cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: Support the ability to store BASE-64 encoded (encryption) bytes in message attachments
Date Thu, 09 Jul 2015 16:09:39 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 9bd52f477 -> f399b9290


Support the ability to store BASE-64 encoded (encryption) bytes in message attachments


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f399b929
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f399b929
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f399b929

Branch: refs/heads/master
Commit: f399b9290e42726e30333f261d8d7f6abc4768cc
Parents: 9bd52f4
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Jul 9 17:09:12 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Jul 9 17:09:34 2015 +0100

----------------------------------------------------------------------
 .../cxf/ws/security/SecurityConstants.java      | 11 ++-
 .../policyhandlers/AbstractBindingBuilder.java  | 22 ++++++
 .../AsymmetricBindingHandler.java               |  5 ++
 .../policyhandlers/SymmetricBindingHandler.java |  4 ++
 .../cxf/systest/ws/mtom/MTOMSecurityTest.java   | 51 +++++++++++++-
 .../cxf/systest/ws/mtom/DoubleItMtom.wsdl       | 71 ++++++++++++++++++++
 .../org/apache/cxf/systest/ws/mtom/client.xml   | 43 +++++++++++-
 .../org/apache/cxf/systest/ws/mtom/server.xml   | 38 +++++++++++
 8 files changed, 241 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/f399b929/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
index e5e7d9c..28702ad 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
@@ -115,6 +115,14 @@ public final class SecurityConstants extends org.apache.cxf.rt.security.Security
      * else that a SAML action has been configured for the non-security-policy case.
      */
     public static final String ENABLE_SAML_ONE_TIME_USE_CACHE = "ws-security.enable.saml.cache";
+    
+    /**
+     * Whether to store bytes (CipherData or BinarySecurityToken) in an attachment. The default
is 
+     * true if MTOM is enabled. Set it to false to BASE-64 encode the bytes and "inlined"
them in 
+     * the message instead. Setting this to true is more efficient, as it means that the
BASE-64 
+     * encoding step can be skipped. This only applies to the DOM WS-Security stack.
+     */
+    public static final String STORE_BYTES_IN_ATTACHMENT = "ws-security.store.bytes.in.attachment";
 
     //
     // Non-boolean WS-Security Configuration parameters
@@ -509,7 +517,8 @@ public final class SecurityConstants extends org.apache.cxf.rt.security.Security
             CACHE_IDENTIFIER, CACHE_ISSUED_TOKEN_IN_ENDPOINT, PREFER_WSMEX_OVER_STS_CLIENT_CONFIG,
             DELEGATED_CREDENTIAL, KERBEROS_USE_CREDENTIAL_DELEGATION, 
             KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM, STS_TOKEN_IMMINENT_EXPIRY_VALUE,
-            KERBEROS_REQUEST_CREDENTIAL_DELEGATION, POLICY_VALIDATOR_MAP
+            KERBEROS_REQUEST_CREDENTIAL_DELEGATION, POLICY_VALIDATOR_MAP,
+            STORE_BYTES_IN_ATTACHMENT
         }));
         for (String commonProperty : COMMON_PROPERTIES) {
             s.add(commonProperty);

http://git-wip-us.apache.org/repos/asf/cxf/blob/f399b929/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index f9b9348..3d910b1 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -51,6 +51,7 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
+import org.apache.cxf.attachment.AttachmentUtil;
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.binding.soap.saaj.SAAJUtils;
 import org.apache.cxf.common.logging.LogUtils;
@@ -115,6 +116,7 @@ import org.apache.wss4j.policy.SPConstants.IncludeTokenType;
 import org.apache.wss4j.policy.model.AbstractBinding;
 import org.apache.wss4j.policy.model.AbstractSecurityAssertion;
 import org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding;
+import org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding.ProtectionOrder;
 import org.apache.wss4j.policy.model.AbstractToken;
 import org.apache.wss4j.policy.model.AbstractToken.DerivedKeys;
 import org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType;
@@ -172,6 +174,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
     protected Element lastEncryptedKeyElement;
     
     protected final CallbackLookup callbackLookup;
+    protected boolean storeBytesInAttachment;
     
     private Element lastSupportingTokenElement;
     private Element lastDerivedKeyElement;
@@ -195,6 +198,22 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         this.saaj = saaj;
         message.getExchange().put(WSHandlerConstants.SEND_SIGV, signatures);
         
