cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: [CXF-5525] - Adding a JAX-WS property to disable client cert verification policy check + tests
Date Thu, 02 Mar 2017 18:19:27 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 13d33c9ed -> 0252de53c


[CXF-5525] - Adding a JAX-WS property to disable client cert verification policy check + tests


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0252de53
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0252de53
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0252de53

Branch: refs/heads/master
Commit: 0252de53c8b2bd230544e7c9cffc9355741dc2f1
Parents: 13d33c9
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Mar 2 18:17:05 2017 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Mar 2 18:17:54 2017 +0000

----------------------------------------------------------------------
 .../apache/cxf/transport/http/HTTPConduit.java  |  7 ++-
 .../cxf/transport/http/MessageTrustDecider.java |  6 +--
 .../cxf/ws/security/SecurityConstants.java      | 11 ++++-
 .../HttpsTokenInterceptorProvider.java          | 46 ++++++++++++--------
 .../cxf/systest/ws/https/HttpsTokenTest.java    | 44 +++++++++++++++++++
 .../cxf/systest/ws/https/DoubleItHttps.wsdl     |  6 +++
 .../org/apache/cxf/systest/ws/https/client.xml  | 26 +++++++++++
 .../org/apache/cxf/systest/ws/https/server.xml  | 14 ++++++
 .../apache/cxf/systest/ws/https/stax-server.xml | 20 +++++++++
 9 files changed, 153 insertions(+), 27 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/0252de53/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
----------------------------------------------------------------------
diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
index 8314c14..30798f7 100644
--- a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
+++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
@@ -1762,10 +1762,9 @@ public abstract class HTTPConduit
                     // already connected.
                     HttpsURLConnectionInfo info = getHttpsURLConnectionInfo();
                     if (trustDecider != null) {
-                        trustDecider.establishTrust(
-                                conduitName,
-                            info,
-                            outMessage);
+                        trustDecider.establishTrust(conduitName,
+                                                    info,
+                                                    outMessage);
                         if (LOG.isLoggable(Level.FINE)) {
                             LOG.log(Level.FINE, "Trust Decider "
                                 + trustDecider.getLogicalName()

http://git-wip-us.apache.org/repos/asf/cxf/blob/0252de53/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java
----------------------------------------------------------------------
diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java
b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java
index ac3efb8..8cd2fff 100644
--- a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java
+++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/MessageTrustDecider.java
@@ -29,9 +29,9 @@ import org.apache.cxf.message.Message;
  * java.net.URLConnection implementations.
  *
  * The HttpURLConnection will be set up and connected, but no data
- * yet sent (at least according to the JDK 1.5 default implemenation),
+ * yet sent (at least according to the JDK 1.5 default implementation),
  * and in the case of an HttpsURLConnection (again with caveat on
- * particular java.net.HttpsURLConnection implemenation), the TLS handshake
+ * particular java.net.HttpsURLConnection implementation), the TLS handshake
  * will be completed and certain TLS artifacts will be available.
  * <p>
  * Each MessageTrustDecider has a "logical" name that may be used in logging
@@ -89,7 +89,7 @@ public abstract class MessageTrustDecider {
      * The HTTPConduit calls this message on every redirect, however, it is
      * impossible to tell where it has been redirected from.
      *
-     * TODO: What are the exising Message Properties at the point of this call?
+     * TODO: What are the existing Message Properties at the point of this call?
      *
      * @param conduitName    This parameter contains the logical name
      *                       for the conduit that this trust decider

http://git-wip-us.apache.org/repos/asf/cxf/blob/0252de53/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
index 7e91fc2..1784e6e 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
@@ -145,6 +145,14 @@ public final class SecurityConstants extends org.apache.cxf.rt.security.Security
      * Signatures using WSConstants.C14N_EXCL_OMIT_COMMENTS. Default is "true".
      */
     public static final String ADD_INCLUSIVE_PREFIXES = "ws-security.add.inclusive.prefixes";
+    
+    /**
+     * Whether to disable the enforcement of the WS-SecurityPolicy 'RequireClientCertificate'
policy. 
+     * Default is "false". Some servers may not do client certificate verification at the
start of the SSL 
+     * handshake, and therefore the client certs may not be available to the WS-Security
layer for policy 
+     * verification at that time.
+     */
+    public static final String DISABLE_REQ_CLIENT_CERT_CHECK = "ws-security.disable.require.client.cert.check";
 
