cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1548129 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts...
Date Thu, 05 Dec 2013 13:22:12 GMT
Author: coheigea
Date: Thu Dec  5 13:22:11 2013
New Revision: 1548129

URL: http://svn.apache.org/r1548129
Log:
Finished with STS system test refactoring

Added:
    cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/StaxClaimsValidator.java
    cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/StaxServer.java
    cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/StaxSTSServer.java
    cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/StaxSTSServer.java
    cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/StaxServer.java
    cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/stax-cxf-service.xml
    cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/stax-cxf-sts.xml
    cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/stax-cxf-sts.xml
    cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/soap12/stax-cxf-service.xml
Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
    cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java
    cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/cross_domain/CrossDomainTest.java
    cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/SAMLRenewUnitTest.java
    cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecurityContextTokenUnitTest.java
    cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/Soap12Test.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1548129&r1=1548128&r2=1548129&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Thu Dec  5 13:22:11 2013
@@ -852,6 +852,9 @@ public class WSS4JInInterceptor extends 
                         return (Validator)ClassLoaderUtils.loadClass(o.toString(),
                                                                      WSS4JInInterceptor.class)
                                                                      .newInstance();
+                    } else if (o != null) {
+                        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, 
+                                                      "Cannot load Validator: " + o);
                     }
                 } catch (RuntimeException t) {
                     throw t;

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java?rev=1548129&r1=1548128&r2=1548129&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java Thu Dec  5 13:22:11 2013
@@ -440,7 +440,8 @@ public class WSS4JStaxInInterceptor exte
                                                              WSS4JStaxInInterceptor.class)
                                                              .newInstance();
             } else if (o != null) {
-                LOG.info("Cannot load Validator: " + o);
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, 
+                                                  "Cannot load Validator: " + o);
             }
         } catch (RuntimeException t) {
             throw t;

Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java?rev=1548129&r1=1548128&r2=1548129&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java Thu Dec  5 13:22:11 2013
@@ -19,32 +19,48 @@
 package org.apache.cxf.systest.sts.claims;
 
 import java.net.URL;
+import java.util.Arrays;
+import java.util.Collection;
 
 import javax.xml.namespace.QName;
+import javax.xml.ws.BindingProvider;
 import javax.xml.ws.Service;
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.bus.spring.SpringBusFactory;
 import org.apache.cxf.systest.sts.common.SecurityTestUtil;
+import org.apache.cxf.systest.sts.common.TestParam;
+import org.apache.cxf.systest.sts.common.TokenTestUtils;
 import org.apache.cxf.systest.sts.deployment.STSServer;
+import org.apache.cxf.systest.sts.deployment.StaxSTSServer;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
-
 import org.example.contract.doubleit.DoubleItPortType;
 import org.junit.BeforeClass;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized.Parameters;
 
 /**
  * Test sending claims that are defined in the policy of the WSDL to the STS for evaluation.
  * The SAML token is tested on the service side for the correct claims (role) information via a 
  * custom validator.
  */
+@RunWith(value = org.junit.runners.Parameterized.class)
 public class ClaimsTest extends AbstractBusClientServerTestBase {
     
     static final String STSPORT = allocatePort(STSServer.class);
+    static final String STAX_STSPORT = allocatePort(StaxSTSServer.class);
     
     private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
     private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
     
     private static final String PORT = allocatePort(Server.class);
+    private static final String STAX_PORT = allocatePort(StaxServer.class);
+    
+    final TestParam test;
+    
+    public ClaimsTest(TestParam type) {
+        this.test = type;
+    }
 
     @BeforeClass
     public static void startServers() throws Exception {
@@ -56,11 +72,38 @@ public class ClaimsTest extends Abstract
                 launchServer(Server.class, true)
         );
         assertTrue(
+                   "Server failed to launch",
+                   // run the server in the same process
+                   // set this to false to fork
+                   launchServer(StaxServer.class, true)
+        );
+        assertTrue(
                 "Server failed to launch",
                 // run the server in the same process
                 // set this to false to fork
                 launchServer(STSServer.class, true)
         );
+        assertTrue(
+                   "Server failed to launch",
+                   // run the server in the same process
+                   // set this to false to fork
+                   launchServer(StaxSTSServer.class, true)
+        );
+    }
+    
+    @Parameters(name = "{0}")
+    public static Collection<TestParam[]> data() {
+       
+        return Arrays.asList(new TestParam[][] {{new TestParam(PORT, false, STSPORT)},
+                                                {new TestParam(PORT, true, STSPORT)},
+                                                {new TestParam(STAX_PORT, false, STSPORT)},
+                                                {new TestParam(STAX_PORT, true, STSPORT)},
+                                                
+                                                {new TestParam(PORT, false, STAX_STSPORT)},
+                                                {new TestParam(PORT, true, STAX_STSPORT)},
+                                                {new TestParam(STAX_PORT, false, STAX_STSPORT)},
+                                                {new TestParam(STAX_PORT, true, STAX_STSPORT)},
+        });
     }
     
     @org.junit.AfterClass
@@ -84,7 +127,13 @@ public class ClaimsTest extends Abstract
         QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML1ClaimsPort");
         DoubleItPortType transportClaimsPort = 
             service.getPort(portQName, DoubleItPortType.class);
-        updateAddressPort(transportClaimsPort, PORT);
+        updateAddressPort(transportClaimsPort, test.getPort());
+        
+        TokenTestUtils.updateSTSPort((BindingProvider)transportClaimsPort, test.getStsPort());
+        
+        if (test.isStreaming()) {
+            SecurityTestUtil.enableStreaming(transportClaimsPort);
+        }
         
         doubleIt(transportClaimsPort, 25);
         
@@ -107,9 +156,14 @@ public class ClaimsTest extends Abstract
         QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML1CustomClaimsPort");
         DoubleItPortType transportClaimsPort = 
             service.getPort(portQName, DoubleItPortType.class);
-        updateAddressPort(transportClaimsPort, PORT);
         
-        doubleIt(transportClaimsPort, 25);
+        updateAddressPort(transportClaimsPort, test.getPort());
+        
+        TokenTestUtils.updateSTSPort((BindingProvider)transportClaimsPort, test.getStsPort());
+        
+        if (test.isStreaming()) {
+            SecurityTestUtil.enableStreaming(transportClaimsPort);
+        }
         
