Author: coheigea
Date: Thu Mar 31 17:15:28 2011
New Revision: 1087374
URL: http://svn.apache.org/viewvc?rev=1087374&view=rev
Log:
[CXF-3432] - Support WS-SecurityPolicy SamlToken expressions (Part II)
- Add support for adding a SAML Assertion to an outbound security header via a
WS-SecurityPolicy SamlToken expression and a SAML CallbackHandler
- Added some systests for sending and receiving SAML Assertions over TLS and
controlled by WS-SecurityPolicy
Added:
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/server/
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/server/DoubleItImpl.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/server/Server.java
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml
cxf/trunk/systests/ws-security/src/test/resources/wsdl_systest_wssec/saml/
cxf/trunk/systests/ws-security/src/test/resources/wsdl_systest_wssec/saml/DoubleItSaml.wsdl
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
cxf/trunk/systests/ws-security/pom.xml
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=1087374&r1=1087373&r2=1087374&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
Thu Mar 31 17:15:28 2011
@@ -39,6 +39,7 @@ public final class SecurityConstants {
public static final String BST_TOKEN_VALIDATOR =
"ws-security.bst.validator";
public static final String CALLBACK_HANDLER =
"ws-security.callback-handler";
+ public static final String SAML_CALLBACK_HANDLER =
"ws-security.saml-callback-handler";
public static final String SIGNATURE_USERNAME =
"ws-security.signature.username";
public static final String SIGNATURE_PROPERTIES =
"ws-security.signature.properties";
@@ -110,7 +111,7 @@ public final class SecurityConstants {
STS_TOKEN_ACT_AS, STS_TOKEN_USERNAME,
STS_TOKEN_USE_CERT_FOR_KEYINFO,
SAML1_TOKEN_VALIDATOR, SAML2_TOKEN_VALIDATOR,
TIMESTAMP_TOKEN_VALIDATOR,
SIGNATURE_TOKEN_VALIDATOR, IS_BSP_COMPLIANT, TIMESTAMP_FUTURE_TTL,
- BST_TOKEN_VALIDATOR
+ BST_TOKEN_VALIDATOR, SAML_CALLBACK_HANDLER
}));
ALL_PROPERTIES = Collections.unmodifiableSet(s);
}
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=1087374&r1=1087373&r2=1087374&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
Thu Mar 31 17:15:28 2011
@@ -448,6 +448,9 @@ public class PolicyBasedWSS4JInIntercept
action = addToAction(action,
WSHandlerConstants.USERNAME_TOKEN, true);
}
}
+ if (containsPolicy(aim, SP12Constants.SAML_TOKEN) &&
isRequestor(message)) {
+ assertPolicy(aim, SP12Constants.SAML_TOKEN);
+ }
//relatively irrelevant stuff from a verification standpoint
assertPolicy(aim, SP12Constants.LAYOUT);
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1087374&r1=1087373&r2=1087374&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Thu Mar 31 17:15:28 2011
@@ -81,6 +81,7 @@ import org.apache.cxf.ws.security.policy
import org.apache.cxf.ws.security.policy.model.IssuedToken;
import org.apache.cxf.ws.security.policy.model.KeyValueToken;
import org.apache.cxf.ws.security.policy.model.Layout;
+import org.apache.cxf.ws.security.policy.model.SamlToken;
import org.apache.cxf.ws.security.policy.model.SecureConversationToken;
import org.apache.cxf.ws.security.policy.model.SignedEncryptedElements;
import org.apache.cxf.ws.security.policy.model.SignedEncryptedParts;
@@ -118,6 +119,8 @@ import org.apache.ws.security.message.WS
import org.apache.ws.security.message.WSSecTimestamp;
