cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1528916 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/ systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/ systests/ws-security-examples/src/test/resources...
Date Thu, 03 Oct 2013 15:58:01 GMT
Author: coheigea
Date: Thu Oct  3 15:58:00 2013
New Revision: 1528916

URL: http://svn.apache.org/r1528916
Log:
Added more SAML streaming stuff

Added:
    cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/StaxSamlTokenTest.java
      - copied, changed from r1528761, cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java
    cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/StaxServer.java
    cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/stax-server.xml
Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
    cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java?rev=1528916&r1=1528915&r2=1528916&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
Thu Oct  3 15:58:00 2013
@@ -19,8 +19,10 @@
 
 package org.apache.cxf.ws.security.wss4j.policyhandlers;
 
+import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Date;
 import java.util.List;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -30,6 +32,7 @@ import javax.xml.soap.SOAPException;
 import javax.xml.soap.SOAPMessage;
 
 import org.w3c.dom.Element;
+
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.helpers.CastUtils;
@@ -66,6 +69,8 @@ import org.apache.wss4j.policy.model.Asy
 import org.apache.wss4j.policy.model.IssuedToken;
 import org.apache.wss4j.policy.model.SamlToken;
 
+import org.opensaml.common.SAMLVersion;
+
 /**
  * 
  */
@@ -127,7 +132,7 @@ public class AsymmetricBindingHandler ex
                             attached = true;
                         } 
                     }
-                } else if (initiatorToken instanceof SamlToken) {
+                } else if (initiatorToken instanceof SamlToken && isRequestor())
{
                     SamlAssertionWrapper assertionWrapper = addSamlToken((SamlToken)initiatorToken);
                     if (assertionWrapper != null) {
                         if (includeToken(initiatorToken.getIncludeTokenType())) {
@@ -136,6 +141,12 @@ public class AsymmetricBindingHandler ex
                         }
                         policyAsserted(initiatorToken);
                     }
+                } else if (initiatorToken instanceof SamlToken) {
+                    String tokenId = getSAMLToken();
+                    if (tokenId == null) {
+                        policyNotAsserted(initiatorToken, "Security token is not found or
expired");
+                        return;
+                    }
                 }
             }
             
@@ -224,6 +235,7 @@ public class AsymmetricBindingHandler ex
             initiatorWrapper = abinding.getInitiatorToken();
         }
         boolean attached = false;
+        
         if (initiatorWrapper != null) {
             AbstractToken initiatorToken = initiatorWrapper.getToken();
             if (initiatorToken instanceof IssuedToken) {
@@ -240,7 +252,7 @@ public class AsymmetricBindingHandler ex
                         attached = true;
                     } 
                 }
-            } else if (initiatorToken instanceof SamlToken) {
+            } else if (initiatorToken instanceof SamlToken && isRequestor()) {
                 try {
                     SamlAssertionWrapper assertionWrapper = addSamlToken((SamlToken)initiatorToken);
                     if (assertionWrapper != null) {
@@ -256,6 +268,12 @@ public class AsymmetricBindingHandler ex
                     LOG.log(Level.FINE, e.getMessage(), e);
                     throw new Fault(e);
                 }
+            } else if (initiatorToken instanceof SamlToken) {
+                String tokenId = getSAMLToken();
+                if (tokenId == null) {
+                    policyNotAsserted(initiatorToken, "Security token is not found or expired");
+                    return;
+                }
             }
         }
         
@@ -433,7 +451,25 @@ public class AsymmetricBindingHandler ex
                     Crypto crypto = getEncryptionCrypto(recToken);
                     
