final String SSL_PORT = allocatePort(StaxServer.class, 1);
+
+    private static boolean unrestrictedPoliciesInstalled;
+    private static String configFileName;
+    
+    static {
+        unrestrictedPoliciesInstalled = SecurityTestUtil.checkUnrestrictedPoliciesInstalled();
+        if (unrestrictedPoliciesInstalled) {
+            configFileName = "org/apache/cxf/systest/ws/wssec10/server/stax-server.xml";
+        } else {
+            configFileName = "org/apache/cxf/systest/ws/wssec10/server/stax-server_restricted.xml";
+        }
+    };    
+
+    public StaxServer() throws Exception {
+        
+    }
+    
+    protected void run()  {
+        Bus busLocal = new SpringBusFactory().createBus(configFileName);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+    }
+
+}
+

Added: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server/stax-server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server/stax-server.xml?rev=1498972&view=auto
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server/stax-server.xml
(added)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server/stax-server.xml
Tue Jul  2 15:22:25 2013
@@ -0,0 +1,157 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:jaxws="http://cxf.apache.org/jaxws"
+    xmlns:http="http://cxf.apache.org/transports/http/configuration"
+    xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+    xmlns:sec="http://cxf.apache.org/configuration/security"
+    xmlns:security="http://schemas.iona.com/soa/security-config"
+    xmlns:interop="http://WSSec/wssec10"
+    xmlns:cxf="http://cxf.apache.org/core"
+    xmlns:p="http://cxf.apache.org/policy"
+    xsi:schemaLocation="
+        http://www.springframework.org/schema/beans                     http://www.springframework.org/schema/beans/spring-beans.xsd
+        http://cxf.apache.org/jaxws                                     http://cxf.apache.org/schemas/jaxws.xsd
+        http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+        http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd
+        http://cxf.apache.org/transports/http/configuration             http://cxf.apache.org/schemas/configuration/http-conf.xsd
+        http://cxf.apache.org/transports/http-jetty/configuration       http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+        http://cxf.apache.org/configuration/security                    http://cxf.apache.org/schemas/configuration/security.xsd
+        http://schemas.iona.com/soa/security-config                     http://schemas.iona.com/soa/security-config.xsd
+    ">
+    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+    
+    <cxf:bus>
+        <cxf:features>
+            <p:policies/>
+            <cxf:logging/>
+        </cxf:features>
+    </cxf:bus>
+
+    <!-- -->
+    <!-- Any services listening on port 9001 must use the following -->
+    <!-- Transport Layer Security (TLS) settings -->
+    <!-- -->
+    <httpj:engine-factory id="tls-settings">
+        <httpj:engine port="${testutil.ports.StaxServer.1}">
+            <httpj:tlsServerParameters>
+                <sec:keyManagers keyPassword="password">
+                    <sec:keyStore type="jks" password="password" resource="org/apache/cxf/systest/ws/wssec10/certs/bob.jks"/>
+                </sec:keyManagers>
+                <sec:trustManagers>
+                    <sec:keyStore type="jks" password="password" resource="org/apache/cxf/systest/ws/wssec10/certs/alice.jks"/>
+                </sec:trustManagers> 
+
+                <sec:cipherSuitesFilter>
+                    <sec:include>.*_EXPORT_.*</sec:include>
+                    <sec:include>.*_EXPORT1024_.*</sec:include>
+                    <sec:include>.*_WITH_DES_.*</sec:include>
+                    <sec:include>.*_WITH_AES_.*</sec:include>
+                    <sec:include>.*_WITH_NULL_.*</sec:include>
+                    <sec:exclude>.*_DH_anon_.*</sec:exclude>
+                </sec:cipherSuitesFilter>
+                <!--
+                <sec:clientAuthentication want="true" required="true"/>
+                -->
+            </httpj:tlsServerParameters>
+        </httpj:engine>
+    </httpj:engine-factory>
+    
+    <!-- -->
+    <!-- Scenario 3.1 -->
+    <!-- -->
+    <jaxws:endpoint 
+       id="UserNameOverTransport"
+       address="https://localhost:${testutil.ports.StaxServer.1}/UserNameOverTransport" 
+       serviceName="interop:PingService"
+       endpointName="interop:UserNameOverTransport_IPingService"
+       implementor="org.apache.cxf.systest.ws.wssec10.server.UserNameOverTransport"
+       depends-on="tls-settings">
+        
+       <jaxws:properties>
+            <entry key="ws-security.username" value="Alice"/>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.wssec10.server.UTPasswordCallback"/>
+            <entry key="ws-security.enable.streaming" value="true"/>
+        </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    <jaxws:endpoint 
+       id="UserName"
+       address="http://localhost:${testutil.ports.StaxServer}/UserName" 
+       serviceName="interop:PingService"
+       endpointName="interop:UserName_IPingService"
+       implementor="org.apache.cxf.systest.ws.wssec10.server.UserNameOverTransport">
+        
+       <jaxws:properties>
+            <entry key="ws-security.username" value="Alice"/>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.wssec10.server.UTPasswordCallback"/>
+            <entry key="ws-security.enable.streaming" value="true"/>
+        </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+
+    <!-- -->
+    <!-- Scenario 3.3 -->
+    <!-- -->
+    <jaxws:endpoint 
+       name="{http://WSSec/wssec10}MutualCertificate10SignEncrypt_IPingService"
+       id="MutualCertificate10SignEncrypt"
+       address="http://localhost:${testutil.ports.StaxServer}/MutualCertificate10SignEncrypt"

