cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/3] git commit: [CXF-5768] - Fallback to "Issue" if "Renew" fails in the STSClient
Date Tue, 27 May 2014 13:59:01 GMT
[CXF-5768] - Fallback to "Issue" if "Renew" fails in the STSClient

Conflicts:
	rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
	services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/DoubleIt.wsdl
	services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/cxf-client.xml
	services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/cxf-service.xml
	services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/cxf-sts-pop.xml


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b0806901
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b0806901
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b0806901

Branch: refs/heads/2.7.x-fixes
Commit: b08069016ed2861240e4ca8e21726c6cd67bbfd3
Parents: 0fe383e
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue May 27 12:17:02 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue May 27 12:18:17 2014 +0100

----------------------------------------------------------------------
 .../cxf/ws/security/SecurityConstants.java      |   7 ++
 .../IssuedTokenInterceptorProvider.java         |  36 +++++-
 .../cxf/systest/sts/renew/SAMLRenewTest.java    |   9 ++
 .../apache/cxf/systest/sts/renew/DoubleIt.wsdl  |  76 +++++++++++++
 .../apache/cxf/systest/sts/renew/cxf-client.xml | 111 +++++++++++++++++++
 .../cxf/systest/sts/renew/cxf-service.xml       |  45 ++++++++
 .../cxf/systest/sts/renew/cxf-sts-pop.xml       |  50 +++++++++
 7 files changed, 330 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/b0806901/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
index e015474..b778766 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
@@ -412,6 +412,13 @@ public final class SecurityConstants {
     public static final String STS_TOKEN_DO_CANCEL = "ws-security.sts.token.do.cancel";
     
     /**
+     * Whether to fall back to calling "issue" after failing to renew an expired token. Some
+     * STSs do not support the renew binding, and so we should just issue a new token after
expiry.
+     * The default is true.
+     */
+    public static final String STS_ISSUE_AFTER_FAILED_RENEW = "ws-security.issue.after.failed.renew";
+    
+    /**
      * Set this to "false" to not cache a SecurityToken per proxy object in the 
      * IssuedTokenInterceptorProvider. This should be done if a token is being retrieved
      * from an STS in an intermediary. The default value is "true".

http://git-wip-us.apache.org/repos/asf/cxf/blob/b0806901/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
index 9945c79..df5a5a4 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
@@ -26,9 +26,15 @@ import java.util.Collection;
 import java.util.List;
 import java.util.Map;
 import java.util.Properties;
+import java.util.logging.Level;
+import java.util.logging.Logger;
 
 import org.w3c.dom.Element;
+<<<<<<< HEAD
 
+=======
+import org.apache.cxf.common.logging.LogUtils;
+>>>>>>> 7851f41... [CXF-5768] - Fallback to "Issue" if "Renew" fails
in the STSClient
 import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.interceptor.Fault;
@@ -71,6 +77,8 @@ import org.apache.ws.security.saml.ext.AssertionWrapper;
  */
 public class IssuedTokenInterceptorProvider extends AbstractPolicyInterceptorProvider {
     
+    private static final Logger LOG = LogUtils.getL7dLogger(IssuedTokenInterceptorProvider.class);
+    
     private static final long serialVersionUID = -6936475570762840527L;
     private static final String ASSOCIATED_TOKEN = 
         IssuedTokenInterceptorProvider.class.getName() + "-" + "Associated_Token";
@@ -426,10 +434,30 @@ public class IssuedTokenInterceptorProvider extends AbstractPolicyInterceptorPro
                     
