Added: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/AbstractRampartTest.java
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/AbstractRampartTest.java?rev=1778761&view=auto
==============================================================================
--- 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/AbstractRampartTest.java
 (added)
+++ 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/AbstractRampartTest.java
 Sat Jan 14 12:22:55 2017
@@ -0,0 +1,222 @@
+/*
+ * Copyright 2004 - 2014 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import static org.apache.axis2.integration.JettyServer.CLIENT_KEYSTORE;
+import static org.apache.axis2.integration.JettyServer.KEYSTORE_PASSWORD;
+
+import java.net.URL;
+import java.util.MissingResourceException;
+import java.util.ResourceBundle;
+
+import junit.framework.TestCase;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.axis2.integration.JettyServer;
+import org.apache.axis2.transport.http.HTTPConstants;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+
+/**
+ * Base test class for integration tests that require Axis2 web application 
running in a web container.
+ * The class uses Axis2 web application deployed via {@link JettyServer}.
+ */
+public abstract class AbstractRampartTest extends TestCase {
+    
+    /**
+     * Default client connection timeout in milliseconds: {@value}
+     */
+    public static final int DEFAULT_CLIENT_CONNECTION_TIMEOUT_MILLIS = 200000;
+    
+    protected static final String RAMPART_CLIENT_REPO_PATH = 
"target/test-resources/rampart_client_repo";
+    
+    protected static final String RAMPART_SERVICE_REPO_PATH = 
"target/test-resources/rampart_service_repo";
+    
+    protected static ResourceBundle resources;
+    protected String trustStore;
+    protected String trustStorePassword;
+    protected String trustStoreType;
+    
+    static {
+        try {
+            resources = ResourceBundle.getBundle("org.apache.rampart.errors");
+        } catch (MissingResourceException e) {
+            throw new RuntimeException(e.getMessage());
+        }
+    }
+    
+    public AbstractRampartTest() {
+        
+    }
+
+    public AbstractRampartTest(String name) {
+        super(name);
+    }
+
+    /* (non-Javadoc)
+     * @see junit.framework.TestCase#setUp()
+     */
+    protected void setUp() throws Exception {
+        trustStore = System.getProperty("javax.net.ssl.trustStore");
+        System.setProperty("javax.net.ssl.trustStore", CLIENT_KEYSTORE);
+        
+        trustStorePassword = 
System.getProperty("javax.net.ssl.trustStorePassword");
+        System.setProperty("javax.net.ssl.trustStorePassword", 
KEYSTORE_PASSWORD);
+        
+        trustStoreType = System.getProperty("javax.net.ssl.trustStoreType");
+        System.setProperty("javax.net.ssl.trustStoreType", "JKS");
+             
+        JettyServer.start(RAMPART_SERVICE_REPO_PATH, isEnableHttp(), 
isEnableHttps());
+    }
+    
+
+    /* (non-Javadoc)
+     * @see junit.framework.TestCase#tearDown()
+     */
+    protected void tearDown() throws Exception {
+        try {
+            JettyServer.stop();
+        }
+        finally {
+            if (trustStore != null) {
+                System.setProperty("javax.net.ssl.trustStore", trustStore);
+            }
+            else {
+                System.clearProperty("javax.net.ssl.trustStore");
+            }
+            
+            if (trustStorePassword != null) {
+                System.setProperty("javax.net.ssl.trustStorePassword", 
trustStorePassword);    
+            }
+            else {
+                System.clearProperty("javax.net.ssl.trustStorePassword");
+            }
+            
+            if (trustStoreType != null) {
+                System.setProperty("javax.net.ssl.trustStoreType", 
trustStoreType);
+            }
+            else {
+                System.clearProperty("javax.net.ssl.trustStoreType");
+            }
+        }
+    }
+    
+    /**
+     * @return Jetty http port, see {@link JettyServer#getHttpPort()}
+     */
+    protected int getHttpPort() {
+        return JettyServer.getHttpPort();
+    }
+    
+    /**
+     * @return Jetty https port, see {@link JettyServer#getHttpsPort()}
+     */
+    protected int getHttpsPort() {
+        return JettyServer.getHttpsPort();
+    }
+    
+    protected ServiceClient getServiceClientInstance() throws AxisFault {
+        return getServiceClientInstance(null);
+    }
+    
+    /**
+     * Creates an Axis2 service client using the specified 
<code>wsdlUrl</code> and {@link #DEFAULT_CLIENT_CONNECTION_TIMEOUT_MILLIS}.
+     * The service client will use Axis2 repository at {@link 
#RAMPART_CLIENT_REPO_PATH}.
+     * @param wsdlUrl The wsdl url to initialize the service client with. Can 
be null in which case the client must be configured additionally (with policy, 
action etc.).
+     * @return
+     * @throws AxisFault
+     */
+    protected ServiceClient getServiceClientInstance(URL wsdlUrl) throws 
AxisFault {
+        return getServiceClientInstance(wsdlUrl, 
DEFAULT_CLIENT_CONNECTION_TIMEOUT_MILLIS);
+    }
+    
+    /**
+     * Creates an Axis2 service client using the specified 
<code>wsdlUrl</code> and specified <code>connectionTimeoutMillis</code>.
+     * The service client will use Axis2 repository at {@link 
#RAMPART_CLIENT_REPO_PATH}.
+     * @param wsdlUrl The wsdl url to initialize the service client with. Can 
be null in which case the client must be configured additionally (with policy, 
action etc.).
+     * @return
+     * @throws AxisFault
+     */
+    protected ServiceClient getServiceClientInstance(URL wsdlUrl, int 
connectionTimeoutMillis) throws AxisFault {
+
+        ConfigurationContext configContext = ConfigurationContextFactory.
+                
createConfigurationContextFromFileSystem(RAMPART_CLIENT_REPO_PATH, null);
+        
+        ServiceClient serviceClient;
+        if (wsdlUrl == null) {
+            serviceClient = new ServiceClient(configContext, null);
+        }
+        else {
+            serviceClient = new ServiceClient(configContext, wsdlUrl, null, 
null);
+        }
+        
+        
serviceClient.getOptions().setTimeOutInMilliSeconds(connectionTimeoutMillis);
+        serviceClient.getOptions().setProperty(HTTPConstants.SO_TIMEOUT, 
connectionTimeoutMillis);
+        
serviceClient.getOptions().setProperty(HTTPConstants.CONNECTION_TIMEOUT, 
connectionTimeoutMillis);
+
+        serviceClient.engageModule("addressing");
+        serviceClient.engageModule("rampart");
+
+        return serviceClient;
+
+    }
+    
+    protected OMElement getEchoElement() {
+        OMFactory fac = OMAbstractFactory.getOMFactory();
+        OMNamespace omNs = fac.createOMNamespace(
+                "http://example1.org/example1";, "example1");
+        OMElement method = fac.createOMElement("echo", omNs);
+        OMElement value = fac.createOMElement("Text", omNs);
+        value.addChild(fac.createOMText(value, "Testing Rampart with 
WS-SecPolicy"));
+        method.addChild(value);
+
+        return method;
+    }
+
+    protected OMElement getOMElement() {
+        OMFactory fac = OMAbstractFactory.getOMFactory();
+        OMNamespace omNs = fac.createOMNamespace(
+                "http://example1.org/example1";, "example1");
+        OMElement method = fac.createOMElement("returnError", omNs);
+        OMElement value = fac.createOMElement("Text", omNs);
+        value.addChild(fac.createOMText(value, "Testing Rampart with 
WS-SecPolicy"));
+        method.addChild(value);
+
+        return method;
+    }
+
+    protected Policy loadPolicy(String xmlPath) {
+        return 
PolicyEngine.getPolicy(this.getClass().getResourceAsStream(xmlPath));
+    }
+    
+    /**
+     * @return Implementations must return <code>true</code> to enable startup 
of web container's http connector or false otherwise.
+     */
+    protected abstract boolean isEnableHttp();
+    
+    /**
+     * @return Implementations must return <code>true</code> to enable startup 
of web container's https connector or false otherwise.
+     */
+    protected abstract boolean isEnableHttps();
+}

