Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@cxf.apache.org
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: coheigea@apache.org
To: commits@cxf.apache.org
Date: Thu, 25 Sep 2014 20:22:16 -0000
Message-Id: <2b2fc65766a845c19300ff2b3f30ea30@git.apache.org>
In-Reply-To: <79b2bc31b39c41a79e3f317227cbcc36@git.apache.org>
References: <79b2bc31b39c41a79e3f317227cbcc36@git.apache.org>
Subject: [3/3] git commit: Fixes to last commit

Fixes to last commit


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/503bc977
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/503bc977
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/503bc977

Branch: refs/heads/2.7.x-fixes
Commit: 503bc977ab096051056bf3d5d485360fb6dafbcc
Parents: a0dc474
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Sep 25 21:19:52 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Sep 25 21:19:52 2014 +0100

----------------------------------------------------------------------
 .../ws/security/wss4j/WSS4JInInterceptor.java   |  76 +----
 .../wss4j/saml/CustomSamlValidator.java         |  20 +-
 .../ws/security/wss4j/saml/SamlTokenTest.java   |  63 +----
 .../src/test/resources/saml_bearer.properties   |   6 +
 .../systest/ws/saml/CustomSaml2Validator.java   |  59 ----
 .../cxf/systest/ws/saml/SamlTokenTest.java      |  32 +--
 .../ws/saml/client/SamlRoleCallbackHandler.java |  19 +-
 .../ws/saml/server/CustomSaml2Validator.java    |  10 +-
 .../org/apache/cxf/systest/ws/saml/server.xml   | 279 -------------------
 .../cxf/systest/ws/saml/server/server.xml       |   6 +-
 10 files changed, 47 insertions(+), 523 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/503bc977/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
index a5c9964..ada29bc 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
@@ -20,13 +20,8 @@ package org.apache.cxf.ws.security.wss4j;
 
 import java.io.IOException;
 import java.security.Principal;
-<<<<<<< HEAD
-=======
-import java.security.Provider;
 import java.security.PublicKey;
-import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
->>>>>>> 3e21a02... Some changes to how the security context is populated
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashMap;
@@ -77,10 +72,7 @@ import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.policy.interceptors.NegotiationUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
-<<<<<<< HEAD
-import org.apache.ws.security.CustomTokenPrincipal;
 import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSDerivedKeyTokenPrincipal;
 import org.apache.ws.security.WSPasswordCallback;
 import org.apache.ws.security.WSSConfig;
 import org.apache.ws.security.WSSecurityEngine;
@@ -91,31 +83,12 @@ import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.handler.RequestData;
 import org.apache.ws.security.handler.WSHandlerConstants;
 import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.message.token.KerberosSecurity;
 import org.apache.ws.security.message.token.SecurityTokenReference;
 import org.apache.ws.security.processor.Processor;
 import org.apache.ws.security.util.WSSecurityUtil;
 import org.apache.ws.security.validate.NoOpValidator;
 import org.apache.ws.security.validate.Validator;
-=======
-import org.apache.wss4j.common.cache.ReplayCache;
-import org.apache.wss4j.common.crypto.Crypto;
-import org.apache.wss4j.common.crypto.ThreadLocalSecurityProvider;
-import org.apache.wss4j.common.ext.WSPasswordCallback;
-import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.apache.wss4j.dom.WSConstants;
-import org.apache.wss4j.dom.WSSConfig;
-import org.apache.wss4j.dom.WSSecurityEngine;
-import org.apache.wss4j.dom.WSSecurityEngineResult;
-import org.apache.wss4j.dom.handler.RequestData;
-import org.apache.wss4j.dom.handler.WSHandlerConstants;
-import org.apache.wss4j.dom.handler.WSHandlerResult;
-import org.apache.wss4j.dom.message.token.KerberosSecurity;
-import org.apache.wss4j.dom.processor.Processor;
-import org.apache.wss4j.dom.util.WSSecurityUtil;
-import org.apache.wss4j.dom.validate.NoOpValidator;
-import org.apache.wss4j.dom.validate.Validator;
->>>>>>> 3e21a02... Some changes to how the security context is populated
 
