Moving SPNEGO tests to new module
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d0005e69 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d0005e69 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d0005e69 Branch: refs/heads/3.0.x-fixes Commit: d0005e691d8253e827b26c0e28da667ec38e6350 Parents: 14a80d7 Author: Colm O hEigeartaigh <[email protected]> Authored: Tue Dec 2 11:03:13 2014 +0000 Committer: Colm O hEigeartaigh <[email protected]> Committed: Tue Dec 2 11:21:10 2014 +0000 ---------------------------------------------------------------------- .../systest/kerberos/wssec/spnego/Server.java | 47 +++ .../kerberos/wssec/spnego/SpnegoTokenTest.java | 269 +++++++++++++ .../kerberos/wssec/spnego/StaxServer.java | 47 +++ .../kerberos/wssec/spnego/DoubleItSpnego.wsdl | 392 +++++++++++++++++++ .../systest/kerberos/wssec/spnego/client.xml | 78 ++++ .../systest/kerberos/wssec/spnego/server.xml | 86 ++++ .../kerberos/wssec/spnego/stax-server.xml | 91 +++++ .../apache/cxf/systest/ws/spnego/Server.java | 47 --- .../cxf/systest/ws/spnego/SpnegoTokenTest.java | 275 ------------- .../cxf/systest/ws/spnego/StaxServer.java | 47 --- .../cxf/systest/ws/spnego/DoubleItSpnego.wsdl | 392 ------------------- .../org/apache/cxf/systest/ws/spnego/client.xml | 69 ---- .../org/apache/cxf/systest/ws/spnego/server.xml | 78 ---- .../cxf/systest/ws/spnego/stax-server.xml | 83 ---- 14 files changed, 1010 insertions(+), 991 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/d0005e69/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/Server.java ---------------------------------------------------------------------- diff --git a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/Server.java b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/Server.java new file mode 100644 index 0000000..c83b66e --- /dev/null +++ b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/Server.java @@ -0,0 +1,47 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.kerberos.wssec.spnego; + +import java.net.URL; + +import org.apache.cxf.Bus; +import org.apache.cxf.BusFactory; +import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.testutil.common.AbstractBusTestServerBase; + +public class Server extends AbstractBusTestServerBase { + + public Server() { + + } + + protected void run() { + URL busFile = Server.class.getResource("server.xml"); + Bus busLocal = new SpringBusFactory().createBus(busFile); + BusFactory.setDefaultBus(busLocal); + setBus(busLocal); + + try { + new Server(); + } catch (Exception e) { + e.printStackTrace(); + } + } +} http://git-wip-us.apache.org/repos/asf/cxf/blob/d0005e69/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/SpnegoTokenTest.java ---------------------------------------------------------------------- diff --git a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/SpnegoTokenTest.java b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/SpnegoTokenTest.java new file mode 100644 index 0000000..37394eb --- /dev/null +++ b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/SpnegoTokenTest.java @@ -0,0 +1,269 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.kerberos.wssec.spnego; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.net.URL; + +import javax.xml.namespace.QName; +import javax.xml.ws.Service; + +import org.apache.commons.io.IOUtils; +import org.apache.cxf.Bus; +import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.systest.kerberos.common.SecurityTestUtil; +import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; +import org.apache.cxf.testutil.common.TestUtil; +import org.apache.directory.server.annotations.CreateKdcServer; +import org.apache.directory.server.annotations.CreateLdapServer; +import org.apache.directory.server.annotations.CreateTransport; +import org.apache.directory.server.core.annotations.ApplyLdifFiles; +import org.apache.directory.server.core.annotations.CreateDS; +import org.apache.directory.server.core.annotations.CreateIndex; +import org.apache.directory.server.core.annotations.CreatePartition; +import org.apache.directory.server.core.integ.AbstractLdapTestUnit; +import org.apache.directory.server.core.integ.FrameworkRunner; +import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor; +import org.apache.wss4j.dom.WSSConfig; +import org.example.contract.doubleit.DoubleItPortType; +import org.junit.BeforeClass; +import org.junit.runner.RunWith; + +/** + * A set of tests for Spnego Tokens that use an Apache DS instance as the KDC. + */ + +@RunWith(FrameworkRunner.class) + +//Define the DirectoryService +@CreateDS(name = "AbstractKerberosTest-class", + enableAccessControl = false, + allowAnonAccess = false, + enableChangeLog = true, + partitions = { + @CreatePartition( + name = "example", + suffix = "dc=example,dc=com", + indexes = { + @CreateIndex(attribute = "objectClass"), + @CreateIndex(attribute = "dc"), + @CreateIndex(attribute = "ou") + } + ) }, + additionalInterceptors = { + KeyDerivationInterceptor.class + } +) + +@CreateLdapServer( + transports = { + @CreateTransport(protocol = "LDAP") + } +) + +@CreateKdcServer( + transports = { + // @CreateTransport(protocol = "TCP", address = "127.0.0.1", port=1024) + @CreateTransport(protocol = "UDP", address = "127.0.0.1") + }, + primaryRealm = "service.ws.apache.org", + kdcPrincipal = "krbtgt/[email protected]" +) + +//Inject an file containing entries +@ApplyLdifFiles("kerberos.ldif") + +public class SpnegoTokenTest extends AbstractLdapTestUnit { + static final String PORT = TestUtil.getPortNumber(Server.class); + static final String STAX_PORT = TestUtil.getPortNumber(StaxServer.class); + static final String PORT2 = TestUtil.getPortNumber(Server.class, 2); + static final String STAX_PORT2 = TestUtil.getPortNumber(StaxServer.class, 2); + + private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";; + private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService"); + + private static boolean unrestrictedPoliciesInstalled = + SecurityTestUtil.checkUnrestrictedPoliciesInstalled(); + + private