Author: sergeyb
Date: Mon Jul 18 13:49:35 2011
New Revision: 1147879
URL: http://svn.apache.org/viewvc?rev=1147879&view=rev
Log:
[CXF-3661] Adding system test interceptors which add and extract the signature
Added:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/BookServerXmlSec.java
(with props)
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSigTest.java
(with props)
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigInHandler.java
(with props)
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigOutInterceptor.java
(with props)
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/client.xml
(with props)
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/server.xml
(with props)
Modified:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/BookStore.java
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlInHandler.java
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlOutInterceptor.java
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderOutInterceptor.java
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml
Modified:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/BookStore.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/BookStore.java?rev=1147879&r1=1147878&r2=1147879&view=diff
==============================================================================
---
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/BookStore.java
(original)
+++
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/BookStore.java
Mon Jul 18 13:49:35 2011
@@ -20,15 +20,15 @@
package org.apache.cxf.systest.jaxrs.security;
+import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
+import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
@Path("/bookstore")
public class BookStore {
-
- private Book book = new Book();
public BookStore() {
}
@@ -37,6 +37,14 @@ public class BookStore {
@Path("/books/{bookId}/")
@Produces("application/xml")
public Book getBook(@PathParam("bookId") String id) {
+ return new Book();
+ }
+
+ @POST
+ @Path("/books")
+ @Produces("application/xml")
+ @Consumes("application/xml")
+ public Book addBook(Book book) {
return book;
}
}
Modified:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlInHandler.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlInHandler.java?rev=1147879&r1=1147878&r2=1147879&view=diff
==============================================================================
---
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlInHandler.java
(original)
+++
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlInHandler.java
Mon Jul 18 13:49:35 2011
@@ -136,58 +136,6 @@ public abstract class AbstractSamlInHand
throw ex != null ? new WebApplicationException(ex, response) : new
WebApplicationException(response);
}
- protected Crypto getCrypto(Message message, String propKey)
- throws IOException, WSSecurityException {
-
- Object o = message.getContextualProperty(propKey);
- if (o == null) {
- return null;
- }
-
- ClassLoader orig = Thread.currentThread().getContextClassLoader();
- try {
- URL url = ClassLoaderUtils.getResource((String)o, this.getClass());
- if (url == null) {
- ResourceManager manager = message.getExchange()
- .getBus().getExtension(ResourceManager.class);
- ClassLoader loader = manager.resolveResource("",
ClassLoader.class);
- if (loader != null) {
- Thread.currentThread().setContextClassLoader(loader);
- }
- url = manager.resolveResource((String)o, URL.class);
- }
- if (url != null) {
- Properties props = new Properties();
- InputStream in = url.openStream();
- props.load(in);
- in.close();
- return CryptoFactory.getInstance(props);
- } else {
- return CryptoFactory.getInstance((String)o);
- }
- } finally {
- Thread.currentThread().setContextClassLoader(orig);
- }
- }
-
- private CallbackHandler getCallbackHandler(Message message) {
- //Then try to get the password from the given callback handler
- Object o =
message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
-
- CallbackHandler handler = null;
- if (o instanceof CallbackHandler) {
- handler = (CallbackHandler)o;
- } else if (o instanceof String) {
- try {
- handler = (CallbackHandler)ClassLoaderUtils
- .loadClass((String)o, this.getClass()).newInstance();
- } catch (Exception e) {
- handler = null;
- }
- }
- return handler;
- }
-
// TODO: Most of this code can make it into rt/security to minimize the
duplication
