From commits-return-46374-apmail-cxf-commits-archive=cxf.apache.org@cxf.apache.org  Mon May 15 08:56:13 2017
Return-Path: <commits-return-46374-apmail-cxf-commits-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-commits-archive@www.apache.org
Delivered-To: apmail-cxf-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id D997619A52
	for <apmail-cxf-commits-archive@www.apache.org>; Mon, 15 May 2017 08:56:13 +0000 (UTC)
Received: (qmail 48463 invoked by uid 500); 15 May 2017 08:56:13 -0000
Delivered-To: apmail-cxf-commits-archive@cxf.apache.org
Received: (qmail 48396 invoked by uid 500); 15 May 2017 08:56:13 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 48387 invoked by uid 99); 15 May 2017 08:56:12 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 15 May 2017 08:56:12 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33)
	id B7194DFBC8; Mon, 15 May 2017 08:56:12 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: coheigea@apache.org
To: commits@cxf.apache.org
Message-Id: <2c493ddd7db14f8bba6fbb000f3af79a@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: cxf git commit: Switching to use Apache Kerby 1.0.0 for kerberos
 integration testing
Date: Mon, 15 May 2017 08:56:12 +0000 (UTC)

Repository: cxf
Updated Branches:
  refs/heads/master d05916a30 -> 553329cd3


Switching to use Apache Kerby 1.0.0 for kerberos integration testing


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/553329cd
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/553329cd
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/553329cd

Branch: refs/heads/master
Commit: 553329cd35e14013fbf727b392cf40374f399ba3
Parents: d05916a
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon May 15 09:55:58 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon May 15 09:55:58 2017 +0100

----------------------------------------------------------------------
 parent/pom.xml                                  |   1 +
 systests/kerberos/pom.xml                       |  40 +------
 .../jaxrs/kerberos/JAXRSKerberosBookTest.java   | 112 ++++++------------
 .../wssec/kerberos/KerberosTokenTest.java       | 114 ++++++-------------
 .../kerberos/wssec/spnego/SpnegoTokenTest.java  | 114 ++++++-------------
 .../kerberos/src/test/resources/kerberos.ldif   |  51 ---------
 systests/kerberos/src/test/resources/krb5.conf  |   7 --
 7 files changed, 105 insertions(+), 334 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/553329cd/parent/pom.xml
----------------------------------------------------------------------
diff --git a/parent/pom.xml b/parent/pom.xml
index 54fef14..3509a09 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -95,6 +95,7 @@
         <cxf.httpcomponents.core.version.range>[4.3,4.5.0)</cxf.httpcomponents.core.version.range>
         <cxf.jackson.version>2.8.7</cxf.jackson.version>
         <cxf.james.mim4j.version>0.7.2</cxf.james.mim4j.version>
+        <cxf.kerby.version>1.0.0</cxf.kerby.version>
         <cxf.logback.classic.version>1.2.2</cxf.logback.classic.version>
         <cxf.log4j.version>1.2.17</cxf.log4j.version>
         <cxf.lucene.version>4.9.0</cxf.lucene.version>