static boolean runTests; + + public SpnegoTokenTest() throws Exception { + String basedir = System.getProperty("basedir"); + if (basedir == null) { + basedir = new File(".").getCanonicalPath(); + } + + // Read in krb5.conf and substitute in the correct port + File f = new File(basedir + "/src/test/resources/krb5.conf"); + + FileInputStream inputStream = new FileInputStream(f); + String content = IOUtils.toString(inputStream, "UTF-8"); + inputStream.close(); + content = content.replaceAll("port", "" + super.getKdcServer().getTransports()[0].getPort()); + + File f2 = new File(basedir + "/target/test-classes/krb5.conf"); + FileOutputStream outputStream = new FileOutputStream(f2); + IOUtils.write(content, outputStream, "UTF-8"); + outputStream.close(); + + System.setProperty("java.security.krb5.conf", f2.getPath()); + System.setProperty("sun.security.krb5.debug", "false"); + } + + @BeforeClass + public static void startServers() throws Exception { + WSSConfig.init(); + + // + // This test fails with the IBM JDK + // + if (!"IBM Corporation".equals(System.getProperty("java.vendor"))) { + runTests = true; + String basedir = System.getProperty("basedir"); + if (basedir == null) { + basedir = new File(".").getCanonicalPath(); + } else { + basedir += "/.."; + } + + System.setProperty("sun.security.krb5.debug", "true"); + System.setProperty("java.security.auth.login.config", + basedir + "/kerberos/src/test/resources/kerberos.jaas"); + + } + + // Launch servers + org.junit.Assert.assertTrue( + "Server failed to launch", + // run the server in the same process + // set this to false to fork + AbstractBusClientServerTestBase.launchServer(Server.class, true) + ); + + org.junit.Assert.assertTrue( + "Server failed to launch", + // run the server in the same process + // set this to false to fork + AbstractBusClientServerTestBase.launchServer(StaxServer.class, true) + ); + } + + @org.junit.AfterClass + public static void cleanup() throws Exception { + SecurityTestUtil.cleanup(); + AbstractBusClientServerTestBase.stopAllServers(); + } + + @org.junit.Test + public void testSpnegoOverSymmetric() throws Exception { + if (!runTests || !unrestrictedPoliciesInstalled) { + return; + } + + String portName = "DoubleItSpnegoSymmetricPort"; + runKerberosTest(portName, false, PORT); + runKerberosTest(portName, false, STAX_PORT); + runKerberosTest(portName, true, PORT); + runKerberosTest(portName, true, STAX_PORT); + } + + @org.junit.Test + public void testSpnegoOverSymmetricDerived() throws Exception { + if (!runTests || !unrestrictedPoliciesInstalled) { + return; + } + + String portName = "DoubleItSpnegoSymmetricDerivedPort"; + runKerberosTest(portName, false, PORT); + runKerberosTest(portName, false, STAX_PORT); + runKerberosTest(portName, true, PORT); + runKerberosTest(portName, true, STAX_PORT); + } + + @org.junit.Test + public void testSpnegoOverSymmetricEncryptBeforeSigning() throws Exception { + if (!runTests || !unrestrictedPoliciesInstalled) { + return; + } + + String portName = "DoubleItSpnegoSymmetricEncryptBeforeSigningPort"; + runKerberosTest(portName, false, PORT); + runKerberosTest(portName, false, STAX_PORT); + runKerberosTest(portName, true, PORT); + runKerberosTest(portName, true, STAX_PORT); + } + + @org.junit.Test + public void testSpnegoOverTransport() throws Exception { + if (!runTests || !unrestrictedPoliciesInstalled) { + return; + } + + String portName = "DoubleItSpnegoTransportPort"; + runKerberosTest(portName, false, PORT2); + runKerberosTest(portName, false, STAX_PORT2); + // // TODO Supporting streaming Snego outbound + // runKerberosTest(portName, true, PORT2); + // runKerberosTest(portName, true, STAX_PORT2); + } + + @org.junit.Test + public void testSpnegoOverTransportEndorsing() throws Exception { + if (!runTests || !unrestrictedPoliciesInstalled) { + return; + } + + String portName = "DoubleItSpnegoTransportEndorsingPort"; + runKerberosTest(portName, false, PORT2); + runKerberosTest(portName, false, STAX_PORT2); + // TODO Supporting streaming Spnego outbound + // runKerberosTest(portName, true, PORT2); + // runKerberosTest(portName, true, STAX_PORT2); + } + + private void runKerberosTest(String portName, boolean streaming, String portNumber) throws Exception { + + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = SpnegoTokenTest.class.getResource("client.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + URL wsdl = SpnegoTokenTest.class.getResource("DoubleItSpnego.wsdl"); + Service service = Service.create(wsdl, SERVICE_QNAME); + QName portQName = new QName(NAMESPACE, portName); + DoubleItPortType kerberosPort = + service.getPort(portQName, DoubleItPortType.class); + + TestUtil.updateAddressPort(kerberosPort, portNumber); + + if (streaming) { + SecurityTestUtil.enableStreaming(kerberosPort); + } + + kerberosPort.doubleIt(25); + + ((java.io.Closeable)kerberosPort).close(); + bus.shutdown(true); + } +} http://git-wip-us.apache.org/repos/asf/cxf/blob/d0005e69/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/StaxServer.java ---------------------------------------------------------------------- diff --git a/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/StaxServer.java b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/StaxServer.java new file mode 100644 index 0000000..234c4be --- /dev/null +++ b/systests/kerberos/src/test/java/org/apache/cxf/systest/kerberos/wssec/spnego/StaxServer.java @@ -0,0 +1,47 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.kerberos.wssec.spnego; + +import java.net.URL; + +import org.apache.cxf.Bus; +import org.apache.cxf.BusFactory; +import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.testutil.common.AbstractBusTestServerBase; + +public class StaxServer extends AbstractBusTestServerBase { + + public StaxServer() { + + } + + protected void run() { + URL busFile = StaxServer.class.getResource("stax-server.xml"); + Bus busLocal = new SpringBusFactory().createBus(busFile); + BusFactory.setDefaultBus(busLocal); + setBus(busLocal); + + try { + new StaxServer(); + } catch (Exception e) { + e.printStackTrace(); + } + } +} http://git-wip-us.apache.org/repos/asf/cxf/blob/d0005e69/systests/kerberos/src/test/resources/org/apache/cxf/systest/kerberos/wssec/spnego/DoubleItSpnego.wsdl ---------------------------------------------------------------------- diff --git a/systests/kerberos/src/test/resources/org/apache/cxf/systest/kerberos/wssec/spnego/DoubleItSpnego.wsdl b/systests/kerberos/src/test/resources/org/apache/cxf/systest/kerberos/wssec/spnego/DoubleItSpnego.wsdl new file mode 100644 index 0000000..c744437 --- /dev/null +++ b/systests/kerberos/src/test/resources/org/apache/cxf/systest/kerberos/wssec/spnego/DoubleItSpnego.wsdl @@ -0,0 +1,392 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<wsdl:definitions xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"; xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"; xmlns:tns="http://www.example.org/contract/DoubleIt"; xmlns:wsp="http://www.w3.org/ns/ws-policy"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wsaws="http://www.w3.org/2005/08/addressing"; xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"; xmlns:sp13="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802"; name="DoubleIt" targetNamespace="http://www.example.org/contract/DoubleIt";> + <wsdl:import location="src/test/resources/DoubleItLogical.wsdl" namespace="http://www.example.org/contract/DoubleIt"/> + <wsdl:binding name="DoubleItSpnegoSymmetricProtectionBinding" type="tns:DoubleItPortType"> + <wsp:PolicyReference URI="#DoubleItSpnegoSymmetricProtectionPolicy"/> + <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> + <wsdl:operation name="DoubleIt"> + <soap:operation soapAction=""/> + <wsdl:input> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/> + </wsdl:input> + <wsdl:output> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/> + </wsdl:output> + <wsdl:fault name="DoubleItFault"> + <soap:body use="literal" name="DoubleItFault"/> + </wsdl:fault> + </wsdl:operation> + </wsdl:binding> + <wsdl:binding name="DoubleItSpnegoSymmetricProtectionDerivedBinding" type="tns:DoubleItPortType"> + <wsp:PolicyReference URI="#DoubleItSpnegoSymmetricProtectionDerivedPolicy"/> + <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> + <wsdl:operation name="DoubleIt"> + <soap:operation soapAction=""/> + <wsdl:input> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/> + </wsdl:input> + <wsdl:output> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/> + </wsdl:output> + <wsdl:fault name="DoubleItFault"> + <soap:body use="literal" name="DoubleItFault"/> + </wsdl:fault> + </wsdl:operation> + </wsdl:binding> + <wsdl:binding name="DoubleItSpnegoSymmetricProtectionEncryptBeforeSigningBinding" type="tns:DoubleItPortType"> + <wsp:PolicyReference URI="#DoubleItSpnegoSymmetricProtectionEncryptBeforeSigningPolicy"/> + <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> + <wsdl:operation name="DoubleIt"> + <soap:operation soapAction=""/> + <wsdl:input> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/> + </wsdl:input> + <wsdl:output> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/> + </wsdl:output> + <wsdl:fault name="DoubleItFault"> + <soap:body use="literal" name="DoubleItFault"/> + </wsdl:fault> + </wsdl:operation> + </wsdl:binding> + <wsdl:binding name="DoubleItSpnegoTransportBinding" type="tns:DoubleItPortType"> + <wsp:PolicyReference URI="#DoubleItSpnegoTransportPolicy"/> + <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> + <wsdl:operation name="DoubleIt"> + <soap:operation soapAction=""/> + <wsdl:input> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/> + </wsdl:input> + <wsdl:output> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/> + </wsdl:output> + <wsdl:fault name="DoubleItFault"> + <soap:body use="literal" name="DoubleItFault"/> + </wsdl:fault> + </wsdl:operation> + </wsdl:binding> + <wsdl:binding name="DoubleItSpnegoTransportEndorsingBinding" type="tns:DoubleItPortType"> + <wsp:PolicyReference URI="#DoubleItSpnegoTransportEndorsingPolicy"/> + <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> + <wsdl:operation name="DoubleIt"> + <soap:operation soapAction=""/> + <wsdl:input> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/> + </wsdl:input> + <wsdl:output> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/> + </wsdl:output> + <wsdl:fault name="DoubleItFault"> + <soap:body use="literal" name="DoubleItFault"/> + </wsdl:fault> + </wsdl:operation> + </wsdl:binding> + <wsdl:service name="DoubleItService"> + <wsdl:port name="DoubleItSpnegoSymmetricPort" binding="tns:DoubleItSpnegoSymmetricProtectionBinding"> + <soap:address location="http://localhost:9001/DoubleItSpnegoSymmetric"/> + </wsdl:port> + <wsdl:port name="DoubleItSpnegoSymmetricDerivedPort" binding="tns:DoubleItSpnegoSymmetricProtectionDerivedBinding"> + <soap:address location="http://localhost:9001/DoubleItSpnegoSymmetricDerived"/> + </wsdl:port> + <wsdl:port name="DoubleItSpnegoSymmetricEncryptBeforeSigningPort" binding="tns:DoubleItSpnegoSymmetricProtectionEncryptBeforeSigningBinding"> + <soap:address location="http://localhost:9001/DoubleItSpnegoSymmetricEncryptBeforeSigning"/> + </wsdl:port> + <wsdl:port name="DoubleItSpnegoTransportPort" binding="tns:DoubleItSpnegoTransportBinding"> + <soap:address location="https://localhost:9001/DoubleItSpnegoTransport"/> + </wsdl:port> + <wsdl:port name="DoubleItSpnegoTransportEndorsingPort" binding="tns:DoubleItSpnegoTransportEndorsingBinding"> + <soap:address location="https://localhost:9001/DoubleItSpnegoTransportEndorsing"/> + </wsdl:port> + </wsdl:service> + <wsp:Policy wsu:Id="DoubleItSpnegoSymmetricProtectionPolicy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:SymmetricBinding> + <wsp:Policy> + <sp:ProtectionToken> + <wsp:Policy> + <sp:SpnegoContextToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Once";> + <wsp:Policy> + </wsp:Policy> + </sp:SpnegoContextToken> + </wsp:Policy> + </sp:ProtectionToken> + <sp:Layout> + <wsp:Policy> + <sp:Lax/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + <sp:OnlySignEntireHeadersAndBody/> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:Basic128/> + </wsp:Policy> + </sp:AlgorithmSuite> + </wsp:Policy> + </sp:SymmetricBinding> + <sp:Wss11> + <wsp:Policy> + <sp:MustSupportRefIssuerSerial/> + <sp:MustSupportRefThumbprint/> + <sp:MustSupportRefEncryptedKey/> + </wsp:Policy> + </sp:Wss11> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> + <wsp:Policy wsu:Id="DoubleItSpnegoSymmetricProtectionDerivedPolicy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:SymmetricBinding> + <wsp:Policy> + <sp:ProtectionToken> + <wsp:Policy> + <sp:SpnegoContextToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Once";> + <wsp:Policy> + <sp:RequireDerivedKeys/> + </wsp:Policy> + </sp:SpnegoContextToken> + </wsp:Policy> + </sp:ProtectionToken> + <sp:Layout> + <wsp:Policy> + <sp:Lax/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + <sp:OnlySignEntireHeadersAndBody/> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:Basic128/> + </wsp:Policy> + </sp:AlgorithmSuite> + </wsp:Policy> + </sp:SymmetricBinding> + <sp:Wss11> + <wsp:Policy> + <sp:MustSupportRefIssuerSerial/> + <sp:MustSupportRefThumbprint/> + <sp:MustSupportRefEncryptedKey/> + </wsp:Policy> + </sp:Wss11> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> + <wsp:Policy wsu:Id="DoubleItSpnegoSymmetricProtectionEncryptBeforeSigningPolicy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:SymmetricBinding> + <wsp:Policy> + <sp:ProtectionToken> + <wsp:Policy> + <sp:SpnegoContextToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Once";> + <wsp:Policy> + </wsp:Policy> + </sp:SpnegoContextToken> + </wsp:Policy> + </sp:ProtectionToken> + <sp:Layout> + <wsp:Policy> + <sp:Lax/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + <sp:OnlySignEntireHeadersAndBody/> + <sp:EncryptBeforeSigning/> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:Basic128/> + </wsp:Policy> + </sp:AlgorithmSuite> + </wsp:Policy> + </sp:SymmetricBinding> + <sp:Wss11> + <wsp:Policy> + <sp:MustSupportRefIssuerSerial/> + <sp:MustSupportRefThumbprint/> + <sp:MustSupportRefEncryptedKey/> + </wsp:Policy> + </sp:Wss11> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> + <wsp:Policy wsu:Id="DoubleItSpnegoTransportPolicy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:TransportBinding> + <wsp:Policy> + <sp:TransportToken> + <wsp:Policy> + <sp:HttpsToken> + <wsp:Policy/> + </sp:HttpsToken> + </wsp:Policy> + </sp:TransportToken> + <sp:Layout> + <wsp:Policy> + <sp:Lax/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:Basic128/> + </wsp:Policy> + </sp:AlgorithmSuite> + </wsp:Policy> + </sp:TransportBinding> + <sp:SupportingTokens> + <wsp:Policy> + <sp:SpnegoContextToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Once";> + <wsp:Policy /> + </sp:SpnegoContextToken> + </wsp:Policy> + </sp:SupportingTokens> + <sp:Wss11> + <wsp:Policy> + <sp:MustSupportRefIssuerSerial/> + <sp:MustSupportRefThumbprint/> + <sp:MustSupportRefEncryptedKey/> + </wsp:Policy> + </sp:Wss11> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> + <wsp:Policy wsu:Id="DoubleItSpnegoTransportPolicy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:TransportBinding> + <wsp:Policy> + <sp:TransportToken> + <wsp:Policy> + <sp:HttpsToken> + <wsp:Policy/> + </sp:HttpsToken> + </wsp:Policy> + </sp:TransportToken> + <sp:Layout> + <wsp:Policy> + <sp:Lax/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:Basic128/> + </wsp:Policy> + </sp:AlgorithmSuite> + </wsp:Policy> + </sp:TransportBinding> + <sp:SupportingTokens> + <wsp:Policy> + <sp:SpnegoContextToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Once";> + <wsp:Policy /> + </sp:SpnegoContextToken> + </wsp:Policy> + </sp:SupportingTokens> + <sp:Wss11> + <wsp:Policy> + <sp:MustSupportRefIssuerSerial/> + <sp:MustSupportRefThumbprint/> + <sp:MustSupportRefEncryptedKey/> + </wsp:Policy> + </sp:Wss11> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> + <wsp:Policy wsu:Id="DoubleItSpnegoTransportEndorsingPolicy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:TransportBinding> + <wsp:Policy> + <sp:TransportToken> + <wsp:Policy> + <sp:HttpsToken> + <wsp:Policy/> + </sp:HttpsToken> + </wsp:Policy> + </sp:TransportToken> + <sp:Layout> + <wsp:Policy> + <sp:Lax/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:Basic128/> + </wsp:Policy> + </sp:AlgorithmSuite> + </wsp:Policy> + </sp:TransportBinding> + <sp:EndorsingSupportingTokens> + <wsp:Policy> + <sp:SpnegoContextToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Once";> + <wsp:Policy /> + </sp:SpnegoContextToken> + </wsp:Policy> + </sp:EndorsingSupportingTokens> + <sp:Wss11> + <wsp:Policy> + <sp:MustSupportRefIssuerSerial/> + <sp:MustSupportRefThumbprint/> + <sp:MustSupportRefEncryptedKey/> + </wsp:Policy> + </sp:Wss11> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> + <wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Input_Policy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:EncryptedParts> + <sp:Body/> + </sp:EncryptedParts> + <sp:SignedParts> + <sp:Body/> + </sp:SignedParts> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> + <wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Output_Policy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:EncryptedParts> + <sp:Body/> + </sp:EncryptedParts> + <sp:SignedParts> + <sp:Body/> + </sp:SignedParts> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> +</wsdl:definitions> http://git-wip-us.apache.org/repos/asf/cxf/blob/d0005e69/systests/kerberos/src/test/resources/org/apache/cxf/systest/kerberos/wssec/spnego/client.xml ---------------------------------------------------------------------- diff --git a/systests/kerberos/src/test/resources/org/apache/cxf/systest/kerberos/wssec/spnego/client.xml b/systests/kerberos/src/test/resources/org/apache/cxf/systest/kerberos/wssec/spnego/client.xml new file mode 100644 index 0000000..613b06a --- /dev/null +++ b/systests/kerberos/src/test/resources/org/apache/cxf/systest/kerberos/wssec/spnego/client.xml @@ -0,0 +1,78 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:http="http://cxf.apache.org/transports/http/configuration"; xmlns:jaxws="http://cxf.apache.org/jaxws"; xmlns:cxf="http://cxf.apache.org/core"; xmlns:p="http://cxf.apache.org/policy"; xmlns:sec="http://cxf.apache.org/configuration/security"; xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/policy http://cxf.apache.org/schemas/poli cy.xsd"> + <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> + <cxf:bus> + <cxf:features> + <p:policies/> + <cxf:logging/> + </cxf:features> + </cxf:bus> + + <bean id="kerberosCallbackHandler" + class="org.apache.cxf.systest.kerberos.common.KerberosClientPasswordCallback"/> + + <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSpnegoSymmetricPort"; createdFromAPI="true"> + <jaxws:properties> + <entry key="ws-security.kerberos.jaas.context" value="alice"/> + <entry key="ws-security.kerberos.spn" value="[email protected]"/> + <entry key="ws-security.callback-handler" value-ref="kerberosCallbackHandler"/> + </jaxws:properties> + </jaxws:client> + <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSpnegoSymmetricDerivedPort"; createdFromAPI="true"> + <jaxws:properties> + <entry key="ws-security.kerberos.jaas.context" value="alice"/> + <entry key="ws-security.kerberos.spn" value="[email protected]"/> + <entry key="ws-security.callback-handler" value-ref="kerberosCallbackHandler"/> + </jaxws:properties> + </jaxws:client> + <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSpnegoSymmetricEncryptBeforeSigningPort"; createdFromAPI="true"> + <jaxws:properties> + <entry key="ws-security.kerberos.jaas.context" value="alice"/> + <entry key="ws-security.kerberos.spn" value="[email protected]"/> + <entry key="ws-security.callback-handler" value-ref="kerberosCallbackHandler"/> + </jaxws:properties> + </jaxws:client> + <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSpnegoTransportPort"; createdFromAPI="true"> + <jaxws:properties> + <entry key="ws-security.kerberos.jaas.context" value="alice"/> + <entry key="ws-security.kerberos.spn" value="[email protected]"/> + <entry key="ws-security.callback-handler" value-ref="kerberosCallbackHandler"/> + </jaxws:properties> + </jaxws:client> + <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSpnegoTransportEndorsingPort"; createdFromAPI="true"> + <jaxws:properties> + <entry key="ws-security.kerberos.jaas.context" value="alice"/> + <entry key="ws-security.kerberos.spn" value="[email protected]"/> + <entry key="ws-security.callback-handler" value-ref="kerberosCallbackHandler"/> + </jaxws:properties> + </jaxws:client> + + <http:conduit name="https://localhost.*";> + <http:tlsClientParameters disableCNCheck="true"> + <sec:keyManagers keyPassword="password"> + <sec:keyStore type="jks" password="password" resource="Morpit.jks"/> + </sec:keyManagers> + <sec:trustManagers> + <sec:keyStore type="jks" password="password" resource="Truststore.jks"/> + </sec:trustManagers> + </http:tlsClientParameters> + </http:conduit> +</beans> http://git-wip-us.apache.org/repos/asf/cxf/blob/d0005e69/systests/kerberos/src/test/resources/org/apache/cxf/systest/kerberos/wssec/spnego/server.xml ---------------------------------------------------------------------- diff --git a/systests/kerberos/src/test/resources/org/apache/cxf/systest/kerberos/wssec/spnego/server.xml b/systests/kerberos/src/test/resources/org/apache/cxf/systest/kerberos/wssec/spnego/server.xml new file mode 100644 index 0000000..1f96ce9 --- /dev/null +++ b/systests/kerberos/src/test/resources/org/apache/cxf/systest/kerberos/wssec/spnego/server.xml @@ -0,0 +1,86 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:jaxws="http://cxf.apache.org/jaxws"; xmlns:http="http://cxf.apache.org/transports/http/configuration"; xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"; xmlns:sec="http://cxf.apache.org/configuration/security"; xmlns:interop="http://WSSec/wssec10"; xmlns:cxf="http://cxf.apache.org/core"; xmlns:p="http://cxf.apache.org/policy"; xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration /http-conf.xsd http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd "> + <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> + <cxf:bus> + <cxf:features> + <p:policies/> + <cxf:logging/> + </cxf:features> + </cxf:bus> + + <!-- --> + <!-- Any services listening on port 9009 must use the following --> + <!-- Transport Layer Security (TLS) settings --> + <!-- --> + <httpj:engine-factory id="tls-settings"> + <httpj:engine port="${testutil.ports.Server.2}"> + <httpj:tlsServerParameters> + <sec:keyManagers keyPassword="password"> + <sec:keyStore type="jks" password="password" resource="Bethal.jks"/> + </sec:keyManagers> + <sec:trustManagers> + <sec:keyStore type="jks" password="password" resource="Truststore.jks"/> + </sec:trustManagers> + <sec:cipherSuitesFilter> + <sec:include>.*_EXPORT_.*</sec:include> + <sec:include>.*_EXPORT1024_.*</sec:include> + <sec:include>.*_WITH_DES_.*</sec:include> + <sec:include>.*_WITH_AES_.*</sec:include> + </sec:cipherSuitesFilter> + <sec:clientAuthentication want="true" required="true"/> + </httpj:tlsServerParameters> + </httpj:engine> + </httpj:engine-factory> + + <bean id="kerberosCallbackHandler" + class="org.apache.cxf.systest.kerberos.common.KerberosServicePasswordCallback"/> + + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt"; id="SpnegoOverSymmetric" address="http://localhost:${testutil.ports.Server}/DoubleItSpnegoSymmetric"; serviceName="s:DoubleItService" endpointName="s:DoubleItSpnegoSymmetricPort" implementor="org.apache.cxf.systest.kerberos.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/kerberos/wssec/spnego/DoubleItSpnego.wsdl"> + <jaxws:properties> + <entry key="ws-security.kerberos.jaas.context" value="bob"/> + <entry key="ws-security.callback-handler" value-ref="kerberosCallbackHandler"/> + </jaxws:properties> + </jaxws:endpoint> + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt"; id="SpnegoOverSymmetricDerived" address="http://localhost:${testutil.ports.Server}/DoubleItSpnegoSymmetricDerived"; serviceName="s:DoubleItService" endpointName="s:DoubleItSpnegoSymmetricDerivedPort" implementor="org.apache.cxf.systest.kerberos.