+        boolean storeBytes = 
+            MessageUtils.getContextualBoolean(
+                message, SecurityConstants.STORE_BYTES_IN_ATTACHMENT, true
+            );
+        if (storeBytes && AttachmentUtil.isMtomEnabled(message)) {
+            storeBytesInAttachment = true;
+            if (binding instanceof AbstractSymmetricAsymmetricBinding
+                && (ProtectionOrder.EncryptBeforeSigning 
+                    == ((AbstractSymmetricAsymmetricBinding)binding).getProtectionOrder())
+                    || ((AbstractSymmetricAsymmetricBinding)binding).isProtectTokens()) {
+                LOG.fine("Disabling SecurityConstants.STORE_BYTES_IN_ATTACHMENT due to "
+                         + "EncryptBeforeSigning or ProtectTokens policy.");
+                storeBytesInAttachment = false;
+            }
+        }
+        
         Element soapBody = SAAJUtils.getBody(saaj);
         if (soapBody != null) {
             callbackLookup = new CXFCallbackLookup(soapBody.getOwnerDocument(), soapBody);
@@ -1376,6 +1395,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
         encrKey.setIdAllocator(wssConfig.getIdAllocator());
         encrKey.setCallbackLookup(callbackLookup);
+        encrKey.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
+        encrKey.setStoreBytesInAttachment(storeBytesInAttachment);
         Crypto crypto = getEncryptionCrypto();
         message.getExchange().put(SecurityConstants.ENCRYPT_CRYPTO, crypto);
         setKeyIdentifierType(encrKey, token);
@@ -1699,6 +1720,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         sig.setIdAllocator(wssConfig.getIdAllocator());
         sig.setCallbackLookup(callbackLookup);
         sig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
+        sig.setStoreBytesInAttachment(storeBytesInAttachment);
         checkForX509PkiPath(sig, token);
         if (token instanceof IssuedToken || token instanceof SamlToken) {
             assertPolicy(token);

http://git-wip-us.apache.org/repos/asf/cxf/blob/f399b929/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index c54dfc1..01d7de3 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -456,6 +456,8 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
                     WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();
                     dkEncr.setIdAllocator(wssConfig.getIdAllocator());
                     dkEncr.setCallbackLookup(callbackLookup);
+                    dkEncr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
+                    dkEncr.setStoreBytesInAttachment(storeBytesInAttachment);
                     if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP11) {
                         dkEncr.setWscVersion(ConversationConstants.VERSION_05_02);
                     }
@@ -487,6 +489,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
                     encr.setIdAllocator(wssConfig.getIdAllocator());
                     encr.setCallbackLookup(callbackLookup);
                     encr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
+                    encr.setStoreBytesInAttachment(storeBytesInAttachment);
                     
                     encr.setDocument(saaj.getSOAPPart());
                     Crypto crypto = getEncryptionCrypto();
@@ -622,6 +625,8 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
             WSSecDKSign dkSign = new WSSecDKSign();
             dkSign.setIdAllocator(wssConfig.getIdAllocator());
             dkSign.setCallbackLookup(callbackLookup);
+            dkSign.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
+            dkSign.setStoreBytesInAttachment(storeBytesInAttachment);
             if (wrapper.getToken().getVersion() == SPConstants.SPVersion.SP11) {
                 dkSign.setWscVersion(ConversationConstants.VERSION_05_02);
             }

http://git-wip-us.apache.org/repos/asf/cxf/blob/f399b929/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index 6b4c4e8..0aba026 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -404,6 +404,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
             dkEncr.setIdAllocator(wssConfig.getIdAllocator());
             dkEncr.setCallbackLookup(callbackLookup);
             dkEncr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
+            dkEncr.setStoreBytesInAttachment(storeBytesInAttachment);
             if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP11) {
                 dkEncr.setWscVersion(ConversationConstants.VERSION_05_02);
             }
@@ -519,6 +520,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
                     encr.setIdAllocator(wssConfig.getIdAllocator());
                     encr.setCallbackLookup(callbackLookup);
                     encr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
+                    encr.setStoreBytesInAttachment(storeBytesInAttachment);
                     String encrTokId = encrTok.getId();
                     if (attached) {
                         encrTokId = encrTok.getWsuId();
@@ -636,6 +638,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
         dkSign.setIdAllocator(wssConfig.getIdAllocator());
         dkSign.setCallbackLookup(callbackLookup);
         dkSign.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
+        dkSign.setStoreBytesInAttachment(storeBytesInAttachment);
         if (policyAbstractTokenWrapper.getToken().getVersion() == SPConstants.SPVersion.SP11)
{
             dkSign.setWscVersion(ConversationConstants.VERSION_05_02);
         }
@@ -765,6 +768,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
             sig.setIdAllocator(wssConfig.getIdAllocator());
             sig.setCallbackLookup(callbackLookup);
             sig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
+            sig.setStoreBytesInAttachment(storeBytesInAttachment);
             // If a EncryptedKeyToken is used, set the correct value type to
             // be used in the wsse:Reference in ds:KeyInfo
             int type = included ? WSConstants.CUSTOM_SYMM_SIGNING 