Propchange: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/AbstractRampartTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/RampartKerberosTest.java
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/RampartKerberosTest.java?rev=1778761&view=auto
==============================================================================
--- 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/RampartKerberosTest.java
 (added)
+++ 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/RampartKerberosTest.java
 Sat Jan 14 12:22:55 2017
@@ -0,0 +1,269 @@
+package org.apache.rampart;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.net.URL;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.commons.io.IOUtils;
+import org.apache.neethi.Policy;
+import org.apache.rampart.policy.model.KerberosConfig;
+import org.apache.rampart.policy.model.RampartConfig;
+import org.apache.rampart.util.KerberosServer;
+import org.custommonkey.xmlunit.XMLAssert;
+import org.xml.sax.SAXException;
+
+/**
+ * Tests Kerberos authentication over transport binding using a Kerberos token 
as supporting endorsing token.
+ * The test will use Apache DS Kerberos server, see {@link KerberosServer}.
+ * 
+ * The test is tailored for Oracle Java execution since it uses 
<code>com.sun.security.auth.module.Krb5LoginModule</code> JAAS login module for 
Kerberos authentication.
+ */
+public class RampartKerberosTest extends AbstractRampartTest {
+
+    /**
+     * Java system property for setting JAAS configuration file: {@value}
+     */
+    public static final String JAAS_CONF_SYS_PROP = 
"java.security.auth.login.config";
+    
+    /**
+     * Java system property for setting Kerberos 5 configuration file: {@value}
+     */
+    public static final String KRB5_CONF_SYS_PROP = "java.security.krb5.conf";
+    
+    /**
+     * JAAS configuration file to use: {@value}
+     * <p>
+     * Contains Kerberos login module entries for authenticating client and 
server principals:
+     * </p>
+     */
+    public static final String KERBEROS_JAAS_CONF = 
"src/test/resources/kerberos/jaas.conf";
+    
+    /**
+     * Kerberos configuration file <b>template</b> to use: {@value}
+     * <p>
+     * Specifies the Kerberos realm and KDC server to use, the configuration 
must contain a <code>KDC_PORT</code> literal
+     * which will be replaced with actual KDC server port.
+     * </p>
+     */
+    public static final String KERBEROS_CONF_TEMPLATE = 
"src/test/resources/kerberos/krb5.conf.template";
+    
+    /**
+     * A token literal in kerberos5 configuration file template that must be 
replaced with actual KDC port value: {@value}
+     */
+    public static final String KERBEROS_CONF_KDC_PORT_TOKEN = "KDC_PORT";
+    
+    /**
+     * Stores any original JAAS configuration set via {@link 
#JAAS_CONF_SYS_PROP} property to restore it after test execution.
+     */
+    protected String jaasConf;
+    
+    /**
+     * Stores any original Kerberos 5 configuration set via {@link 
#KRB5_CONF_SYS_PROP} property to restore it after test execution.
+     */
+    protected String krb5Conf;
+    
+    public void testKerberosOverTransportKeytab() throws XMLStreamException, 
SAXException, IOException {
+        final String serviceName = "KerberosOverTransportKeytab";
+        URL serviceUrl = new 
URL(String.format("https://localhost:%s/axis2/services/%s?wsdl";, 
getHttpsPort(), serviceName));
+        
+        ServiceClient serviceClient = getServiceClientInstance(serviceUrl);
+
+        System.out.println("Testing WS-Sec: Kerberos scenario: " + 
serviceName);
+                
+        
+        RampartConfig rampartConfig = new RampartConfig();
+        KerberosConfig kerberosConfig = new KerberosConfig();
+        rampartConfig.setKerberosConfig(kerberosConfig);
+
+        kerberosConfig.setJaasContext(serviceName + "Client");        
+
+        Policy policy = new Policy();
+        policy.addAssertion(rampartConfig);                
+        
serviceClient.getAxisService().getPolicySubject().attachPolicyComponent(policy);
+        
+        //Blocking invocation
+        QName operation = new QName("http://rampart.apache.org";, "echo");
+        OMElement echoElement = getEchoElement();
+        OMElement result = serviceClient.sendReceive(operation, echoElement);
+        XMLAssert.assertXMLEqual(echoElement.toStringWithConsume(), 
result.toStringWithConsume());
+    }
+    
+    public void testKerberosOverTransportPWCB() throws XMLStreamException, 
SAXException, IOException {
+        final String serviceName = "KerberosOverTransportPWCB";
+        URL serviceUrl = new 
URL(String.format("https://localhost:%s/axis2/services/%s?wsdl";, 
getHttpsPort(), serviceName));
+        
+        ServiceClient serviceClient = getServiceClientInstance(serviceUrl);
+
+        System.out.println("Testing WS-Sec: Kerberos scenario: " + 
serviceName);
+
+        RampartConfig rampartConfig = new RampartConfig();
+        rampartConfig.setUser("alice");        
+        
rampartConfig.setPwCbClass(org.apache.rahas.PWCallback.class.getName());
+        
+        KerberosConfig kerberosConfig = new KerberosConfig();
+        rampartConfig.setKerberosConfig(kerberosConfig);
+
+        kerberosConfig.setJaasContext(serviceName + "Client");
+
+        Policy policy = new Policy();
+        policy.addAssertion(rampartConfig);        
+        
serviceClient.getAxisService().getPolicySubject().attachPolicyComponent(policy);
+        
+        //Blocking invocation
+        QName operation = new QName("http://rampart.apache.org";, "echo");
+        OMElement echoElement = getEchoElement();
+        OMElement result = serviceClient.sendReceive(operation, echoElement);
+        XMLAssert.assertXMLEqual(echoElement.toStringWithConsume(), 
result.toStringWithConsume());
+    }
+    
+    
+    public void testKerberosDelegation() throws XMLStreamException, 
SAXException, IOException {
+        final String serviceName = "KerberosDelegation";
+        URL serviceUrl = new 
URL(String.format("https://localhost:%s/axis2/services/%s?wsdl";, 
getHttpsPort(), serviceName));
+
+        ServiceClient serviceClient = getServiceClientInstance(serviceUrl);
+
+        System.out.println("Testing WS-Sec: Kerberos scenario: " + 
serviceName);
+                
+        
+        RampartConfig rampartConfig = new RampartConfig();
+        KerberosConfig kerberosConfig = new KerberosConfig();
+        rampartConfig.setKerberosConfig(kerberosConfig);
+
+        kerberosConfig.setJaasContext(serviceName + "Client");  
+        kerberosConfig.setRequstCredentialDelegation(true);
+
+        Policy policy = new Policy();
+        policy.addAssertion(rampartConfig);                
+        
serviceClient.getAxisService().getPolicySubject().attachPolicyComponent(policy);
+        
+        //Blocking invocation
+        QName operation = new QName("http://rampart.apache.org";, "echo");
+        OMElement echoElement = getEchoElement();
+        OMElement result = serviceClient.sendReceive(operation, echoElement);
+        XMLAssert.assertXMLEqual(echoElement.toStringWithConsume(), 
result.toStringWithConsume());
+    }
+    
+    /* (non-Javadoc)
+     * @see org.apache.rampart.AbstractRampartTest#setUp()
+     */
+    @Override
+    protected void setUp() throws Exception {
+        super.setUp();
+        
+        System.setProperty("sun.security.krb5.debug", "true");
+        System.setProperty("sun.security.jgss.debug", "true");
+        
+        KerberosServer.startKerberosServer();
+                        
+        //configure JGSS
+        krb5Conf = System.getProperty(KRB5_CONF_SYS_PROP);
+        
+        File krb5ConfFile = generateKerberosConf();
+        System.out.println("Using Kerberos configuration file: " + 
krb5ConfFile.getAbsolutePath());
+        System.setProperty(KRB5_CONF_SYS_PROP, krb5ConfFile.getAbsolutePath());
+        
+        //configure JAAS
+        jaasConf = System.getProperty(JAAS_CONF_SYS_PROP);
+        System.out.println("Using Kerberos JAAS configuration file: " + new 
File(KERBEROS_JAAS_CONF).getAbsolutePath());
+        System.setProperty(JAAS_CONF_SYS_PROP, KERBEROS_JAAS_CONF);
+    }
+
+    /* (non-Javadoc)
+     * @see org.apache.rampart.AbstractRampartTest#tearDown()
+     */
+    @Override
+    protected void tearDown() throws Exception {
+        super.tearDown();
+        
+        KerberosServer.stopKerberosServer();
+        
+        if (jaasConf != null) {
+            System.setProperty(JAAS_CONF_SYS_PROP, jaasConf);
+        }
+        else {
+            System.clearProperty(JAAS_CONF_SYS_PROP);
+        }
+        
+        if (krb5Conf != null) {
+            System.setProperty(KRB5_CONF_SYS_PROP, krb5Conf);
+        }
+        else {
+            System.clearProperty(KRB5_CONF_SYS_PROP);
+        }
+    }
+    
+    /**
+     * Generates a Kerberos configuration file (krb5.conf) out of the {@link 
#KERBEROS_CONF_TEMPLATE} file,
+     * replacing the {@link #KERBEROS_CONF_KDC_PORT_TOKEN} with actual KDC 
port.
+     * 
+     * @return The generated Kerberos configuration file. It will be generated 
under the following path:
+     * <code>target/tmp/{thisClassSimpleName}_krb5.conf</code>
+     * 
+     * @throws IOException 
+     */
+    protected File generateKerberosConf() throws IOException {
+       File tmpDir = new File("target" + File.separator + "tmp");
+       if (!tmpDir.exists() && !tmpDir.mkdirs()) {
+               throw new RuntimeException("Failed to create temp directory: " 
+ tmpDir.getAbsolutePath());
+       }
+       
+       File krb5ConfTemplate = new File(KERBEROS_CONF_TEMPLATE);
+       if (!krb5ConfTemplate.exists()) {
+               throw new IllegalArgumentException("Cannot find kerberos 
configuration file template: " + krb5ConfTemplate.getAbsolutePath());
+       }
+       
+       FileInputStream krb5ConfTemplateIn = null;
+       String krb5ConfContent;
+       try {
+               krb5ConfTemplateIn = new FileInputStream(krb5ConfTemplate);
+               krb5ConfContent = IOUtils.toString(krb5ConfTemplateIn);
+       }
+       finally {
+               IOUtils.closeQuietly(krb5ConfTemplateIn);
+       }
+       
+               if (krb5ConfContent.indexOf(KERBEROS_CONF_KDC_PORT_TOKEN) == 
-1) {
+                       throw new 
IllegalArgumentException(String.format("Cannot find any %s token in kerberos 
configuration file template: %s",
+                                       KERBEROS_CONF_KDC_PORT_TOKEN, 
krb5ConfTemplate.getAbsolutePath()));
+               }
+               
+               krb5ConfContent = 
krb5ConfContent.replace(KERBEROS_CONF_KDC_PORT_TOKEN, 
String.valueOf(KerberosServer.getPort()));
+       
+       File krb5Conf = new File(tmpDir, this.getClass().getSimpleName() + 
"_krb5.conf");
+       FileOutputStream krb5ConfOut = null;
+       try {
+               krb5ConfOut = new FileOutputStream(krb5Conf);
+               IOUtils.write(krb5ConfContent, krb5ConfOut);
+       }
+       finally {
+               IOUtils.closeQuietly(krb5ConfOut);
+       }
+       
+       return krb5Conf;
+    }
+
+       /* (non-Javadoc)
+        * @see org.apache.rampart.AbstractRampartTest#isEnableHttp()
+        */
+       @Override
+       protected boolean isEnableHttp() {
+               //Kerberos test does not use http
+               return false;
+       }
+
+       /* (non-Javadoc)
+        * @see org.apache.rampart.AbstractRampartTest#isEnableHttps()
+        */
+       @Override
+       protected boolean isEnableHttps() {
+               return true;
+       }
+}