// between ws/security and rs/security
@@ -345,4 +293,57 @@ public abstract class AbstractSamlInHand
}
return false;
}
+
+ // this code will be moved to a common utility class
+ protected Crypto getCrypto(Message message, String propKey)
+ throws IOException, WSSecurityException {
+
+ Object o = message.getContextualProperty(propKey);
+ if (o == null) {
+ return null;
+ }
+
+ ClassLoader orig = Thread.currentThread().getContextClassLoader();
+ try {
+ URL url = ClassLoaderUtils.getResource((String)o, this.getClass());
+ if (url == null) {
+ ResourceManager manager = message.getExchange()
+ .getBus().getExtension(ResourceManager.class);
+ ClassLoader loader = manager.resolveResource("",
ClassLoader.class);
+ if (loader != null) {
+ Thread.currentThread().setContextClassLoader(loader);
+ }
+ url = manager.resolveResource((String)o, URL.class);
+ }
+ if (url != null) {
+ Properties props = new Properties();
+ InputStream in = url.openStream();
+ props.load(in);
+ in.close();
+ return CryptoFactory.getInstance(props);
+ } else {
+ return CryptoFactory.getInstance((String)o);
+ }
+ } finally {
+ Thread.currentThread().setContextClassLoader(orig);
+ }
+ }
+
+ private CallbackHandler getCallbackHandler(Message message) {
+ //Then try to get the password from the given callback handler
+ Object o =
message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
+
+ CallbackHandler handler = null;
+ if (o instanceof CallbackHandler) {
+ handler = (CallbackHandler)o;
+ } else if (o instanceof String) {
+ try {
+ handler = (CallbackHandler)ClassLoaderUtils
+ .loadClass((String)o, this.getClass()).newInstance();
+ } catch (Exception e) {
+ handler = null;
+ }
+ }
+ return handler;
+ }
}
Modified:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlOutInterceptor.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlOutInterceptor.java?rev=1147879&r1=1147878&r2=1147879&view=diff
==============================================================================
---
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlOutInterceptor.java
(original)
+++
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/AbstractSamlOutInterceptor.java
Mon Jul 18 13:49:35 2011
@@ -71,29 +71,19 @@ public abstract class AbstractSamlOutInt
message, SecurityConstants.SELF_SIGN_SAML_ASSERTION, false
);
if (selfSignAssertion) {
+ //--- This code will be moved to a common utility class
Crypto crypto = getCrypto(message,
SecurityConstants.SIGNATURE_CRYPTO,
SecurityConstants.SIGNATURE_PROPERTIES);
- String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
- String user =
(String)message.getContextualProperty(userNameKey);
- if (crypto != null && StringUtils.isEmpty(user)) {
- try {
- user = crypto.getDefaultX509Identifier();
- } catch (WSSecurityException e1) {
- throw new Fault(e1);
- }
- }
+ String user = getUserName(message, crypto);
if (StringUtils.isEmpty(user)) {
return assertion;
}
- CallbackHandler handler = getCallbackHandler(message);
- String password = getPassword(handler, user,
WSPasswordCallback.SIGNATURE);
- if (password == null) {
- password = "";
- }
-
+ String password = getPassword(message, user,
WSPasswordCallback.SIGNATURE);
+ //---
+
// TODO configure using a KeyValue here
assertion.signAssertion(user, password, crypto, false);
}
@@ -107,7 +97,23 @@ public abstract class AbstractSamlOutInt
}
- private String getPassword(CallbackHandler handler, String userName, int
type) {
+ // This code will be moved to a common utility class
+ private String getUserName(Message message, Crypto crypto) {
+ String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
+ String user = (String)message.getContextualProperty(userNameKey);
+ if (crypto != null && StringUtils.isEmpty(user)) {
+ try {
+ user = crypto.getDefaultX509Identifier();
+ } catch (WSSecurityException e1) {
+ throw new Fault(e1);
+ }
+ }
+ return user;
+ }
+
+
+ private String getPassword(Message message, String userName, int type) {
+ CallbackHandler handler = getCallbackHandler(message);
if (handler == null) {
return null;
}
@@ -120,7 +126,8 @@ public abstract class AbstractSamlOutInt
}
//get the password
- return cb[0].getPassword();
+ String password = cb[0].getPassword();
+ return password == null ? "" : password;
}
private CallbackHandler getCallbackHandler(Message message) {
