cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [3/6] git commit: Fixing the build
Date Thu, 11 Sep 2014 22:38:30 GMT
Fixing the build


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/333bda69
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/333bda69
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/333bda69

Branch: refs/heads/2.7.x-fixes
Commit: 333bda697a000a746a34aa11f4d62b09b42db58d
Parents: 36353e7
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Sep 11 23:30:08 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Sep 11 23:30:08 2014 +0100

----------------------------------------------------------------------
 .../wss4j/saml/PolicyBasedSamlTest.java         |  10 +-
 .../cxf/systest/sts/bearer/BearerTest.java      |  70 ----------
 .../cxf/systest/wssec/examples/saml/server.xml  | 127 -----------------
 .../wssec/examples/saml/server/server.xml       |   6 +
 .../systest/wssec/examples/saml/stax-server.xml | 137 -------------------
 .../cxf/systest/ws/saml/SamlTokenTest.java      |   7 +-
 .../ws/saml/client/SamlCallbackHandler.java     |  29 +---
 .../saml/subjectconf/SamlSubjectConfTest.java   | 119 ++++++++--------
 .../systest/ws/saml/subjectconf/StaxServer.java |  47 -------
 .../client/KeystorePasswordCallback.java        |   2 +
 .../org/apache/cxf/systest/ws/action/server.xml |  14 ++
 .../cxf/systest/ws/saml/client/client.xml       |   1 +
 .../systest/ws/saml/subjectconf/stax-server.xml |  61 ---------
 13 files changed, 87 insertions(+), 543 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/333bda69/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/PolicyBasedSamlTest.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/PolicyBasedSamlTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/PolicyBasedSamlTest.java
index f3ae585..ceaee37 100644
--- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/PolicyBasedSamlTest.java
+++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/PolicyBasedSamlTest.java
@@ -22,22 +22,16 @@ import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
 
-<<<<<<< HEAD
-import org.apache.cxf.ws.security.policy.SP12Constants;
-import org.apache.cxf.ws.security.wss4j.AbstractPolicySecurityTest;
-import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageType;
-=======
 import org.w3c.dom.Document;
 
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.wss4j.AbstractPolicySecurityTest;
 import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageType;
 import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor;
-import org.apache.wss4j.dom.validate.SamlAssertionValidator;
-import org.apache.wss4j.policy.SP12Constants;
->>>>>>> a797797... Fixing tests following WSS4J upgrades + adding some SAML Subject Confirmation Method tests
+import org.apache.ws.security.validate.SamlAssertionValidator;
 import org.junit.Test;
 
 /**

http://git-wip-us.apache.org/repos/asf/cxf/blob/333bda69/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/BearerTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/BearerTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/BearerTest.java
index 1b2c1a8..6870a6f 100644
--- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/BearerTest.java
+++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/bearer/BearerTest.java
@@ -24,28 +24,12 @@ import javax.xml.namespace.QName;
 import javax.xml.ws.BindingProvider;
 import javax.xml.ws.Service;
 
-<<<<<<< HEAD
-import org.w3c.dom.Element;
-
-=======
->>>>>>> a797797... Fixing tests following WSS4J upgrades + adding some SAML Subject Confirmation Method tests
 import org.apache.cxf.Bus;
 import org.apache.cxf.bus.spring.SpringBusFactory;
 import org.apache.cxf.systest.sts.common.SecurityTestUtil;
 import org.apache.cxf.systest.sts.common.TokenTestUtils;
 import org.apache.cxf.systest.sts.deployment.STSServer;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
-<<<<<<< HEAD
-import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.tokenstore.MemoryTokenStore;
-import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-import org.apache.cxf.ws.security.tokenstore.TokenStore;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
-import org.apache.ws.security.saml.ext.SAMLParms;
-
-=======
->>>>>>> a797797... Fixing tests following WSS4J upgrades + adding some SAML Subject Confirmation Method tests
 import org.example.contract.doubleit.DoubleItPortType;
 import org.junit.BeforeClass;
 
@@ -116,60 +100,6 @@ public class BearerTest extends AbstractBusClientServerTestBase {
         bus.shutdown(true);
     }
     