Propchange: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/RampartKerberosTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/util/KerberosServer.java
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/util/KerberosServer.java?rev=1778761&view=auto
==============================================================================
--- 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/util/KerberosServer.java
 (added)
+++ 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/util/KerberosServer.java
 Sat Jan 14 12:22:55 2017
@@ -0,0 +1,214 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.rampart.util;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.DatagramSocket;
+import java.nio.file.Files;
+import java.security.Provider;
+import java.security.Security;
+import java.util.List;
+
+import org.apache.axis2.testutils.PortAllocator;
+import org.apache.commons.io.FileUtils;
+import org.apache.directory.api.ldap.model.entry.DefaultEntry;
+import org.apache.directory.api.ldap.model.ldif.LdifEntry;
+import org.apache.directory.api.ldap.model.ldif.LdifReader;
+import org.apache.directory.server.core.api.DirectoryService;
+import org.apache.directory.server.core.api.interceptor.Interceptor;
+import org.apache.directory.server.core.api.partition.Partition;
+import org.apache.directory.server.core.factory.DefaultDirectoryServiceFactory;
+import org.apache.directory.server.core.factory.DirectoryServiceFactory;
+import org.apache.directory.server.core.factory.PartitionFactory;
+import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
+import org.apache.directory.server.kerberos.KerberosConfig;
+import org.apache.directory.server.kerberos.kdc.KdcServer;
+import org.apache.directory.server.protocol.shared.transport.Transport;
+import org.apache.directory.server.protocol.shared.transport.UdpTransport;
+import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Runs an Apache DS Kerberos server.
+ * @see org.apache.wss4j.integration.test.common.KerberosServiceStarter
+ */
+public class KerberosServer {
+
+       private static final Logger logger = 
LoggerFactory.getLogger(KerberosServer.class);
+       
+    /**
+     * The used DirectoryService instance
+     */
+    private static DirectoryService directoryService;
+
+    /**
+     * The used KdcServer instance
+     */
+    private static KdcServer kdcServer;
+
+    private static Provider provider = null;
+    private static int providerPos = 2;
+    
+    private static File workDir = null;
+    
+    /**
+     * Starts an Apache DS Kerberos server with dynamically allocated port.
+     * 
+     * @return
+     * @throws Exception
+     */
+    public static synchronized void startKerberosServer() throws Exception {
+       int kdcPort = PortAllocator.allocatePort();
+       
+        DatagramSocket datagramSocket = new DatagramSocket(kdcPort);
+        datagramSocket.setReuseAddress(true);
+        datagramSocket.close();
+
+        //Ok, apache ds doesn't like the bouncy castle provider at position 2
+        //Caused by: KrbException: Integrity check on decrypted field failed 
(31) - Integrity check on decrypted field failed
+        Provider[] installedProviders = Security.getProviders();
+        for (int i = 0; i < installedProviders.length; i++) {
+            Provider installedProvider = installedProviders[i];
+            if ("BC".equals(installedProvider.getName())) {
+                provider = installedProvider;
+                providerPos = i;
+                Security.removeProvider("BC");
+                break;
+            }
+        }
+        if (provider != null) {
+            Security.addProvider(provider);
+        }
+        
+        workDir = Files.createTempDirectory("server-work").toFile();
+        
+        DirectoryServiceFactory directoryServiceFactory = new 
DefaultDirectoryServiceFactory();
+        directoryService = directoryServiceFactory.getDirectoryService();
+        directoryService.setAccessControlEnabled(false);
+        directoryService.setAllowAnonymousAccess(false);
+        directoryService.getChangeLog().setEnabled(true);
+        
+        List<Interceptor> interceptors = directoryService.getInterceptors();
+        interceptors.add(new KeyDerivationInterceptor());
+        directoryService.setInterceptors(interceptors);
+        directoryServiceFactory.init("defaultDS");
+
+        PartitionFactory partitionFactory = 
directoryServiceFactory.getPartitionFactory();
+        Partition partition = 
partitionFactory.createPartition(directoryService.getSchemaManager(),
+            directoryService.getDnFactory(), "example", "dc=example,dc=com", 
1000, workDir);
+
+        partitionFactory.addIndex(partition, "objectClass", 1000);
+        partitionFactory.addIndex(partition, "dc", 1000);
+        partitionFactory.addIndex(partition, "ou", 1000);
+
+        partition.setSchemaManager(directoryService.getSchemaManager());
+        // Inject the partition into the DirectoryService
+        directoryService.addPartition(partition);
+
+        InputStream is = 
KerberosServer.class.getClassLoader().getResourceAsStream("kerberos/users.ldif");
+        LdifReader ldifReader = new LdifReader(is);
+        for (LdifEntry entry : ldifReader) {
+            directoryService.getAdminSession().add(new 
DefaultEntry(directoryService.getSchemaManager(), entry.getEntry()));
+        }
+        ldifReader.close();
+
+        KerberosConfig kerberosConfig = new KerberosConfig();
+        kerberosConfig.setServicePrincipal("krbtgt/[email protected]");
+        kerberosConfig.setPrimaryRealm("EXAMPLE.COM");
+        kerberosConfig.setSearchBaseDn("dc=example,dc=com");
+        kerberosConfig.setMaximumTicketLifetime(60000 * 1440);
+        kerberosConfig.setMaximumRenewableLifetime(60000 * 10080);
+        kerberosConfig.setEncryptionTypes(new 
EncryptionType[]{EncryptionType.AES128_CTS_HMAC_SHA1_96});
+        
+        kdcServer = new KdcServer(kerberosConfig);
+        kdcServer.setServiceName("DefaultKrbServer");        
+        
+        final String kdcHostname = "localhost";
+        logger.info(String.format("Starting service on %s:%s", kdcHostname, 
kdcPort));
+        
+        UdpTransport udp = new UdpTransport(kdcHostname, kdcPort);
+        kdcServer.addTransports(udp);
+        kdcServer.setDirectoryService(directoryService);
+        kdcServer.start();
+    }
+
+    /**
+     * @return The Apache DS Kerberos server port.
+     * @throws IllegalArgumentException If server or respective transport are 
not initialized
+     */
+    public static synchronized int getPort() throws IllegalArgumentException {
+       if (kdcServer == null) {
+               throw new IllegalStateException("Kerberos server is not 
initialized");
+       }
+
+       Transport[] transports =  kdcServer.getTransports();
+       if (transports == null || transports.length == 0) {
+               throw new IllegalStateException("Kerberos server does not 
configure any transports");
+       }
+       
+       for (Transport transport : transports) {
+               if (transport instanceof UdpTransport) {
+                       return transport.getPort();
+               }
+       }
+       
+       throw new IllegalStateException(
+                       String.format("Cannot identify Kerberos server port. 
List of transports does not contain an %s instance",
+                                       UdpTransport.class.getName()));
+    } 
+    
+    /**
+     * Stops the Apache DS Kerberos server.
+     * @throws Exception
+     */
+    public static synchronized void stopKerberosServer() throws Exception {
+       logger.info("Stop called");
+               try {           
+                       if (directoryService != null) {
+                               try {
+                                       directoryService.shutdown();
+                               }
+                               finally {                                       
+                                       try {
+                                               
FileUtils.deleteDirectory(workDir);
+                                       }
+                                       catch (IOException e) {
+                                               logger.error("Failed to delete 
Apache DS working directory: " + workDir.getAbsolutePath() , e);
+                                       }
+                               }
+                               directoryService = null;
+                       }
+               }
+               finally {
+                       if (kdcServer != null) {
+                               kdcServer.stop();
+                               kdcServer = null;
+                       }
+                       
+            if (provider != null) {
+                //restore BC position
+                Security.removeProvider("BC");
+                Security.insertProviderAt(provider, providerPos);
+            }
+               }
+    }
+}