     //
     // Non-boolean WS-Security Configuration parameters
@@ -416,7 +424,8 @@ public final class SecurityConstants extends org.apache.cxf.rt.security.Security
             CACHE_IDENTIFIER, DELEGATED_CREDENTIAL, KERBEROS_USE_CREDENTIAL_DELEGATION,
             KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM, KERBEROS_REQUEST_CREDENTIAL_DELEGATION,
             POLICY_VALIDATOR_MAP, STORE_BYTES_IN_ATTACHMENT, USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM,
-            SYMMETRIC_SIGNATURE_ALGORITHM, SECURITY_CONTEXT_CREATOR, SECURITY_TOKEN_LIFETIME
+            SYMMETRIC_SIGNATURE_ALGORITHM, SECURITY_CONTEXT_CREATOR, SECURITY_TOKEN_LIFETIME,
+            DISABLE_REQ_CLIENT_CERT_CHECK
         }));
         for (String commonProperty : COMMON_PROPERTIES) {
             s.add(commonProperty);

http://git-wip-us.apache.org/repos/asf/cxf/blob/0252de53/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
index 2ff1ea6..b2c24f6 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
@@ -36,6 +36,7 @@ import org.apache.cxf.configuration.security.AuthorizationPolicy;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.phase.AbstractPhaseInterceptor;
 import org.apache.cxf.phase.Phase;
 import org.apache.cxf.security.SecurityContext;
@@ -48,6 +49,7 @@ import org.apache.cxf.ws.policy.AbstractPolicyInterceptorProvider;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.policy.PolicyException;
+import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor;
 import org.apache.wss4j.policy.SP11Constants;
@@ -121,26 +123,32 @@ public class HttpsTokenInterceptorProvider extends AbstractPolicyInterceptorProv
                 if ("https".equals(scheme)) {
                     if (token.getAuthenticationType()
                         == HttpsToken.AuthenticationType.RequireClientCertificate) {
-                        final MessageTrustDecider orig = message.get(MessageTrustDecider.class);
-                        MessageTrustDecider trust = new MessageTrustDecider() {
-                            public void establishTrust(String conduitName,
-                                                       URLConnectionInfo connectionInfo,
-                                                       Message message)
-                                throws UntrustedURLConnectionIOException {
-                                if (orig != null) {
-                                    orig.establishTrust(conduitName, connectionInfo, message);
+                        boolean disableClientCertCheck =
+                            MessageUtils.getContextualBoolean(message, 
+                                                              SecurityConstants.DISABLE_REQ_CLIENT_CERT_CHECK,

