[CXF-6209][CXF-6210] - Bug in processing Signed/Encrypted Elements policies
with multiple XPaths
- XPath evaluation failure on the client side causes all subsequent
evaluations to fail
Conflicts:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/DoubleItParts.wsdl
systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/client.xml
systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/server.xml
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/847b73ea
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/847b73ea
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/847b73ea
Branch: refs/heads/2.7.x-fixes
Commit: 847b73ead53ac597ae5d36eddaad8bd8e8175572
Parents: b79e793
Author: Colm O hEigeartaigh <[email protected]>
Authored: Tue Jan 20 15:04:00 2015 +0000
Committer: Colm O hEigeartaigh <[email protected]>
Committed: Tue Jan 20 15:26:52 2015 +0000
----------------------------------------------------------------------
.../wss4j/PolicyBasedWSS4JInInterceptor.java | 19 +
.../policyhandlers/AbstractBindingBuilder.java | 59 +++-
.../policyhandlers/TransportBindingHandler.java | 7 +-
.../apache/cxf/systest/ws/parts/PartsTest.java | 50 +++
.../cxf/systest/ws/parts/DoubleItParts.wsdl | 8 +
.../org/apache/cxf/systest/ws/parts/client.xml | 348 +++++++++++++++++++
.../multiple-encrypted-elements-policy.xml | 48 +++
.../org/apache/cxf/systest/ws/parts/server.xml | 331 ++++++++++++++++++
8 files changed, 866 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/847b73ea/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
----------------------------------------------------------------------
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
index 1394a0b..d889fed 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
@@ -481,10 +481,29 @@ public class PolicyBasedWSS4JInInterceptor extends
WSS4JInInterceptor {
xpaths = p.getXPathExpressions();
}
+<<<<<<< HEAD
if (xpaths != null) {
if (namespaces != null) {
xpath.setNamespaceContext(new
MapNamespaceContext(namespaces));
}
+=======
+ RequiredElements elements =
(RequiredElements)ai.getAssertion();
+
+ if (elements != null && elements.getXPaths() != null
+ && !elements.getXPaths().isEmpty()) {
+ List<String> expressions = new ArrayList<String>();
+ MapNamespaceContext namespaceContext = new
MapNamespaceContext();
+
+ for (org.apache.wss4j.policy.model.XPath xPath :
elements.getXPaths()) {
+ expressions.add(xPath.getXPath());
+ Map<String, String> namespaceMap =
xPath.getPrefixNamespaceMap();
+ if (namespaceMap != null) {
+ namespaceContext.addNamespaces(namespaceMap);
+ }
+ }
+
+ xpath.setNamespaceContext(namespaceContext);
+>>>>>>> 5c8f473... [CXF-6209][CXF-6210] - Bug in processing Signed/Encrypted
Elements policies with multiple XPaths
try {
CryptoCoverageUtil.checkCoverage(soapEnvelope, refs,
xpath, xpaths, type, scope);
http://git-wip-us.apache.org/repos/asf/cxf/blob/847b73ea/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 6ac3388..c23d0d3 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -1244,8 +1244,8 @@ public abstract class AbstractBindingBuilder {
// Handle sign/enc parts
result.addAll(this.getParts(sign, includeBody, parts, found));
-
// Handle sign/enc elements
+<<<<<<< HEAD
try {
result.addAll(this.getElements("Element", xpaths, namespaces,
found, sign));
} catch (XPathExpressionException e) {
@@ -1259,6 +1259,13 @@ public abstract class AbstractBindingBuilder {
} catch (XPathExpressionException e) {
LOG.log(Level.FINE, e.getMessage(), e);
// REVISIT
+=======
+ result.addAll(this.getElements("Element", xpaths, found, sign));
+
+ if (!sign) {
+ // Handle content encrypted elements
+ result.addAll(this.getElements("Content", contentXpaths, found,
sign));
+>>>>>>> 5c8f473... [CXF-6209][CXF-6210] - Bug in processing Signed/Encrypted
Elements policies with multiple XPaths
}
return result;
@@ -1371,7 +1378,7 @@ public abstract class AbstractBindingBuilder {
protected List<WSEncryptionPart> getElements(String encryptionModifier,
List<String> xpaths, Map<String, String> namespaces,
List<Element> found,
- boolean forceId) throws XPathExpressionException, SOAPException {
+ boolean forceId) throws SOAPException {
List<WSEncryptionPart> result = new ArrayList<WSEncryptionPart>();
@@ -1383,6 +1390,7 @@ public abstract class AbstractBindingBuilder {
xpath.setNamespaceContext(new
MapNamespaceContext(namespaces));
}
+<<<<<<< HEAD
NodeList list = (NodeList)xpath.evaluate(expression,
saaj.getSOAPPart().getEnvelope(),
XPathConstants.NODESET);
for (int x = 0; x < list.getLength(); x++) {
@@ -1408,8 +1416,29 @@ public abstract class AbstractBindingBuilder {
new WSEncryptionPart(id, encryptionModifier);
part.setElement(el);
part.setXpath(expression);
+=======
+ NodeList list = null;
+ try {
+ list = (NodeList)xpath.evaluate(xPath.getXPath(),
saaj.getSOAPPart().getEnvelope(),
+
XPathConstants.NODESET);
+ } catch (XPathExpressionException e) {
+ LOG.log(Level.WARNING, "Failure in evaluating an XPath
expression", e);
+ }
+
+ if (list != null) {
+ for (int x = 0; x < list.getLength(); x++) {
+ Element el = (Element)list.item(x);
+>>>>>>> 5c8f473... [CXF-6209][CXF-6210] - Bug in processing Signed/Encrypted
Elements policies with multiple XPaths
- result.add(part);
+ if (!found.contains(el)) {
+ String id = setIdOnElement(el, forceId);
+ WSEncryptionPart part =
+ new WSEncryptionPart(id, encryptionModifier);
+ part.setElement(el);
+ part.setXpath(xPath.getXPath());
+
+ result.add(part);
+ }
}
}
}
@@ -1418,8 +1447,32 @@ public abstract class AbstractBindingBuilder {
return result;
}
+<<<<<<< HEAD
protected WSSecEncryptedKey getEncryptedKeyBuilder(TokenWrapper wrapper,
Token token) throws
WSSecurityException {
+=======
+ private String setIdOnElement(Element element, boolean forceId) {
+ if (forceId) {
+ return this.addWsuIdToElement(element);