         ((java.io.Closeable)transportClaimsPort).close();
         bus.shutdown(true);
@@ -130,7 +184,14 @@ public class ClaimsTest extends Abstract
         QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML1ClaimsPort");
         DoubleItPortType transportClaimsPort = 
             service.getPort(portQName, DoubleItPortType.class);
-        updateAddressPort(transportClaimsPort, PORT);
+        
+        updateAddressPort(transportClaimsPort, test.getPort());
+        
+        TokenTestUtils.updateSTSPort((BindingProvider)transportClaimsPort, test.getStsPort());
+        
+        if (test.isStreaming()) {
+            SecurityTestUtil.enableStreaming(transportClaimsPort);
+        }
         
         try {
             doubleIt(transportClaimsPort, 25);
@@ -158,7 +219,14 @@ public class ClaimsTest extends Abstract
         QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML1FailingClaimsPort");
         DoubleItPortType transportClaimsPort = 
             service.getPort(portQName, DoubleItPortType.class);
-        updateAddressPort(transportClaimsPort, PORT);
+        
+        updateAddressPort(transportClaimsPort, test.getPort());
+        
+        TokenTestUtils.updateSTSPort((BindingProvider)transportClaimsPort, test.getStsPort());
+        
+        if (test.isStreaming()) {
+            SecurityTestUtil.enableStreaming(transportClaimsPort);
+        }
         
         try {
             doubleIt(transportClaimsPort, 25);
@@ -186,7 +254,14 @@ public class ClaimsTest extends Abstract
         QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2ClaimsPort");
         DoubleItPortType transportClaimsPort = 
             service.getPort(portQName, DoubleItPortType.class);
-        updateAddressPort(transportClaimsPort, PORT);
+        
+        updateAddressPort(transportClaimsPort, test.getPort());
+        
+        TokenTestUtils.updateSTSPort((BindingProvider)transportClaimsPort, test.getStsPort());
+        
+        if (test.isStreaming()) {
+            SecurityTestUtil.enableStreaming(transportClaimsPort);
+        }
         
         doubleIt(transportClaimsPort, 25);
         
@@ -209,7 +284,14 @@ public class ClaimsTest extends Abstract
         QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2ClaimsPort");
         DoubleItPortType transportClaimsPort = 
             service.getPort(portQName, DoubleItPortType.class);
-        updateAddressPort(transportClaimsPort, PORT);
+        
+        updateAddressPort(transportClaimsPort, test.getPort());
+        
+        TokenTestUtils.updateSTSPort((BindingProvider)transportClaimsPort, test.getStsPort());
+        
+        if (test.isStreaming()) {
+            SecurityTestUtil.enableStreaming(transportClaimsPort);
+        }
         
         try {
             doubleIt(transportClaimsPort, 25);
@@ -240,7 +322,14 @@ public class ClaimsTest extends Abstract
         QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2ClaimsPort");
         DoubleItPortType transportClaimsPort = 
             service.getPort(portQName, DoubleItPortType.class);
-        updateAddressPort(transportClaimsPort, PORT);
+        
+        updateAddressPort(transportClaimsPort, test.getPort());
+        
+        TokenTestUtils.updateSTSPort((BindingProvider)transportClaimsPort, test.getStsPort());
+        
+        if (test.isStreaming()) {
+            SecurityTestUtil.enableStreaming(transportClaimsPort);
+        }
         
         doubleIt(transportClaimsPort, 25);
         

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/StaxClaimsValidator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/StaxClaimsValidator.java?rev=1548129&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/StaxClaimsValidator.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/StaxClaimsValidator.java Thu Dec  5 13:22:11 2013
@@ -0,0 +1,147 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.claims;
+
+import java.util.List;
+
+import org.w3c.dom.Element;
+import org.apache.cxf.sts.claims.ClaimTypes;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.stax.impl.securityToken.SamlSecurityTokenImpl;
+import org.apache.wss4j.stax.securityToken.SamlSecurityToken;
+import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
+import org.apache.wss4j.stax.validate.SamlTokenValidatorImpl;
+import org.apache.wss4j.stax.validate.TokenContext;
+import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
+import org.opensaml.xml.XMLObject;
+
+/**
+ * This class validates a SAML Assertion and checks that it has an "AuthenticatedRole" attribute
+ * corresponding to "admin-user". Note that it only throws an error if the role has the wrong
+ * value, not if the role doesn't exist. This is because the WS-SecurityPolicy validation will
+ * check to make sure that the correct defined Claims have been met in the token.
+ */
+public class StaxClaimsValidator extends SamlTokenValidatorImpl {
+    
+    @SuppressWarnings("unchecked")
+    @Override
+    public <T extends SamlSecurityToken & InboundSecurityToken> T validate(
+                                                 final SamlAssertionWrapper samlAssertionWrapper,
+                                                 final InboundSecurityToken subjectSecurityToken,
+                                                 final TokenContext tokenContext
+    ) throws WSSecurityException {
+        // Check conditions
+        checkConditions(samlAssertionWrapper);
+        
+        // Check OneTimeUse Condition
+        checkOneTimeUse(samlAssertionWrapper, 
+                        tokenContext.getWssSecurityProperties().getSamlOneTimeUseReplayCache());
+        
+        // Validate the assertion against schemas/profiles
+        validateAssertion(samlAssertionWrapper);
+        
+        // Now check Claims
+        boolean valid = false;
+        if (samlAssertionWrapper.getSaml1() != null) {
+            valid = handleSAML1Assertion(samlAssertionWrapper.getSaml1());
+        } else if (samlAssertionWrapper.getSaml2() != null) {
+            valid = handleSAML2Assertion(samlAssertionWrapper.getSaml2());
+        }
+        
+        if (!valid) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
+        }
+
+        Crypto sigVerCrypto = null;
+        if (samlAssertionWrapper.isSigned()) {
+            sigVerCrypto = tokenContext.getWssSecurityProperties().getSignatureVerificationCrypto();
+        }
+        SamlSecurityTokenImpl securityToken = new SamlSecurityTokenImpl(
+                samlAssertionWrapper, subjectSecurityToken,
+                tokenContext.getWsSecurityContext(),
+                sigVerCrypto,
+                WSSecurityTokenConstants.KeyIdentifier_NoKeyInfo,
+                tokenContext.getWssSecurityProperties());
+
+        securityToken.setElementPath(tokenContext.getElementPath());
+        securityToken.setXMLSecEvent(tokenContext.getFirstXMLSecEvent());
+
+        return (T)securityToken;
+    }
+    
+    private boolean handleSAML1Assertion(
+        org.opensaml.saml1.core.Assertion assertion
+    ) throws WSSecurityException {
+        List<org.opensaml.saml1.core.AttributeStatement> attributeStatements = 
+            assertion.getAttributeStatements();
+        if (attributeStatements == null || attributeStatements.isEmpty()) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
+        }
+
+        for (org.opensaml.saml1.core.AttributeStatement statement : attributeStatements) {
+            List<org.opensaml.saml1.core.Attribute> attributes = statement.getAttributes();
+            for (org.opensaml.saml1.core.Attribute attribute : attributes) {
+                
+                if (!ClaimTypes.URI_BASE.toString().equals(attribute.getAttributeNamespace())) {
+                    continue;
+                }
+                
+                for (XMLObject attributeValue : attribute.getAttributeValues()) {
+                    Element attributeValueElement = attributeValue.getDOM();
+                    String text = attributeValueElement.getTextContent();
+                    if (!"admin-user".equals(text)) {
+                        return false;
+                    }
+                }
+            }
+        }
+        return true;
+    }
+    
+    private boolean handleSAML2Assertion(
+        org.opensaml.saml2.core.Assertion assertion
+    ) throws WSSecurityException {
+        List<org.opensaml.saml2.core.AttributeStatement> attributeStatements = 
+            assertion.getAttributeStatements();
+        if (attributeStatements == null || attributeStatements.isEmpty()) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
+        }
+        
+        for (org.opensaml.saml2.core.AttributeStatement statement : attributeStatements) {
+            List<org.opensaml.saml2.core.Attribute> attributes = statement.getAttributes();
+            for (org.opensaml.saml2.core.Attribute attribute : attributes) {
+                if (!attribute.getName().startsWith(ClaimTypes.URI_BASE.toString())) {
+                    continue;
+                }
+                
+                for (XMLObject attributeValue : attribute.getAttributeValues()) {
+                    Element attributeValueElement = attributeValue.getDOM();
+                    String text = attributeValueElement.getTextContent();
+                    if (!"admin-user".equals(text)) {
+                        return false;
+                    }
+                }
+            }
+        }
+        return true;
+    }
+
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/StaxServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/StaxServer.java?rev=1548129&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/StaxServer.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/StaxServer.java Thu Dec  5 13:22:11 2013
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.claims;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class StaxServer extends AbstractBusTestServerBase {
+
+    public StaxServer() {
+
+    }
+
+    protected void run()  {
+        URL busFile = StaxServer.class.getResource("stax-cxf-service.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new StaxServer();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}

Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/cross_domain/CrossDomainTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/cross_domain/CrossDomainTest.java?rev=1548129&r1=1548128&r2=1548129&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/cross_domain/CrossDomainTest.java (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/cross_domain/CrossDomainTest.java Thu Dec  5 13:22:11 2013
@@ -32,7 +32,7 @@ import org.example.contract.doubleit.Dou
 import org.junit.BeforeClass;
 
 /**
- * In this test, a CXF client checks to see that the location defined on it's STSClient is different
+ * In this test, a CXF client checks to see that the location defined on its STSClient is different
  * from that configured in the Issuer of the IssuedToken policy supplied in the WSDL of the
  * service provider. It obtains a SAML Token from the configured STS first, and then sends it in
  * the security header to the second STS. The returned token is then sent to the service provider.

Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/SAMLRenewUnitTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/SAMLRenewUnitTest.java?rev=1548129&r1=1548128&r2=1548129&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/SAMLRenewUnitTest.java (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/SAMLRenewUnitTest.java Thu Dec  5 13:22:11 2013
@@ -19,6 +19,8 @@
 package org.apache.cxf.systest.sts.renew;
 
 import java.net.URL;
+import java.util.Arrays;
+import java.util.Collection;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -26,20 +28,31 @@ import java.util.Map;
 import org.apache.cxf.Bus;
 import org.apache.cxf.bus.spring.SpringBusFactory;
 import org.apache.cxf.systest.sts.common.SecurityTestUtil;
+import org.apache.cxf.systest.sts.common.TestParam;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.trust.STSClient;
 import org.apache.wss4j.dom.WSConstants;
 import org.junit.BeforeClass;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized.Parameters;
 
 /**
  * In this test case, a CXF client requests a SAML Token from an STS and then tries to renew it.
  */
+@RunWith(value = org.junit.runners.Parameterized.class)
 public class SAMLRenewUnitTest extends AbstractBusClientServerTestBase {
     
     static final String STSPORT = allocatePort(STSServer.class);
+    static final String STAX_STSPORT = allocatePort(StaxSTSServer.class);
     
+    final TestParam test;
+    
+    public SAMLRenewUnitTest(TestParam type) {
+        this.test = type;
+    }
+
     @BeforeClass
     public static void startServers() throws Exception {
         assertTrue(
@@ -48,6 +61,20 @@ public class SAMLRenewUnitTest extends A
                    // set this to false to fork
                    launchServer(STSServer.class, true)
         );
+        assertTrue(
+                   "Server failed to launch",
+                   // run the server in the same process
+                   // set this to false to fork
+                   launchServer(StaxSTSServer.class, true)
+        );
+    }
+    
+    @Parameters(name = "{0}")
+    public static Collection<TestParam[]> data() {
+       
+        return Arrays.asList(new TestParam[][] {{new TestParam("", false, STSPORT)},
+                                                {new TestParam("", false, STAX_STSPORT)},
+        });
     }
     
     @org.junit.AfterClass
@@ -66,7 +93,7 @@ public class SAMLRenewUnitTest extends A
         SpringBusFactory.setThreadDefaultBus(bus);
         
         String wsdlLocation = 
-            "https://localhost:" + STSPORT + "/SecurityTokenService/Transport?wsdl";
+            "https://localhost:" + test.getStsPort() + "/SecurityTokenService/Transport?wsdl";
         
         // Request the token
         SecurityToken token = 
@@ -103,7 +130,7 @@ public class SAMLRenewUnitTest extends A
         SpringBusFactory.setThreadDefaultBus(bus);
         
         String wsdlLocation = 
-            "https://localhost:" + STSPORT + "/SecurityTokenService/Transport?wsdl";
+            "https://localhost:" + test.getStsPort() + "/SecurityTokenService/Transport?wsdl";
         
         // Request the token
         SecurityToken token = 
@@ -140,7 +167,7 @@ public class SAMLRenewUnitTest extends A
         SpringBusFactory.setThreadDefaultBus(bus);
         
         String wsdlLocation = 
-            "https://localhost:" + STSPORT + "/SecurityTokenService/Transport?wsdl";
+            "https://localhost:" + test.getStsPort() + "/SecurityTokenService/Transport?wsdl";
         
         // Request the token
         SecurityToken token = 
@@ -170,7 +197,7 @@ public class SAMLRenewUnitTest extends A
         SpringBusFactory.setThreadDefaultBus(bus);
         
         String wsdlLocation = 
-            "https://localhost:" + STSPORT + "/SecurityTokenService/Transport?wsdl";
+            "https://localhost:" + test.getStsPort() + "/SecurityTokenService/Transport?wsdl";
         
         // Request the token
         SecurityToken token = 
@@ -202,7 +229,7 @@ public class SAMLRenewUnitTest extends A
         SpringBusFactory.setThreadDefaultBus(bus);
         
         String wsdlLocation = 
-            "https://localhost:" + STSPORT + "/SecurityTokenService/Transport?wsdl";
+            "https://localhost:" + test.getStsPort() + "/SecurityTokenService/Transport?wsdl";
         
         // Request the token
         SecurityToken token = 
@@ -233,7 +260,7 @@ public class SAMLRenewUnitTest extends A
         SpringBusFactory.setThreadDefaultBus(bus);
         
         String wsdlLocation = 
-            "https://localhost:" + STSPORT + "/SecurityTokenService/Transport?wsdl";
+            "https://localhost:" + test.getStsPort() + "/SecurityTokenService/Transport?wsdl";
         
         // Request the token
         SecurityToken token = 

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/StaxSTSServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/StaxSTSServer.java?rev=1548129&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/StaxSTSServer.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/StaxSTSServer.java Thu Dec  5 13:22:11 2013
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.renew;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class StaxSTSServer extends AbstractBusTestServerBase {
+
+    public StaxSTSServer() {
+
+    }
+
+    protected void run()  {
+        URL busFile = StaxSTSServer.class.getResource("stax-cxf-sts.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new StaxSTSServer();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+    
+    public static void main(String args[]) {
+        new StaxSTSServer().run();
+    }
+}

Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecurityContextTokenUnitTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecurityContextTokenUnitTest.java?rev=1548129&r1=1548128&r2=1548129&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecurityContextTokenUnitTest.java (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecurityContextTokenUnitTest.java Thu Dec  5 13:22:11 2013
@@ -19,25 +19,37 @@
 package org.apache.cxf.systest.sts.secure_conv;
 
 import java.net.URL;
+import java.util.Arrays;
+import java.util.Collection;
 import java.util.HashMap;
 import java.util.Map;
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.bus.spring.SpringBusFactory;
 import org.apache.cxf.systest.sts.common.SecurityTestUtil;
+import org.apache.cxf.systest.sts.common.TestParam;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.trust.STSClient;
-
 import org.junit.BeforeClass;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized.Parameters;
 
 /**
  * In this test case, a CXF client requests a SecurityContextToken from an STS.
  */
+@RunWith(value = org.junit.runners.Parameterized.class)
 public class SecurityContextTokenUnitTest extends AbstractBusClientServerTestBase {
     
     static final String STSPORT = allocatePort(STSServer.class);
+    static final String STAX_STSPORT = allocatePort(StaxSTSServer.class);
+    
+    final TestParam test;
+    
+    public SecurityContextTokenUnitTest(TestParam type) {
+        this.test = type;
+    }
     
     @BeforeClass
     public static void startServers() throws Exception {
@@ -47,6 +59,20 @@ public class SecurityContextTokenUnitTes
                    // set this to false to fork
                    launchServer(STSServer.class, true)
         );
+        assertTrue(
+                   "Server failed to launch",
+                   // run the server in the same process
+                   // set this to false to fork
+                   launchServer(StaxSTSServer.class, true)
+        );
+    }
+    
+    @Parameters(name = "{0}")
+    public static Collection<TestParam[]> data() {
+       
+        return Arrays.asList(new TestParam[][] {{new TestParam("", false, STSPORT)},
+                                                {new TestParam("", true, STAX_STSPORT)},
+        });
     }
     
     @org.junit.AfterClass
@@ -65,7 +91,7 @@ public class SecurityContextTokenUnitTes
         SpringBusFactory.setThreadDefaultBus(bus);
         
         String wsdlLocation = 
-            "https://localhost:" + STSPORT + "/SecurityTokenService/TransportSCT?wsdl";
+            "https://localhost:" + test.getStsPort() + "/SecurityTokenService/TransportSCT?wsdl";
         SecurityToken token = 
             requestSecurityToken(bus, wsdlLocation, true);
         assertTrue(token.getSecret() != null && token.getSecret().length > 0);
@@ -83,7 +109,7 @@ public class SecurityContextTokenUnitTes
         SpringBusFactory.setThreadDefaultBus(bus);
         
         String wsdlLocation = 
-            "https://localhost:" + STSPORT + "/SecurityTokenService/TransportSCT?wsdl";
+            "https://localhost:" + test.getStsPort() + "/SecurityTokenService/TransportSCT?wsdl";
         SecurityToken token = 
             requestSecurityToken(bus, wsdlLocation, false);
         assertTrue(token.getSecret() != null && token.getSecret().length > 0);
@@ -101,7 +127,7 @@ public class SecurityContextTokenUnitTes
         SpringBusFactory.setThreadDefaultBus(bus);
         
         String wsdlLocation = 
-            "https://localhost:" + STSPORT + "/SecurityTokenService/TransportSCTEncrypted?wsdl";
+            "https://localhost:" + test.getStsPort() + "/SecurityTokenService/TransportSCTEncrypted?wsdl";
         SecurityToken token = 
             requestSecurityToken(bus, wsdlLocation, true);
         assertTrue(token.getSecret() != null && token.getSecret().length > 0);
@@ -119,7 +145,7 @@ public class SecurityContextTokenUnitTes
         SpringBusFactory.setThreadDefaultBus(bus);
         
         String wsdlLocation = 
-            "https://localhost:" + STSPORT + "/SecurityTokenService/TransportSCTEncrypted?wsdl";
+            "https://localhost:" + test.getStsPort() + "/SecurityTokenService/TransportSCTEncrypted?wsdl";
         SecurityToken token = 
             requestSecurityToken(bus, wsdlLocation, false);
         assertTrue(token.getSecret() != null && token.getSecret().length > 0);

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/StaxSTSServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/StaxSTSServer.java?rev=1548129&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/StaxSTSServer.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/StaxSTSServer.java Thu Dec  5 13:22:11 2013
@@ -0,0 +1,50 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.secure_conv;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class StaxSTSServer extends AbstractBusTestServerBase {
+
+    public StaxSTSServer() {
+
+    }
+
+    protected void run()  {
+        URL busFile = StaxSTSServer.class.getResource("stax-cxf-sts.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new StaxSTSServer();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+    
+    public static void main(String args[]) {
+        new StaxSTSServer().run();
+    }
+}

Modified: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/Soap12Test.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/Soap12Test.java?rev=1548129&r1=1548128&r2=1548129&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/Soap12Test.java (original)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/Soap12Test.java Thu Dec  5 13:22:11 2013
@@ -19,34 +19,42 @@
 package org.apache.cxf.systest.sts.soap12;
 
 import java.net.URL;
+import java.util.Arrays;
+import java.util.Collection;
 import java.util.HashMap;
 import java.util.Map;
 
 import javax.xml.namespace.QName;
+import javax.xml.ws.BindingProvider;
 import javax.xml.ws.Service;
 
 import org.w3c.dom.Element;
-
 import org.apache.cxf.Bus;
 import org.apache.cxf.binding.soap.SoapFault;
 import org.apache.cxf.bus.spring.SpringBusFactory;
 import org.apache.cxf.systest.sts.common.SecurityTestUtil;
+import org.apache.cxf.systest.sts.common.TestParam;
+import org.apache.cxf.systest.sts.common.TokenTestUtils;
 import org.apache.cxf.systest.sts.deployment.STSServer;
+import org.apache.cxf.systest.sts.deployment.StaxSTSServer;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.trust.STSClient;
-
 import org.example.contract.doubleit.DoubleItPortType;
 import org.junit.BeforeClass;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized.Parameters;
 
 /**
  * This is a test for invoking on an STS using SOAP 1.2 via the TransportBinding. The CXF client gets a 
  * token from the STS over TLS, and then sends it to the CXF endpoint over TLS.
  */
+@RunWith(value = org.junit.runners.Parameterized.class)
 public class Soap12Test extends AbstractBusClientServerTestBase {
     
     static final String STSPORT = allocatePort(STSServer.class);
+    static final String STAX_STSPORT = allocatePort(StaxSTSServer.class);
     
     private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
     private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
@@ -59,7 +67,14 @@ public class Soap12Test extends Abstract
         "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer";
     
     private static final String PORT = allocatePort(Server.class);
+    private static final String STAX_PORT = allocatePort(StaxServer.class);
 