-    @org.junit.Test
-<<<<<<< HEAD
-    public void testSAML2UnsignedBearer() throws Exception {
-
-        SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = BearerTest.class.getResource("cxf-unsigned-client.xml");
-
-        Bus bus = bf.createBus(busFile.toString());
-        SpringBusFactory.setDefaultBus(bus);
-        SpringBusFactory.setThreadDefaultBus(bus);
-
-        URL wsdl = BearerTest.class.getResource("DoubleIt.wsdl");
-        Service service = Service.create(wsdl, SERVICE_QNAME);
-        QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2BearerPort");
-        DoubleItPortType transportSaml2Port = 
-            service.getPort(portQName, DoubleItPortType.class);
-        updateAddressPort(transportSaml2Port, PORT);
-        if (standalone) {
-            TokenTestUtils.updateSTSPort((BindingProvider)transportSaml2Port, STSPORT);
-        }
-        
-        //
-        // Create a SAML2 Bearer Assertion and add it to the TokenStore so that the
-        // IssuedTokenInterceptorProvider does not invoke on the STS
-        //
-        Client client = ClientProxy.getClient(transportSaml2Port);
-        Endpoint ep = client.getEndpoint();
-        String id = "1234";
-        ep.getEndpointInfo().setProperty(TokenStore.class.getName(), new MemoryTokenStore());
-        ep.getEndpointInfo().setProperty(SecurityConstants.TOKEN_ID, id);
-        TokenStore store = (TokenStore)ep.getEndpointInfo().getProperty(TokenStore.class.getName());
-
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(new Saml2CallbackHandler());
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
-        DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
-        dbf.setNamespaceAware(true);
-        DocumentBuilder db = dbf.newDocumentBuilder();
-        Element assertionElement = assertion.toDOM(db.newDocument());
-        
-        SecurityToken tok = new SecurityToken(id);
-        tok.setTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
-        tok.setToken(assertionElement);
-        store.add(tok);
-        
-        doubleIt(transportSaml2Port, 50);
-        
-        ((java.io.Closeable)transportSaml2Port).close();
-        bus.shutdown(true);
-    }
-    
-    @org.junit.Test
-=======
->>>>>>> a797797... Fixing tests following WSS4J upgrades + adding some SAML Subject Confirmation Method tests
     public void testSAML2BearerNoBinding() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();

http://git-wip-us.apache.org/repos/asf/cxf/blob/333bda69/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server.xml b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server.xml
deleted file mode 100644
index 211dd5d..0000000
--- a/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server.xml
+++ /dev/null
@@ -1,127 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
- 
- http://www.apache.org/licenses/LICENSE-2.0
- 
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xsi:schemaLocation="         http://www.springframework.org/schema/beans                     http://www.springframework.org/schema/beans/spring-beans.xsd         http://cxf.apache.org/jaxws                                     http://cxf.apache.org/schemas/jaxws.xsd         http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd         http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd         http://cxf.apache.org/transports/http/configuration             http://cxf.apache.org/schemas/configuration/http-conf.xsd         http://cxf.apa
 che.org/transports/http-jetty/configuration       http://cxf.apache.org/schemas/configuration/http-jetty.xsd         http://cxf.apache.org/configuration/security                    http://cxf.apache.org/schemas/configuration/security.xsd     ">
-    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
-    <cxf:bus>
-        <cxf:features>
-            <p:policies/>
-            <cxf:logging/>
-        </cxf:features>
-    </cxf:bus>
-    
-    <bean id="allowUnsignedBearerAssertions" class="org.apache.wss4j.dom.validate.SamlAssertionValidator">
-        <property name="requireBearerSignature" value="false" />
-    </bean>
-    
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Bearer" address="http://localhost:${testutil.ports.Server}/DoubleItSamlBearer" serviceName="s:DoubleItService" endpointName="s:DoubleItBearerPort" implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.saml1.validator" value-ref="allowUnsignedBearerAssertions"/>