+       serviceName="interop:PingService"
+       endpointName="interop:MutualCertificate10SignEncrypt_IPingService"
+       implementor="org.apache.cxf.systest.ws.wssec10.server.MutualCertificate10SignEncrypt">
+        
+        <jaxws:properties>
+            <entry key="ws-security.username" value="Alice"/>
+            <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/ws/wssec10/server/bob.properties"/>
+            <entry key="ws-security.encryption.username" value="useReqSigCert"/>
+            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.wssec10.server.KeystorePasswordCallback"/>
+            <entry key="ws-security.enable.streaming" value="true"/>
+        </jaxws:properties> 
+
+    </jaxws:endpoint> 
+    
+
+    <!-- -->
+    <!-- Scenario 3.4 -->
+    <!-- -->
+    <jaxws:endpoint 
+       name="{http://WSSec/wssec10}MutualCertificate10SignEncryptRsa15TripleDes_IPingService"
+       id="MutualCertificate10SignEncryptRsa15TripleDes"
+       address="http://localhost:${testutil.ports.StaxServer}/MutualCertificate10SignEncryptRsa15TripleDes"

+       serviceName="interop:PingService"
+       endpointName="interop:MutualCertificate10SignEncryptRsa15TripleDes_IPingService"
+       implementor="org.apache.cxf.systest.ws.wssec10.server.MutualCertificate10SignEncryptRsa15TripleDes">
+        
+        <jaxws:properties>
+            <entry key="ws-security.username" value="Alice"/>
+            <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/ws/wssec10/server/bob.properties"/>
+            <entry key="ws-security.encryption.username" value="useReqSigCert"/>
+            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.wssec10.server.KeystorePasswordCallback"/>
+            <entry key="ws-security.enable.streaming" value="true"/>
+        </jaxws:properties> 
+
+    </jaxws:endpoint> 
+
+    
+</beans>