+    final TestParam test;
+    
+    public Soap12Test(TestParam type) {
+        this.test = type;
+    }
+    
     @BeforeClass
     public static void startServers() throws Exception {
         assertTrue(
@@ -69,11 +84,38 @@ public class Soap12Test extends Abstract
                 launchServer(Server.class, true)
         );
         assertTrue(
+                   "Server failed to launch",
+                   // run the server in the same process
+                   // set this to false to fork
+                   launchServer(StaxServer.class, true)
+        );
+        assertTrue(
                 "Server failed to launch",
                 // run the server in the same process
                 // set this to false to fork
                 launchServer(STSServer.class, true)
         );
+        assertTrue(
+                   "Server failed to launch",
+                   // run the server in the same process
+                   // set this to false to fork
+                   launchServer(StaxSTSServer.class, true)
+        );
+    }
+    
+    @Parameters(name = "{0}")
+    public static Collection<TestParam[]> data() {
+       
+        return Arrays.asList(new TestParam[][] {{new TestParam(PORT, false, STSPORT)},
+                                                {new TestParam(PORT, true, STSPORT)},
+                                                {new TestParam(STAX_PORT, false, STSPORT)},
+                                                {new TestParam(STAX_PORT, true, STSPORT)},
+                                                
+                                                {new TestParam(PORT, false, STAX_STSPORT)},
+                                                {new TestParam(PORT, true, STAX_STSPORT)},
+                                                {new TestParam(STAX_PORT, false, STAX_STSPORT)},
+                                                {new TestParam(STAX_PORT, true, STAX_STSPORT)},
+        });
     }
     
     @org.junit.AfterClass
@@ -97,7 +139,13 @@ public class Soap12Test extends Abstract
         QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2Port");
         DoubleItPortType transportSaml2Port = 
             service.getPort(portQName, DoubleItPortType.class);
-        updateAddressPort(transportSaml2Port, PORT);
+        updateAddressPort(transportSaml2Port, test.getPort());
+        
+        TokenTestUtils.updateSTSPort((BindingProvider)transportSaml2Port, test.getStsPort());
+        
+        if (test.isStreaming()) {
+            SecurityTestUtil.enableStreaming(transportSaml2Port);
+        }
         
         doubleIt(transportSaml2Port, 30);
         

Added: cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/StaxServer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/StaxServer.java?rev=1548129&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/StaxServer.java (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/soap12/StaxServer.java Thu Dec  5 13:22:11 2013
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.soap12;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class StaxServer extends AbstractBusTestServerBase {
+
+    public StaxServer() {
+
+    }
+
+    protected void run()  {
+        URL busFile = StaxServer.class.getResource("stax-cxf-service.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new StaxServer();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}

Added: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/stax-cxf-service.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/stax-cxf-service.xml?rev=1548129&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/stax-cxf-service.xml (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/stax-cxf-service.xml Thu Dec  5 13:22:11 2013
@@ -0,0 +1,100 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:cxf="http://cxf.apache.org/core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xsi:schemaLocation="             http://cxf.apache.org/core             http://cxf.apache.org/schemas/core.xsd             http://cxf.apache.org/configuration/security             http://cxf.apache.org/schemas/configuration/security.xsd             http://cxf.apache.org/jaxws             http://cxf.apache.org/schemas/jaxws.xsd             http://cxf.apache.org/transports/http/configuration             http://cxf.apache.org/schemas/configuration/http-conf.xsd             http://cxf.apache.org/transports/http-jetty/configuration             http://cxf.apache.org/schemas/configuration/http-jetty.xsd      
        http://www.springframework.org/schema/beans             http://www.springframework.org/schema/beans/spring-beans.xsd">
+    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml1claims" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML1ClaimsPort" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.StaxServer}/doubleit/services/doubleittransportsaml1claims" wsdlLocation="org/apache/cxf/systest/sts/claims/DoubleIt.wsdl">
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+            <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
+            <entry key="ws-security.saml1.validator">
+                <bean class="org.apache.cxf.systest.sts.claims.StaxClaimsValidator"/>
+            </entry>
+            <entry key="ws-security.enable.streaming" value="true"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml1customclaims" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML1CustomClaimsPort" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.StaxServer}/doubleit/services/doubleittransportsaml1customclaims" wsdlLocation="org/apache/cxf/systest/sts/claims/DoubleIt.wsdl">
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+            <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
+            <entry key="ws-security.saml1.validator">
+                <bean class="org.apache.cxf.systest.sts.claims.StaxClaimsValidator"/>
+            </entry>
+            <entry key="ws-security.enable.streaming" value="true"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml2claims" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML2ClaimsPort" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.StaxServer}/doubleit/services/doubleittransportsaml2claims" wsdlLocation="org/apache/cxf/systest/sts/claims/DoubleIt.wsdl">
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+            <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
+            <entry key="ws-security.saml2.validator">
+                <bean class="org.apache.cxf.systest.sts.claims.StaxClaimsValidator"/>
+            </entry>
+            <entry key="ws-security.enable.streaming" value="true"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml1failingclaims" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML1FailingClaimsPort" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.StaxServer}/doubleit/services/doubleittransportsaml1failingclaims" wsdlLocation="org/apache/cxf/systest/sts/claims/DoubleIt.wsdl">
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+            <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
+            <entry key="ws-security.saml1.validator">
+                <bean class="org.apache.cxf.systest.sts.claims.StaxClaimsValidator"/>
+            </entry>
+            <entry key="ws-security.enable.streaming" value="true"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml2childclaims" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML2ChildClaimsPort" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.StaxServer}/doubleit/services/doubleittransportsaml2childclaims" wsdlLocation="org/apache/cxf/systest/sts/claims/DoubleIt.wsdl">
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+            <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
+            <entry key="ws-security.saml2.validator">
+                <bean class="org.apache.cxf.systest.sts.claims.StaxClaimsValidator"/>
+            </entry>
+            <entry key="ws-security.enable.streaming" value="true"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+    <httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf">
+        <httpj:engine port="${testutil.ports.StaxServer}">
+            <httpj:tlsServerParameters>
+                <sec:keyManagers keyPassword="skpass">
+                    <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
+                </sec:keyManagers>
+                <sec:trustManagers>
+                    <sec:keyStore type="jks" password="stsspass" resource="stsstore.jks"/>
+                </sec:trustManagers>
+                <sec:cipherSuitesFilter>
+                    <sec:include>.*_EXPORT_.*</sec:include>
+                    <sec:include>.*_EXPORT1024_.*</sec:include>
+                    <sec:include>.*_WITH_DES_.*</sec:include>
+                    <sec:include>.*_WITH_AES_.*</sec:include>
+                    <sec:include>.*_WITH_NULL_.*</sec:include>
+                    <sec:exclude>.*_DH_anon_.*</sec:exclude>
+                </sec:cipherSuitesFilter>
+                <sec:clientAuthentication want="true" required="true"/>
+            </httpj:tlsServerParameters>
+        </httpj:engine>
+    </httpj:engine-factory>
+    <http:conduit name="https://localhost.*">
+        <http:tlsClientParameters disableCNCheck="true">
+            <sec:trustManagers>
+                <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
+            </sec:trustManagers>
+        </http:tlsClientParameters>
+    </http:conduit>
+</beans>