http://git-wip-us.apache.org/repos/asf/cxf/blob/553329cd/systests/kerberos/pom.xml
----------------------------------------------------------------------
diff --git a/systests/kerberos/pom.xml b/systests/kerberos/pom.xml
index 8e4e540..e1b3ba6 100644
--- a/systests/kerberos/pom.xml
+++ b/systests/kerberos/pom.xml
@@ -241,44 +241,10 @@
             </exclusions>
         </dependency>
         <dependency>
-            <groupId>org.apache.directory.server</groupId>
-            <artifactId>apacheds-protocol-kerberos</artifactId>
-            <version>${cxf.apacheds.version}</version>
-            <scope>test</scope>
-            <exclusions>
-                <exclusion>
-                    <groupId>bouncycastle</groupId>
-                    <artifactId>bcprov-jdk15</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>net.sf.ehcache</groupId>
-                    <artifactId>ehcache-core</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.directory.server</groupId>
-            <artifactId>apacheds-interceptor-kerberos</artifactId>
-            <version>${cxf.apacheds.version}</version>
+            <groupId>org.apache.kerby</groupId>
+            <artifactId>kerb-simplekdc</artifactId>
+            <version>${cxf.kerby.version}</version>
             <scope>test</scope>
-            <exclusions>
-                <exclusion>
-                    <groupId>bouncycastle</groupId>
-                    <artifactId>bcprov-jdk15</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.directory.server</groupId>
-            <artifactId>apacheds-kerberos-codec</artifactId>
-            <version>${cxf.apacheds.version}</version>
-            <scope>test</scope>
-            <exclusions>
-                <exclusion>
-                    <groupId>net.sf.ehcache</groupId>
-                    <artifactId>ehcache-core</artifactId>
-                </exclusion>
-            </exclusions>
         </dependency>
         <dependency>
             <groupId>org.springframework.ldap</groupId>

http://git-wip-us.apache.org/repos/asf/cxf/blob/553329cd/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/jaxrs/kerberos/JAXRSKerberosBookTest.java
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/jaxrs/kerberos/JAXRSKerberosBookTest.java b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/jaxrs/kerberos/JAXRSKerberosBookTest.java
index d937f1f..65346dc 100644
--- a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/jaxrs/kerberos/JAXRSKerberosBookTest.java
+++ b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/jaxrs/kerberos/JAXRSKerberosBookTest.java
@@ -20,10 +20,6 @@
 package org.apache.cxf.systest.kerberos.jaxrs.kerberos;
 
 import java.io.File;
-import java.nio.charset.StandardCharsets;
-import java.nio.file.FileSystems;
-import java.nio.file.Files;
-import java.nio.file.Path;
 
 import org.apache.cxf.configuration.security.AuthorizationPolicy;
 import org.apache.cxf.ext.logging.LoggingOutInterceptor;
@@ -34,59 +30,16 @@ import org.apache.cxf.systest.kerberos.common.SecurityTestUtil;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
 import org.apache.cxf.transport.http.auth.HttpAuthHeader;
 import org.apache.cxf.transport.http.auth.SpnegoAuthSupplier;
-import org.apache.directory.server.annotations.CreateKdcServer;
-import org.apache.directory.server.annotations.CreateTransport;
-import org.apache.directory.server.core.annotations.ApplyLdifFiles;
-import org.apache.directory.server.core.annotations.CreateDS;
-import org.apache.directory.server.core.annotations.CreateIndex;
-import org.apache.directory.server.core.annotations.CreatePartition;
 import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
-import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
+import org.apache.kerby.kerberos.kerb.server.SimpleKdcServer;
 import org.ietf.jgss.GSSName;
 import org.junit.Assert;
-import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Test;
-import org.junit.runner.RunWith;
 
 /**
- * A set of tests for Kerberos Tokens that use an Apache DS instance as the KDC.
+ * A set of tests for Kerberos Tokens that use an Apache Kerby instance as the KDC.
  */
-
-@RunWith(FrameworkRunner.class)
-
-//Define the DirectoryService
-@CreateDS(name = "AbstractKerberosTest-class",
-    enableAccessControl = false,
-    allowAnonAccess = false,
-    enableChangeLog = true,
-    partitions = {
-        @CreatePartition(
-            name = "example",
-            suffix = "dc=example,dc=com",
-            indexes = {
-                @CreateIndex(attribute = "objectClass"),
-                @CreateIndex(attribute = "dc"),
-                @CreateIndex(attribute = "ou")
-            }
-        ) },
-    additionalInterceptors = {
-        KeyDerivationInterceptor.class
-        }
-)
-
-@CreateKdcServer(
-    transports = {
-        @CreateTransport(protocol = "KRB", address = "localhost")
-        },
-    primaryRealm = "service.ws.apache.org",
-    kdcPrincipal = "krbtgt/service.ws.apache.org@service.ws.apache.org"
-)
-
-//Inject an file containing entries
-@ApplyLdifFiles("kerberos.ldif")
-
 public class JAXRSKerberosBookTest extends AbstractLdapTestUnit {
     public static final String PORT = BookKerberosServer.PORT;
 