import org.apache.ws.security.message.WSSecUsernameToken;
import org.apache.ws.security.message.token.SecurityTokenReference;
+import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.ws.security.saml.ext.SAMLParms;
import org.apache.ws.security.util.WSSecurityUtil;
/**
@@ -553,8 +556,13 @@ public abstract class AbstractBindingBui
encryptedTokensIdList.add(sig.getBSTTokenId());
}
ret.put(token, sig);
+ } else if (token instanceof SamlToken) {
+ AssertionWrapper assertionWrapper =
addSamlToken((SamlToken)token);
+ if (assertionWrapper != null) {
+
addSupportingElement(assertionWrapper.toDOM(saaj.getSOAPPart()));
+ // TODO ret.put(token, utBuilder);
+ }
}
-
}
return ret;
}
@@ -664,6 +672,46 @@ public abstract class AbstractBindingBui
return null;
}
+ protected AssertionWrapper addSamlToken(SamlToken token) throws
WSSecurityException {
+ AssertionInfo info = null;
+ Collection<AssertionInfo> ais = aim.getAssertionInfo(token.getName());
+ for (AssertionInfo ai : ais) {
+ if (ai.getAssertion() == token) {
+ info = ai;
+ if (!isRequestor()) {
+ info.setAsserted(true);
+ return null;
+ }
+ }
+ }
+
+ //
+ // Get the SAML CallbackHandler
+ //
+ Object o =
message.getContextualProperty(SecurityConstants.SAML_CALLBACK_HANDLER);
+
+ CallbackHandler handler = null;
+ if (o instanceof CallbackHandler) {
+ handler = (CallbackHandler)o;
+ } else if (o instanceof String) {
+ try {
+ handler = (CallbackHandler)ClassLoaderUtils
+ .loadClass((String)o, this.getClass()).newInstance();
+ } catch (Exception e) {
+ handler = null;
+ }
+ }
+ if (handler == null) {
+ policyNotAsserted(token, "No SAML CallbackHandler available");
+ return null;
+ }
+
+ SAMLParms samlParms = new SAMLParms();
+ samlParms.setCallbackHandler(handler);
+ info.setAsserted(true);
+ return new AssertionWrapper(samlParms);
+ }
+
public String getPassword(String userName, Assertion info, int type) {
//Then try to get the password from the given callback handler
Object o =
message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
Modified: cxf/trunk/systests/ws-security/pom.xml
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/pom.xml?rev=1087374&r1=1087373&r2=1087374&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/pom.xml (original)
+++ cxf/trunk/systests/ws-security/pom.xml Thu Mar 31 17:15:28 2011
@@ -54,6 +54,9 @@
<wsdlOption>
<wsdl>${basedir}/src/test/resources/wsdl_systest_wssec/wssc/WSSecureConversation.wsdl</wsdl>
</wsdlOption>
+ <wsdlOption>
+
<wsdl>${basedir}/src/test/resources/wsdl_systest_wssec/saml/DoubleItSaml.wsdl</wsdl>
+ </wsdlOption>
</wsdlOptions>
</configuration>
<goals>
Added:
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java?rev=1087374&view=auto
==============================================================================
---
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
(added)
+++
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
Thu Mar 31 17:15:28 2011
@@ -0,0 +1,93 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.ws.saml;
+
+import java.math.BigInteger;
+import java.net.URL;
+
+import javax.xml.ws.BindingProvider;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.systest.ws.saml.server.Server;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+
+import org.junit.BeforeClass;
+
+import wssec.saml.DoubleItPortType;
+import wssec.saml.DoubleItService;
+
+/**
+ * A set of tests for SAML Tokens.