 /**
  * Performs WS-Security inbound actions.
@@ -582,31 +555,6 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
                     msg.put(SecurityContext.class, context);
                     break;
                 }
-<<<<<<< HEAD
-                Object receivedAssertion = null;
-                if (o.get(WSSecurityEngineResult.TAG_DELEGATION_CREDENTIAL) != null) {
-                    msg.put(SecurityConstants.DELEGATED_CREDENTIAL, 
-                            o.get(WSSecurityEngineResult.TAG_DELEGATION_CREDENTIAL));
-                }
-                
-                List<String> roles = null;
-                if (o.get(WSSecurityEngineResult.TAG_SAML_ASSERTION) != null) {
-                    String roleAttributeName = (String)msg.getContextualProperty(
-                            SecurityConstants.SAML_ROLE_ATTRIBUTENAME);
-                    if (roleAttributeName == null || roleAttributeName.length() == 0) {
-                        roleAttributeName = SAML_ROLE_ATTRIBUTENAME_DEFAULT;
-                    }
-                    receivedAssertion = o.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
-                    roles = SAMLUtils.parseRolesInAssertion(receivedAssertion, roleAttributeName);
-                    SAMLSecurityContext context = createSecurityContext(p, roles);
-                    context.setIssuer(SAMLUtils.getIssuer(receivedAssertion));
-                    context.setAssertionElement(SAMLUtils.getAssertionElement(receivedAssertion));
-                    msg.put(SecurityContext.class, context);
-                } else {
-                    msg.put(SecurityContext.class, createSecurityContext(p));
-                }
-                break;
-=======
             }
         }
     }
@@ -615,7 +563,7 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
         SoapMessage msg, Subject subject, Principal p, boolean useJAASSubject,
         WSSecurityEngineResult wsResult, boolean utWithCallbacks
     ) {
-        if (subject != null && !(p instanceof KerberosPrincipal) && useJAASSubject) {
+        if ((subject != null) && !(p instanceof KerberosPrincipal) && useJAASSubject) {
             String roleClassifier = 
                 (String)msg.getContextualProperty(SecurityConstants.SUBJECT_ROLE_CLASSIFIER);
             if (roleClassifier != null && !"".equals(roleClassifier)) {
@@ -633,35 +581,27 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
             if (!utWithCallbacks) {
                 WSS4JTokenConverter.convertToken(msg, p);
             }
-            Object receivedAssertion = wsResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
-            if (receivedAssertion == null) {
-                receivedAssertion = wsResult.get(WSSecurityEngineResult.TAG_TRANSFORMED_TOKEN);
-            }
+            Object receivedAssertion = null;
             if (wsResult.get(WSSecurityEngineResult.TAG_DELEGATION_CREDENTIAL) != null) {
                 msg.put(SecurityConstants.DELEGATED_CREDENTIAL, 
                         wsResult.get(WSSecurityEngineResult.TAG_DELEGATION_CREDENTIAL));
             }
             
-            if (receivedAssertion instanceof SamlAssertionWrapper) {
+            List<String> roles = null;
+            if (wsResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION) != null) {
                 String roleAttributeName = (String)msg.getContextualProperty(
                         SecurityConstants.SAML_ROLE_ATTRIBUTENAME);
                 if (roleAttributeName == null || roleAttributeName.length() == 0) {
                     roleAttributeName = SAML_ROLE_ATTRIBUTENAME_DEFAULT;
                 }
-                
-                ClaimCollection claims = 
-                    SAMLUtils.getClaims((SamlAssertionWrapper)receivedAssertion);
-                Set<Principal> roles = 
-                    SAMLUtils.parseRolesFromClaims(claims, roleAttributeName, null);
-                
-                SAMLSecurityContext context = 
-                    new SAMLSecurityContext(p, roles, claims);
+                receivedAssertion = wsResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+                roles = SAMLUtils.parseRolesInAssertion(receivedAssertion, roleAttributeName);
+                SAMLSecurityContext context = createSecurityContext(p, roles);
                 context.setIssuer(SAMLUtils.getIssuer(receivedAssertion));
                 context.setAssertionElement(SAMLUtils.getAssertionElement(receivedAssertion));
                 return context;
             } else {
                 return createSecurityContext(p);
->>>>>>> 3e21a02... Some changes to how the security context is populated
             }
         }
         

http://git-wip-us.apache.org/repos/asf/cxf/blob/503bc977/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/CustomSamlValidator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/CustomSamlValidator.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/CustomSamlValidator.java
index 676797c..590febd 100644
--- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/CustomSamlValidator.java
+++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/CustomSamlValidator.java
@@ -19,23 +19,14 @@
 
 package org.apache.cxf.ws.security.wss4j.saml;
 
-<<<<<<< HEAD
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.handler.RequestData;
 import org.apache.ws.security.saml.ext.AssertionWrapper;
 import org.apache.ws.security.saml.ext.OpenSAMLUtil;
+import org.apache.ws.security.saml.ext.builder.SAML1Constants;
+import org.apache.ws.security.saml.ext.builder.SAML2Constants;
 import org.apache.ws.security.validate.Credential;
 import org.apache.ws.security.validate.SamlAssertionValidator;
-=======
-import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.saml.OpenSAMLUtil;
-import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.apache.wss4j.common.saml.builder.SAML1Constants;
-import org.apache.wss4j.common.saml.builder.SAML2Constants;
-import org.apache.wss4j.dom.handler.RequestData;
-import org.apache.wss4j.dom.validate.Credential;
-import org.apache.wss4j.dom.validate.SamlAssertionValidator;
->>>>>>> 3e21a02... Some changes to how the security context is populated
 
