cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1529842 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/ services/sts/systests/basic/src/test/java/org/apache/cxf/sy...
Date Mon, 07 Oct 2013 13:47:44 GMT
Author: coheigea
Date: Mon Oct  7 13:47:43 2013
New Revision: 1529842

URL: http://svn.apache.org/r1529842
Log:
Fixed a couple of streaming WS-Security bugs + added some tests

Added:
    cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/StaxAsymmetricBindingTest.java
    cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/StaxServer.java
    cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/StaxBearerTest.java
    cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/StaxServer.java
    cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/StaxIntermediary.java
    cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/StaxSenderVouchesTest.java
    cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/StaxServer.java
    cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-stax-service.xml
    cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/bearer/cxf-stax-service.xml
      - copied, changed from r1529201, cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml
    cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-intermediary.xml
      - copied, changed from r1529201, cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml
    cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-service.xml
      - copied, changed from r1529201, cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml
Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
    cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/DoubleItPortTypeImpl.java
    cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/Saml2CallbackHandler.java
    cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java?rev=1529842&r1=1529841&r2=1529842&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java Mon Oct  7 13:47:43 2013
@@ -67,6 +67,7 @@ public class HttpsTokenInterceptorProvid
 
     public HttpsTokenInterceptorProvider() {
         super(Arrays.asList(SP11Constants.TRANSPORT_TOKEN, SP12Constants.TRANSPORT_TOKEN, 
+                            SP11Constants.ISSUED_TOKEN, SP12Constants.ISSUED_TOKEN, 
                             SP11Constants.HTTPS_TOKEN, SP12Constants.HTTPS_TOKEN));
         this.getOutInterceptors().add(new HttpsTokenOutInterceptor());
         this.getOutFaultInterceptors().add(new HttpsTokenOutInterceptor());
@@ -181,8 +182,7 @@ public class HttpsTokenInterceptorProvid
                     NegotiationUtils.getAllAssertionsByLocalname(aim, SPConstants.HTTPS_TOKEN);
                 boolean requestor = isRequestor(message);
                 if (ais.isEmpty()) {
-                    if (!requestor 
-                        && !NegotiationUtils.getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_TOKEN).isEmpty()) {
+                    if (!requestor) {
                         try {
                             assertNonHttpsTransportToken(message);
                         } catch (XMLSecurityException e) {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java?rev=1529842&r1=1529841&r2=1529842&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java Mon Oct  7 13:47:43 2013
@@ -323,6 +323,14 @@ public class StaxAsymmetricBindingHandle
             if (encUser != null) {
                 config.put(ConfigurationConstants.ENCRYPTION_USER, encUser);
             }
+            
+            //
+            // Using a stored cert is only suitable for the Issued Token case, where
+            // we're extracting the cert from a SAML Assertion on the provider side
+            //
+            if (!isRequestor() && recToken.getToken() instanceof IssuedToken) {
+                config.put(ConfigurationConstants.ENCRYPTION_USER, ConfigurationConstants.USE_REQ_SIG_CERT);
+            }
         }
     }
     