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/kerberos/wssec/spnego/DoubleItSpnego.wsdl"> + <jaxws:properties> + <entry key="ws-security.kerberos.jaas.context" value="bob"/> + <entry key="ws-security.callback-handler" value-ref="kerberosCallbackHandler"/> + </jaxws:properties> + </jaxws:endpoint> + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt"; id="SpnegoOverSymmetricEncryptBeforeSigning" address="http://localhost:${testutil.ports.Server}/DoubleItSpnegoSymmetricEncryptBeforeSigning"; serviceName="s:DoubleItService" endpointName="s:DoubleItSpnegoSymmetricEncryptBeforeSigningPort" implementor="org.apache.cxf.systest.kerberos.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/kerberos/wssec/spnego/DoubleItSpnego.wsdl"> + <jaxws:properties> + <entry key="ws-security.kerberos.jaas.context" value="bob"/> + <entry key="ws-security.callback-handler" value-ref="kerberosCallbackHandler"/> + </jaxws:properties> + </jaxws:endpoint> + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt"; id="SpnegoOverTransport" address="https://localhost:${testutil.ports.Server.2}/DoubleItSpnegoTransport"; serviceName="s:DoubleItService" endpointName="s:DoubleItSpnegoTransportPort" implementor="org.apache.cxf.systest.kerberos.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/kerberos/wssec/spnego/DoubleItSpnego.wsdl" depends-on="tls-settings"> + <jaxws:properties> + <entry key="ws-security.kerberos.jaas.context" value="bob"/> + <entry key="ws-security.callback-handler" value-ref="kerberosCallbackHandler"/> + </jaxws:properties> + </jaxws:endpoint> + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt"; id="SpnegoOverTransportEndorsing" address="https://localhost:${testutil.ports.Server.2}/DoubleItSpnegoTransportEndorsing"; serviceName="s:DoubleItService" endpointName="s:DoubleItSpnegoTransportEndorsingPort" implementor="org.apache.cxf.systest.kerberos.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/kerberos/wssec/spnego/DoubleItSpnego.wsdl" depends-on="tls-settings"> + <jaxws:properties> + <entry key="ws-security.kerberos.jaas.context" value="bob"/> + <entry key="ws-security.callback-handler" value-ref="kerberosCallbackHandler"/> + </jaxws:properties> + </jaxws:endpoint> +</beans> http://git-wip-us.apache.org/repos/asf/cxf/blob/d0005e69/systests/kerberos/src/test/resources/org/apache/cxf/systest/kerberos/wssec/spnego/stax-server.xml ---------------------------------------------------------------------- diff --git a/systests/kerberos/src/test/resources/org/apache/cxf/systest/kerberos/wssec/spnego/stax-server.xml b/systests/kerberos/src/test/resources/org/apache/cxf/systest/kerberos/wssec/spnego/stax-server.xml new file mode 100644 index 0000000..ab57b82 --- /dev/null +++ b/systests/kerberos/src/test/resources/org/apache/cxf/systest/kerberos/wssec/spnego/stax-server.xml @@ -0,0 +1,91 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:jaxws="http://cxf.apache.org/jaxws"; xmlns:http="http://cxf.apache.org/transports/http/configuration"; xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"; xmlns:sec="http://cxf.apache.org/configuration/security"; xmlns:interop="http://WSSec/wssec10"; xmlns:cxf="http://cxf.apache.org/core"; xmlns:p="http://cxf.apache.org/policy"; xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration /http-conf.xsd http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd "> + <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> + <cxf:bus> + <cxf:features> + <p:policies/> + <cxf:logging/> + </cxf:features> + </cxf:bus> + + <!-- --> + <!-- Any services listening on port 9009 must use the following --> + <!-- Transport Layer Security (TLS) settings --> + <!-- --> + <httpj:engine-factory id="tls-settings"> + <httpj:engine port="${testutil.ports.StaxServer.2}"> + <httpj:tlsServerParameters> + <sec:keyManagers keyPassword="password"> + <sec:keyStore type="jks" password="password" resource="Bethal.jks"/> + </sec:keyManagers> + <sec:trustManagers> + <sec:keyStore type="jks" password="password" resource="Truststore.jks"/> + </sec:trustManagers> + <sec:cipherSuitesFilter> + <sec:include>.*_EXPORT_.*</sec:include> + <sec:include>.*_EXPORT1024_.*</sec:include> + <sec:include>.*_WITH_DES_.*</sec:include> + <sec:include>.*_WITH_AES_.*</sec:include> + </sec:cipherSuitesFilter> + <sec:clientAuthentication want="true" required="true"/> + </httpj:tlsServerParameters> + </httpj:engine> + </httpj:engine-factory> + + <bean id="kerberosCallbackHandler" + class="org.apache.cxf.systest.kerberos.common.KerberosServicePasswordCallback"/> + + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt"; id="SpnegoOverSymmetric" address="http://localhost:${testutil.ports.StaxServer}/DoubleItSpnegoSymmetric"; serviceName="s:DoubleItService" endpointName="s:DoubleItSpnegoSymmetricPort" implementor="org.apache.cxf.systest.kerberos.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/kerberos/wssec/spnego/DoubleItSpnego.wsdl"> + <jaxws:properties> + <entry key="ws-security.kerberos.jaas.context" value="bob"/> + <entry key="ws-security.enable.streaming" value="true"/> + <entry key="ws-security.callback-handler" value-ref="kerberosCallbackHandler"/> + </jaxws:properties> + </jaxws:endpoint> + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt"; id="SpnegoOverSymmetricDerived" address="http://localhost:${testutil.ports.StaxServer}/DoubleItSpnegoSymmetricDerived"; serviceName="s:DoubleItService" endpointName="s:DoubleItSpnegoSymmetricDerivedPort" implementor="org.apache.cxf.systest.kerberos.