cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/3] cxf git commit: Disable taking a UsernameToken with no password as the security context principal
Date Tue, 04 Apr 2017 09:15:38 GMT
Disable taking a UsernameToken with no password as the security context principal

# Conflicts:
#	rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java
#	rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java
#	rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java
#	rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/786604cf
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/786604cf
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/786604cf

Branch: refs/heads/3.1.x-fixes
Commit: 786604cf247878b8625b51d62e749caaf1559006
Parents: 03f4a10
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Apr 4 08:36:35 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Apr 4 08:37:18 2017 +0100

----------------------------------------------------------------------
 .../cxf/rt/security/SecurityConstants.java      | 12 ++++++
 .../cxf/rt/security/utils/SecurityUtils.java    |  5 +++
 .../DefaultWSS4JSecurityContextCreator.java     | 18 +++++++-
 .../wss4j/StaxSecurityContextInInterceptor.java | 44 +++++++++++++++++---
 .../cxf/systest/wssec/examples/ut/server.xml    |  1 +
 .../systest/wssec/examples/ut/stax-server.xml   |  1 +
 .../apache/cxf/systest/ws/ut/server-derived.xml |  7 ++++
 .../org/apache/cxf/systest/ws/ut/server.xml     |  1 +
 .../apache/cxf/systest/ws/ut/stax-server.xml    |  1 +
 9 files changed, 84 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/786604cf/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java b/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java
index 5ee526b..80cf1bd 100644
--- a/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java
@@ -158,6 +158,13 @@ public class SecurityConstants {
             "security.enable.unsigned-saml-assertion.principal";
     
     /**
+     * Whether to allow UsernameTokens with no password to be used as SecurityContext Principals.
+     * The default is false.
+     */
+    public static final String ENABLE_UT_NOPASSWORD_PRINCIPAL =
+            "security.enable.ut-no-password.principal";
+
+    /**
      * Whether to validate the SubjectConfirmation requirements of a received SAML Token
      * (sender-vouches or holder-of-key). The default is true.
      */
@@ -345,7 +352,12 @@ public class SecurityConstants {
             CALLBACK_HANDLER, SAML_CALLBACK_HANDLER, SIGNATURE_PROPERTIES, 
             SIGNATURE_CRYPTO, ENCRYPT_PROPERTIES, ENCRYPT_CRYPTO, ENCRYPT_CERT,
             ENABLE_REVOCATION, SUBJECT_CERT_CONSTRAINTS, ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL,
+<<<<<<< HEAD
             AUDIENCE_RESTRICTION_VALIDATION, SAML_ROLE_ATTRIBUTENAME, 
+=======
+            ENABLE_UT_NOPASSWORD_PRINCIPAL,
+            AUDIENCE_RESTRICTION_VALIDATION, SAML_ROLE_ATTRIBUTENAME,
+>>>>>>> b77e43f... Disable taking a UsernameToken with no password as
the security context principal
             ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, SC_FROM_JAAS_SUBJECT,
             STS_TOKEN_USE_CERT_FOR_KEYINFO, STS_TOKEN_DO_CANCEL, CACHE_ISSUED_TOKEN_IN_ENDPOINT,
             DISABLE_STS_CLIENT_WSMEX_CALL_USING_EPR_ADDRESS, STS_TOKEN_CRYPTO,

http://git-wip-us.apache.org/repos/asf/cxf/blob/786604cf/rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java
----------------------------------------------------------------------
diff --git a/rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java
b/rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java
index b679edb..a0419de 100644
--- a/rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java
+++ b/rt/security/src/main/java/org/apache/cxf/rt/security/utils/SecurityUtils.java
@@ -183,11 +183,16 @@ public final class SecurityUtils {
      * values. If none is configured, then the defaultValue parameter is returned.
      */
     public static boolean getSecurityPropertyBoolean(String property, Message message, boolean
defaultValue) {
+<<<<<<< HEAD
         Object value = message.getContextualProperty(property);
         if (value == null) {
             value = message.getContextualProperty("ws-" + property);
         }
         
+=======
+        Object value = getSecurityPropertyValue(property, message);
+
+>>>>>>> b77e43f... Disable taking a UsernameToken with no password as
the security context principal
         if (value != null) {
             return PropertyUtils.isTrue(value);
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/786604cf/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java
index 5a832ef..cd15d46 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultWSS4JSecurityContextCreator.java
@@ -66,6 +66,7 @@ public class DefaultWSS4JSecurityContextCreator implements WSS4JSecurityContextC
      * Create a SecurityContext and store it on the SoapMessage parameter
      */
     public void createSecurityContext(SoapMessage msg, WSHandlerResult handlerResult) {
+<<<<<<< HEAD
         
