Author: coheigea
Date: Mon May 9 16:02:38 2011
New Revision: 1101081
URL: http://svn.apache.org/viewvc?rev=1101081&view=rev
Log:
Added a SignedElements test for SAML.
Modified:
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml
cxf/trunk/systests/ws-security/src/test/resources/wsdl_systest_wssec/saml/DoubleItSaml.wsdl
Modified:
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java?rev=1101081&r1=1101080&r2=1101081&view=diff
==============================================================================
---
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
(original)
+++
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
Mon May 9 16:02:38 2011
@@ -270,6 +270,30 @@ public class SamlTokenTest extends Abstr
assert result.equals(BigInteger.valueOf(50));
}
+ @org.junit.Test
+ public void testSaml2OverSymmetricSignedElements() throws Exception {
+
+ if (!unrestrictedPoliciesInstalled) {
+ return;
+ }
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ DoubleItService service = new DoubleItService();
+
+ DoubleItPortType saml2Port =
service.getDoubleItSaml2SymmetricSignedElementsPort();
+
+ ((BindingProvider)saml2Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", new SamlCallbackHandler()
+ );
+ BigInteger result = saml2Port.doubleIt(BigInteger.valueOf(25));
+ assert result.equals(BigInteger.valueOf(50));
+ }
+
private boolean checkUnrestrictedPoliciesInstalled() {
try {
Modified:
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml?rev=1101081&r1=1101080&r2=1101081&view=diff
==============================================================================
---
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml
(original)
+++
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml
Mon May 9 16:02:38 2011
@@ -105,4 +105,13 @@
</jaxws:properties>
</jaxws:client>
+ <jaxws:client
name="{http://WSSec/saml}DoubleItSaml2SymmetricSignedElementsPort";
+ createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.encryption.properties"
+
value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ </jaxws:properties>
+ </jaxws:client>
+
</beans>
Modified:
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml?rev=1101081&r1=1101080&r2=1101081&view=diff
==============================================================================
---
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml
(original)
+++
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml
Mon May 9 16:02:38 2011
@@ -168,4 +168,22 @@
</jaxws:endpoint>
+ <jaxws:endpoint
+ id="Saml2TokenOverSymmetricSignedElements"
+ address="http://localhost:9001/DoubleItSaml2SymmetricSignedElements";
+ serviceName="s:DoubleItService"
+ endpointName="s:DoubleItSaml2SymmetricSignedElementsPort"
+ xmlns:s="http://WSSec/saml";
+ implementor="org.apache.cxf.systest.ws.saml.server.DoubleItImpl"
+ wsdlLocation="wsdl_systest_wssec/saml/DoubleItSaml.wsdl">
+
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
+
value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+ <entry key="ws-security.signature.properties"
+
value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
+ </jaxws:properties>
+
+ </jaxws:endpoint>
+
</beans>
Modified:
cxf/trunk/systests/ws-security/src/test/resources/wsdl_systest_wssec/saml/DoubleItSaml.wsdl
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/wsdl_systest_wssec/saml/DoubleItSaml.wsdl?rev=1101081&r1=1101080&r2=1101081&view=diff
==============================================================================
---
cxf/trunk/systests/ws-security/src/test/resources/wsdl_systest_wssec/saml/DoubleItSaml.wsdl
(original)
+++
cxf/trunk/systests/ws-security/src/test/resources/wsdl_systest_wssec/saml/DoubleItSaml.wsdl
Mon May 9 16:02:38 2011
@@ -24,7 +24,8 @@
xmlns:wsp="http://www.w3.org/ns/ws-policy";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsaws="http://www.w3.org/2005/08/addressing";
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";
+ xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<wsdl:types>
<xsd:schema targetNamespace="http://WSSec/saml";>
<xsd:element name="DoubleIt">
@@ -148,6 +149,25 @@
</wsdl:fault>
</wsdl:operation>
</wsdl:binding>
+ <wsdl:binding name="DoubleItSaml2SymmetricSignedElementsBinding"
type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItSaml2SymmetricSignedElementsPolicy"
/>
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http"; />
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction="" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ <wsp:PolicyReference
URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ <wsp:PolicyReference
URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+ </wsdl:output>
+ <wsdl:fault name="DoubleItFault">
+ <soap:body use="literal" name="DoubleItFault" />
+ </wsdl:fault>
+ </wsdl:operation>
+ </wsdl:binding>
<wsdl:binding name="DoubleItSaml2AsymmetricBinding"
type="tns:DoubleItPortType">
<wsp:PolicyReference URI="#DoubleItSaml2AsymmetricPolicy" />
<soap:binding style="document"
@@ -209,6 +229,10 @@
binding="tns:DoubleItSaml2SymmetricProtectionBinding">
<soap:address
location="http://localhost:9001/DoubleItSaml2SymmetricProtection"; />
</wsdl:port>
+ <wsdl:port name="DoubleItSaml2SymmetricSignedElementsPort"
+ binding="tns:DoubleItSaml2SymmetricSignedElementsBinding">
+ <soap:address
location="http://localhost:9001/DoubleItSaml2SymmetricSignedElements"; />
+ </wsdl:port>
</wsdl:service>
<wsp:Policy wsu:Id="DoubleItSaml1TransportPolicy">
@@ -383,6 +407,59 @@
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
+ <wsp:Policy wsu:Id="DoubleItSaml2SymmetricSignedElementsPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";>
+ <wsp:Policy>
+ <sp:WssX509V3Token10 />
+ <sp:RequireThumbprintReference />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:SignedSupportingTokens>
+ <wsp:Policy>
+ <sp:SamlToken
+
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+ <sp:WssSamlV20Token11/>
+ </wsp:Policy>
+ </sp:SamlToken>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:SignedElements>
+ <sp:XPath>//saml2:Assertion2</sp:XPath>
+ </sp:SignedElements>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
<wsp:Policy wsu:Id="DoubleItSaml2AsymmetricPolicy">
<wsp:ExactlyOne>
<wsp:All>