@@ -94,29 +47,8 @@ public class JAXRSKerberosBookTest extends AbstractLdapTestUnit {
         "org/apache/cxf/systest/kerberos/jaxrs/kerberos/kerberosClient.xml";
 
     private static boolean runTests;
-    private static boolean portUpdated;
-
-    @Before
-    public void updatePort() throws Exception {
-        if (!portUpdated) {
-            String basedir = System.getProperty("basedir");
-            if (basedir == null) {
-                basedir = new File(".").getCanonicalPath();
-            }
 
-            // Read in krb5.conf and substitute in the correct port
-            Path path = FileSystems.getDefault().getPath(basedir, "/src/test/resources/krb5.conf");
-            String content = new String(Files.readAllBytes(path), StandardCharsets.UTF_8);
-            content = content.replaceAll("port", "" + super.getKdcServer().getTransports()[0].getPort());
-
-            Path path2 = FileSystems.getDefault().getPath(basedir, "/target/test-classes/jaxrs.krb5.conf");
-            Files.write(path2, content.getBytes());
-
-            System.setProperty("java.security.krb5.conf", path2.toString());
-
-            portUpdated = true;
-        }
-    }
+    private static SimpleKdcServer kerbyServer;
 
     @BeforeClass
     public static void startServers() throws Exception {
@@ -126,16 +58,35 @@ public class JAXRSKerberosBookTest extends AbstractLdapTestUnit {
         //
         if (!"IBM Corporation".equals(System.getProperty("java.vendor"))) {
             runTests = true;
-            String basedir = System.getProperty("basedir");
-            if (basedir == null) {
-                basedir = new File(".").getCanonicalPath();
-            }
+        }
+        
+        String basedir = System.getProperty("basedir");
+        if (basedir == null) {
+            basedir = new File(".").getCanonicalPath();
+        }
 
-            // System.setProperty("sun.security.krb5.debug", "true");
-            System.setProperty("java.security.auth.login.config",
-                               basedir + "/src/test/resources/kerberos.jaas");
+        // System.setProperty("sun.security.krb5.debug", "true");
+        System.setProperty("java.security.auth.login.config", basedir + "/target/test-classes/kerberos.jaas");
+        System.setProperty("java.security.krb5.conf", basedir + "/target/krb5.conf");
 
-        }
+        kerbyServer = new SimpleKdcServer();
+
+        kerbyServer.setKdcRealm("service.ws.apache.org");
+        kerbyServer.setAllowUdp(false);
+        kerbyServer.setWorkDir(new File(basedir + "/target"));
+
+        //kerbyServer.setInnerKdcImpl(new NettyKdcServerImpl(kerbyServer.getKdcSetting()));
+
+        kerbyServer.init();
+
+        // Create principals
+        String alice = "alice@service.ws.apache.org";
+        String bob = "bob/service.ws.apache.org@service.ws.apache.org";
+
+        kerbyServer.createPrincipal(alice, "alice");
+        kerbyServer.createPrincipal(bob, "bob");
+
+        kerbyServer.start();
 
         // Launch servers
         org.junit.Assert.assertTrue(
@@ -150,6 +101,9 @@ public class JAXRSKerberosBookTest extends AbstractLdapTestUnit {
     public static void cleanup() throws Exception {
         SecurityTestUtil.cleanup();
         AbstractBusClientServerTestBase.stopAllServers();
+        if (kerbyServer != null) {
+            kerbyServer.stop();
+        }
     }
 