Added: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/stax-cxf-sts.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/stax-cxf-sts.xml?rev=1548129&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/stax-cxf-sts.xml (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/stax-cxf-sts.xml Thu Dec  5 13:22:11 2013
@@ -0,0 +1,135 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:cxf="http://cxf.apache.org/core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation="             http://cxf.apache.org/core             http://cxf.apache.org/schemas/core.xsd             http://cxf.apache.org/configuration/security             http://cxf.apache.org/schemas/configuration/security.xsd             http://cxf.apache.org/jaxws             http://cxf.apache.org/schemas/jaxws.xsd             http://cxf.apache.org/transports/http/configuration             http://cxf.apache.org/schemas/configuration/http-conf.xsd             http://cxf.apache.org/transports/http-jetty/configuration             http://c
 xf.apache.org/schemas/configuration/http-jetty.xsd             http://www.springframework.org/schema/beans             http://www.springframework.org/schema/beans/spring-beans.xsd             http://www.springframework.org/schema/util             http://www.springframework.org/schema/util/spring-util-2.0.xsd">
+    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+    <cxf:bus>
+        <cxf:features>
+            <cxf:logging/>
+        </cxf:features>
+    </cxf:bus>
+    <bean id="transportSTSProviderBean" class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
+        <property name="issueOperation" ref="transportIssueDelegate"/>
+        <property name="validateOperation" ref="transportValidateDelegate"/>
+        <property name="renewOperation" ref="transportRenewDelegate"/>
+    </bean>
+    <bean id="transportIssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation">
+        <property name="tokenProviders" ref="transportTokenProviders"/>
+        <property name="services" ref="transportService"/>
+        <property name="stsProperties" ref="transportSTSProperties"/>
+        <property name="claimsManager" ref="claimsManager"/>
+        <property name="tokenStore" ref="defaultTokenStore"/>
+    </bean>
+    <bean id="transportValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation">
+        <property name="tokenProviders" ref="transportTokenProviders"/>
+        <property name="tokenValidators" ref="transportTokenValidators"/>
+        <property name="stsProperties" ref="transportSTSProperties"/>
+        <property name="tokenStore" ref="defaultTokenStore"/>
+    </bean>
+    <bean id="transportRenewDelegate" class="org.apache.cxf.sts.operation.TokenRenewOperation">
+        <property name="tokenRenewers" ref="transportTokenRenewers"/>
+        <property name="tokenValidators" ref="transportTokenValidators"/>
+        <property name="stsProperties" ref="transportSTSProperties"/>
+        <property name="tokenStore" ref="defaultTokenStore"/>
+    </bean>
+    <bean id="defaultTokenStore" class="org.apache.cxf.sts.cache.DefaultInMemoryTokenStore">
+        </bean>
+    <util:list id="transportTokenProviders">
+        <ref bean="transportSamlTokenProvider"/>
+    </util:list>
+    <util:list id="transportTokenValidators">
+        <ref bean="transportSamlTokenValidator"/>
+    </util:list>
+    <util:list id="transportTokenRenewers">
+        <ref bean="transportSamlTokenRenewer"/>
+    </util:list>
+    <bean id="transportSamlTokenProvider" class="org.apache.cxf.sts.token.provider.SAMLTokenProvider">
+        <property name="attributeStatementProviders" ref="attributeStatementProvidersList"/>
+        <property name="conditionsProvider" ref="SAMLConditionsProvider"/>
+    </bean>
+    <util:list id="attributeStatementProvidersList">
+        <ref bean="defaultAttributeProvider"/>
+        <ref bean="customAttributeProvider"/>
+    </util:list>
+    <bean id="defaultAttributeProvider" class="org.apache.cxf.sts.token.provider.DefaultAttributeStatementProvider">
+        </bean>
+    <bean id="customAttributeProvider" class="org.apache.cxf.systest.sts.deployment.CustomAttributeStatementProvider">
+        </bean>
+    <bean id="claimsManager" class="org.apache.cxf.sts.claims.ClaimsManager">
+        <property name="claimHandlers" ref="claimHandlerList"/>
+    </bean>
+    <util:list id="claimHandlerList">
+        <ref bean="customClaimsHandler"/>
+    </util:list>
+    <bean id="customClaimsHandler" class="org.apache.cxf.systest.sts.deployment.CustomClaimsHandler">
+        </bean>
+    <bean id="transportX509TokenValidator" class="org.apache.cxf.sts.token.validator.X509TokenValidator">
+        </bean>
+    <bean id="transportSamlTokenValidator" class="org.apache.cxf.sts.token.validator.SAMLTokenValidator">
+        </bean>
+    <bean id="transportSamlTokenRenewer" class="org.apache.cxf.sts.token.renewer.SAMLTokenRenewer">
+        <property name="verifyProofOfPossession" value="false"/>
+        <property name="allowRenewalAfterExpiry" value="true"/>
+        <property name="conditionsProvider" ref="SAMLConditionsProvider"/>
+    </bean>
+    <bean id="SAMLConditionsProvider" class="org.apache.cxf.sts.token.provider.DefaultConditionsProvider">
+        <property name="acceptClientLifetime" value="true"/>
+    </bean>
+    <bean id="transportService" class="org.apache.cxf.sts.service.StaticService">
+        <property name="endpoints" ref="transportEndpoints"/>
+    </bean>
+    <util:list id="transportEndpoints">
+        <value>https://localhost:(\d)*/doubleit/services/doubleittransport.*
+                </value>
+    </util:list>
+    <bean id="transportSTSProperties" class="org.apache.cxf.sts.StaticSTSProperties">
+        <property name="signaturePropertiesFile" value="stsKeystore.properties"/>
+        <property name="signatureUsername" value="mystskey"/>
+        <property name="callbackHandlerClass" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+        <property name="encryptionPropertiesFile" value="stsKeystore.properties"/>
+        <property name="issuer" value="DoubleItSTSIssuer"/>
+        <property name="encryptionUsername" value="myservicekey"/>
+    </bean>
+    <jaxws:endpoint xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" id="localSTS" implementor="#transportSTSProviderBean" address="https://localhost:${testutil.ports.StaxSTSServer}/SecurityTokenService/Transport" wsdlLocation="src/test/resources/org/apache/cxf/systest/sts/deployment/ws-trust-1.4-service.wsdl" depends-on="ClientAuthHttpsSettings" serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Port">
+        <jaxws:properties>
+            <entry key="ws-security.enable.streaming" value="true"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+    <httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf">
+        <httpj:engine port="${testutil.ports.StaxSTSServer}">
+            <httpj:tlsServerParameters>
+                <sec:trustManagers>
+                    <sec:keyStore type="jks" password="stsspass" resource="stsstore.jks"/>
+                </sec:trustManagers>
+                <sec:keyManagers keyPassword="stskpass">
+                    <sec:keyStore type="jks" password="stsspass" resource="stsstore.jks"/>
+                </sec:keyManagers>
+                <sec:cipherSuitesFilter>
+                    <sec:include>.*_EXPORT_.*</sec:include>
+                    <sec:include>.*_EXPORT1024_.*</sec:include>
+                    <sec:include>.*_WITH_DES_.*</sec:include>
+                    <sec:include>.*_WITH_AES_.*</sec:include>
+                    <sec:include>.*_WITH_NULL_.*</sec:include>
+                    <sec:exclude>.*_DH_anon_.*</sec:exclude>
+                </sec:cipherSuitesFilter>
+                <sec:clientAuthentication want="true" required="true"/>
+            </httpj:tlsServerParameters>
+        </httpj:engine>
+    </httpj:engine-factory>
+</beans>

