cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1547791 [1/2] - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/asymmetric...
Date Wed, 04 Dec 2013 12:58:19 GMT
Author: coheigea
Date: Wed Dec  4 12:58:18 2013
New Revision: 1547791

URL: http://svn.apache.org/r1547791
Log:
Added a streaming STS Token Validator + a bunch of STS tests

Added:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSStaxTokenValidator.java
    cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/asymmetric_encr/StaxSTSServer.java
    cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/basic_auth/StaxServer.java
    cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/StaxSTSServer.java
    cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/binarysecuritytoken/StaxServer.java
    cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/TestParam.java
      - copied, changed from r1547756, cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/SecurityTestUtil.java
    cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/StaxSTSServer.java
    cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/asymmetric_encr/stax-cxf-sts.xml
    cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/basic_auth/stax-cxf-service.xml
    cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/batch/stax-cxf-sts.xml
    cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/binarysecuritytoken/stax-cxf-service.xml
      - copied, changed from r1547756, cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509_symmetric/cxf-stax-service.xml
    cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/stax-cxf-sts.xml
Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
    cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/asymmetric_encr/AsymmetricEncryptionTest.java
    cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/basic_auth/JaxwsBasicAuthTest.java
    cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SAMLBatchUnitTest.java
    cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/binarysecuritytoken/BinarySecurityTokenTest.java
    cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/SecurityTestUtil.java
    cxf/trunk/services/sts/systests/advanced/src/test/resources/logging.properties
    cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-stax-service.xml
    cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509_symmetric/cxf-stax-service.xml

Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSStaxTokenValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSStaxTokenValidator.java?rev=1547791&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSStaxTokenValidator.java (added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSStaxTokenValidator.java Wed Dec  4 12:58:18 2013
@@ -0,0 +1,325 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.ws.security.trust;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import org.apache.commons.codec.binary.Base64;
+
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+
+import org.apache.wss4j.binding.wss10.BinarySecurityTokenType;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.dom.message.token.BinarySecurity;
+import org.apache.wss4j.dom.message.token.KerberosSecurity;
+import org.apache.wss4j.dom.message.token.PKIPathSecurity;
+import org.apache.wss4j.dom.message.token.X509Security;
+import org.apache.wss4j.stax.ext.WSSConstants;
+import org.apache.wss4j.stax.impl.securityToken.KerberosServiceSecurityTokenImpl;
+import org.apache.wss4j.stax.impl.securityToken.SamlSecurityTokenImpl;
+import org.apache.wss4j.stax.impl.securityToken.X509PKIPathv1SecurityTokenImpl;
+import org.apache.wss4j.stax.impl.securityToken.X509V3SecurityTokenImpl;
+import org.apache.wss4j.stax.securityToken.SamlSecurityToken;
+import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
+import org.apache.wss4j.stax.validate.BinarySecurityTokenValidator;
+import org.apache.wss4j.stax.validate.BinarySecurityTokenValidatorImpl;
+import org.apache.wss4j.stax.validate.SamlTokenValidatorImpl;
+import org.apache.wss4j.stax.validate.TokenContext;
+
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
+
+/**
+ * A Streaming SAML Token Validator implementation to validate a received Token to a 
+ * SecurityTokenService (STS).
+ */
+public class STSStaxTokenValidator 
+    extends SamlTokenValidatorImpl implements BinarySecurityTokenValidator {
+    
+    private boolean alwaysValidateToSts;
+    
+    public STSStaxTokenValidator() {
+        // 
+    }
+    
+    /**
+     * Construct a new instance.
+     * @param alwaysValidateToSts whether to always validate the token to the STS
+     */
+    public STSStaxTokenValidator(boolean alwaysValidateToSts) {
+        this.alwaysValidateToSts = alwaysValidateToSts;
+    }
+    
+    @SuppressWarnings("unchecked")
+    @Override
+    public <T extends SamlSecurityToken & InboundSecurityToken> T validate(
+                                                 final SamlAssertionWrapper samlAssertionWrapper,
+                                                 final InboundSecurityToken subjectSecurityToken,
+                                                 final TokenContext tokenContext) throws WSSecurityException {
+        // Check conditions
+        checkConditions(samlAssertionWrapper);
+        
+        // Check OneTimeUse Condition
+        checkOneTimeUse(samlAssertionWrapper, 
+                        tokenContext.getWssSecurityProperties().getSamlOneTimeUseReplayCache());
+        
+        // Validate the assertion against schemas/profiles
+        validateAssertion(samlAssertionWrapper);
+
+        Crypto sigVerCrypto = null;
+        if (samlAssertionWrapper.isSigned()) {
+            sigVerCrypto = tokenContext.getWssSecurityProperties().getSignatureVerificationCrypto();
+        }
+        
+        final SoapMessage message = 
+            (SoapMessage)tokenContext.getWssSecurityProperties().getMsgContext();
+        
+        // Validate to STS if required
+        boolean valid = false;
+        if (alwaysValidateToSts) {
+            Element tokenElement = samlAssertionWrapper.getElement();
+            validateTokenToSTS(tokenElement, message);
+            valid = true;
+        }
+        final boolean stsValidated = valid;
+        
+        SamlSecurityTokenImpl securityToken = new SamlSecurityTokenImpl(
+                samlAssertionWrapper, subjectSecurityToken,
+                tokenContext.getWsSecurityContext(),
+                sigVerCrypto,
+                WSSecurityTokenConstants.KeyIdentifier_NoKeyInfo,
+                tokenContext.getWssSecurityProperties()) {
+            
+            @Override
+            public void verify() throws XMLSecurityException {
+                if (stsValidated) {
+                    // Already validated
+                    return;
+                }
+                try {
+                    super.verify();
+                } catch (XMLSecurityException ex) {
+                    SamlAssertionWrapper assertion = super.getSamlAssertionWrapper();
+                    Element tokenElement = assertion.getElement();
+                    validateTokenToSTS(tokenElement, message);
+                }
+            }
+            
+        };
+
+        securityToken.setElementPath(tokenContext.getElementPath());
+        securityToken.setXMLSecEvent(tokenContext.getFirstXMLSecEvent());
+
+        return (T)securityToken;
+    }
+    
+    @Override
+    public InboundSecurityToken validate(final BinarySecurityTokenType binarySecurityTokenType,
+                                         final TokenContext tokenContext)
+        throws WSSecurityException {
+        STSStaxBSTValidator validator = new STSStaxBSTValidator(alwaysValidateToSts);
+        return validator.validate(binarySecurityTokenType, tokenContext);
+    }
+    
+    private static void validateTokenToSTS(Element tokenElement, SoapMessage message) 
+        throws WSSecurityException {
+        SecurityToken token = new SecurityToken();
+        token.setToken(tokenElement);
+        
+        STSClient c = STSUtils.getClient(message, "sts");
+        synchronized (c) {
+            System.setProperty("noprint", "true");
+            try {
+                c.validateSecurityToken(token);
+            } catch (Exception e) {
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION, e);
+            }
+        }
+    }
+    
+    /**
+     * A Streaming SAML Token Validator implementation to validate a BinarySecurityToken to a 
+     * SecurityTokenService (STS).
+     */
+    private static class STSStaxBSTValidator extends BinarySecurityTokenValidatorImpl {
+        
+        private boolean alwaysValidateToSts;
+        
+        /**
+         * Construct a new instance.
+         * @param alwaysValidateToSts whether to always validate the token to the STS
+         */
+        public STSStaxBSTValidator(boolean alwaysValidateToSts) {
+            this.alwaysValidateToSts = alwaysValidateToSts;
+        }
+
+        @Override
+        public InboundSecurityToken validate(final BinarySecurityTokenType binarySecurityTokenType,
+                                             final TokenContext tokenContext)
+            throws WSSecurityException {
+
+            //only Base64Encoding is supported
+            if (!WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING.equals(
+                binarySecurityTokenType.getEncodingType())
+            ) {
+                throw new WSSecurityException(
+                        WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "badEncoding",
+                        binarySecurityTokenType.getEncodingType());
+            }
+
+            final byte[] securityTokenData = Base64.decodeBase64(binarySecurityTokenType.getValue());
+            final SoapMessage message = 
+                (SoapMessage)tokenContext.getWssSecurityProperties().getMsgContext();
+            
+            // Validate to STS if required
+            boolean valid = false;
+            if (alwaysValidateToSts) {
+                Element tokenElement = 
+                    convertToDOM(binarySecurityTokenType, securityTokenData);
+                validateTokenToSTS(tokenElement, message);
+                valid = true;
+            }
+            final boolean stsValidated = valid;
+            
+            try {
+                if (WSSConstants.NS_X509_V3_TYPE.equals(binarySecurityTokenType.getValueType())) {
+                    Crypto crypto = getCrypto(tokenContext.getWssSecurityProperties());
+                    X509V3SecurityTokenImpl x509V3SecurityToken = new X509V3SecurityTokenImpl(
+                            tokenContext.getWsSecurityContext(),
+                            crypto,
+                            tokenContext.getWssSecurityProperties().getCallbackHandler(),
+                            securityTokenData, binarySecurityTokenType.getId(),
+                            tokenContext.getWssSecurityProperties()
+                    ) {
+                        
+                        @Override
+                        public void verify() throws XMLSecurityException {
+                            if (stsValidated) {
+                                // Already validated
+                                return;
+                            }
+                            try {
+                                super.verify();
+                            } catch (XMLSecurityException ex) {
+                                Element tokenElement = 
+                                    convertToDOM(binarySecurityTokenType, securityTokenData);
+                                validateTokenToSTS(tokenElement, message);
+                            }
+                        }
+                    };
+                    x509V3SecurityToken.setElementPath(tokenContext.getElementPath());
+                    x509V3SecurityToken.setXMLSecEvent(tokenContext.getFirstXMLSecEvent());
+                    return x509V3SecurityToken;
+                } else if (WSSConstants.NS_X509PKIPathv1.equals(binarySecurityTokenType.getValueType())) {
+                    Crypto crypto = getCrypto(tokenContext.getWssSecurityProperties());
+                    X509PKIPathv1SecurityTokenImpl x509PKIPathv1SecurityToken = 
+                        new X509PKIPathv1SecurityTokenImpl(
+                            tokenContext.getWsSecurityContext(),
+                            crypto,
+                            tokenContext.getWssSecurityProperties().getCallbackHandler(),
+                            securityTokenData, binarySecurityTokenType.getId(),
+                            WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference,
+                            tokenContext.getWssSecurityProperties()
+                        ) {
+                            @Override
+                            public void verify() throws XMLSecurityException {
+                                if (stsValidated) {
+                                    // Already validated
+                                    return;
+                                }
+                                try {
+                                    super.verify();
+                                } catch (XMLSecurityException ex) {
+                                    Element tokenElement = 
+                                        convertToDOM(binarySecurityTokenType, securityTokenData);
+                                    validateTokenToSTS(tokenElement, message);
+                                }
+                            }
+                        };
+                    x509PKIPathv1SecurityToken.setElementPath(tokenContext.getElementPath());
+                    x509PKIPathv1SecurityToken.setXMLSecEvent(tokenContext.getFirstXMLSecEvent());
+                    return x509PKIPathv1SecurityToken;
+                } else if (WSSConstants.NS_GSS_Kerberos5_AP_REQ.equals(binarySecurityTokenType.getValueType())) {
+                    KerberosServiceSecurityTokenImpl kerberosServiceSecurityToken = 
+                        new KerberosServiceSecurityTokenImpl(
+                            tokenContext.getWsSecurityContext(),
+                            tokenContext.getWssSecurityProperties().getCallbackHandler(),
+                            securityTokenData, binarySecurityTokenType.getValueType(),
+                            binarySecurityTokenType.getId(),
+                            WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference
+                        ) {
+                            @Override
+                            public void verify() throws XMLSecurityException {
+                                if (stsValidated) {
+                                    // Already validated
+                                    return;
+                                }
+                                try {
+                                    super.verify();
+                                } catch (XMLSecurityException ex) {
+                                    Element tokenElement = 
+                                        convertToDOM(binarySecurityTokenType, securityTokenData);
+                                    validateTokenToSTS(tokenElement, message);
+                                }
+                            }
+                        };
+                    kerberosServiceSecurityToken.setElementPath(tokenContext.getElementPath());
+                    kerberosServiceSecurityToken.setXMLSecEvent(tokenContext.getFirstXMLSecEvent());
+                    return kerberosServiceSecurityToken;
+                } else {
+                    throw new WSSecurityException(
+                            WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "invalidValueType",
+                            binarySecurityTokenType.getValueType());
+                }
+            } catch (XMLSecurityException e) {
+                throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
+            }
+        }
+        
+        // Convert to DOM to send the token to the STS
+        private Element convertToDOM(
+            BinarySecurityTokenType binarySecurityTokenType,
+            byte[] securityTokenData
+        ) {
+            Document doc = DOMUtils.newDocument();
+            BinarySecurity binarySecurity = null;
+            if (WSSConstants.NS_X509_V3_TYPE.equals(binarySecurityTokenType.getValueType())) {
+                binarySecurity = new X509Security(doc);
+            } else if (WSSConstants.NS_X509PKIPathv1.equals(binarySecurityTokenType.getValueType())) {
+                binarySecurity = new PKIPathSecurity(doc);
+            } else if (WSSConstants.NS_GSS_Kerberos5_AP_REQ.equals(binarySecurityTokenType.getValueType())) {
+                binarySecurity = new KerberosSecurity(doc);
+            }
+            
+            binarySecurity.addWSSENamespace();
+            binarySecurity.addWSUNamespace();
+            binarySecurity.setEncodingType(binarySecurityTokenType.getEncodingType());
+            binarySecurity.setValueType(binarySecurityTokenType.getValueType());
+            binarySecurity.setID(binarySecurityTokenType.getId());
+            binarySecurity.setToken(securityTokenData);
+            
+            return binarySecurity.getElement();
+        }
+    }
+}