-       </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="TLSSenderVouches" address="https://localhost:${testutil.ports.Server.2}/DoubleItSamlTLSSenderVouches" serviceName="s:DoubleItService" endpointName="s:DoubleItTLSSenderVouchesPort" implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-       </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="TLSHOKSignedEndorsing" address="https://localhost:${testutil.ports.Server.2}/DoubleItSamlTLSHOKSignedEndorsing" serviceName="s:DoubleItService" endpointName="s:DoubleItTLSHOKSignedEndorsingPort" implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="AsymmetricSigned" address="http://localhost:${testutil.ports.Server}/DoubleItSamlAsymmetricSigned" serviceName="s:DoubleItService" endpointName="s:DoubleItAsymmetricSignedPort" implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.encryption.username" value="useReqSigCert"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="AsymmetricInitiator" address="http://localhost:${testutil.ports.Server}/DoubleItSamlAsymmetricInitiator" serviceName="s:DoubleItService" endpointName="s:DoubleItAsymmetricInitiatorPort" implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.encryption.username" value="useReqSigCert"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="AsymmetricSaml2Bearer" address="http://localhost:${testutil.ports.Server}/DoubleItSamlAsymmetricSaml2Bearer" serviceName="s:DoubleItService" endpointName="s:DoubleItAsymmetricSaml2BearerPort" implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.encryption.username" value="useReqSigCert"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.saml2.validator" value-ref="allowUnsignedBearerAssertions"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="TLSSenderVouchesSaml2" address="https://localhost:${testutil.ports.Server.2}/DoubleItSamlTLSSenderVouchesSaml2" serviceName="s:DoubleItService" endpointName="s:DoubleItTLSSenderVouchesSaml2Port" implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-       </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="TLSHOKSignedEndorsingSaml2" address="https://localhost:${testutil.ports.Server.2}/DoubleItSamlTLSHOKSignedEndorsingSaml2" serviceName="s:DoubleItService" endpointName="s:DoubleItTLSHOKSignedEndorsingSaml2Port" implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="SymmetricSV" address="http://localhost:${testutil.ports.Server}/DoubleItSamlSymmetricSV" serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetricSVPort" implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/>
-            <!-- TODO Fix the way these properties are inverted -->
-            <entry key="ws-security.signature.username" value="bob"/>
-            <entry key="ws-security.encryption.properties" value="bob.properties"/>
-            <entry key="ws-security.signature.properties" value="alice.properties"/>
-            <entry key="ws-security.encryption.username" value="alice"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="SymmetricIssuedToken" address="http://localhost:${testutil.ports.Server}/DoubleItSamlSymmetricIssuedToken" serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetricIssuedTokenPort" implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/>
-            <entry key="ws-security.signature.username" value="bob"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <!-- -->
-    <!-- Any services listening on port ${testutil.ports.Server} must use the following -->
-    <!-- Transport Layer Security (TLS) settings -->
-    <!-- -->
-    <httpj:engine-factory id="tls-settings">
-        <httpj:engine port="${testutil.ports.Server.2}">
-            <httpj:tlsServerParameters>
-                <sec:keyManagers keyPassword="password">
-                    <sec:keyStore type="jks" password="password" resource="bob.jks"/>
-                </sec:keyManagers>
-                <sec:trustManagers>
-                    <sec:keyStore type="jks" password="password" resource="cxfca.jks"/>
-                </sec:trustManagers>
-                <sec:cipherSuitesFilter>
-                    <sec:include>.*_EXPORT_.*</sec:include>
-                    <sec:include>.*_EXPORT1024_.*</sec:include>
-                    <sec:include>.*_WITH_DES_.*</sec:include>
-                    <sec:include>.*_WITH_AES_.*</sec:include>
-                    <sec:include>.*_WITH_NULL_.*</sec:include>
-                    <sec:exclude>.*_DH_anon_.*</sec:exclude>
-                </sec:cipherSuitesFilter>
-                <sec:clientAuthentication want="true" required="true"/>
-            </httpj:tlsServerParameters>
-        </httpj:engine>
-    </httpj:engine-factory>
-</beans>