Added: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/StaxAsymmetricBindingTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/StaxAsymmetricBindingTest.java?rev=1529842&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/StaxAsymmetricBindingTest.java (added)
+++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/StaxAsymmetricBindingTest.java Mon Oct  7 13:47:43 2013
@@ -0,0 +1,204 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.asymmetric;
+
+import java.net.URL;
+import java.security.cert.X509Certificate;
+
+import javax.xml.namespace.QName;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.Service;
+
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.systest.sts.common.SecurityTestUtil;
+import org.apache.cxf.systest.sts.common.TokenTestUtils;
+import org.apache.cxf.systest.sts.deployment.STSServer;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.trust.STSClient;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.crypto.CryptoType;
+
+import org.example.contract.doubleit.DoubleItPortType;
+import org.junit.BeforeClass;
+
+/**
+ * Test the Asymmetric binding. The CXF client gets a token from the STS by authenticating via a
+ * Username Token over the symmetric binding, and then sends it to the CXF endpoint using 
+ * the asymmetric binding.
+ * 
+ * It tests both DOM + StAX clients against the StAX server
+ */
+public class StaxAsymmetricBindingTest extends AbstractBusClientServerTestBase {
+    
+    static final String STSPORT = allocatePort(STSServer.class);
+    static final String STSPORT2 = allocatePort(STSServer.class, 2);
+
+    private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
+    private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
+    
+    private static final String PORT = allocatePort(StaxServer.class);
+    
+    private static boolean standalone;
+
+    @BeforeClass
+    public static void startServers() throws Exception {
+        assertTrue(
+                "Server failed to launch",
+                // run the server in the same process
+                // set this to false to fork
+                launchServer(StaxServer.class, true)
+        );
+        String deployment = System.getProperty("sts.deployment");
+        if ("standalone".equals(deployment) || deployment == null) {
+            standalone = true;
+            assertTrue(
+                    "Server failed to launch",
+                    // run the server in the same process
+                    // set this to false to fork
+                    launchServer(STSServer.class, true)
+            );
+        }
+    }
+    
+    @org.junit.AfterClass
+    public static void cleanup() throws Exception {
+        SecurityTestUtil.cleanup();
+        stopAllServers();
+    }
+
+    @org.junit.Test
+    public void testUsernameTokenSAML1() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = StaxAsymmetricBindingTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = StaxAsymmetricBindingTest.class.getResource("DoubleIt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSAML1Port");
+        DoubleItPortType asymmetricSaml1Port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(asymmetricSaml1Port, PORT);
+        if (standalone) {
+            TokenTestUtils.updateSTSPort((BindingProvider)asymmetricSaml1Port, STSPORT2);
+        }
+        
+        // DOM
+        doubleIt(asymmetricSaml1Port, 25);
+        
+        // Streaming
+        asymmetricSaml1Port = service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(asymmetricSaml1Port, PORT);
+        if (standalone) {
+            TokenTestUtils.updateSTSPort((BindingProvider)asymmetricSaml1Port, STSPORT2);
+        }
+        SecurityTestUtil.enableStreaming(asymmetricSaml1Port);
+        doubleIt(asymmetricSaml1Port, 25);
+        
+        ((java.io.Closeable)asymmetricSaml1Port).close();
+        bus.shutdown(true);
+    }
+
+    @org.junit.Test
+    public void testUsernameTokenSAML2() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = StaxAsymmetricBindingTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = StaxAsymmetricBindingTest.class.getResource("DoubleIt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSAML2Port");
+        DoubleItPortType asymmetricSaml2Port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(asymmetricSaml2Port, PORT);
+        if (standalone) {
+            TokenTestUtils.updateSTSPort((BindingProvider)asymmetricSaml2Port, STSPORT2);
+        }
+        
+        // DOM
+        doubleIt(asymmetricSaml2Port, 30);
+        TokenTestUtils.verifyToken(asymmetricSaml2Port);
+        
+        // Streaming
+        asymmetricSaml2Port = service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(asymmetricSaml2Port, PORT);
+        if (standalone) {
+            TokenTestUtils.updateSTSPort((BindingProvider)asymmetricSaml2Port, STSPORT2);
+        }
+        SecurityTestUtil.enableStreaming(asymmetricSaml2Port);
+        doubleIt(asymmetricSaml2Port, 25);
+        
+        ((java.io.Closeable)asymmetricSaml2Port).close();
+        bus.shutdown(true);
+    }
+
+    // TODO Encrypted tokens not yet working with StAX
+    @org.junit.Test
+    @org.junit.Ignore
+    public void testUsernameTokenSAML1Encrypted() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = StaxAsymmetricBindingTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = StaxAsymmetricBindingTest.class.getResource("DoubleIt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSAML1EncryptedPort");
+        DoubleItPortType asymmetricSaml1EncryptedPort = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(asymmetricSaml1EncryptedPort, PORT);
+        if (standalone) {
+            TokenTestUtils.updateSTSPort((BindingProvider)asymmetricSaml1EncryptedPort, STSPORT2);
+        }
+        
+        // Set the X509Certificate manually on the STSClient (just to test that we can)
+        BindingProvider bindingProvider = (BindingProvider)asymmetricSaml1EncryptedPort;
+        STSClient stsClient = 
+            (STSClient)bindingProvider.getRequestContext().get(SecurityConstants.STS_CLIENT);
+        Crypto crypto = CryptoFactory.getInstance("clientKeystore.properties");
+        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+        cryptoType.setAlias("myclientkey");
+        X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
+        stsClient.setUseKeyCertificate(certs[0]);
+        
+        doubleIt(asymmetricSaml1EncryptedPort, 40);
+        
+        ((java.io.Closeable)asymmetricSaml1EncryptedPort).close();
+        bus.shutdown(true);
+    }
+
+    private static void doubleIt(DoubleItPortType port, int numToDouble) {
+        int resp = port.doubleIt(numToDouble);
+        assertEquals(numToDouble * 2 , resp);
+    }
+}

Added: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/StaxServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/StaxServer.java?rev=1529842&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/StaxServer.java (added)
+++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/StaxServer.java Mon Oct  7 13:47:43 2013
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.asymmetric;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class StaxServer extends AbstractBusTestServerBase {
+
+    public StaxServer() {
+
+    }
+
+    protected void run()  {
+        URL busFile = StaxServer.class.getResource("cxf-stax-service.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new StaxServer();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}

