Repository: cxf Updated Branches: refs/heads/master 9bb358404 -> e20d6609c
Added some WS-Security / JMS system tests Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e20d6609 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e20d6609 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e20d6609 Branch: refs/heads/master Commit: e20d6609c5e4a7947971df45038e3be7dd7f48b7 Parents: 0c0b31f Author: Colm O hEigeartaigh <[email protected]> Authored: Mon Nov 2 17:17:22 2015 +0000 Committer: Colm O hEigeartaigh <[email protected]> Committed: Mon Nov 2 17:50:01 2015 +0000 ---------------------------------------------------------------------- systests/transport-jms/pom.xml | 5 + .../systest/jms/security/JMSWSSecurityTest.java | 155 +++++++++++++ .../jms/security/KeystorePasswordCallback.java | 73 +++++++ .../jms/security/SamlCallbackHandler.java | 219 +++++++++++++++++++ .../security/SecurityGreeterImplTwoWayJMS.java | 30 +++ .../apache/cxf/systest/jms/security/Server.java | 59 +++++ .../systest/jms/security/TwoWayJMSImplBase.java | 132 +++++++++++ .../src/test/resources/alice.properties | 21 ++ .../src/test/resources/bob.properties | 21 ++ .../src/test/resources/certs/alice.jks | Bin 0 -> 3984 bytes .../src/test/resources/certs/bob.jks | Bin 0 -> 3979 bytes .../src/test/resources/certs/cxfca.jks | Bin 0 -> 891 bytes .../src/test/resources/logging.properties | 74 +++++++ 13 files changed, 789 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/e20d6609/systests/transport-jms/pom.xml ---------------------------------------------------------------------- diff --git a/systests/transport-jms/pom.xml b/systests/transport-jms/pom.xml index 93e4895..9789d2d 100644 --- a/systests/transport-jms/pom.xml +++ b/systests/transport-jms/pom.xml @@ -115,6 +115,11 @@ <version>${project.version}</version> </dependency> <dependency> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-ws-security</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-servlet</artifactId> </dependency> http://git-wip-us.apache.org/repos/asf/cxf/blob/e20d6609/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/JMSWSSecurityTest.java ---------------------------------------------------------------------- diff --git a/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/JMSWSSecurityTest.java b/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/JMSWSSecurityTest.java new file mode 100644 index 0000000..6db3729 --- /dev/null +++ b/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/JMSWSSecurityTest.java @@ -0,0 +1,155 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.systest.jms.security; + +import java.net.URL; +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.xml.namespace.QName; + +import org.apache.cxf.BusFactory; +import org.apache.cxf.endpoint.Client; +import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.hello_world_jms.HelloWorldPortType; +import org.apache.cxf.hello_world_jms.HelloWorldService; +import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; +import org.apache.cxf.testutil.common.EmbeddedJMSBrokerLauncher; +import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor; +import org.apache.wss4j.common.saml.bean.AudienceRestrictionBean; +import org.apache.wss4j.common.saml.bean.ConditionsBean; +import org.apache.wss4j.common.saml.builder.SAML2Constants; +import org.apache.wss4j.dom.handler.WSHandlerConstants; +import org.junit.After; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; + +/** + * Some WS-Security over JMS tests + */ +public class JMSWSSecurityTest extends AbstractBusClientServerTestBase { + public static final String PORT = allocatePort(JMSWSSecurityTest.class); + + private static EmbeddedJMSBrokerLauncher broker; + private List<String> wsdlStrings = new ArrayList<String>(); + + @BeforeClass + public static void startServers() throws Exception { + broker = new EmbeddedJMSBrokerLauncher("tcp://localhost:" + PORT); + launchServer(broker); + launchServer(new Server(broker)); + createStaticBus(); + } + + @Before + public void setUp() throws Exception { + assertSame(getStaticBus(), BusFactory.getThreadDefaultBus(false)); + } + + @After + public void tearDown() throws Exception { + wsdlStrings.clear(); + } + + public URL getWSDLURL(String s) throws Exception { + URL u = getClass().getResource(s); + if (u == null) { + throw new IllegalArgumentException("WSDL classpath resource not found " + s); + } + String wsdlString = u.toString().intern(); + wsdlStrings.add(wsdlString); + broker.updateWsdl(getBus(), wsdlString); + return u; + } + + @Test + public void testUnsignedSAML2Token() throws Exception { + QName serviceName = new QName("http://cxf.apache.org/hello_world_jms";, "HelloWorldService"); + QName portName = new QName("http://cxf.apache.org/hello_world_jms";, "HelloWorldPort"); + URL wsdl = getWSDLURL("/wsdl/jms_test.wsdl"); + HelloWorldService service = new HelloWorldService(wsdl, serviceName); + + String response = new String("Bonjour"); + HelloWorldPortType greeter = service.getPort(portName, HelloWorldPortType.class); + + SamlCallbackHandler callbackHandler = new SamlCallbackHandler(); + callbackHandler.setSignAssertion(true); + callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER); + + Map<String, Object> outProperties = new HashMap<String, Object>(); + outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_UNSIGNED); + outProperties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler); + + WSS4JOutInterceptor outInterceptor = new WSS4JOutInterceptor(outProperties); + Client client = ClientProxy.getClient(greeter); + client.getOutInterceptors().add(outInterceptor); + + String reply = greeter.sayHi(); + assertNotNull("no response received from service", reply); + assertEquals(response, reply); + + ((java.io.Closeable)greeter).close(); + } + + @Test + @org.junit.Ignore + public void testUnsignedSAML2AudienceRestrictionToken() throws Exception { + QName serviceName = new QName("http://cxf.apache.org/hello_world_jms";, "HelloWorldService"); + QName portName = new QName("http://cxf.apache.org/hello_world_jms";, "HelloWorldPort"); + URL wsdl = getWSDLURL("/wsdl/jms_test.wsdl"); + HelloWorldService service = new HelloWorldService(wsdl, serviceName); + + String response = new String("Bonjour"); + HelloWorldPortType greeter = service.getPort(portName, HelloWorldPortType.class); + + SamlCallbackHandler callbackHandler = new SamlCallbackHandler(); + callbackHandler.setSignAssertion(true); + callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER); + + ConditionsBean conditions = new ConditionsBean(); + conditions.setTokenPeriodMinutes(5); + List<String> audiences = new ArrayList<>(); + audiences.add("http://apache.org/one";); + AudienceRestrictionBean audienceRestrictionBean = new AudienceRestrictionBean(); + audienceRestrictionBean.setAudienceURIs(audiences); + conditions.setAudienceRestrictions(Collections.singletonList(audienceRestrictionBean)); + + callbackHandler.setConditions(conditions); + + Map<String, Object> outProperties = new HashMap<String, Object>(); + outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_UNSIGNED); + outProperties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler); + + WSS4JOutInterceptor outInterceptor = new WSS4JOutInterceptor(outProperties); + Client client = ClientProxy.getClient(greeter); + client.getOutInterceptors().add(outInterceptor); + + String reply = greeter.sayHi(); + assertNotNull("no response received from service", reply); + assertEquals(response, reply); + + ((java.io.Closeable)greeter).close(); + } + + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/e20d6609/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/KeystorePasswordCallback.java ---------------------------------------------------------------------- diff --git a/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/KeystorePasswordCallback.java b/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/KeystorePasswordCallback.java new file mode 100644 index 0000000..4148115 --- /dev/null +++ b/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/KeystorePasswordCallback.java @@ -0,0 +1,73 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.jms.security; + +import java.io.IOException; +import java.util.HashMap; +import java.util.Map; + +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.UnsupportedCallbackException; + +import