         String allowUnsigned = 
             (String)SecurityUtils.getSecurityPropertyValue(
@@ -74,6 +75,20 @@ public class DefaultWSS4JSecurityContextCreator implements WSS4JSecurityContextC
         boolean allowUnsignedSamlPrincipals = Boolean.parseBoolean(allowUnsigned);
         boolean useJAASSubject = true; 
         String useJAASSubjectStr = 
+=======
+
+        boolean allowUnsignedSamlPrincipals =
+            SecurityUtils.getSecurityPropertyBoolean(
+                SecurityConstants.ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, msg, false
+            );
+        boolean allowUTNoPassword =
+            SecurityUtils.getSecurityPropertyBoolean(
+                SecurityConstants.ENABLE_UT_NOPASSWORD_PRINCIPAL, msg, false
+            );
+
+        boolean useJAASSubject = true;
+        String useJAASSubjectStr =
+>>>>>>> b77e43f... Disable taking a UsernameToken with no password as
the security context principal
             (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.SC_FROM_JAAS_SUBJECT,
msg);
         if (useJAASSubjectStr != null) {
             useJAASSubject = Boolean.parseBoolean(useJAASSubjectStr);
@@ -82,7 +97,8 @@ public class DefaultWSS4JSecurityContextCreator implements WSS4JSecurityContextC
         // Now go through the results in a certain order to set up a security context. Highest
priority is first.
         Map<Integer, List<WSSecurityEngineResult>> actionResults = handlerResult.getActionResults();
         for (Integer resultPriority : securityPriorities) {
-            if (resultPriority == WSConstants.ST_UNSIGNED && !allowUnsignedSamlPrincipals)
{
+            if ((resultPriority == WSConstants.ST_UNSIGNED && !allowUnsignedSamlPrincipals)
+                || (resultPriority == WSConstants.UT_NOPASSWORD && !allowUTNoPassword))
{
                 continue;
             }
             

http://git-wip-us.apache.org/repos/asf/cxf/blob/786604cf/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java
index c20105a..82cc6a1 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxSecurityContextInInterceptor.java
@@ -31,6 +31,7 @@ import org.apache.cxf.binding.soap.SoapVersion;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.interceptor.security.DefaultSecurityContext;
 import org.apache.cxf.interceptor.security.RolePrefixSecurityContextImpl;
+import org.apache.cxf.message.Message;
 import org.apache.cxf.phase.AbstractPhaseInterceptor;
 import org.apache.cxf.phase.Phase;
 import org.apache.cxf.rt.security.claims.ClaimCollection;
@@ -101,7 +102,7 @@ public class StaxSecurityContextInInterceptor extends AbstractPhaseInterceptor<S
         for (Event desiredEvent : desiredSecurityEvents) {
             SubjectAndPrincipalSecurityToken token = null;
             try {
-                token = getSubjectPrincipalToken(incomingSecurityEventList, desiredEvent);
+                token = getSubjectPrincipalToken(incomingSecurityEventList, desiredEvent,
msg);
             } catch (XMLSecurityException ex) {
                 // proceed
             }
@@ -159,13 +160,15 @@ public class StaxSecurityContextInInterceptor extends AbstractPhaseInterceptor<S
     }
     
     private SubjectAndPrincipalSecurityToken getSubjectPrincipalToken(List<SecurityEvent>
incomingSecurityEventList,
-                                                                      Event desiredEvent)
throws XMLSecurityException {
+                                                                      Event desiredEvent,
+                                                                      Message msg) throws
XMLSecurityException {
         for (SecurityEvent event : incomingSecurityEventList) {
             if (desiredEvent == event.getSecurityEventType()) {
-                if (event.getSecurityEventType() == WSSecurityEventConstants.USERNAME_TOKEN)
{
+                if (event.getSecurityEventType() == WSSecurityEventConstants.USERNAME_TOKEN
+                    && isUsernameTokenEventAllowed((UsernameTokenSecurityEvent)event,
msg)) {
                     return ((UsernameTokenSecurityEvent)event).getSecurityToken();
                 } else if (event.getSecurityEventType() == WSSecurityEventConstants.SAML_TOKEN
-                    && isSamlEventSigned((SamlTokenSecurityEvent)event)) {
+                    && isSamlEventAllowed((SamlTokenSecurityEvent)event, msg)) {
                     return ((SamlTokenSecurityEvent)event).getSecurityToken();
                 } else if (event.getSecurityEventType() == WSSecurityEventConstants.X509Token
                     && isUsedForPublicKeySignature(((X509TokenSecurityEvent)event).getSecurityToken()))
{
@@ -209,6 +212,7 @@ public class StaxSecurityContextInInterceptor extends AbstractPhaseInterceptor<S
         return token.getPublicKey() != null 
             || (token.getX509Certificates() != null && token.getX509Certificates().length
> 0);
     }
+<<<<<<< HEAD
     
