Repository: cxf Updated Branches: refs/heads/master 4491a840c -> 2120019be
Adding a test-case for adding + parsing a BinarySecurityToken Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2120019b Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2120019b Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2120019b Branch: refs/heads/master Commit: 2120019be400eddd8f90c3a90ec01baa9c1439f1 Parents: 4491a84 Author: Colm O hEigeartaigh <[email protected]> Authored: Mon May 12 12:49:54 2014 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Mon May 12 12:49:54 2014 +0100 ---------------------------------------------------------------------- .../wss4j/BinarySecurityTokenInterceptor.java | 179 +++++++++++++++++++ .../wss4j/KerberosTokenInterceptor.java | 141 +-------------- .../apache/cxf/systest/ws/tokens/BSTServer.java | 47 +++++ .../ws/tokens/BinarySecurityTokenTest.java | 104 +++++++++++ .../cxf/systest/ws/tokens/DoubleItBSTImpl.java | 72 ++++++++ .../cxf/systest/ws/tokens/DoubleItTokens.wsdl | 18 ++ .../apache/cxf/systest/ws/tokens/bst-server.xml | 36 ++++ .../org/apache/cxf/systest/ws/tokens/client.xml | 6 + 8 files changed, 464 insertions(+), 139 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/2120019b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java new file mode 100644 index 0000000..052fc16 --- /dev/null +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/BinarySecurityTokenInterceptor.java @@ -0,0 +1,179 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.ws.security.wss4j; + +import java.security.Principal; +import java.util.ArrayList; +import java.util.List; + +import javax.security.auth.callback.CallbackHandler; +import javax.xml.namespace.QName; + +import org.w3c.dom.Element; + +import org.apache.cxf.binding.soap.SoapMessage; +import org.apache.cxf.common.classloader.ClassLoaderUtils; +import org.apache.cxf.headers.Header; +import org.apache.cxf.helpers.CastUtils; +import org.apache.cxf.helpers.DOMUtils; +import org.apache.cxf.interceptor.Fault; +import org.apache.cxf.interceptor.security.DefaultSecurityContext; +import org.apache.cxf.security.SecurityContext; +import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.tokenstore.SecurityToken; +import org.apache.cxf.ws.security.tokenstore.TokenStore; +import org.apache.wss4j.common.ext.WSSecurityException; +import org.apache.wss4j.dom.WSConstants; +import org.apache.wss4j.dom.WSDocInfo; +import org.apache.wss4j.dom.WSSConfig; +import org.apache.wss4j.dom.WSSecurityEngineResult; +import org.apache.wss4j.dom.handler.RequestData; +import org.apache.wss4j.dom.handler.WSHandlerConstants; +import org.apache.wss4j.dom.handler.WSHandlerResult; +import org.apache.wss4j.dom.processor.BinarySecurityTokenProcessor; +import org.apache.wss4j.dom.validate.Validator; +import org.apache.wss4j.policy.model.AbstractToken; + +/** + * An interceptor to add a BinarySecurityToken token to the security header of an outbound request, and to + * process a BinarySecurityToken on an inbound request. It takes the BinarySecurityToken from the message + * context on the outbound side. + */ +public class BinarySecurityTokenInterceptor extends AbstractTokenInterceptor { + + public BinarySecurityTokenInterceptor() { + super(); + } + + protected void processToken(SoapMessage message) { + Header h = findSecurityHeader(message, false); + if (h == null) { + return; + } + Element el = (Element)h.getObject(); + Element child = DOMUtils.getFirstElement(el); + while (child != null) { + if (WSConstants.BINARY_TOKEN_LN.equals(child.getLocalName()) + && WSConstants.WSSE_NS.equals(child.getNamespaceURI())) { + try { + List<WSSecurityEngineResult> bstResults = processToken(child, message); + if (bstResults != null) { + List<WSHandlerResult> results = CastUtils.cast((List<?