cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [5/5] cxf git commit: Adding a system test for a JAX-RS service and JWT/STS
Date Thu, 19 Nov 2015 17:53:03 GMT
Adding a system test for a JAX-RS service and JWT/STS


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/52d2142b
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/52d2142b
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/52d2142b

Branch: refs/heads/master
Commit: 52d2142beb8f4b343258e8c672cb1b241fcc4b2d
Parents: a24540a
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Nov 19 14:40:57 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Nov 19 17:52:48 2015 +0000

----------------------------------------------------------------------
 services/sts/systests/advanced/pom.xml          |   6 +
 .../systest/sts/jwt/DoubleItPortTypeImpl.java   |  41 +++++
 .../apache/cxf/systest/sts/jwt/JWTUnitTest.java |   2 +-
 .../cxf/systest/sts/jwt/JaxrsJWTTest.java       | 152 ++++++++++++++++++
 .../org/apache/cxf/systest/sts/jwt/Server.java  |  46 ++++++
 .../cxf/systest/sts/deployment/cxf-sts.xml      |   3 +-
 .../apache/cxf/systest/sts/jwt/DoubleIt.wsdl    | 157 +++++++++++++++++++
 .../apache/cxf/systest/sts/jwt/cxf-client.xml   |  39 +++++
 .../apache/cxf/systest/sts/jwt/cxf-service.xml  |  53 +++++++
 .../cxf/systest/sts/jwt/cxf-unit-client.xml     |  39 -----
 .../org/apache/cxf/systest/sts/jwt/jaxrs.xml    |  26 +++
 11 files changed, 522 insertions(+), 42 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/52d2142b/services/sts/systests/advanced/pom.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/pom.xml b/services/sts/systests/advanced/pom.xml
index c1aa190..27a76d1 100644
--- a/services/sts/systests/advanced/pom.xml
+++ b/services/sts/systests/advanced/pom.xml
@@ -56,6 +56,12 @@
         </dependency>
         <dependency>
             <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-rt-rs-security-jose-jaxrs</artifactId>
+            <version>${project.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
             <artifactId>cxf-rt-frontend-jaxws</artifactId>
             <version>${project.version}</version>
             <scope>test</scope>

http://git-wip-us.apache.org/repos/asf/cxf/blob/52d2142b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/DoubleItPortTypeImpl.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/DoubleItPortTypeImpl.java
b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/DoubleItPortTypeImpl.java
new file mode 100644
index 0000000..e9b50aa
--- /dev/null
+++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/DoubleItPortTypeImpl.java
@@ -0,0 +1,41 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.jwt;
+
+import javax.annotation.Resource;
+import javax.jws.WebService;
+import javax.xml.ws.WebServiceContext;
+
+import org.apache.cxf.feature.Features;
+import org.example.contract.doubleit.DoubleItPortType;
+
+@WebService(targetNamespace = "http://www.example.org/contract/DoubleIt", 
+            serviceName = "DoubleItService", 
+            endpointInterface = "org.example.contract.doubleit.DoubleItPortType")
+@Features(features = "org.apache.cxf.feature.LoggingFeature")              
+public class DoubleItPortTypeImpl implements DoubleItPortType {
+    
+    @Resource
+    WebServiceContext wsContext;
+
+    public int doubleIt(int numberToDouble) {
+        return numberToDouble * 2;
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/52d2142b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/JWTUnitTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/JWTUnitTest.java
b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/JWTUnitTest.java
index 90da0c3..00ed2b1 100644
--- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/JWTUnitTest.java
+++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/JWTUnitTest.java
@@ -61,7 +61,7 @@ public class JWTUnitTest extends AbstractBusClientServerTestBase {
     @org.junit.Test
     public void testIssueJWTToken() throws Exception {
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = JWTUnitTest.class.getResource("cxf-unit-client.xml");
+        URL busFile = JWTUnitTest.class.getResource("cxf-client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);

