cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1500072 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/ systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/ systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsu...
Date Fri, 05 Jul 2013 17:14:41 GMT
Author: coheigea
Date: Fri Jul  5 17:14:41 2013
New Revision: 1500072

URL: http://svn.apache.org/r1500072
Log:
Fixed a bug with TLS policies + added more streaming WS-Security system tests

Added:
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/StaxAlgorithmSuiteTest.java
      - copied, changed from r1500029, cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/server/StaxServer.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/StaxHttpsTokenTest.java
      - copied, changed from r1500029, cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/server/StaxServer.java
    cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/server/stax-server.xml
    cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/server/stax-server.xml
Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/AlgorithmSuiteTest.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/DefaultCryptoCoverageCheckerTest.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java?rev=1500072&r1=1500071&r2=1500072&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
Fri Jul  5 17:14:41 2013
@@ -283,7 +283,7 @@ public class HttpsTokenInterceptorProvid
                             new HttpsSecurityTokenImpl((X509Certificate)tlsInfo.getPeerCertificates()[0]);
                         httpsSecurityToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_MainSignature);
                         httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
-                    } else {
+                    } else if (httpsTokenSecurityEvent.getAuthenticationType() == null) {
                         httpsTokenSecurityEvent.setAuthenticationType(
                             HttpsTokenSecurityEvent.AuthenticationType.HttpsNoAuthentication
                         );

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/AlgorithmSuiteTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/AlgorithmSuiteTest.java?rev=1500072&r1=1500071&r2=1500072&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/AlgorithmSuiteTest.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/AlgorithmSuiteTest.java
Fri Jul  5 17:14:41 2013
@@ -36,7 +36,8 @@ import org.junit.BeforeClass;
 
 /**
  * This is a test for AlgorithmSuites. Essentially it checks that a service endpoint will
- * reject a client request that uses a different AlgorithmSuite.
+ * reject a client request that uses a different AlgorithmSuite. It tests both DOM + StAX

+ * clients against the DOM server.
  */
 public class AlgorithmSuiteTest extends AbstractBusClientServerTestBase {
     static final String PORT = allocatePort(Server.class);
@@ -79,6 +80,11 @@ public class AlgorithmSuiteTest extends 
         updateAddressPort(port, PORT);
         
         // This should succeed as the client + server policies match
+        // DOM
+        port.doubleIt(25);
+        
+        // Streaming
+        SecurityTestUtil.enableStreaming(port);
         port.doubleIt(25);
         
         portQName = new QName(NAMESPACE, "DoubleItSymmetric128Port2");
@@ -87,12 +93,23 @@ public class AlgorithmSuiteTest extends 
         
         // This should fail as the client uses Basic128Rsa15 + the server uses Basic128
         try {
+            // DOM
+            port.doubleIt(25);
+            fail("Failure expected on Rsa15 AlgorithmSuite");
+        } catch (Exception ex) {
+            // expected
+        }
+        
+        try {
+            // Streaming
+            SecurityTestUtil.enableStreaming(port);
             port.doubleIt(25);
             fail("Failure expected on Rsa15 AlgorithmSuite");
         } catch (Exception ex) {
             // expected
         }
         
+        
         // This should fail as the client uses Basic256 + the server uses Basic128
         if (SecurityTestUtil.checkUnrestrictedPoliciesInstalled()) {
             portQName = new QName(NAMESPACE, "DoubleItSymmetric128Port3");
@@ -101,6 +118,16 @@ public class AlgorithmSuiteTest extends 
             
             // This should fail as the client uses Basic128Rsa15 + the server uses Basic128
             try {
+                // DOM
+                port.doubleIt(25);
+                fail("Failure expected on Basic256 AlgorithmSuite");
+            } catch (Exception ex) {
+                // expected
+            }
+            
+            try {
+                // Streaming
+                SecurityTestUtil.enableStreaming(port);
                 port.doubleIt(25);
                 fail("Failure expected on Basic256 AlgorithmSuite");
             } catch (Exception ex) {
@@ -134,6 +161,11 @@ public class AlgorithmSuiteTest extends 
         DoubleItPortType port = service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(port, PORT);
 