>)message + .get(WSHandlerConstants.RECV_RESULTS)); + if (results == null) { + results = new ArrayList<WSHandlerResult>(); + message.put(WSHandlerConstants.RECV_RESULTS, results); + } + WSHandlerResult rResult = new WSHandlerResult(null, bstResults); + results.add(0, rResult); + + assertTokens(message); + + Principal principal = + (Principal)bstResults.get(0).get(WSSecurityEngineResult.TAG_PRINCIPAL); + message.put(WSS4JInInterceptor.PRINCIPAL_RESULT, principal); + + SecurityContext sc = message.get(SecurityContext.class); + if (sc == null || sc.getUserPrincipal() == null) { + message.put(SecurityContext.class, new DefaultSecurityContext(principal, null)); + } + + } + } catch (WSSecurityException ex) { + throw new Fault(ex); + } + } + child = DOMUtils.getNextElement(child); + } + } + + private List<WSSecurityEngineResult> processToken(Element tokenElement, final SoapMessage message) + throws WSSecurityException { + WSDocInfo wsDocInfo = new WSDocInfo(tokenElement.getOwnerDocument()); + RequestData data = new RequestData() { + public CallbackHandler getCallbackHandler() { + return getCallback(message); + } + public Validator getValidator(QName qName) throws WSSecurityException { + String key = SecurityConstants.BST_TOKEN_VALIDATOR; + Object o = message.getContextualProperty(key); + try { + if (o instanceof Validator) { + return (Validator)o; + } else if (o instanceof Class) { + return (Validator)((Class<?>)o).newInstance(); + } else if (o instanceof String) { + return (Validator)ClassLoaderUtils.loadClass(o.toString(), + BinarySecurityTokenInterceptor.class) + .newInstance(); + } + } catch (RuntimeException t) { + throw t; + } catch (Exception ex) { + throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex); + } + return super.getValidator(qName); + } + }; + data.setWssConfig(WSSConfig.getNewInstance()); + + BinarySecurityTokenProcessor p = new BinarySecurityTokenProcessor(); + List<WSSecurityEngineResult> results = + p.handleToken(tokenElement, data, wsDocInfo); + return results; + } + + protected AbstractToken assertTokens(SoapMessage message) { + // Assert tokens here if required + return null; + } + + protected void addToken(SoapMessage message) { + SecurityToken securityToken = getSecurityToken(message); + if (securityToken == null || securityToken.getToken() == null) { + // No SecurityToken so just return + return; + } + + assertTokens(message); + Header h = findSecurityHeader(message, true); + Element el = (Element)h.getObject(); + el.appendChild(el.getOwnerDocument().importNode(securityToken.getToken(), true)); + } + + private SecurityToken getSecurityToken(SoapMessage message) { + if (message.getContextualProperty(SecurityConstants.TOKEN) instanceof SecurityToken) { + return (SecurityToken)message.getContextualProperty(SecurityConstants.TOKEN); + } + + // Get the TokenStore + TokenStore tokenStore = getTokenStore(message); + if (tokenStore == null) { + return null; + } + + String id = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID); + if (id != null) { + return tokenStore.getToken(id); + } + return null; + } + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/2120019b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/KerberosTokenInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/KerberosTokenInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/KerberosTokenInterceptor.java index 4bd9baa..5900c10 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/KerberosTokenInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/KerberosTokenInterceptor.java @@ -19,37 +19,8 @@ package org.apache.cxf.ws.security.wss4j; -import java.security.Principal; -import java.util.ArrayList; -import java.util.List; - -import javax.security.auth.callback.CallbackHandler; -import javax.xml.namespace.QName; - -import org.w3c.dom.Element; - import org.apache.cxf.binding.soap.SoapMessage; -import org.apache.cxf.common.classloader.ClassLoaderUtils; -import org.apache.cxf.headers.Header; -import org.apache.cxf.helpers.CastUtils; -import org.apache.cxf.helpers.DOMUtils; -import org.apache.cxf.interceptor.Fault; -import org.apache.cxf.interceptor.security.DefaultSecurityContext; -import