cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [4/4] git commit: Refining last commit
Date Thu, 17 Apr 2014 13:23:07 GMT
Refining last commit


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/16b7596d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/16b7596d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/16b7596d

Branch: refs/heads/2.7.x-fixes
Commit: 16b7596d2b27b6f8cf43732ff03a24674410cd4e
Parents: b0cbaa8
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Apr 17 14:22:49 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Apr 17 14:22:49 2014 +0100

----------------------------------------------------------------------
 .../saml/Saml2AudienceRestrictionValidator.java |  18 +-
 .../cxf/systest/ws/saml/SamlTokenTest.java      |  29 +-
 .../StaxSaml2AudienceRestrictionValidator.java  |  82 -----
 .../org/apache/cxf/systest/ws/saml/server.xml   | 279 -----------------
 .../cxf/systest/ws/saml/server/server.xml       |  21 ++
 .../apache/cxf/systest/ws/saml/stax-server.xml  | 306 -------------------
 6 files changed, 35 insertions(+), 700 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/16b7596d/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/Saml2AudienceRestrictionValidator.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/Saml2AudienceRestrictionValidator.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/Saml2AudienceRestrictionValidator.java
index add4394..c05f885 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/Saml2AudienceRestrictionValidator.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/Saml2AudienceRestrictionValidator.java
@@ -20,11 +20,11 @@ package org.apache.cxf.systest.ws.saml;
 
 import java.util.List;
 
-import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.apache.wss4j.dom.handler.RequestData;
-import org.apache.wss4j.dom.validate.Credential;
-import org.apache.wss4j.dom.validate.SamlAssertionValidator;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.ws.security.validate.Credential;
+import org.apache.ws.security.validate.SamlAssertionValidator;
 import org.opensaml.saml2.core.Assertion;
 import org.opensaml.saml2.core.Audience;
 import org.opensaml.saml2.core.AudienceRestriction;
@@ -41,18 +41,18 @@ public class Saml2AudienceRestrictionValidator extends SamlAssertionValidator {
     @Override
     public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
         Credential validatedCredential = super.validate(credential, data);
-        SamlAssertionWrapper assertion = validatedCredential.getSamlAssertion();
+        AssertionWrapper assertion = validatedCredential.getAssertion();
         
         Assertion saml2Assertion = assertion.getSaml2();
         if (saml2Assertion == null) {
-            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
         }
         
         return validatedCredential;
     }
     
     @Override
-    public void checkConditions(SamlAssertionWrapper samlAssertion) throws WSSecurityException {
+    public void checkConditions(AssertionWrapper samlAssertion) throws WSSecurityException {
         super.checkConditions(samlAssertion);
         
         if (endpointAddresses == null || endpointAddresses.isEmpty()) {
@@ -76,7 +76,7 @@ public class Saml2AudienceRestrictionValidator extends SamlAssertionValidator {
             }
             
             if (!foundAddress) {
-                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
+                throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
             }
         }
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/16b7596d/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
index e6cd98c..0389775 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
@@ -20,14 +20,9 @@
 package org.apache.cxf.systest.ws.saml;
 
 import java.net.URL;
-<<<<<<< HEAD
-=======
 import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
->>>>>>> 6d27230... [CXF-5674] - CXF Support in "Audience Restriction" of SAML 2 (SOAP)
 
 import javax.xml.namespace.QName;
 import javax.xml.ws.BindingProvider;
@@ -45,17 +40,10 @@ import org.apache.cxf.systest.ws.saml.server.Server;
 import org.apache.cxf.systest.ws.ut.SecurityHeaderCacheInterceptor;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
 import org.apache.cxf.ws.security.SecurityConstants;
-<<<<<<< HEAD
+import org.apache.ws.security.saml.ext.bean.AudienceRestrictionBean;
 import org.apache.ws.security.saml.ext.bean.ConditionsBean;
 import org.apache.ws.security.saml.ext.bean.KeyInfoBean.CERT_IDENTIFIER;
 import org.apache.ws.security.saml.ext.builder.SAML2Constants;
-=======
-import org.apache.wss4j.common.saml.bean.AudienceRestrictionBean;
-import org.apache.wss4j.common.saml.bean.ConditionsBean;
-import org.apache.wss4j.common.saml.bean.KeyInfoBean.CERT_IDENTIFIER;
-import org.apache.wss4j.common.saml.builder.SAML1Constants;
-import org.apache.wss4j.common.saml.builder.SAML2Constants;
->>>>>>> 6d27230... [CXF-5674] - CXF Support in "Audience Restriction" of SAML 2 (SOAP)
 import org.example.contract.doubleit.DoubleItPortType;
 import org.junit.BeforeClass;
 
