cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/2] git commit: [CXF-5617] - Support SecureConversation with the Transport Binding
Date Fri, 14 Mar 2014 15:14:42 GMT
Repository: cxf
Updated Branches:
  refs/heads/2.7.x-fixes 63cdec167 -> 8c40b37ab


[CXF-5617] - Support SecureConversation with the Transport Binding


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8c40b37a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8c40b37a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8c40b37a

Branch: refs/heads/2.7.x-fixes
Commit: 8c40b37ab7fd41482ea4f1e42b4993703ee6be29
Parents: 2e0be05
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Mar 14 15:14:11 2014 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Mar 14 15:14:36 2014 +0000

----------------------------------------------------------------------
 .../SecureConversationInInterceptor.java        |  8 ++++-
 .../apache/cxf/systest/ws/wssc/WSSCTest.java    | 17 +++++++---
 .../cxf/systest/ws/wssc/server/Server.java      | 17 ++++++++--
 .../cxf/systest/ws/wssc/client/client.xml       | 33 +++-----------------
 .../cxf/systest/ws/wssc/server/server.xml       | 24 ++++++++++++++
 5 files changed, 62 insertions(+), 37 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/8c40b37a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
index c7233e5..d2d50cb 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
@@ -45,6 +45,7 @@ import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.policy.PolicyBuilder;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.policy.SP12Constants;
+import org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorProvider.HttpsTokenInInterceptor;
 import org.apache.cxf.ws.security.policy.model.Binding;
 import org.apache.cxf.ws.security.policy.model.Header;
 import org.apache.cxf.ws.security.policy.model.ProtectionToken;
@@ -70,8 +71,10 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessa
 
     
     public SecureConversationInInterceptor() {
-        super(Phase.PRE_PROTOCOL);
+        super(Phase.PRE_STREAM);
+        addBefore(HttpsTokenInInterceptor.class.getName());
     }
+    
     private Binding getBinding(AssertionInfoMap aim) {
         Collection<AssertionInfo> ais = aim.get(SP12Constants.SYMMETRIC_BINDING);
         if (ais != null && !ais.isEmpty()) {
@@ -109,6 +112,9 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessa
                 return;
             }
             String s = (String)message.get(SoapBindingConstants.SOAP_ACTION);
+            if (s == null) {
+                s = SoapActionInInterceptor.getSoapAction(message);
+            }
             String addNs = null;
             AddressingProperties inProps = (AddressingProperties)message
                 .getContextualProperty(JAXWSAConstants.SERVER_ADDRESSING_PROPERTIES_INBOUND);

http://git-wip-us.apache.org/repos/asf/cxf/blob/8c40b37a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCTest.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCTest.java
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCTest.java
index 3f24801..b6c75e2 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCTest.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCTest.java
@@ -38,7 +38,7 @@ import org.junit.Test;
  */
 public class WSSCTest extends AbstractBusClientServerTestBase {
     static final String PORT = allocatePort(Server.class);
-
+    static final String PORT2 = allocatePort(Server.class, 2);
        
     private static final String OUT = "CXF : ping";
     private static wssec.wssc.PingService svc;
@@ -67,6 +67,10 @@ public class WSSCTest extends AbstractBusClientServerTestBase {
         stopAllServers();
     }
     
+    @Test
+    public void testSecureConversationUserNameOverTransportIPingService() throws Exception
{
+        runTest("SecureConversation_UserNameOverTransport_IPingService");
+    }
     
     @Test
     public void testSecureConversationMutualCertificate10SignEncryptIPingService() throws
Exception {
@@ -183,9 +187,6 @@ public class WSSCTest extends AbstractBusClientServerTestBase {
         runTest("_XD-ES_IPingService");
     }
 
-
-
-
     private void runTest(String ... argv) throws Exception {
         for (String portPrefix : argv) {
             final wssec.wssc.IPingService port = 
@@ -197,8 +198,14 @@ public class WSSCTest extends AbstractBusClientServerTestBase {
                     wssec.wssc.IPingService.class
                 );
            
-            ((BindingProvider)port).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
+            if (portPrefix.contains("UserNameOverTransport")) {
+                ((BindingProvider)port).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
+                        "https://localhost:" + PORT2 + "/" + portPrefix);
+            } else {
+                ((BindingProvider)port).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
                                                             "http://localhost:" + PORT +
"/" + portPrefix);
+            }
+            
             if (portPrefix.charAt(0) == '_') {
                 //MS would like the _ versions to send a cancel
                 ((BindingProvider)port).getRequestContext()

http://git-wip-us.apache.org/repos/asf/cxf/blob/8c40b37a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/server/Server.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/server/Server.java
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/server/Server.java
index 9249ba3..5925e2a 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/server/Server.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/server/Server.java
@@ -26,12 +26,14 @@ import org.apache.cxf.Bus;
 import org.apache.cxf.BusFactory;
 import org.apache.cxf.bus.spring.SpringBusFactory;
 import org.apache.cxf.systest.ws.wssc.client.KeystorePasswordCallback;
+import org.apache.cxf.systest.ws.wssc.client.UTPasswordCallback;
 import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
 import org.apache.cxf.ws.security.SecurityConstants;
 
 
 public class Server extends AbstractBusTestServerBase {
     static final String PORT = allocatePort(Server.class);
+    static final String PORT2 = allocatePort(Server.class, 2);
 
     public Server() throws Exception {
         
@@ -39,8 +41,9 @@ public class Server extends AbstractBusTestServerBase {
     
     protected Server(String baseUrl) throws Exception {
         
-        
-        //"SecureConversation_UserNameOverTransport_IPingService",
+        doPublish(baseUrl.replace(PORT, PORT2).replace("http", "https")
+                + "SecureConversation_UserNameOverTransport_IPingService",
+                new SCTLSPingService());
         doPublish(baseUrl + "SecureConversation_MutualCertificate10SignEncrypt_IPingService",
                   new SCMCSEIPingService());
         
