Author: coheigea Date: Fri Aug 3 15:30:28 2012 New Revision: 1369037 URL: http://svn.apache.org/viewvc?rev=1369037&view=rev Log: Merged revisions 1369003 via git cherry-pick from https://svn.apache.org/repos/asf/cxf/branches/2.5.x-fixes
........ r1369003 | coheigea | 2012-08-03 15:55:42 +0100 (Fri, 03 Aug 2012) | 18 lines Merged revisions 1368995 via git cherry-pick from https://svn.apache.org/repos/asf/cxf/branches/2.6.x-fixes ........ r1368995 | coheigea | 2012-08-03 15:47:54 +0100 (Fri, 03 Aug 2012) | 10 lines Merged revisions 1368990 via git cherry-pick from https://svn.apache.org/repos/asf/cxf/trunk ........ r1368990 | coheigea | 2012-08-03 15:43:45 +0100 (Fri, 03 Aug 2012) | 2 lines [CXF-4453] - Updated WS-Security samples to use the DefaultCryptoCoverageChecker ........ ........ ........ Modified: cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/README.txt cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/client/Client.java cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/server/Server.java cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut/README.txt cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/README.txt cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/src/main/java/demo/wssec/client/Client.java cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/src/main/java/demo/wssec/server/Server.java Modified: cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/README.txt URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/README.txt?rev=1369037&r1=1369036&r2=1369037&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/README.txt (original) +++ cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/README.txt Fri Aug 3 15:30:28 2012 @@ -3,11 +3,15 @@ WS-Security Demo (Signature and Encrypt This demo shows how WS-Security support in Apache CXF may be enabled. -WS-Security can be configured to the Client and Server endpoints by adding WSS4JInterceptors. -Both Server and Client can be configured for outgoing and incoming interceptors. Various Actions like, -Timestamp, UsernameToken, Signature, Encryption, etc., can be applied to the interceptors by passing +WS-Security can be configured to the Client and Server endpoints by adding +WSS4JInterceptors. Both Server and Client can be configured for outgoing and +incoming interceptors. Various Actions like, Timestamp, UsernameToken, +Signature, Encryption, etc., can be applied to the interceptors by passing appropriate configuration properties. +This demo also shows how the DefaultCryptoCoverageChecker can be used to +make sure that the correct Elements were signed and/or encrypted. + The logging feature is used to log the inbound and outbound SOAP messages and display these to the console. @@ -140,7 +144,5 @@ The server process starts in a new comma After running the client, terminate the server process. To remove the code generated from the WSDL file and the .class -files, either delete the build directory and its contents or run: - - ant clean +files, delete the build directory and its contents. Modified: cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/client/Client.java URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/client/Client.java?rev=1369037&r1=1369036&r2=1369037&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/client/Client.java (original) +++ cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/client/Client.java Fri Aug 3 15:30:28 2012 @@ -30,6 +30,7 @@ import org.apache.cxf.bus.spring.SpringB import org.apache.cxf.hello_world_soap_http.Greeter; import org.apache.cxf.hello_world_soap_http.GreeterService; +import org.apache.cxf.ws.security.wss4j.DefaultCryptoCoverageChecker; import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor; import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor; @@ -55,12 +56,9 @@ public final class Client { outProps.put("action", "UsernameToken Timestamp Signature Encrypt"); outProps.put("passwordType", "PasswordDigest"); - outProps.put("user", "clientx509v1"); - //If you are using the patch WSS-194, then uncomment below two lines and - //comment the above "user" prop line. - //outProps.put("user", "abcd"); - //outProps.put("signatureUser", "clientx509v1"); + outProps.put("user", "abcd"); + outProps.put("signatureUser", "clientx509v1"); outProps.put("passwordCallbackClass", "demo.wssec.client.UTPasswordCallback"); @@ -93,6 +91,14 @@ public final class Client { bus.getInInterceptors().add(new WSS4JInInterceptor(inProps)); + // Check to make sure that the SOAP Body and Timestamp were signed, + // and that the SOAP Body was encrypted + DefaultCryptoCoverageChecker coverageChecker = new DefaultCryptoCoverageChecker(); + coverageChecker.setSignBody(true); + coverageChecker.setSignTimestamp(true); + coverageChecker.setEncryptBody(true); + bus.getInInterceptors().add(coverageChecker); + GreeterService service = new GreeterService(); Greeter port = service.getGreeterPort(); @@ -104,7 +110,7 @@ public final class Client { System.out.println("response: " + response + "\n"); } - // allow aynchronous resends to occur + // allow asynchronous resends to occur Thread.sleep(30 * 1000); bus.shutdown(true); Modified: cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/server/Server.java URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/server/Server.java?rev=1369037&r1=1369036&r2=1369037&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/server/Server.java (original) +++ cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/sign_enc/src/main/java/demo/wssec/server/Server.java Fri Aug 3 15:30:28 2012 @@ -29,6 +29,8 @@ import javax.xml.ws.Endpoint; import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; + +import org.apache.cxf.ws.security.wss4j.DefaultCryptoCoverageChecker; import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor; import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor; @@ -55,13 +57,10 @@ public class Server { outProps.put("action", "UsernameToken Timestamp Signature Encrypt"); outProps.put("passwordType", "PasswordText"); - outProps.put("user", "serverx509v1"); outProps.put("passwordCallbackClass", "demo.wssec.server.UTPasswordCallback"); - //If you are using the patch WSS-194, then uncomment below two lines and - //comment the above "user" prop line. - //outProps.put("user", "Alice"); - //outProps.put("signatureUser", "serverx509v1"); + outProps.put("user", "Alice"); + outProps.put("signatureUser", "serverx509v1"); outProps.put("encryptionUser", "clientx509v1"); outProps.put("encryptionPropFile", "etc/Server_SignVerf.properties"); @@ -90,6 +89,14 @@ public class Server { bus.getInInterceptors().add(new WSS4JInInterceptor(inProps)); + // Check to make sure that the SOAP Body and Timestamp were signed, + // and that the SOAP Body was encrypted + DefaultCryptoCoverageChecker coverageChecker = new DefaultCryptoCoverageChecker(); + coverageChecker.setSignBody(true); + coverageChecker.setSignTimestamp(true); + coverageChecker.setEncryptBody(true); + bus.getInInterceptors().add(coverageChecker); + BusFactory.setDefaultBus(bus); new Server(); Modified: cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut/README.txt URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut/README.txt?rev=1369037&r1=1369036&r2=1369037&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut/README.txt (original) +++ cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut/README.txt Fri Aug 3 15:30:28 2012 @@ -3,9 +3,10 @@ WS-Security Demo (UsernameToken and Tim This demo shows how WS-Security support in Apache CXF may be enabled. -WS-Security can be configured to the Client and Server endpoints by adding WSS4JInterceptors. -Both Server and Client can be configured for outgoing and incoming interceptors. Various Actions like, -Timestamp, UsernameToken, Signature, Encryption, etc., can be applied to the interceptors by passing +WS-Security can be configured to the Client and Server endpoints by adding +WSS4JInterceptors. Both Server and Client can be configured for outgoing and +incoming interceptors. Various Actions like, Timestamp, UsernameToken, +Signature, Encryption, etc., can be applied to the interceptors by passing appropriate configuration properties. The logging feature is used to log the inbound and outbound Modified: cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/README.txt URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/README.txt?rev=1369037&r1=1369036&r2=1369037&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/README.txt (original) +++ cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/README.txt Fri Aug 3 15:30:28 2012 @@ -3,11 +3,15 @@ WS-Security Demo (Signature and Usernam This demo shows how WS-Security support in Apache CXF may be enabled. -WS-Security can be configured to the Client and Server endpoints by adding WSS4JInterceptors. -Both Server and Client can be configured for outgoing and incoming interceptors. Various Actions like, -Timestamp, UsernameToken, Signature, Encryption, etc., can be applied to the interceptors by passing +WS-Security can be configured to the Client and Server endpoints by adding +WSS4JInterceptors. Both Server and Client can be configured for outgoing and +incoming interceptors. Various Actions like, Timestamp, UsernameToken, +Signature, Encryption, etc., can