 /**
  * A trivial custom Validator for a SAML Assertion. It makes sure that the issuer is 
@@ -83,16 +74,11 @@ public class CustomSamlValidator extends SamlAssertionValidator {
             throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
         }
         if (requireSenderVouches && !OpenSAMLUtil.isMethodSenderVouches(confirmationMethod)) {
-<<<<<<< HEAD
             throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
-        } else if (!requireSenderVouches 
-=======
-            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
         } else if (requireBearer && !(SAML2Constants.CONF_BEARER.equals(confirmationMethod)
             || SAML1Constants.CONF_BEARER.equals(confirmationMethod))) {
-            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
+            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
         } else if (!requireBearer && !requireSenderVouches 
->>>>>>> 3e21a02... Some changes to how the security context is populated
             && !OpenSAMLUtil.isMethodHolderOfKey(confirmationMethod)) {
             throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/503bc977/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/SamlTokenTest.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/SamlTokenTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/SamlTokenTest.java
index cee8ddf..aca3e98 100644
--- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/SamlTokenTest.java
+++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/SamlTokenTest.java
@@ -388,18 +388,9 @@ public class SamlTokenTest extends AbstractSecurityTest {
     public void testSaml2TokenWithRoles() throws Exception {
         Map<String, Object> outProperties = new HashMap<String, Object>();
         outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_UNSIGNED);
-<<<<<<< HEAD
-        outProperties.put(WSHandlerConstants.SAML_PROP_FILE, "saml_sv.properties");
-        
-=======
-        outProperties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
-        outProperties.put(WSHandlerConstants.USER, "alice");
-        outProperties.put("password", "password");
-        outProperties.put(WSHandlerConstants.SIG_PROP_FILE, "alice.properties");
->>>>>>> 3e21a02... Some changes to how the security context is populated
+        outProperties.put(WSHandlerConstants.SAML_PROP_FILE, "saml_bearer.properties");
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
         callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
-        callbackHandler.setSignAssertion(true);
         callbackHandler.setStatement(Statement.ATTR);
         callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
         
@@ -411,7 +402,7 @@ public class SamlTokenTest extends AbstractSecurityTest {
         inProperties.put(
             WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_SIGNED 
         );
-        inProperties.put(WSHandlerConstants.SIG_VER_PROP_FILE, "insecurity.properties");
+        inProperties.put(WSHandlerConstants.SIG_PROP_FILE, "insecurity.properties");
         final Map<QName, Object> customMap = new HashMap<QName, Object>();
         CustomSamlValidator validator = new CustomSamlValidator();
         validator.setRequireSAML1Assertion(false);
@@ -438,15 +429,9 @@ public class SamlTokenTest extends AbstractSecurityTest {
         assertTrue(sc.isUserInRole("admin"));
         
         WSSecurityEngineResult actionResult =
-<<<<<<< HEAD
-            WSSecurityUtil.fetchActionResult(handlerResults.get(0).getResults(), WSConstants.ST_UNSIGNED);
+            WSSecurityUtil.fetchActionResult(handlerResults.get(0).getResults(), WSConstants.ST_SIGNED);
         AssertionWrapper receivedAssertion = 
             (AssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
-=======
-            WSSecurityUtil.fetchActionResult(handlerResults.get(0).getResults(), WSConstants.ST_SIGNED);
-        SamlAssertionWrapper receivedAssertion = 
-            (SamlAssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
->>>>>>> 3e21a02... Some changes to how the security context is populated
         assertTrue(receivedAssertion != null && receivedAssertion.getSaml2() != null);
         assertTrue(receivedAssertion.isSigned());
     }
@@ -459,18 +444,9 @@ public class SamlTokenTest extends AbstractSecurityTest {
     public void testSaml2TokenWithRolesSingleValue() throws Exception {
         Map<String, Object> outProperties = new HashMap<String, Object>();
         outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_UNSIGNED);
-<<<<<<< HEAD
-        outProperties.put(WSHandlerConstants.SAML_PROP_FILE, "saml_sv.properties");
-        
-=======
-        outProperties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
-        outProperties.put(WSHandlerConstants.USER, "alice");
-        outProperties.put("password", "password");
-        outProperties.put(WSHandlerConstants.SIG_PROP_FILE, "alice.properties");
->>>>>>> 3e21a02... Some changes to how the security context is populated
+        outProperties.put(WSHandlerConstants.SAML_PROP_FILE, "saml_bearer.properties");
         SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler(false);
         callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
-        callbackHandler.setSignAssertion(true);
         callbackHandler.setStatement(Statement.ATTR);
         callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
         
@@ -482,7 +458,7 @@ public class SamlTokenTest extends AbstractSecurityTest {
         inProperties.put(
             WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_SIGNED 
         );
-        inProperties.put(WSHandlerConstants.SIG_VER_PROP_FILE, "insecurity.properties");
+        inProperties.put(WSHandlerConstants.SIG_PROP_FILE, "insecurity.properties");
         final Map<QName, Object> customMap = new HashMap<QName, Object>();
         CustomSamlValidator validator = new CustomSamlValidator();
         validator.setRequireSAML1Assertion(false);
@@ -509,15 +485,9 @@ public class SamlTokenTest extends AbstractSecurityTest {
         assertTrue(sc.isUserInRole("admin"));
         