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java?rev=1547791&r1=1547790&r2=1547791&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java Wed Dec  4 12:58:18 2013
@@ -143,6 +143,7 @@ public class WSS4JStaxInInterceptor exte
             secProps.setCallbackHandler(callbackHandler);
 
             setTokenValidators(secProps, soapMessage);
+            secProps.setMsgContext(soapMessage);
             
             List<SecurityEventListener> securityEventListeners = 
                 configureSecurityEventListeners(soapMessage, secProps);
@@ -436,8 +437,10 @@ public class WSS4JStaxInInterceptor exte
                 return (Validator)((Class<?>)o).newInstance();
             } else if (o instanceof String) {
                 return (Validator)ClassLoaderUtils.loadClass(o.toString(),
-                                                             WSS4JInInterceptor.class)
+                                                             WSS4JStaxInInterceptor.class)
                                                              .newInstance();
+            } else if (o != null) {
+                LOG.info("Cannot load Validator: " + o);
             }
         } catch (RuntimeException t) {
             throw t;

Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/asymmetric_encr/AsymmetricEncryptionTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/asymmetric_encr/AsymmetricEncryptionTest.java?rev=1547791&r1=1547790&r2=1547791&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/asymmetric_encr/AsymmetricEncryptionTest.java (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/asymmetric_encr/AsymmetricEncryptionTest.java Wed Dec  4 12:58:18 2013
@@ -19,28 +19,40 @@
 package org.apache.cxf.systest.sts.asymmetric_encr;
 
 import java.net.URL;
+import java.util.Arrays;
+import java.util.Collection;
 import java.util.HashMap;
 import java.util.Map;
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.bus.spring.SpringBusFactory;
 import org.apache.cxf.systest.sts.common.SecurityTestUtil;
+import org.apache.cxf.systest.sts.common.TestParam;
 import org.apache.cxf.systest.sts.secure_conv.SecurityContextTokenUnitTest;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.trust.STSClient;
-
 import org.junit.BeforeClass;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized.Parameters;
 
 
 /**
  * In this test, a CXF client gets a token from the STS over the Asymmetric Binding. The STS is configured 
  * to encrypt the issued token, using the certificate obtained from the received signature.
  */
+@RunWith(value = org.junit.runners.Parameterized.class)
 public class AsymmetricEncryptionTest extends AbstractBusClientServerTestBase {
     
     static final String STSPORT = allocatePort(STSServer.class);
+    static final String STAX_STSPORT = allocatePort(StaxSTSServer.class);
+    
+    final TestParam test;
+    
+    public AsymmetricEncryptionTest(TestParam type) {
+        this.test = type;
+    }
     
     @BeforeClass
     public static void startServers() throws Exception {
@@ -50,6 +62,20 @@ public class AsymmetricEncryptionTest ex
                 // set this to false to fork
                 launchServer(STSServer.class, true)
         );
+        assertTrue(
+                   "Server failed to launch",
+                   // run the server in the same process
+                   // set this to false to fork
+                   launchServer(StaxSTSServer.class, true)
+        );
+    }
+    
+    @Parameters(name = "{0}")
+    public static Collection<TestParam[]> data() {
+       
+        return Arrays.asList(new TestParam[][] {{new TestParam("", false, STSPORT)},
+                                                {new TestParam("", false, STAX_STSPORT)},
+        });
     }
     
     @org.junit.AfterClass
@@ -67,15 +93,15 @@ public class AsymmetricEncryptionTest ex
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
         
-        SecurityToken token = requestSecurityToken(bus);
+        SecurityToken token = requestSecurityToken(bus, test.getStsPort());
         assertTrue(token != null);
         
         bus.shutdown(true);
     }
 
-    private SecurityToken requestSecurityToken(Bus bus) throws Exception {
+    private SecurityToken requestSecurityToken(Bus bus, String stsPort) throws Exception {
         STSClient stsClient = new STSClient(bus);
-        stsClient.setWsdlLocation("http://localhost:" + STSPORT + "/SecurityTokenService/X509?wsdl");
+        stsClient.setWsdlLocation("http://localhost:" + stsPort + "/SecurityTokenService/X509?wsdl");
         stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
         stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}X509_Port");
         stsClient.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/asymmetric_encr/StaxSTSServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/asymmetric_encr/StaxSTSServer.java?rev=1547791&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/asymmetric_encr/StaxSTSServer.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/asymmetric_encr/StaxSTSServer.java Wed Dec  4 12:58:18 2013
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.asymmetric_encr;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class StaxSTSServer extends AbstractBusTestServerBase {
+
+    public StaxSTSServer() {
+
+    }
+
+    protected void run()  {
+        URL busFile = StaxSTSServer.class.getResource("stax-cxf-sts.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new StaxSTSServer();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+    
+    public static void main(String args[]) {
+        new StaxSTSServer().run();
+    }
+}

Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/basic_auth/JaxwsBasicAuthTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/basic_auth/JaxwsBasicAuthTest.java?rev=1547791&r1=1547790&r2=1547791&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/basic_auth/JaxwsBasicAuthTest.java (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/basic_auth/JaxwsBasicAuthTest.java Wed Dec  4 12:58:18 2013
@@ -19,6 +19,8 @@
 package org.apache.cxf.systest.sts.basic_auth;
 
 import java.net.URL;
+import java.util.Arrays;
+import java.util.Collection;
 
 import javax.xml.namespace.QName;
 import javax.xml.ws.Service;
@@ -26,26 +28,38 @@ import javax.xml.ws.Service;
 import org.apache.cxf.Bus;
 import org.apache.cxf.bus.spring.SpringBusFactory;
 import org.apache.cxf.systest.sts.common.SecurityTestUtil;
+import org.apache.cxf.systest.sts.common.TestParam;
 import org.apache.cxf.systest.sts.deployment.STSServer;
+import org.apache.cxf.systest.sts.deployment.StaxSTSServer;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
-
 import org.example.contract.doubleit.DoubleItPortType;
 import org.junit.BeforeClass;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized.Parameters;
 
 /**
  * In this test case, a CXF JAX-WS client sends BasicAuth via (1-way) TLS to a CXF provider.
  * The provider converts it into Username Token and dispatches it to an STS for validation 
  * (via TLS). 
  */
+@RunWith(value = org.junit.runners.Parameterized.class)
 public class JaxwsBasicAuthTest extends AbstractBusClientServerTestBase {
     
     static final String STSPORT = allocatePort(STSServer.class);
+    static final String STAX_STSPORT = allocatePort(StaxSTSServer.class);
     
     private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
     private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
     
     private static final String PORT = allocatePort(Server.class);
+    private static final String STAX_PORT = allocatePort(StaxServer.class);
 