+        // DOM
+        port.doubleIt(25);
+        
+        // Streaming
+        SecurityTestUtil.enableStreaming(port);
         port.doubleIt(25);
         
         bus.shutdown(true);

Copied: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/StaxAlgorithmSuiteTest.java
(from r1500029, cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/StaxAlgorithmSuiteTest.java?p2=cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/StaxAlgorithmSuiteTest.java&p1=cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java&r1=1500029&r2=1500072&rev=1500072&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/StaxAlgorithmSuiteTest.java
Fri Jul  5 17:14:41 2013
@@ -17,7 +17,7 @@
  * under the License.
  */
 
-package org.apache.cxf.systest.ws.https;
+package org.apache.cxf.systest.ws.algsuite;
 
 import java.net.URL;
 
@@ -26,17 +26,21 @@ import javax.xml.ws.Service;
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.systest.ws.algsuite.server.StaxServer;
 import org.apache.cxf.systest.ws.common.SecurityTestUtil;
-import org.apache.cxf.systest.ws.https.server.Server;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+
 import org.example.contract.doubleit.DoubleItPortType;
+
 import org.junit.BeforeClass;
 
 /**
- * A set of tests for the HttpsToken policy
+ * This is a test for AlgorithmSuites. Essentially it checks that a service endpoint will
+ * reject a client request that uses a different AlgorithmSuite. It tests both DOM + StAX

+ * clients against the StAX server.
  */
-public class HttpsTokenTest extends AbstractBusClientServerTestBase {
-    static final String PORT = allocatePort(Server.class);
+public class StaxAlgorithmSuiteTest extends AbstractBusClientServerTestBase {
+    static final String PORT = allocatePort(StaxServer.class);
     
     private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
     private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
@@ -47,7 +51,7 @@ public class HttpsTokenTest extends Abst
             "Server failed to launch",
             // run the server in the same process
             // set this to false to fork
-            launchServer(Server.class, true)
+            launchServer(StaxServer.class, true)
         );
     }
     
@@ -56,75 +60,82 @@ public class HttpsTokenTest extends Abst
         SecurityTestUtil.cleanup();
         stopAllServers();
     }
-
+    
     @org.junit.Test
-    public void testRequireClientCert() throws Exception {
+    public void testSecurityPolicy() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = HttpsTokenTest.class.getResource("client/client.xml");
+        URL busFile = StaxAlgorithmSuiteTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = HttpsTokenTest.class.getResource("DoubleItHttps.wsdl");
+        URL wsdl = StaxAlgorithmSuiteTest.class.getResource("DoubleItAlgSuite.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
-        QName portQName = new QName(NAMESPACE, "DoubleItRequireClientCertPort");
+        QName portQName = new QName(NAMESPACE, "DoubleItSymmetric128Port");
+        
         DoubleItPortType port = 
                 service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(port, PORT);
         
+        // This should succeed as the client + server policies match
+        // DOM
+        port.doubleIt(25);
+        
+        // Streaming
+        SecurityTestUtil.enableStreaming(port);
         port.doubleIt(25);
         
-        // This should fail, as the client does not use a client cert
-        portQName = new QName(NAMESPACE, "DoubleItRequireClientCertPort2");
+        portQName = new QName(NAMESPACE, "DoubleItSymmetric128Port2");
         port = service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(port, PORT);
         
+        // This should fail as the client uses Basic128Rsa15 + the server uses Basic128
         try {
+            // DOM
             port.doubleIt(25);
-            fail("Failure expected on not using a client cert");
-        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
-            String error = "HttpsToken";
-            assertTrue(ex.getMessage().contains(error));
+            fail("Failure expected on Rsa15 AlgorithmSuite");
+        } catch (Exception ex) {
+            // expected
         }
         