Propchange: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/util/KerberosServer.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/util/KerberosTokenDecoderImpl.java
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/util/KerberosTokenDecoderImpl.java?rev=1778761&view=auto
==============================================================================
--- 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/util/KerberosTokenDecoderImpl.java
 (added)
+++ 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/util/KerberosTokenDecoderImpl.java
 Sat Jan 14 12:22:55 2017
@@ -0,0 +1,156 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.rampart.util;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+import javax.security.auth.Subject;
+
+import org.apache.directory.shared.kerberos.codec.KerberosDecoder;
+import org.apache.directory.shared.kerberos.components.EncTicketPart;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.validate.KerberosTokenDecoder;
+
+/**
+ * A copy of wss4j 2.0 Kerberos token decoder implementation.
+ * 
+ * @see org.apache.wss4j.common.kerberos.KerberosTokenDecoderImpl
+ * 
+ * TODO Once Rampart adopts wss4j 2.0, this class must be removed in favor of 
wss4j's
+ */
+public class KerberosTokenDecoderImpl implements KerberosTokenDecoder {
+    
+    private static final String KERBEROS_OID = "1.2.840.113554.1.2.2";
+
+    private byte[] serviceTicket;
+    private Subject subject;
+
+    private boolean decoded = false;
+    private EncTicketPart encTicketPart;
+
+    /**
+     * Clear all internal information
+     */
+    public void clear() {
+        serviceTicket = null;
+        subject = null;
+        decoded = false;
+        encTicketPart = null;
+    }
+
+    /**
+     * Set the AP-REQ Kerberos Token
+     *
+     * @param token the AP-REQ Kerberos Token
+     */
+    public void setToken(byte[] token) {
+        serviceTicket = token;
+    }
+
+    /**
+     * Set the Subject
+     *
+     * @param subject the Subject
+     */
+    public void setSubject(Subject subject) {
+        this.subject = subject;
+    }
+
+    /**
+     * Get the session key from the token
+     *
+     * @return the session key from the token
+     */
+    public byte[] getSessionKey() {
+        if (!decoded) {
+            decodeServiceTicket();
+        }
+        if (encTicketPart != null && encTicketPart.getKey() != null) {
+            return encTicketPart.getKey().getKeyValue();
+        }
+        return null;
+    }
+
+    /**
+     * Get the client principal name from the decoded service ticket.
+     *
+     * @return the client principal name
+     */
+    public String getClientPrincipalName() {
+        if (!decoded) {
+            decodeServiceTicket();
+        }
+        return encTicketPart.getCName().toString();
+    }
+
+    // Decode the service ticket.
+    private synchronized void decodeServiceTicket() {
+        parseServiceTicket(serviceTicket);
+        decoded = true;
+    }
+
+    // Parses the service ticket (GSS AP-REQ token)
+    private void parseServiceTicket(byte[] ticket) {
+        try {
+            // I didn't find a better way how to parse this Kerberos Message...
+            org.bouncycastle.asn1.ASN1InputStream asn1InputStream =
+                    new org.bouncycastle.asn1.ASN1InputStream(new 
ByteArrayInputStream(ticket));
+            org.bouncycastle.asn1.DERApplicationSpecific derToken =
+                    (org.bouncycastle.asn1.DERApplicationSpecific) 
asn1InputStream.readObject();
+            if (derToken == null || !derToken.isConstructed()) {
+                asn1InputStream.close();
+                throw new WSSecurityException("invalid kerberos token");
+            }
+            asn1InputStream.close();
+
+            asn1InputStream = new org.bouncycastle.asn1.ASN1InputStream(new 
ByteArrayInputStream(derToken.getContents()));
+            org.bouncycastle.asn1.DERObjectIdentifier kerberosOid =
+                    (org.bouncycastle.asn1.DERObjectIdentifier) 
asn1InputStream.readObject();
+            if (!kerberosOid.getId().equals(KERBEROS_OID)) {
+                asn1InputStream.close();
+                throw new WSSecurityException("invalid kerberos token");
+            }
+
+            int readLowByte = asn1InputStream.read() & 0xff;
+            int readHighByte = asn1InputStream.read() & 0xff;
+            int read = (readHighByte << 8) + readLowByte; //NOPMD
+            if (read != 0x01) {
+                throw new WSSecurityException("invalid kerberos token");
+            }
+            
+            this.encTicketPart = 
KerberosDecoder.decodeEncTicketPart(toByteArray(asn1InputStream));
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    private static byte[] toByteArray(InputStream inputStream) throws 
IOException {
+        ByteArrayOutputStream byteArrayOutputStream = new 
ByteArrayOutputStream();
+        int read;
+        byte[] buf = new byte[1024];
+        while ((read = inputStream.read(buf)) != -1) {
+            byteArrayOutputStream.write(buf, 0, read);
+        }
+        return byteArrayOutputStream.toByteArray();
+    }
+}