+ */
+public class SamlTokenTest extends AbstractBusClientServerTestBase {
+
+ @BeforeClass
+ public static void startServers() throws Exception {
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(Server.class, true)
+ );
+ }
+
+ @org.junit.Test
+ public void testSaml1OverTransport() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ DoubleItService service = new DoubleItService();
+
+ DoubleItPortType saml1Port = service.getDoubleItSaml1TransportPort();
+
+ try {
+ saml1Port.doubleIt(BigInteger.valueOf(25));
+ fail("Expected failure on an invocation with no SAML Assertion");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ assert ex.getMessage().contains("No SAML CallbackHandler
available");
+ }
+
+ ((BindingProvider)saml1Port).getRequestContext().put(
+ "ws-security.saml-callback-handler",
+ new org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler()
+ );
+ try {
+ saml1Port.doubleIt(BigInteger.valueOf(25));
+ fail("Expected failure on an invocation with a SAML2 Assertion");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ assert ex.getMessage().contains("Wrong SAML Version");
+ }
+
+ ((BindingProvider)saml1Port).getRequestContext().put(
+ "ws-security.saml-callback-handler",
+ new
org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler(false)
+ );
+ BigInteger result = saml1Port.doubleIt(BigInteger.valueOf(25));
+ assert result.equals(BigInteger.valueOf(50));
+ }
+
+
+}
Added:
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java?rev=1087374&view=auto
==============================================================================
---
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java
(added)
+++
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java
Thu Mar 31 17:15:28 2011
@@ -0,0 +1,82 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.ws.saml.client;
+
+import java.io.IOException;
+import java.util.Collections;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.ws.security.saml.ext.SAMLCallback;
+import org.apache.ws.security.saml.ext.bean.AttributeBean;
+import org.apache.ws.security.saml.ext.bean.AttributeStatementBean;
+import org.apache.ws.security.saml.ext.bean.SubjectBean;
+import org.apache.ws.security.saml.ext.builder.SAML2Constants;
+import org.opensaml.common.SAMLVersion;
+
+/**
+ * A CallbackHandler instance that is used by the STS to mock up a SAML
Attribute Assertion.
+ */
+public class SamlCallbackHandler implements CallbackHandler {
+ private boolean saml2 = true;
+
+ public SamlCallbackHandler() {
+ //
+ }
+
+ public SamlCallbackHandler(boolean saml2) {
+ this.saml2 = saml2;
+ }
+
+ public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ if (callbacks[i] instanceof SAMLCallback) {
+ SAMLCallback callback = (SAMLCallback) callbacks[i];
+ if (saml2) {
+ callback.setSamlVersion(SAMLVersion.VERSION_20);
+ } else {
+ callback.setSamlVersion(SAMLVersion.VERSION_11);
+ }
+ callback.setIssuer("sts");
+ String subjectName = "uid=sts-client,o=mock-sts.com";
+ String subjectQualifier = "www.mock-sts.com";
+ String confirmationMethod = SAML2Constants.CONF_BEARER;
+ SubjectBean subjectBean =
+ new SubjectBean(
+ subjectName, subjectQualifier, confirmationMethod
+ );
+ callback.setSubject(subjectBean);
+
+ AttributeStatementBean attrBean = new AttributeStatementBean();
+ if (subjectBean != null) {
+ attrBean.setSubject(subjectBean);
+ }
+ AttributeBean attributeBean = new AttributeBean();
+ attributeBean.setSimpleName("subject-role");
+
attributeBean.setAttributeValues(Collections.singletonList("system-user"));
+
attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
+
callback.setAttributeStatementData(Collections.singletonList(attrBean));
+ }
+ }
+ }
+
+}
Added:
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/server/DoubleItImpl.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/server/DoubleItImpl.java?rev=1087374&view=auto
==============================================================================
---
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/server/DoubleItImpl.java
(added)
+++
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/server/DoubleItImpl.java
Thu Mar 31 17:15:28 2011
@@ -0,0 +1,38 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.ws.saml.server;
+
+import java.math.BigInteger;
+
+import javax.jws.WebService;
+import org.apache.cxf.feature.Features;
+import wssec.saml.DoubleItPortType;
+
+@WebService(targetNamespace = "http://WSSec/saml";,
+ serviceName = "DoubleItService",
+ endpointInterface = "wssec.saml.DoubleItPortType")
+@Features(features = "org.apache.cxf.feature.LoggingFeature")
+public class DoubleItImpl implements DoubleItPortType {
+
+ public java.math.BigInteger doubleIt(java.math.BigInteger numberToDouble) {
+ return numberToDouble.multiply(BigInteger.valueOf(2));
+ }
+
+}
Added:
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/server/Server.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/server/Server.java?rev=1087374&view=auto
==============================================================================
---
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/server/Server.java
(added)
+++
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/server/Server.java
Thu Mar 31 17:15:28 2011