Added: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server/stax-server_restricted.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server/stax-server_restricted.xml?rev=1498972&view=auto
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server/stax-server_restricted.xml
(added)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server/stax-server_restricted.xml
Tue Jul  2 15:22:25 2013
@@ -0,0 +1,158 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:jaxws="http://cxf.apache.org/jaxws"
+    xmlns:http="http://cxf.apache.org/transports/http/configuration"
+    xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+    xmlns:sec="http://cxf.apache.org/configuration/security"
+    xmlns:security="http://schemas.iona.com/soa/security-config"
+    xmlns:interop="http://WSSec/wssec10"
+    xmlns:cxf="http://cxf.apache.org/core"
+    xmlns:p="http://cxf.apache.org/policy"
+    xsi:schemaLocation="
+        http://www.springframework.org/schema/beans                     http://www.springframework.org/schema/beans/spring-beans.xsd
+        http://cxf.apache.org/jaxws                                     http://cxf.apache.org/schemas/jaxws.xsd
+        http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+        http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd
+        http://cxf.apache.org/transports/http/configuration             http://cxf.apache.org/schemas/configuration/http-conf.xsd
+        http://cxf.apache.org/transports/http-jetty/configuration       http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+        http://cxf.apache.org/configuration/security                    http://cxf.apache.org/schemas/configuration/security.xsd
+        http://schemas.iona.com/soa/security-config                     http://schemas.iona.com/soa/security-config.xsd
+    ">
+    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+    
+    <cxf:bus>
+        <cxf:features>
+            <p:policies/>
+            <cxf:logging/>
+        </cxf:features>
+    </cxf:bus>
+
+    <!-- -->
+    <!-- Any services listening on port 9001 must use the following -->
+    <!-- Transport Layer Security (TLS) settings -->
+    <!-- -->
+    <httpj:engine-factory id="tls-settings">
+        <httpj:engine port="${testutil.ports.StaxServer.1}">
+            <httpj:tlsServerParameters>
+                <sec:keyManagers keyPassword="password">
+                    <sec:keyStore type="jks" password="password" resource="org/apache/cxf/systest/ws/wssec10/certs/restricted/bob.jks"/>
+                </sec:keyManagers>
+                <sec:trustManagers>
+                    <sec:keyStore type="jks" password="password" resource="org/apache/cxf/systest/ws/wssec10/certs/restricted/alice.jks"/>
+                </sec:trustManagers> 
+
+                <sec:cipherSuitesFilter>
+                    <sec:include>.*_EXPORT_.*</sec:include>
+                    <sec:include>.*_EXPORT1024_.*</sec:include>
+                    <sec:include>.*_WITH_DES_.*</sec:include>
+                    <sec:include>.*_WITH_AES_.*</sec:include>
+                    <sec:include>.*_WITH_NULL_.*</sec:include>
+                    <sec:exclude>.*_DH_anon_.*</sec:exclude>
+                </sec:cipherSuitesFilter>
+                <!--
+                <sec:clientAuthentication want="true" required="true"/>
+                -->
+            </httpj:tlsServerParameters>
+        </httpj:engine>
+    </httpj:engine-factory>
+    
+    <!-- -->
+    <!-- Scenario 3.1 -->
+    <!-- -->
+    <jaxws:endpoint 
+       id="UserNameOverTransport"
+       address="https://localhost:${testutil.ports.StaxServer.1}/UserNameOverTransport" 
+       serviceName="interop:PingService"
+       endpointName="interop:UserNameOverTransport_IPingService"
+       implementor="org.apache.cxf.systest.ws.wssec10.server.UserNameOverTransportRestricted"
+       depends-on="tls-settings">
+        
+       <jaxws:properties>
+            <entry key="ws-security.username" value="Alice"/>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.wssec10.server.UTPasswordCallback"/>
+            <entry key="ws-security.enable.streaming" value="true"/>
+        </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    <jaxws:endpoint 
+       id="UserName"
+       address="http://localhost:${testutil.ports.StaxServer}/UserName" 
+       serviceName="interop:PingService"
+       endpointName="interop:UserName_IPingService"
+       implementor="org.apache.cxf.systest.ws.wssec10.server.UserNameOverTransportRestricted">
+        
+       <jaxws:properties>
+            <entry key="ws-security.username" value="Alice"/>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.wssec10.server.UTPasswordCallback"/>
+            <entry key="ws-security.enable.streaming" value="true"/>
+        </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+
+    <!-- -->
+    <!-- Scenario 3.3 -->
+    <!-- -->
+    <jaxws:endpoint 
+       name="{http://WSSec/wssec10}MutualCertificate10SignEncrypt_IPingService"
+       id="MutualCertificate10SignEncrypt"
+       address="http://localhost:${testutil.ports.StaxServer}/MutualCertificate10SignEncrypt"

+       serviceName="interop:PingService"
+       endpointName="interop:MutualCertificate10SignEncrypt_IPingService"
+       implementor="org.apache.cxf.systest.ws.wssec10.server.MutualCertificate10SignEncryptRestricted">
+        
+        <jaxws:properties>
+            <entry key="ws-security.username" value="Alice"/>
+            <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/ws/wssec10/server/bob.properties"/>
+            <entry key="ws-security.encryption.username" value="useReqSigCert"/>
+            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.wssec10.server.KeystorePasswordCallback"/>
+            <entry key="ws-security.enable.streaming" value="true"/>
+        </jaxws:properties> 
+
+    </jaxws:endpoint> 
+    
+
+    <!-- -->
+    <!-- Scenario 3.4 -->
+    <!-- -->
+    <jaxws:endpoint 
+       name="{http://WSSec/wssec10}MutualCertificate10SignEncryptRsa15TripleDes_IPingService"
+       id="MutualCertificate10SignEncryptRsa15TripleDes"
+       address="http://localhost:${testutil.ports.StaxServer}/MutualCertificate10SignEncryptRsa15TripleDes"

+       serviceName="interop:PingService"
+       endpointName="interop:MutualCertificate10SignEncryptRsa15TripleDes_IPingService"
+       implementor="org.apache.cxf.systest.ws.wssec10.server.MutualCertificate10SignEncryptRsa15TripleDesRestricted">
+        
+        <jaxws:properties>
+            <entry key="ws-security.username" value="Alice"/>
+            <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/ws/wssec10/server/bob.properties"/>
+            <entry key="ws-security.encryption.username" value="useReqSigCert"/>
+            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.wssec10.server.KeystorePasswordCallback"/>
+            <entry key="ws-security.enable.streaming" value="true"/>
+        </jaxws:properties> 
+
+    </jaxws:endpoint> 
+
+    
+</beans>



Mime
View raw message