Added: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/stax-cxf-sts.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/stax-cxf-sts.xml?rev=1548129&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/stax-cxf-sts.xml (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/stax-cxf-sts.xml Thu Dec  5 13:22:11 2013
@@ -0,0 +1,169 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:cxf="http://cxf.apache.org/core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation="             http://cxf.apache.org/core             http://cxf.apache.org/schemas/core.xsd             http://cxf.apache.org/configuration/security             http://cxf.apache.org/schemas/configuration/security.xsd             http://cxf.apache.org/jaxws             http://cxf.apache.org/schemas/jaxws.xsd             http://cxf.apache.org/transports/http/configuration             http://cxf.apache.org/schemas/configuration/http-conf.xsd             http://cxf.apache.org/transports/http-jetty/configuration             http://c
 xf.apache.org/schemas/configuration/http-jetty.xsd             http://www.springframework.org/schema/beans             http://www.springframework.org/schema/beans/spring-beans.xsd             http://www.springframework.org/schema/util             http://www.springframework.org/schema/util/spring-util-2.0.xsd">
+    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+    <cxf:bus>
+        <cxf:features>
+            <cxf:logging/>
+        </cxf:features>
+    </cxf:bus>
+    <bean id="transportSTSProviderBean" class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
+        <property name="issueOperation" ref="transportIssueDelegate"/>
+        <property name="validateOperation" ref="transportValidateDelegate"/>
+        <property name="cancelOperation" ref="transportCancelDelegate"/>
+    </bean>
+    <bean id="transportSTSEncryptedProviderBean" class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
+        <property name="issueOperation" ref="transportEncryptedIssueDelegate"/>
+        <property name="validateOperation" ref="transportValidateDelegate"/>
+    </bean>
+    <bean id="transportIssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation">
+        <property name="tokenProviders" ref="transportTokenProviders"/>
+        <property name="services" ref="transportService"/>
+        <property name="stsProperties" ref="transportSTSProperties"/>
+        <property name="tokenStore" ref="defaultTokenStore"/>
+    </bean>
+    <bean id="transportEncryptedIssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation">
+        <property name="tokenProviders" ref="transportTokenProviders"/>
+        <property name="services" ref="transportService"/>
+        <property name="stsProperties" ref="transportSTSProperties"/>
+        <property name="encryptIssuedToken" value="true"/>
+        <property name="tokenStore" ref="defaultTokenStore"/>
+    </bean>
+    <bean id="transportValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation">
+        <property name="tokenProviders" ref="transportTokenProviders"/>
+        <property name="tokenValidators" ref="transportTokenValidators"/>
+        <property name="stsProperties" ref="transportSTSProperties"/>
+        <property name="tokenStore" ref="defaultTokenStore"/>
+    </bean>
+    <bean id="transportCancelDelegate" class="org.apache.cxf.sts.operation.TokenCancelOperation">
+        <property name="tokenCancellers" ref="transportTokenCancellers"/>
+        <property name="stsProperties" ref="transportSTSProperties"/>
+        <property name="tokenStore" ref="defaultTokenStore"/>
+    </bean>
+    <bean id="defaultTokenStore" class="org.apache.cxf.sts.cache.DefaultInMemoryTokenStore">
+        </bean>
+    <util:list id="transportTokenProviders">
+        <ref bean="transportSCTProvider"/>
+        <ref bean="transportSCTSamlTokenProvider"/>
+    </util:list>
+    <util:list id="transportTokenValidators">
+        <ref bean="transportSCTValidator"/>
+    </util:list>
+    <util:list id="transportTokenCancellers">
+        <ref bean="transportSCTCanceller"/>
+    </util:list>
+    <bean id="transportSCTProvider" class="org.apache.cxf.sts.token.provider.SCTProvider">
+        </bean>
+    <bean id="transportSCTSamlTokenProvider" class="org.apache.cxf.systest.sts.secure_conv.SCTSAMLTokenProvider">
+        </bean>
+    <bean id="transportSCTValidator" class="org.apache.cxf.sts.token.validator.SCTValidator">
+        </bean>
+    <bean id="transportSCTCanceller" class="org.apache.cxf.sts.token.canceller.SCTCanceller">
+        </bean>
+    <bean id="transportService" class="org.apache.cxf.sts.service.StaticService">
+        <property name="endpoints" ref="transportEndpoints"/>
+    </bean>
+    <util:list id="transportEndpoints">
+        <value>https://localhost:(\d)*/doubleit/services/doubleittransport.*
+                </value>
+        <value>http://localhost:(\d)*/doubleit/services/doubleitsymmetric.*
+                </value>
+    </util:list>
+    <bean id="encProperties" class="org.apache.cxf.sts.service.EncryptionProperties">
+        <property name="encryptionAlgorithm" value="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+    </bean>
+    <bean id="transportSTSProperties" class="org.apache.cxf.sts.StaticSTSProperties">
+        <property name="signaturePropertiesFile" value="stsKeystore.properties"/>
+        <property name="signatureUsername" value="mystskey"/>
+        <property name="callbackHandlerClass" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+        <property name="encryptionPropertiesFile" value="stsKeystore.properties"/>
+        <property name="encryptionProperties" ref="encProperties"/>
+        <property name="issuer" value="DoubleItSTSIssuer"/>
+        <property name="encryptionUsername" value="myservicekey"/>
+    </bean>
+    <jaxws:endpoint xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" id="localSCTSTS" implementor="#transportSTSProviderBean" address="https://localhost:${testutil.ports.StaxSTSServer}/SecurityTokenService/TransportSCT" wsdlLocation="src/test/resources/org/apache/cxf/systest/sts/secure_conv/ws-trust-1.4-service.wsdl" depends-on="ClientAuthHttpsSettings" serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Port">
+        <jaxws:inInterceptors>
+            <ref bean="sctInterceptor"/>
+        </jaxws:inInterceptors>
+        <jaxws:outInterceptors>
+            <ref bean="sctOutInterceptor"/>
+        </jaxws:outInterceptors>
+        <jaxws:outFaultInterceptors>
+            <ref bean="sctOutInterceptor"/>
+        </jaxws:outFaultInterceptors>
+        <jaxws:properties>
+            <entry key="ws-security.enable.streaming" value="true"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+    <jaxws:endpoint xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" id="localSCTEncryptedSTS" implementor="#transportSTSEncryptedProviderBean" address="https://localhost:${testutil.ports.StaxSTSServer}/SecurityTokenService/TransportSCTEncrypted" wsdlLocation="src/test/resources/org/apache/cxf/systest/sts/secure_conv/ws-trust-1.4-service.wsdl" depends-on="ClientAuthHttpsSettings" serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Port">
+        <jaxws:inInterceptors>
+            <ref bean="sctInterceptor"/>
+        </jaxws:inInterceptors>
+        <jaxws:outInterceptors>
+            <ref bean="sctOutInterceptor"/>
+        </jaxws:outInterceptors>
+        <jaxws:outFaultInterceptors>
+            <ref bean="sctOutInterceptor"/>
+        </jaxws:outFaultInterceptors>
+        <jaxws:properties>
+            <entry key="ws-security.enable.streaming" value="true"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+    <jaxws:endpoint xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" id="localSCTEndorsingSTS" implementor="#transportSTSProviderBean" address="https://localhost:${testutil.ports.StaxSTSServer}/SecurityTokenService/TransportEndorsing" wsdlLocation="src/test/resources/org/apache/cxf/systest/sts/secure_conv/ws-trust-1.4-service.wsdl" depends-on="ClientAuthHttpsSettings" serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Endorsing_Port">
+        <jaxws:inInterceptors>
+            <ref bean="sctInterceptor"/>
+        </jaxws:inInterceptors>
+        <jaxws:outInterceptors>
+            <ref bean="sctOutInterceptor"/>
+        </jaxws:outInterceptors>
+        <jaxws:outFaultInterceptors>
+            <ref bean="sctOutInterceptor"/>
+        </jaxws:outFaultInterceptors>
+        <jaxws:properties>
+            <entry key="org.apache.cxf.ws.security.tokenstore.TokenStore">
+                <ref bean="defaultTokenStore"/>
+            </entry>
+            <entry key="ws-security.enable.streaming" value="true"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+    <bean id="sctInterceptor" class="org.apache.cxf.sts.interceptor.SCTInInterceptor"/>
+    <bean id="sctOutInterceptor" class="org.apache.cxf.sts.interceptor.SCTOutInterceptor"/>
+    <httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf">
+        <httpj:engine port="${testutil.ports.StaxSTSServer}">
+            <httpj:tlsServerParameters>
+                <sec:trustManagers>
+                    <sec:keyStore type="jks" password="stsspass" resource="stsstore.jks"/>
+                </sec:trustManagers>
+                <sec:keyManagers keyPassword="stskpass">
+                    <sec:keyStore type="jks" password="stsspass" resource="stsstore.jks"/>
+                </sec:keyManagers>
+                <sec:cipherSuitesFilter>
+                    <sec:include>.*_EXPORT_.*</sec:include>
+                    <sec:include>.*_EXPORT1024_.*</sec:include>
+                    <sec:include>.*_WITH_DES_.*</sec:include>
+                    <sec:include>.*_WITH_AES_.*</sec:include>
+                    <sec:include>.*_WITH_NULL_.*</sec:include>
+                    <sec:exclude>.*_DH_anon_.*</sec:exclude>
+                </sec:cipherSuitesFilter>
+                <sec:clientAuthentication want="true" required="true"/>
+            </httpj:tlsServerParameters>
+        </httpj:engine>
+    </httpj:engine-factory>
+</beans>