+ }
+
+ //not forcing an ID on this. Use one if there is one
+ //there already, but don't force one
+ Attr idAttr = element.getAttributeNodeNS(null, "Id");
+ if (idAttr == null) {
+ //then try the wsu:Id value
+ idAttr =
element.getAttributeNodeNS(PolicyConstants.WSU_NAMESPACE_URI, "Id");
+ }
+ if (idAttr != null) {
+ return idAttr.getValue();
+ }
+
+ return null;
+ }
+
+ protected WSSecEncryptedKey getEncryptedKeyBuilder(AbstractTokenWrapper
wrapper,
+ AbstractToken token)
throws WSSecurityException {
+>>>>>>> 5c8f473... [CXF-6209][CXF-6210] - Bug in processing Signed/Encrypted
Elements policies with multiple XPaths
WSSecEncryptedKey encrKey = new WSSecEncryptedKey(wssConfig);
Crypto crypto = getEncryptionCrypto(wrapper);
message.getExchange().put(SecurityConstants.ENCRYPT_CRYPTO, crypto);
http://git-wip-us.apache.org/repos/asf/cxf/blob/847b73ea/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
----------------------------------------------------------------------
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index a5bacb2..03fc377 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -28,7 +28,6 @@ import java.util.logging.Level;
import javax.xml.crypto.dsig.Reference;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
-import javax.xml.xpath.XPathExpressionException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -602,6 +601,7 @@ public class TransportBindingHandler extends
AbstractBindingBuilder {
if (signedElements != null) {
// Handle SignedElements
+<<<<<<< HEAD
try {
result.addAll(
this.getElements(
@@ -613,6 +613,11 @@ public class TransportBindingHandler extends
AbstractBindingBuilder {
LOG.log(Level.FINE, e.getMessage(), e);
// REVISIT
}
+=======
+ result.addAll(
+ this.getElements("Element", signedElements.getXPaths(), found,
true)
+ );
+>>>>>>> 5c8f473... [CXF-6209][CXF-6210] - Bug in processing Signed/Encrypted
Elements policies with multiple XPaths
}
return result;
http://git-wip-us.apache.org/repos/asf/cxf/blob/847b73ea/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/parts/PartsTest.java
----------------------------------------------------------------------
diff --git
a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/parts/PartsTest.java
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/parts/PartsTest.java
index 41ad92b..5e8793c 100644
---
a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/parts/PartsTest.java
+++
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/parts/PartsTest.java
@@ -302,6 +302,56 @@ public class PartsTest extends
AbstractBusClientServerTestBase {
}
@org.junit.Test
+ public void testMultipleEncryptedElements() throws Exception {
+
+ if (test.isStreaming() || STAX_PORT.equals(test.getPort())) {
+ return;
+ }
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = PartsTest.class.getResource("client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = PartsTest.class.getResource("DoubleItParts.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+
+ // Successful invocation
+ QName portQName = new QName(NAMESPACE,
"DoubleItEncryptedElementsPort3");
+ DoubleItPortType port = service.getPort(portQName,
DoubleItPortType.class);
+ updateAddressPort(port, test.getPort());
+
+ if (test.isStreaming()) {
+ SecurityTestUtil.enableStreaming(port);
+ }
+
+ port.doubleIt(25);
+
+ // This should fail, as the service requires that the header must be
encrypted
+ portQName = new QName(NAMESPACE, "DoubleItEncryptedElementsPort2");
+ port = service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(port, test.getPort());
+
+ if (test.isStreaming()) {
+ SecurityTestUtil.enableStreaming(port);
+ }
+
+ try {
+ port.doubleIt(25);
+ fail("Failure expected on a header which isn't encrypted");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ String error = "EncryptedElements";
+ assertTrue(ex.getMessage().contains(error)
+ || ex.getMessage().contains("To must be encrypted"));
+ }
+
+ ((java.io.Closeable)port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
public void testContentEncryptedElements() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
http://git-wip-us.apache.org/repos/asf/cxf/blob/847b73ea/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/DoubleItParts.wsdl
----------------------------------------------------------------------
diff --git
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/DoubleItParts.wsdl
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/DoubleItParts.wsdl
index eb57ec4..6049718 100644
---
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/DoubleItParts.wsdl
+++
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/DoubleItParts.wsdl
@@ -90,8 +90,16 @@
<wsdl:port name="DoubleItEncryptedElementsPort2"
binding="tns:DoubleItStandardBinding">
<soap:address
location="http://localhost:9010/DoubleItEncryptedElements2"; />
</wsdl:port>
+<<<<<<< HEAD
<wsdl:port name="DoubleItContentEncryptedElementsPort"
binding="tns:DoubleItStandardBinding">
<soap:address
location="http://localhost:9010/DoubleItContentEncryptedElements"; />
+=======
+ <wsdl:port name="DoubleItEncryptedElementsPort3"
binding="tns:DoubleItStandardBinding">
+ <soap:address
location="http://localhost:9010/DoubleItEncryptedElements3"/>
+ </wsdl:port>
+ <wsdl:port name="DoubleItContentEncryptedElementsPort"
binding="tns:DoubleItStandardBinding">
+ <soap:address
location="http://localhost:9010/DoubleItContentEncryptedElements"/>
+>>>>>>> 5c8f473... [CXF-6209][CXF-6210] - Bug in processing Signed/Encrypted
Elements policies with multiple XPaths
</wsdl:port>
<wsdl:port name="DoubleItContentEncryptedElementsPort2"
binding="tns:DoubleItStandardBinding">
<soap:address
location="http://localhost:9010/DoubleItContentEncryptedElements2"; />
http://git-wip-us.apache.org/repos/asf/cxf/blob/847b73ea/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/client.xml