@@ -834,14 +822,12 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase {
         ((java.io.Closeable)saml2Port).close();
         bus.shutdown(true);
     }
-<<<<<<< HEAD
-=======
     
     @org.junit.Test
     public void testAudienceRestriction() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = SamlTokenTest.class.getResource("client.xml");
+        URL busFile = SamlTokenTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
@@ -852,18 +838,14 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase {
         QName portQName = new QName(NAMESPACE, "DoubleItSaml2TransportPort2");
         DoubleItPortType saml2Port = 
                 service.getPort(portQName, DoubleItPortType.class);
-        String portNumber = PORT2;
-        if (STAX_PORT.equals(test.getPort())) {
-            portNumber = STAX_PORT2;
-        }
-        updateAddressPort(saml2Port, portNumber);
+        updateAddressPort(saml2Port, PORT2);
 
         // Create a SAML Token with an AudienceRestrictionCondition
         ConditionsBean conditions = new ConditionsBean();
         List<AudienceRestrictionBean> audienceRestrictions = new ArrayList<AudienceRestrictionBean>();
         AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
         audienceRestriction.setAudienceURIs(Collections.singletonList(
-            "https://localhost:" + portNumber + "/DoubleItSaml2Transport2"));
+            "https://localhost:" + PORT2 + "/DoubleItSaml2Transport2"));
         audienceRestrictions.add(audienceRestriction);
         conditions.setAudienceRestrictions(audienceRestrictions);
         
@@ -879,7 +861,7 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase {
             // Now use an "unknown" audience restriction
             audienceRestriction = new AudienceRestrictionBean();
             audienceRestriction.setAudienceURIs(Collections.singletonList(
-                "https://localhost:" + portNumber + "/DoubleItSaml2Transport2unknown"));
+                "https://localhost:" + PORT2 + "/DoubleItSaml2Transport2unknown"));
             audienceRestrictions.clear();
             audienceRestrictions.add(audienceRestriction);
             conditions.setAudienceRestrictions(audienceRestrictions);
@@ -892,5 +874,4 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase {
         }
     }
     
