cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1499714 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/ systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/ sy...
Date Thu, 04 Jul 2013 10:24:27 GMT
Author: coheigea
Date: Thu Jul  4 10:24:26 2013
New Revision: 1499714

URL: http://svn.apache.org/r1499714
Log:
More streaming fixes + tests

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyStaxActionInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity111Test.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity11Common.java
    cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/DoubleIt.wsdl

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyStaxActionInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyStaxActionInInterceptor.java?rev=1499714&r1=1499713&r2=1499714&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyStaxActionInInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyStaxActionInInterceptor.java
Thu Jul  4 10:24:26 2013
@@ -182,6 +182,7 @@ public class PolicyStaxActionInIntercept
         assertAllAssertionsByLocalname(aim, SPConstants.MUST_SUPPORT_REF_ISSUER_SERIAL);
         assertAllAssertionsByLocalname(aim, SPConstants.MUST_SUPPORT_REF_EXTERNAL_URI);
         assertAllAssertionsByLocalname(aim, SPConstants.MUST_SUPPORT_REF_EMBEDDED_TOKEN);
+        assertAllAssertionsByLocalname(aim, SPConstants.MUST_SUPPORT_ISSUED_TOKENS);
 
         assertAllAssertionsByLocalname(aim, SPConstants.MUST_SUPPORT_REF_THUMBPRINT);
         assertAllAssertionsByLocalname(aim, SPConstants.MUST_SUPPORT_REF_ENCRYPTED_KEY);
@@ -191,6 +192,11 @@ public class PolicyStaxActionInIntercept
         
         assertAllAssertionsByLocalname(aim, SPConstants.WSS10);
         assertAllAssertionsByLocalname(aim, SPConstants.WSS11);
+        
+        assertAllAssertionsByLocalname(aim, SPConstants.TRUST_10);
+        assertAllAssertionsByLocalname(aim, SPConstants.TRUST_13);
+        assertAllAssertionsByLocalname(aim, SPConstants.REQUIRE_CLIENT_ENTROPY);
+        assertAllAssertionsByLocalname(aim, SPConstants.REQUIRE_SERVER_ENTROPY);
     }
     
     private void assertAllAssertionsByLocalname(AssertionInfoMap aim, String localname) {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java?rev=1499714&r1=1499713&r2=1499714&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
Thu Jul  4 10:24:26 2013
@@ -19,6 +19,7 @@
 
 package org.apache.cxf.ws.security.wss4j.policyhandlers;
 
+import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
@@ -30,7 +31,9 @@ import java.util.Set;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
+import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
 import javax.xml.namespace.QName;
 import javax.xml.soap.SOAPException;
 
@@ -50,6 +53,7 @@ import org.apache.cxf.ws.security.tokens
 import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory;
 import org.apache.neethi.Assertion;
 import org.apache.wss4j.common.ConfigurationConstants;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.policy.SP11Constants;
@@ -148,9 +152,44 @@ public abstract class AbstractStaxBindin
             config.put(ConfigurationConstants.ADD_USERNAMETOKEN_CREATED, "true");
         }
         
+        // Check if a CallbackHandler was specified
+        if (config.get(ConfigurationConstants.PW_CALLBACK_REF) == null) {
+            String password = (String)message.getContextualProperty(SecurityConstants.PASSWORD);
+            if (password != null) {
+                String username = 
+                    (String)message.getContextualProperty(SecurityConstants.USERNAME);
+                UTCallbackHandler callbackHandler = new UTCallbackHandler(username, password);
+                config.put(ConfigurationConstants.PW_CALLBACK_REF, callbackHandler);
+            }
+        }
+        
         return new SecurePart(WSSConstants.TAG_wsse_UsernameToken, Modifier.Element);
     }
     