     private boolean isSamlEventSigned(SamlTokenSecurityEvent event) {
         if (event == null) {
@@ -216,8 +220,38 @@ public class StaxSecurityContextInInterceptor extends AbstractPhaseInterceptor<S
         }
         
         return event.getSecurityToken() != null 
+=======
+
+    private boolean isSamlEventAllowed(SamlTokenSecurityEvent event, Message msg) {
+        if (event == null) {
+            return false;
+        }
+
+        boolean allowUnsignedSamlPrincipals =
+            SecurityUtils.getSecurityPropertyBoolean(
+                SecurityConstants.ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, msg, false
+            );
+
+        // The SAML Assertion must be signed by default
+        return event.getSecurityToken() != null
+>>>>>>> b77e43f... Disable taking a UsernameToken with no password as
the security context principal
             && event.getSecurityToken().getSamlAssertionWrapper() != null
-            && event.getSecurityToken().getSamlAssertionWrapper().isSigned();
+            && (allowUnsignedSamlPrincipals || event.getSecurityToken().getSamlAssertionWrapper().isSigned());
+    }
+
+    private boolean isUsernameTokenEventAllowed(UsernameTokenSecurityEvent event, Message
msg) {
+        if (event == null) {
+            return false;
+        }
+
+        boolean allowUTNoPassword =
+            SecurityUtils.getSecurityPropertyBoolean(
+                SecurityConstants.ENABLE_UT_NOPASSWORD_PRINCIPAL, msg, false
+            );
+
+        // The "no password" case is not allowed by default
+        return event.getSecurityToken() != null
+            && (allowUTNoPassword || event.getSecurityToken().getPassword() != null);
     }
     
     private SecurityContext createSecurityContext(final Principal p) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/786604cf/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/server.xml
b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/server.xml
index 0c6a11e..3491d4d 100644
--- a/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/server.xml
+++ b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/server.xml
@@ -32,6 +32,7 @@
     </jaxws:endpoint>
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="PlaintextNoPassword"
address="http://localhost:${testutil.ports.ut.Server}/DoubleItUTPlaintextNoPassword" serviceName="s:DoubleItService"
endpointName="s:DoubleItPlaintextNoPasswordPort" implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl"
wsdlLocation="org/apache/cxf/systest/wssec/examples/ut/DoubleItUt.wsdl">
         <jaxws:properties>
+            <entry key="security.enable.ut-no-password.principal" value="true"/>
             <entry key="security.callback-handler" value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/>
         </jaxws:properties>
     </jaxws:endpoint>

http://git-wip-us.apache.org/repos/asf/cxf/blob/786604cf/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/stax-server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/stax-server.xml
b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/stax-server.xml
index aa64f48..2d258d2 100644
--- a/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/stax-server.xml
+++ b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/stax-server.xml
@@ -33,6 +33,7 @@
     </jaxws:endpoint>
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="PlaintextNoPassword"
address="http://localhost:${testutil.ports.ut.StaxServer}/DoubleItUTPlaintextNoPassword" serviceName="s:DoubleItService"
endpointName="s:DoubleItPlaintextNoPasswordPort" implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl"
wsdlLocation="org/apache/cxf/systest/wssec/examples/ut/DoubleItUt.wsdl">
         <jaxws:properties>
+            <entry key="security.enable.ut-no-password.principal" value="true"/>
             <entry key="security.callback-handler" value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/>
             <entry key="ws-security.enable.streaming" value="true"/>
         </jaxws:properties>