->>>>>>> 6d27230... [CXF-5674] - CXF Support in "Audience Restriction" of SAML 2 (SOAP)
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/16b7596d/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSaml2AudienceRestrictionValidator.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSaml2AudienceRestrictionValidator.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSaml2AudienceRestrictionValidator.java
deleted file mode 100644
index 778c068..0000000
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSaml2AudienceRestrictionValidator.java
+++ /dev/null
@@ -1,82 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.systest.ws.saml;
-
-import java.util.List;
-
-import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.apache.wss4j.stax.validate.SamlTokenValidatorImpl;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.Audience;
-import org.opensaml.saml2.core.AudienceRestriction;
-import org.opensaml.saml2.core.Conditions;
-
-/**
- * This class checks that the Audiences received as part of AudienceRestrictions match a set 
- * list of endpoints.
- */
-public class StaxSaml2AudienceRestrictionValidator extends SamlTokenValidatorImpl {
-    
-    private List<String> endpointAddresses;
-    
-    @Override
-    public void checkConditions(SamlAssertionWrapper samlAssertion) throws WSSecurityException {
-        super.checkConditions(samlAssertion);
-        
-        Assertion saml2Assertion = samlAssertion.getSaml2();
-        if (saml2Assertion == null) {
-            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
-        }
-        
-        if (endpointAddresses == null || endpointAddresses.isEmpty()) {
-            return;
-        }
-        
-        Conditions conditions = samlAssertion.getSaml2().getConditions();
-        if (conditions != null && conditions.getAudienceRestrictions() != null) {
-            boolean foundAddress = false;
-            for (AudienceRestriction audienceRestriction : conditions.getAudienceRestrictions()) {
-                List<Audience> audiences = audienceRestriction.getAudiences();
-                if (audiences != null) {
-                    for (Audience audience : audiences) {
-                        String audienceURI = audience.getAudienceURI();
-                        if (endpointAddresses.contains(audienceURI)) {
-                            foundAddress = true;
-                            break;
-                        }
-                    }
-                }
-            }
-            
-            if (!foundAddress) {
-                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
-            }
-        }
-    }
-
-    public List<String> getEndpointAddresses() {
-        return endpointAddresses;
-    }
-
-    public void setEndpointAddresses(List<String> endpointAddresses) {
-        this.endpointAddresses = endpointAddresses;
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/16b7596d/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml
deleted file mode 100644
index 97a6bfa..0000000
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml
+++ /dev/null
@@ -1,279 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
- 
- http://www.apache.org/licenses/LICENSE-2.0
- 
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xsi:schemaLocation="         http://www.springframework.org/schema/beans                     http://www.springframework.org/schema/beans/spring-beans.xsd         http://cxf.apache.org/jaxws                                     http://cxf.apache.org/schemas/jaxws.xsd         http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd         http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd         http://cxf.apache.org/transports/http/configuration             http://cxf.apache.org/sc
 hemas/configuration/http-conf.xsd         http://cxf.apache.org/transports/http-jetty/configuration       http://cxf.apache.org/schemas/configuration/http-jetty.xsd         http://cxf.apache.org/configuration/security      http://cxf.apache.org/schemas/configuration/security.xsd  http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd   ">
-    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
-    <cxf:bus>
-        <cxf:features>
-            <p:policies/>
-            <cxf:logging/>
-        </cxf:features>
-    </cxf:bus>
-    <!-- -->
-    <!-- Any services listening on port 9009 must use the following -->
-    <!-- Transport Layer Security (TLS) settings -->
-    <!-- -->
-    <httpj:engine-factory id="tls-settings">
-        <httpj:engine port="${testutil.ports.Server.2}">
-            <httpj:tlsServerParameters>
-                <sec:keyManagers keyPassword="password">
-                    <sec:keyStore type="jks" password="password" resource="org/apache/cxf/systest/ws/security/Bethal.jks"/>
-                </sec:keyManagers>
-                <sec:trustManagers>
-                    <sec:keyStore type="jks" password="password" resource="org/apache/cxf/systest/ws/security/Truststore.jks"/>
-                </sec:trustManagers>
-                <sec:cipherSuitesFilter>
-                    <sec:include>.*_EXPORT_.*</sec:include>
-                    <sec:include>.*_EXPORT1024_.*</sec:include>
-                    <sec:include>.*_WITH_DES_.*</sec:include>
-                    <sec:include>.*_WITH_AES_.*</sec:include>
-                    <sec:include>.*_WITH_NULL_.*</sec:include>
-                    <sec:exclude>.*_DH_anon_.*</sec:exclude>
-                </sec:cipherSuitesFilter>
-                <sec:clientAuthentication want="true" required="true"/>
-            </httpj:tlsServerParameters>
-        </httpj:engine>