Added: cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/soap12/stax-cxf-service.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/soap12/stax-cxf-service.xml?rev=1548129&view=auto
==============================================================================
--- cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/soap12/stax-cxf-service.xml (added)
+++ cxf/trunk/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/soap12/stax-cxf-service.xml Thu Dec  5 13:22:11 2013
@@ -0,0 +1,83 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:cxf="http://cxf.apache.org/core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xsi:schemaLocation="             http://cxf.apache.org/core             http://cxf.apache.org/schemas/core.xsd             http://cxf.apache.org/configuration/security             http://cxf.apache.org/schemas/configuration/security.xsd             http://cxf.apache.org/jaxws             http://cxf.apache.org/schemas/jaxws.xsd             http://cxf.apache.org/transports/http/configuration             http://cxf.apache.org/schemas/configuration/http-conf.xsd             http://cxf.apache.org/transports/http-jetty/configuration             http://cxf.apache.org/schemas/configuration/http-jetty.xsd      
        http://www.springframework.org/schema/beans             http://www.springframework.org/schema/beans/spring-beans.xsd">
+    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml2" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML2Port" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.StaxServer}/doubleit/services/doubleittransportsaml2" wsdlLocation="org/apache/cxf/systest/sts/soap12/DoubleIt.wsdl">
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+            <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
+            <entry key="ws-security.saml2.validator">
+                <bean class="org.apache.cxf.ws.security.trust.STSStaxTokenValidator">
+                    <constructor-arg value="true"/>
+                </bean>
+            </entry>
+            <entry key="ws-security.enable.streaming" value="true"/>
+            <entry key="ws-security.sts.client">
+                <bean class="org.apache.cxf.ws.security.trust.STSClient">
+                    <constructor-arg ref="cxf"/>
+                    <property name="wsdlLocation" value="https://localhost:${testutil.ports.StaxSTSServer}/SecurityTokenService/TransportSoap12?wsdl"/>
+                    <property name="serviceName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"/>
+                    <property name="endpointName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Soap12_Port"/>
+                    <property name="properties">
+                        <map>
+                            <entry key="ws-security.username" value="alice"/>
+                            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+                            <entry key="ws-security.sts.token.username" value="myclientkey"/>
+                            <entry key="ws-security.sts.token.properties" value="clientKeystore.properties"/>
+                            <entry key="ws-security.sts.token.usecert" value="true"/>
+                            <entry key="ws-security.enable.streaming" value="true"/>
+                        </map>
+                    </property>
+                </bean>
+            </entry>
+        </jaxws:properties>
+    </jaxws:endpoint>
+    <httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf">
+        <httpj:engine port="${testutil.ports.StaxServer}">
+            <httpj:tlsServerParameters>
+                <sec:keyManagers keyPassword="skpass">
+                    <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
+                </sec:keyManagers>
+                <sec:trustManagers>
+                    <sec:keyStore type="jks" password="stsspass" resource="stsstore.jks"/>
+                </sec:trustManagers>
+                <sec:cipherSuitesFilter>
+                    <sec:include>.*_EXPORT_.*</sec:include>
+                    <sec:include>.*_EXPORT1024_.*</sec:include>
+                    <sec:include>.*_WITH_DES_.*</sec:include>
+                    <sec:include>.*_WITH_AES_.*</sec:include>
+                    <sec:include>.*_WITH_NULL_.*</sec:include>
+                    <sec:exclude>.*_DH_anon_.*</sec:exclude>
+                </sec:cipherSuitesFilter>
+                <sec:clientAuthentication want="true" required="true"/>
+            </httpj:tlsServerParameters>
+        </httpj:engine>
+    </httpj:engine-factory>
+    <http:conduit name="https://localhost:.*">
+        <http:tlsClientParameters disableCNCheck="true">
+            <sec:trustManagers>
+                <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
+            </sec:trustManagers>
+            <sec:keyManagers keyPassword="skpass">
+                <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
+            </sec:keyManagers>
+        </http:tlsClientParameters>
+    </http:conduit>
+</beans>



Mime
View raw message