cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1558765 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/ systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/ systests/...
Date Thu, 16 Jan 2014 11:55:09 GMT
Author: coheigea
Date: Thu Jan 16 11:55:08 2014
New Revision: 1558765

URL: http://svn.apache.org/r1558765
Log:
Changed DefaultCryptoCoverageChecker to require UsernameTokens to be encrypted by default

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageChecker.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageChecker.java
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageCheckerTest.java
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageCheckerTest.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/CryptoCoverageCheckerTest.java
    cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/DoubleItCoverageChecker.wsdl
    cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/client.xml
    cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/server.xml
    cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/stax-server.xml

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java?rev=1558765&r1=1558764&r2=1558765&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java
Thu Jan 16 11:55:08 2014
@@ -58,15 +58,6 @@ import org.apache.wss4j.dom.util.WSSecur
  * coverage based on the results of the WSS4J processors.  This interceptor
  * provides an alternative to using WS-Policy based configuration for crypto
  * coverage enforcement.
- * <p/>
- * Note that the processor must properly address the Security Token
- * Reference Dereference transform in the case of a signed security token
- * such as a SAML assertion.  Consequently, a version of WSS4J that properly
- * addresses this transform must be used with this utility if you wish to 
- * check coverage over a message part referenced through the Security Token
- * Reference Dereference transform.
- * See <a href="https://issues.apache.org/jira/browse/WSS-222">WSS-222</a>
- * for more details.
  */
 public class CryptoCoverageChecker extends AbstractSoapInterceptor {
     

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageChecker.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageChecker.java?rev=1558765&r1=1558764&r2=1558765&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageChecker.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageChecker.java
Thu Jan 16 11:55:08 2014
@@ -27,10 +27,12 @@ import org.apache.wss4j.dom.WSConstants;
 /**
  * This utility extends the CryptoCoverageChecker to provide an easy way to check to see
  * if the SOAP (1.1 + 1.2) Body was signed and/or encrypted, if the Timestamp was signed,
- * and if the WS-Addressing ReplyTo and FaultTo headers were signed.
+ * if the WS-Addressing ReplyTo and FaultTo headers were signed, and if the UsernameToken
+ * was encrypted.
  * 
- * The default configuration is that the SOAP Body, Timestamp must be signed, and WS-Addressing
- * ReplyTo and FaultTo headers must be signed (if they exist in the message payload).
+ * The default configuration is that the SOAP Body, Timestamp must be signed, WS-Addressing
+ * ReplyTo and FaultTo headers must be signed, and a WSS UsernameToken must be encrypted
+ * (if they exist in the message payload).
  */
 public class DefaultCryptoCoverageChecker extends CryptoCoverageChecker {
     
@@ -44,6 +46,8 @@ public class DefaultCryptoCoverageChecke
     private boolean signTimestamp;
     private boolean encryptBody;
     private boolean signAddressingHeaders;
+    private boolean signUsernameToken;
+    private boolean encryptUsernameToken;
     
     /**
      * Creates a new instance. Enforces that the SOAP Body, Timestamp, and WS-Addressing
@@ -66,6 +70,9 @@ public class DefaultCryptoCoverageChecke
         
         // Sign Addressing Headers
         setSignAddressingHeaders(true);
+        
+        // Encrypt UsernameToken
+        setEncryptUsernameToken(true);
     }
     
     public boolean isSignBody() {
@@ -219,5 +226,75 @@ public class DefaultCryptoCoverageChecke
             }
         }
     }
+
+    public boolean isEncryptUsernameToken() {
+        return encryptUsernameToken;
+    }
+
+    public void setEncryptUsernameToken(boolean encryptUsernameToken) {
+        this.encryptUsernameToken = encryptUsernameToken;
+        
+        XPathExpression soap11Expression = 
+            new XPathExpression(
+                "/soapenv:Envelope/soapenv:Header/wsse:Security/wsse:UsernameToken", 
+                CoverageType.ENCRYPTED
+            );
+        XPathExpression soap12Expression = 
+            new XPathExpression(
+                "/soapenv12:Envelope/soapenv12:Header/wsse:Security/wsse:UsernameToken",