Propchange: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/util/KerberosTokenDecoderImpl.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/alice.keytab
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/alice.keytab?rev=1778761&view=auto
==============================================================================
Binary file - no diff available.

Propchange: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/alice.keytab
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/bob.keytab
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/bob.keytab?rev=1778761&view=auto
==============================================================================
Binary file - no diff available.

Propchange: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/bob.keytab
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/jaas.conf
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/jaas.conf?rev=1778761&view=auto
==============================================================================
--- 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/jaas.conf
 (added)
+++ 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/jaas.conf
 Sat Jan 14 12:22:55 2017
@@ -0,0 +1,49 @@
+KerberosOverTransportKeytab {
+    com.sun.security.auth.module.Krb5LoginModule required
+        useKeyTab=true
+        keyTab="target/test-classes/kerberos/bob.keytab"
+        principal=bob
+        storeKey=true
+        isInitiator=false
+        refreshKrb5Config=true;
+};
+
+KerberosOverTransportKeytabClient {
+    com.sun.security.auth.module.Krb5LoginModule required
+        useKeyTab=true
+        keyTab="target/test-classes/kerberos/alice.keytab"
+        principal=alice
+        refreshKrb5Config=true;
+};
+
+KerberosOverTransportPWCB {
+    com.sun.security.auth.module.Krb5LoginModule required
+        principal=bob
+        storeKey=true
+        isInitiator=false
+        refreshKrb5Config=true;
+};
+
+KerberosOverTransportPWCBClient {
+    com.sun.security.auth.module.Krb5LoginModule required
+        principal=alice
+        refreshKrb5Config=true;
+};
+
+KerberosDelegation {
+    com.sun.security.auth.module.Krb5LoginModule required
+        useKeyTab=true
+        keyTab="target/test-classes/kerberos/bob.keytab"
+        principal=bob
+        storeKey=true
+        isInitiator=true
+        refreshKrb5Config=true;
+};
+
+KerberosDelegationClient {
+    com.sun.security.auth.module.Krb5LoginModule required
+        useKeyTab=true
+        keyTab="target/test-classes/kerberos/alice.keytab"
+        principal=alice
+        refreshKrb5Config=true;
+};
\ No newline at end of file

Added: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/krb5.conf.template
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/krb5.conf.template?rev=1778761&view=auto
==============================================================================
--- 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/krb5.conf.template
 (added)
+++ 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/krb5.conf.template
 Sat Jan 14 12:22:55 2017
@@ -0,0 +1,8 @@
+[libdefaults]
+       default_realm = EXAMPLE.COM
+       forwardable = true      
+
+[realms]
+       EXAMPLE.COM = {
+               kdc = localhost:KDC_PORT
+       }
\ No newline at end of file

Added: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/readme
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/readme?rev=1778761&view=auto
==============================================================================
--- 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/readme
 (added)
+++ 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/readme
 Sat Jan 14 12:22:55 2017
@@ -0,0 +1,9 @@
+In order to create alice.keytab and bob.keytab, in src/test/resources/kerberos 
directory, execute the following commands depending on the underlying OS:
+
+Windows:
+<java_home>/bin/ktab.exe -a [email protected] password -k alice.keytab
+<java_home>/bin/ktab.exe -a [email protected] password -k bob.keytab
+
+Unix (requires ktutil)
+ktutil add_entry -password -p [email protected] -k 1 -e 
aes128-cts-hmac-sha1-96\npassword\n write_kt alice.keytab\n quit
+ktutil add_entry -password -p [email protected] -k 1 -e 
aes128-cts-hmac-sha1-96\npassword\n write_kt bob.keytab\n quit 
\ No newline at end of file