-    </httpj:engine-factory>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml1TokenOverTransport" address="https://localhost:${testutil.ports.Server.2}/DoubleItSaml1Transport" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml1TransportPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-       </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml1TokenOverTransport2" address="https://localhost:${testutil.ports.Server.2}/DoubleItSaml1Transport2" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml1TransportPort2" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-       </jaxws:properties>
-        <jaxws:features>
-            <p:policies>
-                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" URI="classpath:/org/apache/cxf/systest/ws/saml/saml1-tls-policy.xml"/>
-            </p:policies>
-        </jaxws:features>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml1SupportingToken" address="https://localhost:${testutil.ports.Server.2}/DoubleItSaml1Supporting" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml1SupportingPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverSymmetric" address="http://localhost:${testutil.ports.Server}/DoubleItSaml2Symmetric" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2SymmetricPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.saml2.validator" value="org.apache.cxf.systest.ws.saml.CustomSaml2Validator"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverAsymmetric" address="http://localhost:${testutil.ports.Server}/DoubleItSaml2Asymmetric" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2AsymmetricPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.username" value="bob"/>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.encryption.username" value="useReqSigCert"/>
-            <entry key="ws-security.saml2.validator" value="org.apache.cxf.systest.ws.saml.CustomSaml2Validator"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverAsymmetric2" address="http://localhost:${testutil.ports.Server}/DoubleItSaml2Asymmetric2" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2AsymmetricPort2" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.username" value="bob"/>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.encryption.username" value="useReqSigCert"/>
-            <entry key="ws-security.saml2.validator" value="org.apache.cxf.systest.ws.saml.CustomSaml2Validator"/>
-        </jaxws:properties>
-        <jaxws:features>
-            <p:policies>
-                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" URI="classpath:/org/apache/cxf/systest/ws/saml/saml2-asym-policy.xml"/>
-            </p:policies>
-        </jaxws:features>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml1SelfSignedTokenOverTransport" address="https://localhost:${testutil.ports.Server.2}/DoubleItSaml1SelfSignedTransport" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml1SelfSignedTransportPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml1SelfSignedTokenOverTransportSP11" address="https://localhost:${testutil.ports.Server.2}/DoubleItSaml1SelfSignedTransportSP11" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml1SelfSignedTransportSP11Port" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2EndorsingOverTransport" address="https://localhost:${testutil.ports.Server.2}/DoubleItSaml2EndorsingTransport" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2EndorsingTransportPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2EndorsingOverTransportSP11" address="https://localhost:${testutil.ports.Server.2}/DoubleItSaml2EndorsingTransportSP11" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2EndorsingTransportSP11Port" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="AsymmetricSamlInitiatorPort" address="http://localhost:${testutil.ports.Server}/DoubleItAsymmetricSamlInitiator" serviceName="s:DoubleItService" endpointName="s:DoubleItAsymmetricSamlInitiatorPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.username" value="bob"/>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.encryption.username" value="useReqSigCert"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.saml2.validator" value="org.apache.cxf.systest.ws.saml.CustomSaml2Validator"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverSymmetricSignedElements" address="http://localhost:${testutil.ports.Server}/DoubleItSaml2SymmetricSignedElements" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2SymmetricSignedElementsPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverAsymmetricSignedEncrypted" address="http://localhost:${testutil.ports.Server}/DoubleItSaml2AsymmetricSignedEncrypted" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2AsymmetricSignedEncryptedPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.username" value="bob"/>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.encryption.username" value="useReqSigCert"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.saml2.validator" value="org.apache.cxf.systest.ws.saml.CustomSaml2Validator"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverAsymmetricSignedEncryptedEncryptBeforeSigning" address="http://localhost:${testutil.ports.Server}/DoubleItSaml2AsymmetricSignedEncryptedEncryptBeforeSigning" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2AsymmetricSignedEncryptedEncryptBeforeSigningPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.username" value="bob"/>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.encryption.username" value="useReqSigCert"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.saml2.validator" value="org.apache.cxf.systest.ws.saml.CustomSaml2Validator"