+                CoverageType.ENCRYPTED
+            );
+
+        if (encryptUsernameToken) {
+            if (!xPaths.contains(soap11Expression)) {
+                xPaths.add(soap11Expression);
+            }
+            if (!xPaths.contains(soap12Expression)) {
+                xPaths.add(soap12Expression);
+            }
+        } else {
+            if (xPaths.contains(soap11Expression)) {
+                xPaths.remove(soap11Expression);
+            }
+            if (xPaths.contains(soap12Expression)) {
+                xPaths.remove(soap12Expression);
+            }
+        }
+    }
+
+    public boolean isSignUsernameToken() {
+        return signUsernameToken;
+    }
+
+    public void setSignUsernameToken(boolean signUsernameToken) {
+        this.signUsernameToken = signUsernameToken;
+        
+        XPathExpression soap11Expression = 
+            new XPathExpression(
+                "/soapenv:Envelope/soapenv:Header/wsse:Security/wsse:UsernameToken", 
+                CoverageType.SIGNED
+            );
+        XPathExpression soap12Expression = 
+            new XPathExpression(
+                "/soapenv12:Envelope/soapenv12:Header/wsse:Security/wsse:UsernameToken",

+                CoverageType.SIGNED
+            );
+
+        if (signUsernameToken) {
+            if (!xPaths.contains(soap11Expression)) {
+                xPaths.add(soap11Expression);
+            }
+            if (!xPaths.contains(soap12Expression)) {
+                xPaths.add(soap12Expression);
+            }
+        } else {
+            if (xPaths.contains(soap11Expression)) {
+                xPaths.remove(soap11Expression);
+            }
+            if (xPaths.contains(soap12Expression)) {
+                xPaths.remove(soap12Expression);
+            }
+        }
+    }
     
 }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageChecker.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageChecker.java?rev=1558765&r1=1558764&r2=1558765&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageChecker.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageChecker.java
Thu Jan 16 11:55:08 2014
@@ -41,8 +41,8 @@ import org.apache.xml.security.stax.secu
 /**
  * This interceptor handles parsing the StaX WS-Security results (events) + checks that the
  * specified crypto coverage events actually occurred. The default functionality is to enforce

- * that the SOAP Body, Timestamp, and WS-Addressing ReplyTo and FaultTo headers must be signed

- * (if they exist in the message payload).
+ * that the SOAP Body, Timestamp, and WS-Addressing ReplyTo and FaultTo headers must be signed,
+ * and the UsernameToken must be encrypted (if they exist in the message payload).
  * 
  * Note that this interceptor must be explicitly added to the InInterceptor chain.
  */
@@ -71,6 +71,9 @@ public class StaxCryptoCoverageChecker e
         
         // Sign Addressing Headers
         setSignAddressingHeaders(true);
+        
+        // Encrypt UsernameToken
+        setEncryptUsernameToken(true);
     }
 
     @Override

Modified: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageCheckerTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageCheckerTest.java?rev=1558765&r1=1558764&r2=1558765&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageCheckerTest.java
(original)
+++ cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageCheckerTest.java
Thu Jan 16 11:55:08 2014
@@ -38,7 +38,8 @@ import org.junit.Test;
 /**
  * Test the DefaultCryptoCoverageChecker, which extends the CryptoCoverageChecker to provide
  * an easier way to check to see if the SOAP (1.1 + 1.2) Body was signed and/or encrypted,
if 
- * the Timestamp was signed, and if the WS-Addressing ReplyTo and FaultTo headers were signed.
+ * the Timestamp was signed, and if the WS-Addressing ReplyTo and FaultTo headers were signed,
+ * and if a UsernameToken was encrypted.
  */
 public class DefaultCryptoCoverageCheckerTest extends AbstractSecurityTest {
     