Added: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/StaxBearerTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/StaxBearerTest.java?rev=1529842&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/StaxBearerTest.java (added)
+++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/StaxBearerTest.java Mon Oct  7 13:47:43 2013
@@ -0,0 +1,273 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.bearer;
+
+import java.net.URL;
+
+import javax.xml.namespace.QName;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.Service;
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.endpoint.Client;
+import org.apache.cxf.endpoint.Endpoint;
+import org.apache.cxf.frontend.ClientProxy;
+import org.apache.cxf.systest.sts.common.SecurityTestUtil;
+import org.apache.cxf.systest.sts.common.TokenTestUtils;
+import org.apache.cxf.systest.sts.deployment.STSServer;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.tokenstore.MemoryTokenStore;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.wss4j.common.saml.SAMLCallback;
+import org.apache.wss4j.common.saml.SAMLUtil;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.dom.WSConstants;
+import org.example.contract.doubleit.DoubleItPortType;
+import org.junit.BeforeClass;
+
+/**
+ * Test the Bearer TokenType over TLS.
+ * 
+ * It tests both DOM + StAX clients against the StAX server
+ */
+public class StaxBearerTest extends AbstractBusClientServerTestBase {
+    
+    static final String STSPORT = allocatePort(STSServer.class);
+    static final String STSPORT2 = allocatePort(STSServer.class, 2);
+    
+    private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
+    private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
+    
+    private static final String PORT = allocatePort(StaxServer.class);
+    
+    private static boolean standalone;
+
+    @BeforeClass
+    public static void startServers() throws Exception {
+        assertTrue(
+                   "Server failed to launch",
+                   // run the server in the same process
+                   // set this to false to fork
+                   launchServer(StaxServer.class, true)
+        );
+        String deployment = System.getProperty("sts.deployment");
+        if ("standalone".equals(deployment) || deployment == null) {
+            standalone = true;
+            assertTrue(
+                    "Server failed to launch",
+                    // run the server in the same process
+                    // set this to false to fork
+                    launchServer(STSServer.class, true)
+            );
+        }
+    }
+    
+    @org.junit.AfterClass
+    public static void cleanup() throws Exception {
+        SecurityTestUtil.cleanup();
+        stopAllServers();
+    }
+
+    @org.junit.Test
+    public void testSAML2Bearer() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = StaxBearerTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = StaxBearerTest.class.getResource("DoubleIt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2BearerPort");
+        DoubleItPortType transportSaml2Port = 
+            service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(transportSaml2Port, PORT);
+        if (standalone) {
+            TokenTestUtils.updateSTSPort((BindingProvider)transportSaml2Port, STSPORT);
+        }
+        
+        // DOM
+        doubleIt(transportSaml2Port, 45);
+        
+        // Streaming
+        transportSaml2Port = 
+            service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(transportSaml2Port, PORT);
+        if (standalone) {
+            TokenTestUtils.updateSTSPort((BindingProvider)transportSaml2Port, STSPORT);
+        }
+        SecurityTestUtil.enableStreaming(transportSaml2Port);
+        doubleIt(transportSaml2Port, 45);
+        
+        ((java.io.Closeable)transportSaml2Port).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
+    public void testSAML2UnsignedBearer() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = StaxBearerTest.class.getResource("cxf-unsigned-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = StaxBearerTest.class.getResource("DoubleIt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2BearerPort");
+        DoubleItPortType transportSaml2Port = 
+            service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(transportSaml2Port, PORT);
+        if (standalone) {
+            TokenTestUtils.updateSTSPort((BindingProvider)transportSaml2Port, STSPORT);
+        }
+        
+        //
+        // Create a SAML2 Bearer Assertion and add it to the TokenStore so that the
+        // IssuedTokenInterceptorProvider does not invoke on the STS
+        //
+        Client client = ClientProxy.getClient(transportSaml2Port);
+        Endpoint ep = client.getEndpoint();
+        String id = "1234";
+        ep.getEndpointInfo().setProperty(TokenStore.class.getName(), new MemoryTokenStore());
+        ep.getEndpointInfo().setProperty(SecurityConstants.TOKEN_ID, id);
+        TokenStore store = (TokenStore)ep.getEndpointInfo().getProperty(TokenStore.class.getName());
+
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(new Saml2CallbackHandler(), samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
+        DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+        dbf.setNamespaceAware(true);
+        DocumentBuilder db = dbf.newDocumentBuilder();
+        Element assertionElement = assertion.toDOM(db.newDocument());
+        
+        SecurityToken tok = new SecurityToken(id);
+        tok.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
+        tok.setToken(assertionElement);
+        store.add(tok);
+        
+        doubleIt(transportSaml2Port, 50);
+        
+        ((java.io.Closeable)transportSaml2Port).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
+    public void testSAML2UnsignedBearerStreaming() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = StaxBearerTest.class.getResource("cxf-unsigned-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = StaxBearerTest.class.getResource("DoubleIt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2BearerPort");
+        DoubleItPortType transportSaml2Port = 
+            service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(transportSaml2Port, PORT);
+        if (standalone) {
+            TokenTestUtils.updateSTSPort((BindingProvider)transportSaml2Port, STSPORT);
+        }
+        SecurityTestUtil.enableStreaming(transportSaml2Port);
+        
+        //
+        // Create a SAML2 Bearer Assertion and add it to the TokenStore so that the
+        // IssuedTokenInterceptorProvider does not invoke on the STS
+        //
+        Client client = ClientProxy.getClient(transportSaml2Port);
+        Endpoint ep = client.getEndpoint();
+        String id = "1234";
+        ep.getEndpointInfo().setProperty(TokenStore.class.getName(), new MemoryTokenStore());
+        ep.getEndpointInfo().setProperty(SecurityConstants.TOKEN_ID, id);
+        TokenStore store = (TokenStore)ep.getEndpointInfo().getProperty(TokenStore.class.getName());
+
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(new Saml2CallbackHandler(), samlCallback);
+        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
+        DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+        dbf.setNamespaceAware(true);
+        DocumentBuilder db = dbf.newDocumentBuilder();
+        Element assertionElement = assertion.toDOM(db.newDocument());
+        
+        SecurityToken tok = new SecurityToken(id);
+        tok.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
+        tok.setToken(assertionElement);
+        store.add(tok);
+        
+        doubleIt(transportSaml2Port, 50);
+        
+        ((java.io.Closeable)transportSaml2Port).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
+    public void testSAML2BearerNoBinding() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = StaxBearerTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = StaxBearerTest.class.getResource("DoubleIt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2BearerPort2");
+        DoubleItPortType transportSaml2Port = 
+            service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(transportSaml2Port, PORT);
+        if (standalone) {
+            TokenTestUtils.updateSTSPort((BindingProvider)transportSaml2Port, STSPORT);
+        }
+        
+        // DOM
+        doubleIt(transportSaml2Port, 45);
+        
+        // Streaming
+        transportSaml2Port = 
+            service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(transportSaml2Port, PORT);
+        if (standalone) {
+            TokenTestUtils.updateSTSPort((BindingProvider)transportSaml2Port, STSPORT);
+        }
+        SecurityTestUtil.enableStreaming(transportSaml2Port);
+        doubleIt(transportSaml2Port, 45);
+        
+        ((java.io.Closeable)transportSaml2Port).close();
+        bus.shutdown(true);
+    }
+    
+    private static void doubleIt(DoubleItPortType port, int numToDouble) {
+        int resp = port.doubleIt(numToDouble);
+        assertEquals(numToDouble * 2 , resp);
+    }
+}