org.apache.cxf.security.SecurityContext; import org.apache.cxf.ws.policy.AssertionInfoMap; -import org.apache.cxf.ws.security.SecurityConstants; -import org.apache.cxf.ws.security.tokenstore.SecurityToken; -import org.apache.cxf.ws.security.tokenstore.TokenStore; -import org.apache.wss4j.common.ext.WSSecurityException; -import org.apache.wss4j.dom.WSConstants; -import org.apache.wss4j.dom.WSDocInfo; -import org.apache.wss4j.dom.WSSConfig; -import org.apache.wss4j.dom.WSSecurityEngineResult; -import org.apache.wss4j.dom.handler.RequestData; -import org.apache.wss4j.dom.handler.WSHandlerConstants; -import org.apache.wss4j.dom.handler.WSHandlerResult; -import org.apache.wss4j.dom.processor.BinarySecurityTokenProcessor; -import org.apache.wss4j.dom.validate.Validator; import org.apache.wss4j.policy.SPConstants; import org.apache.wss4j.policy.model.AbstractToken; @@ -59,125 +30,17 @@ import org.apache.wss4j.policy.model.AbstractToken; * context on the outbound side, where it was previously placed by the * KerberosTokenInterceptorProvider. */ -public class KerberosTokenInterceptor extends AbstractTokenInterceptor { +public class KerberosTokenInterceptor extends BinarySecurityTokenInterceptor { public KerberosTokenInterceptor() { super(); } - protected void processToken(SoapMessage message) { - Header h = findSecurityHeader(message, false); - if (h == null) { - return; - } - Element el = (Element)h.getObject(); - Element child = DOMUtils.getFirstElement(el); - while (child != null) { - if (WSConstants.BINARY_TOKEN_LN.equals(child.getLocalName()) - && WSConstants.WSSE_NS.equals(child.getNamespaceURI())) { - try { - List<WSSecurityEngineResult> bstResults = processToken(child, message); - if (bstResults != null) { - List<WSHandlerResult> results = CastUtils.cast((List<?>)message - .get(WSHandlerConstants.RECV_RESULTS)); - if (results == null) { - results = new ArrayList<WSHandlerResult>(); - message.put(WSHandlerConstants.RECV_RESULTS, results); - } - WSHandlerResult rResult = new WSHandlerResult(null, bstResults); - results.add(0, rResult); - - assertTokens(message, SPConstants.KERBEROS_TOKEN, false); - AssertionInfoMap aim = message.get(AssertionInfoMap.class); - assertPolicy(aim, "WssKerberosV5ApReqToken11"); - assertPolicy(aim, "WssGssKerberosV5ApReqToken11"); - - Principal principal = - (Principal)bstResults.get(0).get(WSSecurityEngineResult.TAG_PRINCIPAL); - message.put(WSS4JInInterceptor.PRINCIPAL_RESULT, principal); - - SecurityContext sc = message.get(SecurityContext.class); - if (sc == null || sc.getUserPrincipal() == null) { - message.put(SecurityContext.class, new DefaultSecurityContext(principal, null)); - } - - } - } catch (WSSecurityException ex) { - throw new Fault(ex); - } - } - child = DOMUtils.getNextElement(child); - } - } - - private List<WSSecurityEngineResult> processToken(Element tokenElement, final SoapMessage message) - throws WSSecurityException { - WSDocInfo wsDocInfo = new WSDocInfo(tokenElement.getOwnerDocument()); - RequestData data = new RequestData() { - public CallbackHandler getCallbackHandler() { - return getCallback(message); - } - public Validator getValidator(QName qName) throws WSSecurityException { - String key = SecurityConstants.BST_TOKEN_VALIDATOR; - Object o = message.getContextualProperty(key); - try { - if (o instanceof Validator) { - return (Validator)o; - } else if (o instanceof Class) { - return (Validator)((Class<?