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverAsymmetricEncrypted" address="http://localhost:${testutil.ports.Server}/DoubleItSaml2AsymmetricEncrypted" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2AsymmetricEncryptedPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.username" value="bob"/>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.encryption.username" value="useReqSigCert"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2EndorsingEncryptedOverTransport" address="https://localhost:${testutil.ports.Server.2}/DoubleItSaml2EndorsingEncryptedTransport" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2EndorsingEncryptedTransportPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="InlinePolicy" address="https://localhost:${testutil.ports.Server.2}/DoubleItSamlInlinePolicy" serviceName="s:DoubleItService" endpointName="s:DoubleItInlinePolicyPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-        </jaxws:properties>
-        <jaxws:features>
-            <p:policies>
-                <wsp:Policy xmlns:wsp="http://www.w3.org/ns/ws-policy">
-                    <wsp:ExactlyOne>
-                        <wsp:All>
-                            <wsp:Policy xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" wsu:Id="SamlToken">
-                                <wsp:ExactlyOne>
-                                    <wsp:All>
-                                        <sp:TransportBinding>
-                                            <wsp:Policy>
-                                                <sp:TransportToken>
-                                                    <wsp:Policy>
-                                                        <sp:HttpsToken>
-                                                            <wsp:Policy/>
-                                                        </sp:HttpsToken>
-                                                    </wsp:Policy>
-                                                </sp:TransportToken>
-                                                <sp:Layout>
-                                                    <wsp:Policy>
-                                                        <sp:Lax/>
-                                                    </wsp:Policy>
-                                                </sp:Layout>
-                                                <sp:IncludeTimestamp/>
-                                                <sp:AlgorithmSuite>
-                                                    <wsp:Policy>
-                                                        <sp:Basic128/>
-                                                    </wsp:Policy>
-                                                </sp:AlgorithmSuite>
-                                            </wsp:Policy>
-                                        </sp:TransportBinding>
-                                        <sp:SupportingTokens>
-                                            <wsp:Policy>
-                                                <sp:SamlToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
-                                                    <wsp:Policy>
-                                                        <sp:WssSamlV11Token11/>
-                                                    </wsp:Policy>
-                                                </sp:SamlToken>
-                                            </wsp:Policy>
-                                        </sp:SupportingTokens>
-                                    </wsp:All>
-                                </wsp:ExactlyOne>
-                            </wsp:Policy>
-                        </wsp:All>
-                    </wsp:ExactlyOne>
-                </wsp:Policy>
-            </p:policies>
-        </jaxws:features>
-    </jaxws:endpoint>
-    <bean class="org.apache.cxf.systest.ws.saml.PolicyDecisionPointMockImpl" id="MockPDP" />
-    <bean class="org.apache.cxf.rt.security.xacml.XACMLAuthorizingInterceptor" id="XACMLInterceptor">
-        <constructor-arg ref="MockPDP"/>
-    </bean>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverSymmetricPEP" address="http://localhost:${testutil.ports.Server}/DoubleItSaml2PEP" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2PEPPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.saml2.validator" value="org.apache.cxf.systest.ws.saml.CustomSaml2Validator"/>
-        </jaxws:properties>
-        <jaxws:inInterceptors>
-            <ref bean="XACMLInterceptor"/>
-        </jaxws:inInterceptors>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TransportToken" address="https://localhost:${testutil.ports.Server.2}/DoubleItSaml2Transport" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2TransportPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    
-    <bean id="audienceRestrictionValidator" class="org.apache.cxf.systest.ws.saml.Saml2AudienceRestrictionValidator">
-        <property name="endpointAddresses">
-            <list>
-                <value>https://localhost:${testutil.ports.Server.2}/DoubleItSaml2Transport2</value>
-                <value>https://localhost:${testutil.ports.StaxServer.2}/DoubleItSaml2Transport2</value>
-            </list>
-        </property>
-    </bean>
-            
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TransportToken2" address="https://localhost:${testutil.ports.Server.2}/DoubleItSaml2Transport2" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2TransportPort2" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.saml2.validator" value-ref="audienceRestrictionValidator"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-</beans>