                     SecurityToken securityToken = getSecurityToken();
-                    setKeyIdentifierType(encr, recToken, encrToken);
+                    if (!isRequestor() && securityToken != null 
+                        && recToken.getToken() instanceof SamlToken) {
+                        String tokenType = securityToken.getTokenType();
+                        if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
+                            || WSConstants.SAML_NS.equals(tokenType)) {
+                            encr.setCustomEKTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
+                            encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+                            encr.setCustomEKTokenId(securityToken.getId());
+                        } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
+                            || WSConstants.SAML2_NS.equals(tokenType)) {
+                            encr.setCustomEKTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE);
+                            encr.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+                            encr.setCustomEKTokenId(securityToken.getId());
+                        } else {
+                            setKeyIdentifierType(encr, recToken, encrToken);
+                        }
+                    } else {
+                        setKeyIdentifierType(encr, recToken, encrToken);
+                    }
                     //
                     // Using a stored cert is only suitable for the Issued Token case, where
                     // we're extracting the cert from a SAML Assertion on the provider side
@@ -710,6 +746,43 @@ public class AsymmetricBindingHandler ex
         message.put(WSSecEncryptedKey.class.getName(), encrKey);
     }
 
-
-
+    private String getSAMLToken() {
+        
+        List<WSHandlerResult> results = CastUtils.cast((List<?>)message.getExchange().getInMessage()
+            .get(WSHandlerConstants.RECV_RESULTS));
+        
+        for (WSHandlerResult rResult : results) {
+            List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();
+            
+            for (WSSecurityEngineResult wser : wsSecEngineResults) {
+                Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
+                String id = (String)wser.get(WSSecurityEngineResult.TAG_ID);
+                if (actInt.intValue() == WSConstants.ST_SIGNED 
+                    || actInt.intValue() == WSConstants.ST_UNSIGNED) {
+                    Date created = new Date();
+                    Date expires = new Date();
+                    expires.setTime(created.getTime() + 300000);
+                    SecurityToken tempTok = new SecurityToken(id, created, expires);
+                    tempTok.setSecret((byte[])wser.get(WSSecurityEngineResult.TAG_SECRET));
+                    tempTok.setX509Certificate(
+                        (X509Certificate)wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE),
null
+                    );
+                    
+                    SamlAssertionWrapper samlAssertion = 
+                        (SamlAssertionWrapper)wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+                    if (samlAssertion.getSamlVersion() == SAMLVersion.VERSION_20) {
+                        tempTok.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
+                    } else {
+                        tempTok.setTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
+                    }
+                    
+                    getTokenStore().add(tempTok);
+                    message.setContextualProperty(SecurityConstants.TOKEN, tempTok);
+                    
+                    return id;
+                }
+            }
+        }
+        return null;
+    }
 }

Modified: cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java?rev=1528916&r1=1528915&r2=1528916&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java
(original)
+++ cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java
Thu Oct  3 15:58:00 2013
@@ -220,10 +220,6 @@ public class SamlTokenTest extends Abstr
         // DOM
         samlPort.doubleIt(25);
         
-        // TODO Investigate Streaming
-        // SecurityTestUtil.enableStreaming(samlPort);
-        // samlPort.doubleIt(25);
-        
         ((java.io.Closeable)samlPort).close();
         bus.shutdown(true);
     }
@@ -345,7 +341,7 @@ public class SamlTokenTest extends Abstr
         // DOM
         samlPort.doubleIt(25);
         
-        // TODO Investigate Streaming
+        // TODO Endorsing Streaming not supported yet Streaming
         // SecurityTestUtil.enableStreaming(samlPort);
         // samlPort.doubleIt(25);
         
@@ -377,7 +373,7 @@ public class SamlTokenTest extends Abstr
         // DOM
         samlPort.doubleIt(25);
         
-        // TODO Streaming
+        // TODO Endorsing SAML not supported Streaming
         // SecurityTestUtil.enableStreaming(samlPort);
         // samlPort.doubleIt(25);
         

Copied: cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/StaxSamlTokenTest.java
(from r1528761, cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/StaxSamlTokenTest.java?p2=cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/StaxSamlTokenTest.java&p1=cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java&r1=1528761&r2=1528916&rev=1528916&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java
(original)
+++ cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/StaxSamlTokenTest.java
Thu Oct  3 15:58:00 2013
@@ -41,11 +41,11 @@ import org.junit.BeforeClass;
  * A set of tests for SAML Tokens using policies defined in the OASIS spec:
  * "WS-SecurityPolicy Examples Version 1.0".
  * 
- * It tests both DOM + StAX clients against the DOM server
+ * It tests both DOM + StAX clients against the StAX server
  */
-public class SamlTokenTest extends AbstractBusClientServerTestBase {
-    static final String PORT = allocatePort(Server.class);
-    static final String PORT2 = allocatePort(Server.class, 2);
+public class StaxSamlTokenTest extends AbstractBusClientServerTestBase {
+    static final String PORT = allocatePort(StaxServer.class);
+    static final String PORT2 = allocatePort(StaxServer.class, 2);
     static final String STS_PORT = allocatePort(STSServer.class);
     