http://git-wip-us.apache.org/repos/asf/cxf/blob/333bda69/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server/server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server/server.xml b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server/server.xml
index 98346a4..d168d95 100644
--- a/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server/server.xml
+++ b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server/server.xml
@@ -42,6 +42,10 @@
             <cxf:logging/>
         </cxf:features>
     </cxf:bus>
+    
+    <bean id="allowUnsignedBearerAssertions" class="org.apache.ws.security.validate.SamlAssertionValidator">
+        <property name="requireBearerSignature" value="false" />
+    </bean>
 
     <jaxws:endpoint 
        id="Bearer"
@@ -52,6 +56,7 @@
        implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl"
        wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl">
        <jaxws:properties>
+           <entry key="ws-security.saml1.validator" value-ref="allowUnsignedBearerAssertions"/>
        </jaxws:properties> 
     </jaxws:endpoint>
     
@@ -131,6 +136,7 @@
            <entry key="ws-security.signature.properties" value="bob.properties"/> 
            <entry key="ws-security.encryption.username" value="useReqSigCert"/>
            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+           <entry key="ws-security.saml2.validator" value-ref="allowUnsignedBearerAssertions"/>
        </jaxws:properties> 
     </jaxws:endpoint>
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/333bda69/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/stax-server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/stax-server.xml b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/stax-server.xml
deleted file mode 100644
index b786741..0000000
--- a/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/stax-server.xml
+++ /dev/null
@@ -1,137 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
- 
- http://www.apache.org/licenses/LICENSE-2.0
- 
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xsi:schemaLocation="         http://www.springframework.org/schema/beans                     http://www.springframework.org/schema/beans/spring-beans.xsd         http://cxf.apache.org/jaxws                                     http://cxf.apache.org/schemas/jaxws.xsd         http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd         http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd         http://cxf.apache.org/transports/http/configuration             http://cxf.apache.org/schemas/configuration/http-conf.xsd         http://cxf.apa
 che.org/transports/http-jetty/configuration       http://cxf.apache.org/schemas/configuration/http-jetty.xsd         http://cxf.apache.org/configuration/security                    http://cxf.apache.org/schemas/configuration/security.xsd     ">
-    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
-    <cxf:bus>
-        <cxf:features>
-            <p:policies/>
-            <cxf:logging/>
-        </cxf:features>
-    </cxf:bus>
-    
-    <bean id="allowUnsignedBearerAssertions" class="org.apache.wss4j.stax.validate.SamlTokenValidatorImpl">
-        <property name="requireBearerSignature" value="false" />
-    </bean>
-    
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Bearer" address="http://localhost:${testutil.ports.StaxServer}/DoubleItSamlBearer" serviceName="s:DoubleItService" endpointName="s:DoubleItBearerPort" implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.enable.streaming" value="true"/>
-            <entry key="ws-security.saml1.validator" value-ref="allowUnsignedBearerAssertions"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="TLSSenderVouches" address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItSamlTLSSenderVouches" serviceName="s:DoubleItService" endpointName="s:DoubleItTLSSenderVouchesPort" implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.enable.streaming" value="true"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="TLSHOKSignedEndorsing" address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItSamlTLSHOKSignedEndorsing" serviceName="s:DoubleItService" endpointName="s:DoubleItTLSHOKSignedEndorsingPort" implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.enable.streaming" value="true"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="AsymmetricSigned" address="http://localhost:${testutil.ports.StaxServer}/DoubleItSamlAsymmetricSigned" serviceName="s:DoubleItService" endpointName="s:DoubleItAsymmetricSignedPort" implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.encryption.username" value="useReqSigCert"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.enable.streaming" value="true"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="AsymmetricInitiator" address="http://localhost:${testutil.ports.StaxServer}/DoubleItSamlAsymmetricInitiator" serviceName="s:DoubleItService" endpointName="s:DoubleItAsymmetricInitiatorPort" implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.encryption.username" value="useReqSigCert"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.enable.streaming" value="true"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="AsymmetricSaml2Bearer" address="http://localhost:${testutil.ports.StaxServer}/DoubleItSamlAsymmetricSaml2Bearer" serviceName="s:DoubleItService" endpointName="s:DoubleItAsymmetricSaml2BearerPort" implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.encryption.username" value="useReqSigCert"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.enable.streaming" value="true"/>
-            <entry key="ws-security.saml2.validator" value-ref="allowUnsignedBearerAssertions"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="TLSSenderVouchesSaml2" address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItSamlTLSSenderVouchesSaml2" serviceName="s:DoubleItService" endpointName="s:DoubleItTLSSenderVouchesSaml2Port" implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.enable.streaming" value="true"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="TLSHOKSignedEndorsingSaml2" address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItSamlTLSHOKSignedEndorsingSaml2" serviceName="s:DoubleItService" endpointName="s:DoubleItTLSHOKSignedEndorsingSaml2Port" implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.enable.streaming" value="true"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="SymmetricSV" address="http://localhost:${testutil.ports.StaxServer}/DoubleItSamlSymmetricSV" serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetricSVPort" implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/>
-            <!-- TODO Fix the way these properties are inverted -->
-            <entry key="ws-security.signature.username" value="bob"/>
-            <entry key="ws-security.encryption.properties" value="bob.properties"/>
-            <entry key="ws-security.signature.properties" value="alice.properties"/>
-            <entry key="ws-security.encryption.username" value="alice"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.enable.streaming" value="true"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="SymmetricIssuedToken" address="http://localhost:${testutil.ports.StaxServer}/DoubleItSamlSymmetricIssuedToken" serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetricIssuedTokenPort" implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/>
-            <entry key="ws-security.signature.username" value="bob"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.enable.streaming" value="true"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <!-- -->
-    <!-- Any services listening on port ${testutil.ports.StaxServer} must use the following -->
-    <!-- Transport Layer Security (TLS) settings -->
-    <!-- -->
-    <httpj:engine-factory id="tls-settings">
-        <httpj:engine port="${testutil.ports.StaxServer.2}">
-            <httpj:tlsServerParameters>
-                <sec:keyManagers keyPassword="password">
-                    <sec:keyStore type="jks" password="password" resource="bob.jks"/>
-                </sec:keyManagers>
-                <sec:trustManagers>
-                    <sec:keyStore type="jks" password="password" resource="cxfca.jks"/>
-                </sec:trustManagers>
-                <sec:cipherSuitesFilter>
-                    <sec:include>.*_EXPORT_.*</sec:include>
-                    <sec:include>.*_EXPORT1024_.*</sec:include>
-                    <sec:include>.*_WITH_DES_.*</sec:include>
-                    <sec:include>.*_WITH_AES_.*</sec:include>
-                    <sec:include>.*_WITH_NULL_.*</sec:include>
-                    <sec:exclude>.*_DH_anon_.*</sec:exclude>
-                </sec:cipherSuitesFilter>
-                <sec:clientAuthentication want="true" required="true"/>
-            </httpj:tlsServerParameters>
-        </httpj:engine>
-    </httpj:engine-factory>
-</beans>

http://git-wip-us.apache.org/repos/asf/cxf/blob/333bda69/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
index 91bd748..e18221b 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
@@ -151,11 +151,6 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase {
                 service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(saml1Port, PORT2);
         
-<<<<<<< HEAD
-=======
-        SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(false, true);
-        samlCallbackHandler.setConfirmationMethod(SAML1Constants.CONF_BEARER);
->>>>>>> a797797... Fixing tests following WSS4J upgrades + adding some SAML Subject Confirmation Method tests
         ((BindingProvider)saml1Port).getRequestContext().put(
             "ws-security.saml-callback-handler", new SamlCallbackHandler(false)
         );
@@ -645,7 +640,7 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase {
                 service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(saml2Port, PORT);
         