http://git-wip-us.apache.org/repos/asf/cxf/blob/786604cf/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server-derived.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server-derived.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server-derived.xml
index c114b8e..12e6d69 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server-derived.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server-derived.xml
@@ -28,26 +28,31 @@
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="SymmetricSignature"
address="http://localhost:${testutil.ports.ut.ServerDerived}/DoubleItUTDerivedSymmetricProtectionSig"
serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetricProtectionSigPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl"
wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUtDerived.wsdl">
         <jaxws:properties>
             <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+            <entry key="security.enable.ut-no-password.principal" value="true"/>
         </jaxws:properties>
     </jaxws:endpoint>
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="SymmetricSignatureDK"
address="http://localhost:${testutil.ports.ut.ServerDerived}/DoubleItUTDerivedSymmetricProtectionSigDK"
serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetricProtectionSigDKPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl"
wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUtDerived.wsdl">
         <jaxws:properties>
             <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+            <entry key="security.enable.ut-no-password.principal" value="true"/>
         </jaxws:properties>
     </jaxws:endpoint>
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="SymmetricEncryption"
address="http://localhost:${testutil.ports.ut.ServerDerived}/DoubleItUTDerivedSymmetricProtectionEnc"
serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetricProtectionEncPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl"
wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUtDerived.wsdl">
         <jaxws:properties>
             <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+            <entry key="security.enable.ut-no-password.principal" value="true"/>
         </jaxws:properties>
     </jaxws:endpoint>
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="TransportEndorsing"
address="https://localhost:${testutil.ports.ut.ServerDerived.2}/DoubleItUTDerivedTransportEndorsing"
serviceName="s:DoubleItService" endpointName="s:DoubleItTransportEndorsingPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl"
depends-on="tls-settings" wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUtDerived.wsdl">
         <jaxws:properties>
             <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+            <entry key="security.enable.ut-no-password.principal" value="true"/>
         </jaxws:properties>
     </jaxws:endpoint>
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="SymmetricSignedEndorsing"
address="http://localhost:${testutil.ports.ut.ServerDerived}/DoubleItUTDerivedSymmetricSignedEndorsing"
serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetricSignedEndorsingPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl"
wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUtDerived.wsdl">
         <jaxws:properties>
             <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+            <entry key="security.enable.ut-no-password.principal" value="true"/>
             <entry key="security.signature.properties" value="bob.properties"/>
             <entry key="security.subject.cert.constraints" value=".*O=apache.org.*"/>
         </jaxws:properties>
@@ -55,6 +60,7 @@
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="SymmetricEndorsingEncrypted"
address="http://localhost:${testutil.ports.ut.ServerDerived}/DoubleItUTDerivedSymmetricEndorsingEncrypted"
serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetricEndorsingEncryptedPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl"
wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUtDerived.wsdl">
         <jaxws:properties>
             <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+            <entry key="security.enable.ut-no-password.principal" value="true"/>
             <entry key="security.signature.properties" value="bob.properties"/>
             <entry key="security.subject.cert.constraints" value=".*O=apache.org.*"/>
         </jaxws:properties>
@@ -62,6 +68,7 @@
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="SymmetricSignedEndorsingEncrypted"
address="http://localhost:${testutil.ports.ut.ServerDerived}/DoubleItUTDerivedSymmetricSignedEndorsingEncrypted"
serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetricSignedEndorsingEncryptedPort"
implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl" wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUtDerived.wsdl">
         <jaxws:properties>
             <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+            <entry key="security.enable.ut-no-password.principal" value="true"/>
             <entry key="security.signature.properties" value="bob.properties"/>
             <entry key="security.subject.cert.constraints" value=".*O=apache.org.*"/>
         </jaxws:properties>

http://git-wip-us.apache.org/repos/asf/cxf/blob/786604cf/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server.xml
index 8084a66..0da6275 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server.xml
@@ -70,6 +70,7 @@
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="NoPassword"
address="https://localhost:${testutil.ports.ut.Server}/DoubleItUTNoPassword" serviceName="s:DoubleItService"
endpointName="s:DoubleItNoPasswordPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl"
wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUt.wsdl" depends-on="tls-settings">
         <jaxws:properties>
             <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+            <entry key="security.enable.ut-no-password.principal" value="true"/>
         </jaxws:properties>
     </jaxws:endpoint>
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="SignedEndorsing"
address="https://localhost:${testutil.ports.ut.Server}/DoubleItUTSignedEndorsing" serviceName="s:DoubleItService"
endpointName="s:DoubleItSignedEndorsingPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl"
wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUt.wsdl" depends-on="tls-settings">

http://git-wip-us.apache.org/repos/asf/cxf/blob/786604cf/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/stax-server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/stax-server.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/stax-server.xml
index 3a32e5e..bb829a2 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/stax-server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/stax-server.xml
@@ -75,6 +75,7 @@
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="NoPassword"
address="https://localhost:${testutil.ports.ut.StaxServer}/DoubleItUTNoPassword" serviceName="s:DoubleItService"
endpointName="s:DoubleItNoPasswordPort" implementor="org.apache.cxf.systest.ws.common.DoubleItPortTypeImpl"
wsdlLocation="org/apache/cxf/systest/ws/ut/DoubleItUt.wsdl" depends-on="tls-settings">
         <jaxws:properties>
             <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+            <entry key="security.enable.ut-no-password.principal" value="true"/>
             <entry key="ws-security.enable.streaming" value="true"/>
         </jaxws:properties>
     </jaxws:endpoint>


Mime
View raw message