http://git-wip-us.apache.org/repos/asf/cxf/blob/16b7596d/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml
index 6db3fea..136c49f 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml
@@ -24,6 +24,7 @@
     xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
     xmlns:sec="http://cxf.apache.org/configuration/security"
     xmlns:cxf="http://cxf.apache.org/core"
+    xmlns:util="http://www.springframework.org/schema/util"
     xmlns:p="http://cxf.apache.org/policy"
     xsi:schemaLocation="
         http://www.springframework.org/schema/beans                     http://www.springframework.org/schema/beans/spring-beans.xsd
@@ -33,6 +34,7 @@
         http://cxf.apache.org/transports/http/configuration             http://cxf.apache.org/schemas/configuration/http-conf.xsd
         http://cxf.apache.org/transports/http-jetty/configuration       http://cxf.apache.org/schemas/configuration/http-jetty.xsd
         http://cxf.apache.org/configuration/security                    http://cxf.apache.org/schemas/configuration/security.xsd
+        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd
     ">
     <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
     
@@ -500,4 +502,23 @@
      
     </jaxws:endpoint> 
     
+    <bean id="audienceRestrictionValidator" class="org.apache.cxf.systest.ws.saml.Saml2AudienceRestrictionValidator">
+        <property name="endpointAddresses">
+            <list>
+                <value>https://localhost:${testutil.ports.Server.2}/DoubleItSaml2Transport2</value>
+            </list>
+        </property>
+    </bean>
+            
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TransportToken2" address="https://localhost:${testutil.ports.Server.2}/DoubleItSaml2Transport2" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2TransportPort2" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler"
+                   value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+            <entry key="ws-security.signature.properties" 
+                   value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
+            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+            <entry key="ws-security.saml2.validator" value-ref="audienceRestrictionValidator"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+    
 </beans>