-        SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true, true);
+        SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true);
         callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
         ((BindingProvider)saml2Port).getRequestContext().put(
             "ws-security.saml-callback-handler", callbackHandler

http://git-wip-us.apache.org/repos/asf/cxf/blob/333bda69/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java
index 0ecd48c..39b7f26 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java
@@ -50,8 +50,8 @@ public class SamlCallbackHandler implements CallbackHandler {
     private CERT_IDENTIFIER keyInfoIdentifier = CERT_IDENTIFIER.X509_CERT;
     private ConditionsBean conditions;
     private String cryptoAlias = "alice";
-    private String cryptoPassword = "password";
-    private String cryptoPropertiesFile = "alice.properties";
+    private String cryptoPropertiesFile = 
+        "org/apache/cxf/systest/ws/wssec10/client/alice.properties";
     
     public SamlCallbackHandler() {
         //
@@ -116,30 +116,13 @@ public class SamlCallbackHandler implements CallbackHandler {
                 attributeBean.setAttributeValues(Collections.singletonList("system-user"));
                 attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
                 callback.setAttributeStatementData(Collections.singletonList(attrBean));
-<<<<<<< HEAD
-=======
-                
-                try {
-                    Crypto crypto = CryptoFactory.getInstance(cryptoPropertiesFile);
-                    callback.setIssuerCrypto(crypto);
-                    callback.setIssuerKeyName(cryptoAlias);
-                    callback.setIssuerKeyPassword(cryptoPassword);
-                    callback.setSignAssertion(signAssertion);
-                } catch (WSSecurityException e) {
-                    throw new IOException(e);
-                }
->>>>>>> a797797... Fixing tests following WSS4J upgrades + adding some SAML Subject Confirmation Method tests
             }
         }
     }
     
     protected KeyInfoBean createKeyInfo() throws Exception {
         Crypto crypto = 
-<<<<<<< HEAD
-            CryptoFactory.getInstance("org/apache/cxf/systest/ws/wssec10/client/alice.properties");
-=======
             CryptoFactory.getInstance(cryptoPropertiesFile);
->>>>>>> a797797... Fixing tests following WSS4J upgrades + adding some SAML Subject Confirmation Method tests
         CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
         cryptoType.setAlias(cryptoAlias);
         X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
@@ -171,14 +154,6 @@ public class SamlCallbackHandler implements CallbackHandler {
         this.cryptoAlias = cryptoAlias;
     }
 
-    public String getCryptoPassword() {
-        return cryptoPassword;
-    }
-
-    public void setCryptoPassword(String cryptoPassword) {
-        this.cryptoPassword = cryptoPassword;
-    }
-
     public String getCryptoPropertiesFile() {
         return cryptoPropertiesFile;
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/333bda69/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/subjectconf/SamlSubjectConfTest.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/subjectconf/SamlSubjectConfTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/subjectconf/SamlSubjectConfTest.java
index 591345d..a41087a 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/subjectconf/SamlSubjectConfTest.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/subjectconf/SamlSubjectConfTest.java
@@ -20,8 +20,6 @@
 package org.apache.cxf.systest.ws.saml.subjectconf;
 
 import java.net.URL;
-import java.util.Arrays;
-import java.util.Collection;
 
 import javax.xml.namespace.QName;
 import javax.xml.ws.BindingProvider;
@@ -30,33 +28,22 @@ import javax.xml.ws.Service;
 import org.apache.cxf.Bus;
 import org.apache.cxf.bus.spring.SpringBusFactory;
 import org.apache.cxf.systest.ws.common.SecurityTestUtil;
-import org.apache.cxf.systest.ws.common.TestParam;
 import org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
-import org.apache.wss4j.common.saml.builder.SAML2Constants;
+import org.apache.ws.security.saml.ext.builder.SAML2Constants;
 import org.example.contract.doubleit.DoubleItPortType;
 import org.junit.BeforeClass;
-import org.junit.runner.RunWith;
-import org.junit.runners.Parameterized.Parameters;
 
 /**
  * A set of tests for the validation rules associated with various Subject Confirmation
  * methods. 
  */
-@RunWith(value = org.junit.runners.Parameterized.class)
 public class SamlSubjectConfTest extends AbstractBusClientServerTestBase {
     static final String PORT = allocatePort(Server.class);
-    static final String STAX_PORT = allocatePort(StaxServer.class);
     
     private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
     private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
     
-    final TestParam test;
-    
-    public SamlSubjectConfTest(TestParam type) {
-        this.test = type;
-    }
-
     @BeforeClass
     public static void startServers() throws Exception {
         assertTrue(
@@ -65,20 +52,6 @@ public class SamlSubjectConfTest extends AbstractBusClientServerTestBase {
             // set this to false to fork
             launchServer(Server.class, true)
         );
-        assertTrue(
-                   "Server failed to launch",
-                   // run the server in the same process
-                   // set this to false to fork
-                   launchServer(StaxServer.class, true)
-        );
-    }
-    
-    @Parameters(name = "{0}")
-    public static Collection<TestParam[]> data() {
-       
-        return Arrays.asList(new TestParam[][] {{new TestParam(PORT, false)},
-                                                {new TestParam(STAX_PORT, false)},
-        });
     }
     