Added: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/StaxServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/StaxServer.java?rev=1529842&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/StaxServer.java (added)
+++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/StaxServer.java Mon Oct  7 13:47:43 2013
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.bearer;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class StaxServer extends AbstractBusTestServerBase {
+
+    public StaxServer() {
+
+    }
+
+    protected void run()  {
+        URL busFile = StaxServer.class.getResource("cxf-stax-service.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new StaxServer();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}

Modified: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/DoubleItPortTypeImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/DoubleItPortTypeImpl.java?rev=1529842&r1=1529841&r2=1529842&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/DoubleItPortTypeImpl.java (original)
+++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/DoubleItPortTypeImpl.java Mon Oct  7 13:47:43 2013
@@ -19,8 +19,6 @@
 package org.apache.cxf.systest.sts.sendervouches;
 
 import java.net.URL;
-import java.security.Principal;
-import java.util.List;
 
 import javax.annotation.Resource;
 import javax.jws.WebService;
@@ -28,17 +26,9 @@ import javax.xml.namespace.QName;
 import javax.xml.ws.BindingProvider;
 import javax.xml.ws.Service;
 import javax.xml.ws.WebServiceContext;
-import javax.xml.ws.handler.MessageContext;
 
 import org.apache.cxf.feature.Features;
-import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
-import org.apache.wss4j.dom.WSConstants;
-import org.apache.wss4j.dom.WSSecurityEngineResult;
-import org.apache.wss4j.dom.handler.WSHandlerConstants;
-import org.apache.wss4j.dom.handler.WSHandlerResult;
-import org.apache.wss4j.dom.util.WSSecurityUtil;
-
 import org.example.contract.doubleit.DoubleItPortType;
 
 @WebService(targetNamespace = "http://www.example.org/contract/DoubleIt", 
@@ -53,6 +43,8 @@ public class DoubleItPortTypeImpl extend
     @Resource
     WebServiceContext wsc;
     
+    private String port;
+    
     public int doubleIt(int numberToDouble) {
         // Delegate request to a provider
         URL wsdl = DoubleItPortTypeImpl.class.getResource("DoubleIt.wsdl");
@@ -61,7 +53,7 @@ public class DoubleItPortTypeImpl extend
         DoubleItPortType transportSAML2SupportingPort = 
             service.getPort(portQName, DoubleItPortType.class);
         try {
-            updateAddressPort(transportSAML2SupportingPort, SenderVouchesTest.PORT2);
+            updateAddressPort(transportSAML2SupportingPort, getPort());
         } catch (Exception ex) {
             ex.printStackTrace();
         }
@@ -69,20 +61,20 @@ public class DoubleItPortTypeImpl extend
         //
         // Get the principal from the request context and construct a SAML Assertion
         //
-        MessageContext context = wsc.getMessageContext();
-        final List<WSHandlerResult> handlerResults = 
-            CastUtils.cast((List<?>)context.get(WSHandlerConstants.RECV_RESULTS));
-        WSSecurityEngineResult actionResult =
-            WSSecurityUtil.fetchActionResult(handlerResults.get(0).getResults(), WSConstants.UT);
-        Principal principal = 
-            (Principal)actionResult.get(WSSecurityEngineResult.TAG_PRINCIPAL);
-        
-        Saml2CallbackHandler callbackHandler = new Saml2CallbackHandler(principal);
+        Saml2CallbackHandler callbackHandler = new Saml2CallbackHandler(wsc.getUserPrincipal());
         ((BindingProvider)transportSAML2SupportingPort).getRequestContext().put(
             "ws-security.saml-callback-handler", callbackHandler
         );
         
         return transportSAML2SupportingPort.doubleIt(numberToDouble);
     }
+
+    public String getPort() {
+        return port;
+    }
+
+    public void setPort(String port) {
+        this.port = port;
+    }
     
 }

Modified: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/Saml2CallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/Saml2CallbackHandler.java?rev=1529842&r1=1529841&r2=1529842&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/Saml2CallbackHandler.java (original)
+++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/Saml2CallbackHandler.java Mon Oct  7 13:47:43 2013
@@ -26,6 +26,9 @@ import javax.security.auth.callback.Call
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.UnsupportedCallbackException;
 