         WSSecurityEngineResult actionResult =
-<<<<<<< HEAD
-            WSSecurityUtil.fetchActionResult(handlerResults.get(0).getResults(), WSConstants.ST_UNSIGNED);
+            WSSecurityUtil.fetchActionResult(handlerResults.get(0).getResults(), WSConstants.ST_SIGNED);
         AssertionWrapper receivedAssertion = 
             (AssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
-=======
-            WSSecurityUtil.fetchActionResult(handlerResults.get(0).getResults(), WSConstants.ST_SIGNED);
-        SamlAssertionWrapper receivedAssertion = 
-            (SamlAssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
->>>>>>> 3e21a02... Some changes to how the security context is populated
         assertTrue(receivedAssertion != null && receivedAssertion.getSaml2() != null);
         assertTrue(receivedAssertion.isSigned());
     }
@@ -530,18 +500,9 @@ public class SamlTokenTest extends AbstractSecurityTest {
     public void testSaml1TokenWithRoles() throws Exception {
         Map<String, Object> outProperties = new HashMap<String, Object>();
         outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_UNSIGNED);
-<<<<<<< HEAD
-        outProperties.put(WSHandlerConstants.SAML_PROP_FILE, "saml_sv.properties");
-        
-=======
-        outProperties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
-        outProperties.put(WSHandlerConstants.USER, "alice");
-        outProperties.put("password", "password");
-        outProperties.put(WSHandlerConstants.SIG_PROP_FILE, "alice.properties");
->>>>>>> 3e21a02... Some changes to how the security context is populated
+        outProperties.put(WSHandlerConstants.SAML_PROP_FILE, "saml_bearer.properties");
         SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
         callbackHandler.setConfirmationMethod(SAML1Constants.CONF_HOLDER_KEY);
-        callbackHandler.setSignAssertion(true);
         callbackHandler.setStatement(Statement.ATTR);
         callbackHandler.setConfirmationMethod(SAML1Constants.CONF_BEARER);
         
@@ -553,7 +514,7 @@ public class SamlTokenTest extends AbstractSecurityTest {
         inProperties.put(
             WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_SIGNED 
         );
-        inProperties.put(WSHandlerConstants.SIG_VER_PROP_FILE, "insecurity.properties");
+        inProperties.put(WSHandlerConstants.SIG_PROP_FILE, "insecurity.properties");
         final Map<QName, Object> customMap = new HashMap<QName, Object>();
         CustomSamlValidator validator = new CustomSamlValidator();
         validator.setRequireSAML1Assertion(true);
@@ -580,15 +541,9 @@ public class SamlTokenTest extends AbstractSecurityTest {
         assertTrue(sc.isUserInRole("admin"));
         
         WSSecurityEngineResult actionResult =
-<<<<<<< HEAD
-            WSSecurityUtil.fetchActionResult(handlerResults.get(0).getResults(), WSConstants.ST_UNSIGNED);
+            WSSecurityUtil.fetchActionResult(handlerResults.get(0).getResults(), WSConstants.ST_SIGNED);
         AssertionWrapper receivedAssertion = 
             (AssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
-=======
-            WSSecurityUtil.fetchActionResult(handlerResults.get(0).getResults(), WSConstants.ST_SIGNED);
-        SamlAssertionWrapper receivedAssertion = 
-            (SamlAssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
->>>>>>> 3e21a02... Some changes to how the security context is populated
         assertTrue(receivedAssertion != null && receivedAssertion.getSaml1() != null);
         assertTrue(receivedAssertion.isSigned());
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/503bc977/rt/ws/security/src/test/resources/saml_bearer.properties
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/test/resources/saml_bearer.properties b/rt/ws/security/src/test/resources/saml_bearer.properties
new file mode 100644
index 0000000..72b1824
--- /dev/null
+++ b/rt/ws/security/src/test/resources/saml_bearer.properties
@@ -0,0 +1,6 @@
+org.apache.ws.security.saml.issuerClass=org.apache.ws.security.saml.SAMLIssuerImpl
+org.apache.ws.security.saml.issuer=www.example.com
+org.apache.ws.security.saml.issuer.cryptoProp.file=outsecurity.properties
+org.apache.ws.security.saml.issuer.key.name=myalias
+org.apache.ws.security.saml.issuer.key.password=myAliasPassword
+org.apache.ws.security.saml.issuer.signAssertion=true
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/503bc977/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/CustomSaml2Validator.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/CustomSaml2Validator.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/CustomSaml2Validator.java
deleted file mode 100644
index e5c63fb..0000000
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/CustomSaml2Validator.java
+++ /dev/null
@@ -1,59 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.systest.ws.saml;
-
-import java.util.List;
-
-import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.saml.SamlAssertionWrapper;
-import org.apache.wss4j.dom.handler.RequestData;
-import org.apache.wss4j.dom.validate.Credential;
-import org.apache.wss4j.dom.validate.SamlAssertionValidator;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.AttributeStatement;
-
-/**
- * This class does some trivial validation of a received SAML Assertion. It checks that it is
- * a SAML 2 Assertion, and checks the issuer name and that it has an Attribute Statement. 
- */
-public class CustomSaml2Validator extends SamlAssertionValidator {
-    
-    @Override
-    public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
-        Credential validatedCredential = super.validate(credential, data);
-        SamlAssertionWrapper assertion = validatedCredential.getSamlAssertion();
-        
-        if (!"sts".equals(assertion.getIssuerString())) {
-            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
-        }
-        
-        Assertion saml2Assertion = assertion.getSaml2();
-        if (saml2Assertion == null) {
-            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
-        }
-        
-        List<AttributeStatement> attributeStatements = saml2Assertion.getAttributeStatements();
-        if (attributeStatements == null || attributeStatements.isEmpty()) {
-            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
-        }
-        
-        return validatedCredential;
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/503bc977/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
index 7fe3be0..1d56d95 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
@@ -274,10 +274,8 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase {
             assertTrue(ex.getMessage().contains("Wrong SAML Version"));
         }
         