     private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
@@ -57,7 +57,7 @@ public class SamlTokenTest extends Abstr
             "Server failed to launch",
             // run the server in the same process
             // set this to false to fork
-            launchServer(Server.class, true)
+            launchServer(StaxServer.class, true)
         );
         assertTrue(
             "Server failed to launch",
@@ -80,13 +80,13 @@ public class SamlTokenTest extends Abstr
     public void testBearer() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = SamlTokenTest.class.getResource("client.xml");
+        URL busFile = StaxSamlTokenTest.class.getResource("client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItBearerPort");
         DoubleItPortType samlPort = 
@@ -111,13 +111,13 @@ public class SamlTokenTest extends Abstr
     public void testTLSSenderVouches() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = SamlTokenTest.class.getResource("client.xml");
+        URL busFile = StaxSamlTokenTest.class.getResource("client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItTLSSenderVouchesPort");
         DoubleItPortType samlPort = 
@@ -142,13 +142,13 @@ public class SamlTokenTest extends Abstr
     public void testTLSHOKSignedEndorsing() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = SamlTokenTest.class.getResource("client.xml");
+        URL busFile = StaxSamlTokenTest.class.getResource("client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItTLSHOKSignedEndorsingPort");
         DoubleItPortType samlPort = 
@@ -173,13 +173,13 @@ public class SamlTokenTest extends Abstr
     public void testAsymmetricSigned() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = SamlTokenTest.class.getResource("client.xml");
+        URL busFile = StaxSamlTokenTest.class.getResource("client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSignedPort");
         DoubleItPortType samlPort = 
@@ -204,13 +204,13 @@ public class SamlTokenTest extends Abstr
     public void testAsymmetricInitiator() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = SamlTokenTest.class.getResource("client.xml");
+        URL busFile = StaxSamlTokenTest.class.getResource("client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricInitiatorPort");
         DoubleItPortType samlPort = 
@@ -220,15 +220,10 @@ public class SamlTokenTest extends Abstr
         // DOM
         samlPort.doubleIt(25);
         
-        // TODO Investigate Streaming
-        // SecurityTestUtil.enableStreaming(samlPort);
-        // samlPort.doubleIt(25);
-        
         ((java.io.Closeable)samlPort).close();
         bus.shutdown(true);
     }
-    
-    
+
     /**
      * 2.3.2.1 (WSS1.1) SAML 2.0 Bearer
      */
@@ -236,13 +231,13 @@ public class SamlTokenTest extends Abstr
     public void testAsymmetricSaml2Bearer() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = SamlTokenTest.class.getResource("client.xml");
+        URL busFile = StaxSamlTokenTest.class.getResource("client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSaml2BearerPort");
         DoubleItPortType samlPort = 
@@ -267,13 +262,13 @@ public class SamlTokenTest extends Abstr
     public void testTLSSenderVouchesSaml2() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = SamlTokenTest.class.getResource("client.xml");
+        URL busFile = StaxSamlTokenTest.class.getResource("client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItTLSSenderVouchesSaml2Port");
         DoubleItPortType samlPort = 
@@ -298,13 +293,13 @@ public class SamlTokenTest extends Abstr
     public void testTLSHOKSignedEndorsingSaml2() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = SamlTokenTest.class.getResource("client.xml");
+        URL busFile = StaxSamlTokenTest.class.getResource("client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItTLSHOKSignedEndorsingSaml2Port");
         DoubleItPortType samlPort = 
@@ -324,18 +319,20 @@ public class SamlTokenTest extends Abstr
     