     @Test

http://git-wip-us.apache.org/repos/asf/cxf/blob/553329cd/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/kerberos/KerberosTokenTest.java
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/kerberos/KerberosTokenTest.java b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/kerberos/KerberosTokenTest.java
index 6f2e77b..737ee15 100644
--- a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/kerberos/KerberosTokenTest.java
+++ b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/kerberos/KerberosTokenTest.java
@@ -21,10 +21,6 @@ package org.apache.cxf.systest.kerberos.wssec.kerberos;
 
 import java.io.File;
 import java.net.URL;
-import java.nio.charset.StandardCharsets;
-import java.nio.file.FileSystems;
-import java.nio.file.Files;
-import java.nio.file.Path;
 
 import javax.xml.namespace.QName;
 import javax.xml.ws.BindingProvider;
@@ -37,59 +33,16 @@ import org.apache.cxf.systest.kerberos.wssec.sts.STSServer;
 import org.apache.cxf.systest.kerberos.wssec.sts.StaxSTSServer;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
 import org.apache.cxf.testutil.common.TestUtil;
-import org.apache.directory.server.annotations.CreateKdcServer;
-import org.apache.directory.server.annotations.CreateTransport;
-import org.apache.directory.server.core.annotations.ApplyLdifFiles;
-import org.apache.directory.server.core.annotations.CreateDS;
-import org.apache.directory.server.core.annotations.CreateIndex;
-import org.apache.directory.server.core.annotations.CreatePartition;
 import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
-import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
+import org.apache.kerby.kerberos.kerb.server.SimpleKdcServer;
 import org.apache.wss4j.dom.engine.WSSConfig;
 import org.example.contract.doubleit.DoubleItPortType;
 import org.junit.Assert;
-import org.junit.Before;
 import org.junit.BeforeClass;
-import org.junit.runner.RunWith;
 
 /**
- * A set of tests for Kerberos Tokens that use an Apache DS instance as the KDC.
+ * A set of tests for Kerberos Tokens that use an Apache Kerby instance as the KDC.
  */
-
-@RunWith(FrameworkRunner.class)
-
-//Define the DirectoryService
-@CreateDS(name = "AbstractKerberosTest-class",
-    enableAccessControl = false,
-    allowAnonAccess = false,
-    enableChangeLog = true,
-    partitions = {
-        @CreatePartition(
-            name = "example",
-            suffix = "dc=example,dc=com",
-            indexes = {
-                @CreateIndex(attribute = "objectClass"),
-                @CreateIndex(attribute = "dc"),
-                @CreateIndex(attribute = "ou")
-            }
-        ) },
-    additionalInterceptors = {
-        KeyDerivationInterceptor.class
-        }
-)
-
-@CreateKdcServer(
-    transports = {
-        @CreateTransport(protocol = "KRB", address = "localhost")
-        },
-    primaryRealm = "service.ws.apache.org",
-    kdcPrincipal = "krbtgt/service.ws.apache.org@service.ws.apache.org"
-)
-
-//Inject an file containing entries
-@ApplyLdifFiles("kerberos.ldif")
-
 public class KerberosTokenTest extends AbstractLdapTestUnit {
     static final String PORT = TestUtil.getPortNumber(Server.class);
     static final String STAX_PORT = TestUtil.getPortNumber(StaxServer.class);
@@ -107,29 +60,8 @@ public class KerberosTokenTest extends AbstractLdapTestUnit {
         SecurityTestUtil.checkUnrestrictedPoliciesInstalled();
 
     private static boolean runTests;
-    private static boolean portUpdated;
-
-    @Before
-    public void updatePort() throws Exception {
-        if (!portUpdated) {
-            String basedir = System.getProperty("basedir");
-            if (basedir == null) {
-                basedir = new File(".").getCanonicalPath();
-            }
-
-            // Read in krb5.conf and substitute in the correct port
-            Path path = FileSystems.getDefault().getPath(basedir, "/src/test/resources/krb5.conf");
-            String content = new String(Files.readAllBytes(path), StandardCharsets.UTF_8);
-            content = content.replaceAll("port", "" + super.getKdcServer().getTransports()[0].getPort());
-
-            Path path2 = FileSystems.getDefault().getPath(basedir, "/target/test-classes/wssec.kerberos.krb5.conf");
-            Files.write(path2, content.getBytes());
-
-            System.setProperty("java.security.krb5.conf", path2.toString());
-
-            portUpdated = true;
-        }
-    }
+    
+    private static SimpleKdcServer kerbyServer;
 