+    private static class UTCallbackHandler implements CallbackHandler {
+        
+        private final String username;
+        private final String password;
+        
+        public UTCallbackHandler(String username, String password) {
+            this.username = username;
+            this.password = password;
+        }
+
+        @Override
+        public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
+            for (Callback callback : callbacks) {
+                if (callback instanceof WSPasswordCallback) {
+                    WSPasswordCallback pwcb = (WSPasswordCallback)callback;
+                    if (pwcb.getIdentifier().equals(username)) {
+                        pwcb.setPassword(password);
+                    }
+                }
+            }
+        }
+        
+    }
+    
     protected SecurePart addKerberosToken(
         KerberosToken token, boolean signed, boolean endorsing
     ) throws WSSecurityException {
@@ -286,20 +325,8 @@ public abstract class AbstractStaxBindin
     }
     
     protected void configureTimestamp(AssertionInfoMap aim) {
-        Map<String, Object> config = getProperties();
-        
         AbstractBinding binding = getBinding(aim);
         if (binding != null && binding.isIncludeTimestamp()) {
-            // Action
-            if (config.containsKey(ConfigurationConstants.ACTION)) {
-                String action = (String)config.get(ConfigurationConstants.ACTION);
-                config.put(ConfigurationConstants.ACTION, 
-                           action + " " + ConfigurationConstants.TIMESTAMP);
-            } else {
-                config.put(ConfigurationConstants.ACTION, 
-                           ConfigurationConstants.TIMESTAMP);
-            }
-            
             timestampAdded = true;
         }
     }
@@ -887,6 +914,7 @@ public abstract class AbstractStaxBindin
             for (Header head : parts.getHeaders()) {
                 QName qname = new QName(head.getNamespace(), head.getName());
                 SecurePart securePart = new SecurePart(qname, Modifier.Element);
+                securePart.setRequired(false);
                 signedParts.add(securePart);
             }
         }
@@ -939,6 +967,7 @@ public abstract class AbstractStaxBindin
             for (Header head : parts.getHeaders()) {
                 QName qname = new QName(head.getNamespace(), head.getName());
                 SecurePart securePart = new SecurePart(qname, Modifier.Content);
+                securePart.setRequired(false);
                 encryptedParts.add(securePart);
             }
         }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java?rev=1499714&r1=1499713&r2=1499714&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
Thu Jul  4 10:24:26 2013
@@ -80,6 +80,19 @@ public class StaxAsymmetricBindingHandle
         } else {
             doSignBeforeEncrypt();
         }
+        
+        if (timestampAdded) {
+            Map<String, Object> config = getProperties();
+            // Action
+            if (config.containsKey(ConfigurationConstants.ACTION)) {
+                String action = (String)config.get(ConfigurationConstants.ACTION);
+                config.put(ConfigurationConstants.ACTION, 
+                           action + " " + ConfigurationConstants.TIMESTAMP);
+            } else {
+                config.put(ConfigurationConstants.ACTION, 
+                           ConfigurationConstants.TIMESTAMP);
+            }
+        }
     }
 
     private void doSignBeforeEncrypt() {
@@ -125,6 +138,7 @@ public class StaxAsymmetricBindingHandle
                     new SecurePart(new QName(WSSConstants.NS_WSU10, "Timestamp"), Modifier.Element);
                 sigs.add(part);
             }
+            sigs.addAll(this.getSignedParts());
             addSupportingTokens();
             
             if (isRequestor() && initiatorWrapper != null) {
@@ -379,11 +393,21 @@ public class StaxAsymmetricBindingHandle
             }
         }
         
-        sigParts.addAll(this.getSignedParts());
+        String optionalParts = "";
+        if (config.containsKey(ConfigurationConstants.OPTIONAL_SIGNATURE_PARTS)) {
+            optionalParts = (String)config.get(ConfigurationConstants.OPTIONAL_SIGNATURE_PARTS);
+            if (!optionalParts.endsWith(";")) {
+                optionalParts += ";";
+            }
+        }
         
         for (SecurePart part : sigParts) {
             QName name = part.getName();
-            parts += "{Element}{" +  name.getNamespaceURI() + "}" + name.getLocalPart() +
";";
+            if (part.isRequired()) {
+                parts += "{Element}{" +  name.getNamespaceURI() + "}" + name.getLocalPart()
+ ";";
+            } else {
+                optionalParts += "{Element}{" +  name.getNamespaceURI() + "}" + name.getLocalPart()
+ ";";
+            }
         }
         