     /**
      * 2.3.2.4 (WSS1.1) SAML1.1/2.0 Sender Vouches with X.509 Certificate, Sign, Encrypt
+     * TODO Endorsing support
      */
     @org.junit.Test
+    @org.junit.Ignore
     public void testSymmetricSV() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = SamlTokenTest.class.getResource("client.xml");
+        URL busFile = StaxSamlTokenTest.class.getResource("client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItSymmetricSVPort");
         DoubleItPortType samlPort = 
@@ -345,7 +342,7 @@ public class SamlTokenTest extends Abstr
         // DOM
         samlPort.doubleIt(25);
         
-        // TODO Investigate Streaming
+        // TODO Endorsing Streaming not supported yet Streaming
         // SecurityTestUtil.enableStreaming(samlPort);
         // samlPort.doubleIt(25);
         
@@ -355,18 +352,20 @@ public class SamlTokenTest extends Abstr
     
     /**
      * 2.3.2.5 (WSS1.1) SAML1.1/2.0 Holder of Key, Sign, Encrypt
+     * TODO Endorsing Support
      */
     @org.junit.Test
+    @org.junit.Ignore
     public void testSymmetricIssuedToken() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = SamlTokenTest.class.getResource("client.xml");
+        URL busFile = StaxSamlTokenTest.class.getResource("client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
 
-        URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItSymmetricIssuedTokenPort");
         DoubleItPortType samlPort = 
@@ -377,7 +376,7 @@ public class SamlTokenTest extends Abstr
         // DOM
         samlPort.doubleIt(25);
         
-        // TODO Streaming
+        // TODO Endorsing SAML not supported Streaming
         // SecurityTestUtil.enableStreaming(samlPort);
         // samlPort.doubleIt(25);
         

Added: cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/StaxServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/StaxServer.java?rev=1528916&view=auto
==============================================================================
--- cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/StaxServer.java
(added)
+++ cxf/trunk/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/StaxServer.java
Thu Oct  3 15:58:00 2013
@@ -0,0 +1,47 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.wssec.examples.saml;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class StaxServer extends AbstractBusTestServerBase {
+
+    public StaxServer() {
+
+    }
+
+    protected void run()  {
+        URL busFile = StaxServer.class.getResource("stax-server.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new StaxServer();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}

Added: cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/stax-server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/stax-server.xml?rev=1528916&view=auto
==============================================================================
--- cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/stax-server.xml
(added)
+++ cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/stax-server.xml
Thu Oct  3 15:58:00 2013
@@ -0,0 +1,238 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:jaxws="http://cxf.apache.org/jaxws"
+    xmlns:http="http://cxf.apache.org/transports/http/configuration"
+    xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+    xmlns:sec="http://cxf.apache.org/configuration/security"
+    xmlns:cxf="http://cxf.apache.org/core"
+    xmlns:p="http://cxf.apache.org/policy"
+    xsi:schemaLocation="
+        http://www.springframework.org/schema/beans                     http://www.springframework.org/schema/beans/spring-beans.xsd
+        http://cxf.apache.org/jaxws                                     http://cxf.apache.org/schemas/jaxws.xsd
+        http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+        http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd
+        http://cxf.apache.org/transports/http/configuration             http://cxf.apache.org/schemas/configuration/http-conf.xsd
+        http://cxf.apache.org/transports/http-jetty/configuration       http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+        http://cxf.apache.org/configuration/security                    http://cxf.apache.org/schemas/configuration/security.xsd
+    ">
+    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+    
+    <cxf:bus>
+        <cxf:features>
+            <p:policies/>
+            <cxf:logging/>
+        </cxf:features>
+    </cxf:bus>
+
+    <jaxws:endpoint 
+       id="Bearer"
+       address="http://localhost:${testutil.ports.StaxServer}/DoubleItSamlBearer" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItBearerPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl"
+       wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl">
+       <jaxws:properties>
+           <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+    </jaxws:endpoint>
+    
+    <jaxws:endpoint 
+       id="TLSSenderVouches"
+       address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItSamlTLSSenderVouches"

+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItTLSSenderVouchesPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl"
+       wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl"
+       depends-on="tls-settings">
+       <jaxws:properties>
+           <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+    </jaxws:endpoint>
+    
+    <jaxws:endpoint 
+       id="TLSHOKSignedEndorsing"
+       address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItSamlTLSHOKSignedEndorsing"

+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItTLSHOKSignedEndorsingPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl"
+       wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl"
+       depends-on="tls-settings">
+       <jaxws:properties>
+           <entry key="ws-security.signature.properties" value="bob.properties"/> 
+           <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+           <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+    </jaxws:endpoint>
+    
+    <jaxws:endpoint 
+       id="AsymmetricSigned"
+       address="http://localhost:${testutil.ports.StaxServer}/DoubleItSamlAsymmetricSigned"

+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItAsymmetricSignedPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl"
+       wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl">
+       <jaxws:properties>
+           <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/>
+           <entry key="ws-security.signature.properties" value="bob.properties"/> 
+           <entry key="ws-security.encryption.username" value="useReqSigCert"/>
+           <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+           <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+    </jaxws:endpoint>
+    
+    <jaxws:endpoint 
+       id="AsymmetricInitiator"
+       address="http://localhost:${testutil.ports.StaxServer}/DoubleItSamlAsymmetricInitiator"

+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItAsymmetricInitiatorPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl"
+       wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl">
+       <jaxws:properties>
+           <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/>
+           <entry key="ws-security.signature.properties" value="bob.properties"/> 
+           <entry key="ws-security.encryption.username" value="useReqSigCert"/>
+           <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+           <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+    </jaxws:endpoint>
+    
+    <jaxws:endpoint 
+       id="AsymmetricSaml2Bearer"
+       address="http://localhost:${testutil.ports.StaxServer}/DoubleItSamlAsymmetricSaml2Bearer"

+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItAsymmetricSaml2BearerPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl"
+       wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl">
+       <jaxws:properties>
+           <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/>
+           <entry key="ws-security.signature.properties" value="bob.properties"/> 
+           <entry key="ws-security.encryption.username" value="useReqSigCert"/>
+           <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+           <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+    </jaxws:endpoint>
+    
+    <jaxws:endpoint 
+       id="TLSSenderVouchesSaml2"
+       address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItSamlTLSSenderVouchesSaml2"

+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItTLSSenderVouchesSaml2Port"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl"
+       wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl"
+       depends-on="tls-settings">
+       <jaxws:properties>
+           <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+    </jaxws:endpoint>
+    
+    <jaxws:endpoint 
+       id="TLSHOKSignedEndorsingSaml2"
+       address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItSamlTLSHOKSignedEndorsingSaml2"

+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItTLSHOKSignedEndorsingSaml2Port"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl"
+       wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl"
+       depends-on="tls-settings">
+       <jaxws:properties>
+           <entry key="ws-security.signature.properties" value="bob.properties"/> 
+           <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+           <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+    </jaxws:endpoint>
+    
+    <jaxws:endpoint 
+       id="SymmetricSV"
+       address="http://localhost:${testutil.ports.StaxServer}/DoubleItSamlSymmetricSV" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItSymmetricSVPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl"
+       wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl">
+       <jaxws:properties>
+           <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/>
+           <!-- TODO Fix the way these properties are inverted -->
+           <entry key="ws-security.signature.username" value="bob"/> 
+           <entry key="ws-security.encryption.properties" value="bob.properties"/>

+           <entry key="ws-security.signature.properties" value="alice.properties"/>

+           <entry key="ws-security.encryption.username" value="alice"/>
+           <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+           <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+    </jaxws:endpoint>
+    
+    <jaxws:endpoint 
+       id="SymmetricIssuedToken"
+       address="http://localhost:${testutil.ports.StaxServer}/DoubleItSamlSymmetricIssuedToken"

