Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@cxf.apache.org
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: coheigea@apache.org
To: commits@cxf.apache.org
Message-Id: <6a877a7ac8b54bb0b1a1d550db1c1009@git.apache.org>
Subject: git commit: Updated the MTOM code
Date: Tue,  1 Apr 2014 15:25:36 +0000 (UTC)

Repository: cxf
Updated Branches:
  refs/heads/master 5f49a3e06 -> af577d218


Updated the MTOM code


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/af577d21
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/af577d21
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/af577d21

Branch: refs/heads/master
Commit: af577d218398d35a3f52a34bb489789e97f1e8a1
Parents: 5f49a3e
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Apr 1 16:25:16 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Apr 1 16:25:30 2014 +0100

----------------------------------------------------------------------
 .../ws/security/wss4j/WSS4JOutInterceptor.java  | 35 ++++++++++--------
 .../security/wss4j/WSS4JStaxOutInterceptor.java | 29 ++++++++++-----
 .../cxf/systest/ws/mtom/MTOMSecurityTest.java   | 32 +++++++++++++++--
 .../cxf/systest/ws/mtom/DoubleItMtom.wsdl       |  7 ++--
 .../org/apache/cxf/systest/ws/mtom/client.xml   | 35 +++++++++++++++++-
 .../org/apache/cxf/systest/ws/mtom/server.xml   | 37 ++++++++++++++++++--
 6 files changed, 146 insertions(+), 29 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/af577d21/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
index 6137701..66434c3 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
@@ -81,15 +81,31 @@ public class WSS4JOutInterceptor extends AbstractWSS4JInterceptor {
     public boolean isAllowMTOM() {
         return mtomEnabled;
     }
+    
     /**
-     * Enable or disable mtom with WS-Security.   By default MTOM is disabled as
-     * attachments would not get encrypted or be part of the signature.
+     * Enable or disable mtom with WS-Security. MTOM is disabled if we are signing or
+     * encrypting the message Body, as otherwise attachments would not get encrypted
+     * or be part of the signature.
      * @param mtomEnabled
      */
     public void setAllowMTOM(boolean allowMTOM) {
         this.mtomEnabled = allowMTOM;
     }
     
+    protected void handleSecureMTOM(SoapMessage mc, List<HandlerAction> actions) {
+        if (mtomEnabled) {
+            return;
+        }
+        
+        //must turn off mtom when using WS-Sec so binary is inlined so it can
+        //be properly signed/encrypted/etc...
+        String mtomKey = org.apache.cxf.message.Message.MTOM_ENABLED;
+        if (mc.get(mtomKey) == Boolean.TRUE) {
+            LOG.warning("MTOM will be disabled as the WSS4JOutInterceptor.mtomEnabled property"
+                    + " is set to false");
+        }
+        mc.put(mtomKey, Boolean.FALSE);
+    }
 
     @Override
     public Object getProperty(Object msgContext, String key) {
@@ -106,17 +122,6 @@ public class WSS4JOutInterceptor extends AbstractWSS4JInterceptor {
     }
 
     public void handleMessage(SoapMessage mc) throws Fault {
-        //must turn off mtom when using WS-Sec so binary is inlined so it can
-        //be properly signed/encrypted/etc...
-        if (!mtomEnabled) {
-            String mtomKey = org.apache.cxf.message.Message.MTOM_ENABLED;
-            if (mc.get(mtomKey) == Boolean.TRUE) {
-                LOG.warning("MTOM will be disabled as the WSS4JOutInterceptor.mtomEnabled property"
-                            + " is set to false");
-            }
-            mc.put(mtomKey, Boolean.FALSE);
-        }
-        
         if (mc.getContent(SOAPMessage.class) == null) {
             saajOut.handleMessage(mc);
         }
@@ -190,6 +195,8 @@ public class WSS4JOutInterceptor extends AbstractWSS4JInterceptor {
                 if (actions.isEmpty()) {
                     return;
                 }
+                
+                handleSecureMTOM(mc, actions);
     
                 /*
                  * For every action we need a username, so get this now. The
@@ -238,7 +245,7 @@ public class WSS4JOutInterceptor extends AbstractWSS4JInterceptor {
                  * into FORM_STRING. This string is converted into a document.
                  * During the FORM_STRING serialization CXF performs multi-ref of
                  * complex data types (if requested), generates and inserts
-                 * references for attachements and so on. The resulting Document
+                 * references for attachments and so on. The resulting Document
                  * MUST be the complete and final SOAP request as CXF would send it
                  * over the wire. Therefore this must shall be the last (or only)
                  * handler in a chain. Now we can perform our security operations on

http://git-wip-us.apache.org/repos/asf/cxf/blob/af577d21/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
index 574e18a..f7d90cf 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
@@ -23,11 +23,13 @@ import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
+import java.util.logging.Logger;
 
 import javax.xml.stream.XMLStreamException;
 import javax.xml.stream.XMLStreamWriter;
 
 import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor;
 import org.apache.cxf.interceptor.AttachmentOutInterceptor;
 import org.apache.cxf.interceptor.Fault;
@@ -59,6 +61,7 @@ public class WSS4JStaxOutInterceptor extends AbstractWSS4JStaxInterceptor {
     
     public static final String OUTPUT_STREAM_HOLDER = 
         WSS4JStaxOutInterceptor.class.getName() + ".outputstream";
+    private static final Logger LOG = LogUtils.getL7dLogger(WSS4JStaxOutInterceptor.class);
     private WSS4JStaxOutInterceptorInternal ending;
     
     private boolean mtomEnabled;
@@ -92,27 +95,36 @@ public class WSS4JStaxOutInterceptor extends AbstractWSS4JStaxInterceptor {
     }
     