be applied to the interceptors by passing appropriate configuration properties. +This demo also shows how the DefaultCryptoCoverageChecker can be used to +make sure that the correct Elements were signed and/or encrypted. + The logging feature is used to log the inbound and outbound SOAP messages and display these to the console. @@ -140,7 +144,5 @@ The server process starts in a new comma After running the client, terminate the server process. To remove the code generated from the WSDL file and the .class -files, either delete the build directory and its contents or run: - - ant clean +files, delete the build directory and its contents. Modified: cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/src/main/java/demo/wssec/client/Client.java URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/src/main/java/demo/wssec/client/Client.java?rev=1369037&r1=1369036&r2=1369037&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/src/main/java/demo/wssec/client/Client.java (original) +++ cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/src/main/java/demo/wssec/client/Client.java Fri Aug 3 15:30:28 2012 @@ -30,6 +30,7 @@ import org.apache.cxf.bus.spring.SpringB import org.apache.cxf.hello_world_soap_http.Greeter; import org.apache.cxf.hello_world_soap_http.GreeterService; +import org.apache.cxf.ws.security.wss4j.DefaultCryptoCoverageChecker; import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor; import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor; @@ -55,13 +56,10 @@ public final class Client { outProps.put("action", "UsernameToken Timestamp Signature"); outProps.put("passwordType", "PasswordDigest"); - outProps.put("user", "clientx509v1"); outProps.put("passwordCallbackClass", "demo.wssec.client.UTPasswordCallback"); - //If you are using the patch WSS-194, then uncomment below two lines and comment - //the above "user" prop line. - //outProps.put("user", "abcd"); - //outProps.put("signatureUser", "clientx509v1"); + outProps.put("user", "abcd"); + outProps.put("signatureUser", "clientx509v1"); outProps.put("signaturePropFile", "etc/Client_Sign.properties"); outProps.put("signatureKeyIdentifier", "DirectReference"); outProps.put("signatureParts", @@ -81,6 +79,12 @@ public final class Client { bus.getInInterceptors().add(new WSS4JInInterceptor(inProps)); + // Check to make sure that the SOAP Body and Timestamp were signed + DefaultCryptoCoverageChecker coverageChecker = new DefaultCryptoCoverageChecker(); + coverageChecker.setSignBody(true); + coverageChecker.setSignTimestamp(true); + bus.getInInterceptors().add(coverageChecker); + GreeterService service = new GreeterService(); Greeter port = service.getGreeterPort(); Modified: cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/src/main/java/demo/wssec/server/Server.java URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/src/main/java/demo/wssec/server/Server.java?rev=1369037&r1=1369036&r2=1369037&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/src/main/java/demo/wssec/server/Server.java (original) +++ cxf/branches/2.4.x-fixes/distribution/src/main/release/samples/ws_security/ut_sign/src/main/java/demo/wssec/server/Server.java Fri Aug 3 15:30:28 2012 @@ -29,6 +29,7 @@ import javax.xml.ws.Endpoint; import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.ws.security.wss4j.DefaultCryptoCoverageChecker; import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor; import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor; @@ -56,12 +57,8 @@ public class Server { outProps.put("action", "UsernameToken Timestamp Signature"); outProps.put("passwordType", "PasswordText"); - outProps.put("user", "serverx509v1"); - - //If you are using WSS4J which includes a patch for WSS-194, then uncomment following 2 - //lines for "user" and "signatureUser" props and comment the above line for "user" props. - //outProps.put("user", "Alice"); - //outProps.put("signatureUser", "serverx509v1"); + outProps.put("user", "Alice"); + outProps.put("signatureUser", "serverx509v1"); outProps.put("passwordCallbackClass", "demo.wssec.server.UTPasswordCallback"); outProps.put("signaturePropFile", "etc/Server_Decrypt.properties"); @@ -82,6 +79,12 @@ public class Server { bus.getInInterceptors().add(new WSS4JInInterceptor(inProps)); + // Check to make sure that the SOAP Body and Timestamp were signed + DefaultCryptoCoverageChecker coverageChecker = new DefaultCryptoCoverageChecker(); + coverageChecker.setSignBody(true); + coverageChecker.setSignTimestamp(true); + bus.getInInterceptors().add(coverageChecker); + BusFactory.setDefaultBus(bus); new Server();
