Adding test for WSS-608 # Conflicts: # systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ab155fc3 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ab155fc3 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ab155fc3 Branch: refs/heads/3.1.x-fixes Commit: ab155fc3383c59b6bc71181e80de513c1e591955 Parents: 0222111 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Mon Jun 12 13:14:43 2017 +0100 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Mon Jun 12 14:02:41 2017 +0100 ---------------------------------------------------------------------- .../cxf/systest/ws/https/HttpsTokenTest.java | 34 +++++++++++++++++--- .../cxf/systest/ws/https/DoubleItHttps.wsdl | 3 ++ .../org/apache/cxf/systest/ws/https/client.xml | 16 +++++++++ .../cxf/systest/ws/https/nochild-policy.xml | 27 ++++++++++++++++ .../org/apache/cxf/systest/ws/https/server.xml | 7 ++++ .../apache/cxf/systest/ws/https/stax-server.xml | 10 ++++++ 6 files changed, 93 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/ab155fc3/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java index 4dbbf8f..461264e 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java @@ -130,7 +130,7 @@ public class HttpsTokenTest extends AbstractBusClientServerTestBase { ((java.io.Closeable)port).close(); bus.shutdown(true); } - + @org.junit.Test public void testNoClientCertRequirement() throws Exception { @@ -158,7 +158,7 @@ public class HttpsTokenTest extends AbstractBusClientServerTestBase { } catch (Exception ex) { // expected } - + // This should work, as we're disable the RequireClientCertificate check via a // JAX-WS property portQName = new QName(NAMESPACE, "DoubleItNoClientCertRequirementPort2"); @@ -170,7 +170,7 @@ public class HttpsTokenTest extends AbstractBusClientServerTestBase { } port.doubleIt(25); - + ((java.io.Closeable)port).close(); bus.shutdown(true); } @@ -220,5 +220,31 @@ public class HttpsTokenTest extends AbstractBusClientServerTestBase { ((java.io.Closeable)port).close(); bus.shutdown(true); } - + + @org.junit.Test + public void testNoChildPolicy() throws Exception { + + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = HttpsTokenTest.class.getResource("client.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + URL wsdl = HttpsTokenTest.class.getResource("DoubleItHttps.wsdl"); + Service service = Service.create(wsdl, SERVICE_QNAME); + QName portQName = new QName(NAMESPACE, "DoubleItNoChildPolicyPort"); + DoubleItPortType port = + service.getPort(portQName, DoubleItPortType.class); + updateAddressPort(port, test.getPort()); + + if (test.isStreaming()) { + SecurityTestUtil.enableStreaming(port); + } + + port.doubleIt(25); + + ((java.io.Closeable)port).close(); + bus.shutdown(true); + } } http://git-wip-us.apache.org/repos/asf/cxf/blob/ab155fc3/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/DoubleItHttps.wsdl ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/DoubleItHttps.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/DoubleItHttps.wsdl index 9def79d..09ebfbe 100644 --- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/DoubleItHttps.wsdl +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/DoubleItHttps.wsdl @@ -53,5 +53,8 @@ <wsdl:port name="DoubleItBasicAuthPort2" binding="tns:DoubleItInlinePolicyBinding"> <soap:address location="https://localhost:9009/DoubleItBasicAuth2"/> </wsdl:port> + <wsdl:port name="DoubleItNoChildPolicyPort" binding="tns:DoubleItInlinePolicyBinding"> + <soap:address location="https://localhost:9009/DoubleItNoChildPolicy"/> + </wsdl:port> </wsdl:service> </wsdl:definitions> http://git-wip-us.apache.org/repos/asf/cxf/blob/ab155fc3/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/client.xml ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/client.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/client.xml index 0ad3351..18d7967 100644 --- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/client.xml +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/client.xml @@ -122,4 +122,20 @@ </p:policies> </jaxws:features> </jaxws:client> + <http:conduit name="https://localhost:.*/DoubleItNoChildPolicy.*"> + <http:tlsClientParameters disableCNCheck="true"> + <sec:trustManagers> + <sec:keyStore type="jks" password="password" resource="keys/Truststore.jks"/> + </sec:trustManagers> + </http:tlsClientParameters> + </http:conduit> + <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItNoChildPolicyPort" createdFromAPI="true"> + <jaxws:properties> + </jaxws:properties> + <jaxws:features> + <p:policies> + <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" URI="classpath:/org/apache/cxf/systest/ws/https/nochild-policy.xml"/> + </p:policies> + </jaxws:features> + </jaxws:client> </beans> http://git-wip-us.apache.org/repos/asf/cxf/blob/ab155fc3/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/nochild-policy.xml ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/nochild-policy.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/nochild-policy.xml new file mode 100644 index 0000000..0917bdb --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/nochild-policy.xml @@ -0,0 +1,27 @@ +<?xml version="1.0"?> +<wsp:Policy xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://www.w3.org/ns/ws-policy" wsu:Id="TLSCleanPolicy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> + <wsp:Policy> + <sp:TransportToken> + <wsp:Policy> + <sp:HttpsToken /> + </wsp:Policy> + </sp:TransportToken> + <sp:Layout> + <wsp:Policy> + <sp:Lax/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:Basic128/> + </wsp:Policy> + </sp:AlgorithmSuite> + </wsp:Policy> + </sp:TransportBinding> + </wsp:All> + </wsp:ExactlyOne> +</wsp:Policy> http://git-wip-us.apache.org/repos/asf/cxf/blob/ab155fc3/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/server.xml ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/server.xml index e7838d3..737c3f7 100644 --- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/server.xml +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/server.xml @@ -84,4 +84,11 @@ </p:policies> </jaxws:features> </jaxws:endpoint> + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="NoChildPolicy" address="https://localhost:${testutil.ports.https.Server}/DoubleItNoChildPolicy" serviceName="s:DoubleItService" endpointName="s:DoubleItNoChildPolicyPort" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/ws/https/DoubleItHttps.wsdl" depends-on="tls-settings"> + <jaxws:features> + <p:policies> + <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" URI="classpath:/org/apache/cxf/systest/ws/https/nochild-policy.xml"/> + </p:policies> + </jaxws:features> + </jaxws:endpoint> </beans> http://git-wip-us.apache.org/repos/asf/cxf/blob/ab155fc3/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/stax-server.xml ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/stax-server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/stax-server.xml index 4a361e7..14a6a2c 100644 --- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/stax-server.xml +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/stax-server.xml @@ -102,4 +102,14 @@ <entry key="ws-security.enable.streaming" value="true"/> </jaxws:properties> </jaxws:endpoint> + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="NoChildPolicy" address="https://localhost:${testutil.ports.https.StaxServer}/DoubleItNoChildPolicy" serviceName="s:DoubleItService" endpointName="s:DoubleItNoChildPolicyPort" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/ws/https/DoubleItHttps.wsdl" depends-on="tls-settings"> + <jaxws:features> + <p:policies> + <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" URI="classpath:/org/apache/cxf/systest/ws/https/nochild-policy.xml"/> + </p:policies> + </jaxws:features> + <jaxws:properties> + <entry key="ws-security.enable.streaming" value="true"/> + </jaxws:properties> + </jaxws:endpoint> </beans>