     /**
-     * Enable or disable mtom with WS-Security.   By default MTOM is disabled as
-     * attachments would not get encrypted or be part of the signature.
+     * Enable or disable mtom with WS-Security. MTOM is disabled if we are signing or
+     * encrypting the message Body, as otherwise attachments would not get encrypted
+     * or be part of the signature.
      * @param mtomEnabled
      */
     public void setAllowMTOM(boolean allowMTOM) {
         this.mtomEnabled = allowMTOM;
     }
-    
 
     @Override
     public Object getProperty(Object msgContext, String key) {
         return super.getProperty(msgContext, key);
     }
-
-    public void handleMessage(SoapMessage mc) throws Fault {
+    
+    protected void handleSecureMTOM(SoapMessage mc, WSSSecurityProperties secProps) {
+        if (mtomEnabled) {
+            return;
+        }
+        
         //must turn off mtom when using WS-Sec so binary is inlined so it can
         //be properly signed/encrypted/etc...
-        if (!mtomEnabled) {
-            mc.put(org.apache.cxf.message.Message.MTOM_ENABLED, false);
+        String mtomKey = org.apache.cxf.message.Message.MTOM_ENABLED;
+        if (mc.get(mtomKey) == Boolean.TRUE) {
+            LOG.warning("MTOM will be disabled as the WSS4JOutInterceptor.mtomEnabled property"
+                    + " is set to false");
         }
-        
+        mc.put(mtomKey, Boolean.FALSE);
+    }
+
+    public void handleMessage(SoapMessage mc) throws Fault {
         OutputStream os = mc.getContent(OutputStream.class);
         String encoding = getEncoding(mc);
 
@@ -134,6 +146,7 @@ public class WSS4JStaxOutInterceptor extends AbstractWSS4JStaxInterceptor {
                 // If no actions configured (with SecurityPolicy) then return
                 return;
             }
+            handleSecureMTOM(mc, secProps);
             
             if (secProps.getAttachmentCallbackHandler() == null) {
                 secProps.setAttachmentCallbackHandler(new AttachmentCallbackHandler(mc));

http://git-wip-us.apache.org/repos/asf/cxf/blob/af577d21/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java
index a23800f..3bcf42a 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java
@@ -61,8 +61,9 @@ public class MTOMSecurityTest extends AbstractBusClientServerTestBase {
         stopAllServers();
     }
 
+    // The attachment is inlined + the SOAP Body signed
     @org.junit.Test
-    public void testSignedMTOM() throws Exception {
+    public void testSignedMTOMInline() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
         URL busFile = MTOMSecurityTest.class.getResource("client.xml");
@@ -73,7 +74,34 @@ public class MTOMSecurityTest extends AbstractBusClientServerTestBase {
         
         URL wsdl = MTOMSecurityTest.class.getResource("DoubleItMtom.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
-        QName portQName = new QName(NAMESPACE, "DoubleItSignedMTOMPort");
+        QName portQName = new QName(NAMESPACE, "DoubleItSignedMTOMInlinePort");
+        DoubleItMtomPortType port = 
+                service.getPort(portQName, DoubleItMtomPortType.class);
+        updateAddressPort(port, PORT);
+        
+        DataSource source = new FileDataSource(new File("src/test/resources/java.jpg"));
+        DoubleIt4 doubleIt = new DoubleIt4();
+        doubleIt.setNumberToDouble(25);
+        port.doubleIt4(25, new DataHandler(source));
+        
+        ((java.io.Closeable)port).close();
+        bus.shutdown(true);
+    }
+    
+    // Here we are not-inlining, but the attachments are signed (as is the SOAP Body)
+    @org.junit.Test
+    public void testSignedMTOMSwA() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = MTOMSecurityTest.class.getResource("client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+        
+        URL wsdl = MTOMSecurityTest.class.getResource("DoubleItMtom.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSignedMTOMSwAPort");
         DoubleItMtomPortType port = 
                 service.getPort(portQName, DoubleItMtomPortType.class);
         updateAddressPort(port, PORT);

http://git-wip-us.apache.org/repos/asf/cxf/blob/af577d21/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/DoubleItMtom.wsdl
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/DoubleItMtom.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/DoubleItMtom.wsdl
index 7bd82c2..cea1163 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/DoubleItMtom.wsdl
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/DoubleItMtom.wsdl
@@ -36,8 +36,11 @@
     </wsdl:binding>
     