Modified:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderOutInterceptor.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderOutInterceptor.java?rev=1147879&r1=1147878&r2=1147879&view=diff
==============================================================================
---
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderOutInterceptor.java
(original)
+++
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/SamlHeaderOutInterceptor.java
Mon Jul 18 13:49:35 2011
@@ -34,11 +34,16 @@ import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.ws.security.saml.ext.OpenSAMLUtil;
public class SamlHeaderOutInterceptor extends AbstractSamlOutInterceptor {
private static final Logger LOG =
LogUtils.getL7dLogger(SamlHeaderOutInterceptor.class);
+ static {
+ OpenSAMLUtil.initSamlEngine();
+ }
+
private boolean useDeflateEncoding = true;
public SamlHeaderOutInterceptor() {
Added:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/BookServerXmlSec.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/BookServerXmlSec.java?rev=1147879&view=auto
==============================================================================
---
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/BookServerXmlSec.java
(added)
+++
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/BookServerXmlSec.java
Mon Jul 18 13:49:35 2011
@@ -0,0 +1,75 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.jaxrs.security.xml;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.jaxrs.JAXRSServerFactoryBean;
+import org.apache.cxf.jaxrs.lifecycle.SingletonResourceProvider;
+import org.apache.cxf.systest.jaxrs.security.BookStore;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+import org.apache.cxf.testutil.common.TestUtil;
+
+public class BookServerXmlSec extends AbstractBusTestServerBase {
+ public static final String PORT = TestUtil.getPortNumber("jaxrs-xmlsig");
+ private static final String SERVER_CONFIG_FILE =
+ "org/apache/cxf/systest/jaxrs/security/xml/server.xml";
+
+ protected void run() {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus springBus = bf.createBus(SERVER_CONFIG_FILE);
+ BusFactory.setDefaultBus(springBus);
+
+ JAXRSServerFactoryBean sf = new JAXRSServerFactoryBean();
+
+ sf.setResourceClasses(BookStore.class);
+
+ sf.setProvider(new XmlSigInHandler());
+
+ sf.setResourceProvider(BookStore.class,
+ new SingletonResourceProvider(new BookStore(),
true));
+ sf.setAddress("https://localhost:"; + PORT + "/");
+
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put("ws-security.callback-handler",
+
"org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
+ properties.put("ws-security.signature.properties",
+
"org/apache/cxf/systest/jaxrs/security/alice.properties");
+ sf.setProperties(properties);
+
+ sf.create();
+ }
+
+ public static void main(String[] args) {
+ try {
+ BookServerXmlSec s = new BookServerXmlSec();
+ s.start();
+ } catch (Exception ex) {
+ ex.printStackTrace();
+ System.exit(-1);
+ } finally {
+ System.out.println("done!");
+ }
+ }
+}
Propchange:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/BookServerXmlSec.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/BookServerXmlSec.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSigTest.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSigTest.java?rev=1147879&view=auto
==============================================================================
---
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSigTest.java
(added)
+++
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSigTest.java
Mon Jul 18 13:49:35 2011
@@ -0,0 +1,85 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.jaxrs.security.xml;
+
+import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.jaxrs.client.ClientWebApplicationException;
+import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean;
+import org.apache.cxf.jaxrs.client.ServerWebApplicationException;
+import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.cxf.systest.jaxrs.security.Book;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+public class JAXRSXmlSigTest extends AbstractBusClientServerTestBase {
+ public static final String PORT = BookServerXmlSec.PORT;
+
+ @BeforeClass
+ public static void startServers() throws Exception {
+ assertTrue("server did not launch correctly",
+ launchServer(BookServerXmlSec.class, true));
+ }
+
+ @Test
+ public void testPostBookWithEnvelopedSig() throws Exception {
