This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/master by this push:
new e69c211 Added tests for SecurityConstants.PASSWORD + fixed a StAX bug
e69c211 is described below
commit e69c211bb542950cab902b4c7d75131625ee323f
Author: Colm O hEigeartaigh <[email protected]>
AuthorDate: Mon Apr 8 10:36:57 2019 +0100
Added tests for SecurityConstants.PASSWORD + fixed a StAX bug
---
.../apache/cxf/rt/security/SecurityConstants.java | 3 +-
.../wss4j/AbstractWSS4JStaxInterceptor.java | 12 +-
.../ws/password/PasswordPropertiesTest.java | 151 +++++++++++++++++++++
.../org/apache/cxf/systest/ws/password/Server.java | 41 ++++++
.../cxf/systest/ws/password/DoubleItPassword.wsdl | 129 ++++++++++++++++++
.../org/apache/cxf/systest/ws/password/server.xml | 58 ++++++++
6 files changed, 389 insertions(+), 5 deletions(-)
diff --git
a/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java
b/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java
index 3cc5342..66b848a 100644
---
a/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java
+++
b/rt/security/src/main/java/org/apache/cxf/rt/security/SecurityConstants.java
@@ -53,7 +53,8 @@ public class SecurityConstants {
public static final String USERNAME = "security.username";
/**
- * The user's password when a {@link CALLBACK_HANDLER} is not defined.
+ * The user's password when a {@link CALLBACK_HANDLER} is not defined.
This is only used for the password
+ * in a WS-Security UsernameToken.
*/
public static final String PASSWORD = "security.password";
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
index 2d32ec1..299efe0 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
@@ -235,6 +235,14 @@ public abstract class AbstractWSS4JStaxInterceptor
implements SoapInterceptor,
}
}
+ protected String getPassword(Object msgContext) {
+ String password =
(String)((Message)msgContext).getContextualProperty("password");
+ if (password == null) {
+ password =
(String)((Message)msgContext).getContextualProperty(SecurityConstants.PASSWORD);
+ }
+ return password;
+ }
+
public Set<URI> getRoles() {
return null;
}
@@ -263,10 +271,6 @@ public abstract class AbstractWSS4JStaxInterceptor
implements SoapInterceptor,
return null;
}
- public String getPassword(Object msgContext) {
- return (String)((Message)msgContext).getContextualProperty("password");
- }
-
public Object getProperty(Object msgContext, String key) {
Object obj = SecurityUtils.getSecurityPropertyValue(key,
(Message)msgContext);
if (obj == null) {
diff --git
a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/password/PasswordPropertiesTest.java
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/password/PasswordPropertiesTest.java
new file mode 100644
index 0000000..31ef815
--- /dev/null
+++
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/password/PasswordPropertiesTest.java
@@ -0,0 +1,151 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.ws.password;
+
+import java.net.URL;
+import java.util.Arrays;
+import java.util.Collection;
+
+import javax.xml.namespace.QName;
+import javax.xml.ws.Service;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.endpoint.Client;
+import org.apache.cxf.frontend.ClientProxy;
+import org.apache.cxf.systest.ws.common.SecurityTestUtil;
+import org.apache.cxf.systest.ws.common.TestParam;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.example.contract.doubleit.DoubleItPortType;
+
+import org.junit.BeforeClass;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized.Parameters;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+/**
+ * A set of tests for configuring WS-Security using password properties, as
opposed to using a callbackhandler.
+ */
+@RunWith(value = org.junit.runners.Parameterized.class)
+public class PasswordPropertiesTest extends AbstractBusClientServerTestBase {
+ public static final String PORT = allocatePort(Server.class);
+
+ private static final String NAMESPACE =
"http://www.example.org/contract/DoubleIt";;
+ private static final QName SERVICE_QNAME = new QName(NAMESPACE,
"DoubleItService");
+
+ final TestParam test;
+
+ public PasswordPropertiesTest(TestParam type) {
+ this.test = type;
+ }
+
+ @BeforeClass
+ public static void startServers() throws Exception {
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(Server.class, true)
+ );
+ }
+
+ @Parameters(name = "{0}")
+ public static Collection<TestParam> data() {
+
+ return Arrays.asList(new TestParam[] {new TestParam(PORT, false),
+ new TestParam(PORT, true),
+ });
+ }
+
+ @org.junit.AfterClass
+ public static void cleanup() throws Exception {
+ SecurityTestUtil.cleanup();
+ stopAllServers();
+ }
+
+ @org.junit.Test
+ public void testUsernameToken() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+
+ Bus bus = bf.createBus();
+ BusFactory.setDefaultBus(bus);
+ BusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl =
PasswordPropertiesTest.class.getResource("DoubleItPassword.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItUTPort");
+
+ DoubleItPortType port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(port, PORT);
+
+ if (test.isStreaming()) {
+ SecurityTestUtil.enableStreaming(port);
+ }
+
+ Client client = ClientProxy.getClient(port);
+ client.getRequestContext().put(SecurityConstants.USERNAME, "Alice");
+ client.getRequestContext().put(SecurityConstants.PASSWORD, "ecilA");
+
+ assertEquals(50, port.doubleIt(25));
+
+ ((java.io.Closeable)port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
+ public void testSignedUsernameToken() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+
+ Bus bus = bf.createBus();
+ BusFactory.setDefaultBus(bus);
+ BusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl =
PasswordPropertiesTest.class.getResource("DoubleItPassword.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItUTSignedPort");
+
+ DoubleItPortType port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(port, PORT);
+
+ if (test.isStreaming()) {
+ SecurityTestUtil.enableStreaming(port);
+ }
+
+ Client client = ClientProxy.getClient(port);
+ client.getRequestContext().put(SecurityConstants.USERNAME, "abcd");
+ client.getRequestContext().put(SecurityConstants.PASSWORD, "dcba");
+ client.getRequestContext().put(SecurityConstants.ENCRYPT_USERNAME,
"bob");
+ client.getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,
"bob.properties");
+
+ assertEquals(50, port.doubleIt(25));
+
+ ((java.io.Closeable)port).close();
+ bus.shutdown(true);
+ }
+
+}
diff --git
a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/password/Server.java
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/password/Server.java
new file mode 100644
index 0000000..a403de1
--- /dev/null
+++
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/password/Server.java
@@ -0,0 +1,41 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.ws.password;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class Server extends AbstractBusTestServerBase {
+
+ public Server() {
+
+ }
+
+ protected void run() {
+ URL busFile = Server.class.getResource("server.xml");
+ Bus busLocal = new SpringBusFactory().createBus(busFile);
+ BusFactory.setDefaultBus(busLocal);
+ setBus(busLocal);
+ }
+}
diff --git
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/password/DoubleItPassword.wsdl
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/password/DoubleItPassword.wsdl
new file mode 100644
index 0000000..03b2bcb
--- /dev/null
+++
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/password/DoubleItPassword.wsdl
@@ -0,0 +1,129 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<wsdl:definitions xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/";
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/";
xmlns:tns="http://www.example.org/contract/DoubleIt";
xmlns:wsp="http://www.w3.org/ns/ws-policy";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsaws="http://www.w3.org/2005/08/addressing";
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";
xmlns:sp13="http://do [...]