http://git-wip-us.apache.org/repos/asf/cxf/blob/52d2142b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/JaxrsJWTTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/JaxrsJWTTest.java
b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/JaxrsJWTTest.java
new file mode 100644
index 0000000..890a111
--- /dev/null
+++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/JaxrsJWTTest.java
@@ -0,0 +1,152 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.jwt;
+
+import java.io.IOException;
+import java.net.URL;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.ws.rs.client.ClientRequestContext;
+import javax.ws.rs.client.ClientRequestFilter;
+import javax.ws.rs.core.HttpHeaders;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.phase.PhaseInterceptorChain;
+import org.apache.cxf.systest.sts.common.SecurityTestUtil;
+import org.apache.cxf.systest.sts.deployment.STSServer;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.policy.interceptors.STSTokenOutInterceptor;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.trust.STSClient;
+import org.apache.cxf.ws.security.trust.STSTokenRetriever.TokenRequestParams;
+import org.junit.BeforeClass;
+
+/**
+ * In this test case, a CXF JAX-RS client gets a JWT token from the STS + sends it to the
+ * service provider, which validates it.
+ */
+public class JaxrsJWTTest extends AbstractBusClientServerTestBase {
+    
+    public static final String JWT_TOKEN_TYPE = "urn:ietf:params:oauth:token-type:jwt";
+    static final String STSPORT = allocatePort(STSServer.class);
+
+    private static final String PORT = allocatePort(Server.class);
+    
+    @BeforeClass
+    public static void startServers() throws Exception {
+        assertTrue(
+                   "Server failed to launch",
+                   // run the server in the same process
+                   // set this to false to fork
+                   launchServer(Server.class, true)
+        );
+        assertTrue(
+                   "Server failed to launch",
+                   // run the server in the same process
+                   // set this to false to fork
+                   launchServer(STSServer.class, true)
+        );
+    }
+    
+    @org.junit.AfterClass
+    public static void cleanup() throws Exception {
+        SecurityTestUtil.cleanup();
+        stopAllServers();
+    }
+
+    @org.junit.Test
+    public void testSuccessfulInvocation() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = JaxrsJWTTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        final String address = "https://localhost:" + PORT + "/doubleit/services/doubleit-rs";
+        final int numToDouble = 25;  
+       
+        List<Object> providers = Collections.singletonList(new JwtOutFilter());
+        
+        WebClient client = WebClient.create(address, providers);
+        client.type("text/plain").accept("text/plain");
+        
+        STSClient stsClient = getSTSClient(JWT_TOKEN_TYPE, bus);
+        STSTokenOutInterceptor stsInterceptor = 
+            new STSTokenOutInterceptor(Phase.PRE_LOGICAL, stsClient, new TokenRequestParams());
+        stsInterceptor.getBefore().add(JwtOutFilter.class.getName());
+        WebClient.getConfig(client).getOutInterceptors().add(stsInterceptor);
+        
+        int resp = client.post(numToDouble, Integer.class);
+        org.junit.Assert.assertEquals(2 * numToDouble, resp);
+        
+        bus.shutdown(true);
+    }
+    
+    private STSClient getSTSClient(
+        String tokenType, Bus bus
+    ) throws Exception {
+        STSClient stsClient = new STSClient(bus);
+        String port = STSPORT;
+
+        stsClient.setWsdlLocation("https://localhost:" + port + "/SecurityTokenService/Transport?wsdl");
+        stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
+        stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port");
+
+        Map<String, Object> properties = new HashMap<String, Object>();
+        properties.put(SecurityConstants.USERNAME, "alice");
+        properties.put(
+            SecurityConstants.CALLBACK_HANDLER, 
+            "org.apache.cxf.systest.sts.common.CommonCallbackHandler"
+        );
+
+        stsClient.setProperties(properties);
+        stsClient.setTokenType(tokenType);
+        stsClient.setSendKeyType(false);
+
+        return stsClient;
+    }
+    
+    private static class JwtOutFilter implements ClientRequestFilter {
+        
+        @Override
+        public void filter(ClientRequestContext requestContext) throws IOException {
+            SecurityToken token = 
+                (SecurityToken)requestContext.getProperty(SecurityConstants.TOKEN);
+            if (token == null) {
+                Message m = PhaseInterceptorChain.getCurrentMessage();
+                token = (SecurityToken)m.getContextualProperty(SecurityConstants.TOKEN);
+            }
+            
+            if (token != null && token.getToken() != null) {
+                requestContext.getHeaders().putSingle(HttpHeaders.AUTHORIZATION, 
+                                                      "JWT" + " " + token.getToken().getTextContent());
+            }
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/52d2142b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/Server.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/Server.java
b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/Server.java
new file mode 100644
index 0000000..55e1585
--- /dev/null
+++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/jwt/Server.java
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.jwt;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class Server extends AbstractBusTestServerBase {
+
+    public Server() {
+
+    }
+
+    protected void run()  {
+        URL busFile = Server.class.getResource("cxf-service.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new Server();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/52d2142b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml
b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml
index f33a137..490d5cf 100644
--- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml
+++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-sts.xml
@@ -111,8 +111,7 @@
         <property name="endpoints" ref="transportEndpoints"/>
     </bean>
     <util:list id="transportEndpoints">
-        <value>https://localhost:(\d)*/doubleit/services/doubleittransport.*
-                </value>
+        <value>https://localhost:(\d)*/doubleit/services/doubleit.*</value>
     </util:list>
     <bean id="transportSTSProperties" class="org.apache.cxf.sts.StaticSTSProperties">
         <property name="signaturePropertiesFile" value="stsKeystore.properties"/>