org.apache.wss4j.common.ext.WSPasswordCallback; + +/** + * A CallbackHandler implementation for keystores. + */ +public class KeystorePasswordCallback implements CallbackHandler { + + private Map<String, String> passwords = + new HashMap<String, String>(); + + public KeystorePasswordCallback() { + passwords.put("Alice", "abcd!1234"); + passwords.put("alice", "password"); + passwords.put("Bob", "abcd!1234"); + passwords.put("bob", "password"); + passwords.put("abcd", "dcba"); + passwords.put("6e0e88f36ebb8744d470f62f604d03ea4ebe5094", "password"); + passwords.put("wss40rev", "security"); + passwords.put("morpit", "password"); + } + + /** + * It attempts to get the password from the private + * alias/passwords map. + */ + public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { + for (int i = 0; i < callbacks.length; i++) { + WSPasswordCallback pc = (WSPasswordCallback)callbacks[i]; + if (pc.getUsage() == WSPasswordCallback.PASSWORD_ENCRYPTOR_PASSWORD) { + pc.setPassword("this-is-a-secret"); + } else { + String pass = passwords.get(pc.getIdentifier()); + if (pass != null) { + pc.setPassword(pass); + return; + } else { + pc.setPassword("password"); + } + } + } + } + + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/e20d6609/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/SamlCallbackHandler.java ---------------------------------------------------------------------- diff --git a/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/SamlCallbackHandler.java b/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/SamlCallbackHandler.java new file mode 100644 index 0000000..3899955 --- /dev/null +++ b/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/SamlCallbackHandler.java @@ -0,0 +1,219 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.jms.security; + +import java.io.IOException; +import java.security.cert.X509Certificate; +import java.util.Collections; + +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.UnsupportedCallbackException; + +import org.apache.wss4j.common.crypto.Crypto; +import org.apache.wss4j.common.crypto.CryptoFactory; +import org.apache.wss4j.common.crypto.CryptoType; +import org.apache.wss4j.common.ext.WSSecurityException; +import org.apache.wss4j.common.saml.SAMLCallback; +import org.apache.wss4j.common.saml.bean.AttributeBean; +import org.apache.wss4j.common.saml.bean.AttributeStatementBean; +import org.apache.wss4j.common.saml.bean.ConditionsBean; +import org.apache.wss4j.common.saml.bean.KeyInfoBean; +import org.apache.wss4j.common.saml.bean.KeyInfoBean.CERT_IDENTIFIER; +import org.apache.wss4j.common.saml.bean.SubjectBean; +import org.apache.wss4j.common.saml.bean.Version; +import org.apache.wss4j.common.saml.builder.SAML1Constants; +import org.apache.wss4j.common.saml.builder.SAML2Constants; +import org.apache.wss4j.dom.WSConstants; + +/** + * A CallbackHandler instance that is used by the STS to mock up a SAML Attribute Assertion. + */ +public class SamlCallbackHandler implements CallbackHandler { + private boolean saml2 = true; + private String confirmationMethod = SAML2Constants.CONF_SENDER_VOUCHES; + private CERT_IDENTIFIER keyInfoIdentifier = CERT_IDENTIFIER.X509_CERT; + private boolean signAssertion; + private ConditionsBean conditions; + private String cryptoAlias = "alice"; + private String cryptoPassword = "password"; + private String cryptoPropertiesFile = "alice.properties"; + private String signatureAlgorithm = WSConstants.RSA_SHA1; + private String digestAlgorithm = WSConstants.SHA1; + + public SamlCallbackHandler() { + // + } + + public SamlCallbackHandler(boolean saml2) { + this.saml2 = saml2; + } + + public SamlCallbackHandler(boolean saml2, boolean signAssertion) { + this.saml2 = saml2; + this.signAssertion = signAssertion; + } + + public void setConfirmationMethod(String confirmationMethod) { + this.confirmationMethod = confirmationMethod; + } + + public void setKeyInfoIdentifier(CERT_IDENTIFIER keyInfoIdentifier) { + this.keyInfoIdentifier = keyInfoIdentifier; + } + + public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { + for (int i = 0; i < callbacks.length; i++) { + if (callbacks[i] instanceof