http://git-wip-us.apache.org/repos/asf/cxf/blob/16b7596d/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml
deleted file mode 100644
index 0750c09..0000000
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server.xml
+++ /dev/null
@@ -1,306 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
- 
- http://www.apache.org/licenses/LICENSE-2.0
- 
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xsi:schemaLocation="         http://www.springframework.org/schema/beans                     http://www.springframework.org/schema/beans/spring-beans.xsd         http://cxf.apache.org/jaxws                                     http://cxf.apache.org/schemas/jaxws.xsd         http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd         http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd         http://cxf.apache.org/transports/http/configuration             http://cxf.apache.org/sc
 hemas/configuration/http-conf.xsd         http://cxf.apache.org/transports/http-jetty/configuration       http://cxf.apache.org/schemas/configuration/http-jetty.xsd         http://cxf.apache.org/configuration/security                    http://cxf.apache.org/schemas/configuration/security.xsd   http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd  ">
-    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
-    <cxf:bus>
-        <cxf:features>
-            <p:policies/>
-            <cxf:logging/>
-        </cxf:features>
-    </cxf:bus>
-    <!-- -->
-    <!-- Any services listening on port 9009 must use the following -->
-    <!-- Transport Layer Security (TLS) settings -->
-    <!-- -->
-    <httpj:engine-factory id="tls-settings">
-        <httpj:engine port="${testutil.ports.StaxServer.2}">
-            <httpj:tlsServerParameters>
-                <sec:keyManagers keyPassword="password">
-                    <sec:keyStore type="jks" password="password" resource="org/apache/cxf/systest/ws/security/Bethal.jks"/>
-                </sec:keyManagers>
-                <sec:trustManagers>
-                    <sec:keyStore type="jks" password="password" resource="org/apache/cxf/systest/ws/security/Truststore.jks"/>
-                </sec:trustManagers>
-                <sec:cipherSuitesFilter>
-                    <sec:include>.*_EXPORT_.*</sec:include>
-                    <sec:include>.*_EXPORT1024_.*</sec:include>
-                    <sec:include>.*_WITH_DES_.*</sec:include>
-                    <sec:include>.*_WITH_AES_.*</sec:include>
-                    <sec:include>.*_WITH_NULL_.*</sec:include>
-                    <sec:exclude>.*_DH_anon_.*</sec:exclude>
-                </sec:cipherSuitesFilter>
-                <sec:clientAuthentication want="true" required="true"/>
-            </httpj:tlsServerParameters>
-        </httpj:engine>
-    </httpj:engine-factory>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml1TokenOverTransport" address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItSaml1Transport" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml1TransportPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.enable.streaming" value="true"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml1TokenOverTransport2" address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItSaml1Transport2" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml1TransportPort2" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.enable.streaming" value="true"/>
-        </jaxws:properties>
-        <jaxws:features>
-            <p:policies>
-                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" URI="classpath:/org/apache/cxf/systest/ws/saml/saml1-tls-policy.xml"/>
-            </p:policies>
-        </jaxws:features>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml1SupportingToken" address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItSaml1Supporting" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml1SupportingPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.enable.streaming" value="true"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverSymmetric" address="http://localhost:${testutil.ports.StaxServer}/DoubleItSaml2Symmetric" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2SymmetricPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <!--<entry key="ws-security.saml2.validator" 
-                  value="org.apache.cxf.systest.ws.saml.CustomSaml2Validator"/>-->
-            <entry key="ws-security.enable.streaming" value="true"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverAsymmetric" address="http://localhost:${testutil.ports.StaxServer}/DoubleItSaml2Asymmetric" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2AsymmetricPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.username" value="bob"/>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.encryption.username" value="useReqSigCert"/>
-            <!--<entry key="ws-security.saml2.validator" 
-                  value="org.apache.cxf.systest.ws.saml.CustomSaml2Validator"/>-->
-            <entry key="ws-security.enable.streaming" value="true"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverAsymmetric2" address="http://localhost:${testutil.ports.StaxServer}/DoubleItSaml2Asymmetric2" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2AsymmetricPort2" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.username" value="bob"/>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.encryption.username" value="useReqSigCert"/>
-            <!--<entry key="ws-security.saml2.validator" 
-                  value="org.apache.cxf.systest.ws.saml.CustomSaml2Validator"/>-->
-            <entry key="ws-security.enable.streaming" value="true"/>
-        </jaxws:properties>
-        <jaxws:features>
-            <p:policies>
-                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" URI="classpath:/org/apache/cxf/systest/ws/saml/saml2-asym-policy.xml"/>
-            </p:policies>
-        </jaxws:features>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml1SelfSignedTokenOverTransport" address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItSaml1SelfSignedTransport" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml1SelfSignedTransportPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.enable.streaming" value="true"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml1SelfSignedTokenOverTransportSP11" address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItSaml1SelfSignedTransportSP11" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml1SelfSignedTransportSP11Port" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.enable.streaming" value="true"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2EndorsingOverTransport" address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItSaml2EndorsingTransport" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2EndorsingTransportPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.enable.streaming" value="true"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2EndorsingOverTransportSP11" address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItSaml2EndorsingTransportSP11" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2EndorsingTransportSP11Port" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.enable.streaming" value="true"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="AsymmetricSamlInitiatorPort" address="http://localhost:${testutil.ports.StaxServer}/DoubleItAsymmetricSamlInitiator" serviceName="s:DoubleItService" endpointName="s:DoubleItAsymmetricSamlInitiatorPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.username" value="bob"/>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.encryption.username" value="useReqSigCert"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <!--<entry key="ws-security.saml2.validator" 
-                  value="org.apache.cxf.systest.ws.saml.CustomSaml2Validator"/>-->