     @BeforeClass
     public static void startServers() throws Exception {
@@ -141,16 +73,35 @@ public class KerberosTokenTest extends AbstractLdapTestUnit {
         //
         if (!"IBM Corporation".equals(System.getProperty("java.vendor"))) {
             runTests = true;
-            String basedir = System.getProperty("basedir");
-            if (basedir == null) {
-                basedir = new File(".").getCanonicalPath();
-            }
+        }
+        
+        String basedir = System.getProperty("basedir");
+        if (basedir == null) {
+            basedir = new File(".").getCanonicalPath();
+        }
 
-            // System.setProperty("sun.security.krb5.debug", "true");
-            System.setProperty("java.security.auth.login.config",
-                               basedir + "/src/test/resources/kerberos.jaas");
+        // System.setProperty("sun.security.krb5.debug", "true");
+        System.setProperty("java.security.auth.login.config", basedir + "/target/test-classes/kerberos.jaas");
+        System.setProperty("java.security.krb5.conf", basedir + "/target/krb5.conf");
 
-        }
+        kerbyServer = new SimpleKdcServer();
+
+        kerbyServer.setKdcRealm("service.ws.apache.org");
+        kerbyServer.setAllowUdp(false);
+        kerbyServer.setWorkDir(new File(basedir + "/target"));
+
+        //kerbyServer.setInnerKdcImpl(new NettyKdcServerImpl(kerbyServer.getKdcSetting()));
+
+        kerbyServer.init();
+
+        // Create principals
+        String alice = "alice@service.ws.apache.org";
+        String bob = "bob/service.ws.apache.org@service.ws.apache.org";
+
+        kerbyServer.createPrincipal(alice, "alice");
+        kerbyServer.createPrincipal(bob, "bob");
+
+        kerbyServer.start();
 
         // Launch servers
         org.junit.Assert.assertTrue(
@@ -186,6 +137,9 @@ public class KerberosTokenTest extends AbstractLdapTestUnit {
     public static void cleanup() throws Exception {
         SecurityTestUtil.cleanup();
         AbstractBusClientServerTestBase.stopAllServers();
+        if (kerbyServer != null) {
+            kerbyServer.stop();
+        }
     }
 
     @org.junit.Test

http://git-wip-us.apache.org/repos/asf/cxf/blob/553329cd/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/SpnegoTokenTest.java
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/SpnegoTokenTest.java b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/SpnegoTokenTest.java
index 705db7e..5b22ec6 100644
--- a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/SpnegoTokenTest.java
+++ b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/SpnegoTokenTest.java
@@ -21,10 +21,6 @@ package org.apache.cxf.systest.kerberos.wssec.spnego;
 
 import java.io.File;
 import java.net.URL;
-import java.nio.charset.StandardCharsets;
-import java.nio.file.FileSystems;
-import java.nio.file.Files;
-import java.nio.file.Path;
 
 import javax.xml.namespace.QName;
 import javax.xml.ws.Service;
@@ -34,59 +30,16 @@ import org.apache.cxf.bus.spring.SpringBusFactory;
 import org.apache.cxf.systest.kerberos.common.SecurityTestUtil;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
 import org.apache.cxf.testutil.common.TestUtil;
-import org.apache.directory.server.annotations.CreateKdcServer;
-import org.apache.directory.server.annotations.CreateTransport;
-import org.apache.directory.server.core.annotations.ApplyLdifFiles;
-import org.apache.directory.server.core.annotations.CreateDS;
-import org.apache.directory.server.core.annotations.CreateIndex;
-import org.apache.directory.server.core.annotations.CreatePartition;
 import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
-import org.apache.directory.server.core.integ.FrameworkRunner;
-import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
+import org.apache.kerby.kerberos.kerb.server.SimpleKdcServer;
 import org.apache.wss4j.dom.engine.WSSConfig;
 import org.example.contract.doubleit.DoubleItPortType;
 import org.junit.Assert;
-import org.junit.Before;
 import org.junit.BeforeClass;
-import org.junit.runner.RunWith;
 