SAMLCallback) { + SAMLCallback callback = (SAMLCallback) callbacks[i]; + if (saml2) { + callback.setSamlVersion(Version.SAML_20); + } else { + callback.setSamlVersion(Version.SAML_11); + } + if (conditions != null) { + callback.setConditions(conditions); + } + + callback.setIssuer("sts"); + String subjectName = "uid=sts-client,o=mock-sts.com"; + String subjectQualifier = "www.mock-sts.com"; + if (!saml2 && SAML2Constants.CONF_SENDER_VOUCHES.equals(confirmationMethod)) { + confirmationMethod = SAML1Constants.CONF_SENDER_VOUCHES; + } + SubjectBean subjectBean = + new SubjectBean( + subjectName, subjectQualifier, confirmationMethod + ); + if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod) + || SAML1Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) { + try { + KeyInfoBean keyInfo = createKeyInfo(); + subjectBean.setKeyInfo(keyInfo); + } catch (Exception ex) { + throw new IOException("Problem creating KeyInfo: " + ex.getMessage()); + } + } + callback.setSubject(subjectBean); + + AttributeStatementBean attrBean = new AttributeStatementBean(); + attrBean.setSubject(subjectBean); + + AttributeBean attributeBean = new AttributeBean(); + if (saml2) { + attributeBean.setQualifiedName("subject-role"); + } else { + attributeBean.setSimpleName("subject-role"); + attributeBean.setQualifiedName("http://custom-ns";); + } + attributeBean.addAttributeValue("system-user"); + attrBean.setSamlAttributes(Collections.singletonList(attributeBean)); + callback.setAttributeStatementData(Collections.singletonList(attrBean)); + callback.setSignatureAlgorithm(signatureAlgorithm); + callback.setSignatureDigestAlgorithm(digestAlgorithm); + + try { + Crypto crypto = CryptoFactory.getInstance(cryptoPropertiesFile); + callback.setIssuerCrypto(crypto); + callback.setIssuerKeyName(cryptoAlias); + callback.setIssuerKeyPassword(cryptoPassword); + callback.setSignAssertion(signAssertion); + } catch (WSSecurityException e) { + throw new IOException(e); + } + } + } + } + + protected KeyInfoBean createKeyInfo() throws Exception { + Crypto crypto = + CryptoFactory.getInstance(cryptoPropertiesFile); + CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS); + cryptoType.setAlias(cryptoAlias); + X509Certificate[] certs = crypto.getX509Certificates(cryptoType); + + KeyInfoBean keyInfo = new KeyInfoBean(); + keyInfo.setCertIdentifer(keyInfoIdentifier); + if (keyInfoIdentifier == CERT_IDENTIFIER.X509_CERT) { + keyInfo.setCertificate(certs[0]); + } else if (keyInfoIdentifier == CERT_IDENTIFIER.KEY_VALUE) { + keyInfo.setPublicKey(certs[0].getPublicKey()); + } + + return keyInfo; + } + + public boolean isSignAssertion() { + return signAssertion; + } + + public void setSignAssertion(boolean signAssertion) { + this.signAssertion = signAssertion; + } + + public ConditionsBean getConditions() { + return conditions; + } + + public void setConditions(ConditionsBean conditions) { + this.conditions = conditions; + } + + public String getCryptoAlias() { + return cryptoAlias; + } + + public void setCryptoAlias(String cryptoAlias) { + this.cryptoAlias = cryptoAlias; + } + + public String getCryptoPassword() { + return cryptoPassword; + } + + public void setCryptoPassword(String cryptoPassword) { + this.cryptoPassword = cryptoPassword; + } + + public String getCryptoPropertiesFile() { + return cryptoPropertiesFile; + } + + public void setCryptoPropertiesFile(String cryptoPropertiesFile) { + this.cryptoPropertiesFile = cryptoPropertiesFile; + } + + public String getSignatureAlgorithm() { + return signatureAlgorithm; + } + + public void setSignatureAlgorithm(String signatureAlgorithm) { + this.signatureAlgorithm = signatureAlgorithm; + } + + public String getDigestAlgorithm() { + return digestAlgorithm; + } + + public void setDigestAlgorithm(String digestAlgorithm) { + this.digestAlgorithm = digestAlgorithm; + } + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/e20d6609/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/SecurityGreeterImplTwoWayJMS.java ---------------------------------------------------------------------- diff --git a/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/SecurityGreeterImplTwoWayJMS.java