-        SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler();
-        samlCallbackHandler.setSignAssertion(true);
         ((BindingProvider)saml2Port).getRequestContext().put(
-            "ws-security.saml-callback-handler", samlCallbackHandler
+            "ws-security.saml-callback-handler", new SamlCallbackHandler()
         );
         int result = saml2Port.doubleIt(25);
         assertTrue(result == 50);
@@ -497,23 +495,11 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase {
                 service.getPort(portQName, DoubleItPortType.class);
         updateAddressPort(saml2Port, PORT);
         
-<<<<<<< HEAD
         ((BindingProvider)saml2Port).getRequestContext().put(
             "ws-security.saml-callback-handler", new SamlCallbackHandler()
         );
         int result = saml2Port.doubleIt(25);
         assertTrue(result == 50);
-=======
-        // This test only works for DOM
-        if (!test.isStreaming() && PORT.equals(test.getPort())) {
-            SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler();
-            ((BindingProvider)saml2Port).getRequestContext().put(
-                "ws-security.saml-callback-handler", samlCallbackHandler
-            );
-            int result = saml2Port.doubleIt(25);
-            assertTrue(result == 50);
-        }
->>>>>>> 3e21a02... Some changes to how the security context is populated
         
         ((java.io.Closeable)saml2Port).close();
         bus.shutdown(true);
@@ -754,7 +740,21 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase {
         
         SamlRoleCallbackHandler roleCallbackHandler = 
             new SamlRoleCallbackHandler();
-        roleCallbackHandler.setSignAssertion(true);
+        roleCallbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
+        ((BindingProvider)saml2Port).getRequestContext().put(
+            SecurityConstants.SELF_SIGN_SAML_ASSERTION, true
+        );
+        ((BindingProvider)saml2Port).getRequestContext().put(
+            SecurityConstants.SIGNATURE_USERNAME, "alice"
+        );
+        ((BindingProvider)saml2Port).getRequestContext().put(
+            SecurityConstants.SIGNATURE_PROPERTIES, 
+            "org/apache/cxf/systest/ws/wssec10/client/alice.properties"
+        );
+        ((BindingProvider)saml2Port).getRequestContext().put(
+            SecurityConstants.CALLBACK_HANDLER, 
+            "org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"
+        );
         roleCallbackHandler.setRoleName("manager");
         ((BindingProvider)saml2Port).getRequestContext().put(
             "ws-security.saml-callback-handler", roleCallbackHandler

http://git-wip-us.apache.org/repos/asf/cxf/blob/503bc977/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlRoleCallbackHandler.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlRoleCallbackHandler.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlRoleCallbackHandler.java
index 37fcf9f..71ee987 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlRoleCallbackHandler.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlRoleCallbackHandler.java
@@ -47,13 +47,9 @@ public class SamlRoleCallbackHandler implements CallbackHandler {
     private static final String ROLE_URI = 
         "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role";
     private boolean saml2 = true;
-    private String confirmationMethod = SAML2Constants.CONF_BEARER;
+    private String confirmationMethod = SAML2Constants.CONF_SENDER_VOUCHES;
     private CERT_IDENTIFIER keyInfoIdentifier = CERT_IDENTIFIER.X509_CERT;
     private String roleName;
-    private boolean signAssertion;
-    private String cryptoAlias = "alice";
-    private String cryptoPassword = "password";
-    private String cryptoPropertiesFile = "alice.properties";
     