 /**
- * A set of tests for Spnego Tokens that use an Apache DS instance as the KDC.
+ * A set of tests for Spnego Tokens that use an Apache Kerby instance as the KDC.
  */
-
-@RunWith(FrameworkRunner.class)
-
-//Define the DirectoryService
-@CreateDS(name = "AbstractKerberosTest-class",
-    enableAccessControl = false,
-    allowAnonAccess = false,
-    enableChangeLog = true,
-    partitions = {
-        @CreatePartition(
-            name = "example",
-            suffix = "dc=example,dc=com",
-            indexes = {
-                @CreateIndex(attribute = "objectClass"),
-                @CreateIndex(attribute = "dc"),
-                @CreateIndex(attribute = "ou")
-            }
-        ) },
-    additionalInterceptors = {
-        KeyDerivationInterceptor.class
-        }
-)
-
-@CreateKdcServer(
-    transports = {
-        @CreateTransport(protocol = "KRB", address = "localhost")
-        },
-    primaryRealm = "service.ws.apache.org",
-    kdcPrincipal = "krbtgt/service.ws.apache.org@service.ws.apache.org"
-)
-
-//Inject an file containing entries
-@ApplyLdifFiles("kerberos.ldif")
-
 public class SpnegoTokenTest extends AbstractLdapTestUnit {
     static final String PORT = TestUtil.getPortNumber(Server.class);
     static final String STAX_PORT = TestUtil.getPortNumber(StaxServer.class);
@@ -100,29 +53,8 @@ public class SpnegoTokenTest extends AbstractLdapTestUnit {
             SecurityTestUtil.checkUnrestrictedPoliciesInstalled();
 
     private static boolean runTests;
-    private static boolean portUpdated;
-
-    @Before
-    public void updatePort() throws Exception {
-        if (!portUpdated) {
-            String basedir = System.getProperty("basedir");
-            if (basedir == null) {
-                basedir = new File(".").getCanonicalPath();
-            }
-
-            // Read in krb5.conf and substitute in the correct port
-            Path path = FileSystems.getDefault().getPath(basedir, "/src/test/resources/krb5.conf");
-            String content = new String(Files.readAllBytes(path), StandardCharsets.UTF_8);
-            content = content.replaceAll("port", "" + super.getKdcServer().getTransports()[0].getPort());
-
-            Path path2 = FileSystems.getDefault().getPath(basedir, "/target/test-classes/wssec.spnego.krb5.conf");
-            Files.write(path2, content.getBytes());
-
-            System.setProperty("java.security.krb5.conf", path2.toString());
-
-            portUpdated = true;
-        }
-    }
+    
+    private static SimpleKdcServer kerbyServer;
 
     @BeforeClass
     public static void startServers() throws Exception {
@@ -133,16 +65,35 @@ public class SpnegoTokenTest extends AbstractLdapTestUnit {
         //
         if (!"IBM Corporation".equals(System.getProperty("java.vendor"))) {
             runTests = true;
-            String basedir = System.getProperty("basedir");
-            if (basedir == null) {
-                basedir = new File(".").getCanonicalPath();
-            }
+        }
+        
+        String basedir = System.getProperty("basedir");
+        if (basedir == null) {
+            basedir = new File(".").getCanonicalPath();
+        }
 
-            // System.setProperty("sun.security.krb5.debug", "true");
-            System.setProperty("java.security.auth.login.config",
-                               basedir + "/src/test/resources/kerberos.jaas");
+        // System.setProperty("sun.security.krb5.debug", "true");
+        System.setProperty("java.security.auth.login.config", basedir + "/target/test-classes/kerberos.jaas");
+        System.setProperty("java.security.krb5.conf", basedir + "/target/krb5.conf");
 