----------------------------------------------------------------------
diff --git
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/client.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/client.xml
new file mode 100644
index 0000000..6aa97be
--- /dev/null
+++
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/client.xml
@@ -0,0 +1,348 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:http="http://cxf.apache.org/transports/http/configuration";
xmlns:jaxws="http://cxf.apache.org/jaxws";
xmlns:cxf="http://cxf.apache.org/core"; xmlns:p="http://cxf.apache.org/policy";
xmlns:sec="http://cxf.apache.org/configuration/security"; xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
http://cxf.apache.org/policy http://cxf.apache.org/schemas/poli
cy.xsd http://www.w3.org/ns/ws-policy
http://www.w3.org/2007/02/ws-policy.xsd";>
+ <cxf:bus>
+ <cxf:features>
+ <p:policies/>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+ <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItRequiredPartsPort";
createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice"/>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.encryption.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ <entry key="ws-security.signature.properties"
value="alice.properties"/>
+ <entry key="ws-security.signature.username" value="alice"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/addr-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:client>
+ <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItRequiredPartsPort2";
createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice"/>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.encryption.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ <entry key="ws-security.signature.properties"
value="alice.properties"/>
+ <entry key="ws-security.signature.username" value="alice"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/addr-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:client>
+ <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItRequiredElementsPort";
createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice"/>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.encryption.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ <entry key="ws-security.signature.properties"
value="alice.properties"/>
+ <entry key="ws-security.signature.username" value="alice"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/addr-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:client>
+ <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItRequiredElementsPort2";
createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice"/>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.encryption.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ <entry key="ws-security.signature.properties"
value="alice.properties"/>
+ <entry key="ws-security.signature.username" value="alice"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/addr-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:client>
+ <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItSignedPartsPort";
createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice"/>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.encryption.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ <entry key="ws-security.signature.properties"
value="alice.properties"/>
+ <entry key="ws-security.signature.username" value="alice"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/signed-parts-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:client>
+ <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItSignedPartsPort2";
createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice"/>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.encryption.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ <entry key="ws-security.signature.properties"
value="alice.properties"/>
+ <entry key="ws-security.signature.username" value="alice"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/signed-addr-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:client>
+ <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItSignedPartsPort3";
createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice"/>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.encryption.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ <entry key="ws-security.signature.properties"
value="alice.properties"/>
+ <entry key="ws-security.signature.username" value="alice"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/signed-body-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:client>
+ <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItSignedElementsPort";
createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice"/>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.encryption.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ <entry key="ws-security.signature.properties"
value="alice.properties"/>
+ <entry key="ws-security.signature.username" value="alice"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/signed-elements-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:client>
+ <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItSignedElementsPort2";
createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice"/>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.encryption.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ <entry key="ws-security.signature.properties"
value="alice.properties"/>
+ <entry key="ws-security.signature.username" value="alice"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/addr-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:client>
+ <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItEncryptedPartsPort";
createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice"/>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.encryption.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ <entry key="ws-security.signature.properties"
value="alice.properties"/>
+ <entry key="ws-security.signature.username" value="alice"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/encrypted-parts-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:client>
+ <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItEncryptedPartsPort2";
createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice"/>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.encryption.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ <entry key="ws-security.signature.properties"
value="alice.properties"/>
+ <entry key="ws-security.signature.username" value="alice"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/encrypted-addr-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:client>
+ <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItEncryptedPartsPort3";
createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice"/>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.encryption.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ <entry key="ws-security.signature.properties"
value="alice.properties"/>
+ <entry key="ws-security.signature.username" value="alice"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/encrypted-body-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:client>
+ <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItEncryptedElementsPort";
createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice"/>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.encryption.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ <entry key="ws-security.signature.properties"
value="alice.properties"/>
+ <entry key="ws-security.signature.username" value="alice"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/encrypted-elements-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:client>
+ <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItEncryptedElementsPort2";
createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice"/>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.encryption.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ <entry key="ws-security.signature.properties"
value="alice.properties"/>
+ <entry key="ws-security.signature.username" value="alice"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/addr-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:client>
+ <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItEncryptedElementsPort3";
createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice"/>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.encryption.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ <entry key="ws-security.signature.properties"
value="alice.properties"/>
+ <entry key="ws-security.signature.username" value="alice"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/multiple-encrypted-elements-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:client>
+ <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItContentEncryptedElementsPort";
createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice"/>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.encryption.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ <entry key="ws-security.signature.properties"
value="alice.properties"/>
+ <entry key="ws-security.signature.username" value="alice"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/content-encrypted-elements-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:client>
+ <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItContentEncryptedElementsPort2";
createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice"/>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.encryption.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ <entry key="ws-security.signature.properties"
value="alice.properties"/>
+ <entry key="ws-security.signature.username" value="alice"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/addr-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:client>
+
+ <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItSignedAttachmentsPort";
createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice"/>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.encryption.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ <entry key="ws-security.signature.properties"
value="alice.properties"/>
+ <entry key="ws-security.signature.username" value="alice"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
+
URI="classpath:/org/apache/cxf/systest/ws/parts/signed-attachments-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:client>
+ <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItSignedAttachmentsPort2";
createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice"/>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.encryption.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ <entry key="ws-security.signature.properties"
value="alice.properties"/>
+ <entry key="ws-security.signature.username" value="alice"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
+
URI="classpath:/org/apache/cxf/systest/ws/parts/signed-body-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:client>
+ <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItEncryptedAttachmentsPort";
createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice"/>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.encryption.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ <entry key="ws-security.signature.properties"
value="alice.properties"/>
+ <entry key="ws-security.signature.username" value="alice"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
+
URI="classpath:/org/apache/cxf/systest/ws/parts/encrypted-attachments-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:client>