     @org.junit.AfterClass
@@ -106,33 +79,34 @@ public class SamlSubjectConfTest extends AbstractBusClientServerTestBase {
         QName portQName = new QName(NAMESPACE, "DoubleItSaml2TransportPort");
         DoubleItPortType port = 
                 service.getPort(portQName, DoubleItPortType.class);
-        updateAddressPort(port, test.getPort());
+        updateAddressPort(port, PORT);
         
         // Successful call
-        SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true, true);
+        SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true);
         callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
         
         callbackHandler.setCryptoAlias("morpit");
-        callbackHandler.setCryptoPassword("password");
         callbackHandler.setCryptoPropertiesFile("morpit.properties");
-        
         ((BindingProvider)port).getRequestContext().put(
             "ws-security.saml-callback-handler", callbackHandler
         );
+        
+        ((BindingProvider)port).getRequestContext().put(
+            "ws-security.self-sign-saml-assertion", "true");
+        ((BindingProvider)port).getRequestContext().put(
+            "ws-security.callback-handler", 
+            "org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback");
+        ((BindingProvider)port).getRequestContext().put("ws-security.signature.username", "morpit");
+        ((BindingProvider)port).getRequestContext().put(
+            "ws-security.signature.properties", "morpit.properties");
+     
         int result = port.doubleIt(25);
         assertTrue(result == 50);
         
         // Don't sign the Assertion
-        callbackHandler = new SamlCallbackHandler(true, false);
-        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
-        
-        callbackHandler.setCryptoAlias("morpit");
-        callbackHandler.setCryptoPassword("password");
-        callbackHandler.setCryptoPropertiesFile("morpit.properties");
-        
         ((BindingProvider)port).getRequestContext().put(
-            "ws-security.saml-callback-handler", callbackHandler
-        );
+            "ws-security.self-sign-saml-assertion", "false");
+
         try {
             port.doubleIt(25);
             fail("Failure expected on a unsigned assertion");
@@ -160,14 +134,23 @@ public class SamlSubjectConfTest extends AbstractBusClientServerTestBase {
         QName portQName = new QName(NAMESPACE, "DoubleItSaml2TransportPort");
         DoubleItPortType port = 
                 service.getPort(portQName, DoubleItPortType.class);
-        updateAddressPort(port, test.getPort());
+        updateAddressPort(port, PORT);
         
-        SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true, true);
+        SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true);
         callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
         ((BindingProvider)port).getRequestContext().put(
             "ws-security.saml-callback-handler", callbackHandler
         );
         
+        ((BindingProvider)port).getRequestContext().put(
+            "ws-security.self-sign-saml-assertion", "true");
+        ((BindingProvider)port).getRequestContext().put(
+            "ws-security.callback-handler", 
+            "org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback");
+        ((BindingProvider)port).getRequestContext().put("ws-security.signature.username", "alice");
+        ((BindingProvider)port).getRequestContext().put(
+            "ws-security.signature.properties", "alice.properties");
+
         try {
             port.doubleIt(25);
             fail("Failure expected on a non matching cert (SAML -> TLS)");
@@ -194,26 +177,35 @@ public class SamlSubjectConfTest extends AbstractBusClientServerTestBase {
         QName portQName = new QName(NAMESPACE, "DoubleItSaml2TransportPort");
         DoubleItPortType port = 
                 service.getPort(portQName, DoubleItPortType.class);
-        updateAddressPort(port, test.getPort());
+        updateAddressPort(port, PORT);
         
         // Successful call
-        SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true, true);
+        SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true);
         callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
         
         callbackHandler.setCryptoAlias("morpit");
-        callbackHandler.setCryptoPassword("password");
         callbackHandler.setCryptoPropertiesFile("morpit.properties");
         
         ((BindingProvider)port).getRequestContext().put(
             "ws-security.saml-callback-handler", callbackHandler
         );
+        
+        ((BindingProvider)port).getRequestContext().put(
+            "ws-security.self-sign-saml-assertion", "true");
+        ((BindingProvider)port).getRequestContext().put(
+            "ws-security.callback-handler", 
+            "org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback");
+        ((BindingProvider)port).getRequestContext().put("ws-security.signature.username", "morpit");
+        ((BindingProvider)port).getRequestContext().put(
+            "ws-security.signature.properties", "morpit.properties");
+
         try {
             port.doubleIt(25);
             fail("Failure expected on no client auth");
         } catch (javax.xml.ws.soap.SOAPFaultException ex) {
             // expected
         }
-        
+
         ((java.io.Closeable)port).close();
         bus.shutdown(true);
     }
@@ -237,10 +229,10 @@ public class SamlSubjectConfTest extends AbstractBusClientServerTestBase {
         QName portQName = new QName(NAMESPACE, "DoubleItSaml2TransportPort");
         DoubleItPortType port = 
                 service.getPort(portQName, DoubleItPortType.class);
-        updateAddressPort(port, test.getPort());
+        updateAddressPort(port, PORT);
         