+ String address = "https://localhost:"; + PORT + "/bookstore/books";
+ JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+ bean.setAddress(address);
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = JAXRSXmlSigTest.class.getResource("client.xml");
+ Bus springBus = bf.createBus(busFile.toString());
+ bean.setBus(springBus);
+
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put("ws-security.callback-handler",
+
"org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
+ properties.put("ws-security.signature.username", "alice");
+ properties.put("ws-security.signature.properties",
+
"org/apache/cxf/systest/jaxrs/security/alice.properties");
+ bean.setProperties(properties);
+ bean.getOutInterceptors().add(new XmlSigOutInterceptor());
+
+
+ WebClient wc = bean.createWebClient();
+ try {
+ Book book = wc.post(new Book("CXF", 126L), Book.class);
+ assertEquals(126L, book.getId());
+ } catch (ServerWebApplicationException ex) {
+ fail(ex.getMessage());
+ } catch (ClientWebApplicationException ex) {
+ if (ex.getCause() != null && ex.getCause().getMessage() != null) {
+ fail(ex.getCause().getMessage());
+ } else {
+ fail(ex.getMessage());
+ }
+ }
+
+ }
+
+
+}
Propchange:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSigTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSigTest.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigInHandler.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigInHandler.java?rev=1147879&view=auto
==============================================================================
---
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigInHandler.java
(added)
+++
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigInHandler.java
Mon Jul 18 13:49:35 2011
@@ -0,0 +1,243 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.jaxrs.security.xml;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+import java.util.Properties;
+import java.util.logging.Logger;
+
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Response;
+import javax.xml.stream.XMLStreamReader;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import org.apache.cxf.common.classloader.ClassLoaderUtils;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.jaxrs.ext.RequestHandler;
+import org.apache.cxf.jaxrs.model.ClassResourceInfo;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.resource.ResourceManager;
+import org.apache.cxf.staxutils.W3CDOMStreamReader;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.validate.Credential;
+import org.apache.ws.security.validate.SignatureTrustValidator;
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.keys.KeyInfo;
+import org.apache.xml.security.signature.Reference;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.transforms.Transform;
+import org.apache.xml.security.transforms.Transforms;
+import org.apache.xml.security.utils.Constants;
+
+public class XmlSigInHandler implements RequestHandler {
+ private static final Logger LOG =
+ LogUtils.getL7dLogger(XmlSigInHandler.class);
+
+ static {
+ org.apache.xml.security.Init.init();
+ }
+
+ public Response handleRequest(Message message, ClassResourceInfo
resourceClass) {
+
+ String method = (String)message.get(Message.HTTP_REQUEST_METHOD);
+ if ("GET".equals(method)) {
+ return null;
+ }
+
+ InputStream is = message.getContent(InputStream.class);
+ Document doc = null;
+ try {
+ doc = DOMUtils.readXml(is);
+ } catch (Exception ex) {
+ throwFault("Invalid XML payload", ex);
+ }
+
+
+ Element root = doc.getDocumentElement();
+ Element sigElement = getSignatureElement(root);
+ if (sigElement == null) {
+ throwFault("Enveloped Signature is not available", null);
+ }
+
+ Crypto crypto = null;
+ try {
+ crypto = getCrypto(message,
SecurityConstants.SIGNATURE_PROPERTIES);
+ } catch (Exception ex) {
+ throwFault("Crypto can not be loaded", ex);
+ }
+ boolean valid = false;
+ try {
+ XMLSignature signature = new XMLSignature(sigElement, "");
+ // WSS4J SAMLUtil.getCredentialFromKeyInfo will also handle
+ // the X509IssuerSerial case
+ KeyInfo keyInfo = signature.getKeyInfo();
+
+ X509Certificate cert = keyInfo.getX509Certificate();
+ if (cert != null) {
+ valid = signature.checkSignatureValue(cert);
+ } else {
+ PublicKey pk = keyInfo.getPublicKey();
+ if (pk != null) {
+ valid = signature.checkSignatureValue(pk);
+ }
+ }
+ // is this call redundant given that signature.checkSignatureValue
uses References ?