+    final TestParam test;
+    
+    public JaxwsBasicAuthTest(TestParam type) {
+        this.test = type;
+    }
+    
     @BeforeClass
     public static void startServers() throws Exception {
         assertTrue(
@@ -58,8 +72,30 @@ public class JaxwsBasicAuthTest extends 
                    "Server failed to launch",
                    // run the server in the same process
                    // set this to false to fork
+                   launchServer(StaxServer.class, true)
+        );
+        assertTrue(
+                   "Server failed to launch",
+                   // run the server in the same process
+                   // set this to false to fork
                    launchServer(STSServer.class, true)
         );
+        assertTrue(
+                   "Server failed to launch",
+                   // run the server in the same process
+                   // set this to false to fork
+                   launchServer(StaxSTSServer.class, true)
+        );
+    }
+    
+    @Parameters(name = "{0}")
+    public static Collection<TestParam[]> data() {
+       
+        return Arrays.asList(new TestParam[][] {{new TestParam(PORT, false, "")},
+                                                {new TestParam(PORT, true, "")},
+                                                {new TestParam(STAX_PORT, false, "")},
+                                                {new TestParam(STAX_PORT, true, "")},
+        });
     }
     
     @org.junit.AfterClass
@@ -83,7 +119,11 @@ public class JaxwsBasicAuthTest extends 
         QName portQName = new QName(NAMESPACE, "DoubleItPort");
         DoubleItPortType port = 
             service.getPort(portQName, DoubleItPortType.class);
-        updateAddressPort(port, PORT);
+        updateAddressPort(port, test.getPort());
+        
+        if (test.isStreaming()) {
+            SecurityTestUtil.enableStreaming(port);
+        }
         
         doubleIt(port, 25);
         
@@ -106,7 +146,11 @@ public class JaxwsBasicAuthTest extends 
         QName portQName = new QName(NAMESPACE, "DoubleItPort");
         DoubleItPortType port = 
             service.getPort(portQName, DoubleItPortType.class);
-        updateAddressPort(port, PORT);
+        updateAddressPort(port, test.getPort());
+        
+        if (test.isStreaming()) {
+            SecurityTestUtil.enableStreaming(port);
+        }
 
         try {
             doubleIt(port, 30);

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/basic_auth/StaxServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/basic_auth/StaxServer.java?rev=1547791&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/basic_auth/StaxServer.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/basic_auth/StaxServer.java Wed Dec  4 12:58:18 2013
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.basic_auth;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class StaxServer extends AbstractBusTestServerBase {
+
+    public StaxServer() {
+
+    }
+
+    protected void run()  {
+        URL busFile = StaxServer.class.getResource("stax-cxf-service.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new StaxServer();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}

Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SAMLBatchUnitTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SAMLBatchUnitTest.java?rev=1547791&r1=1547790&r2=1547791&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SAMLBatchUnitTest.java (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SAMLBatchUnitTest.java Wed Dec  4 12:58:18 2013
@@ -20,6 +20,8 @@ package org.apache.cxf.systest.sts.batch
 
 import java.net.URL;
 import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -27,11 +29,14 @@ import java.util.Map;
 import org.apache.cxf.Bus;
 import org.apache.cxf.bus.spring.SpringBusFactory;
 import org.apache.cxf.systest.sts.common.SecurityTestUtil;
+import org.apache.cxf.systest.sts.common.TestParam;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.trust.STSUtils;
 import org.junit.BeforeClass;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized.Parameters;
 import org.opensaml.common.xml.SAMLConstants;
 
 /**
@@ -39,9 +44,17 @@ import org.opensaml.common.xml.SAMLConst
  * It uses a simple STSClient implementation to request both a SAML 1.1 and 2.0 token at the same time.
  * Batch validation is also tested.
  */
+@RunWith(value = org.junit.runners.Parameterized.class)
 public class SAMLBatchUnitTest extends AbstractBusClientServerTestBase {
     
     static final String STSPORT = allocatePort(STSServer.class);
+    static final String STAX_STSPORT = allocatePort(StaxSTSServer.class);
+    
+    final TestParam test;
+    
+    public SAMLBatchUnitTest(TestParam type) {
+        this.test = type;
+    }
     
     @BeforeClass
     public static void startServers() throws Exception {
@@ -51,6 +64,20 @@ public class SAMLBatchUnitTest extends A
                    // set this to false to fork
                    launchServer(STSServer.class, true)
         );
+        assertTrue(
+                   "Server failed to launch",
+                   // run the server in the same process
+                   // set this to false to fork
+                   launchServer(StaxSTSServer.class, true)
+        );
+    }
+    
+    @Parameters(name = "{0}")
+    public static Collection<TestParam[]> data() {
+       
+        return Arrays.asList(new TestParam[][] {{new TestParam("", false, STSPORT)},
+                                                {new TestParam("", false, STAX_STSPORT)},
+        });
     }
     
     @org.junit.AfterClass
@@ -69,7 +96,7 @@ public class SAMLBatchUnitTest extends A
         SpringBusFactory.setThreadDefaultBus(bus);
         
         String wsdlLocation = 
-            "https://localhost:" + STSPORT + "/SecurityTokenService/Transport?wsdl";
+            "https://localhost:" + test.getStsPort() + "/SecurityTokenService/Transport?wsdl";
         
         List<BatchRequest> requestList = new ArrayList<BatchRequest>();
         BatchRequest request = new BatchRequest();

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/StaxSTSServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/StaxSTSServer.java?rev=1547791&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/StaxSTSServer.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/StaxSTSServer.java Wed Dec  4 12:58:18 2013
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.batch;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class StaxSTSServer extends AbstractBusTestServerBase {
+
+    public StaxSTSServer() {
+
+    }
+
+    protected void run()  {
+        URL busFile = StaxSTSServer.class.getResource("stax-cxf-sts.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new StaxSTSServer();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+    
+    public static void main(String args[]) {
+        new StaxSTSServer().run();
+    }
+}

Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/binarysecuritytoken/BinarySecurityTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/binarysecuritytoken/BinarySecurityTokenTest.java?rev=1547791&r1=1547790&r2=1547791&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/binarysecuritytoken/BinarySecurityTokenTest.java (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/binarysecuritytoken/BinarySecurityTokenTest.java Wed Dec  4 12:58:18 2013
@@ -19,6 +19,8 @@
 package org.apache.cxf.systest.sts.binarysecuritytoken;
 
 import java.net.URL;
+import java.util.Arrays;
+import java.util.Collection;
 
 import javax.xml.namespace.QName;
 import javax.xml.ws.Service;
@@ -26,25 +28,37 @@ import javax.xml.ws.Service;
 import org.apache.cxf.Bus;
 import org.apache.cxf.bus.spring.SpringBusFactory;
 import org.apache.cxf.systest.sts.common.SecurityTestUtil;
+import org.apache.cxf.systest.sts.common.TestParam;
 import org.apache.cxf.systest.sts.deployment.STSServer;
+import org.apache.cxf.systest.sts.deployment.StaxSTSServer;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
-
 import org.example.contract.doubleit.DoubleItPortType;
 import org.junit.BeforeClass;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized.Parameters;
 