Added: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/users.ldif
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/users.ldif?rev=1778761&view=auto
==============================================================================
--- 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/users.ldif
 (added)
+++ 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/users.ldif
 Sat Jan 14 12:22:55 2017
@@ -0,0 +1,60 @@
+version: 1
+
+dn: dc=example,dc=com
+objectClass: top
+objectClass: domain
+objectClass: extensibleObject
+dc: example
+
+dn: ou=users,dc=example,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: users
+
+dn: ou=services,dc=example,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: services
+
+dn: 
[email protected]+uid=bob+sn=bob+cn=bob,ou=services,dc=example,dc=com
+objectClass: top
+objectClass: inetOrgPerson
+objectClass: krb5KDCEntry
+objectClass: uidObject
+objectClass: person
+objectClass: krb5Principal
+objectClass: organizationalPerson
+cn: bob
+krb5KeyVersionNumber: 0
+krb5PrincipalName: [email protected]
+sn: bob
+uid: bob
+userPassword: password
+
+dn: uid=krbtgt+krb5PrincipalName=krbtgt/[email protected]+ou=TGT,ou=se
+ rvices,dc=example,dc=com
+objectClass: top
+objectClass: organizationalUnit
+objectClass: krb5KDCEntry
+objectClass: uidObject
+objectClass: krb5Principal
+krb5KeyVersionNumber: 0
+krb5PrincipalName: krbtgt/[email protected]
+ou: TGT
+uid: krbtgt
+userPassword: randomKey
+
+dn: 
[email protected]+uid=alice,ou=users,dc=example,dc=com
+objectClass: top
+objectClass: krb5KDCEntry
+objectClass: inetOrgPerson
+objectClass: uidObject
+objectClass: krb5Principal
+objectClass: person
+objectClass: organizationalPerson
+cn: alice
+krb5KeyVersionNumber: 0
+krb5PrincipalName: [email protected]
+sn: alice
+uid: alice
+userPassword: password

Added: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/rampart/kerberos/KerberosDelegation.xml
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/rampart/kerberos/KerberosDelegation.xml?rev=1778761&view=auto
==============================================================================
--- 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/rampart/kerberos/KerberosDelegation.xml
 (added)
+++ 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/rampart/kerberos/KerberosDelegation.xml
 Sat Jan 14 12:22:55 2017
@@ -0,0 +1,86 @@
+<service name="KerberosDelegation">
+
+    <module ref="addressing" />
+    <module ref="rampart" />
+
+    <parameter locked="false" 
name="ServiceClass">org.apache.rampart.KerberosDelegationService</parameter>
+
+       <transports>
+               <transport>https</transport>
+       </transports>
+       
+    <operation name="echo">
+        <messageReceiver 
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver" />
+        <actionMapping>urn:echo</actionMapping>
+    </operation>
+
+    <operation name="returnError">
+        <messageReceiver 
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver" />
+        <actionMapping>urn:returnError</actionMapping>
+    </operation>
+
+    <wsp:PolicyAttachment 
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+
+        <wsp:AppliesTo>
+            <policy-subject identifier="binding:soap" />
+            <policy-subject identifier="binding:soap12" />
+        </wsp:AppliesTo>
+        
+        <wsp:Policy wsu:Id="KerberosOverTransport"
+            
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
+            xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl";
+            xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+        
+            <wsp:ExactlyOne>
+                <wsp:All>
+                    <sp:TransportBinding>
+                        <wsp:Policy>
+                            <sp:TransportToken>
+                                <wsp:Policy>
+                                    <sp:HttpsToken />
+                                </wsp:Policy>
+                            </sp:TransportToken>
+                            <sp:AlgorithmSuite>
+                                <wsp:Policy>
+                                    <sp:Basic128 />
+                                </wsp:Policy>
+                            </sp:AlgorithmSuite>
+                            <sp:IncludeTimestamp />
+                        </wsp:Policy>
+                    </sp:TransportBinding>
+                    <sp:EndorsingSupportingTokens>
+                        <wsp:Policy>
+                            <sp:KerberosToken 
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once";>
+                                <wsp:Policy>
+                                    <sp:WssGssKerberosV5ApReqToken11 />
+                                </wsp:Policy>
+                            </sp:KerberosToken>
+                        </wsp:Policy>
+                    </sp:EndorsingSupportingTokens>
+                    <sp:Wss11>
+                        <wsp:Policy />
+                    </sp:Wss11>
+                    <wsaw:UsingAddressing />
+                    
+                   <rampart:RampartConfig 
xmlns:rampart="http://ws.apache.org/rampart/policy";>
+                        <rampart:kerberosConfig>
+                            
<rampart:jaasContext>KerberosDelegation</rampart:jaasContext>
+                            
<rampart:servicePrincipalNameForm>username</rampart:servicePrincipalNameForm>
+                            
<rampart:kerberosTokenDecoderClass>org.apache.rampart.util.KerberosTokenDecoderImpl</rampart:kerberosTokenDecoderClass>
+                        </rampart:kerberosConfig>
+                        
<rampart:policyValidatorCbClass>org.apache.rampart.KerberosDelegationServiceValidator</rampart:policyValidatorCbClass>
                        
+                    </rampart:RampartConfig>
+                </wsp:All>
+            </wsp:ExactlyOne>
+        </wsp:Policy>
+
+    </wsp:PolicyAttachment>
+
+    <!-- Configure SPN using addressingIdentity extensibility element -->
+    <parameter name="addressingIdentity">
+        <Identity 
xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity";>
+            <Upn>[email protected]</Upn>
+        </Identity>
+    </parameter>
+
+</service>

