cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject git commit: Adding a SecureConversation test for Kerberos
Date Wed, 05 Nov 2014 14:49:35 GMT
Repository: cxf
Updated Branches:
  refs/heads/master afa521931 -> eb746f58d


Adding a SecureConversation test for Kerberos


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/eb746f58
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/eb746f58
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/eb746f58

Branch: refs/heads/master
Commit: eb746f58d608fff25049e76e922b2bf2730ff5cb
Parents: afa5219
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Nov 5 14:49:01 2014 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Nov 5 14:49:16 2014 +0000

----------------------------------------------------------------------
 .../systest/ws/kerberos/KerberosTokenTest.java  |  37 +++++-
 .../systest/ws/kerberos/DoubleItKerberos.wsdl   | 114 +++++++++++++++++++
 .../apache/cxf/systest/ws/kerberos/client.xml   |  13 +++
 .../apache/cxf/systest/ws/kerberos/server.xml   |   8 ++
 4 files changed, 171 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/eb746f58/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java
index 29d112c..1d4c89e 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java
@@ -100,7 +100,7 @@ public class KerberosTokenTest extends AbstractBusClientServerTestBase
{
         SecurityTestUtil.cleanup();
         stopAllServers();
     }
-
+    
     @org.junit.Test
     public void testKerberosOverTransport() throws Exception {
 
@@ -552,4 +552,39 @@ public class KerberosTokenTest extends AbstractBusClientServerTestBase
{
         bus.shutdown(true);
     }
     
+    
+    @org.junit.Test
+    public void testKerberosOverSymmetricSecureConversation() throws Exception {
+        
+        if (!unrestrictedPoliciesInstalled) {
+            return;
+        }
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = KerberosTokenTest.class.getResource("client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = KerberosTokenTest.class.getResource("DoubleItKerberos.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItKerberosSymmetricSecureConversationPort");
+        DoubleItPortType kerberosPort = 
+                service.getPort(portQName, DoubleItPortType.class);
+        
+        updateAddressPort(kerberosPort, test.getPort());
+        
+        if (test.isStreaming()) {
+            SecurityTestUtil.enableStreaming(kerberosPort);
+        }
+
+        // TODO Streaming
+        if (!test.isStreaming() && !STAX_PORT.equals(test.getPort())) {
+            kerberosPort.doubleIt(25);
+        }
+        
+        ((java.io.Closeable)kerberosPort).close();
+        bus.shutdown(true);
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/eb746f58/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/DoubleItKerberos.wsdl
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/DoubleItKerberos.wsdl
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/DoubleItKerberos.wsdl
index 86f24b5..cd858e4 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/DoubleItKerberos.wsdl
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/DoubleItKerberos.wsdl
@@ -251,6 +251,24 @@
             </wsdl:fault>
         </wsdl:operation>
     </wsdl:binding>
+    <wsdl:binding name="DoubleItKerberosSymmetricSecureConversationBinding" type="tns:DoubleItPortType">
+        <wsp:PolicyReference URI="#DoubleItKerberosSymmetricSecureConversationPolicy"/>
+        <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction=""/>
+            <wsdl:input>
+                <soap:body use="literal"/>
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal"/>
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+            </wsdl:output>
+            <wsdl:fault name="DoubleItFault">
+                <soap:body use="literal" name="DoubleItFault"/>
+            </wsdl:fault>
+        </wsdl:operation>
+    </wsdl:binding>
     <wsdl:service name="DoubleItService">
         <wsdl:port name="DoubleItKerberosTransportPort" binding="tns:DoubleItKerberosTransportBinding">
             <soap:address location="https://localhost:9009/DoubleItKerberosTransport"/>
@@ -294,6 +312,10 @@
         <wsdl:port name="DoubleItKerberosSymmetricSignedEndorsingEncryptedPort" binding="tns:DoubleItKerberosSymmetricSignedEndorsingEncryptedBinding">
             <soap:address location="http://localhost:9001/DoubleItKerberosSymmetricSignedEndorsingEncrypted"/>
         </wsdl:port>
+        <wsdl:port name="DoubleItKerberosSymmetricSecureConversationPort" 
+                   binding="tns:DoubleItKerberosSymmetricSecureConversationBinding">
+            <soap:address location="http://localhost:9001/DoubleItKerberosSymmetricSecureConversation"/>
+        </wsdl:port>
     </wsdl:service>
     <wsp:Policy wsu:Id="DoubleItKerberosTransportPolicy">
         <wsp:ExactlyOne>
@@ -887,6 +909,98 @@
             </wsp:All>
         </wsp:ExactlyOne>
     </wsp:Policy>
+    <wsp:Policy wsu:Id="DoubleItKerberosSymmetricSecureConversationPolicy">
+        <wsp:ExactlyOne>
+            <wsp:All>
+            <sp:SymmetricBinding>
+               <wsp:Policy>
+                  <sp:ProtectionToken>
+                     <wsp:Policy>
+                        <sp:SecureConversationToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                           <wsp:Policy>
+                              <sp:RequireDerivedKeys/>
+                              <sp:BootstrapPolicy>
+                                <wsp:Policy>
+                                 <sp:SymmetricBinding>
+                                   <wsp:Policy>
+                                      <sp:ProtectionToken>
+                                          <wsp:Policy>
+                                             <sp:KerberosToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Once">
+                                                <wsp:Policy>
+                                                     <sp:RequireDerivedKeys/>
+                                                     <sp:WssGssKerberosV5ApReqToken11/>
+                                                </wsp:Policy>
+                                             </sp:KerberosToken>
+                                          </wsp:Policy>
+                                       </sp:ProtectionToken>
+                                       <sp:AlgorithmSuite>
+                                          <wsp:Policy>
+                                              <sp:Basic128/>
+                                          </wsp:Policy>
+                                       </sp:AlgorithmSuite>
+                                       <sp:Layout>
+                                          <wsp:Policy>
+                                             <sp:Strict/>
+                                          </wsp:Policy>
+                                       </sp:Layout>
+                                       <sp:IncludeTimestamp/>
+                                       <sp:EncryptSignature/>
+                                       <sp:OnlySignEntireHeadersAndBody/>
+                                    </wsp:Policy>
+                                 </sp:SymmetricBinding>
+                                 <sp:Trust13>
+                                    <wsp:Policy>
+                                       <sp:MustSupportIssuedTokens/>
+                                       <sp:RequireClientEntropy/>
+                                       <sp:RequireServerEntropy/>
+                                    </wsp:Policy>
+                                 </sp:Trust13>
+                                 <sp:Wss11>
+                                     <wsp:Policy>
+                                        <sp:MustSupportRefIssuerSerial/>
+                                        <sp:MustSupportRefThumbprint/>
+                                        <sp:MustSupportRefEncryptedKey/>
+                                     </wsp:Policy>
+                                 </sp:Wss11>
+                             </wsp:Policy>
+                           </sp:BootstrapPolicy>
+                         </wsp:Policy>
+                      </sp:SecureConversationToken>
+                    </wsp:Policy>
+                 </sp:ProtectionToken>
+                 <sp:AlgorithmSuite>
+                    <wsp:Policy>
+                       <sp:Basic128/>
+                    </wsp:Policy>
+                 </sp:AlgorithmSuite>
+                 <sp:Layout>
+                    <wsp:Policy>
+                       <sp:Strict/>
+                    </wsp:Policy>
+                 </sp:Layout>
+                 <sp:IncludeTimestamp/>
+                 <sp:EncryptSignature/>
+                 <sp:OnlySignEntireHeadersAndBody/>
+               </wsp:Policy>
+             </sp:SymmetricBinding>
+             <sp:Trust13>
+                <wsp:Policy>
+                   <sp:MustSupportIssuedTokens/>
+                   <sp:RequireClientEntropy/>
+                   <sp:RequireServerEntropy/>
+                 </wsp:Policy>
+             </sp:Trust13>
+             <sp:Wss11>
+                <wsp:Policy>
+                   <sp:MustSupportRefIssuerSerial/>
+                   <sp:MustSupportRefThumbprint/>
+                   <sp:MustSupportRefEncryptedKey/>
+                 </wsp:Policy>
+             </sp:Wss11>
+           </wsp:All>
+        </wsp:ExactlyOne>
+    </wsp:Policy>
+    
     <wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Input_Policy">
         <wsp:ExactlyOne>
             <wsp:All>