http://git-wip-us.apache.org/repos/asf/cxf/blob/f399b929/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java
index 162e7b3..3c79a43 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java
@@ -119,8 +119,7 @@ public class MTOMSecurityTest extends AbstractBusClientServerTestBase
{
     // Here we moving encrypted bytes to attachments instead, and referencing them via xop:Include
     // This avoids the BASE-64 encoding/decoding step when the raw bytes are included in
the SOAP Envelope
     @org.junit.Test
-    @org.junit.Ignore
-    public void testEncryptedDataInAttachment() throws Exception {
+    public void testAsymmetricBytesInAttachment() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
         URL busFile = MTOMSecurityTest.class.getResource("client.xml");
@@ -142,4 +141,52 @@ public class MTOMSecurityTest extends AbstractBusClientServerTestBase
{
         ((java.io.Closeable)port).close();
         bus.shutdown(true);
     }
+    
+    @org.junit.Test
+    public void testSymmetricBytesInAttachment() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = MTOMSecurityTest.class.getResource("client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+        
+        URL wsdl = MTOMSecurityTest.class.getResource("DoubleItMtom.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSymmetricPort");
+        DoubleItPortType port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(port, PORT);
+        
+        int result = port.doubleIt(25);
+        assertEquals(result, 50);
+        
+        ((java.io.Closeable)port).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
+    public void testActionBytesInAttachment() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = MTOMSecurityTest.class.getResource("client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+        
+        URL wsdl = MTOMSecurityTest.class.getResource("DoubleItMtom.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItActionPort");
+        DoubleItPortType port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(port, PORT);
+        
+        int result = port.doubleIt(25);
+        assertEquals(result, 50);
+        
+        ((java.io.Closeable)port).close();
+        bus.shutdown(true);
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/f399b929/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/DoubleItMtom.wsdl
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/DoubleItMtom.wsdl
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/DoubleItMtom.wsdl
index c50a8ae..57bc5e9 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/DoubleItMtom.wsdl
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/DoubleItMtom.wsdl
@@ -52,6 +52,39 @@
             </wsdl:fault>
         </wsdl:operation>
     </wsdl:binding>
+    <wsdl:binding name="DoubleItSymmetricBinding" type="tns:DoubleItPortType">
+        <wsp:PolicyReference URI="#DoubleItSymmetricPolicy"/>
+        <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction=""/>
+            <wsdl:input>
+                <soap:body use="literal"/>
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal"/>
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+            </wsdl:output>
+            <wsdl:fault name="DoubleItFault">
+                <soap:body use="literal" name="DoubleItFault"/>
+            </wsdl:fault>
+        </wsdl:operation>
+    </wsdl:binding>
+    <wsdl:binding name="DoubleItActionBinding" type="tns:DoubleItPortType">
+        <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction=""/>
+            <wsdl:input>
+                <soap:body use="literal"/>
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal"/>
+            </wsdl:output>
+            <wsdl:fault name="DoubleItFault">
+                <soap:body use="literal" name="DoubleItFault"/>
+            </wsdl:fault>
+        </wsdl:operation>
+    </wsdl:binding>
     
     <wsdl:service name="DoubleItService">
         <wsdl:port name="DoubleItSignedMTOMInlinePort" binding="tns:DoubleItNoSecurityBinding">
@@ -63,6 +96,12 @@
         <wsdl:port name="DoubleItAsymmetricPort" binding="tns:DoubleItAsymmetricBinding">
             <soap:address location="http://localhost:9001/DoubleItX509Asymmetric"/>
         </wsdl:port>
+        <wsdl:port name="DoubleItSymmetricPort" binding="tns:DoubleItSymmetricBinding">
+            <soap:address location="http://localhost:9001/DoubleItX509Symmetric"/>
+        </wsdl:port>
+        <wsdl:port name="DoubleItActionPort" binding="tns:DoubleItActionBinding">
+            <soap:address location="http://localhost:9001/DoubleItX509Action"/>
+        </wsdl:port>
     </wsdl:service>
     
     <wsp:Policy wsu:Id="DoubleItAsymmetricPolicy">
@@ -106,6 +145,38 @@
         </wsp:ExactlyOne>
     </wsp:Policy>
     