 /**
  * In this test case, a CXF client sends a BinarySecurityToken via the Asymmetric message 
  * binding to a CXF provider. The provider dispatches the BinarySecurityToken to an STS for 
  * validation (via TLS). 
  */
+@RunWith(value = org.junit.runners.Parameterized.class)
 public class BinarySecurityTokenTest extends AbstractBusClientServerTestBase {
     
     static final String STSPORT = allocatePort(STSServer.class);
+    static final String STAX_STSPORT = allocatePort(StaxSTSServer.class);
     
     private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
     private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
 
     private static final String PORT = allocatePort(Server.class);
+    private static final String STAX_PORT = allocatePort(StaxServer.class);
+    
+    final TestParam test;
+    
+    public BinarySecurityTokenTest(TestParam type) {
+        this.test = type;
+    }
     
     @BeforeClass
     public static void startServers() throws Exception {
@@ -58,8 +72,30 @@ public class BinarySecurityTokenTest ext
                    "Server failed to launch",
                    // run the server in the same process
                    // set this to false to fork
+                   launchServer(StaxServer.class, true)
+        );
+        assertTrue(
+                   "Server failed to launch",
+                   // run the server in the same process
+                   // set this to false to fork
                    launchServer(STSServer.class, true)
         );
+        assertTrue(
+                   "Server failed to launch",
+                   // run the server in the same process
+                   // set this to false to fork
+                   launchServer(StaxSTSServer.class, true)
+        );
+    }
+    
+    @Parameters(name = "{0}")
+    public static Collection<TestParam[]> data() {
+       
+        return Arrays.asList(new TestParam[][] {{new TestParam(PORT, false, "")},
+                                                {new TestParam(PORT, true, "")},
+                                                {new TestParam(STAX_PORT, false, "")},
+                                                {new TestParam(STAX_PORT, true, "")},
+        });
     }
     
     @org.junit.AfterClass
@@ -83,7 +119,11 @@ public class BinarySecurityTokenTest ext
         QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricBSTPort");
         DoubleItPortType asymmetricBSTPort = 
             service.getPort(portQName, DoubleItPortType.class);
-        updateAddressPort(asymmetricBSTPort, PORT);
+        updateAddressPort(asymmetricBSTPort, test.getPort());
+        
+        if (test.isStreaming()) {
+            SecurityTestUtil.enableStreaming(asymmetricBSTPort);
+        }
         
         doubleIt(asymmetricBSTPort, 25);
         
@@ -106,15 +146,22 @@ public class BinarySecurityTokenTest ext
         QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricBSTPort");
         DoubleItPortType asymmetricBSTPort = 
             service.getPort(portQName, DoubleItPortType.class);
-        updateAddressPort(asymmetricBSTPort, PORT);
+        updateAddressPort(asymmetricBSTPort, test.getPort());
+        
+        if (test.isStreaming()) {
+            SecurityTestUtil.enableStreaming(asymmetricBSTPort);
+        }
 
         try {
             doubleIt(asymmetricBSTPort, 30);
             fail("Expected failure on a bad cert");
         } catch (javax.xml.ws.soap.SOAPFaultException fault) {
             String message = fault.getMessage();
-            assertTrue(message.contains("STS Authentication failed")
-                || message.contains("Validation of security token failed"));
+            if (test.isStreaming()) {
+                assertTrue(message.contains("STS Authentication failed")
+                    || message.contains("Validation of security token failed")
+                    || message.contains("PolicyViolationException"));
+            }
         }
         
         ((java.io.Closeable)asymmetricBSTPort).close();

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/binarysecuritytoken/StaxServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/binarysecuritytoken/StaxServer.java?rev=1547791&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/binarysecuritytoken/StaxServer.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/binarysecuritytoken/StaxServer.java Wed Dec  4 12:58:18 2013
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.binarysecuritytoken;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class StaxServer extends AbstractBusTestServerBase {
+
+    public StaxServer() {
+
+    }
+
+    protected void run()  {
+        URL busFile = StaxServer.class.getResource("stax-cxf-service.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new StaxServer();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}

Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/SecurityTestUtil.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/SecurityTestUtil.java?rev=1547791&r1=1547790&r2=1547791&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/SecurityTestUtil.java (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/SecurityTestUtil.java Wed Dec  4 12:58:18 2013
@@ -20,6 +20,11 @@ package org.apache.cxf.systest.sts.commo
 
 import java.io.File;
 
+import javax.xml.ws.BindingProvider;
+
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.example.contract.doubleit.DoubleItPortType;
+
 /**
  * A utility class for security tests
  */
@@ -46,4 +51,13 @@ public final class SecurityTestUtil {
         }
     }
     
+    public static void enableStreaming(DoubleItPortType port) {
+        ((BindingProvider)port).getRequestContext().put(
+            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
+        );
+        ((BindingProvider)port).getResponseContext().put(
+            SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
+        );
+    }
+    
 }

Copied: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/TestParam.java (from r1547756, cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/SecurityTestUtil.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/TestParam.java?p2=cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/TestParam.java&p1=cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/SecurityTestUtil.java&r1=1547756&r2=1547791&rev=1547791&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/SecurityTestUtil.java (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/common/TestParam.java Wed Dec  4 12:58:18 2013
@@ -18,32 +18,38 @@
  */
 package org.apache.cxf.systest.sts.common;
 
-import java.io.File;
-
 /**
- * A utility class for security tests
+ * This holds some parameters to pass to the tests to avoid duplicating code.
  */
-public final class SecurityTestUtil {
+public final class TestParam {
+    final String port;
+    final boolean streaming;
+    final String stsPort;
+    
+    public TestParam(String p, boolean b) {
+        this(p, b, null);
+    }
     
-    private SecurityTestUtil() {
-        // complete
+    public TestParam(String p, boolean b, String stsPort) {
+        port = p;
+        streaming = b;
+        this.stsPort = stsPort;
     }
     
-    public static void cleanup() {
-        String tmpDir = System.getProperty("java.io.tmpdir");
-        if (tmpDir != null) {
-            File[] tmpFiles = new File(tmpDir).listFiles();
-            if (tmpFiles != null) {
-                for (File tmpFile : tmpFiles) {
-                    if (tmpFile.exists() && (tmpFile.getName().startsWith("ws-security.nonce.cache")
-                        || tmpFile.getName().startsWith("wss4j-nonce-cache")
-                        || tmpFile.getName().startsWith("ws-security.timestamp.cache")
-                        || tmpFile.getName().startsWith("wss4j-timestamp-cache"))) {
-                        tmpFile.delete();
-                    }
-                }
-            }
-        }
+    public String toString() {
+        return port + ":" + (streaming ? "streaming" : "dom") + ":" + stsPort;
+    }
+
+    public String getPort() {
+        return port;
+    }
+
+    public boolean isStreaming() {
+        return streaming;
+    }
+
+    public String getStsPort() {
+        return stsPort;
     }
     
 }

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/StaxSTSServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/StaxSTSServer.java?rev=1547791&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/StaxSTSServer.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/deployment/StaxSTSServer.java Wed Dec  4 12:58:18 2013
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.deployment;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class StaxSTSServer extends AbstractBusTestServerBase {
+
+    public StaxSTSServer() {
+
+    }
+
+    protected void run()  {
+        URL busFile = StaxSTSServer.class.getResource("stax-cxf-sts.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new StaxSTSServer();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+    
+    public static void main(String args[]) {
+        new StaxSTSServer().run();
+    }
+}