Modified: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageCheckerTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageCheckerTest.java?rev=1558765&r1=1558764&r2=1558765&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageCheckerTest.java
(original)
+++ cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageCheckerTest.java
Thu Jan 16 11:55:08 2014
@@ -240,6 +240,8 @@ public class StaxCryptoCoverageCheckerTe
         properties.setCallbackHandler(new TestPwdCallback());
         WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(properties);
         client.getOutInterceptors().add(ohandler);
+        
+        checker.setEncryptUsernameToken(false);
 
         assertEquals("test", echo.echo("test"));
         

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/CryptoCoverageCheckerTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/CryptoCoverageCheckerTest.java?rev=1558765&r1=1558764&r2=1558765&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/CryptoCoverageCheckerTest.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/CryptoCoverageCheckerTest.java
Thu Jan 16 11:55:08 2014
@@ -35,6 +35,7 @@ import org.apache.cxf.systest.ws.common.
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
 import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
 import org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor;
+import org.apache.wss4j.dom.WSConstants;
 import org.example.contract.doubleit.DoubleItPortType;
 import org.junit.BeforeClass;
 import org.junit.runner.RunWith;
@@ -630,4 +631,105 @@ public class CryptoCoverageCheckerTest e
         bus.shutdown(true);
     }
     
+    @org.junit.Test
+    public void testEncryptedUsernameToken() throws Exception {
+        
+        if (!unrestrictedPoliciesInstalled) {
+            return;
+        }
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = CryptoCoverageCheckerTest.class.getResource("client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+        
+        URL wsdl = CryptoCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItEncryptedUsernameTokenPort");
+        DoubleItPortType port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(port, test.getPort());
+        
+        Map<String, Object> outProps = new HashMap<String, Object>();
+        outProps.put("action", "UsernameToken Encrypt");
+        outProps.put("encryptionPropFile", "bob.properties");
+        outProps.put("user", "alice");
+        outProps.put("encryptionUser", "bob");
+        outProps.put("passwordCallbackClass", 
+                     "org.apache.cxf.systest.ws.common.KeystorePasswordCallback");
+        outProps.put("encryptionParts",
+                     "{}{http://schemas.xmlsoap.org/soap/envelope/}Body;"
+                     + "{Element}{" + WSConstants.WSSE_NS + "}UsernameToken;");
+
+        if (test.isStreaming()) {
+            SecurityTestUtil.enableStreaming(port);
+        }
+        
+        if (test.isStreaming()) {
+            WSS4JStaxOutInterceptor staxOutInterceptor = new WSS4JStaxOutInterceptor(outProps);
+            bus.getOutInterceptors().add(staxOutInterceptor);
+        } else {
+            WSS4JOutInterceptor outInterceptor = new WSS4JOutInterceptor(outProps);
+            bus.getOutInterceptors().add(outInterceptor);
+        }
+
+        port.doubleIt(25);
+        
+        ((java.io.Closeable)port).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
+    public void testNotEncryptedUsernameToken() throws Exception {
+        
+        if (!unrestrictedPoliciesInstalled) {
+            return;
+        }
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = CryptoCoverageCheckerTest.class.getResource("client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+        
+        URL wsdl = CryptoCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItEncryptedUsernameTokenPort");
+        DoubleItPortType port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(port, test.getPort());
+        
+        Map<String, Object> outProps = new HashMap<String, Object>();
+        outProps.put("action", "UsernameToken Encrypt");
+        outProps.put("encryptionPropFile", "bob.properties");
+        outProps.put("user", "alice");
+        outProps.put("encryptionUser", "bob");
+        outProps.put("passwordCallbackClass", 
+                     "org.apache.cxf.systest.ws.common.KeystorePasswordCallback");
+        outProps.put("encryptionParts",
+                     "{}{http://schemas.xmlsoap.org/soap/envelope/}Body;");
+
+        if (test.isStreaming()) {
+            SecurityTestUtil.enableStreaming(port);
+        }
+        
+        if (test.isStreaming()) {
+            WSS4JStaxOutInterceptor staxOutInterceptor = new WSS4JStaxOutInterceptor(outProps);
+            bus.getOutInterceptors().add(staxOutInterceptor);
+        } else {
+            WSS4JOutInterceptor outInterceptor = new WSS4JOutInterceptor(outProps);
+            bus.getOutInterceptors().add(outInterceptor);
+        }
+        
+        try {
+            port.doubleIt(25);
+            fail("Failure expected on not encrypting the UsernameToken");
+        } catch (Exception ex) {
+            // expected
+        }
+
+        ((java.io.Closeable)port).close();
+        bus.shutdown(true);
+    }
 }

Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/DoubleItCoverageChecker.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/DoubleItCoverageChecker.wsdl?rev=1558765&r1=1558764&r2=1558765&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/DoubleItCoverageChecker.wsdl
(original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/DoubleItCoverageChecker.wsdl
Thu Jan 16 11:55:08 2014
@@ -68,5 +68,8 @@
         <wsdl:port name="DoubleItClientCheckerPort2" binding="tns:DoubleItSoapBinding">
             <soap:address location="http://localhost:9001/DoubleItClientChecker2"/>
         </wsdl:port>
+        <wsdl:port name="DoubleItEncryptedUsernameTokenPort" binding="tns:DoubleItSoapBinding">
+            <soap:address location="http://localhost:9001/DoubleItEncryptedUsernameToken"/>
+        </wsdl:port>
     </wsdl:service>
 </wsdl:definitions>

Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/client.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/client.xml?rev=1558765&r1=1558764&r2=1558765&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/client.xml
(original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/client.xml
Thu Jan 16 11:55:08 2014
@@ -76,4 +76,6 @@
             </bean>
         </jaxws:inFaultInterceptors>
     </jaxws:client>
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItEncryptedUsernameTokenPort"
createdFromAPI="true">
+    </jaxws:client>
 </beans>

Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/server.xml?rev=1558765&r1=1558764&r2=1558765&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/server.xml
(original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/server.xml
Thu Jan 16 11:55:08 2014
@@ -132,4 +132,20 @@
             </bean>
         </jaxws:outFaultInterceptors>
     </jaxws:endpoint>
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="EncryptedUsernameToken"
address="http://localhost:${testutil.ports.Server}/DoubleItEncryptedUsernameToken" serviceName="s:DoubleItService"
endpointName="s:DoubleItEncryptedUsernameTokenPort" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/coverage_checker/DoubleItCoverageChecker.wsdl">
+        <jaxws:inInterceptors>
+            <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
+                <constructor-arg>
+                    <map>
+                        <entry key="action" value="Encrypt UsernameToken"/>
+                        <entry key="decryptionPropFile" value="bob.properties"/>
+                        <entry key="passwordCallbackClass" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+                    </map>
+                </constructor-arg>
+            </bean>
+            <bean class="org.apache.cxf.ws.security.wss4j.DefaultCryptoCoverageChecker">
+                <property name="signBody" value="false"/>
+            </bean>
+        </jaxws:inInterceptors>
+    </jaxws:endpoint>
 </beans>

Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/stax-server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/stax-server.xml?rev=1558765&r1=1558764&r2=1558765&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/stax-server.xml
(original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/stax-server.xml
Thu Jan 16 11:55:08 2014
@@ -92,4 +92,20 @@
             <wsa:addressing xmlns:wsa="http://cxf.apache.org/ws/addressing"/>
         </jaxws:features>
     </jaxws:endpoint>
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="EncryptedUsernameToken"
address="http://localhost:${testutil.ports.StaxServer}/DoubleItEncryptedUsernameToken" serviceName="s:DoubleItService"
endpointName="s:DoubleItEncryptedUsernameTokenPort" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/coverage_checker/DoubleItCoverageChecker.wsdl">
+        <jaxws:inInterceptors>
+            <bean class="org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor">
+                <constructor-arg>
+                    <map>
+                        <entry key="action" value="Encrypt UsernameToken"/>
+                        <entry key="decryptionPropFile" value="bob.properties"/>
+                        <entry key="passwordCallbackClass" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+                    </map>
+                </constructor-arg>
+            </bean>
+            <bean class="org.apache.cxf.ws.security.wss4j.StaxCryptoCoverageChecker">
+                <property name="signBody" value="false"/>
+            </bean>
+        </jaxws:inInterceptors>
+    </jaxws:endpoint>
 </beans>



Mime
View raw message