                     client.setTemplate(itok.getRstTemplate());
                     return client.renewSecurityToken(tok);
-                } catch (RuntimeException e) {
-                    throw e;
-                } catch (Exception e) {
-                    throw new Fault(e);
+                } catch (RuntimeException ex) {
+                    LOG.log(Level.WARNING, "Error renewing a token", ex);
+                    boolean issueAfterFailedRenew = 
+                        MessageUtils.getContextualBoolean(
+                            message, SecurityConstants.STS_ISSUE_AFTER_FAILED_RENEW, true
+                        );
+                    if (issueAfterFailedRenew) {
+                        // Perhaps the STS does not support renewing, so try to issue a new
token
+                        return issueToken(message, aim, itok);
+                    } else {
+                        throw ex;
+                    }
+                } catch (Exception ex) {
+                    LOG.log(Level.WARNING, "Error renewing a token", ex);
+                    boolean issueAfterFailedRenew = 
+                        MessageUtils.getContextualBoolean(
+                            message, SecurityConstants.STS_ISSUE_AFTER_FAILED_RENEW, true
+                        );
+                    if (issueAfterFailedRenew) {
+                        // Perhaps the STS does not support renewing, so try to issue a new
token
+                        return issueToken(message, aim, itok);
+                    } else {
+                        throw new Fault(ex);
+                    }
                 } finally {
                     client.setTrust((Trust10)null);
                     client.setTrust((Trust13)null);

http://git-wip-us.apache.org/repos/asf/cxf/blob/b0806901/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/SAMLRenewTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/SAMLRenewTest.java
b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/SAMLRenewTest.java
index 013ac0b..a2fd15d 100644
--- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/SAMLRenewTest.java
+++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/renew/SAMLRenewTest.java
@@ -100,10 +100,16 @@ public class SAMLRenewTest extends AbstractBusClientServerTestBase {
             service.getPort(saml2PortQName, DoubleItPortType.class);
         updateAddressPort(saml2Port, PORT);
         
+        QName saml2NoRenewPortQName = new QName(NAMESPACE, "DoubleItTransportSaml2NoRenewPort");
+        DoubleItPortType saml2NoRenewPort = 
+            service.getPort(saml2NoRenewPortQName, DoubleItPortType.class);
+        updateAddressPort(saml2NoRenewPort, PORT);
+        
         // Make initial successful invocation(s)
         doubleIt(saml1Port, 25);
         doubleIt(saml1BearerPort, 30);
         doubleIt(saml2Port, 35);
+        doubleIt(saml2NoRenewPort, 35);
         
         // Now sleep to expire the token(s)
         Thread.sleep(8 * 1000);
@@ -129,6 +135,9 @@ public class SAMLRenewTest extends AbstractBusClientServerTestBase {
         stsClient.setTtl(300);
         doubleIt(saml2Port, 35);
         
+        // Renew should fail here, but it should fall back to issue
+        doubleIt(saml2NoRenewPort, 35);
+        
         ((java.io.Closeable)saml1Port).close();
         ((java.io.Closeable)saml1BearerPort).close();
         ((java.io.Closeable)saml2Port).close();