-        ((java.io.Closeable)port).close();
-        bus.shutdown(true);
-    }
-    
-    @org.junit.Test
-    public void testBasicAuth() throws Exception {
-
-        SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = HttpsTokenTest.class.getResource("client/client.xml");
-
-        Bus bus = bf.createBus(busFile.toString());
-        SpringBusFactory.setDefaultBus(bus);
-        SpringBusFactory.setThreadDefaultBus(bus);
-
-        URL wsdl = HttpsTokenTest.class.getResource("DoubleItHttps.wsdl");
-        Service service = Service.create(wsdl, SERVICE_QNAME);
-        QName portQName = new QName(NAMESPACE, "DoubleItBasicAuthPort");
-        DoubleItPortType port = 
-                service.getPort(portQName, DoubleItPortType.class);
-        updateAddressPort(port, PORT);
-        
-        port.doubleIt(25);
-        
-        // This should fail, as the client does not send a UsernamePassword
-        portQName = new QName(NAMESPACE, "DoubleItBasicAuthPort2");
-        port = service.getPort(portQName, DoubleItPortType.class);
-        updateAddressPort(port, PORT);
-        
         try {
+            // Streaming
+            SecurityTestUtil.enableStreaming(port);
             port.doubleIt(25);
-            fail("Failure expected on not sending a UsernamePassword");
-        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
-            String error = "HttpsToken";
-            assertTrue(ex.getMessage().contains(error));
+            fail("Failure expected on Rsa15 AlgorithmSuite");
+        } catch (Exception ex) {
+            // expected
         }
         
+        
+        // This should fail as the client uses Basic256 + the server uses Basic128
+        if (SecurityTestUtil.checkUnrestrictedPoliciesInstalled()) {
+            portQName = new QName(NAMESPACE, "DoubleItSymmetric128Port3");
+            port = service.getPort(portQName, DoubleItPortType.class);
+            updateAddressPort(port, PORT);
+            
+            // This should fail as the client uses Basic128Rsa15 + the server uses Basic128
+            try {
+                // DOM
+                port.doubleIt(25);
+                fail("Failure expected on Basic256 AlgorithmSuite");
+            } catch (Exception ex) {
+                // expected
+            }
+            
+            try {
+                // Streaming
+                SecurityTestUtil.enableStreaming(port);
+                port.doubleIt(25);
+                fail("Failure expected on Basic256 AlgorithmSuite");
+            } catch (Exception ex) {
+                // expected
+            }
+        }
+
+        bus.shutdown(true);
     }
     
-}
+}
\ No newline at end of file

Added: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/server/StaxServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/server/StaxServer.java?rev=1500072&view=auto
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/server/StaxServer.java
(added)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/server/StaxServer.java
Fri Jul  5 17:14:41 2013
@@ -0,0 +1,47 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.ws.algsuite.server;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class StaxServer extends AbstractBusTestServerBase {
+
+    public StaxServer() {
+
+    }
+
+    protected void run()  {
+        URL busFile = StaxServer.class.getResource("stax-server.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new StaxServer();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/DefaultCryptoCoverageCheckerTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/DefaultCryptoCoverageCheckerTest.java?rev=1500072&r1=1500071&r2=1500072&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/DefaultCryptoCoverageCheckerTest.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/DefaultCryptoCoverageCheckerTest.java
Fri Jul  5 17:14:41 2013
@@ -36,7 +36,8 @@ import org.example.contract.doubleit.Dou
 import org.junit.BeforeClass;
 
 /**
- * A set of tests for the DefaultCryptoCoverageChecker.
+ * A set of tests for the DefaultCryptoCoverageChecker. It tests both DOM + StAX 
+ * clients against the DOM server.
  */
 public class DefaultCryptoCoverageCheckerTest extends AbstractBusClientServerTestBase {
     public static final String PORT = allocatePort(Server.class);

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java?rev=1500072&r1=1500071&r2=1500072&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java
Fri Jul  5 17:14:41 2013
@@ -33,7 +33,8 @@ import org.example.contract.doubleit.Dou
 import org.junit.BeforeClass;
 
 /**
- * A set of tests for the HttpsToken policy
+ * A set of tests for the HttpsToken policy. It tests both DOM + StAX clients against the

+ * DOM server.
  */
 public class HttpsTokenTest extends AbstractBusClientServerTestBase {
     static final String PORT = allocatePort(Server.class);
@@ -74,6 +75,11 @@ public class HttpsTokenTest extends Abst
                 service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(port, PORT);
         