+ validateReference(root, signature);
+
+ Credential trustCredential = new Credential();
+ trustCredential.setPublicKey(keyInfo.getPublicKey());
+ trustCredential.setCertificates(new
X509Certificate[]{keyInfo.getX509Certificate()});
+ validateTrust(trustCredential, crypto);
+ } catch (Exception ex) {
+ throwFault("Signature validation failed", ex);
+ }
+ if (!valid) {
+ throwFault("Signature validation failed", null);
+ }
+
+ root.removeAttribute("ID");
+ root.removeChild(sigElement);
+ message.setContent(XMLStreamReader.class,
+ new W3CDOMStreamReader(root));
+ message.setContent(InputStream.class, null);
+
+ //TODO: If we have a SAML assertion header as well with holder-of-key
or
+ // sender-vouches claims then we will need to store signature or parts
of it
+ // to validate that saml assertion and this payload have been signed
by the
+ // same key
+
+ return null;
+ }
+
+ private Element getSignatureElement(Element root) {
+ NodeList list = root.getElementsByTagNameNS(Constants.SignatureSpecNS,
"Signature");
+ if (list != null && list.getLength() == 1) {
+ return (Element)list.item(0);
+ }
+ return null;
+ }
+
+ private void validateTrust(Credential cred, Crypto crypto) throws
Exception {
+ SignatureTrustValidator validator = new SignatureTrustValidator();
+ RequestData data = new RequestData();
+ data.setSigCrypto(crypto);
+ validator.validate(cred, data);
+ }
+
+ protected void throwFault(String error, Exception ex) {
+ // TODO: get bundle resource message once this filter is moved
+ // to rt/rs/security
+ LOG.warning(error);
+ Response response = Response.status(401).entity(error).build();
+ throw ex != null ? new WebApplicationException(ex, response) : new
WebApplicationException(response);
+ }
+
+ // this code will be moved to a common utility class
+ protected Crypto getCrypto(Message message, String propKey)
+ throws IOException, WSSecurityException {
+
+ Object o = message.getContextualProperty(propKey);
+ if (o == null) {
+ return null;
+ }
+
+ ClassLoader orig = Thread.currentThread().getContextClassLoader();
+ try {
+ URL url = ClassLoaderUtils.getResource((String)o, this.getClass());
+ if (url == null) {
+ ResourceManager manager = message.getExchange()
+ .getBus().getExtension(ResourceManager.class);
+ ClassLoader loader = manager.resolveResource("",
ClassLoader.class);
+ if (loader != null) {
+ Thread.currentThread().setContextClassLoader(loader);
+ }
+ url = manager.resolveResource((String)o, URL.class);
+ }
+ if (url != null) {
+ Properties props = new Properties();
+ InputStream in = url.openStream();
+ props.load(in);
+ in.close();
+ return CryptoFactory.getInstance(props);
+ } else {
+ return CryptoFactory.getInstance((String)o);
+ }
+ } finally {
+ Thread.currentThread().setContextClassLoader(orig);
+ }
+ }
+
+ protected void validateReference(Element root, XMLSignature sig) {
+ Reference ref = null;
+ int count = sig.getSignedInfo().getLength();
+ if (count != 1) {
+ throwFault("Multiple Signature Reference are not currently
supported", null);
+ }
+ try {
+ ref = sig.getSignedInfo().item(0);
+ } catch (XMLSecurityException ex) {
+ throwFault("Signature Reference is not available", ex);
+ }
+ String rootId = root.getAttribute("ID");
+ String refId = ref.getId();
+ if (refId.length() == 0 && rootId.length() == 0) {
+ // or fragment must be expected ?
+ return;
+ }
+ if (refId.startsWith("#") && refId.length() > 1 &&
refId.substring(1).equals(rootId)) {
+ return;
+ } else {
+ throwFault("Signature Reference ID is invalid", null);
+ }
+ Transforms transforms = null;
+ try {
+ transforms = ref.getTransforms();
+ } catch (XMLSecurityException ex) {
+ throwFault("Signature transforms can not be obtained", ex);
+ }
+ boolean isEnveloped = false;
+ for (int i = 0; i < transforms.getLength(); i++) {
+ try {
+ Transform tr = transforms.item(i);
+ if
(Transforms.TRANSFORM_ENVELOPED_SIGNATURE.equals(tr.getURI())) {
+ isEnveloped = true;
+ break;
+ }
+ } catch (Exception ex) {
+ throwFault("Problem accessing Transform instance", ex);
+ }
+ }
+ if (!isEnveloped) {
+ throwFault("Only enveloped signatures are currently supported",
null);
+ }
+ }
+}
Propchange:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigInHandler.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigInHandler.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigOutInterceptor.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigOutInterceptor.java?rev=1147879&view=auto
==============================================================================
---
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigOutInterceptor.java
(added)
+++