@@ -0,0 +1,47 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.ws.saml.server;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class Server extends AbstractBusTestServerBase {
+
+ public Server() {
+
+ }
+
+ protected void run() {
+ URL busFile = Server.class.getResource("server.xml");
+ Bus busLocal = new SpringBusFactory().createBus(busFile);
+ BusFactory.setDefaultBus(busLocal);
+ setBus(busLocal);
+
+ try {
+ new Server();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
Added:
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml?rev=1087374&view=auto
==============================================================================
---
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml
(added)
+++
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml
Thu Mar 31 17:15:28 2011
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xmlns:http="http://cxf.apache.org/transports/http/configuration";
+ xmlns:jaxws="http://cxf.apache.org/jaxws";
+ xmlns:cxf="http://cxf.apache.org/core";
+ xmlns:p="http://cxf.apache.org/policy";
+ xmlns:sec="http://cxf.apache.org/configuration/security";
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd
+ http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://cxf.apache.org/policy
http://cxf.apache.org/schemas/policy.xsd";
+>
+ <cxf:bus>
+ <cxf:features>
+ <p:policies/>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+
+ <http:conduit name="https://localhost:9009/DoubleItSaml1Transport";>
+ <http:tlsClientParameters disableCNCheck="true">
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="jks" password="password"
resource="org/apache/cxf/systest/ws/security/Morpit.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="jks" password="password"
resource="org/apache/cxf/systest/ws/security/Truststore.jks"/>
+ </sec:trustManagers>
+ </http:tlsClientParameters>
+ </http:conduit>
+
+</beans>
Added:
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml?rev=1087374&view=auto
==============================================================================
---
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml
(added)
+++
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml
Thu Mar 31 17:15:28 2011
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xmlns:jaxws="http://cxf.apache.org/jaxws";
+ xmlns:http="http://cxf.apache.org/transports/http/configuration";
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration";
+ xmlns:sec="http://cxf.apache.org/configuration/security";
+ xmlns:security="http://schemas.iona.com/soa/security-config";
+ xmlns:interop="http://WSSec/wssec10";
+ xmlns:cxf="http://cxf.apache.org/core";
+ xmlns:p="http://cxf.apache.org/policy";
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd
+ http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration
http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
+ http://schemas.iona.com/soa/security-config
http://schemas.iona.com/soa/security-config.xsd
+ ">
+ <bean
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+
+ <cxf:bus>
+ <cxf:features>
+ <p:policies/>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+
+ <!-- -->
+ <!-- Any services listening on port 9009 must use the following -->
+ <!-- Transport Layer Security (TLS) settings -->
+ <!-- -->
+ <httpj:engine-factory id="tls-settings">
+ <httpj:engine port="9009">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="jks" password="password"
resource="org/apache/cxf/systest/ws/security/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="jks" password="password"
resource="org/apache/cxf/systest/ws/security/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:cipherSuitesFilter>
+ <sec:include>.*_EXPORT_.*</sec:include>
+ <sec:include>.*_EXPORT1024_.*</sec:include>
+ <sec:include>.*_WITH_DES_.*</sec:include>
+ <sec:include>.*_WITH_NULL_.*</sec:include>
+ <sec:exclude>.*_DH_anon_.*</sec:exclude>
+ </sec:cipherSuitesFilter>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpj:tlsServerParameters>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+ <jaxws:endpoint
+ id="Saml1TokenOverTransport"
+ address="https://localhost:9009/DoubleItSaml1Transport";
+ serviceName="s:DoubleItService"
+ endpointName="s:DoubleItSaml1TransportPort"
+ xmlns:s="http://WSSec/saml";
+ implementor="org.apache.cxf.systest.ws.saml.server.DoubleItImpl"
+ wsdlLocation="wsdl_systest_wssec/saml/DoubleItSaml.wsdl"
+ depends-on="tls-settings">
+
+ <jaxws:properties>
+ </jaxws:properties>
+
+ </jaxws:endpoint>
+
+</beans>
Added:
cxf/trunk/systests/ws-security/src/test/resources/wsdl_systest_wssec/saml/DoubleItSaml.wsdl
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/wsdl_systest_wssec/saml/DoubleItSaml.wsdl?rev=1087374&view=auto
==============================================================================
---
cxf/trunk/systests/ws-security/src/test/resources/wsdl_systest_wssec/saml/DoubleItSaml.wsdl
(added)
+++
cxf/trunk/systests/ws-security/src/test/resources/wsdl_systest_wssec/saml/DoubleItSaml.wsdl
Thu Mar 31 17:15:28 2011
@@ -0,0 +1,131 @@
+<?xml version="1.0" encoding="UTF-8"?>
+ <!--
+ * Licensed to the Apache Software Foundation (ASF) under one *
or more
+ contributor license agreements. See the NOTICE file *
distributed with
+ this work for additional information * regarding copyright
ownership.