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/kerberos/wssec/spnego/DoubleItSpnego.wsdl"> + <jaxws:properties> + <entry key="ws-security.kerberos.jaas.context" value="bob"/> + <entry key="ws-security.enable.streaming" value="true"/> + <entry key="ws-security.callback-handler" value-ref="kerberosCallbackHandler"/> + </jaxws:properties> + </jaxws:endpoint> + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt"; id="SpnegoOverSymmetricEncryptBeforeSigning" address="http://localhost:${testutil.ports.StaxServer}/DoubleItSpnegoSymmetricEncryptBeforeSigning"; serviceName="s:DoubleItService" endpointName="s:DoubleItSpnegoSymmetricEncryptBeforeSigningPort" implementor="org.apache.cxf.systest.kerberos.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/kerberos/wssec/spnego/DoubleItSpnego.wsdl"> + <jaxws:properties> + <entry key="ws-security.kerberos.jaas.context" value="bob"/> + <entry key="ws-security.enable.streaming" value="true"/> + <entry key="ws-security.callback-handler" value-ref="kerberosCallbackHandler"/> + </jaxws:properties> + </jaxws:endpoint> + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt"; id="SpnegoOverTransport" address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItSpnegoTransport"; serviceName="s:DoubleItService" endpointName="s:DoubleItSpnegoTransportPort" implementor="org.apache.cxf.systest.kerberos.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/kerberos/wssec/spnego/DoubleItSpnego.wsdl" depends-on="tls-settings"> + <jaxws:properties> + <entry key="ws-security.kerberos.jaas.context" value="bob"/> + <entry key="ws-security.enable.streaming" value="true"/> + <entry key="ws-security.callback-handler" value-ref="kerberosCallbackHandler"/> + </jaxws:properties> + </jaxws:endpoint> + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt"; id="SpnegoOverTransportEndorsing" address="https://localhost:${testutil.ports.StaxServer.2}/DoubleItSpnegoTransportEndorsing"; serviceName="s:DoubleItService" endpointName="s:DoubleItSpnegoTransportEndorsingPort" implementor="org.apache.cxf.systest.kerberos.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/kerberos/wssec/spnego/DoubleItSpnego.wsdl" depends-on="tls-settings"> + <jaxws:properties> + <entry key="ws-security.kerberos.jaas.context" value="bob"/> + <entry key="ws-security.enable.streaming" value="true"/> + <entry key="ws-security.callback-handler" value-ref="kerberosCallbackHandler"/> + </jaxws:properties> + </jaxws:endpoint> +</beans> http://git-wip-us.apache.org/repos/asf/cxf/blob/d0005e69/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/spnego/Server.java ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/spnego/Server.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/spnego/Server.java deleted file mode 100644 index d597746..0000000 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/spnego/Server.java +++ /dev/null @@ -1,47 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.systest.ws.spnego; - -import java.net.URL; - -import org.apache.cxf.Bus; -import org.apache.cxf.BusFactory; -import org.apache.cxf.bus.spring.SpringBusFactory; -import org.apache.cxf.testutil.common.AbstractBusTestServerBase; - -public class Server extends AbstractBusTestServerBase { - - public Server() { - - } - - protected void run() { - URL busFile = Server.class.getResource("server.xml"); - Bus busLocal = new SpringBusFactory().createBus(busFile); - BusFactory.setDefaultBus(busLocal); - setBus(busLocal); - - try { - new Server(); - } catch (Exception e) { - e.printStackTrace(); - } - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/d0005e69/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/spnego/SpnegoTokenTest.java ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/spnego/SpnegoTokenTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/spnego/SpnegoTokenTest.java deleted file mode 100644 index 6eb8802..0000000 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/spnego/SpnegoTokenTest.java +++ /dev/null @@ -1,275 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.systest.ws.spnego; - -import java.net.URL; -import java.util.Arrays; -import java.util.Collection; - -import javax.xml.namespace.QName; -import javax.xml.ws.Service; - -import org.apache.cxf.Bus; -import org.apache.cxf.bus.spring.SpringBusFactory; -import org.apache.cxf.systest.ws.common.SecurityTestUtil; -import org.apache.cxf.systest.ws.common.TestParam; -import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; -import org.example.contract.doubleit.DoubleItPortType; -import org.junit.BeforeClass; -import org.junit.runner.RunWith; -import org.junit.runners.Parameterized.Parameters; - -/** - * A set of tests for Spnego Tokens. The tests are @Ignore'd, as they require a running KDC. To run the - * tests, set up a KDC of realm "WS.APACHE.ORG", with principal "alice" and service principal - * "bob/service.ws.apache.org". Create keytabs for both principals in "/etc/alice.keytab" and - * "/etc/bob.keytab" (this can all be edited in src/test/resource/kerberos.jaas". Then disable the - * @Ignore annotations and run the tests with: - * - * mvn test -Pnochecks -Dtest=SpnegoTokenTest - * -Djava.security.auth.login.config=src/test/resources/kerberos.jaas - */ [email protected] -@RunWith(value = org.junit.runners.Parameterized.class) -public class SpnegoTokenTest extends AbstractBusClientServerTestBase { - static final String PORT = allocatePort(Server.class); - static final String PORT2 = allocatePort(Server.class, 2); - static final String STAX_PORT = allocatePort(StaxServer.class); - static final String STAX_PORT2 = allocatePort(StaxServer.class, 2); - - private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";; - private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService"); - - private static boolean unrestrictedPoliciesInstalled = - SecurityTestUtil.checkUnrestrictedPoliciesInstalled(); - - final TestParam test; - - public SpnegoTokenTest(TestParam type) { - this.test = type; - } - - @BeforeClass - public static void startServers() throws Exception { - if (unrestrictedPoliciesInstalled) { - assertTrue( - "Server failed to launch", - // run the server in the same process - // set this to false to fork - launchServer(Server.class, true) - ); - assertTrue( - "Server failed to launch", - // run the server in the same process - // set this to false to fork - launchServer(StaxServer.class, true) - ); - } - } - - @Parameters(name = "{0}") - public static Collection<TestParam[]> data() { - - return Arrays.asList(new TestParam[][] {{new TestParam(PORT, false)}, - {new TestParam(PORT, true)}, - {new TestParam(STAX_PORT, false)}, - {new TestParam(STAX_PORT, true)}, - }); - } - - @org.junit.AfterClass - public static void cleanup() throws Exception { - if (unrestrictedPoliciesInstalled) { - SecurityTestUtil.cleanup(); - stopAllServers(); - } - } - - @org.junit.Test - public void testSpnegoOverSymmetric() throws Exception { - - if (!unrestrictedPoliciesInstalled) { - return; - } - - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SpnegoTokenTest.class.getResource("client.