http://git-wip-us.apache.org/repos/asf/cxf/blob/b0806901/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/DoubleIt.wsdl
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/DoubleIt.wsdl
b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/DoubleIt.wsdl
index 6afa8c3..8f56919 100644
--- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/DoubleIt.wsdl
+++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/DoubleIt.wsdl
@@ -16,6 +16,7 @@
  specific language governing permissions and limitations
  under the License.
 -->
+<<<<<<< HEAD
 <wsdl:definitions name="DoubleIt"
 	xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
 	xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:di="http://www.example.org/schema/DoubleIt"
@@ -107,6 +108,81 @@
 							<wsp:Policy>
 								<sp:HttpsToken>
                                    <wsp:Policy/>
+=======
+<wsdl:definitions xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:di="http://www.example.org/schema/DoubleIt"
xmlns:tns="http://www.example.org/contract/DoubleIt" xmlns:wsp="http://www.w3.org/ns/ws-policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsaw="http://www.w3.org/2005/08/addressing"
xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" name="DoubleIt" targetNamespace="http://www.example.org/contract/DoubleIt">
+    <wsdl:import location="src/test/resources/DoubleItLogical.wsdl" namespace="http://www.example.org/contract/DoubleIt"/>
+    <wsdl:binding name="DoubleItTransportSaml1Binding" type="tns:DoubleItPortType">
+        <wsp:PolicyReference URI="#DoubleItBindingTransportSaml1Policy"/>
+        <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction=""/>
+            <wsdl:input>
+                <soap:body use="literal"/>
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal"/>
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+            </wsdl:output>
+        </wsdl:operation>
+    </wsdl:binding>
+    <wsdl:binding name="DoubleItTransportSaml1BearerBinding" type="tns:DoubleItPortType">
+        <wsp:PolicyReference URI="#DoubleItBindingTransportSaml1BearerPolicy"/>
+        <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction=""/>
+            <wsdl:input>
+                <soap:body use="literal"/>
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal"/>
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+            </wsdl:output>
+        </wsdl:operation>
+    </wsdl:binding>
+    <wsdl:binding name="DoubleItTransportSaml2Binding" type="tns:DoubleItPortType">
+        <wsp:PolicyReference URI="#DoubleItBindingTransportSaml2Policy"/>
+        <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction=""/>
+            <wsdl:input>
+                <soap:body use="literal"/>
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal"/>
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+            </wsdl:output>
+        </wsdl:operation>
+    </wsdl:binding>
+    <wsdl:service name="DoubleItService">
+        <wsdl:port name="DoubleItTransportSaml1Port" binding="tns:DoubleItTransportSaml1Binding">
+            <soap:address location="https://localhost:8081/doubleit/services/doubleittransportsaml1"/>
+        </wsdl:port>
+        <wsdl:port name="DoubleItTransportSaml1BearerPort" binding="tns:DoubleItTransportSaml1BearerBinding">
+            <soap:address location="https://localhost:8081/doubleit/services/doubleittransportsaml1bearer"/>
+        </wsdl:port>
+        <wsdl:port name="DoubleItTransportSaml2Port" binding="tns:DoubleItTransportSaml2Binding">
+            <soap:address location="https://localhost:8081/doubleit/services/doubleittransportsaml2"/>
+        </wsdl:port>
+        <wsdl:port name="DoubleItTransportSaml2NoRenewPort" binding="tns:DoubleItTransportSaml2Binding">
+            <soap:address location="https://localhost:8081/doubleit/services/doubleittransportsaml2norenew"/>
+        </wsdl:port>
+    </wsdl:service>
+    <wsp:Policy wsu:Id="DoubleItBindingTransportSaml1Policy">
+        <wsp:ExactlyOne>
+            <wsp:All>
+                <wsam:Addressing wsp:Optional="false">
+                    <wsp:Policy/>
+                </wsam:Addressing>
+                <sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+                    <wsp:Policy>
+                        <sp:TransportToken>
+                            <wsp:Policy>
+                                <sp:HttpsToken>
+                                    <wsp:Policy/>
+>>>>>>> 7851f41... [CXF-5768] - Fallback to "Issue" if "Renew" fails
in the STSClient
                                 </sp:HttpsToken>
 							</wsp:Policy>
 						</sp:TransportToken>

http://git-wip-us.apache.org/repos/asf/cxf/blob/b0806901/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/cxf-client.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/cxf-client.xml
b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/cxf-client.xml
index 7d3fe3d..92397d3 100644
--- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/cxf-client.xml
+++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/cxf-client.xml
@@ -36,6 +36,7 @@ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/confi
             <cxf:logging/>
         </cxf:features>
     </cxf:bus>
+<<<<<<< HEAD
    
    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSaml1Port"
createdFromAPI="true">
        <jaxws:properties>
@@ -132,5 +133,115 @@ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/confi
       </http:tlsClientParameters>
    </http:conduit>
    