     public SamlRoleCallbackHandler() {
         //
@@ -126,16 +122,6 @@ public class SamlRoleCallbackHandler implements CallbackHandler {
                 attributeBean.setAttributeValues(Collections.singletonList(roleName));
                 attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
                 callback.setAttributeStatementData(Collections.singletonList(attrBean));
-                
-                try {
-                    Crypto crypto = CryptoFactory.getInstance(cryptoPropertiesFile);
-                    callback.setIssuerCrypto(crypto);
-                    callback.setIssuerKeyName(cryptoAlias);
-                    callback.setIssuerKeyPassword(cryptoPassword);
-                    callback.setSignAssertion(signAssertion);
-                } catch (Exception ex) {
-                    throw new IOException("Problem creating KeyInfo: " +  ex.getMessage());
-                }
             }
         }
     }
@@ -166,7 +152,4 @@ public class SamlRoleCallbackHandler implements CallbackHandler {
         this.roleName = roleName;
     }
     
-    public void setSignAssertion(boolean signAssertion) {
-        this.signAssertion = signAssertion;
-    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/503bc977/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/server/CustomSaml2Validator.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/server/CustomSaml2Validator.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/server/CustomSaml2Validator.java
index c83901a..6061c0c 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/server/CustomSaml2Validator.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/server/CustomSaml2Validator.java
@@ -23,7 +23,6 @@ import java.util.List;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.handler.RequestData;
 import org.apache.ws.security.saml.ext.AssertionWrapper;
-import org.apache.ws.security.saml.ext.OpenSAMLUtil;
 import org.apache.ws.security.validate.Credential;
 import org.apache.ws.security.validate.SamlAssertionValidator;
 import org.opensaml.saml2.core.Assertion;
@@ -31,8 +30,7 @@ import org.opensaml.saml2.core.AttributeStatement;
 
 /**
  * This class does some trivial validation of a received SAML Assertion. It checks that it is
- * a SAML 2 Assertion, and checks the issuer name and confirmation method, and that it has
- * an Attribute Statement. 
+ * a SAML 2 Assertion, and checks the issuer name and that it has an Attribute Statement. 
  */
 public class CustomSaml2Validator extends SamlAssertionValidator {
     
@@ -45,12 +43,6 @@ public class CustomSaml2Validator extends SamlAssertionValidator {
             throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
         }
         
-        String confirmationMethod = assertion.getConfirmationMethods().get(0);
-        if (!(OpenSAMLUtil.isMethodSenderVouches(confirmationMethod)
-            || OpenSAMLUtil.isMethodHolderOfKey(confirmationMethod))) {
-            throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");
-        }
-        
         Assertion saml2Assertion = assertion.getSaml2();
         if (saml2Assertion == null) {
             throw new WSSecurityException(WSSecurityException.FAILURE, "invalidSAMLsecurity");