         AbstractToken sigToken = wrapper.getToken();
@@ -393,6 +417,7 @@ public class StaxAsymmetricBindingHandle
         }
         
         config.put(ConfigurationConstants.SIGNATURE_PARTS, parts);
+        config.put(ConfigurationConstants.OPTIONAL_SIGNATURE_PARTS, optionalParts);
         
         configureSignature(wrapper, sigToken, false);
         

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java?rev=1499714&r1=1499713&r2=1499714&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
Thu Jul  4 10:24:26 2013
@@ -131,6 +131,18 @@ public class StaxSymmetricBindingHandler
         if (!isRequestor()) {
             config.put(ConfigurationConstants.ENC_SYM_ENC_KEY, "false");
         }
+        
+        if (timestampAdded) {
+            // Action
+            if (config.containsKey(ConfigurationConstants.ACTION)) {
+                String action = (String)config.get(ConfigurationConstants.ACTION);
+                config.put(ConfigurationConstants.ACTION, 
+                           action + " " + ConfigurationConstants.TIMESTAMP);
+            } else {
+                config.put(ConfigurationConstants.ACTION, 
+                           ConfigurationConstants.TIMESTAMP);
+            }
+        }
     }
     
     private void doEncryptBeforeSign() {
@@ -204,6 +216,7 @@ public class StaxSymmetricBindingHandler
                         new SecurePart(new QName(WSSConstants.NS_WSU10, "Timestamp"), Modifier.Element);
                     sigParts.add(part);
                 }
+                sigParts.addAll(this.getSignedParts());
                 
                 AbstractTokenWrapper sigAbstractTokenWrapper = getSignatureToken();
                 AbstractToken sigToken = sigAbstractTokenWrapper.getToken();
@@ -276,6 +289,7 @@ public class StaxSymmetricBindingHandler
                     new SecurePart(new QName(WSSConstants.NS_WSU10, "Timestamp"), Modifier.Element);
                 sigs.add(part);
             }
+            sigs.addAll(this.getSignedParts());
 
             if (isRequestor()) {
                 addSupportingTokens();
@@ -402,11 +416,21 @@ public class StaxSymmetricBindingHandler
             }
         }
         
-        sigParts.addAll(this.getSignedParts());
+        String optionalParts = "";
+        if (config.containsKey(ConfigurationConstants.OPTIONAL_SIGNATURE_PARTS)) {
+            optionalParts = (String)config.get(ConfigurationConstants.OPTIONAL_SIGNATURE_PARTS);
+            if (!optionalParts.endsWith(";")) {
+                optionalParts += ";";
+            }
+        }
         
         for (SecurePart part : sigParts) {
             QName name = part.getName();
-            parts += "{Element}{" +  name.getNamespaceURI() + "}" + name.getLocalPart() +
";";
+            if (part.isRequired()) {
+                parts += "{Element}{" +  name.getNamespaceURI() + "}" + name.getLocalPart()
+ ";";
+            } else {
+                optionalParts += "{Element}{" +  name.getNamespaceURI() + "}" + name.getLocalPart()
+ ";";
+            }
         }
         
         AbstractToken sigToken = wrapper.getToken();
@@ -415,6 +439,7 @@ public class StaxSymmetricBindingHandler
         }
         
         config.put(ConfigurationConstants.SIGNATURE_PARTS, parts);
+        config.put(ConfigurationConstants.OPTIONAL_SIGNATURE_PARTS, optionalParts);
         
         configureSignature(wrapper, sigToken, false);
         