+        // DOM
+        port.doubleIt(25);
+        
+        // Streaming
+        SecurityTestUtil.enableStreaming(port);
         port.doubleIt(25);
         
         // This should fail, as the client does not use a client cert
@@ -82,6 +88,7 @@ public class HttpsTokenTest extends Abst
         updateAddressPort(port, PORT);
         
         try {
+            // DOM
             port.doubleIt(25);
             fail("Failure expected on not using a client cert");
         } catch (javax.xml.ws.soap.SOAPFaultException ex) {
@@ -89,6 +96,15 @@ public class HttpsTokenTest extends Abst
             assertTrue(ex.getMessage().contains(error));
         }
         
+        try {
+            // Streaming
+            SecurityTestUtil.enableStreaming(port);
+            port.doubleIt(25);
+            fail("Failure expected on not using a client cert");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            // expected
+        }
+        
         ((java.io.Closeable)port).close();
         bus.shutdown(true);
     }
@@ -110,14 +126,20 @@ public class HttpsTokenTest extends Abst
                 service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(port, PORT);
         
+        // DOM
         port.doubleIt(25);
         
+        // Streaming
+        SecurityTestUtil.enableStreaming(port);
+        port.doubleIt(25);  
+        
         // This should fail, as the client does not send a UsernamePassword
         portQName = new QName(NAMESPACE, "DoubleItBasicAuthPort2");
         port = service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(port, PORT);
         
         try {
+            // DOM
             port.doubleIt(25);
             fail("Failure expected on not sending a UsernamePassword");
         } catch (javax.xml.ws.soap.SOAPFaultException ex) {
@@ -125,6 +147,15 @@ public class HttpsTokenTest extends Abst
             assertTrue(ex.getMessage().contains(error));
         }
         
+        try {
+            // Streaming
+            SecurityTestUtil.enableStreaming(port);
+            port.doubleIt(25);
+            fail("Failure expected on not sending a UsernamePassword");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            // expected
+        }
+        
     }
     
 }

Copied: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/StaxHttpsTokenTest.java
(from r1500029, cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/StaxHttpsTokenTest.java?p2=cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/StaxHttpsTokenTest.java&p1=cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java&r1=1500029&r2=1500072&rev=1500072&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/StaxHttpsTokenTest.java
Fri Jul  5 17:14:41 2013
@@ -27,16 +27,17 @@ import javax.xml.ws.Service;
 import org.apache.cxf.Bus;
 import org.apache.cxf.bus.spring.SpringBusFactory;
 import org.apache.cxf.systest.ws.common.SecurityTestUtil;
-import org.apache.cxf.systest.ws.https.server.Server;
+import org.apache.cxf.systest.ws.https.server.StaxServer;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
 import org.example.contract.doubleit.DoubleItPortType;
 import org.junit.BeforeClass;
 
 /**
- * A set of tests for the HttpsToken policy
+ * A set of tests for the HttpsToken policy. It tests both DOM + StAX clients against the

+ * StAX server.
  */
-public class HttpsTokenTest extends AbstractBusClientServerTestBase {
-    static final String PORT = allocatePort(Server.class);
+public class StaxHttpsTokenTest extends AbstractBusClientServerTestBase {
+    static final String PORT = allocatePort(StaxServer.class);
     
     private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
     private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
@@ -47,7 +48,7 @@ public class HttpsTokenTest extends Abst
             "Server failed to launch",
             // run the server in the same process
             // set this to false to fork
-            launchServer(Server.class, true)
+            launchServer(StaxServer.class, true)
         );
     }
     
@@ -61,19 +62,24 @@ public class HttpsTokenTest extends Abst
     public void testRequireClientCert() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = HttpsTokenTest.class.getResource("client/client.xml");
+        URL busFile = StaxHttpsTokenTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = HttpsTokenTest.class.getResource("DoubleItHttps.wsdl");
+        URL wsdl = StaxHttpsTokenTest.class.getResource("DoubleItHttps.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItRequireClientCertPort");
         DoubleItPortType port = 
                 service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(port, PORT);
         