http://git-wip-us.apache.org/repos/asf/cxf/blob/52d2142b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/jwt/DoubleIt.wsdl
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/jwt/DoubleIt.wsdl
b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/jwt/DoubleIt.wsdl
new file mode 100644
index 0000000..2166d33
--- /dev/null
+++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/jwt/DoubleIt.wsdl
@@ -0,0 +1,157 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<wsdl:definitions xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:di="http://www.example.org/schema/DoubleIt"
xmlns:tns="http://www.example.org/contract/DoubleIt" xmlns:wsp="http://www.w3.org/ns/ws-policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:wsaw="http://www.w3.org/2005/08/addressing"
xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" name="DoubleIt" targetNamespace="http://www.example.org/contract/DoubleIt">
+    <wsdl:import location="src/test/resources/DoubleItLogical.wsdl" namespace="http://www.example.org/contract/DoubleIt"/>
+    <wsdl:binding name="DoubleItBinding" type="tns:DoubleItPortType">
+        <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction=""/>
+            <wsdl:input>
+                <soap:body use="literal"/>
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal"/>
+            </wsdl:output>
+        </wsdl:operation>
+    </wsdl:binding>
+    <wsdl:service name="DoubleItService">
+        <wsdl:port name="DoubleItPort" binding="tns:DoubleItBinding">
+            <soap:address location="https://localhost:8081/doubleit/services/doubleit"/>
+        </wsdl:port>
+    </wsdl:service>
+    <wsp:Policy wsu:Id="DoubleItBindingTransportSAML2BearerPolicy">
+        <wsp:ExactlyOne>
+            <wsp:All>
+                <wsam:Addressing wsp:Optional="false">
+                    <wsp:Policy/>
+                </wsam:Addressing>
+                <sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+                    <wsp:Policy>
+                        <sp:TransportToken>
+                            <wsp:Policy>
+                                <sp:HttpsToken>
+                                    <wsp:Policy/>
+                                </sp:HttpsToken>
+                            </wsp:Policy>
+                        </sp:TransportToken>
+                        <sp:AlgorithmSuite>
+                            <wsp:Policy>
+                                <sp:TripleDes/>
+                            </wsp:Policy>
+                        </sp:AlgorithmSuite>
+                        <sp:Layout>
+                            <wsp:Policy>
+                                <sp:Lax/>
+                            </wsp:Policy>
+                        </sp:Layout>
+                        <sp:IncludeTimestamp/>
+                    </wsp:Policy>
+                </sp:TransportBinding>
+                <sp:SignedSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+                    <wsp:Policy>
+                        <sp:IssuedToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                            <sp:RequestSecurityTokenTemplate>
+                                <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType>
+                                <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</t:KeyType>
+                            </sp:RequestSecurityTokenTemplate>
+                            <wsp:Policy>
+                                <sp:RequireInternalReference/>
+                            </wsp:Policy>
+                            <sp:Issuer>
+                                <wsaw:Address>http://localhost:8080/SecurityTokenService/UT
+                                                                </wsaw:Address>
+                                <wsaw:Metadata>
+                                    <wsx:Metadata>
+                                        <wsx:MetadataSection>
+                                            <wsx:MetadataReference>
+                                                <wsaw:Address>http://localhost:8080/SecurityTokenService/UT/mex
+                                                                                        
       </wsaw:Address>
+                                            </wsx:MetadataReference>
+                                        </wsx:MetadataSection>
+                                    </wsx:Metadata>
+                                </wsaw:Metadata>
+                            </sp:Issuer>
+                        </sp:IssuedToken>
+                    </wsp:Policy>
+                </sp:SignedSupportingTokens>
+                <sp:Wss11>
+                    <wsp:Policy>
+                        <sp:MustSupportRefIssuerSerial/>
+                        <sp:MustSupportRefThumbprint/>
+                        <sp:MustSupportRefEncryptedKey/>
+                    </wsp:Policy>
+                </sp:Wss11>
+                <sp:Trust13>
+                    <wsp:Policy>
+                        <sp:MustSupportIssuedTokens/>
+                        <sp:RequireClientEntropy/>
+                        <sp:RequireServerEntropy/>
+                    </wsp:Policy>
+                </sp:Trust13>
+            </wsp:All>
+        </wsp:ExactlyOne>
+    </wsp:Policy>
+    <wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Input_Policy">
+        <wsp:ExactlyOne>
+            <wsp:All>
+                <sp:EncryptedParts>
+                    <sp:Body/>
+                </sp:EncryptedParts>
+                <sp:SignedParts>
+                    <sp:Body/>
+                    <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
+                    <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
+                    <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
+                    <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
+                    <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
+                    <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
+                    <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
+                    <sp:Header Name="AckRequested" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
+                    <sp:Header Name="SequenceAcknowledgement" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
+                    <sp:Header Name="Sequence" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
+                    <sp:Header Name="CreateSequence" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
+                </sp:SignedParts>
+            </wsp:All>
+        </wsp:ExactlyOne>
+    </wsp:Policy>
+    <wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Output_Policy">
+        <wsp:ExactlyOne>
+            <wsp:All>
+                <sp:EncryptedParts>
+                    <sp:Body/>
+                </sp:EncryptedParts>
+                <sp:SignedParts>
+                    <sp:Body/>
+                    <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
+                    <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
+                    <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
+                    <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
+                    <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
+                    <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
+                    <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
+                    <sp:Header Name="AckRequested" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
+                    <sp:Header Name="SequenceAcknowledgement" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
+                    <sp:Header Name="Sequence" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
+                    <sp:Header Name="CreateSequence" Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702"/>
+                </sp:SignedParts>
+            </wsp:All>
+        </wsp:ExactlyOne>
+    </wsp:Policy>
+</wsdl:definitions>