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java?rev=1499714&r1=1499713&r2=1499714&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
Thu Jul  4 10:24:26 2013
@@ -92,6 +92,19 @@ public class StaxTransportBindingHandler
         } else {
             addSignatureConfirmation(null);
         }
+        
+        if (timestampAdded) {
+            Map<String, Object> config = getProperties();
+            // Action
+            if (config.containsKey(ConfigurationConstants.ACTION)) {
+                String action = (String)config.get(ConfigurationConstants.ACTION);
+                config.put(ConfigurationConstants.ACTION, 
+                           action + " " + ConfigurationConstants.TIMESTAMP);
+            } else {
+                config.put(ConfigurationConstants.ACTION, 
+                           ConfigurationConstants.TIMESTAMP);
+            }
+        }
     }
     
     /**
@@ -312,6 +325,14 @@ public class StaxTransportBindingHandler
             }
         }
         
+        String optionalParts = "";
+        if (properties.containsKey(ConfigurationConstants.OPTIONAL_SIGNATURE_PARTS)) {
+            optionalParts = (String)properties.get(ConfigurationConstants.OPTIONAL_SIGNATURE_PARTS);
+            if (!optionalParts.endsWith(";")) {
+                optionalParts += ";";
+            }
+        }
+        
         // Add timestamp
         if (timestampAdded) {
             parts += "{Element}{" + WSSConstants.NS_WSU10 + "}Timestamp;";
@@ -324,7 +345,7 @@ public class StaxTransportBindingHandler
             }
             
             for (Header head : signedParts.getHeaders()) {
-                parts += "{Element}{" +  head.getNamespace() + "}" + head.getName() + ";";
+                optionalParts += "{Element}{" +  head.getNamespace() + "}" + head.getName()
+ ";";
             }
         }
         /*
@@ -345,6 +366,7 @@ public class StaxTransportBindingHandler
         */
         
         properties.put(ConfigurationConstants.SIGNATURE_PARTS, parts);
+        properties.put(ConfigurationConstants.OPTIONAL_SIGNATURE_PARTS, optionalParts);
     }
 
 

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java?rev=1499714&r1=1499713&r2=1499714&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
Thu Jul  4 10:24:26 2013
@@ -247,7 +247,14 @@ public class SecurityPolicyTest extends 
                                                       getClass().getResource("alice.properties"));
         ((BindingProvider)pt).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,

                                                       getClass().getResource("bob.properties"));
+        
+        // DOM
         pt.doubleIt(5);
+        
+        // TODO EncryptBeforeSigning + EncryptSignature not working
+        // SecurityTestUtil.enableStreaming(pt);
+        // pt.doubleIt(5);
+        
         ((java.io.Closeable)pt).close();
 
         portQName = new QName(NAMESPACE, "DoubleItPortSign");
@@ -260,6 +267,7 @@ public class SecurityPolicyTest extends 
         ((BindingProvider)pt).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,

                                                       getClass().getResource("bob.properties"));
         pt.doubleIt(5);
+        
         ((java.io.Closeable)pt).close();
 
         portQName = new QName(NAMESPACE, "DoubleItPortSignThenEncrypt");
@@ -271,12 +279,14 @@ public class SecurityPolicyTest extends 
                                                       getClass().getResource("alice.properties"));
         ((BindingProvider)pt).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,

                                                       getClass().getResource("bob.properties"));
+        
+        // DOM
         pt.doubleIt(5);
         