+ <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItEncryptedAttachmentsPort2";
createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice"/>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.encryption.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ <entry key="ws-security.signature.properties"
value="alice.properties"/>
+ <entry key="ws-security.signature.username" value="alice"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
+
URI="classpath:/org/apache/cxf/systest/ws/parts/encrypted-body-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:client>
+
+</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/847b73ea/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/multiple-encrypted-elements-policy.xml
----------------------------------------------------------------------
diff --git
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/multiple-encrypted-elements-policy.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/multiple-encrypted-elements-policy.xml
new file mode 100644
index 0000000..a75f6fd
--- /dev/null
+++
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/multiple-encrypted-elements-policy.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0"?>
+<wsp:Policy
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://www.w3.org/ns/ws-policy"; wsu:Id="RequiredPartsPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";>
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ <sp:RequireIssuerSerialReference/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:EncryptedElements
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+ <sp:XPath xmlns:wsa="http://www.w3.org/2005/08/addressing";
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";>/soap:Envelope/soap:Header/wsa:To</sp:XPath>
+ <sp:XPath
xmlns:example1="http://www.example.org/schema/DoubleIt";>//example1:DoubleIt</sp:XPath>
+ </sp:EncryptedElements>
+ <sp:SignedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+ <sp:Body/>
+ </sp:SignedParts>
+ <wsaws:UsingAddressing
xmlns:wsaws="http://www.w3.org/2006/05/addressing/wsdl"/>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
http://git-wip-us.apache.org/repos/asf/cxf/blob/847b73ea/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/server.xml
----------------------------------------------------------------------
diff --git
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/server.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/server.xml
new file mode 100644
index 0000000..40f10f1
--- /dev/null
+++
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/server.xml
@@ -0,0 +1,331 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:jaxws="http://cxf.apache.org/jaxws";
xmlns:http="http://cxf.apache.org/transports/http/configuration";
xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration";
xmlns:sec="http://cxf.apache.org/configuration/security";
xmlns:cxf="http://cxf.apache.org/core"; xmlns:p="http://cxf.apache.org/policy";
xsi:schemaLocation=" http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/core
http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/policy
http://cxf.apache.org/schemas/policy.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apa
che.org/transports/http-jetty/configuration
http://cxf.apache.org/schemas/configuration/http-jetty.xsd
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
http://www.w3.org/ns/ws-policy
http://www.w3.org/2007/02/ws-policy.xsd ">
+ <bean
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <p:policies/>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="RequiredParts"
address="http://localhost:${testutil.ports.Server}/DoubleItRequiredParts";
serviceName="s:DoubleItService" endpointName="s:DoubleItRequiredPartsPort"
implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/parts/DoubleItParts.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.signature.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username"
value="useReqSigCert"/>
+ <entry key="ws-security.subject.cert.constraints"
value=".*O=apache.org.*"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/req-parts-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="RequiredParts2"
address="http://localhost:${testutil.ports.Server}/DoubleItRequiredParts2";
serviceName="s:DoubleItService" endpointName="s:DoubleItRequiredPartsPort2"
implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/parts/DoubleItParts.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.signature.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username"
value="useReqSigCert"/>
+ <entry key="ws-security.subject.cert.constraints"
value=".*O=apache.org.*"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/bad-req-parts-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="RequiredElements"
address="http://localhost:${testutil.ports.Server}/DoubleItRequiredElements";
serviceName="s:DoubleItService" endpointName="s:DoubleItRequiredElementsPort"
implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/parts/DoubleItParts.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.signature.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username"
value="useReqSigCert"/>
+ <entry key="ws-security.subject.cert.constraints"
value=".*O=apache.org.*"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/req-elements-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="RequiredElements2"
address="http://localhost:${testutil.ports.Server}/DoubleItRequiredElements2";
serviceName="s:DoubleItService" endpointName="s:DoubleItRequiredElementsPort2"
implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/parts/DoubleItParts.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.signature.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username"
value="useReqSigCert"/>