+        // DOM
+        port.doubleIt(25);
+        
+        // Streaming
+        SecurityTestUtil.enableStreaming(port);
         port.doubleIt(25);
         
         // This should fail, as the client does not use a client cert
@@ -82,11 +88,20 @@ public class HttpsTokenTest extends Abst
         updateAddressPort(port, PORT);
         
         try {
+            // DOM
+            port.doubleIt(25);
+            fail("Failure expected on not using a client cert");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            // expected
+        }
+        
+        try {
+            // Streaming
+            SecurityTestUtil.enableStreaming(port);
             port.doubleIt(25);
             fail("Failure expected on not using a client cert");
         } catch (javax.xml.ws.soap.SOAPFaultException ex) {
-            String error = "HttpsToken";
-            assertTrue(ex.getMessage().contains(error));
+            // expected
         }
         
         ((java.io.Closeable)port).close();
@@ -97,32 +112,46 @@ public class HttpsTokenTest extends Abst
     public void testBasicAuth() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = HttpsTokenTest.class.getResource("client/client.xml");
+        URL busFile = StaxHttpsTokenTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = HttpsTokenTest.class.getResource("DoubleItHttps.wsdl");
+        URL wsdl = StaxHttpsTokenTest.class.getResource("DoubleItHttps.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItBasicAuthPort");
         DoubleItPortType port = 
                 service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(port, PORT);
         
+        // DOM
         port.doubleIt(25);
         
+        // Streaming
+        SecurityTestUtil.enableStreaming(port);
+        port.doubleIt(25);  
+        
         // This should fail, as the client does not send a UsernamePassword
         portQName = new QName(NAMESPACE, "DoubleItBasicAuthPort2");
         port = service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(port, PORT);
         
         try {
+            // DOM
+            port.doubleIt(25);
+            fail("Failure expected on not sending a UsernamePassword");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            // expected
+        }
+        
+        try {
+            // Streaming
+            SecurityTestUtil.enableStreaming(port);
             port.doubleIt(25);
             fail("Failure expected on not sending a UsernamePassword");
         } catch (javax.xml.ws.soap.SOAPFaultException ex) {
-            String error = "HttpsToken";
-            assertTrue(ex.getMessage().contains(error));
+            // expected
         }
         
     }

Added: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/server/StaxServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/server/StaxServer.java?rev=1500072&view=auto
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/server/StaxServer.java
(added)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/server/StaxServer.java
Fri Jul  5 17:14:41 2013
@@ -0,0 +1,47 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.ws.https.server;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class StaxServer extends AbstractBusTestServerBase {
+
+    public StaxServer() {
+
+    }
+
+    protected void run()  {
+        URL busFile = StaxServer.class.getResource("stax-server.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new StaxServer();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}