@@ -112,10 +115,20 @@ public class Server extends AbstractBusTestServerBase {
             ep.getProperties().put(SecurityConstants.SIGNATURE_PROPERTIES + ".sct", 
                 "org/apache/cxf/systest/ws/wssec11/server/alice.properties");
             ep.getProperties().put(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback());
+        } else if (url.contains("UserNameOverTransport")) {
+            ep.getProperties().put(SecurityConstants.CALLBACK_HANDLER + ".sct", new UTPasswordCallback());
         }
         ep.publish(url);
     }
     
+    @WebService(targetNamespace = "http://WSSec/wssc",
+            serviceName = "PingService",
+            portName = "SecureConversation_UserNameOverTransport_IPingService",
+            endpointInterface = "wssec.wssc.IPingService",
+            wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation.wsdl")
+    public static class SCTLSPingService extends PingServiceImpl {
+    }
+    
     @WebService(targetNamespace = "http://WSSec/wssc", 
                 serviceName = "PingService", 
                 portName = "SecureConversation_MutualCertificate10SignEncrypt_IPingService",


http://git-wip-us.apache.org/repos/asf/cxf/blob/8c40b37a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/client/client.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/client/client.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/client/client.xml
index b87a213..a880486 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/client/client.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/client/client.xml
@@ -221,39 +221,14 @@
    	<http:conduit name="http://localhost/.*">
         <http:client AllowChunking="false"/>
     </http:conduit>
-    <http:conduit name="https://localhost/.*">
-        <http:tlsClientParameters disableCNCheck="true">
-            <sec:keyManagers keyPassword="password">
-                <sec:keyStore type="pkcs12" password="password" resource="org/apache/cxf/systest/ws/wssc/certs/alice.jks"/>
-            </sec:keyManagers>
-            <sec:trustManagers>
-                <sec:keyStore type="pkcs12" password="password" resource="org/apache/cxf/systest/ws/wssc/certs/bob.jks"/>
-            </sec:trustManagers>
-        </http:tlsClientParameters>
-        <http:client AllowChunking="false"/>
-    </http:conduit>
-    <http:conduit name="https://localhost/.*">
-        <http:tlsClientParameters disableCNCheck="true">
-            <sec:keyManagers keyPassword="password">
-                <sec:keyStore type="pkcs12" password="password" resource="org/apache/cxf/systest/ws/wssc/certs/bob.jks"/>
-            </sec:keyManagers>
-            <sec:trustManagers>
-                <sec:keyStore type="pkcs12" password="password" resource="org/apache/cxf/systest/ws/wssc/certs/WssIP.jks"/>
-            </sec:trustManagers>
-        </http:tlsClientParameters>
-        <http:client AllowChunking="false"/>
-    </http:conduit>
-    <http:conduit name="https://localhost:8443/.*">
+    
+    <http:conduit name="https://localhost:.*">
         <http:tlsClientParameters disableCNCheck="true">
-            <sec:keyManagers keyPassword="password">
-                <sec:keyStore type="pkcs12" password="password" resource="org/apache/cxf/systest/ws/wssc/certs/alice.jks"/>
-            </sec:keyManagers>
             <sec:trustManagers>
-                <sec:keyStore type="pkcs12" password="password" resource="org/apache/cxf/systest/ws/wssc/certs/WssIP.jks"/>
+                <sec:keyStore type="jks" password="password" resource="org/apache/cxf/systest/ws/security/Truststore.jks"/>
             </sec:trustManagers>
         </http:tlsClientParameters>
-        <http:client AllowChunking="false"/>
-    </http:conduit>
+    </http:conduit>  
     
     
 </beans>

http://git-wip-us.apache.org/repos/asf/cxf/blob/8c40b37a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/server/server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/server/server.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/server/server.xml
index 515ee81..6469cb2 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/server/server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/server/server.xml
@@ -42,5 +42,29 @@
         </cxf:features>
     </cxf:bus>
     
+    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+    
+    <!-- -->
+    <!-- Any services listening on port 9009 must use the following -->
+    <!-- Transport Layer Security (TLS) settings -->
+    <!-- -->
+    <httpj:engine-factory id="tls-settings">
+        <httpj:engine port="${testutil.ports.Server.2}">
+            <httpj:tlsServerParameters>
+                <sec:keyManagers keyPassword="password">
+                    <sec:keyStore type="jks" password="password" resource="org/apache/cxf/systest/ws/security/Bethal.jks"/>
+                </sec:keyManagers>
+                <sec:cipherSuitesFilter>
+                    <sec:include>.*_EXPORT_.*</sec:include>
+                    <sec:include>.*_EXPORT1024_.*</sec:include>
+                    <sec:include>.*_WITH_DES_.*</sec:include>
+                    <sec:include>.*_WITH_AES_.*</sec:include>
+                    <sec:include>.*_WITH_NULL_.*</sec:include>
+                    <sec:exclude>.*_DH_anon_.*</sec:exclude>
+                </sec:cipherSuitesFilter>
+                <sec:clientAuthentication want="true" required="false"/>
+            </httpj:tlsServerParameters>
+        </httpj:engine>
+    </httpj:engine-factory>
     
 </beans>


Mime
View raw message