+ The ASF licenses this file * to you under the Apache License,
Version
+ 2.0 (the * "License"); you may not use this file except in
compliance
+ * with the License. You may obtain a copy of the License at * *
+ http://www.apache.org/licenses/LICENSE-2.0 * * Unless required
by
+ applicable law or agreed to in writing, * software distributed
under
+ the License is distributed on an * "AS IS" BASIS, WITHOUT
WARRANTIES
+ OR CONDITIONS OF ANY * KIND, either express or implied. See the
+ License for the * specific language governing permissions and
+ limitations * under the License.
+ -->
+<wsdl:definitions name="DoubleIt"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/";
+ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/";
xmlns:tns="http://WSSec/saml";
+ targetNamespace="http://WSSec/saml";
xmlns:wsp="http://www.w3.org/ns/ws-policy";
+
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
+ xmlns:wsaws="http://www.w3.org/2005/08/addressing";
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";
+ xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy";>
+ <wsdl:types>
+ <xsd:schema targetNamespace="http://WSSec/saml";>
+ <xsd:element name="DoubleIt">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element
name="numberToDouble">
+ <xsd:simpleType>
+
<xsd:restriction base="xsd:integer">
+
<xsd:minInclusive value="0"/>
+
</xsd:restriction>
+ </xsd:simpleType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="DoubleItResponse">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element
name="doubledNumber" type="xsd:integer" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="DoubleItFault">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="reason" type="xsd:string" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:schema>
+ </wsdl:types>
+ <wsdl:message name="DoubleItRequest">
+ <wsdl:part element="tns:DoubleIt" name="parameters" />
+ </wsdl:message>
+ <wsdl:message name="DoubleItResponse">
+ <wsdl:part element="tns:DoubleItResponse" name="parameters" />
+ </wsdl:message>
+ <wsdl:message name="DoubleItFault">
+ <wsdl:part element="tns:DoubleItFault" name="fault" />
+ </wsdl:message>
+ <wsdl:portType name="DoubleItPortType">
+ <wsdl:operation name="DoubleIt">
+ <wsdl:input message="tns:DoubleItRequest" />
+ <wsdl:output message="tns:DoubleItResponse" />
+ <wsdl:fault name="DoubleItFault" message="tns:DoubleItFault" />
+ </wsdl:operation>
+ </wsdl:portType>
+ <wsdl:binding name="DoubleItSaml1TransportBinding"
type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItSaml1TransportPolicy" />
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http"; />
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction="" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ <wsdl:fault name="DoubleItFault">
+ <soap:body use="literal" name="DoubleItFault" />
+ </wsdl:fault>
+ </wsdl:operation>
+ </wsdl:binding>
+
+ <wsdl:service name="DoubleItService">
+ <wsdl:port name="DoubleItSaml1TransportPort"
binding="tns:DoubleItSaml1TransportBinding">
+ <soap:address
location="https://localhost:9009/DoubleItSaml1Transport"; />
+ </wsdl:port>
+ </wsdl:service>
+
+ <wsp:Policy wsu:Id="DoubleItSaml1TransportPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding>
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken
RequireClientCertificate="false" />
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SupportingTokens>
+ <wsp:Policy>
+ <sp:SamlToken
+
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+ <sp:WssSamlV11Token11/>
+ </wsp:Policy>
+ </sp:SamlToken>
+ </wsp:Policy>
+ </sp:SupportingTokens>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</wsdl:definitions>