Added: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/server/stax-server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/server/stax-server.xml?rev=1500072&view=auto
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/server/stax-server.xml
(added)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/server/stax-server.xml
Fri Jul  5 17:14:41 2013
@@ -0,0 +1,162 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:jaxws="http://cxf.apache.org/jaxws"
+    xmlns:http="http://cxf.apache.org/transports/http/configuration"
+    xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+    xmlns:sec="http://cxf.apache.org/configuration/security"
+    xmlns:cxf="http://cxf.apache.org/core"
+    xmlns:p="http://cxf.apache.org/policy"
+    xsi:schemaLocation="
+        http://www.springframework.org/schema/beans                     http://www.springframework.org/schema/beans/spring-beans.xsd
+        http://cxf.apache.org/jaxws                                     http://cxf.apache.org/schemas/jaxws.xsd
+        http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+        http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd
+        http://cxf.apache.org/transports/http/configuration             http://cxf.apache.org/schemas/configuration/http-conf.xsd
+        http://cxf.apache.org/transports/http-jetty/configuration       http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+        http://cxf.apache.org/configuration/security                    http://cxf.apache.org/schemas/configuration/security.xsd
+        http://www.w3.org/ns/ws-policy                                  http://www.w3.org/2007/02/ws-policy.xsd
+    ">
+    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+    
+    <cxf:bus>
+        <cxf:features>
+            <p:policies/>
+            <cxf:logging/>
+        </cxf:features>
+    </cxf:bus>
+    
+	<jaxws:endpoint id="Symmetric128Endpoint"
+		address="http://localhost:${testutil.ports.StaxServer}/DoubleItSymmetric128"
+		serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetric128Port"
+		xmlns:s="http://www.example.org/contract/DoubleIt" 
+		implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+		wsdlLocation="org/apache/cxf/systest/ws/algsuite/DoubleItAlgSuite.wsdl">
+
+		<jaxws:properties>
+			<entry key="ws-security.callback-handler"
+				value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+			<entry key="ws-security.signature.properties"
+				value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+			<entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+			<entry key="ws-security.enable.streaming" value="true"/>
+		</jaxws:properties>
+		<jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="#DoubleItSymmetric128Policy" />
+            </p:policies>
+        </jaxws:features>
+
+	</jaxws:endpoint>
+	
+	<jaxws:endpoint id="Symmetric128Endpoint2"
+        address="http://localhost:${testutil.ports.StaxServer}/DoubleItSymmetric128no2"
+        serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetric128Port2"
+        xmlns:s="http://www.example.org/contract/DoubleIt" 
+        implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+        wsdlLocation="org/apache/cxf/systest/ws/algsuite/DoubleItAlgSuite.wsdl">
+
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+            <entry key="ws-security.signature.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+            <entry key="ws-security.enable.streaming" value="true"/>
+        </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="#DoubleItSymmetric128Policy" />
+            </p:policies>
+        </jaxws:features>
+
+    </jaxws:endpoint>
+    
+    <jaxws:endpoint id="Symmetric128Endpoint3"
+        address="http://localhost:${testutil.ports.StaxServer}/DoubleItSymmetric128no3"
+        serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetric128Port3"
+        xmlns:s="http://www.example.org/contract/DoubleIt" 
+        implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+        wsdlLocation="org/apache/cxf/systest/ws/algsuite/DoubleItAlgSuite.wsdl">
+
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+            <entry key="ws-security.signature.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+            <entry key="ws-security.enable.streaming" value="true"/>
+        </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="#DoubleItSymmetric128Policy" />
+            </p:policies>
+        </jaxws:features>
+
+    </jaxws:endpoint>
+    
+    <wsp:Policy wsu:Id="DoubleItSymmetric128Policy"
+        xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+        xmlns:wsp="http://www.w3.org/ns/ws-policy"
+        xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+        <wsp:ExactlyOne>
+            <wsp:All>
+                <sp:SymmetricBinding>
+                  <wsp:Policy>
+                    <sp:ProtectionToken>
+                       <wsp:Policy>
+                          <sp:X509Token
+                             sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+                             <wsp:Policy>
+                                <sp:WssX509V3Token10 />
+                                <sp:RequireKeyIdentifierReference />
+                             </wsp:Policy>
+                          </sp:X509Token>
+                       </wsp:Policy>
+                    </sp:ProtectionToken>
+                    <sp:Layout>
+                       <wsp:Policy>
+                          <sp:Lax/>
+                       </wsp:Policy>
+                    </sp:Layout>
+                    <sp:IncludeTimestamp/>
+                    <sp:OnlySignEntireHeadersAndBody/>
+                    <sp:AlgorithmSuite>
+                       <wsp:Policy>
+                          <sp:Basic128/>
+                       </wsp:Policy>
+                    </sp:AlgorithmSuite>
+                 </wsp:Policy>
+              </sp:SymmetricBinding>
+              <sp:EncryptedParts>
+                 <sp:Body/>
+              </sp:EncryptedParts>
+              <sp:SignedParts>
+                 <sp:Body/>
+              </sp:SignedParts>
+            </wsp:All>
+        </wsp:ExactlyOne>
+    </wsp:Policy>
+    
+</beans>