Modified: cxf/trunk/services/sts/systests/advanced/src/test/resources/logging.properties
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/logging.properties?rev=1547791&r1=1547790&r2=1547791&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/logging.properties (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/logging.properties Wed Dec  4 12:58:18 2013
@@ -56,7 +56,7 @@ java.util.logging.FileHandler.count = 1
 java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
 
 # Limit the message that are printed on the console to WARNING and above.
-java.util.logging.ConsoleHandler.level = SEVERE
+java.util.logging.ConsoleHandler.level = INFO
 java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
 
 

Added: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/asymmetric_encr/stax-cxf-sts.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/asymmetric_encr/stax-cxf-sts.xml?rev=1547791&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/asymmetric_encr/stax-cxf-sts.xml (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/asymmetric_encr/stax-cxf-sts.xml Wed Dec  4 12:58:18 2013
@@ -0,0 +1,65 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:test="http://apache.org/hello_world_soap_http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation="         http://cxf.apache.org/core         http://cxf.apache.org/schemas/core.xsd         http://www.springframework.org/schema/beans         http://www.springframework.org/schema/beans/spring-beans-2.0.xsd         http://cxf.apache.org/jaxws                                              http://cxf.apache.org/schemas/jaxws.xsd         http://www.springframework.org/schema/util         http://www.springframework.org/schema/util/spring-util-2.0.xsd">
+    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+    <cxf:bus>
+        <cxf:features>
+            <cxf:logging/>
+        </cxf:features>
+    </cxf:bus>
+    <bean id="x509STSProviderBean" class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
+        <property name="issueOperation" ref="x509IssueDelegate"/>
+    </bean>
+    <bean id="x509IssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation">
+        <property name="tokenProviders" ref="x509SamlTokenProvider"/>
+        <property name="services" ref="x509Service"/>
+        <property name="stsProperties" ref="x509STSProperties"/>
+        <property name="encryptIssuedToken" value="true"/>
+    </bean>
+    <bean id="x509SamlTokenProvider" class="org.apache.cxf.sts.token.provider.SAMLTokenProvider">
+        </bean>
+    <bean id="x509Service" class="org.apache.cxf.sts.service.StaticService">
+        <property name="endpoints" ref="x509Endpoints"/>
+        <property name="encryptionProperties" ref="encProperties"/>
+    </bean>
+    <util:list id="x509Endpoints">
+        <value>https://localhost:(\d)*/doubleit/services/doubleittransport.*
+                </value>
+    </util:list>
+    <bean id="encProperties" class="org.apache.cxf.sts.service.EncryptionProperties">
+        <property name="encryptionAlgorithm" value="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+    </bean>
+    <bean id="x509STSProperties" class="org.apache.cxf.sts.StaticSTSProperties">
+        <property name="signaturePropertiesFile" value="stsKeystore.properties"/>
+        <property name="signatureUsername" value="mystskey"/>
+        <property name="callbackHandlerClass" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+        <property name="encryptionPropertiesFile" value="stsKeystore.properties"/>
+        <property name="issuer" value="DoubleItSTSIssuer"/>
+        <property name="encryptionUsername" value="useReqSigCert"/>
+    </bean>
+    <jaxws:endpoint xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" id="X509STS" implementor="#x509STSProviderBean" address="http://localhost:${testutil.ports.StaxSTSServer}/SecurityTokenService/X509" wsdlLocation="src/test/resources/org/apache/cxf/systest/sts/asymmetric_encr/ws-trust-1.4-service.wsdl" serviceName="ns1:SecurityTokenService" endpointName="ns1:X509_Port">
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+            <entry key="ws-security.signature.properties" value="stsKeystore.properties"/>
+            <entry key="ws-security.signature.username" value="mystskey"/>
+            <entry key="ws-security.enable.streaming" value="true"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+</beans>

Added: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/basic_auth/stax-cxf-service.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/basic_auth/stax-cxf-service.xml?rev=1547791&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/basic_auth/stax-cxf-service.xml (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/basic_auth/stax-cxf-service.xml Wed Dec  4 12:58:18 2013
@@ -0,0 +1,96 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:cxf="http://cxf.apache.org/core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:jaxrs="http://cxf.apache.org/jaxrs" xsi:schemaLocation="             http://cxf.apache.org/core             http://cxf.apache.org/schemas/core.xsd             http://cxf.apache.org/configuration/security             http://cxf.apache.org/schemas/configuration/security.xsd             http://cxf.apache.org/jaxws             http://cxf.apache.org/schemas/jaxws.xsd             http://cxf.apache.org/jaxrs             http://cxf.apache.org/schemas/jaxrs.xsd             http://cxf.apache.org/transports/http/configuration             http://cxf.apache.org/schemas/configuration/http-conf.xsd             
 http://cxf.apache.org/transports/http-jetty/configuration             http://cxf.apache.org/schemas/configuration/http-jetty.xsd             http://www.springframework.org/schema/beans             http://www.springframework.org/schema/beans/spring-beans.xsd">
+    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+    <cxf:bus>
+        <cxf:features>
+            <cxf:logging/>
+        </cxf:features>
+    </cxf:bus>
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" implementor="org.apache.cxf.systest.sts.basic_auth.DoubleItPortTypeImpl" endpointName="s:DoubleItPort" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.StaxServer}/doubleit/services/doubleit" wsdlLocation="src/test/resources/org/apache/cxf/systest/sts/basic_auth/DoubleIt.wsdl">
+        <jaxws:inInterceptors>
+            <ref bean="basicAuthValidator"/>
+        </jaxws:inInterceptors>
+        <jaxws:properties>
+            <entry key="ws-security.sts.client">
+                <ref bean="stsclient"/>
+            </entry>
+            <entry key="ws-security.enable.streaming" value="true"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+    <jaxrs:server modelRef="classpath:org/apache/cxf/systest/sts/basic_auth/jaxrs.xml" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.StaxServer}/doubleit/services/doubleit-rs">
+        <jaxrs:inInterceptors>
+            <ref bean="basicAuthValidator"/>
+        </jaxrs:inInterceptors>
+        <jaxrs:properties>
+            <entry key="ws-security.sts.client">
+                <ref bean="stsclient"/>
+            </entry>
+        </jaxrs:properties>
+    </jaxrs:server>
+    <bean id="basicAuthValidator" class="org.apache.cxf.ws.security.trust.AuthPolicyValidatingInterceptor">
+        <property name="validator">
+            <bean class="org.apache.cxf.ws.security.trust.STSTokenValidator">
+                <constructor-arg value="true"/>
+            </bean>
+        </property>
+    </bean>
+    <bean id="stsclient" class="org.apache.cxf.ws.security.trust.STSClient">
+        <constructor-arg ref="cxf"/>
+        <property name="wsdlLocation" value="https://localhost:${testutil.ports.StaxSTSServer}/SecurityTokenService/Transport?wsdl"/>
+        <property name="serviceName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"/>
+        <property name="endpointName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port"/>
+        <property name="properties">
+            <map>
+                <entry key="ws-security.username" value="bob"/>
+                <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+                <entry key="ws-security.enable.streaming" value="true"/>
+            </map>
+        </property>
+    </bean>
+    <httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf">
+        <httpj:engine port="${testutil.ports.StaxServer}">
+            <httpj:tlsServerParameters>
+                <sec:keyManagers keyPassword="skpass">
+                    <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
+                </sec:keyManagers>
+                <sec:cipherSuitesFilter>
+                    <sec:include>.*_EXPORT_.*</sec:include>
+                    <sec:include>.*_EXPORT1024_.*</sec:include>
+                    <sec:include>.*_WITH_DES_.*</sec:include>
+                    <sec:include>.*_WITH_AES_.*</sec:include>
+                    <sec:include>.*_WITH_NULL_.*</sec:include>
+                    <sec:exclude>.*_DH_anon_.*</sec:exclude>
+                </sec:cipherSuitesFilter>
+                <sec:clientAuthentication want="false" required="false"/>
+            </httpj:tlsServerParameters>
+        </httpj:engine>
+    </httpj:engine-factory>
+    <http:conduit name="https://localhost.*">
+        <http:tlsClientParameters disableCNCheck="true">
+            <sec:trustManagers>
+                <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
+            </sec:trustManagers>
+            <sec:keyManagers keyPassword="skpass">
+                <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
+            </sec:keyManagers>
+        </http:tlsClientParameters>
+    </http:conduit>
+</beans>