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - URL wsdl = SpnegoTokenTest.class.getResource("DoubleItSpnego.wsdl"); - Service service = Service.create(wsdl, SERVICE_QNAME); - QName portQName = new QName(NAMESPACE, "DoubleItSpnegoSymmetricPort"); - DoubleItPortType spnegoPort = - service.getPort(portQName, DoubleItPortType.class); - updateAddressPort(spnegoPort, test.getPort()); - - if (test.isStreaming()) { - SecurityTestUtil.enableStreaming(spnegoPort); - } - - spnegoPort.doubleIt(25); - - ((java.io.Closeable)spnegoPort).close(); - bus.shutdown(true); - } - - @org.junit.Test - public void testSpnegoOverSymmetricDerived() throws Exception { - - if (!unrestrictedPoliciesInstalled) { - return; - } - - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SpnegoTokenTest.class.getResource("client.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - URL wsdl = SpnegoTokenTest.class.getResource("DoubleItSpnego.wsdl"); - Service service = Service.create(wsdl, SERVICE_QNAME); - QName portQName = new QName(NAMESPACE, "DoubleItSpnegoSymmetricDerivedPort"); - DoubleItPortType spnegoPort = - service.getPort(portQName, DoubleItPortType.class); - updateAddressPort(spnegoPort, test.getPort()); - - if (test.isStreaming()) { - SecurityTestUtil.enableStreaming(spnegoPort); - } - - spnegoPort.doubleIt(25); - - ((java.io.Closeable)spnegoPort).close(); - bus.shutdown(true); - } - - @org.junit.Test - public void testSpnegoOverSymmetricEncryptBeforeSigning() throws Exception { - - if (!unrestrictedPoliciesInstalled) { - return; - } - - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SpnegoTokenTest.class.getResource("client.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - URL wsdl = SpnegoTokenTest.class.getResource("DoubleItSpnego.wsdl"); - Service service = Service.create(wsdl, SERVICE_QNAME); - QName portQName = new QName(NAMESPACE, "DoubleItSpnegoSymmetricEncryptBeforeSigningPort"); - DoubleItPortType spnegoPort = - service.getPort(portQName, DoubleItPortType.class); - updateAddressPort(spnegoPort, test.getPort()); - - if (test.isStreaming()) { - SecurityTestUtil.enableStreaming(spnegoPort); - } - - spnegoPort.doubleIt(25); - - ((java.io.Closeable)spnegoPort).close(); - bus.shutdown(true); - } - - @org.junit.Test - public void testSpnegoOverTransport() throws Exception { - - if (!unrestrictedPoliciesInstalled) { - return; - } - - if (test.isStreaming()) { - // TODO Supporting streaming Snego outbound - return; - } - - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SpnegoTokenTest.class.getResource("client.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - URL wsdl = SpnegoTokenTest.class.getResource("DoubleItSpnego.wsdl"); - Service service = Service.create(wsdl, SERVICE_QNAME); - QName portQName = new QName(NAMESPACE, "DoubleItSpnegoTransportPort"); - DoubleItPortType spnegoPort = - service.getPort(portQName, DoubleItPortType.class); - String portNumber = PORT2; - if (STAX_PORT.equals(test.getPort())) { - portNumber = STAX_PORT2; - } - updateAddressPort(spnegoPort, portNumber); - - if (test.isStreaming()) { - SecurityTestUtil.enableStreaming(spnegoPort); - } - - spnegoPort.doubleIt(25); - - ((java.io.Closeable)spnegoPort).close(); - } - - @org.junit.Test - public void testSpnegoOverTransportEndorsing() throws Exception { - - if (!unrestrictedPoliciesInstalled) { - return; - } - - if (test.isStreaming()) { - // TODO Supporting streaming Snego outbound - return; - } - - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SpnegoTokenTest.class.getResource("client.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - URL wsdl = SpnegoTokenTest.class.getResource("DoubleItSpnego.wsdl"); - Service service = Service.create(wsdl, SERVICE_QNAME); - QName portQName = new QName(NAMESPACE, "DoubleItSpnegoTransportEndorsingPort"); - DoubleItPortType spnegoPort = - service.getPort(portQName, DoubleItPortType.class); - String portNumber = PORT2; - if (STAX_PORT.equals(test.getPort())) { - portNumber = STAX_PORT2; - } - updateAddressPort(spnegoPort, portNumber); - - if (test.isStreaming()) { - SecurityTestUtil.enableStreaming(spnegoPort); - } - - spnegoPort.doubleIt(25); - - ((java.io.Closeable)spnegoPort).close(); - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/d0005e69/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/spnego/StaxServer.java ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/spnego/StaxServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/spnego/StaxServer.java deleted file mode 100644 index 06c633a..0000000 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/spnego/StaxServer.java +++ /dev/null @@ -1,47 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.systest.ws.spnego; - -import java.net.URL; - -import org.apache.cxf.Bus; -import org.apache.cxf.BusFactory; -import org.apache.cxf.bus.spring.SpringBusFactory; -import org.apache.cxf.testutil.common.AbstractBusTestServerBase; - -public class StaxServer extends AbstractBusTestServerBase { - - public StaxServer() { - - } - - protected void run() { - URL busFile = StaxServer.class.getResource("stax-server.xml"); - Bus busLocal = new SpringBusFactory().createBus(busFile); - BusFactory.setDefaultBus(busLocal); - setBus(busLocal); - - try { - new StaxServer(); - } catch (Exception e) { - e.printStackTrace(); - } - } -}