Propchange: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/rampart/kerberos/KerberosDelegation.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Added: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/rampart/kerberos/KerberosOverTransportKeytab.xml
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/rampart/kerberos/KerberosOverTransportKeytab.xml?rev=1778761&view=auto
==============================================================================
--- 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/rampart/kerberos/KerberosOverTransportKeytab.xml
 (added)
+++ 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/rampart/kerberos/KerberosOverTransportKeytab.xml
 Sat Jan 14 12:22:55 2017
@@ -0,0 +1,85 @@
+<service name="KerberosOverTransportKeytab">
+
+    <module ref="addressing" />
+    <module ref="rampart" />
+
+    <parameter locked="false" 
name="ServiceClass">org.apache.rampart.Service</parameter>
+
+       <transports>
+               <transport>https</transport>
+       </transports>
+       
+    <operation name="echo">
+        <messageReceiver 
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver" />
+        <actionMapping>urn:echo</actionMapping>
+    </operation>
+
+    <operation name="returnError">
+        <messageReceiver 
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver" />
+        <actionMapping>urn:returnError</actionMapping>
+    </operation>
+
+    <wsp:PolicyAttachment 
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+
+        <wsp:AppliesTo>
+            <policy-subject identifier="binding:soap" />
+            <policy-subject identifier="binding:soap12" />
+        </wsp:AppliesTo>
+        
+        <wsp:Policy wsu:Id="KerberosOverTransport"
+            
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
+            xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl";
+            xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+        
+            <wsp:ExactlyOne>
+                <wsp:All>
+                    <sp:TransportBinding>
+                        <wsp:Policy>
+                            <sp:TransportToken>
+                                <wsp:Policy>
+                                    <sp:HttpsToken />
+                                </wsp:Policy>
+                            </sp:TransportToken>
+                            <sp:AlgorithmSuite>
+                                <wsp:Policy>
+                                    <sp:Basic128 />
+                                </wsp:Policy>
+                            </sp:AlgorithmSuite>
+                            <sp:IncludeTimestamp />
+                        </wsp:Policy>
+                    </sp:TransportBinding>
+                    <sp:EndorsingSupportingTokens>
+                        <wsp:Policy>
+                            <sp:KerberosToken 
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once";>
+                                <wsp:Policy>
+                                    <sp:WssGssKerberosV5ApReqToken11 />
+                                </wsp:Policy>
+                            </sp:KerberosToken>
+                        </wsp:Policy>
+                    </sp:EndorsingSupportingTokens>
+                    <sp:Wss11>
+                        <wsp:Policy />
+                    </sp:Wss11>
+                    <wsaw:UsingAddressing />
+                    
+                    <rampart:RampartConfig 
xmlns:rampart="http://ws.apache.org/rampart/policy";>
+                        <rampart:kerberosConfig>
+                            
<rampart:jaasContext>KerberosOverTransportKeytab</rampart:jaasContext>
+                            
<rampart:servicePrincipalNameForm>username</rampart:servicePrincipalNameForm>
+                            
<rampart:kerberosTokenDecoderClass>org.apache.rampart.util.KerberosTokenDecoderImpl</rampart:kerberosTokenDecoderClass>
+                        </rampart:kerberosConfig>
+                    </rampart:RampartConfig>
+                </wsp:All>
+            </wsp:ExactlyOne>
+        </wsp:Policy>
+
+    </wsp:PolicyAttachment>
+
+    <!-- Configure SPN using addressingIdentity extensibility element -->
+    <parameter name="addressingIdentity">
+        <Identity 
xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity";>
+            <Upn>[email protected]</Upn>
+        </Identity>
+    </parameter>
+
+</service>

Propchange: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/rampart/kerberos/KerberosOverTransportKeytab.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Added: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/rampart/kerberos/KerberosOverTransportPWCB.xml
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/rampart/kerberos/KerberosOverTransportPWCB.xml?rev=1778761&view=auto
==============================================================================
--- 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/rampart/kerberos/KerberosOverTransportPWCB.xml
 (added)
+++ 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/rampart/kerberos/KerberosOverTransportPWCB.xml
 Sat Jan 14 12:22:55 2017
@@ -0,0 +1,88 @@
+<service name="KerberosOverTransportPWCB">
+
+    <module ref="addressing" />
+    <module ref="rampart" />
+
+    <parameter locked="false" 
name="ServiceClass">org.apache.rampart.Service</parameter>
+
+       <transports>
+               <transport>https</transport>
+       </transports>
+       
+    <operation name="echo">
+        <messageReceiver 
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver" />
+        <actionMapping>urn:echo</actionMapping>
+    </operation>
+
+    <operation name="returnError">
+        <messageReceiver 
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver" />
+        <actionMapping>urn:returnError</actionMapping>
+    </operation>
+
+    <wsp:PolicyAttachment 
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+
+        <wsp:AppliesTo>
+            <policy-subject identifier="binding:soap" />
+            <policy-subject identifier="binding:soap12" />
+        </wsp:AppliesTo>
+        
+        <wsp:Policy wsu:Id="KerberosOverTransport"
+            
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
+            xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl";
+            xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+        
+            <wsp:ExactlyOne>
+                <wsp:All>
+                    <sp:TransportBinding>
+                        <wsp:Policy>
+                            <sp:TransportToken>
+                                <wsp:Policy>
+                                    <sp:HttpsToken />
+                                </wsp:Policy>
+                            </sp:TransportToken>
+                            <sp:AlgorithmSuite>
+                                <wsp:Policy>
+                                    <sp:Basic128 />
+                                </wsp:Policy>
+                            </sp:AlgorithmSuite>
+                            <sp:IncludeTimestamp />
+                        </wsp:Policy>
+                    </sp:TransportBinding>
+                    <sp:EndorsingSupportingTokens>
+                        <wsp:Policy>
+                            <sp:KerberosToken 
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once";>
+                                <wsp:Policy>
+                                    <sp:WssGssKerberosV5ApReqToken11 />
+                                </wsp:Policy>
+                            </sp:KerberosToken>
+                        </wsp:Policy>
+                    </sp:EndorsingSupportingTokens>
+                    <sp:Wss11>
+                        <wsp:Policy />
+                    </sp:Wss11>
+                    <wsaw:UsingAddressing />
+                    
+                    <rampart:RampartConfig 
xmlns:rampart="http://ws.apache.org/rampart/policy";>
+                       <rampart:user>alice</rampart:user>
+                        
<rampart:passwordCallbackClass>org.apache.rampart.PWCallback</rampart:passwordCallbackClass>
+                        
+                        <rampart:kerberosConfig>
+                            
<rampart:jaasContext>KerberosOverTransportPWCB</rampart:jaasContext>
+                            
<rampart:servicePrincipalNameForm>username</rampart:servicePrincipalNameForm>
+                            
<rampart:kerberosTokenDecoderClass>org.apache.rampart.util.KerberosTokenDecoderImpl</rampart:kerberosTokenDecoderClass>
+                        </rampart:kerberosConfig>
+                    </rampart:RampartConfig>
+                </wsp:All>
+            </wsp:ExactlyOne>
+        </wsp:Policy>
+
+    </wsp:PolicyAttachment>
+
+    <!-- Configure SPN using addressingIdentity extensibility element -->
+    <parameter name="addressingIdentity">
+        <Identity 
xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity";>
+            <Upn>[email protected]</Upn>
+        </Identity>
+    </parameter>
+
+</service>

Propchange: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/rampart/kerberos/KerberosOverTransportPWCB.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/pom.xml
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/pom.xml?rev=1778761&r1=1778760&r2=1778761&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/pom.xml 
(original)
+++ axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/pom.xml 
Sat Jan 14 12:22:55 2017
@@ -43,5 +43,15 @@
             <groupId>org.apache.ws.commons.axiom</groupId>
             <artifactId>axiom-api</artifactId>
         </dependency>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>xmlunit</groupId>
+            <artifactId>xmlunit</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 </project>

Modified: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/Constants.java
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/Constants.java?rev=1778761&r1=1778760&r2=1778761&view=diff
==============================================================================
--- 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/Constants.java
 (original)
+++ 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/Constants.java
 Sat Jan 14 12:22:55 2017
@@ -201,6 +201,10 @@ public class Constants {
     public static final String XPATH_FILTER20 = "XPathFilter20";
 
     // /////////////////////////////////////////////////////////////////////
+    
+    public final static String WSS_KERBEROS_TOKEN11 = 
"http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ";;
+    
+    // /////////////////////////////////////////////////////////////////////
 
     public static final QName ATTR_XPATH_VERSION = new QName(SP_NS, 
"XPathVersion", Constants.SP_PREFIX);
     