http://git-wip-us.apache.org/repos/asf/cxf/blob/52d2142b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/jwt/cxf-client.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/jwt/cxf-client.xml
b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/jwt/cxf-client.xml
new file mode 100644
index 0000000..924f7d2
--- /dev/null
+++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/jwt/cxf-client.xml
@@ -0,0 +1,39 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:cxf="http://cxf.apache.org/core" xmlns:http="http://cxf.apache.org/transports/http/configuration"
xmlns:sec="http://cxf.apache.org/configuration/security" xsi:schemaLocation=" http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://cxf.apache.org/core
http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd
http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
+    <cxf:bus>
+        <cxf:features>
+            <cxf:logging/>
+        </cxf:features>
+    </cxf:bus>
+    
+    
+    <http:conduit name="https://localhost:.*">
+        <http:tlsClientParameters disableCNCheck="true">
+            <sec:trustManagers>
+                <sec:keyStore type="jks" password="cspass" resource="clientstore.jks"/>
+            </sec:trustManagers>
+            <sec:keyManagers keyPassword="ckpass">
+                <sec:keyStore type="jks" password="cspass" resource="clientstore.jks"/>
+            </sec:keyManagers>
+        </http:tlsClientParameters>
+    </http:conduit>
+    
+</beans>

http://git-wip-us.apache.org/repos/asf/cxf/blob/52d2142b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/jwt/cxf-service.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/jwt/cxf-service.xml
b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/jwt/cxf-service.xml
new file mode 100644
index 0000000..4c2ca11
--- /dev/null
+++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/jwt/cxf-service.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:cxf="http://cxf.apache.org/core"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:jaxrs="http://cxf.apache.org/jaxrs" xsi:schemaLocation="
            http://cxf.apache.org/core             http://cxf.apache.org/schemas/core.xsd
            http://cxf.apache.org/configuration/security             http://cxf.apache.org/schemas/configuration/security.xsd
            http://cxf.apache.org/jaxws             http://cxf.apache.org/schemas/jaxws.xsd
            http://cxf.apache.org/jaxrs             http://cxf.apache.org/schemas/jaxrs.xsd
            http://cxf.apache.org/transports/http/configuration             http://cxf.apache.org/schemas/configuration/http-conf.xsd
            