+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItSymmetricIssuedTokenPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl"
+       wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl">
+       <jaxws:properties>
+           <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/>
+           <entry key="ws-security.signature.username" value="bob"/> 
+           <entry key="ws-security.signature.properties" value="bob.properties"/> 
+           <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+           <entry key="ws-security.enable.streaming" value="true"/>
+       </jaxws:properties> 
+    </jaxws:endpoint>
+    
+    <!-- -->
+    <!-- Any services listening on port ${testutil.ports.StaxServer} must use the following
-->
+    <!-- Transport Layer Security (TLS) settings -->
+    <!-- -->
+    <httpj:engine-factory id="tls-settings">
+        <httpj:engine port="${testutil.ports.StaxServer.2}">
+            <httpj:tlsServerParameters>
+                <sec:keyManagers keyPassword="password">
+                    <sec:keyStore type="jks" password="password" resource="bob.jks"/>
+                </sec:keyManagers>
+                <sec:trustManagers>
+                    <sec:keyStore type="jks" password="password" resource="cxfca.jks"/>
+                </sec:trustManagers> 
+                <sec:cipherSuitesFilter>
+                    <sec:include>.*_EXPORT_.*</sec:include>
+                    <sec:include>.*_EXPORT1024_.*</sec:include>
+                    <sec:include>.*_WITH_DES_.*</sec:include>
+                    <sec:include>.*_WITH_AES_.*</sec:include>
+                    <sec:include>.*_WITH_NULL_.*</sec:include>
+                    <sec:exclude>.*_DH_anon_.*</sec:exclude>
+                </sec:cipherSuitesFilter>
+                <sec:clientAuthentication want="true" required="true"/>
+            </httpj:tlsServerParameters>
+        </httpj:engine>
+    </httpj:engine-factory>
+    
+</beans>

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java?rev=1528916&r1=1528915&r2=1528916&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java
Thu Oct  3 15:58:00 2013
@@ -765,6 +765,37 @@ public class StaxSamlTokenTest extends A
     }
     
     @org.junit.Test
+    public void testSaml2EndorsingOverTransportStreaming() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = StaxSamlTokenTest.class.getResource("client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSaml2EndorsingTransportPort");
+        DoubleItPortType saml2Port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(saml2Port, PORT2);
+        SecurityTestUtil.enableStreaming(saml2Port);
+        
+        SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true, true);
+        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
+        ((BindingProvider)saml2Port).getRequestContext().put(
+            "ws-security.saml-callback-handler", callbackHandler
+        );
+
+        int result = saml2Port.doubleIt(25);
+        assertTrue(result == 50);
+        
+        ((java.io.Closeable)saml2Port).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
     public void testSaml2EndorsingPKOverTransport() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
@@ -796,6 +827,38 @@ public class StaxSamlTokenTest extends A
     }
     
     @org.junit.Test
+    public void testSaml2EndorsingPKOverTransportStreaming() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = StaxSamlTokenTest.class.getResource("client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSaml2EndorsingTransportPort");
+        DoubleItPortType saml2Port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(saml2Port, PORT2);
+        SecurityTestUtil.enableStreaming(saml2Port);
+        
+        SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true, true);
+        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
+        callbackHandler.setKeyInfoIdentifier(CERT_IDENTIFIER.KEY_VALUE);
+        ((BindingProvider)saml2Port).getRequestContext().put(
+            "ws-security.saml-callback-handler", callbackHandler
+        );
+
+        int result = saml2Port.doubleIt(25);
+        assertTrue(result == 50);
+        
+        ((java.io.Closeable)saml2Port).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
     public void testSaml2EndorsingOverTransportSP11() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
@@ -1001,6 +1064,37 @@ public class StaxSamlTokenTest extends A
     }
     
     @org.junit.Test
+    public void testSaml2EndorsingEncryptedOverTransportStreaming() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = StaxSamlTokenTest.class.getResource("client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = StaxSamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSaml2EndorsingEncryptedTransportPort");
+        DoubleItPortType saml2Port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(saml2Port, PORT2);
+        SecurityTestUtil.enableStreaming(saml2Port);
+        
+        SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true, true);
+        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
+        ((BindingProvider)saml2Port).getRequestContext().put(
+            "ws-security.saml-callback-handler", callbackHandler
+        );
+
+        int result = saml2Port.doubleIt(25);
+        assertTrue(result == 50);
+        
+        ((java.io.Closeable)saml2Port).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
     public void testNoSamlToken() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();



Mime
View raw message