http://git-wip-us.apache.org/repos/asf/cxf/blob/503bc977/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml
deleted file mode 100644
index 6027841..0000000
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server.xml
+++ /dev/null
@@ -1,279 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
- 
- http://www.apache.org/licenses/LICENSE-2.0
- 
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xsi:schemaLocation="         http://www.springframework.org/schema/beans                     http://www.springframework.org/schema/beans/spring-beans.xsd         http://cxf.apache.org/jaxws                                     http://cxf.apache.org/schemas/jaxws.xsd         http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd         http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd         http://cxf.apache.org/transports/http/configuration             http://cxf.apache.org/sc
 hemas/configuration/http-conf.xsd         http://cxf.apache.org/transports/http-jetty/configuration       http://cxf.apache.org/schemas/configuration/http-jetty.xsd         http://cxf.apache.org/configuration/security      http://cxf.apache.org/schemas/configuration/security.xsd  http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd   ">
-    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
-    <cxf:bus>
-        <cxf:features>
-            <p:policies/>
-            <cxf:logging/>
-        </cxf:features>
-    </cxf:bus>
-    <!-- -->
-    <!-- Any services listening on port 9009 must use the following -->
-    <!-- Transport Layer Security (TLS) settings -->
-    <!-- -->
-    <httpj:engine-factory id="tls-settings">
-        <httpj:engine port="${testutil.ports.Server.2}">
-            <httpj:tlsServerParameters>
-                <sec:keyManagers keyPassword="password">
-                    <sec:keyStore type="jks" password="password" resource="org/apache/cxf/systest/ws/security/Bethal.jks"/>
-                </sec:keyManagers>
-                <sec:trustManagers>
-                    <sec:keyStore type="jks" password="password" resource="org/apache/cxf/systest/ws/security/Truststore.jks"/>
-                </sec:trustManagers>
-                <sec:cipherSuitesFilter>
-                    <sec:include>.*_EXPORT_.*</sec:include>
-                    <sec:include>.*_EXPORT1024_.*</sec:include>
-                    <sec:include>.*_WITH_DES_.*</sec:include>
-                    <sec:include>.*_WITH_AES_.*</sec:include>
-                    <sec:include>.*_WITH_NULL_.*</sec:include>
-                    <sec:exclude>.*_DH_anon_.*</sec:exclude>
-                </sec:cipherSuitesFilter>
-                <sec:clientAuthentication want="true" required="true"/>
-            </httpj:tlsServerParameters>
-        </httpj:engine>
-    </httpj:engine-factory>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml1TokenOverTransport" address="https://localhost:${testutil.ports.Server.2}/DoubleItSaml1Transport" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml1TransportPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-       </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml1TokenOverTransport2" address="https://localhost:${testutil.ports.Server.2}/DoubleItSaml1Transport2" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml1TransportPort2" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-       </jaxws:properties>
-        <jaxws:features>
-            <p:policies>
-                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" URI="classpath:/org/apache/cxf/systest/ws/saml/saml1-tls-policy.xml"/>
-            </p:policies>
-        </jaxws:features>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml1SupportingToken" address="https://localhost:${testutil.ports.Server.2}/DoubleItSaml1Supporting" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml1SupportingPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverSymmetric" address="http://localhost:${testutil.ports.Server}/DoubleItSaml2Symmetric" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2SymmetricPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.saml2.validator" value="org.apache.cxf.systest.ws.saml.CustomSaml2Validator"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverAsymmetric" address="http://localhost:${testutil.ports.Server}/DoubleItSaml2Asymmetric" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2AsymmetricPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.username" value="bob"/>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.encryption.username" value="useReqSigCert"/>
-            <entry key="ws-security.saml2.validator" value="org.apache.cxf.systest.ws.saml.CustomSaml2Validator"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverAsymmetric2" address="http://localhost:${testutil.ports.Server}/DoubleItSaml2Asymmetric2" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2AsymmetricPort2" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.username" value="bob"/>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.encryption.username" value="useReqSigCert"/>
-            <entry key="ws-security.saml2.validator" value="org.apache.cxf.systest.ws.saml.CustomSaml2Validator"/>
-        </jaxws:properties>
-        <jaxws:features>
-            <p:policies>
-                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" URI="classpath:/org/apache/cxf/systest/ws/saml/saml2-asym-policy.xml"/>
-            </p:policies>
-        </jaxws:features>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml1SelfSignedTokenOverTransport" address="https://localhost:${testutil.ports.Server.2}/DoubleItSaml1SelfSignedTransport" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml1SelfSignedTransportPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml1SelfSignedTokenOverTransportSP11" address="https://localhost:${testutil.ports.Server.2}/DoubleItSaml1SelfSignedTransportSP11" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml1SelfSignedTransportSP11Port" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2EndorsingOverTransport" address="https://localhost:${testutil.ports.Server.2}/DoubleItSaml2EndorsingTransport" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2EndorsingTransportPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2EndorsingOverTransportSP11" address="https://localhost:${testutil.ports.Server.2}/DoubleItSaml2EndorsingTransportSP11" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2EndorsingTransportSP11Port" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="AsymmetricSamlInitiatorPort" address="http://localhost:${testutil.ports.Server}/DoubleItAsymmetricSamlInitiator" serviceName="s:DoubleItService" endpointName="s:DoubleItAsymmetricSamlInitiatorPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.username" value="bob"/>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.encryption.username" value="useReqSigCert"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.saml2.validator" value="org.apache.cxf.systest.ws.saml.CustomSaml2Validator"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverSymmetricSignedElements" address="http://localhost:${testutil.ports.Server}/DoubleItSaml2SymmetricSignedElements" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2SymmetricSignedElementsPort" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverAsymmetricSignedEncrypted" address="http://localhost:${testutil.ports.Server}/DoubleItSaml2AsymmetricSignedEncrypted" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2AsymmetricSignedEncryptedPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.username" value="bob"/>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.encryption.username" value="useReqSigCert"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