     <wsdl:service name="DoubleItService">
-        <wsdl:port name="DoubleItSignedMTOMPort" binding="tns:DoubleItNoSecurityBinding">
-            <soap:address location="http://localhost:9001/DoubleItSignedMTOM"/>
+        <wsdl:port name="DoubleItSignedMTOMInlinePort" binding="tns:DoubleItNoSecurityBinding">
+            <soap:address location="http://localhost:9001/DoubleItSignedMTOMInline"/>
+        </wsdl:port>
+        <wsdl:port name="DoubleItSignedMTOMSwAPort" binding="tns:DoubleItNoSecurityBinding">
+            <soap:address location="http://localhost:9001/DoubleItSignedMTOMSwA"/>
         </wsdl:port>
     </wsdl:service>
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/af577d21/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/client.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/client.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/client.xml
index e3a0aa1..ca69bfe 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/client.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/client.xml
@@ -24,7 +24,38 @@
             <cxf:logging/>
         </cxf:features>
     </cxf:bus>
-    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSignedMTOMPort" createdFromAPI="true">
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSignedMTOMInlinePort" createdFromAPI="true">
+        <jaxws:outInterceptors>
+            <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
+                <constructor-arg>
+                    <map>
+                        <entry key="action" value="Signature Timestamp"/>
+                        <entry key="signatureUser" value="alice"/>
+                        <entry key="signaturePropFile" value="alice.properties"/>
+                        <entry key="signatureKeyIdentifier" value="DirectReference"/>
+                        <entry key="signatureParts" 
+                               value="{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{}{http://schemas.xmlsoap.org/soap/envelope/}Body;"/>
+                        <entry key="passwordCallbackClass" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+                    </map>
+                </constructor-arg>
+            </bean>
+        </jaxws:outInterceptors>
+        <jaxws:inInterceptors>
+            <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
+                <constructor-arg>
+                    <map>
+                        <entry key="action" value="Signature"/>
+                        <entry key="signatureVerificationPropFile" value="alice.properties"/>
+                    </map>
+                </constructor-arg>
+            </bean>
+        </jaxws:inInterceptors>
+        <jaxws:properties>
+            <entry key="mtom-enabled" value="true"/>
+        </jaxws:properties>
+    </jaxws:client>
+    
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSignedMTOMSwAPort" createdFromAPI="true">
         <jaxws:outInterceptors>
             <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
                 <constructor-arg>
@@ -38,6 +69,7 @@
                         <entry key="passwordCallbackClass" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
                     </map>
                 </constructor-arg>
+                <property name="allowMTOM" value="true"/>
             </bean>
         </jaxws:outInterceptors>
         <jaxws:inInterceptors>
@@ -55,4 +87,5 @@
         </jaxws:properties>
     </jaxws:client>
     
+    
 </beans>

http://git-wip-us.apache.org/repos/asf/cxf/blob/af577d21/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/server.xml
index fcb0805..b4ea76e 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/server.xml
@@ -27,8 +27,41 @@
     </cxf:bus>
 
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="SignedMTOM" 
-        address="http://localhost:${testutil.ports.Server}/DoubleItSignedMTOM" 
-        serviceName="s:DoubleItService" endpointName="s:DoubleItSignedMTOMPort" 
+        address="http://localhost:${testutil.ports.Server}/DoubleItSignedMTOMInline" 
+        serviceName="s:DoubleItService" endpointName="s:DoubleItSignedMTOMInlinePort" 
+        implementor="org.apache.cxf.systest.ws.mtom.DoubleIt4Impl" 
+        wsdlLocation="org/apache/cxf/systest/ws/mtom/DoubleItMtom.wsdl">
+        <jaxws:outInterceptors>
+            <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
+                <constructor-arg>
+                    <map>
+                        <entry key="action" value="Signature"/>
+                        <entry key="signatureUser" value="bob"/>
+                        <entry key="signaturePropFile" value="bob.properties"/>
+                        <entry key="signatureKeyIdentifier" value="DirectReference"/>
+                        <entry key="passwordCallbackClass" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+                    </map>
+                </constructor-arg>
+            </bean>
+        </jaxws:outInterceptors>
+        <jaxws:inInterceptors>
+            <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
+                <constructor-arg>
+                    <map>
+                        <entry key="action" value="Signature Timestamp"/>
+                        <entry key="signatureVerificationPropFile" value="bob.properties"/>
+                    </map>
+                </constructor-arg>
+            </bean>
+        </jaxws:inInterceptors>
+        <jaxws:properties>
+            <entry key="mtom-enabled" value="true"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+    
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="SignedMTOMSwA" 
+        address="http://localhost:${testutil.ports.Server}/DoubleItSignedMTOMSwA" 
+        serviceName="s:DoubleItService" endpointName="s:DoubleItSignedMTOMSwAPort" 
         implementor="org.apache.cxf.systest.ws.mtom.DoubleIt4Impl" 
         wsdlLocation="org/apache/cxf/systest/ws/mtom/DoubleItMtom.wsdl">
         <jaxws:outInterceptors>