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.saml.SAMLCallback;
 import org.apache.wss4j.common.saml.bean.AttributeBean;
 import org.apache.wss4j.common.saml.bean.AttributeStatementBean;
@@ -68,7 +71,17 @@ public class Saml2CallbackHandler implem
                 attributeBean.addAttributeValue("user");
                 attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
                 callback.setAttributeStatementData(Collections.singletonList(attrBean));
-                callback.setSignAssertion(true);
+                
+                try {
+                    String file = "serviceKeystore.properties";
+                    Crypto crypto = CryptoFactory.getInstance(file);
+                    callback.setIssuerCrypto(crypto);
+                    callback.setIssuerKeyName("myservicekey");
+                    callback.setIssuerKeyPassword("skpass");
+                    callback.setSignAssertion(true);
+                } catch (WSSecurityException e) {
+                    throw new IOException(e);
+                }
             }
         }
     }

Added: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/StaxIntermediary.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/StaxIntermediary.java?rev=1529842&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/StaxIntermediary.java (added)
+++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/StaxIntermediary.java Mon Oct  7 13:47:43 2013
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.sendervouches;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class StaxIntermediary extends AbstractBusTestServerBase {
+
+    public StaxIntermediary() {
+
+    }
+
+    protected void run()  {
+        URL busFile = StaxIntermediary.class.getResource("cxf-stax-intermediary.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new StaxIntermediary();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}

Added: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/StaxSenderVouchesTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/StaxSenderVouchesTest.java?rev=1529842&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/StaxSenderVouchesTest.java (added)
+++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/StaxSenderVouchesTest.java Mon Oct  7 13:47:43 2013
@@ -0,0 +1,106 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.sendervouches;
+
+import java.net.URL;
+
+import javax.xml.namespace.QName;
+import javax.xml.ws.Service;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.systest.sts.common.SecurityTestUtil;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.example.contract.doubleit.DoubleItPortType;
+import org.junit.BeforeClass;
+
+/**
+ * In this test case, a CXF client sends a Username Token via (1-way) TLS to a CXF intermediary.
+ * The intermediary validates the UsernameToken, and then inserts the username into a SAML
+ * Assertion which it signs and sends to a provider (via TLS).
+ * 
+ * It tests both DOM + StAX clients against the StAX server
+ */
+public class StaxSenderVouchesTest extends AbstractBusClientServerTestBase {
+    
+    static final String PORT2 = allocatePort(StaxServer.class, 2);
+    
+    private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
+    private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
+    
+    private static final String PORT = allocatePort(StaxIntermediary.class);
+
+    @BeforeClass
+    public static void startServers() throws Exception {
+        assertTrue(
+            "Server failed to launch",
+            // run the server in the same process
+            // set this to false to fork
+            launchServer(StaxServer.class, true)
+        );
+        assertTrue(
+            "Server failed to launch",
+            // run the server in the same process
+            // set this to false to fork
+            launchServer(StaxIntermediary.class, true)
+        );
+    }
+    
+    @org.junit.AfterClass
+    public static void cleanup() throws Exception {
+        SecurityTestUtil.cleanup();
+        stopAllServers();
+    }
+
+    @org.junit.Test
+    public void testSenderVouches() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = StaxSenderVouchesTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = StaxSenderVouchesTest.class.getResource("DoubleIt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItTransportUTPort");
+        DoubleItPortType transportUTPort = 
+            service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(transportUTPort, PORT);
+        
+        // DOM
+        doubleIt(transportUTPort, 25);
+        
+        // Streaming
+        transportUTPort = 
+            service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(transportUTPort, PORT);
+        SecurityTestUtil.enableStreaming(transportUTPort);
+        doubleIt(transportUTPort, 45);
+        
+        ((java.io.Closeable)transportUTPort).close();
+        bus.shutdown(true);
+    }
+    
+    private static void doubleIt(DoubleItPortType port, int numToDouble) {
+        int resp = port.doubleIt(numToDouble);
+        assertEquals(numToDouble * 2 , resp);
+    }
+}

Added: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/StaxServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/StaxServer.java?rev=1529842&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/StaxServer.java (added)
+++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/sendervouches/StaxServer.java Mon Oct  7 13:47:43 2013
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.sendervouches;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class StaxServer extends AbstractBusTestServerBase {
+
+    public StaxServer() {
+
+    }
+
+    protected void run()  {
+        URL busFile = StaxServer.class.getResource("cxf-stax-service.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new StaxServer();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}