+ <entry key="ws-security.subject.cert.constraints"
value=".*O=apache.org.*"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/bad-req-elements-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="SignedParts"
address="http://localhost:${testutil.ports.Server}/DoubleItSignedParts";
serviceName="s:DoubleItService" endpointName="s:DoubleItSignedPartsPort"
implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/parts/DoubleItParts.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.signature.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username"
value="useReqSigCert"/>
+ <entry key="ws-security.subject.cert.constraints"
value=".*O=apache.org.*"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/signed-parts-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="SignedParts2"
address="http://localhost:${testutil.ports.Server}/DoubleItSignedParts2";
serviceName="s:DoubleItService" endpointName="s:DoubleItSignedPartsPort2"
implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/parts/DoubleItParts.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.signature.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username"
value="useReqSigCert"/>
+ <entry key="ws-security.subject.cert.constraints"
value=".*O=apache.org.*"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/signed-parts-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="SignedParts3"
address="http://localhost:${testutil.ports.Server}/DoubleItSignedParts3";
serviceName="s:DoubleItService" endpointName="s:DoubleItSignedPartsPort3"
implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/parts/DoubleItParts.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.signature.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username"
value="useReqSigCert"/>
+ <entry key="ws-security.subject.cert.constraints"
value=".*O=apache.org.*"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/signed-parts-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="SignedElements"
address="http://localhost:${testutil.ports.Server}/DoubleItSignedElements";
serviceName="s:DoubleItService" endpointName="s:DoubleItSignedElementsPort"
implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/parts/DoubleItParts.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.signature.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username"
value="useReqSigCert"/>
+ <entry key="ws-security.subject.cert.constraints"
value=".*O=apache.org.*"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/signed-elements-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="SignedElements2"
address="http://localhost:${testutil.ports.Server}/DoubleItSignedElements2";
serviceName="s:DoubleItService" endpointName="s:DoubleItSignedElementsPort2"
implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/parts/DoubleItParts.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.signature.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username"
value="useReqSigCert"/>
+ <entry key="ws-security.subject.cert.constraints"
value=".*O=apache.org.*"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/signed-elements-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="EncryptedParts"
address="http://localhost:${testutil.ports.Server}/DoubleItEncryptedParts";
serviceName="s:DoubleItService" endpointName="s:DoubleItEncryptedPartsPort"
implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/parts/DoubleItParts.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.signature.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="alice"/>
+ <entry key="ws-security.encryption.properties"
value="alice.properties"/>
+ <entry key="ws-security.subject.cert.constraints"
value=".*O=apache.org.*"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/encrypted-parts-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="EncryptedParts2"
address="http://localhost:${testutil.ports.Server}/DoubleItEncryptedParts2";
serviceName="s:DoubleItService" endpointName="s:DoubleItEncryptedPartsPort2"
implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/parts/DoubleItParts.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.signature.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="alice"/>
+ <entry key="ws-security.encryption.properties"
value="alice.properties"/>
+ <entry key="ws-security.subject.cert.constraints"
value=".*O=apache.org.*"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/encrypted-parts-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="EncryptedParts3"
address="http://localhost:${testutil.ports.Server}/DoubleItEncryptedParts3";
serviceName="s:DoubleItService" endpointName="s:DoubleItEncryptedPartsPort3"
implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/parts/DoubleItParts.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.signature.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="alice"/>
+ <entry key="ws-security.encryption.properties"
value="alice.properties"/>
+ <entry key="ws-security.subject.cert.constraints"
value=".*O=apache.org.*"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/encrypted-parts-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="EncryptedElements"
address="http://localhost:${testutil.ports.Server}/DoubleItEncryptedElements";
serviceName="s:DoubleItService" endpointName="s:DoubleItEncryptedElementsPort"
implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/parts/DoubleItParts.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.signature.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="alice"/>
+ <entry key="ws-security.encryption.properties"
value="alice.properties"/>
+ <entry key="ws-security.subject.cert.constraints"
value=".*O=apache.org.*"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/encrypted-elements-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="EncryptedElements2"