+                                                              false);
+                        if (!disableClientCertCheck) {
+                            final MessageTrustDecider orig = message.get(MessageTrustDecider.class);
+                            MessageTrustDecider trust = new MessageTrustDecider() {
+                                public void establishTrust(String conduitName,
+                                                           URLConnectionInfo connectionInfo,
+                                                           Message message)
+                                    throws UntrustedURLConnectionIOException {
+                                    if (orig != null) {
+                                        orig.establishTrust(conduitName, connectionInfo,
message);
+                                    }
+                                    HttpsURLConnectionInfo info = (HttpsURLConnectionInfo)connectionInfo;
+                                    if (info.getLocalCertificates() == null
+                                        || info.getLocalCertificates().length == 0) {
+                                        throw new UntrustedURLConnectionIOException(
+                                            "RequireClientCertificate is set, "
+                                            + "but no local certificates were negotiated.
 Is"
+                                            + " the server set to ask for client authorization?");
+                                    }
                                 }
-                                HttpsURLConnectionInfo info = (HttpsURLConnectionInfo)connectionInfo;
-                                if (info.getLocalCertificates() == null
-                                    || info.getLocalCertificates().length == 0) {
-                                    throw new UntrustedURLConnectionIOException(
-                                        "RequireClientCertificate is set, "
-                                        + "but no local certificates were negotiated.  Is"
-                                        + " the server set to ask for client authorization?");
-                                }
-                            }
-                        };
-                        message.put(MessageTrustDecider.class, trust);
+                            };
+                            message.put(MessageTrustDecider.class, trust);
+                        }
                         PolicyUtils.assertPolicy(aim, new QName(token.getName().getNamespaceURI(),
                                                                 SPConstants.REQUIRE_CLIENT_CERTIFICATE));
                     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/0252de53/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java
index 21a8123..2875780 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java
@@ -130,6 +130,50 @@ public class HttpsTokenTest extends AbstractBusClientServerTestBase {
         ((java.io.Closeable)port).close();
         bus.shutdown(true);
     }
+    
+    @org.junit.Test
+    public void testNoClientCertRequirement() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = HttpsTokenTest.class.getResource("client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = HttpsTokenTest.class.getResource("DoubleItHttps.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItNoClientCertRequirementPort");
+        DoubleItPortType port =
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(port, test.getPort());
+
+        if (test.isStreaming()) {
+            SecurityTestUtil.enableStreaming(port);
+        }
+
+        try {
+            port.doubleIt(25);
+            fail("(Policy) Failure expected on not using a client cert");
+        } catch (Exception ex) {
+            // expected
+        }
+     
+        // This should work, as we're disable the RequireClientCertificate check via a
+        // JAX-WS property
+        portQName = new QName(NAMESPACE, "DoubleItNoClientCertRequirementPort2");
+        port = service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(port, test.getPort());
+
+        if (test.isStreaming()) {
+            SecurityTestUtil.enableStreaming(port);
+        }
+
+        port.doubleIt(25);
+        
+        ((java.io.Closeable)port).close();
+        bus.shutdown(true);
+    }
 
     @org.junit.Test
     public void testBasicAuth() throws Exception {

http://git-wip-us.apache.org/repos/asf/cxf/blob/0252de53/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/DoubleItHttps.wsdl
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/DoubleItHttps.wsdl
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/DoubleItHttps.wsdl
index 3db601c..9def79d 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/DoubleItHttps.wsdl
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/DoubleItHttps.wsdl
@@ -41,6 +41,12 @@
         <wsdl:port name="DoubleItRequireClientCertPort2" binding="tns:DoubleItInlinePolicyBinding">
             <soap:address location="https://localhost:9009/DoubleItRequireClientCert2"/>
         </wsdl:port>
+        <wsdl:port name="DoubleItNoClientCertRequirementPort" binding="tns:DoubleItInlinePolicyBinding">
+            <soap:address location="https://localhost:9009/DoubleItNoClientCertRequirement"/>
+        </wsdl:port>
+        <wsdl:port name="DoubleItNoClientCertRequirementPort2" binding="tns:DoubleItInlinePolicyBinding">
+            <soap:address location="https://localhost:9009/DoubleItNoClientCertRequirement2"/>
+        </wsdl:port>
         <wsdl:port name="DoubleItBasicAuthPort" binding="tns:DoubleItInlinePolicyBinding">
             <soap:address location="https://localhost:9009/DoubleItBasicAuth"/>
         </wsdl:port>

http://git-wip-us.apache.org/repos/asf/cxf/blob/0252de53/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/client.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/client.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/client.xml
index 2ef7540..6572805 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/client.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/client.xml
@@ -34,6 +34,13 @@
             </sec:trustManagers>
         </http:tlsClientParameters>
     </http:conduit>
+    <http:conduit name="https://localhost:.*/DoubleItNoClientCertRequirement.*">
+        <http:tlsClientParameters disableCNCheck="true">
+            <sec:trustManagers>
+                <sec:keyStore type="jks" password="password" resource="keys/Truststore.jks"/>
+            </sec:trustManagers>
+        </http:tlsClientParameters>
+    </http:conduit>
     <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItRequireClientCertPort"
createdFromAPI="true">
         <jaxws:properties>
        </jaxws:properties>
@@ -59,6 +66,25 @@
             </p:policies>
         </jaxws:features>
     </jaxws:client>
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItNoClientCertRequirementPort"
createdFromAPI="true">
+        <jaxws:properties>
+       </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" URI="classpath:/org/apache/cxf/systest/ws/https/req-client-cert-policy.xml"/>
+            </p:policies>
+        </jaxws:features>
+    </jaxws:client>
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItNoClientCertRequirementPort2"
createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="ws-security.disable.require.client.cert.check" value="true"/>
+       </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" URI="classpath:/org/apache/cxf/systest/ws/https/req-client-cert-policy.xml"/>
+            </p:policies>
+        </jaxws:features>
+    </jaxws:client>
     <http:conduit name="https://localhost:.*/DoubleItBasicAuth">
         <http:tlsClientParameters disableCNCheck="true">
             <sec:trustManagers>