 http://cxf.apache.org/transports/http-jetty/configuration             http://cxf.apache.org/schemas/configuration/http-jetty.xsd
            http://www.springframework.org/schema/beans             http://www.springframework.org/schema/beans/spring-beans.xsd">
+    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+    <cxf:bus>
+        <cxf:features>
+            <cxf:logging/>
+        </cxf:features>
+    </cxf:bus>
+    
+    <bean id="jwtFilter" class="org.apache.cxf.rs.security.jose.jaxrs.JwtAuthenticationFilter"
/>
+    
+    <jaxrs:server modelRef="classpath:org/apache/cxf/systest/sts/jwt/jaxrs.xml" depends-on="ClientAuthHttpsSettings"
address="https://localhost:${testutil.ports.jwt.Server}/doubleit/services/doubleit-rs">
+        <jaxrs:providers>
+            <ref bean="jwtFilter"/>
+       </jaxrs:providers>
+        <jaxrs:properties>
+            <entry key="rs.security.keystore.type" value="jks" />
+            <entry key="rs.security.keystore.alias" value="mystskey"/>
+            <entry key="rs.security.keystore.password" value="sspass"/>
+            <entry key="rs.security.keystore.file" value="servicestore.jks" />
+            <entry key="rs.security.signature.algorithm" value="RS256" />
+        </jaxrs:properties>
+    </jaxrs:server>
+    
+    <httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf">
+        <httpj:engine port="${testutil.ports.jwt.Server}">
+            <httpj:tlsServerParameters>
+                <sec:keyManagers keyPassword="skpass">
+                    <sec:keyStore type="jks" password="sspass" resource="servicestore.jks"/>
+                </sec:keyManagers>
+                <sec:clientAuthentication want="false" required="false"/>
+            </httpj:tlsServerParameters>
+        </httpj:engine>
+    </httpj:engine-factory>
+</beans>

http://git-wip-us.apache.org/repos/asf/cxf/blob/52d2142b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/jwt/cxf-unit-client.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/jwt/cxf-unit-client.xml
b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/jwt/cxf-unit-client.xml
deleted file mode 100644
index 924f7d2..0000000
--- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/jwt/cxf-unit-client.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<?xml version="1.0"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
- 
- http://www.apache.org/licenses/LICENSE-2.0
- 
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:cxf="http://cxf.apache.org/core" xmlns:http="http://cxf.apache.org/transports/http/configuration"
xmlns:sec="http://cxf.apache.org/configuration/security" xsi:schemaLocation=" http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://cxf.apache.org/core
http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd
http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
-    <cxf:bus>
-        <cxf:features>
-            <cxf:logging/>
-        </cxf:features>
-    </cxf:bus>
-    
-    
-    <http:conduit name="https://localhost:.*">
-        <http:tlsClientParameters disableCNCheck="true">
-            <sec:trustManagers>
-                <sec:keyStore type="jks" password="cspass" resource="clientstore.jks"/>
-            </sec:trustManagers>
-            <sec:keyManagers keyPassword="ckpass">
-                <sec:keyStore type="jks" password="cspass" resource="clientstore.jks"/>
-            </sec:keyManagers>
-        </http:tlsClientParameters>
-    </http:conduit>
-    
-</beans>

http://git-wip-us.apache.org/repos/asf/cxf/blob/52d2142b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/jwt/jaxrs.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/jwt/jaxrs.xml
b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/jwt/jaxrs.xml
new file mode 100644
index 0000000..dc68b35
--- /dev/null
+++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/jwt/jaxrs.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<model xmlns="http://cxf.apache.org/jaxrs">
+    <resource name="org.apache.cxf.systest.sts.jwt.DoubleItPortTypeImpl" path="/">
+        <operation name="doubleIt" verb="POST" path="/" consumes="text/plain" produces="text/plain">
+            <param name="numberToDouble" type="REQUEST_BODY"/>
+        </operation>
+    </resource>
+</model>


Mime
View raw message