>)o).newInstance(); - } else if (o instanceof String) { - return (Validator)ClassLoaderUtils.loadClass(o.toString(), - KerberosTokenInterceptor.class) - .newInstance(); - } - } catch (RuntimeException t) { - throw t; - } catch (Exception ex) { - throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex); - } - return super.getValidator(qName); - } - }; - data.setWssConfig(WSSConfig.getNewInstance()); - - BinarySecurityTokenProcessor p = new BinarySecurityTokenProcessor(); - List<WSSecurityEngineResult> results = - p.handleToken(tokenElement, data, wsDocInfo); - return results; - } - protected AbstractToken assertTokens(SoapMessage message) { AssertionInfoMap aim = message.get(AssertionInfoMap.class); assertPolicy(aim, "WssKerberosV5ApReqToken11"); assertPolicy(aim, "WssGssKerberosV5ApReqToken11"); - return assertTokens(message, SPConstants.KERBEROS_TOKEN, true); - } - - protected void addToken(SoapMessage message) { - SecurityToken securityToken = getSecurityToken(message); - if (securityToken == null || securityToken.getToken() == null) { - // No SecurityToken so just return - return; - } - - assertTokens(message); - Header h = findSecurityHeader(message, true); - Element el = (Element)h.getObject(); - el.appendChild(el.getOwnerDocument().importNode(securityToken.getToken(), true)); + return assertTokens(message, SPConstants.KERBEROS_TOKEN, false); } - private SecurityToken getSecurityToken(SoapMessage message) { - // Get the TokenStore - TokenStore tokenStore = getTokenStore(message); - if (tokenStore == null) { - return null; - } - - String id = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID); - if (id != null) { - return tokenStore.getToken(id); - } - return null; - } - } http://git-wip-us.apache.org/repos/asf/cxf/blob/2120019b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/BSTServer.java ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/BSTServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/BSTServer.java new file mode 100644 index 0000000..166e59b --- /dev/null +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/BSTServer.java @@ -0,0 +1,47 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.ws.tokens; + +import java.net.URL; + +import org.apache.cxf.Bus; +import org.apache.cxf.BusFactory; +import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.testutil.common.AbstractBusTestServerBase; + +public class BSTServer extends AbstractBusTestServerBase { + + public BSTServer() { + + } + + protected void run() { + URL busFile = BSTServer.class.getResource("bst-server.xml"); + Bus busLocal = new SpringBusFactory().createBus(busFile); + BusFactory.setDefaultBus(busLocal); + setBus(busLocal); + + try { + new BSTServer(); + } catch (Exception e) { + e.printStackTrace(); + } + } +} http://git-wip-us.apache.org/repos/asf/cxf/blob/2120019b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/BinarySecurityTokenTest.java ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/BinarySecurityTokenTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/BinarySecurityTokenTest.java new file mode 100644 index 0000000..640b317 --- /dev/null +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/BinarySecurityTokenTest.java @@ -0,0 +1,104 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.ws.tokens; + +import java.net.URL; +import java.util.UUID; + +import javax.xml.namespace.QName; +import javax.xml.ws.BindingProvider; +import javax.xml.ws.Service; + +import org.w3c.dom.Document; +import org.apache.cxf.Bus; +import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.DOMUtils; +import org.apache.cxf.systest.ws.common.SecurityTestUtil; +import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; +import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.tokenstore.SecurityToken; +import org.apache.wss4j.dom.message.token.BinarySecurity; +import org.example.contract.doubleit.DoubleItPortType; +import org.junit.BeforeClass; + +/** + * This is a test to add a custom BinarySecurityToken to the security header of a service request, + * and to process it accordingly. + */ +public class BinarySecurityTokenTest extends AbstractBusClientServerTestBase { + static final String PORT = allocatePort(BSTServer.class); + + private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";; + private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService"); + + @BeforeClass + public static void startServers() throws Exception { + assertTrue( + "Server failed to launch", + // run the server in the same process + // set this to false to fork + launchServer(BSTServer.class, true) + ); + } + + @org.junit.AfterClass + public static void cleanup() throws Exception { + SecurityTestUtil.cleanup(); + stopAllServers(); + } + + @org.junit.Test + public void testBinarySecurityToken() throws Exception { + + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = BinarySecurityTokenTest.class.getResource("client.