-        }
+        kerbyServer = new SimpleKdcServer();
+
+        kerbyServer.setKdcRealm("service.ws.apache.org");
+        kerbyServer.setAllowUdp(false);
+        kerbyServer.setWorkDir(new File(basedir + "/target"));
+
+        //kerbyServer.setInnerKdcImpl(new NettyKdcServerImpl(kerbyServer.getKdcSetting()));
+
+        kerbyServer.init();
+
+        // Create principals
+        String alice = "alice@service.ws.apache.org";
+        String bob = "bob/service.ws.apache.org@service.ws.apache.org";
+
+        kerbyServer.createPrincipal(alice, "alice");
+        kerbyServer.createPrincipal(bob, "bob");
+
+        kerbyServer.start();
 
         // Launch servers
         org.junit.Assert.assertTrue(
@@ -164,6 +115,9 @@ public class SpnegoTokenTest extends AbstractLdapTestUnit {
     public static void cleanup() throws Exception {
         SecurityTestUtil.cleanup();
         AbstractBusClientServerTestBase.stopAllServers();
+        if (kerbyServer != null) {
+            kerbyServer.stop();
+        }
     }
 
     @org.junit.Test

http://git-wip-us.apache.org/repos/asf/cxf/blob/553329cd/systests/kerberos/src/test/resources/kerberos.ldif
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/resources/kerberos.ldif b/systests/kerberos/src/test/resources/kerberos.ldif
deleted file mode 100644
index 40f07fd..0000000
--- a/systests/kerberos/src/test/resources/kerberos.ldif
+++ /dev/null
@@ -1,51 +0,0 @@
-dn: dc=example,dc=com
-dc: example
-objectClass: top
-objectClass: domain
-
-dn: ou=users,dc=example,dc=com
-objectClass: organizationalUnit
-objectClass: top
-ou: users
-
-# Web server identity/service principal.
-dn: uid=bob,ou=users,dc=example,dc=com
-objectclass: top
-objectclass: person
-objectclass: inetOrgPerson
-objectclass: krb5Principal
-objectclass: krb5KDCEntry
-cn: bob
-sn: bob
-uid: bob
-userpassword: bob
-krb5PrincipalName: bob/service.ws.apache.org@service.ws.apache.org
-krb5KeyVersionNumber: 0
-
-# User / client principal.
-dn: uid=alice,ou=users,dc=example,dc=com
-objectclass: top
-objectclass: person
-objectclass: inetOrgPerson
-objectclass: krb5Principal
-objectclass: krb5KDCEntry
-cn: alice
-sn: alice
-uid: alice
-userpassword: alice
-krb5PrincipalName: alice@service.ws.apache.org
-krb5KeyVersionNumber: 0
-
-# Ticket Granting Service.
-dn: uid=krbtgt,ou=users,dc=example,dc=com
-objectclass: top
-objectclass: person
-objectclass: inetOrgPerson
-objectclass: krb5Principal
-objectclass: krb5KDCEntry
-cn: KDC Service
-sn: KDC Service
-uid: krbtgt
-userpassword: randomKey
-krb5PrincipalName: krbtgt/service.ws.apache.org@service.ws.apache.org
-krb5KeyVersionNumber: 0
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/553329cd/systests/kerberos/src/test/resources/krb5.conf
----------------------------------------------------------------------
diff --git a/systests/kerberos/src/test/resources/krb5.conf b/systests/kerberos/src/test/resources/krb5.conf
deleted file mode 100644
index a1a6dc9..0000000
--- a/systests/kerberos/src/test/resources/krb5.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-[libdefaults]
-	default_realm = service.ws.apache.org
-
-[realms]
-	service.ws.apache.org = {
-		kdc = localhost:port
-	}
\ No newline at end of file