+ <wsdl:import location="src/test/resources/DoubleItLogical.wsdl"
namespace="http://www.example.org/contract/DoubleIt"/>
+ <wsdl:binding name="DoubleItUTBinding" type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItUTSupportingPolicy"/>
+ <soap:binding style="document"
transport="http://schemas.xmlsoap.org/soap/http"/>
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction=""/>
+ <wsdl:input>
+ <soap:body use="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal"/>
+ </wsdl:output>
+ <wsdl:fault name="DoubleItFault">
+ <soap:body use="literal" name="DoubleItFault"/>
+ </wsdl:fault>
+ </wsdl:operation>
+ </wsdl:binding>
+ <wsdl:binding name="DoubleItUTSignedBinding" type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItUTSignedPolicy"/>
+ <soap:binding style="document"
transport="http://schemas.xmlsoap.org/soap/http"/>
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction=""/>
+ <wsdl:input>
+ <soap:body use="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal"/>
+ </wsdl:output>
+ <wsdl:fault name="DoubleItFault">
+ <soap:body use="literal" name="DoubleItFault"/>
+ </wsdl:fault>
+ </wsdl:operation>
+ </wsdl:binding>
+
+ <wsdl:service name="DoubleItService">
+ <wsdl:port name="DoubleItUTPort" binding="tns:DoubleItUTBinding">
+ <soap:address location="http://localhost:9001/DoubleItUT"/>
+ </wsdl:port>
+ <wsdl:port name="DoubleItUTSignedPort"
binding="tns:DoubleItUTSignedBinding">
+ <soap:address location="http://localhost:9001/DoubleItUTSigned"/>
+ </wsdl:port>
+ </wsdl:service>
+
+ <wsp:Policy wsu:Id="DoubleItUTSupportingPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SupportingTokens>
+ <wsp:Policy>
+ <sp:UsernameToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+ <sp:WssUsernameToken10/>
+ <sp13:Created/>
+ <sp13:Nonce/>
+ </wsp:Policy>
+ </sp:UsernameToken>
+ </wsp:Policy>
+ </sp:SupportingTokens>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <wsp:Policy wsu:Id="DoubleItUTSignedPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";>
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SignedSupportingTokens>
+ <wsp:Policy>
+ <sp:UsernameToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+ <sp:WssUsernameToken10/>
+ </wsp:Policy>
+ </sp:UsernameToken>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:EncryptedParts>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SignedParts>
+ <sp:Body/>
+ </sp:SignedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</wsdl:definitions>
diff --git
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/password/server.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/password/server.xml
new file mode 100644
index 0000000..86ec297
--- /dev/null
+++
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/password/server.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xmlns:util="http://www.springframework.org/schema/util";
+ xmlns:jaxws="http://cxf.apache.org/jaxws";
+ xmlns:http="http://cxf.apache.org/transports/http/configuration";
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration";
+ xmlns:sec="http://cxf.apache.org/configuration/security";
+ xmlns:cxf="http://cxf.apache.org/core";
+ xmlns:p="http://cxf.apache.org/policy";
+ xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-4.2.xsd
http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd
http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd
http://cxf.apache.org/transports/http/configuration h [...]
+ <bean
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <p:policies/>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt"; id="UT"
+
address="http://localhost:${testutil.ports.password.Server}/DoubleItUT";
serviceName="s:DoubleItService"
+ endpointName="s:DoubleItUTPort"
implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+
wsdlLocation="org/apache/cxf/systest/ws/password/DoubleItPassword.wsdl">
+ <jaxws:properties>
+ <entry key="security.callback-handler"
value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="UTSigned"
+
address="http://localhost:${testutil.ports.password.Server}/DoubleItUTSigned";
serviceName="s:DoubleItService"
+ endpointName="s:DoubleItUTSignedPort"
implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+
wsdlLocation="org/apache/cxf/systest/ws/password/DoubleItPassword.wsdl">
+ <jaxws:properties>
+ <entry key="security.callback-handler"
value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+ <entry key="security.signature.properties" value="bob.properties"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+
+
+</beans>
\ No newline at end of file