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigOutInterceptor.java
Mon Jul 18 13:49:35 2011
@@ -0,0 +1,331 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.jaxrs.security.xml;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.lang.annotation.Annotation;
+import java.net.URL;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+import java.util.UUID;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.logging.Logger;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.MultivaluedMap;
+import javax.xml.stream.XMLStreamWriter;
+import javax.xml.transform.dom.DOMSource;
+
+import org.w3c.dom.Document;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.common.classloader.ClassLoaderUtils;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.endpoint.Endpoint;
+import org.apache.cxf.helpers.CastUtils;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.jaxrs.provider.JAXBElementProvider;
+import org.apache.cxf.jaxrs.provider.ProviderFactory;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageContentsList;
+import org.apache.cxf.phase.AbstractPhaseInterceptor;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.resource.ResourceManager;
+import org.apache.cxf.service.model.EndpointInfo;
+import org.apache.cxf.staxutils.W3CDOMStreamWriter;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.components.crypto.CryptoType;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.transforms.Transforms;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.ElementProxy;
+import org.opensaml.xml.signature.SignatureConstants;
+
+public class XmlSigOutInterceptor extends AbstractPhaseInterceptor<Message> {
+ private static final Logger LOG =
+ LogUtils.getL7dLogger(XmlSigOutInterceptor.class);
+ private static final String CRYPTO_CACHE = "ws-security.crypto.cache";
+
+ static {
+ org.apache.xml.security.Init.init();
+ }
+
+ private boolean createReferenceId = true;
+
+ public XmlSigOutInterceptor() {
+ super(Phase.WRITE);
+ }
+
+ public void setCreateReferenceId(boolean create) {
+ createReferenceId = create;
+ }
+
+ public void handleMessage(Message message) throws Fault {
+ try {
+ Object body = getRequestBody(message);
+ if (body == null) {
+ return;
+ }
+ Document doc = getDomDocument(body, message);
+ if (doc == null) {
+ return;
+ }
+
+ createEnvelopedSignature(message, doc);
+ message.setContent(List.class,
+ new MessageContentsList(new DOMSource(doc)));
+ } catch (Exception ex) {
+ StringWriter sw = new StringWriter();
+ ex.printStackTrace(new PrintWriter(sw));
+ LOG.warning(sw.toString());
+ throw new Fault(new RuntimeException(ex.getMessage() + ",
stacktrace: " + sw.toString()));
+ }
+ }
+
+ // enveloping & detached sigs will be supported too
+ private void createEnvelopedSignature(Message message, Document doc)
+ throws Exception {
+ //--- This code will be moved to a common utility class
+ Crypto crypto = getCrypto(message,
+ SecurityConstants.SIGNATURE_CRYPTO,
+ SecurityConstants.SIGNATURE_PROPERTIES);
+
+ String user = getUserName(message, crypto);
+ if (StringUtils.isEmpty(user)) {
+ return;
+ }
+
+ String password = getPassword(message, user,
WSPasswordCallback.SIGNATURE);
+ //---
+ //
+ // prepare to sign the SAML token
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias(user);
+ X509Certificate[] issuerCerts = crypto.getX509Certificates(cryptoType);
+ if (issuerCerts == null) {
+ throw new WSSecurityException(
+ "No issuer certs were found to sign the document using issuer
name: "
+ + user);
+ }
+
+ String sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1;
+ String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
+ if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
+ sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_DSA;
+ }
+ PrivateKey privateKey = null;
+ try {
+ privateKey = crypto.getPrivateKey(user, password);
+ } catch (Exception ex) {
+ throw new WSSecurityException(ex.getMessage(), ex);
+ }
+ //
+ ElementProxy.setDefaultPrefix(Constants.SignatureSpecNS, "ds");
+
+ String referenceId = "";
+ if (createReferenceId) {
+ String id = UUID.randomUUID().toString();
+ referenceId = "#" + id;
+ doc.getDocumentElement().setAttribute("ID", id);
+ }
+
+ XMLSignature sig = new XMLSignature(doc, "", sigAlgo);
+ doc.getDocumentElement().appendChild(sig.getElement());
+ Transforms transforms = new Transforms(doc);
+ transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
+ transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
+
+ sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1,
referenceId, null);
+
+ sig.addKeyInfo(issuerCerts[0]);
+ sig.addKeyInfo(issuerCerts[0].getPublicKey());