         // Successful call
-        SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true, false);
+        SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true);
         callbackHandler.setConfirmationMethod(SAML2Constants.CONF_SENDER_VOUCHES);
         
         ((BindingProvider)port).getRequestContext().put(
@@ -268,10 +260,10 @@ public class SamlSubjectConfTest extends AbstractBusClientServerTestBase {
         QName portQName = new QName(NAMESPACE, "DoubleItSaml2TransportPort");
         DoubleItPortType port = 
                 service.getPort(portQName, DoubleItPortType.class);
-        updateAddressPort(port, test.getPort());
+        updateAddressPort(port, PORT);
         
         // Successful call
-        SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true, false);
+        SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true);
         callbackHandler.setConfirmationMethod(SAML2Constants.CONF_SENDER_VOUCHES);
         
         ((BindingProvider)port).getRequestContext().put(
@@ -307,19 +299,28 @@ public class SamlSubjectConfTest extends AbstractBusClientServerTestBase {
         QName portQName = new QName(NAMESPACE, "DoubleItSaml2TransportPort");
         DoubleItPortType port = 
                 service.getPort(portQName, DoubleItPortType.class);
-        updateAddressPort(port, test.getPort());
+        updateAddressPort(port, PORT);
         
         // Successful call
-        SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true, true);
+        SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true);
         callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
         
         callbackHandler.setCryptoAlias("morpit");
-        callbackHandler.setCryptoPassword("password");
         callbackHandler.setCryptoPropertiesFile("morpit.properties");
         
         ((BindingProvider)port).getRequestContext().put(
             "ws-security.saml-callback-handler", callbackHandler
         );
+        
+        ((BindingProvider)port).getRequestContext().put(
+            "ws-security.self-sign-saml-assertion", "true");
+        ((BindingProvider)port).getRequestContext().put(
+            "ws-security.callback-handler", 
+            "org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback");
+        ((BindingProvider)port).getRequestContext().put("ws-security.signature.username", "morpit");
+        ((BindingProvider)port).getRequestContext().put(
+            "ws-security.signature.properties", "morpit.properties");
+                                                    
         int result = port.doubleIt(25);
         assertTrue(result == 50);
 
@@ -342,10 +343,10 @@ public class SamlSubjectConfTest extends AbstractBusClientServerTestBase {
         QName portQName = new QName(NAMESPACE, "DoubleItSaml2TransportPort");
         DoubleItPortType port = 
                 service.getPort(portQName, DoubleItPortType.class);
-        updateAddressPort(port, test.getPort());
+        updateAddressPort(port, PORT);
         
         // Successful call
-        SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true, false);
+        SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true);
         callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
         
         ((BindingProvider)port).getRequestContext().put(
@@ -378,10 +379,10 @@ public class SamlSubjectConfTest extends AbstractBusClientServerTestBase {
         QName portQName = new QName(NAMESPACE, "DoubleItSaml2TransportPort");
         DoubleItPortType port = 
                 service.getPort(portQName, DoubleItPortType.class);
-        updateAddressPort(port, test.getPort());
+        updateAddressPort(port, PORT);
         
         // Successful call
-        SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true, false);
+        SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true);
         callbackHandler.setConfirmationMethod("urn:oasis:names:tc:SAML:2.0:cm:custom");
         
         ((BindingProvider)port).getRequestContext().put(
@@ -398,7 +399,5 @@ public class SamlSubjectConfTest extends AbstractBusClientServerTestBase {
         ((java.io.Closeable)port).close();
         bus.shutdown(true);
     }
-    
-    
    
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/333bda69/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/subjectconf/StaxServer.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/subjectconf/StaxServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/subjectconf/StaxServer.java
deleted file mode 100644
index 4a2ea83..0000000
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/subjectconf/StaxServer.java
+++ /dev/null
@@ -1,47 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.ws.saml.subjectconf;
-
-import java.net.URL;
-
-import org.apache.cxf.Bus;
-import org.apache.cxf.BusFactory;
-import org.apache.cxf.bus.spring.SpringBusFactory;
-import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
-
-public class StaxServer extends AbstractBusTestServerBase {
-
-    public StaxServer() {
-
-    }
-
-    protected void run()  {
-        URL busFile = StaxServer.class.getResource("stax-server.xml");
-        Bus busLocal = new SpringBusFactory().createBus(busFile);
-        BusFactory.setDefaultBus(busLocal);
-        setBus(busLocal);
-
-        try {
-            new StaxServer();
-        } catch (Exception e) {
-            e.printStackTrace();
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/333bda69/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/client/KeystorePasswordCallback.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/client/KeystorePasswordCallback.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/client/KeystorePasswordCallback.java
index 5ae255b..47496bd 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/client/KeystorePasswordCallback.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/client/KeystorePasswordCallback.java
@@ -46,6 +46,8 @@ public class KeystorePasswordCallback implements CallbackHandler {
                 pc.setPassword("password");
             } else if ("bob".equals(pc.getIdentifier())) {
                 pc.setPassword("password");
+            } else if ("morpit".equals(pc.getIdentifier())) {
+                pc.setPassword("password");
             } else {
                 pc.setPassword("abcd!1234");
             }

http://git-wip-us.apache.org/repos/asf/cxf/blob/333bda69/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/server.xml
index 04aa2a3..a3e49dc 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/server.xml
@@ -156,6 +156,19 @@
      