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + URL wsdl = BinarySecurityTokenTest.class.getResource("DoubleItTokens.wsdl"); + Service service = Service.create(wsdl, SERVICE_QNAME); + + // Successful invocation + QName portQName = new QName(NAMESPACE, "DoubleItBinarySecurityTokenPort"); + DoubleItPortType port = service.getPort(portQName, DoubleItPortType.class); + updateAddressPort(port, PORT); + + // Mock up a BinarySecurityToken to add + SecurityToken securityToken = new SecurityToken(); + securityToken.setId("_" + UUID.randomUUID().toString()); + + Document doc = DOMUtils.newDocument(); + BinarySecurity binarySecurity = new BinarySecurity(doc); + binarySecurity.setValueType("http://custom-value-type";); + binarySecurity.setToken("This is a token".getBytes()); + + securityToken.setToken(binarySecurity.getElement()); + + ((BindingProvider)port).getRequestContext().put(SecurityConstants.TOKEN, securityToken); + + port.doubleIt(25); + + ((java.io.Closeable)port).close(); + bus.shutdown(true); + } + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/2120019b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/DoubleItBSTImpl.java ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/DoubleItBSTImpl.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/DoubleItBSTImpl.java new file mode 100644 index 0000000..09fd847 --- /dev/null +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/DoubleItBSTImpl.java @@ -0,0 +1,72 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.systest.ws.tokens; + +import java.util.Arrays; +import java.util.List; + +import javax.annotation.Resource; +import javax.jws.WebService; +import javax.xml.ws.WebServiceContext; + +import org.apache.cxf.feature.Features; +import org.apache.cxf.helpers.CastUtils; +import org.apache.wss4j.dom.WSSecurityEngineResult; +import org.apache.wss4j.dom.handler.WSHandlerConstants; +import org.apache.wss4j.dom.handler.WSHandlerResult; +import org.apache.wss4j.dom.message.token.BinarySecurity; +import org.example.contract.doubleit.DoubleItFault; +import org.example.contract.doubleit.DoubleItPortType; +import org.junit.Assert; + +@WebService(targetNamespace = "http://www.example.org/contract/DoubleIt";, + serviceName = "DoubleItService", + endpointInterface = "org.example.contract.doubleit.DoubleItPortType") +@Features(features = "org.apache.cxf.feature.LoggingFeature") +public class DoubleItBSTImpl implements DoubleItPortType { + + @Resource + WebServiceContext wsContext; + + public int doubleIt(int numberToDouble) throws DoubleItFault { + if (numberToDouble == 0) { + throw new DoubleItFault("0 can't be doubled!"); + } + + List<WSHandlerResult> results = + CastUtils.cast((List<?>)wsContext.getMessageContext().get(WSHandlerConstants.RECV_RESULTS)); + Assert.assertNotNull("Security Results cannot be null", results); + Assert.assertTrue(results.size() > 0); + + WSHandlerResult result = results.get(0); + List<WSSecurityEngineResult> securityResults = result.getResults(); + Assert.assertNotNull("Security Results cannot be null", securityResults); + Assert.assertTrue(securityResults.size() > 0); + + WSSecurityEngineResult securityResult = securityResults.get(0); + BinarySecurity binarySecurityToken = + (BinarySecurity)securityResult.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN); + Assert.assertNotNull(binarySecurityToken); + + Assert.assertTrue(Arrays.equals(binarySecurityToken.getToken(), "This is a token".getBytes())); + + return numberToDouble * 2; + } + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/2120019b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/DoubleItTokens.wsdl ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/DoubleItTokens.