+ sig.sign(privateKey);
+ }
+
+ private Object getRequestBody(Message message) {
+ MessageContentsList objs =
MessageContentsList.getContentsList(message);
+ if (objs == null || objs.size() == 0) {
+ return null;
+ } else {
+ return objs.get(0);
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ private Document getDomDocument(Object body, Message m) throws Exception {
+
+ ProviderFactory pf = ProviderFactory.getInstance(m);
+
+ Object providerObject = pf.createMessageBodyWriter(body.getClass(),
+ body.getClass(), new Annotation[]{},
+ MediaType.APPLICATION_XML_TYPE, m);
+ if (!(providerObject instanceof JAXBElementProvider)) {
+ return null;
+ }
+ JAXBElementProvider provider = (JAXBElementProvider)providerObject;
+ W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
+ m.setContent(XMLStreamWriter.class, writer);
+ provider.writeTo(body, body.getClass(),
+ body.getClass(), new Annotation[]{},
+ MediaType.APPLICATION_XML_TYPE,
+ (MultivaluedMap)m.get(Message.PROTOCOL_HEADERS),
null);
+ return writer.getDocument();
+ }
+
+ // This code will be moved to a common utility class
+ private String getUserName(Message message, Crypto crypto) {
+ String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
+ String user = (String)message.getContextualProperty(userNameKey);
+ if (crypto != null && StringUtils.isEmpty(user)) {
+ try {
+ user = crypto.getDefaultX509Identifier();
+ } catch (WSSecurityException e1) {
+ throw new Fault(e1);
+ }
+ }
+ return user;
+ }
+
+
+ private String getPassword(Message message, String userName, int type) {
+ CallbackHandler handler = getCallbackHandler(message);
+ if (handler == null) {
+ return null;
+ }
+
+ WSPasswordCallback[] cb = {new WSPasswordCallback(userName, type)};
+ try {
+ handler.handle(cb);
+ } catch (Exception e) {
+ return null;
+ }
+
+ //get the password
+ String password = cb[0].getPassword();
+ return password == null ? "" : password;
+ }
+
+ private CallbackHandler getCallbackHandler(Message message) {
+ //Then try to get the password from the given callback handler
+ Object o =
message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
+
+ CallbackHandler handler = null;
+ if (o instanceof CallbackHandler) {
+ handler = (CallbackHandler)o;
+ } else if (o instanceof String) {
+ try {
+ handler = (CallbackHandler)ClassLoaderUtils
+ .loadClass((String)o, this.getClass()).newInstance();
+ } catch (Exception e) {
+ handler = null;
+ }
+ }
+ return handler;
+ }
+
+ private Crypto getCrypto(Message message,
+ String cryptoKey,
+ String propKey) {
+ Crypto crypto = (Crypto)message.getContextualProperty(cryptoKey);
+ if (crypto != null) {
+ return crypto;
+ }
+
+ Object o = message.getContextualProperty(propKey);
+ if (o == null) {
+ return null;
+ }
+
+ crypto = getCryptoCache(message).get(o);
+ if (crypto != null) {
+ return crypto;
+ }
+ Properties properties = null;
+ if (o instanceof Properties) {
+ properties = (Properties)o;
+ } else if (o instanceof String) {
+ ResourceManager rm =
message.getExchange().get(Bus.class).getExtension(ResourceManager.class);
+ URL url = rm.resolveResource((String)o, URL.class);
+ try {
+ if (url == null) {
+ url = ClassLoaderUtils.getResource((String)o,
this.getClass());
+ }
+ if (url == null) {
+ try {
+ url = new URL((String)o);
+ } catch (Exception ex) {
+ throw new RuntimeException(ex);
+ }
+ }
+ if (url != null) {
+ InputStream ins = url.openStream();
+ properties = new Properties();
+ properties.load(ins);
+ ins.close();
+ }
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ }
+ } else if (o instanceof URL) {
+ properties = new Properties();
+ try {
+ InputStream ins = ((URL)o).openStream();
+ properties.load(ins);
+ ins.close();
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ if (properties != null) {
+ try {
+ crypto = CryptoFactory.getInstance(properties);
+ } catch (Exception ex) {
+ return null;
+ }
+ getCryptoCache(message).put(o, crypto);
+ }
+ return crypto;
+ }
+
+ protected final Map<Object, Crypto> getCryptoCache(Message message) {
+ EndpointInfo info =
message.getExchange().get(Endpoint.class).getEndpointInfo();
+ synchronized (info) {
+ Map<Object, Crypto> o =
+ CastUtils.cast((Map<?,
?>)message.getContextualProperty(CRYPTO_CACHE));
+ if (o == null) {
+ o = new ConcurrentHashMap<Object, Crypto>();
+ info.setProperty(CRYPTO_CACHE, o);
+ }
+ return o;
+ }
+ }
+}
Propchange:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigOutInterceptor.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/XmlSigOutInterceptor.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Added:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/client.xml