address="http://localhost:${testutil.ports.Server}/DoubleItEncryptedElements2";
serviceName="s:DoubleItService" endpointName="s:DoubleItEncryptedElementsPort2"
implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/parts/DoubleItParts.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.signature.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="alice"/>
+ <entry key="ws-security.encryption.properties"
value="alice.properties"/>
+ <entry key="ws-security.subject.cert.constraints"
value=".*O=apache.org.*"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/encrypted-elements-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="EncryptedElements3"
address="http://localhost:${testutil.ports.Server}/DoubleItEncryptedElements3";
serviceName="s:DoubleItService" endpointName="s:DoubleItEncryptedElementsPort3"
implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/parts/DoubleItParts.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.signature.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="alice"/>
+ <entry key="ws-security.encryption.properties"
value="alice.properties"/>
+ <entry key="ws-security.subject.cert.constraints"
value=".*O=apache.org.*"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/multiple-encrypted-elements-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="ContentEncryptedElements"
address="http://localhost:${testutil.ports.Server}/DoubleItContentEncryptedElements";
serviceName="s:DoubleItService"
endpointName="s:DoubleItContentEncryptedElementsPort"
implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/parts/DoubleItParts.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.signature.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="alice"/>
+ <entry key="ws-security.encryption.properties"
value="alice.properties"/>
+ <entry key="ws-security.subject.cert.constraints"
value=".*O=apache.org.*"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/content-encrypted-elements-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="ContentEncryptedElements2"
address="http://localhost:${testutil.ports.Server}/DoubleItContentEncryptedElements2";
serviceName="s:DoubleItService"
endpointName="s:DoubleItContentEncryptedElementsPort2"
implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/parts/DoubleItParts.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.signature.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="alice"/>
+ <entry key="ws-security.encryption.properties"
value="alice.properties"/>
+ <entry key="ws-security.subject.cert.constraints"
value=".*O=apache.org.*"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
URI="classpath:/org/apache/cxf/systest/ws/parts/content-encrypted-elements-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:endpoint>
+
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="SignedAttachments"
+
address="http://localhost:${testutil.ports.Server}/DoubleItSignedAttachments";
+ serviceName="s:DoubleItService"
endpointName="s:DoubleItSignedAttachmentsPort"
+ implementor="org.apache.cxf.systest.ws.parts.DoubleIt3Impl"
+ wsdlLocation="org/apache/cxf/systest/ws/parts/DoubleItParts.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.signature.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username"
value="useReqSigCert"/>
+ <entry key="ws-security.subject.cert.constraints"
value=".*O=apache.org.*"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
+
URI="classpath:/org/apache/cxf/systest/ws/parts/signed-attachments-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="SignedAttachments2"
+
address="http://localhost:${testutil.ports.Server}/DoubleItSignedAttachments2";
+ serviceName="s:DoubleItService"
endpointName="s:DoubleItSignedAttachmentsPort2"
+ implementor="org.apache.cxf.systest.ws.parts.DoubleIt3Impl"
+ wsdlLocation="org/apache/cxf/systest/ws/parts/DoubleItParts.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.signature.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username"
value="useReqSigCert"/>
+ <entry key="ws-security.subject.cert.constraints"
value=".*O=apache.org.*"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
+
URI="classpath:/org/apache/cxf/systest/ws/parts/signed-attachments-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="EncryptedAttachments"
+
address="http://localhost:${testutil.ports.Server}/DoubleItEncryptedAttachments";
+ serviceName="s:DoubleItService"
endpointName="s:DoubleItEncryptedAttachmentsPort"
+ implementor="org.apache.cxf.systest.ws.parts.DoubleIt3Impl"
+ wsdlLocation="org/apache/cxf/systest/ws/parts/DoubleItParts.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.signature.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username"
value="useReqSigCert"/>
+ <entry key="ws-security.subject.cert.constraints"
value=".*O=apache.org.*"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
+
URI="classpath:/org/apache/cxf/systest/ws/parts/encrypted-attachments-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="EncryptedAttachments2"
+
address="http://localhost:${testutil.ports.Server}/DoubleItEncryptedAttachments2";
+ serviceName="s:DoubleItService"
endpointName="s:DoubleItEncryptedAttachmentsPort2"
+ implementor="org.apache.cxf.systest.ws.parts.DoubleIt3Impl"
+ wsdlLocation="org/apache/cxf/systest/ws/parts/DoubleItParts.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.signature.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username"
value="useReqSigCert"/>
+ <entry key="ws-security.subject.cert.constraints"
value=".*O=apache.org.*"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference
xmlns:wsp="http://www.w3.org/ns/ws-policy";
+
URI="classpath:/org/apache/cxf/systest/ws/parts/encrypted-attachments-policy.xml"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:endpoint>
+
+</beans>