-        //((BindingProvider)pt).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
-        //                                              POLICY_SIGNENC_PROVIDER_ADDRESS);
-        //int x = pt.doubleIt(5);
-        //assertEquals(10, x);
+        // Streaming
+        SecurityTestUtil.enableStreaming(pt);
+        // pt.doubleIt(5);
+        
         ((java.io.Closeable)pt).close();
         
         portQName = new QName(NAMESPACE, "DoubleItPortHttps");
@@ -293,7 +303,14 @@ public class SecurityPolicyTest extends 
         ((BindingProvider)pt).getRequestContext().put(SecurityConstants.USERNAME, "bob");
         ((BindingProvider)pt).getRequestContext().put(SecurityConstants.SIGNATURE_USERNAME,
"bob");
         ((BindingProvider)pt).getRequestContext().put(SecurityConstants.PASSWORD, "pwd");
+        
+        // DOM
+        pt.doubleIt(25);
+        
+        // Streaming
+        SecurityTestUtil.enableStreaming(pt);
         pt.doubleIt(25);
+        
         ((java.io.Closeable)pt).close();
         
         try {
@@ -329,7 +346,6 @@ public class SecurityPolicyTest extends 
 
         QName portQName = new QName(NAMESPACE, "DoubleItPortSignedOnly");
         pt = service.getPort(portQName, DoubleItPortType.class);
-
         updateAddressPort(pt, PORT);
         ((BindingProvider)pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,

                                                       new KeystorePasswordCallback());
@@ -338,7 +354,14 @@ public class SecurityPolicyTest extends 
         ((BindingProvider)pt).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,

                                                       getClass().getResource("bob.properties"));
         //This should work as it should be properly signed.
+        
+        // DOM
+        assertEquals(10, pt.doubleIt(5));
+        
+        // Streaming
+        SecurityTestUtil.enableStreaming(pt);
         assertEquals(10, pt.doubleIt(5));
+        
         ((java.io.Closeable)pt).close();
         
         //Try sending a message with the "TimestampOnly" policy into affect to the 
@@ -348,6 +371,7 @@ public class SecurityPolicyTest extends 
         pt = service.getPort(portQName, DoubleItPortType.class);
         ((BindingProvider)pt).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
                                                       POLICY_SIGNONLY_ADDRESS);
+        // DOM
         try {
             pt.doubleIt(5);
             fail("should have had a security/policy exception as the body wasn't signed");
@@ -355,6 +379,15 @@ public class SecurityPolicyTest extends 
             assertTrue(ex.getMessage().contains("policy alternatives"));
         }
         
+        // Streaming
+        try {
+            SecurityTestUtil.enableStreaming(pt);
+            pt.doubleIt(5);
+            fail("should have had a security/policy exception as the body wasn't signed");
+        } catch (Exception ex) {
+            // expected
+        }
+        
         ((java.io.Closeable)pt).close();
         bus.shutdown(true);
     }
@@ -431,7 +464,6 @@ public class SecurityPolicyTest extends 
         
     }
     
-    
     @Test
     public void testCXF3041() throws Exception {
         SpringBusFactory bf = new SpringBusFactory();
@@ -455,8 +487,13 @@ public class SecurityPolicyTest extends 
                                                       getClass().getResource("alice.properties"));
         ((BindingProvider)pt).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,

                                                       getClass().getResource("bob.properties"));
+        
+        // DOM
         assertEquals(10, pt.doubleIt(5));
         
+        // Streaming
+        SecurityTestUtil.enableStreaming(pt);
+        assertEquals(10, pt.doubleIt(5));
         
         ((java.io.Closeable)pt).close();
         bus.shutdown(true);
@@ -485,8 +522,14 @@ public class SecurityPolicyTest extends 
                                                       getClass().getResource("alice.properties"));
         ((BindingProvider)pt).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,

                                                       getClass().getResource("alice.properties"));
+
+        // DOM
         assertEquals(10, pt.doubleIt(5));
         
+        // TODO See WSS-458 Streaming
+        // SecurityTestUtil.enableStreaming(pt);
+        // assertEquals(10, pt.doubleIt(5));
+        
         ((java.io.Closeable)pt).close();
         bus.shutdown(true);
     }
@@ -589,11 +632,8 @@ public class SecurityPolicyTest extends 
         SpringBusFactory.setThreadDefaultBus(bus);
         Service service = Service.create(wsdl, SERVICE_QNAME);
 