b/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/SecurityGreeterImplTwoWayJMS.java new file mode 100644 index 0000000..9d7b2c7 --- /dev/null +++ b/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/SecurityGreeterImplTwoWayJMS.java @@ -0,0 +1,30 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.systest.jms.security; + +import javax.jws.WebService; + +@WebService(serviceName = "HelloWorldService", + portName = "HelloWorldPort", + endpointInterface = "org.apache.cxf.hello_world_jms.HelloWorldPortType", + targetNamespace = "http://cxf.apache.org/hello_world_jms";, + wsdlLocation = "testutils/jms_test.wsdl") +public class SecurityGreeterImplTwoWayJMS extends TwoWayJMSImplBase { + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/e20d6609/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/Server.java ---------------------------------------------------------------------- diff --git a/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/Server.java b/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/Server.java new file mode 100644 index 0000000..0ed8b2b --- /dev/null +++ b/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/Server.java @@ -0,0 +1,59 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.systest.jms.security; + +import java.util.HashMap; +import java.util.Map; + +import javax.xml.ws.Endpoint; + +import org.apache.cxf.Bus; +import org.apache.cxf.BusFactory; +import org.apache.cxf.testutil.common.AbstractBusTestServerBase; +import org.apache.cxf.testutil.common.EmbeddedJMSBrokerLauncher; +import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor; +import org.apache.wss4j.dom.handler.WSHandlerConstants; + +public class Server extends AbstractBusTestServerBase { + public static final String PORT = allocatePort(Server.class); + + EmbeddedJMSBrokerLauncher broker; + public Server(EmbeddedJMSBrokerLauncher b) { + broker = b; + } + + protected void run() { + Bus bus = BusFactory.getDefaultBus(); + setBus(bus); + + Map<String, Object> inProperties = new HashMap<String, Object>(); + inProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_SIGNED); + inProperties.put(WSHandlerConstants.PW_CALLBACK_REF, new KeystorePasswordCallback()); + inProperties.put(WSHandlerConstants.SIG_VER_PROP_FILE, "bob.properties"); + + WSS4JInInterceptor inInterceptor = new WSS4JInInterceptor(inProperties); + + bus.getInInterceptors().add(inInterceptor); + + broker.updateWsdl(bus, "testutils/jms_test.wsdl"); + + Endpoint.publish(null, new SecurityGreeterImplTwoWayJMS()); + } + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/e20d6609/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/TwoWayJMSImplBase.java ---------------------------------------------------------------------- diff --git a/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/TwoWayJMSImplBase.java b/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/TwoWayJMSImplBase.java new file mode 100644 index 0000000..ad5e0fd --- /dev/null +++ b/systests/transport-jms/src/test/java/org/apache/cxf/systest/jms/security/TwoWayJMSImplBase.java @@ -0,0 +1,132 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.systest.jms.security; + +import java.util.concurrent.Future; + +import javax.annotation.Resource; +import javax.xml.ws.AsyncHandler; +import javax.xml.ws.Response; +import javax.xml.ws.WebServiceContext; +import javax.xml.ws.handler.MessageContext; + +import org.apache.cxf.hello_world_jms.BadRecordLitFault; +import org.apache.cxf.hello_world_jms.HelloWorldPortType; +import org.apache.cxf.hello_world_jms.NoSuchCodeLitFault; +import org.apache.cxf.hello_world_jms.types.BadRecordLit; +import org.apache.cxf.hello_world_jms.types.ErrorCode; +import org.apache.cxf.hello_world_jms.types.NoSuchCodeLit; +import org.apache.cxf.hello_world_jms.types.TestRpcLitFaultResponse; +import org.apache.cxf.transport.jms.JMSConstants; +import org.apache.cxf.transport.jms.JMSMessageHeadersType; +import org.apache.cxf.transport.jms.JMSPropertyType; + +public class TwoWayJMSImplBase implements HelloWorldPortType { + + @Resource + protected WebServiceContext wsContext; + public String greetMe(String me) { + if (me.startsWith("PauseForTwoSecs")) { + try { + Thread.sleep(2000); + } catch (InterruptedException e) { + //ignore + } + me = me.substring("PauseForTwoSecs".length()).trim(); + } + + MessageContext mc = wsContext.getMessageContext(); + //JMSMessageHeadersType headers = + // (JMSMessageHeadersType) mc.get(JMSConstants.JMS_SERVER_REQUEST_HEADERS); + //System.out.println("get the message headers JMSCorrelationID: " + headers.getJMSCorrelationID()); + //System.out.println("Reached here :" + me); + + // set reply header custom property + JMSPropertyType testProperty = new JMSPropertyType(); + testProperty.setName("Test_Prop"); + testProperty.setValue("some return value " + me); + + //System.out.println("found property in request headers at index: " + // + headers.getProperty().indexOf(testProperty)); + + JMSMessageHeadersType responseHeaders = + (JMSMessageHeadersType) mc.get(JMSConstants.JMS_SERVER_RESPONSE_HEADERS); + responseHeaders.getProperty().add(testProperty); + + return "Hello " + me; + } + + public String sayHi() { + return "Bonjour"; + } + + public void greetMeOneWay(String requestType) { + //System.out.println("********* greetMeOneWay: " + requestType); + } + + public TestRpcLitFaultResponse testRpcLitFault(String faultType) + throws BadRecordLitFault, NoSuchCodeLitFault { + BadRecordLit badRecord = new BadRecordLit(); + badRecord.setReason("BadRecordLitFault"); + if (faultType.equals(BadRecordLitFault.class.getSimpleName())) { + throw new BadRecordLitFault("TestBadRecordLit", badRecord); + } + if (faultType.equals(NoSuchCodeLitFault.class.getSimpleName())) { + ErrorCode ec = new ErrorCode(); + ec.setMajor((short)1); + ec.setMinor((short)1); + NoSuchCodeLit nscl = new NoSuchCodeLit(); + nscl.setCode(ec); + throw new NoSuchCodeLitFault("TestNoSuchCodeLit", nscl); + } + + return new TestRpcLitFaultResponse(); + } + + public Response<String> greetMeAsync(String stringParam0) { + // TODO Auto-generated method stub + return null; + } + + public Future<?> greetMeAsync(String stringParam0, AsyncHandler<String> asyncHandler) { + // TODO Auto-generated method stub + return null; + } + + public Response<String> sayHiAsync() { + // TODO Auto-generated method stub + return null; + } + + public Future<?> sayHiAsync(AsyncHandler<String> asyncHandler) { + // TODO Auto-generated method stub + return null; + } + + public Response<TestRpcLitFaultResponse> testRpcLitFaultAsync(String in) { + // TODO Auto-generated method stub + return null; + } + + public Future<?> testRpcLitFaultAsync(String in, AsyncHandler<TestRpcLitFaultResponse> asyncHandler) { + // TODO Auto-generated method stub + return null; + } + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/e20d6609/systests/transport-jms/src/test/resources/alice.properties ---------------------------------------------------------------------- diff --git a/systests/transport-jms/src/test/resources/alice.properties b/systests/transport-jms/src/test/resources/alice.properties new file mode 100644 index 0000000..2cff960 --- /dev/null +++ b/systests/transport-jms/src/test/resources/alice.properties @@ -0,0 +1,21 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +org.apache.wss4j.crypto.provider=org.apache.wss4j.common.crypto.Merlin +org.apache.wss4j.crypto.merlin.keystore.type=jks +org.apache.wss4j.crypto.merlin.keystore.password=password +org.apache.wss4j.crypto.merlin.keystore.alias=alice +org.apache.wss4j.crypto.merlin.keystore.file=certs/alice.jks http://git-wip-us.apache.org/repos/asf/cxf/blob/e20d6609/systests/transport-jms/src/test/resources/bob.properties ---------------------------------------------------------------------- diff --git a/systests/transport-jms/src/test/resources/bob.properties b/systests/transport-jms/src/test/resources/bob.properties new file mode 100644 index 0000000..6be229b --- /dev/null +++ b/systests/transport-jms/src/test/resources/bob.properties @@ -0,0 +1,21 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +org.apache.wss4j.crypto.provider=org.apache.wss4j.common.crypto.Merlin +org.apache.wss4j.crypto.merlin.keystore.type=jks +org.apache.wss4j.crypto.merlin.keystore.password=password +org.apache.wss4j.crypto.merlin.keystore.alias=bob +org.apache.wss4j.crypto.merlin.keystore.file=certs/bob.jks http://git-wip-us.apache.org/repos/asf/cxf/blob/e20d6609/systests/transport-jms/src/test/resources/certs/alice.jks ---------------------------------------------------------------------- diff --git a/systests/transport-jms/src/test/resources/certs/alice.jks b/systests/transport-jms/src/test/resources/certs/alice.jks new file mode 100644 index 0000000..9b8c450 Binary files /dev/null and b/systests/transport-jms/src/test/resources/certs/alice.jks differ http://git-wip-us.apache.org/repos/asf/cxf/blob/e20d6609/systests/transport-jms/src/test/resources/certs/bob.jks ---------------------------------------------------------------------- diff --git a/systests/transport-jms/src/test/resources/certs/bob.jks b/systests/transport-jms/src/test/resources/certs/bob.jks new file mode 100644 index 0000000..6744c7c Binary files /dev/null and b/systests/transport-jms/src/test/resources/certs/bob.jks differ http://git-wip-us.apache.org/repos/asf/cxf/blob/e20d6609/systests/transport-jms/src/test/resources/certs/cxfca.jks ---------------------------------------------------------------------- diff --git a/systests/transport-jms/src/test/resources/certs/cxfca.jks b/systests/transport-jms/src/test/resources/certs/cxfca.jks new file mode 100644 index 0000000..2473611 Binary files /dev/null and b/systests/transport-jms/src/test/resources/certs/cxfca.jks differ http://git-wip-us.apache.org/repos/asf/cxf/blob/e20d6609/systests/transport-jms/src/test/resources/logging.properties ---------------------------------------------------------------------- diff --git a/systests/transport-jms/src/test/resources/logging.properties b/systests/transport-jms/src/test/resources/logging.properties new file mode 100644 index 0000000..b2e5a79 --- /dev/null +++ b/systests/transport-jms/src/test/resources/logging.properties @@ -0,0 +1,74 @@ +# +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# +############################################################ +# Default Logging Configuration File +# +# You can use a different file by specifying a filename +# with the java.util.logging.config.file system property. +# For example java -Djava.util.logging.config.file=myfile +############################################################ + +############################################################ +# Global properties +############################################################ + +# "handlers" specifies a comma separated list of log Handler +# classes. These handlers will be installed during VM startup. +# Note that these classes must be on the system classpath. +# By default we only configure a ConsoleHandler, which will only +# show messages at the INFO and above levels. +#handlers= java.util.logging.ConsoleHandler + +# To also add the FileHandler, use the following line instead. +#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler + +# Default global logging level. +# This specifies which kinds of events are logged across +# all loggers. For any given facility this global level +# can be overriden by a facility specific level +# Note that the ConsoleHandler also has a separate level +# setting to limit messages printed to the console. +.level= INFO + +############################################################ +# Handler specific properties. +# Describes specific configuration info for Handlers. +############################################################ + +# default file output is in user's home directory. +java.util.logging.FileHandler.pattern = %h/java%u.log +java.util.logging.FileHandler.limit = 50000 +java.util.logging.FileHandler.count = 1 +java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter + +# Limit the message that are printed on the console to INFO and above. +java.util.logging.ConsoleHandler.level = INFO +java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter + + +############################################################ +# Facility specific properties. +# Provides extra control for each logger. +############################################################ + +# For example, set the com.xyz.foo logger to only log SEVERE +# messages: +#com.xyz.foo.level = SEVERE