Added: cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-stax-service.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-stax-service.xml?rev=1529842&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-stax-service.xml (added)
+++ cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-stax-service.xml Mon Oct  7 13:47:43 2013
@@ -0,0 +1,96 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:cxf="http://cxf.apache.org/core"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:sec="http://cxf.apache.org/configuration/security"
+  xmlns:http="http://cxf.apache.org/transports/http/configuration"
+  xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+  xmlns:jaxws="http://cxf.apache.org/jaxws"
+  xsi:schemaLocation="
+            http://cxf.apache.org/core
+            http://cxf.apache.org/schemas/core.xsd
+            http://cxf.apache.org/configuration/security
+            http://cxf.apache.org/schemas/configuration/security.xsd
+            http://cxf.apache.org/jaxws
+            http://cxf.apache.org/schemas/jaxws.xsd
+            http://cxf.apache.org/transports/http/configuration
+            http://cxf.apache.org/schemas/configuration/http-conf.xsd
+            http://cxf.apache.org/transports/http-jetty/configuration
+            http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+            http://www.springframework.org/schema/beans
+            http://www.springframework.org/schema/beans/spring-beans.xsd">
+            
+   <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+    
+   <jaxws:endpoint id="doubleitasymmetricsaml1"
+      implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl"
+      endpointName="s:DoubleItAsymmetricSAML1Port"
+      serviceName="s:DoubleItService"
+      address="http://localhost:${testutil.ports.StaxServer}/doubleit/services/doubleitasymmetricsaml1"
+      wsdlLocation="org/apache/cxf/systest/sts/asymmetric/DoubleIt.wsdl"
+      xmlns:s="http://www.example.org/contract/DoubleIt">
+        
+      <jaxws:properties>
+         <entry key="ws-security.signature.username" value="myservicekey"/>
+         <entry key="ws-security.callback-handler" 
+                value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+         <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
+         <entry key="ws-security.is-bsp-compliant" value="false"/>
+         <entry key="ws-security.enable.streaming" value="true"/>
+      </jaxws:properties> 
+   </jaxws:endpoint>
+   
+   <jaxws:endpoint id="doubleitasymmetricsaml2"
+      implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl"
+      endpointName="s:DoubleItAsymmetricSAML2Port"
+      serviceName="s:DoubleItService"
+      address="http://localhost:${testutil.ports.StaxServer}/doubleit/services/doubleitasymmetricsaml2"
+      wsdlLocation="org/apache/cxf/systest/sts/asymmetric/DoubleIt.wsdl"
+      xmlns:s="http://www.example.org/contract/DoubleIt">
+        
+      <jaxws:properties>
+         <entry key="ws-security.signature.username" value="myservicekey"/>
+         <entry key="ws-security.callback-handler" 
+                value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+         <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
+         <entry key="ws-security.enable.streaming" value="true"/>
+      </jaxws:properties> 
+   </jaxws:endpoint>
+   
+   <jaxws:endpoint id="doubleitasymmetricsaml1encrypted"
+      implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl"
+      endpointName="s:DoubleItAsymmetricSAML1EncryptedPort"
+      serviceName="s:DoubleItService"
+      address="http://localhost:${testutil.ports.StaxServer}/doubleit/services/doubleitasymmetricsaml1encrypted"
+      wsdlLocation="org/apache/cxf/systest/sts/asymmetric/DoubleIt.wsdl"
+      xmlns:s="http://www.example.org/contract/DoubleIt">
+        
+      <jaxws:properties>
+         <entry key="ws-security.signature.username" value="myservicekey"/>
+         <entry key="ws-security.callback-handler" 
+                value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+         <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
+         <entry key="ws-security.is-bsp-compliant" value="false"/>
+         <entry key="ws-security.enable.streaming" value="true"/>
+      </jaxws:properties> 
+   </jaxws:endpoint>
+   
+</beans>
+

Copied: cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/bearer/cxf-stax-service.xml (from r1529201, cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml)
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/bearer/cxf-stax-service.xml?p2=cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/bearer/cxf-stax-service.xml&p1=cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml&r1=1529201&r2=1529842&rev=1529842&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml (original)
+++ cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/bearer/cxf-stax-service.xml Mon Oct  7 13:47:43 2013
@@ -37,35 +37,53 @@
             http://www.springframework.org/schema/beans
             http://www.springframework.org/schema/beans/spring-beans.xsd">
             
-    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
-             
-    <cxf:bus>
-        <cxf:features>
-            <cxf:logging/>
-        </cxf:features>
-    </cxf:bus>
+   <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
    
-   <jaxws:endpoint id="doubleittransportut"
-      implementor="org.apache.cxf.systest.sts.sendervouches.DoubleItPortTypeImpl"
-      endpointName="s:DoubleItTransportUTPort"
+   <jaxws:endpoint id="doubleittransportsaml2bearer"
+      implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl"
+      endpointName="s:DoubleItTransportSAML2BearerPort"
       serviceName="s:DoubleItService"
       depends-on="ClientAuthHttpsSettings"
-      address="https://localhost:${testutil.ports.Intermediary}/doubleit/services/doubleittransportut"
-      wsdlLocation="org/apache/cxf/systest/sts/sendervouches/DoubleIt.wsdl"
+      address="https://localhost:${testutil.ports.StaxServer}/doubleit/services/doubleittransportsaml2bearer"
+      wsdlLocation="org/apache/cxf/systest/sts/bearer/DoubleIt.wsdl"
       xmlns:s="http://www.example.org/contract/DoubleIt">
         