-        DoubleItPortType pt;
-
-        QName
-        portQName = new QName(NAMESPACE, "DoubleItPortCXF4122");
-        pt = service.getPort(portQName, DoubleItPortType.class);
+        QName portQName = new QName(NAMESPACE, "DoubleItPortCXF4122");
+        DoubleItPortType pt = service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(pt, PORT);
         ((BindingProvider)pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,
                                                       new KeystorePasswordCallback());
@@ -601,6 +641,7 @@ public class SecurityPolicyTest extends 
                                                       getClass().getResource("revocation.properties"));
         ((BindingProvider)pt).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,
                                                       getClass().getResource("bob.properties"));
+        // DOM
         try {
             pt.doubleIt(5);
             fail("should fail on server side when do signature validation due the revoked
certificates");
@@ -612,6 +653,18 @@ public class SecurityPolicyTest extends 
                        || errorMessage.contains("Error during certificate path validation"));
         }
         
+        // TODO EncryptBeforeSigning + EncryptSignature not working
+        /*
+        SecurityTestUtil.enableStreaming(pt);
+        try {
+            pt.doubleIt(5);
+            fail("should fail on server side when do signature validation due the revoked
certificates");
+        } catch (Exception ex) {
+            String errorMessage = ex.getMessage();
+            // Different errors using different JDKs...
+            System.out.println("ERR1: " + errorMessage);
+        }
+        */
         ((java.io.Closeable)pt).close();
         ep.stop();
         epBus.shutdown(true);

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity111Test.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity111Test.java?rev=1499714&r1=1499713&r2=1499714&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity111Test.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity111Test.java
Thu Jul  4 10:24:26 2013
@@ -30,7 +30,9 @@ import org.junit.Test;
 
 /**
  * This class runs the first half of the tests, as having all in 
- * the one class causes an out of memory problem in eclipse
+ * the one class causes an out of memory problem in eclipse.
+ * 
+ * It tests both DOM + StAX clients against the DOM server.
  */
 public class WSSecurity111Test extends WSSecurity11Common {
     private static boolean unrestrictedPoliciesInstalled;
@@ -91,6 +93,28 @@ public class WSSecurity111Test extends W
         runClientServer(argv, unrestrictedPoliciesInstalled, false);
     }
     
+    @Test
+    public void testClientServerStreaming() throws IOException {
+        if ((!unrestrictedPoliciesInstalled)
+                && (WSSecurity11Common.isIBMJDK16())) {
+            System.out.println("Not running as there is a problem with 1.6 jdk and restricted
jars");
+            return;
+        }
+        String[] argv = new String[] {
+            "A",
+            "A-NoTimestamp",
+            // TODO Derived "AD",
+            // TODO EncryptBeforeSigning not working "A-ES",
+            // TODO Derived "AD-ES",
+            "UX",
+            "UX-NoTimestamp",
+            // TODO Derived "UXD",
+            "UX-SEES",
+            // TODO Derived "UXD-SEES",
+        };
+        runClientServerStreaming(argv, unrestrictedPoliciesInstalled, false);
+    }
+    
  
         
 }

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity11Common.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity11Common.java?rev=1499714&r1=1499713&r2=1499714&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity11Common.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity11Common.java
Thu Jul  4 10:24:26 2013
@@ -25,6 +25,7 @@ import java.net.MalformedURLException;
 import java.net.URL;
 
 import javax.xml.namespace.QName;
+import javax.xml.ws.BindingProvider;
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.BusFactory;
@@ -32,6 +33,7 @@ import org.apache.cxf.bus.spring.SpringB
 import org.apache.cxf.systest.ws.wssec11.server.Server11;
 import org.apache.cxf.systest.ws.wssec11.server.Server12;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.ws.security.SecurityConstants;
 
 import wssec.wssec11.IPingService;
 import wssec.wssec11.PingService11;
@@ -88,8 +90,59 @@ public class WSSecurity11Common extends 
         bus.shutdown(true);
     }
     