.saml2.validator" value="org.apache.cxf.systest.ws.saml.CustomSaml2Validator"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverAsymmetricSignedEncryptedEncryptBeforeSigning" address="http://localhost:${testutil.ports.Server}/DoubleItSaml2AsymmetricSignedEncryptedEncryptBeforeSigning" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2AsymmetricSignedEncryptedEncryptBeforeSigningPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.username" value="bob"/>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.encryption.username" value="useReqSigCert"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.saml2.validator" value="org.apache.cxf.systest.ws.saml.CustomSaml2Validator"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverAsymmetricEncrypted" address="http://localhost:${testutil.ports.Server}/DoubleItSaml2AsymmetricEncrypted" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2AsymmetricEncryptedPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.username" value="bob"/>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.encryption.username" value="useReqSigCert"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2EndorsingEncryptedOverTransport" address="https://localhost:${testutil.ports.Server.2}/DoubleItSaml2EndorsingEncryptedTransport" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2EndorsingEncryptedTransportPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="InlinePolicy" address="https://localhost:${testutil.ports.Server.2}/DoubleItSamlInlinePolicy" serviceName="s:DoubleItService" endpointName="s:DoubleItInlinePolicyPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-        </jaxws:properties>
-        <jaxws:features>
-            <p:policies>
-                <wsp:Policy xmlns:wsp="http://www.w3.org/ns/ws-policy">
-                    <wsp:ExactlyOne>
-                        <wsp:All>
-                            <wsp:Policy xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" wsu:Id="SamlToken">
-                                <wsp:ExactlyOne>
-                                    <wsp:All>
-                                        <sp:TransportBinding>
-                                            <wsp:Policy>
-                                                <sp:TransportToken>
-                                                    <wsp:Policy>
-                                                        <sp:HttpsToken>
-                                                            <wsp:Policy/>
-                                                        </sp:HttpsToken>
-                                                    </wsp:Policy>
-                                                </sp:TransportToken>
-                                                <sp:Layout>
-                                                    <wsp:Policy>
-                                                        <sp:Lax/>
-                                                    </wsp:Policy>
-                                                </sp:Layout>
-                                                <sp:IncludeTimestamp/>
-                                                <sp:AlgorithmSuite>
-                                                    <wsp:Policy>
-                                                        <sp:Basic128/>
-                                                    </wsp:Policy>
-                                                </sp:AlgorithmSuite>
-                                            </wsp:Policy>
-                                        </sp:TransportBinding>
-                                        <sp:SupportingTokens>
-                                            <wsp:Policy>
-                                                <sp:SamlToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
-                                                    <wsp:Policy>
-                                                        <sp:WssSamlV11Token11/>
-                                                    </wsp:Policy>
-                                                </sp:SamlToken>
-                                            </wsp:Policy>
-                                        </sp:SupportingTokens>
-                                    </wsp:All>
-                                </wsp:ExactlyOne>
-                            </wsp:Policy>
-                        </wsp:All>
-                    </wsp:ExactlyOne>
-                </wsp:Policy>
-            </p:policies>
-        </jaxws:features>
-    </jaxws:endpoint>
-    <bean class="org.apache.cxf.systest.ws.saml.PolicyDecisionPointMockImpl" id="MockPDP" />
-    <bean class="org.apache.cxf.rt.security.xacml.XACMLAuthorizingInterceptor" id="XACMLInterceptor">
-        <constructor-arg ref="MockPDP"/>
-    </bean>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TokenOverSymmetricPEP" address="http://localhost:${testutil.ports.Server}/DoubleItSaml2PEP" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2PEPPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.saml2.validator" value="org.apache.cxf.systest.ws.saml.CustomSaml2Validator"/>
-        </jaxws:properties>
-        <jaxws:inInterceptors>
-            <ref bean="XACMLInterceptor"/>
-        </jaxws:inInterceptors>
-    </jaxws:endpoint>
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TransportToken" address="https://localhost:${testutil.ports.Server.2}/DoubleItSaml2Transport" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2TransportPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-    
-    <bean id="audienceRestrictionValidator" class="org.apache.cxf.systest.ws.saml.Saml2AudienceRestrictionValidator">
-        <property name="endpointAddresses">
-            <list>
-                <value>https://localhost:${testutil.ports.Server.2}/DoubleItSaml2Transport2</value>
-                <value>https://localhost:${testutil.ports.StaxServer.2}/DoubleItSaml2Transport2</value>
-            </list>
-        </property>
-    </bean>
-            
-    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Saml2TransportToken2" address="https://localhost:${testutil.ports.Server.2}/DoubleItSaml2Transport2" serviceName="s:DoubleItService" endpointName="s:DoubleItSaml2TransportPort2" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl" depends-on="tls-settings">
-        <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
-            <entry key="ws-security.saml2.validator" value-ref="audienceRestrictionValidator"/>
-        </jaxws:properties>
-    </jaxws:endpoint>
-</beans>

http://git-wip-us.apache.org/repos/asf/cxf/blob/503bc977/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml
index 136c49f..3fedf31 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml
@@ -133,7 +133,7 @@
        serviceName="s:DoubleItService"
        endpointName="s:DoubleItSaml2SymmetricPort"
        xmlns:s="http://www.example.org/contract/DoubleIt"
-       implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
        wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
         
        <jaxws:properties>
@@ -308,7 +308,7 @@
        serviceName="s:DoubleItService"
        endpointName="s:DoubleItSaml2SymmetricSignedElementsPort"
        xmlns:s="http://www.example.org/contract/DoubleIt"
-       implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
        wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
         
        <jaxws:properties>
@@ -466,7 +466,7 @@
        serviceName="s:DoubleItService"
        endpointName="s:DoubleItSaml2PEPPort"
        xmlns:s="http://www.example.org/contract/DoubleIt"
-       implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
        wsdlLocation="org/apache/cxf/systest/ws/saml/DoubleItSaml.wsdl">
         
        <jaxws:properties>