+=======
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSaml1Port"
createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="ws-security.username" value="alice"/>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+            <entry key="ws-security.signature.properties" value="clientKeystore.properties"/>
+            <entry key="ws-security.signature.username" value="myclientkey"/>
+            <entry key="ws-security.sts.client">
+                <bean class="org.apache.cxf.ws.security.trust.STSClient">
+                    <constructor-arg ref="cxf"/>
+                    <property name="wsdlLocation" value="https://localhost:${testutil.ports.STSServerPOP}/SecurityTokenService/Transport?wsdl"/>
+                    <property name="serviceName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"/>
+                    <property name="endpointName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port"/>
+                    <property name="ttl" value="8"/>
+                    <property name="enableLifetime" value="true"/>
+                    <property name="allowRenewingAfterExpiry" value="true"/>
+                    <property name="properties">
+                        <map>
+                            <entry key="ws-security.sts.token.username" value="myclientkey"/>
+                            <entry key="ws-security.sts.token.properties" value="clientKeystore.properties"/>
+                            <entry key="ws-security.sts.token.usecert" value="true"/>
+                        </map>
+                    </property>
+                </bean>
+            </entry>
+        </jaxws:properties>
+    </jaxws:client>
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSaml1BearerPort"
createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="ws-security.username" value="alice"/>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+            <entry key="ws-security.sts.client">
+                <bean class="org.apache.cxf.ws.security.trust.STSClient">
+                    <constructor-arg ref="cxf"/>
+                    <property name="wsdlLocation" value="https://localhost:${testutil.ports.STSServerPOP}/SecurityTokenService/Transport?wsdl"/>
+                    <property name="serviceName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"/>
+                    <property name="endpointName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port"/>
+                    <property name="ttl" value="8"/>
+                    <property name="enableLifetime" value="true"/>
+                    <property name="allowRenewingAfterExpiry" value="true"/>
+                </bean>
+            </entry>
+            <entry key="ws-security.issue.after.failed.renew" value="false"/>
+        </jaxws:properties>
+    </jaxws:client>
+    
+    <bean id="saml2STSClient" class="org.apache.cxf.ws.security.trust.STSClient">
+        <constructor-arg ref="cxf"/>
+        <property name="wsdlLocation" value="https://localhost:${testutil.ports.STSServerPOP}/SecurityTokenService/Transport?wsdl"/>
+        <property name="serviceName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"/>
+        <property name="endpointName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port"/>
+        <property name="ttl" value="8"/>
+        <property name="enableLifetime" value="true"/>
+        <property name="allowRenewingAfterExpiry" value="true"/>
+        <property name="properties">
+            <map>
+                <entry key="ws-security.sts.token.username" value="myclientkey"/>
+                <entry key="ws-security.sts.token.properties" value="clientKeystore.properties"/>
+                <entry key="ws-security.sts.token.usecert" value="true"/>
+            </map>
+        </property>
+    </bean>
+                
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSaml2Port"
createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="ws-security.username" value="alice"/>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+            <entry key="ws-security.signature.properties" value="clientKeystore.properties"/>
+            <entry key="ws-security.signature.username" value="myclientkey"/>
+            <entry key="ws-security.sts.client" value-ref="saml2STSClient" />
+        </jaxws:properties>
+    </jaxws:client>
+    
+     <bean id="saml2STSNoRenewClient" class="org.apache.cxf.ws.security.trust.STSClient">
+        <constructor-arg ref="cxf"/>
+        <property name="wsdlLocation" value="https://localhost:${testutil.ports.STSServerPOP}/SecurityTokenService/TransportSoap12?wsdl"/>
+        <property name="serviceName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"/>
+        <property name="endpointName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Soap12_Port"/>
+        <property name="ttl" value="8"/>
+        <property name="enableLifetime" value="true"/>
+        <property name="allowRenewingAfterExpiry" value="true"/>
+        <property name="properties">
+            <map>
+                <entry key="ws-security.sts.token.username" value="myclientkey"/>
+                <entry key="ws-security.sts.token.properties" value="clientKeystore.properties"/>
+                <entry key="ws-security.sts.token.usecert" value="true"/>
+            </map>
+        </property>
+    </bean>
+    
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSaml2NoRenewPort"
createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="ws-security.username" value="alice"/>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+            <entry key="ws-security.signature.properties" value="clientKeystore.properties"/>
+            <entry key="ws-security.signature.username" value="myclientkey"/>
+            <entry key="ws-security.sts.client" value-ref="saml2STSNoRenewClient" />
+        </jaxws:properties>
+    </jaxws:client>
+    <http:conduit name="https://localhost:.*">
+        <http:tlsClientParameters disableCNCheck="true">
+            <sec:trustManagers>
+                <sec:keyStore type="jks" password="cspass" resource="clientstore.jks"/>
+            </sec:trustManagers>
+            <sec:keyManagers keyPassword="ckpass">
+                <sec:keyStore type="jks" password="cspass" resource="clientstore.jks"/>
+            </sec:keyManagers>
+        </http:tlsClientParameters>
+    </http:conduit>
+>>>>>>> 7851f41... [CXF-5768] - Fallback to "Issue" if "Renew" fails
in the STSClient
 </beans>
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/b0806901/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/cxf-service.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/cxf-service.xml
b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/cxf-service.xml
index cc3d129..3380bf4 100644
--- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/cxf-service.xml
+++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/cxf-service.xml
@@ -44,6 +44,7 @@
             <cxf:logging/>
         </cxf:features>
     </cxf:bus>
+<<<<<<< HEAD
    