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/client.xml?rev=1147879&view=auto
==============================================================================
---
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/client.xml
(added)
+++
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/client.xml
Mon Jul 18 13:49:35 2011
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xmlns:http="http://cxf.apache.org/transports/http/configuration";
+ xmlns:jaxws="http://cxf.apache.org/jaxws";
+ xmlns:cxf="http://cxf.apache.org/core";
+ xmlns:p="http://cxf.apache.org/policy";
+ xmlns:sec="http://cxf.apache.org/configuration/security";
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd
+ http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://cxf.apache.org/policy
http://cxf.apache.org/schemas/policy.xsd";
+>
+ <bean
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+
+ <http:conduit name="https://localhost.*";>
+ <http:client ConnectionTimeout="3000000" ReceiveTimeout="3000000"/>
+ <http:tlsClientParameters disableCNCheck="true">
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password"
+
file="src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password"
+
file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
+ </sec:trustManagers>
+ </http:tlsClientParameters>
+ </http:conduit>
+
+</beans>
Propchange:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/client.xml
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/client.xml
------------------------------------------------------------------------------
svn:keywords = Rev Date
Propchange:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/client.xml
------------------------------------------------------------------------------
svn:mime-type = text/xml
Added:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/server.xml
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/server.xml?rev=1147879&view=auto
==============================================================================
---
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/server.xml
(added)
+++
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/server.xml
Mon Jul 18 13:49:35 2011
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xmlns:http="http://cxf.apache.org/transports/http/configuration";
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration";
+ xmlns:sec="http://cxf.apache.org/configuration/security";
+ xmlns:cxf="http://cxf.apache.org/core";
+ xsi:schemaLocation="
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration
http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
+ ">
+
+ <bean
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+
+ <httpj:engine-factory id="port-9095-tls-config">
+ <httpj:engine port="${testutil.ports.jaxrs-xmlsig}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password"
+
file="src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password"
+
file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:cipherSuitesFilter>
+ <sec:include>.*_EXPORT_.*</sec:include>
+ <sec:include>.*_EXPORT1024_.*</sec:include>
+ <sec:include>.*_WITH_DES_.*</sec:include>
+ <sec:include>.*_WITH_NULL_.*</sec:include>
+ <sec:exclude>.*_DH_anon_.*</sec:exclude>
+ </sec:cipherSuitesFilter>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpj:tlsServerParameters>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+</beans>
Propchange:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/server.xml
------------------------------------------------------------------------------
svn:eol-style = native
Propchange:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/server.xml
------------------------------------------------------------------------------
svn:keywords = Rev Date
Propchange:
cxf/trunk/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/server.xml
------------------------------------------------------------------------------
svn:mime-type = text/xml
Modified:
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml?rev=1147879&r1=1147878&r2=1147879&view=diff
==============================================================================
---
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml
(original)
+++
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml
Mon Jul 18 13:49:35 2011
@@ -42,6 +42,7 @@
</cxf:bus>
<http:conduit name="https://localhost.*";>
+ <http:client ConnectionTimeout="6000000" ReceiveTimeout="6000000"/>
<http:tlsClientParameters disableCNCheck="true">
<sec:keyManagers keyPassword="password">
<sec:keyStore type="jks" password="password"
resource="org/apache/cxf/systest/ws/security/Morpit.jks"/>