http://git-wip-us.apache.org/repos/asf/cxf/blob/eb746f58/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/client.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/client.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/client.xml
index 8d276c3..a9c77a8 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/client.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/client.xml
@@ -221,4 +221,17 @@
             </entry>
         </jaxws:properties>
     </jaxws:client>
+   <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItKerberosSymmetricSecureConversationPort"
createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="ws-security.encryption.properties" value="bob.properties"/>
+            <entry key="ws-security.encryption.username" value="bob"/>
+            <entry key="ws-security.kerberos.client">
+                <bean class="org.apache.cxf.ws.security.kerberos.KerberosClient">
+                    <constructor-arg ref="cxf"/>
+                    <property name="contextName" value="alice"/>
+                    <property name="serviceName" value="bob@service.ws.apache.org"/>
+                </bean>
+            </entry>
+        </jaxws:properties>
+    </jaxws:client>
 </beans>

http://git-wip-us.apache.org/repos/asf/cxf/blob/eb746f58/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/server.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/server.xml
index d8a0250..381b5f2 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/kerberos/server.xml
@@ -162,4 +162,12 @@
             <entry key="ws-security.bst.validator" value-ref="kerberosValidator"/>
         </jaxws:properties>
     </jaxws:endpoint>
+    
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="KerberosOverSymmetricSecureConversation"
address="http://localhost:${testutil.ports.Server}/DoubleItKerberosSymmetricSecureConversation"
serviceName="s:DoubleItService" endpointName="s:DoubleItKerberosSymmetricSecureConversationPort"
implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/kerberos/DoubleItKerberos.wsdl">
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+            <entry key="ws-security.signature.properties" value="bob.properties"/>
+            <entry key="ws-security.bst.validator" value-ref="kerberosValidator"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
 </beans>


Mime
View raw message