    <jaxws:endpoint id="doubleittransportsaml1"
       implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl"
@@ -112,5 +113,49 @@
    </httpj:engine>
   </httpj:engine-factory>
   
+=======
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml1"
implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSaml1Port"
serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.Server}/doubleit/services/doubleittransportsaml1"
wsdlLocation="org/apache/cxf/systest/sts/renew/DoubleIt.wsdl">
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+            <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml1bearer"
implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSaml1BearerPort"
serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.Server}/doubleit/services/doubleittransportsaml1bearer"
wsdlLocation="org/apache/cxf/systest/sts/renew/DoubleIt.wsdl">
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+            <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml2"
implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSaml2Port"
serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.Server}/doubleit/services/doubleittransportsaml2"
wsdlLocation="org/apache/cxf/systest/sts/renew/DoubleIt.wsdl">
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+            <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml2norenew"
implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSaml2NoRenewPort"
serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.Server}/doubleit/services/doubleittransportsaml2norenew"
wsdlLocation="org/apache/cxf/systest/sts/renew/DoubleIt.wsdl">
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+            <entry key="ws-security.signature.properties" value="serviceKeystore.properties"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+    <httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf">
+        <httpj:engine port="${testutil.ports.Server}">
+            <httpj:tlsServerParameters>
+                <sec:keyManagers keyPassword="skpass">
+                    <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
+                </sec:keyManagers>
+                <sec:cipherSuitesFilter>
+                    <sec:include>.*_EXPORT_.*</sec:include>
+                    <sec:include>.*_EXPORT1024_.*</sec:include>
+                    <sec:include>.*_WITH_DES_.*</sec:include>
+                    <sec:include>.*_WITH_AES_.*</sec:include>
+                    <sec:include>.*_WITH_NULL_.*</sec:include>
+                    <sec:exclude>.*_DH_anon_.*</sec:exclude>
+                </sec:cipherSuitesFilter>
+                <sec:clientAuthentication want="false" required="false"/>
+            </httpj:tlsServerParameters>
+        </httpj:engine>
+    </httpj:engine-factory>
+>>>>>>> 7851f41... [CXF-5768] - Fallback to "Issue" if "Renew" fails
in the STSClient
 </beans>
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/b0806901/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/cxf-sts-pop.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/cxf-sts-pop.xml
b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/cxf-sts-pop.xml
index c78a3c9..30f458e 100644
--- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/cxf-sts-pop.xml
+++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/renew/cxf-sts-pop.xml
@@ -137,6 +137,7 @@
     <bean id="SAMLConditionsProvider" class="org.apache.cxf.sts.token.provider.DefaultConditionsProvider">
         <property name="acceptClientLifetime" value="true"/>
     </bean>
+<<<<<<< HEAD
 