+    <wsp:Policy wsu:Id="DoubleItSymmetricPolicy">
+        <wsp:ExactlyOne>
+            <wsp:All>
+                <sp:SymmetricBinding>
+                    <wsp:Policy>
+                        <sp:ProtectionToken>
+                            <wsp:Policy>
+                                <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+                                    <wsp:Policy>
+                                        <sp:WssX509V3Token10/>
+                                    </wsp:Policy>
+                                </sp:X509Token>
+                            </wsp:Policy>
+                        </sp:ProtectionToken>
+                        <sp:Layout>
+                            <wsp:Policy>
+                                <sp:Lax/>
+                            </wsp:Policy>
+                        </sp:Layout>
+                        <sp:IncludeTimestamp/>
+                        <sp:OnlySignEntireHeadersAndBody/>
+                        <sp:AlgorithmSuite>
+                            <wsp:Policy>
+                                <sp:Basic128/>
+                            </wsp:Policy>
+                        </sp:AlgorithmSuite>
+                    </wsp:Policy>
+                </sp:SymmetricBinding>
+            </wsp:All>
+        </wsp:ExactlyOne>
+    </wsp:Policy>
+    
     <wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Input_Policy">
         <wsp:ExactlyOne>
             <wsp:All>

http://git-wip-us.apache.org/repos/asf/cxf/blob/f399b929/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/client.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/client.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/client.xml
index b668025..003c64e 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/client.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/client.xml
@@ -83,7 +83,7 @@
         </jaxws:properties>
     </jaxws:client>
     
-     <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItAsymmetricPort"
createdFromAPI="true">
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItAsymmetricPort"
createdFromAPI="true">
         <jaxws:properties>
             <entry key="security.encryption.properties" value="bob.properties"/>
             <entry key="security.encryption.username" value="bob"/>
@@ -94,4 +94,45 @@
         </jaxws:properties>
     </jaxws:client>
     
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSymmetricPort"
createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="security.encryption.properties" value="bob.properties"/>
+            <entry key="security.encryption.username" value="bob"/>
+            <entry key="mtom-enabled" value="true"/>
+        </jaxws:properties>
+    </jaxws:client>
+    
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItActionPort"
createdFromAPI="true">
+        <jaxws:outInterceptors>
+            <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
+                <constructor-arg>
+                    <map>
+                        <entry key="action" value="Signature Timestamp"/>
+                        <entry key="signatureUser" value="alice"/>
+                        <entry key="signaturePropFile" value="alice.properties"/>
+                        <entry key="signatureKeyIdentifier" value="DirectReference"/>
+                        <entry key="signatureParts" 
+                               value="{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{}{http://schemas.xmlsoap.org/soap/envelope/}Body;"/>
+                        <entry key="passwordCallbackClass" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+                        <entry key="storeBytesInAttachment" value="true"/>
+                    </map>
+                </constructor-arg>
+            </bean>
+        </jaxws:outInterceptors>
+        <jaxws:inInterceptors>
+            <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
+                <constructor-arg>
+                    <map>
+                        <entry key="action" value="Signature"/>
+                        <entry key="signatureVerificationPropFile" value="alice.properties"/>
+                    </map>
+                </constructor-arg>
+            </bean>
+        </jaxws:inInterceptors>
+        <jaxws:properties>
+            <entry key="mtom-enabled" value="true"/>
+        </jaxws:properties>
+    </jaxws:client>
+    
+    
 </beans>

http://git-wip-us.apache.org/repos/asf/cxf/blob/f399b929/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/server.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/server.xml
index aa034e0..98051fb 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/server.xml
@@ -103,4 +103,42 @@
         </jaxws:properties>
     </jaxws:endpoint>
     
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Symmetric"
address="http://localhost:${testutil.ports.mtom.Server}/DoubleItX509Symmetric" serviceName="s:DoubleItService"
endpointName="s:DoubleItSymmetricPort" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/mtom/DoubleItMtom.wsdl">
+        <jaxws:properties>
+            <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+            <entry key="security.signature.properties" value="bob.properties"/>
+            <entry key="mtom-enabled" value="true"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+    
+     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Action" address="http://localhost:${testutil.ports.mtom.Server}/DoubleItX509Action"
serviceName="s:DoubleItService" endpointName="s:DoubleItActionPort" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/mtom/DoubleItMtom.wsdl">
+        <jaxws:outInterceptors>
+            <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
+                <constructor-arg>
+                    <map>
+                        <entry key="action" value="Signature"/>
+                        <entry key="signatureUser" value="bob"/>
+                        <entry key="signaturePropFile" value="bob.properties"/>
+                        <entry key="signatureKeyIdentifier" value="DirectReference"/>
+                        <entry key="passwordCallbackClass" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+                        <entry key="storeBytesInAttachment" value="true"/>
+                    </map>
+                </constructor-arg>
+            </bean>
+        </jaxws:outInterceptors>
+        <jaxws:inInterceptors>
+            <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
+                <constructor-arg>
+                    <map>
+                        <entry key="action" value="Signature Timestamp"/>
+                        <entry key="signatureVerificationPropFile" value="bob.properties"/>
+                    </map>
+                </constructor-arg>
+            </bean>
+        </jaxws:inInterceptors>
+        <jaxws:properties>
+            <entry key="mtom-enabled" value="true"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+    
 </beans>


Mime
View raw message