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/DoubleItTokens.wsdl index a13bd65..c9a9217 100644 --- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/DoubleItTokens.wsdl +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/DoubleItTokens.wsdl @@ -37,6 +37,21 @@ </wsdl:fault> </wsdl:operation> </wsdl:binding> + <wsdl:binding name="DoubleItNoSecurityBinding" type="tns:DoubleItPortType"> + <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> + <wsdl:operation name="DoubleIt"> + <soap:operation soapAction=""/> + <wsdl:input> + <soap:body use="literal"/> + </wsdl:input> + <wsdl:output> + <soap:body use="literal"/> + </wsdl:output> + <wsdl:fault name="DoubleItFault"> + <soap:body use="literal" name="DoubleItFault"/> + </wsdl:fault> + </wsdl:operation> + </wsdl:binding> <wsdl:service name="DoubleItService"> <wsdl:port name="DoubleItSignedSupportingPort" binding="tns:DoubleItStandardBinding"> <soap:address location="http://localhost:9010/DoubleItSignedSupporting"/> @@ -83,6 +98,9 @@ <wsdl:port name="DoubleItSignedEndorsingSupportingPort3" binding="tns:DoubleItStandardBinding"> <soap:address location="http://localhost:9010/DoubleItSignedEndorsingSupporting3"/> </wsdl:port> + <wsdl:port name="DoubleItBinarySecurityTokenPort" binding="tns:DoubleItNoSecurityBinding"> + <soap:address location="http://localhost:9010/DoubleItBinarySecurityToken"/> + </wsdl:port> </wsdl:service> <wsp:Policy wsu:Id="SignEncryptBodyPolicy"> <wsp:ExactlyOne> http://git-wip-us.apache.org/repos/asf/cxf/blob/2120019b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/bst-server.xml ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/bst-server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/bst-server.xml new file mode 100644 index 0000000..b0782e5 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/bst-server.xml @@ -0,0 +1,36 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:jaxws="http://cxf.apache.org/jaxws"; xmlns:http="http://cxf.apache.org/transports/http/configuration"; xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"; xmlns:sec="http://cxf.apache.org/configuration/security"; xmlns:cxf="http://cxf.apache.org/core"; xmlns:p="http://cxf.apache.org/policy"; xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apa che.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://www.w3.org/ns/ws-policy http://www.w3.org/2007/02/ws-policy.xsd "> + <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> + + <cxf:bus> + <cxf:features> + <p:policies/> + <cxf:logging/> + </cxf:features> + </cxf:bus> + + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt"; id="BinarySecurityToken" address="http://localhost:${testutil.ports.BSTServer}/DoubleItBinarySecurityToken"; serviceName="s:DoubleItService" endpointName="s:DoubleItBinarySecurityTokenPort" implementor="org.apache.cxf.systest.ws.tokens.DoubleItBSTImpl" wsdlLocation="org/apache/cxf/systest/ws/tokens/DoubleItTokens.wsdl"> + <jaxws:inInterceptors> + <bean class="org.apache.cxf.ws.security.wss4j.BinarySecurityTokenInterceptor" /> + </jaxws:inInterceptors> + </jaxws:endpoint> + +</beans> http://git-wip-us.apache.org/repos/asf/cxf/blob/2120019b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/client.xml ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/client.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/client.xml index 2d52e2a..5048afb 100644 --- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/client.xml +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/client.xml @@ -168,4 +168,10 @@ </p:policies> </jaxws:features> </jaxws:client> + + <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItBinarySecurityTokenPort"; createdFromAPI="true"> + <jaxws:outInterceptors> + <bean class="org.apache.cxf.ws.security.wss4j.BinarySecurityTokenInterceptor" /> + </jaxws:outInterceptors> + </jaxws:client> </beans>