     </jaxws:endpoint> 
     
+    <bean id="allowUnsignedBearerAssertions" class="org.apache.ws.security.validate.SamlAssertionValidator">
+        <property name="requireBearerSignature" value="false" />
+    </bean>
+    
+    <bean id="saml2QName" class="javax.xml.namespace.QName">
+        <constructor-arg index="0" value="urn:oasis:names:tc:SAML:2.0:assertion"/>
+        <constructor-arg index="1" value="Assertion"/>
+    </bean>
+    
+    <util:map id="validators">
+        <entry key-ref="saml2QName" value-ref="allowUnsignedBearerAssertions"/>
+    </util:map>
+
     <jaxws:endpoint 
        id="SamlToken"
        address="http://localhost:${testutil.ports.Server}/DoubleItSamlToken" 
@@ -169,6 +182,7 @@
                <constructor-arg>
                    <map>
                         <entry key="action" value="SAMLTokenUnsigned"/> 
+                        <entry key="wss4j.validator.map" value-ref="validators"/> 
                    </map>
                </constructor-arg>
            </bean>

http://git-wip-us.apache.org/repos/asf/cxf/blob/333bda69/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml
index 2f7af13..3057c4b 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml
@@ -212,6 +212,7 @@
            <entry key="ws-security.signature.properties" 
                   value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/>
            <entry key="ws-security.signature.username" value="alice"/> 
+           <entry key="ws-security.self-sign-saml-assertion" value="true"/>
        </jaxws:properties>
     </jaxws:client> 
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/333bda69/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/subjectconf/stax-server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/subjectconf/stax-server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/subjectconf/stax-server.xml
deleted file mode 100644
index 7a922f3..0000000
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/subjectconf/stax-server.xml
+++ /dev/null
@@ -1,61 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
- 
- http://www.apache.org/licenses/LICENSE-2.0
- 
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xsi:schemaLocation="         http://www.springframework.org/schema/beans                     http://www.springframework.org/schema/beans/spring-beans.xsd         http://cxf.apache.org/jaxws                                     http://cxf.apache.org/schemas/jaxws.xsd         http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd         http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd         http://cxf.apache.org/transports/http/configuration             http://cxf.apache.org/sc
 hemas/configuration/http-conf.xsd         http://cxf.apache.org/transports/http-jetty/configuration       http://cxf.apache.org/schemas/configuration/http-jetty.xsd         http://cxf.apache.org/configuration/security      http://cxf.apache.org/schemas/configuration/security.xsd  http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd   ">
-    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
-    <cxf:bus>
-        <cxf:features>
-            <p:policies/>
-            <cxf:logging/>
-        </cxf:features>
-    </cxf:bus>
-    <!-- -->
-    <!-- Any services listening on port 9009 must use the following -->
-    <!-- Transport Layer Security (TLS) settings -->
-    <!-- -->
-    <httpj:engine-factory id="tls-settings">
-        <httpj:engine port="${testutil.ports.StaxServer}">
-            <httpj:tlsServerParameters>
-                <sec:keyManagers keyPassword="password">
-                    <sec:keyStore type="jks" password="password" resource="org/apache/cxf/systest/ws/security/Bethal.jks"/>
-                </sec:keyManagers>
-                <sec:trustManagers>
-                    <sec:keyStore type="jks" password="password" resource="org/apache/cxf/systest/ws/security/Truststore.jks"/>
-                </sec:trustManagers>
-                <sec:cipherSuitesFilter>
-                    <sec:include>.*_EXPORT_.*</sec:include>
-                    <sec:include>.*_EXPORT1024_.*</sec:include>
-                    <sec:include>.*_WITH_DES_.*</sec:include>
-                    <sec:include>.*_WITH_AES_.*</sec:include>
-                    <sec:include>.*_WITH_NULL_.*</sec:include>
-                    <sec:exclude>.*_DH_anon_.*</sec:exclude>
-                </sec:cipherSuitesFilter>
-                <sec:clientAuthentication want="true" required="false"/>
-            </httpj:tlsServerParameters>
-        </httpj:engine>
-    </httpj:engine-factory>
-    
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverTransport" address="https://localhost:${testutil.ports.StaxServer}/DoubleItSaml2Transport" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2TransportPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/subjectconf//DoubleItSamlSubjectConf.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.signature.properties" value="morpit.properties"/>
-            <entry key="ws-security.enable.streaming" value="true"/>
-       </jaxws:properties>
-    </jaxws:endpoint>
-    
-</beans>


Mime
View raw message