       <jaxws:properties>
-           <entry key="ws-security.callback-handler" 
-                  value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+         <entry key="ws-security.callback-handler" 
+                value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+         <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
+         <entry key="ws-security.is-bsp-compliant" value="false"/>
+         <entry key="ws-security.enable.streaming" value="true"/>
+      </jaxws:properties> 
+   </jaxws:endpoint>
+   
+   <jaxws:endpoint id="doubleittransportsaml2bearer2"
+      implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl"
+      endpointName="s:DoubleItTransportSAML2BearerPort2"
+      serviceName="s:DoubleItService"
+      depends-on="ClientAuthHttpsSettings"
+      address="https://localhost:${testutil.ports.StaxServer}/doubleit/services/doubleittransportsaml2bearer2"
+      wsdlLocation="org/apache/cxf/systest/sts/bearer/DoubleIt.wsdl"
+      xmlns:s="http://www.example.org/contract/DoubleIt">
+        
+      <jaxws:properties>
+         <entry key="ws-security.callback-handler" 
+                value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+         <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
+         <entry key="ws-security.is-bsp-compliant" value="false"/>
+         <entry key="ws-security.enable.streaming" value="true"/>
       </jaxws:properties> 
    </jaxws:endpoint>
    
    <httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf">
-   <httpj:engine port="${testutil.ports.Intermediary}">
+   <httpj:engine port="${testutil.ports.StaxServer}">
     <httpj:tlsServerParameters>
       <sec:keyManagers keyPassword="skpass">
-           <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
+          <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
       </sec:keyManagers>
+      <sec:trustManagers>
+          <sec:keyStore type="jks" password="stsspass" resource="stsstore.jks"/>
+      </sec:trustManagers>
       <sec:cipherSuitesFilter>
         <sec:include>.*_EXPORT_.*</sec:include>
         <sec:include>.*_EXPORT1024_.*</sec:include>
@@ -74,30 +92,10 @@
         <sec:include>.*_WITH_NULL_.*</sec:include>
         <sec:exclude>.*_DH_anon_.*</sec:exclude>
         </sec:cipherSuitesFilter>
-      <sec:clientAuthentication want="false" required="false"/>
+      <sec:clientAuthentication want="true" required="true"/>
     </httpj:tlsServerParameters>
    </httpj:engine>
   </httpj:engine-factory>
   
-  <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2SupportingPort" 
-                createdFromAPI="true">
-       <jaxws:properties>
-           <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
-           <entry key="ws-security.signature.username" value="myservicekey"/>
-           <entry key="ws-security.callback-handler" 
-                  value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
-       </jaxws:properties>
-   </jaxws:client>
-  
-   <http:conduit name="https://localhost.*">
-      <http:tlsClientParameters disableCNCheck="true">
-        <sec:trustManagers>
-          <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
-        </sec:trustManagers>
-        <sec:keyManagers keyPassword="skpass">
-           <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
-        </sec:keyManagers>
-      </http:tlsClientParameters>
-   </http:conduit>
 </beans>
 

Modified: cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml?rev=1529842&r1=1529841&r2=1529842&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml (original)
+++ cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml Mon Oct  7 13:47:43 2013
@@ -45,8 +45,12 @@
         </cxf:features>
     </cxf:bus>
    
+   <bean id="doubleItImpl" class="org.apache.cxf.systest.sts.sendervouches.DoubleItPortTypeImpl">
+       <property name="port" value="${testutil.ports.Server.2}" /> 
+   </bean>
+   
    <jaxws:endpoint id="doubleittransportut"
-      implementor="org.apache.cxf.systest.sts.sendervouches.DoubleItPortTypeImpl"
+      implementor="#doubleItImpl"
       endpointName="s:DoubleItTransportUTPort"
       serviceName="s:DoubleItService"
       depends-on="ClientAuthHttpsSettings"
@@ -79,16 +83,6 @@
    </httpj:engine>
   </httpj:engine-factory>
   
-  <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2SupportingPort" 
-                createdFromAPI="true">
-       <jaxws:properties>
-           <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
-           <entry key="ws-security.signature.username" value="myservicekey"/>
-           <entry key="ws-security.callback-handler" 
-                  value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
-       </jaxws:properties>
-   </jaxws:client>
-  
    <http:conduit name="https://localhost.*">
       <http:tlsClientParameters disableCNCheck="true">
         <sec:trustManagers>

Copied: cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-intermediary.xml (from r1529201, cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml)
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-intermediary.xml?p2=cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-intermediary.xml&p1=cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml&r1=1529201&r2=1529842&rev=1529842&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml (original)
+++ cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-intermediary.xml Mon Oct  7 13:47:43 2013
@@ -45,23 +45,28 @@
         </cxf:features>
     </cxf:bus>
    
+   <bean id="doubleItImpl" class="org.apache.cxf.systest.sts.sendervouches.DoubleItPortTypeImpl">
+       <property name="port" value="${testutil.ports.StaxServer.2}" /> 
+   </bean>
+   
    <jaxws:endpoint id="doubleittransportut"
-      implementor="org.apache.cxf.systest.sts.sendervouches.DoubleItPortTypeImpl"
+      implementor="#doubleItImpl"
       endpointName="s:DoubleItTransportUTPort"
       serviceName="s:DoubleItService"
       depends-on="ClientAuthHttpsSettings"
-      address="https://localhost:${testutil.ports.Intermediary}/doubleit/services/doubleittransportut"
+      address="https://localhost:${testutil.ports.StaxIntermediary}/doubleit/services/doubleittransportut"
       wsdlLocation="org/apache/cxf/systest/sts/sendervouches/DoubleIt.wsdl"
       xmlns:s="http://www.example.org/contract/DoubleIt">
         