http://git-wip-us.apache.org/repos/asf/cxf/blob/0252de53/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/server.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/server.xml
index 89ba4b9..e0a11b4 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/server.xml
@@ -56,6 +56,20 @@
             </p:policies>
         </jaxws:features>
     </jaxws:endpoint>
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="NoClientCertRequirement"
address="https://localhost:${testutil.ports.https.Server}/DoubleItNoClientCertRequirement"
serviceName="s:DoubleItService" endpointName="s:DoubleItNoClientCertRequirementPort" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/https/DoubleItHttps.wsdl" depends-on="tls-settings">
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" URI="classpath:/org/apache/cxf/systest/ws/https/clean-policy.xml"/>
+            </p:policies>
+        </jaxws:features>
+    </jaxws:endpoint>
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="NoClientCertRequirement2"
address="https://localhost:${testutil.ports.https.Server}/DoubleItNoClientCertRequirement2"
serviceName="s:DoubleItService" endpointName="s:DoubleItNoClientCertRequirementPort2" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/https/DoubleItHttps.wsdl" depends-on="tls-settings">
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" URI="classpath:/org/apache/cxf/systest/ws/https/clean-policy.xml"/>
+            </p:policies>
+        </jaxws:features>
+    </jaxws:endpoint>
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="BasicAuth"
address="https://localhost:${testutil.ports.https.Server}/DoubleItBasicAuth" serviceName="s:DoubleItService"
endpointName="s:DoubleItBasicAuthPort" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/https/DoubleItHttps.wsdl" depends-on="tls-settings">
         <jaxws:features>
             <p:policies>

http://git-wip-us.apache.org/repos/asf/cxf/blob/0252de53/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/stax-server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/stax-server.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/stax-server.xml
index 75e48f0..3e4a239 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/stax-server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/stax-server.xml
@@ -62,6 +62,26 @@
             <entry key="ws-security.enable.streaming" value="true"/>
         </jaxws:properties>
     </jaxws:endpoint>
+       <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="NoClientCertRequirement"
address="https://localhost:${testutil.ports.https.StaxServer}/DoubleItNoClientCertRequirement"
serviceName="s:DoubleItService" endpointName="s:DoubleItNoClientCertRequirementPort" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/https/DoubleItHttps.wsdl" depends-on="tls-settings">
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" URI="classpath:/org/apache/cxf/systest/ws/https/clean-policy.xml"/>
+            </p:policies>
+        </jaxws:features>
+        <jaxws:properties>
+            <entry key="ws-security.enable.streaming" value="true"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="NoClientCertRequirement2"
address="https://localhost:${testutil.ports.https.StaxServer}/DoubleItNoClientCertRequirement2"
serviceName="s:DoubleItService" endpointName="s:DoubleItNoClientCertRequirementPort2" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/https/DoubleItHttps.wsdl" depends-on="tls-settings">
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" URI="classpath:/org/apache/cxf/systest/ws/https/clean-policy.xml"/>
+            </p:policies>
+        </jaxws:features>
+        <jaxws:properties>
+            <entry key="ws-security.enable.streaming" value="true"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="BasicAuth"
address="https://localhost:${testutil.ports.https.StaxServer}/DoubleItBasicAuth" serviceName="s:DoubleItService"
endpointName="s:DoubleItBasicAuthPort" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/https/DoubleItHttps.wsdl" depends-on="tls-settings">
         <jaxws:features>
             <p:policies>


Mime
View raw message