-            <entry key="ws-security.enable.streaming" value="true"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverSymmetricSignedElements" address="http://localhost:${testutil.ports.StaxServer}/DoubleItSaml2SymmetricSignedElements" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2SymmetricSignedElementsPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.enable.streaming" value="true"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverAsymmetricSignedEncrypted" address="http://localhost:${testutil.ports.StaxServer}/DoubleItSaml2AsymmetricSignedEncrypted" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2AsymmetricSignedEncryptedPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.username" value="bob"/>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.encryption.username" value="useReqSigCert"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <!--<entry key="ws-security.saml2.validator" 
-                  value="org.apache.cxf.systest.ws.saml.CustomSaml2Validator"/>-->
-            <entry key="ws-security.enable.streaming" value="true"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverAsymmetricSignedEncryptedEncryptBeforeSigning" address="http://localhost:${testutil.ports.StaxServer}/DoubleItSaml2AsymmetricSignedEncryptedEncryptBeforeSigning" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2AsymmetricSignedEncryptedEncryptBeforeSigningPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.username" value="bob"/>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.encryption.username" value="useReqSigCert"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <!--<entry key="ws-security.saml2.validator" 
-                  value="org.apache.cxf.systest.ws.saml.CustomSaml2Validator"/>-->
-            <entry key="ws-security.enable.streaming" value="true"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverAsymmetricEncrypted" address="http://localhost:${testutil.ports.StaxServer}/DoubleItSaml2AsymmetricEncrypted" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2AsymmetricEncryptedPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.username" value="bob"/>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.encryption.username" value="useReqSigCert"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.enable.streaming" value="true"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2EndorsingEncryptedOverTransport" address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItSaml2EndorsingEncryptedTransport" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2EndorsingEncryptedTransportPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.enable.streaming" value="true"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="InlinePolicy" address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItSamlInlinePolicy" serviceName="s:DoubleItService" endpointName="s:DoubleItInlinePolicyPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.enable.streaming" value="true"/>
-        </jaxws:properties>
-        <jaxws:features>
-            <p:policies>
-                <wsp:Policy xmlns:wsp="http://www.w3.org/ns/ws-policy">
-                    <wsp:ExactlyOne>
-                        <wsp:All>
-                            <wsp:Policy xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" wsu:Id="SamlToken">
-                                <wsp:ExactlyOne>
-                                    <wsp:All>
-                                        <sp:TransportBinding>
-                                            <wsp:Policy>
-                                                <sp:TransportToken>
-                                                    <wsp:Policy>
-                                                        <sp:HttpsToken>
-                                                            <wsp:Policy/>
-                                                        </sp:HttpsToken>
-                                                    </wsp:Policy>
-                                                </sp:TransportToken>
-                                                <sp:Layout>
-                                                    <wsp:Policy>
-                                                        <sp:Lax/>
-                                                    </wsp:Policy>
-                                                </sp:Layout>
-                                                <sp:IncludeTimestamp/>
-                                                <sp:AlgorithmSuite>
-                                                    <wsp:Policy>
-                                                        <sp:Basic128/>
-                                                    </wsp:Policy>
-                                                </sp:AlgorithmSuite>
-                                            </wsp:Policy>
-                                        </sp:TransportBinding>
-                                        <sp:SupportingTokens>
-                                            <wsp:Policy>
-                                                <sp:SamlToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
-                                                    <wsp:Policy>
-                                                        <sp:WssSamlV11Token11/>
-                                                    </wsp:Policy>
-                                                </sp:SamlToken>
-                                            </wsp:Policy>
-                                        </sp:SupportingTokens>
-                                    </wsp:All>
-                                </wsp:ExactlyOne>
-                            </wsp:Policy>
-                        </wsp:All>
-                    </wsp:ExactlyOne>
-                </wsp:Policy>
-            </p:policies>
-        </jaxws:features>
-    </jaxws:endpoint>
-    <bean class="org.apache.cxf.systest.ws.saml.PolicyDecisionPointMockImpl" id="MockPDP" />
-    <bean class="org.apache.cxf.rt.security.xacml.XACMLAuthorizingInterceptor" id="XACMLInterceptor">
-        <constructor-arg ref="MockPDP"/>
-    </bean>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverSymmetricPEP" address="http://localhost:${testutil.ports.StaxServer}/DoubleItSaml2PEP" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2PEPPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <!--<entry key="ws-security.saml2.validator" 
-                  value="org.apache.cxf.systest.ws.saml.CustomSaml2Validator"/>-->
-            <entry key="ws-security.enable.streaming" value="true"/>
-        </jaxws:properties>
-        <jaxws:inInterceptors>
-            <ref bean="XACMLInterceptor"/>
-        </jaxws:inInterceptors>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TransportToken" address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItSaml2Transport" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2TransportPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.enable.streaming" value="true"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    
-    <bean id="audienceRestrictionValidator" class="org.apache.cxf.systest.ws.saml.StaxSaml2AudienceRestrictionValidator">
-        <property name="endpointAddresses">
-            <list>
-                <value>https://localhost:${testutil.ports.Server.2}/DoubleItSaml2Transport2</value>
-                <value>https://localhost:${testutil.ports.StaxServer.2}/DoubleItSaml2Transport2</value>
-            </list>
-        </property>
-    </bean>
-    
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TransportToken2" address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItSaml2Transport2" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2TransportPort2" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.enable.streaming" value="true"/>
-            <entry key="ws-security.saml2.validator" value-ref="audienceRestrictionValidator"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-</beans>


Mime
View raw message