Added: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/batch/stax-cxf-sts.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/batch/stax-cxf-sts.xml?rev=1547791&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/batch/stax-cxf-sts.xml (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/batch/stax-cxf-sts.xml Wed Dec  4 12:58:18 2013
@@ -0,0 +1,130 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:cxf="http://cxf.apache.org/core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation="             http://cxf.apache.org/core             http://cxf.apache.org/schemas/core.xsd             http://cxf.apache.org/configuration/security             http://cxf.apache.org/schemas/configuration/security.xsd             http://cxf.apache.org/jaxws             http://cxf.apache.org/schemas/jaxws.xsd             http://cxf.apache.org/transports/http/configuration             http://cxf.apache.org/schemas/configuration/http-conf.xsd             http://cxf.apache.org/transports/http-jetty/configuration             http://c
 xf.apache.org/schemas/configuration/http-jetty.xsd             http://www.springframework.org/schema/beans             http://www.springframework.org/schema/beans/spring-beans.xsd             http://www.springframework.org/schema/util             http://www.springframework.org/schema/util/spring-util-2.0.xsd">
+    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+    <cxf:bus>
+        <cxf:features>
+            <cxf:logging/>
+        </cxf:features>
+    </cxf:bus>
+    <bean id="transportSTSProviderBean" class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
+        <property name="issueOperation" ref="transportIssueDelegate"/>
+        <property name="validateOperation" ref="transportValidateDelegate"/>
+        <property name="requestCollectionOperation" ref="transportRequestCollectionDelegate"/>
+    </bean>
+    <bean id="transportIssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation">
+        <property name="tokenProviders" ref="transportTokenProviders"/>
+        <property name="services" ref="transportService"/>
+        <property name="stsProperties" ref="transportSTSProperties"/>
+        <property name="claimsManager" ref="claimsManager"/>
+        <property name="tokenStore" ref="defaultTokenStore"/>
+    </bean>
+    <bean id="transportValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation">
+        <property name="tokenProviders" ref="transportTokenProviders"/>
+        <property name="tokenValidators" ref="transportTokenValidators"/>
+        <property name="stsProperties" ref="transportSTSProperties"/>
+        <property name="tokenStore" ref="defaultTokenStore"/>
+    </bean>
+    <bean id="transportRequestCollectionDelegate" class="org.apache.cxf.sts.operation.TokenRequestCollectionOperation">
+        <property name="issueSingleOperation" ref="transportIssueDelegate"/>
+        <property name="validateOperation" ref="transportValidateDelegate"/>
+    </bean>
+    <bean id="defaultTokenStore" class="org.apache.cxf.sts.cache.DefaultInMemoryTokenStore">
+        </bean>
+    <util:list id="transportTokenProviders">
+        <ref bean="transportSamlTokenProvider"/>
+    </util:list>
+    <util:list id="transportTokenValidators">
+        <ref bean="transportSamlTokenValidator"/>
+    </util:list>
+    <bean id="transportSamlTokenProvider" class="org.apache.cxf.sts.token.provider.SAMLTokenProvider">
+        <property name="attributeStatementProviders" ref="attributeStatementProvidersList"/>
+        <property name="conditionsProvider" ref="SAMLConditionsProvider"/>
+    </bean>
+    <util:list id="attributeStatementProvidersList">
+        <ref bean="defaultAttributeProvider"/>
+        <ref bean="customAttributeProvider"/>
+    </util:list>
+    <bean id="defaultAttributeProvider" class="org.apache.cxf.sts.token.provider.DefaultAttributeStatementProvider">
+        </bean>
+    <bean id="customAttributeProvider" class="org.apache.cxf.systest.sts.deployment.CustomAttributeStatementProvider">
+        </bean>
+    <bean id="claimsManager" class="org.apache.cxf.sts.claims.ClaimsManager">
+        <property name="claimHandlers" ref="claimHandlerList"/>
+    </bean>
+    <util:list id="claimHandlerList">
+        <ref bean="customClaimsHandler"/>
+    </util:list>
+    <bean id="customClaimsHandler" class="org.apache.cxf.systest.sts.deployment.CustomClaimsHandler">
+        </bean>
+    <bean id="transportX509TokenValidator" class="org.apache.cxf.sts.token.validator.X509TokenValidator">
+        </bean>
+    <bean id="transportSamlTokenValidator" class="org.apache.cxf.sts.token.validator.SAMLTokenValidator">
+        </bean>
+    <bean id="SAMLConditionsProvider" class="org.apache.cxf.sts.token.provider.DefaultConditionsProvider">
+        <property name="acceptClientLifetime" value="true"/>
+    </bean>
+    <bean id="transportService" class="org.apache.cxf.sts.service.StaticService">
+        <property name="endpoints" ref="transportEndpoints"/>
+    </bean>
+    <util:list id="transportEndpoints">
+        <value>https://localhost:(\d)*/doubleit/services/doubleittransport.*
+                </value>
+    </util:list>
+    <bean id="transportSTSProperties" class="org.apache.cxf.sts.StaticSTSProperties">
+        <property name="signaturePropertiesFile" value="stsKeystore.properties"/>
+        <property name="signatureUsername" value="mystskey"/>
+        <property name="callbackHandlerClass" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+        <property name="encryptionPropertiesFile" value="stsKeystore.properties"/>
+        <property name="issuer" value="DoubleItSTSIssuer"/>
+        <property name="encryptionUsername" value="myservicekey"/>
+    </bean>
+    <jaxws:endpoint xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" id="localSTS" implementor="#transportSTSProviderBean" address="https://localhost:${testutil.ports.StaxSTSServer}/SecurityTokenService/Transport" wsdlLocation="src/test/resources/org/apache/cxf/systest/sts/batch/ws-trust-1.4-service.wsdl" depends-on="ClientAuthHttpsSettings" serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Port">
+        <jaxws:properties>
+            <entry key="ws-security.enable.streaming" value="true"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+    <jaxws:endpoint xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" id="localSTS2" implementor="#transportSTSProviderBean" address="https://localhost:${testutil.ports.StaxSTSServer}/SecurityTokenService/Transport2" wsdlLocation="src/test/resources/org/apache/cxf/systest/sts/batch/ws-trust-1.4-service.wsdl" depends-on="ClientAuthHttpsSettings" serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Port2">
+        <jaxws:properties>
+            <entry key="ws-security.enable.streaming" value="true"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+    <httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf">
+        <httpj:engine port="${testutil.ports.StaxSTSServer}">
+            <httpj:tlsServerParameters>
+                <sec:trustManagers>
+                    <sec:keyStore type="jks" password="stsspass" resource="stsstore.jks"/>
+                </sec:trustManagers>
+                <sec:keyManagers keyPassword="stskpass">
+                    <sec:keyStore type="jks" password="stsspass" resource="stsstore.jks"/>
+                </sec:keyManagers>
+                <sec:cipherSuitesFilter>
+                    <sec:include>.*_EXPORT_.*</sec:include>
+                    <sec:include>.*_EXPORT1024_.*</sec:include>
+                    <sec:include>.*_WITH_DES_.*</sec:include>
+                    <sec:include>.*_WITH_AES_.*</sec:include>
+                    <sec:include>.*_WITH_NULL_.*</sec:include>
+                    <sec:exclude>.*_DH_anon_.*</sec:exclude>
+                </sec:cipherSuitesFilter>
+                <sec:clientAuthentication want="true" required="true"/>
+            </httpj:tlsServerParameters>
+        </httpj:engine>
+    </httpj:engine-factory>
+</beans>