Added: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/server/stax-server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/server/stax-server.xml?rev=1500072&view=auto
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/server/stax-server.xml
(added)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/server/stax-server.xml
Fri Jul  5 17:14:41 2013
@@ -0,0 +1,161 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:jaxws="http://cxf.apache.org/jaxws"
+    xmlns:http="http://cxf.apache.org/transports/http/configuration"
+    xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+    xmlns:sec="http://cxf.apache.org/configuration/security"
+    xmlns:cxf="http://cxf.apache.org/core"
+    xmlns:p="http://cxf.apache.org/policy"
+    xsi:schemaLocation="
+        http://www.springframework.org/schema/beans                     http://www.springframework.org/schema/beans/spring-beans.xsd
+        http://cxf.apache.org/jaxws                                     http://cxf.apache.org/schemas/jaxws.xsd
+        http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+        http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd
+        http://cxf.apache.org/transports/http/configuration             http://cxf.apache.org/schemas/configuration/http-conf.xsd
+        http://cxf.apache.org/transports/http-jetty/configuration       http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+        http://cxf.apache.org/configuration/security                    http://cxf.apache.org/schemas/configuration/security.xsd
+    ">
+    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+    
+    <cxf:bus>
+        <cxf:features>
+            <p:policies/>
+            <cxf:logging/>
+        </cxf:features>
+    </cxf:bus>
+
+    <!-- -->
+    <!-- Any services listening on port 9009 must use the following -->
+    <!-- Transport Layer Security (TLS) settings -->
+    <!-- -->
+    <httpj:engine-factory id="tls-settings">
+        <httpj:engine port="${testutil.ports.StaxServer}">
+            <httpj:tlsServerParameters>
+                <sec:keyManagers keyPassword="password">
+                    <sec:keyStore type="jks" password="password" resource="org/apache/cxf/systest/ws/security/Bethal.jks"/>
+                </sec:keyManagers>
+                <sec:trustManagers>
+                    <sec:keyStore type="jks" password="password" resource="org/apache/cxf/systest/ws/security/Truststore.jks"/>
+                </sec:trustManagers> 
+                <sec:cipherSuitesFilter>
+                    <sec:include>.*_EXPORT_.*</sec:include>
+                    <sec:include>.*_EXPORT1024_.*</sec:include>
+                    <sec:include>.*_WITH_DES_.*</sec:include>
+                    <sec:include>.*_WITH_AES_.*</sec:include>
+                    <sec:include>.*_WITH_NULL_.*</sec:include>
+                    <sec:exclude>.*_DH_anon_.*</sec:exclude>
+                </sec:cipherSuitesFilter>
+                <sec:clientAuthentication want="true" required="false"/>
+            </httpj:tlsServerParameters>
+        </httpj:engine>
+    </httpj:engine-factory>
+    
+    <jaxws:endpoint 
+       id="RequireClientCert"
+       address="https://localhost:${testutil.ports.StaxServer}/DoubleItRequireClientCert"

+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItRequireClientCertPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/https/DoubleItHttps.wsdl"
+       depends-on="tls-settings">
+        
+       <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/https/req-client-cert-policy.xml"
/>
+            </p:policies>
+       </jaxws:features>
+       <jaxws:properties>
+          <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
+       id="RequireClientCert2"
+       address="https://localhost:${testutil.ports.StaxServer}/DoubleItRequireClientCert2"

+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItRequireClientCertPort2"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/https/DoubleItHttps.wsdl"
+       depends-on="tls-settings">
+        
+       <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/https/req-client-cert-policy.xml"
/>
+            </p:policies>
+       </jaxws:features>
+       <jaxws:properties>
+          <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
+       id="BasicAuth"
+       address="https://localhost:${testutil.ports.StaxServer}/DoubleItBasicAuth" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItBasicAuthPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/https/DoubleItHttps.wsdl"
+       depends-on="tls-settings">
+        
+       <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/https/basic-auth-policy.xml"
/>
+            </p:policies>
+       </jaxws:features>
+       <jaxws:properties>
+          <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
+       id="BasicAuth2"
+       address="https://localhost:${testutil.ports.StaxServer}/DoubleItBasicAuth2" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItBasicAuthPort2"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/https/DoubleItHttps.wsdl"
+       depends-on="tls-settings">
+        
+       <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/https/basic-auth-policy.xml"
/>
+            </p:policies>
+       </jaxws:features>
+       <jaxws:properties>
+          <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+    
+</beans>



Mime
View raw message