- 
-    
+    public void runClientServerStreaming(
+        String[] argv, boolean unrestrictedPoliciesInstalled, boolean wssecurity12
+    ) throws IOException {
+
+        Bus bus = null;
+        if (unrestrictedPoliciesInstalled) {
+            bus = new SpringBusFactory().createBus("org/apache/cxf/systest/ws/wssec11/client/client.xml");
+        } else {
+            bus = new SpringBusFactory().createBus(
+                      "org/apache/cxf/systest/ws/wssec11/client/client_restricted.xml");
+        }
+        BusFactory.setDefaultBus(bus);
+        BusFactory.setThreadDefaultBus(bus);
+
+        String portNumber = null;
+        if (wssecurity12) {
+            portNumber = Server12.PORT;
+        } else {
+            portNumber = Server11.PORT;
+        }
+
+        URL wsdlLocation = null;
+        for (String portPrefix : argv) {
+            PingService11 svc = null; 
+            wsdlLocation = getWsdlLocation(portPrefix, portNumber); 
+            svc = new PingService11(wsdlLocation);
+            final IPingService port = 
+                svc.getPort(
+                    new QName(
+                        "http://WSSec/wssec11",
+                        portPrefix + "_IPingService"
+                    ),
+                    IPingService.class
+                );
+
+            ((BindingProvider)port).getRequestContext().put(
+                SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
+            );
+            ((BindingProvider)port).getResponseContext().put(
+                SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
+            );
+            
+            final String output = port.echo(INPUT);
+            assertEquals(INPUT, output);
+
+            ((java.io.Closeable)port).close();
+        }
+
+        bus.shutdown(true);
+    }
+
+
+
     private static URL getWsdlLocation(String portPrefix, String portNumber) {
         try {
             return new URL("http://localhost:" + portNumber + "/" + portPrefix + "PingService?wsdl");
@@ -98,7 +151,7 @@ public class WSSecurity11Common extends 
         }
     }
 
-    
+
     public static boolean isIBMJDK16() {
         String fullVersion = System.getProperty("java.fullversion");
         if (fullVersion == null) {

Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/DoubleIt.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/DoubleIt.wsdl?rev=1499714&r1=1499713&r2=1499714&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/DoubleIt.wsdl
(original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/DoubleIt.wsdl
Thu Jul  4 10:24:26 2013
@@ -461,7 +461,7 @@
                                 <sp:X509Token
                                   sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient'>
                                     <wsp:Policy>
-                                        <sp:WssX509V3Token10 />
+                                        <sp:WssX509V1Token11 />
                                     </wsp:Policy>
                                 </sp:X509Token>
                             </wsp:Policy>
@@ -471,7 +471,7 @@
                                 <sp:X509Token
                                   sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always'>
                                     <wsp:Policy>
-                                        <sp:WssX509V3Token10 />
+                                        <sp:WssX509V1Token11 />
                                     </wsp:Policy>
                                 </sp:X509Token>
                             </wsp:Policy>
@@ -565,7 +565,7 @@
                                 <sp:X509Token
                                   sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
                                     <wsp:Policy>
-                                        <sp:WssX509V3Token10 />
+                                        <sp:WssX509V1Token11 />
                                         <sp:RequireThumbprintReference/> <!-- needed
for V1 certs -->
                                     </wsp:Policy>
                                 </sp:X509Token>
@@ -575,7 +575,7 @@
                             <wsp:Policy>
                                 <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
                                     <wsp:Policy>
-                                        <sp:WssX509V3Token10 />
+                                        <sp:WssX509V1Token11 />
                                         <sp:RequireThumbprintReference/>
                                     </wsp:Policy>
                                 </sp:X509Token>



Mime
View raw message