 	<bean id="transportService" class="org.apache.cxf.sts.service.StaticService">
 		<property name="endpoints" ref="transportEndpoints" />
@@ -189,5 +190,54 @@
 		</httpj:engine>
 	</httpj:engine-factory>
    
+=======
+    <bean id="transportService" class="org.apache.cxf.sts.service.StaticService">
+        <property name="endpoints" ref="transportEndpoints"/>
+    </bean>
+    <util:list id="transportEndpoints">
+        <value>https://localhost:(\d)*/doubleit/services/doubleittransport.*
+                </value>
+    </util:list>
+    <bean id="transportSTSProperties" class="org.apache.cxf.sts.StaticSTSProperties">
+        <property name="signaturePropertiesFile" value="stsKeystore.properties"/>
+        <property name="signatureUsername" value="mystskey"/>
+        <property name="callbackHandlerClass" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+        <property name="encryptionPropertiesFile" value="stsKeystore.properties"/>
+        <property name="issuer" value="DoubleItSTSIssuer"/>
+        <property name="encryptionUsername" value="myservicekey"/>
+    </bean>
+    <jaxws:endpoint xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" id="localSTS"
implementor="#transportSTSProviderBean" address="https://localhost:${testutil.ports.STSServerPOP}/SecurityTokenService/Transport"
wsdlLocation="src/test/resources/org/apache/cxf/systest/sts/deployment/ws-trust-1.4-service.wsdl"
depends-on="ClientAuthHttpsSettings" serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Port">
+    </jaxws:endpoint>
+    
+    <bean id="transportSTSProviderNoRenewBean" class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
+        <property name="issueOperation" ref="transportIssueDelegate"/>
+        <property name="validateOperation" ref="transportValidateDelegate"/>
+    </bean>
+    
+    <jaxws:endpoint xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" id="noRenewSTS"
implementor="#transportSTSProviderNoRenewBean" address="https://localhost:${testutil.ports.STSServerPOP}/SecurityTokenService/TransportSoap12"
wsdlLocation="src/test/resources/org/apache/cxf/systest/sts/deployment/ws-trust-1.4-service.wsdl"
depends-on="ClientAuthHttpsSettings" serviceName="ns1:SecurityTokenService" endpointName="ns1:Transport_Soap12_Port">
+    </jaxws:endpoint>
+    
+    <httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf">
+        <httpj:engine port="${testutil.ports.STSServerPOP}">
+            <httpj:tlsServerParameters>
+                <sec:trustManagers>
+                    <sec:keyStore type="jks" password="stsspass" resource="stsstore.jks"/>
+                </sec:trustManagers>
+                <sec:keyManagers keyPassword="stskpass">
+                    <sec:keyStore type="jks" password="stsspass" resource="stsstore.jks"/>
+                </sec:keyManagers>
+                <sec:cipherSuitesFilter>
+                    <sec:include>.*_EXPORT_.*</sec:include>
+                    <sec:include>.*_EXPORT1024_.*</sec:include>
+                    <sec:include>.*_WITH_DES_.*</sec:include>
+                    <sec:include>.*_WITH_AES_.*</sec:include>
+                    <sec:include>.*_WITH_NULL_.*</sec:include>
+                    <sec:exclude>.*_DH_anon_.*</sec:exclude>
+                </sec:cipherSuitesFilter>
+                <sec:clientAuthentication want="true" required="true"/>
+            </httpj:tlsServerParameters>
+        </httpj:engine>
+    </httpj:engine-factory>
+>>>>>>> 7851f41... [CXF-5768] - Fallback to "Issue" if "Renew" fails
in the STSClient
 </beans>
 


Mime
View raw message