Copied: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/binarysecuritytoken/stax-cxf-service.xml (from r1547756, cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509_symmetric/cxf-stax-service.xml)
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/binarysecuritytoken/stax-cxf-service.xml?p2=cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/binarysecuritytoken/stax-cxf-service.xml&p1=cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509_symmetric/cxf-stax-service.xml&r1=1547756&r2=1547791&rev=1547791&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509_symmetric/cxf-stax-service.xml (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/binarysecuritytoken/stax-cxf-service.xml Wed Dec  4 12:58:18 2013
@@ -19,34 +19,47 @@
 -->
 <beans xmlns="http://www.springframework.org/schema/beans" xmlns:cxf="http://cxf.apache.org/core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xsi:schemaLocation="             http://cxf.apache.org/core             http://cxf.apache.org/schemas/core.xsd             http://cxf.apache.org/configuration/security             http://cxf.apache.org/schemas/configuration/security.xsd             http://cxf.apache.org/jaxws             http://cxf.apache.org/schemas/jaxws.xsd             http://cxf.apache.org/transports/http/configuration             http://cxf.apache.org/schemas/configuration/http-conf.xsd             http://cxf.apache.org/transports/http-jetty/configuration             http://cxf.apache.org/schemas/configuration/http-jetty.xsd      
        http://www.springframework.org/schema/beans             http://www.springframework.org/schema/beans/spring-beans.xsd">
     <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleitsymmetricsaml1" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItSymmetricSAML1Port" serviceName="s:DoubleItService" address="http://localhost:${testutil.ports.StaxServer}/doubleit/services/doubleitsymmetricsaml1" wsdlLocation="org/apache/cxf/systest/sts/x509_symmetric/DoubleIt.wsdl">
+    <cxf:bus>
+        <cxf:features>
+            <cxf:logging/>
+        </cxf:features>
+    </cxf:bus>
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleitasymmetricbst" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItAsymmetricBSTPort" serviceName="s:DoubleItService" address="http://localhost:${testutil.ports.StaxServer}/doubleit/services/doubleitasymmetricbst" wsdlLocation="org/apache/cxf/systest/sts/binarysecuritytoken/DoubleIt.wsdl">
         <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
-            <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
-            <entry key="ws-security.is-bsp-compliant" value="false"/>
-            <entry key="ws-security.saml1.validator">
-                <bean class="org.apache.cxf.ws.security.trust.STSTokenValidator"/>
-            </entry>
-            <entry key="ws-security.enable.streaming" value="true"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleitsymmetricsaml2" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItSymmetricSAML2Port" serviceName="s:DoubleItService" address="http://localhost:${testutil.ports.StaxServer}/doubleit/services/doubleitsymmetricsaml2" wsdlLocation="org/apache/cxf/systest/sts/x509_symmetric/DoubleIt.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
-            <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
-            <entry key="ws-security.is-bsp-compliant" value="false"/>
-            <entry key="ws-security.saml2.validator">
-                <bean class="org.apache.cxf.ws.security.trust.STSTokenValidator"/>
+            <entry key="ws-security.callback-handler" value="common.CommonCallbackHandler"/>
+            <entry key="ws-security.bst.validator">
+                <bean class="org.apache.cxf.ws.security.trust.STSStaxTokenValidator"/>
             </entry>
-            <entry key="ws-security.enable.streaming" value="true"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleitsymmetricsaml2endorsing" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItSymmetricSAML2EndorsingPort" serviceName="s:DoubleItService" address="http://localhost:${testutil.ports.StaxServer}/doubleit/services/doubleitsymmetricsaml2endorsing" wsdlLocation="org/apache/cxf/systest/sts/x509_symmetric/DoubleIt.wsdl">
-        <jaxws:properties>
+            <entry key="ws-security.signature.username" value="myservicekey"/>
             <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
             <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
-            <entry key="ws-security.is-bsp-compliant" value="false"/>
+            <entry key="ws-security.encryption.username" value="useReqSigCert"/>
             <entry key="ws-security.enable.streaming" value="true"/>
+            <entry key="ws-security.sts.client">
+                <bean class="org.apache.cxf.ws.security.trust.STSClient">
+                    <constructor-arg ref="cxf"/>
+                    <property name="wsdlLocation" value="https://localhost:${testutil.ports.StaxSTSServer}/SecurityTokenService/Transport?wsdl"/>
+                    <property name="serviceName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"/>
+                    <property name="endpointName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port"/>
+                    <property name="properties">
+                        <map>
+                            <entry key="ws-security.username" value="bob"/>
+                            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+                            <entry key="ws-security.enable.streaming" value="true"/>
+                        </map>
+                    </property>
+                </bean>
+            </entry>
         </jaxws:properties>
     </jaxws:endpoint>
+    <http:conduit name="https://localhost.*">
+        <http:tlsClientParameters disableCNCheck="true">
+            <sec:trustManagers>
+                <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
+            </sec:trustManagers>
+            <sec:keyManagers keyPassword="skpass">
+                <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
+            </sec:keyManagers>
+        </http:tlsClientParameters>
+    </http:conduit>
 </beans>



Mime
View raw message