       <jaxws:properties>
            <entry key="ws-security.callback-handler" 
                   value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+           <entry key="ws-security.enable.streaming" value="true"/>
       </jaxws:properties> 
    </jaxws:endpoint>
    
    <httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf">
-   <httpj:engine port="${testutil.ports.Intermediary}">
+   <httpj:engine port="${testutil.ports.StaxIntermediary}">
     <httpj:tlsServerParameters>
       <sec:keyManagers keyPassword="skpass">
            <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
@@ -82,10 +87,7 @@
   <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2SupportingPort" 
                 createdFromAPI="true">
        <jaxws:properties>
-           <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
-           <entry key="ws-security.signature.username" value="myservicekey"/>
-           <entry key="ws-security.callback-handler" 
-                  value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+           <entry key="ws-security.enable.streaming" value="true"/>
        </jaxws:properties>
    </jaxws:client>
   

Copied: cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-service.xml (from r1529201, cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml)
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-service.xml?p2=cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-service.xml&p1=cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml&r1=1529201&r2=1529842&rev=1529842&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-intermediary.xml (original)
+++ cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/sendervouches/cxf-stax-service.xml Mon Oct  7 13:47:43 2013
@@ -38,66 +38,51 @@
             http://www.springframework.org/schema/beans/spring-beans.xsd">
             
     <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
-             
+            
     <cxf:bus>
         <cxf:features>
             <cxf:logging/>
         </cxf:features>
     </cxf:bus>
    
-   <jaxws:endpoint id="doubleittransportut"
-      implementor="org.apache.cxf.systest.sts.sendervouches.DoubleItPortTypeImpl"
-      endpointName="s:DoubleItTransportUTPort"
+   <jaxws:endpoint id="doubleittransportsaml2supporting"
+      implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl"
+      endpointName="s:DoubleItTransportSAML2SupportingPort"
       serviceName="s:DoubleItService"
       depends-on="ClientAuthHttpsSettings"
-      address="https://localhost:${testutil.ports.Intermediary}/doubleit/services/doubleittransportut"
+      address="https://localhost:${testutil.ports.StaxServer.2}/doubleit/services/doubleittransportsaml2supporting"
       wsdlLocation="org/apache/cxf/systest/sts/sendervouches/DoubleIt.wsdl"
       xmlns:s="http://www.example.org/contract/DoubleIt">
         
       <jaxws:properties>
-           <entry key="ws-security.callback-handler" 
-                  value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+         <entry key="ws-security.encryption.properties" value="serviceKeystore.properties"/>
+         <entry key="ws-security.callback-handler" 
+                value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+         <entry key="ws-security.enable.streaming" value="true"/>
       </jaxws:properties> 
    </jaxws:endpoint>
    
    <httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf">
-   <httpj:engine port="${testutil.ports.Intermediary}">
-    <httpj:tlsServerParameters>
-      <sec:keyManagers keyPassword="skpass">
-           <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
-      </sec:keyManagers>
-      <sec:cipherSuitesFilter>
-        <sec:include>.*_EXPORT_.*</sec:include>
-        <sec:include>.*_EXPORT1024_.*</sec:include>
-        <sec:include>.*_WITH_DES_.*</sec:include>
-        <sec:include>.*_WITH_AES_.*</sec:include>
-        <sec:include>.*_WITH_NULL_.*</sec:include>
-        <sec:exclude>.*_DH_anon_.*</sec:exclude>
-        </sec:cipherSuitesFilter>
-      <sec:clientAuthentication want="false" required="false"/>
-    </httpj:tlsServerParameters>
-   </httpj:engine>
-  </httpj:engine-factory>
-  
-  <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2SupportingPort" 
-                createdFromAPI="true">
-       <jaxws:properties>
-           <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
-           <entry key="ws-security.signature.username" value="myservicekey"/>
-           <entry key="ws-security.callback-handler" 
-                  value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
-       </jaxws:properties>
-   </jaxws:client>
-  
-   <http:conduit name="https://localhost.*">
-      <http:tlsClientParameters disableCNCheck="true">
+      <httpj:engine port="${testutil.ports.StaxServer.2}">
+      <httpj:tlsServerParameters>
         <sec:trustManagers>
-          <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
+          <sec:keyStore type="jks" password="stsspass" resource="stsstore.jks"/>
         </sec:trustManagers>
-        <sec:keyManagers keyPassword="skpass">
-           <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
+        <sec:keyManagers keyPassword="stskpass">
+           <sec:keyStore type="jks" password="stsspass" resource="stsstore.jks"/>
         </sec:keyManagers>
-      </http:tlsClientParameters>
-   </http:conduit>
+        <sec:cipherSuitesFilter>
+          <sec:include>.*_EXPORT_.*</sec:include>
+          <sec:include>.*_EXPORT1024_.*</sec:include>
+          <sec:include>.*_WITH_DES_.*</sec:include>
+          <sec:include>.*_WITH_AES_.*</sec:include>
+          <sec:include>.*_WITH_NULL_.*</sec:include>
+          <sec:exclude>.*_DH_anon_.*</sec:exclude>
+        </sec:cipherSuitesFilter>
+        <sec:clientAuthentication want="true" required="true"/>
+      </httpj:tlsServerParameters>
+     </httpj:engine>
+   </httpj:engine-factory>
+
 </beans>
 



Mime
View raw message