Modified: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP11Constants.java
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP11Constants.java?rev=1778761&r1=1778760&r2=1778761&view=diff
==============================================================================
--- 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP11Constants.java
 (original)
+++ 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP11Constants.java
 Sat Jan 14 12:22:55 2017
@@ -258,6 +258,15 @@ public class SP11Constants {
 
     public static final QName BODY = new QName(SP11Constants.SP_NS, "Body");
     
+    public static final QName KERBEROS_TOKEN = new QName(SP11Constants.SP_NS,
+            SPConstants.KERBEROS_TOKEN, SP11Constants.SP_PREFIX);
+
+    public static final QName REQUIRE_KERBEROS_GSS_V5_TOKEN_11 = new 
QName(SP11Constants.SP_NS,
+            SPConstants.REQUIRE_KERBEROS_GSS_V5_TOKEN_11, 
SP11Constants.SP_PREFIX);
+
+    public static final QName REQUIRE_KERBEROS_V5_TOKEN_11 = new 
QName(SP11Constants.SP_NS,
+            SPConstants.REQUIRE_KERBEROS_V5_TOKEN_11, SP11Constants.SP_PREFIX);
+    
     public static int getInclusionFromAttributeValue(String value ) {
         
         if (INCLUDE_ALWAYS.equals(value)) {

Modified: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP12Constants.java
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP12Constants.java?rev=1778761&r1=1778760&r2=1778761&view=diff
==============================================================================
--- 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP12Constants.java
 (original)
+++ 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP12Constants.java
 Sat Jan 14 12:22:55 2017
@@ -317,6 +317,15 @@ public class SP12Constants {
     
     
////////////////////////////////////////////////////////////////////////////////////////////////
     
+    public static final QName KERBEROS_TOKEN = new QName(SP12Constants.SP_NS,
+            SPConstants.KERBEROS_TOKEN, SP12Constants.SP_PREFIX);
+
+    public static final QName REQUIRE_KERBEROS_GSS_V5_TOKEN_11 = new 
QName(SP12Constants.SP_NS,
+            SPConstants.REQUIRE_KERBEROS_GSS_V5_TOKEN_11, 
SP12Constants.SP_PREFIX);
+
+    public static final QName REQUIRE_KERBEROS_V5_TOKEN_11 = new 
QName(SP12Constants.SP_NS,
+            SPConstants.REQUIRE_KERBEROS_V5_TOKEN_11, SP12Constants.SP_PREFIX);
+    
     public static int getInclusionFromAttributeValue(String value ) {
         
         if (INCLUDE_ALWAYS.equals(value)) {

Modified: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java?rev=1778761&r1=1778760&r2=1778761&view=diff
==============================================================================
--- 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java
 (original)
+++ 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java
 Sat Jan 14 12:22:55 2017
@@ -131,6 +131,7 @@ public class SPConstants {
     
     public final static String USERNAME_TOKEN11 = "WssUsernameToken11";
 
+    public final static String KERBEROS_TOKEN = "KerberosToken";
     
     public final static String TRANSPORT_TOKEN = "TransportToken";
     
@@ -429,7 +430,7 @@ public class SPConstants {
     
     public static final String HASH_PASSWORD = "HashPassword";
     
-
+    public static final String REQUIRE_KERBEROS_V5_TOKEN_11 = 
"WssKerberosV5ApReqToken11";
     
-
+    public static final String REQUIRE_KERBEROS_GSS_V5_TOKEN_11 = 
"WssGssKerberosV5ApReqToken11";
 }

Added: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/KerberosToken.java
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/KerberosToken.java?rev=1778761&view=auto
==============================================================================
--- 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/KerberosToken.java
 (added)
+++ 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/KerberosToken.java
 Sat Jan 14 12:22:55 2017
@@ -0,0 +1,149 @@
+/*
+ * Copyright 2001-2014 The Apache Software Foundation.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.SPConstants;
+
+public class KerberosToken extends Token {
+
+    private boolean requiresKerberosV5Token;
+
+    private boolean requiresGssKerberosV5Token;
+
+    private boolean requiresKeyIdentifierReference;
+
+    private String tokenVersionAndType = Constants.WSS_KERBEROS_TOKEN11;
+
+    public String getTokenVersionAndType() {
+        return tokenVersionAndType;
+    }
+
+    public void setTokenVersionAndType(String tokenVersionAndType) {
+        this.tokenVersionAndType = tokenVersionAndType;
+    }
+
+    public boolean isRequiresKerberosV5Token() {
+        return requiresKerberosV5Token;
+    }
+
+    public void setRequiresKerberosV5Token(boolean requiresKerberosV5Token) {
+        this.requiresKerberosV5Token = requiresKerberosV5Token;
+    }
+
+    public boolean isRequiresGssKerberosV5Token() {
+        return requiresGssKerberosV5Token;
+    }
+
+    public void setRequiresGssKerberosV5Token(boolean 
requiresGssKerberosV5Token) {
+        this.requiresGssKerberosV5Token = requiresGssKerberosV5Token;
+    }
+
+    public boolean isRequiresKeyIdentifierReference() {
+        return requiresKeyIdentifierReference;
+    }
+
+    public void setRequiresKeyIdentifierReference(boolean
+        requiresKeyIdentifierReference) {
+        this.requiresKeyIdentifierReference = requiresKeyIdentifierReference;
+    }
+
+    public KerberosToken(int version) {
+        setVersion(version);
+    }
+
+    public QName getName() {
+        if (version == SPConstants.SP_V12) {
+            return SP12Constants.KERBEROS_TOKEN;
+        } 
+        else {
+            return SP11Constants.KERBEROS_TOKEN;
+        }
+    }
+
+    public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+        String localName = getName().getLocalPart();
+        String namespaceURI = getName().getNamespaceURI();
+
+        String prefix = writer.getPrefix(namespaceURI);
+
+        if (prefix == null) {
+            prefix = getName().getPrefix();
+            writer.setPrefix(prefix, namespaceURI);
+        }
+
+        // <sp:KerberosToken>
+        writer.writeStartElement(prefix, localName, namespaceURI);
+
+        String inclusion;
+
+        if (version == SPConstants.SP_V12) {
+            inclusion = 
SP12Constants.getAttributeValueFromInclusion(getInclusion());
+        } else {
+            inclusion = 
SP11Constants.getAttributeValueFromInclusion(getInclusion());
+        }
+
+        if (inclusion != null) {
+            writer.writeAttribute(prefix, namespaceURI,
+                                  SPConstants.ATTR_INCLUDE_TOKEN, inclusion);
+        }
+
+        String pPrefix = 
writer.getPrefix(SPConstants.POLICY.getNamespaceURI());
+        if (pPrefix == null) {
+            pPrefix = SPConstants.POLICY.getPrefix();
+            writer.setPrefix(pPrefix, SPConstants.POLICY.getNamespaceURI());
+        }
+
+        // <wsp:Policy>
+        writer.writeStartElement(pPrefix, SPConstants.POLICY.getLocalPart(),
+                                 SPConstants.POLICY.getNamespaceURI());
+
+        if (isRequiresKerberosV5Token()) {
+            // <sp:WssKerberosV5ApReqToken11 />
+            
writer.writeStartElement(prefix,SPConstants.REQUIRE_KERBEROS_V5_TOKEN_11,
+                                     namespaceURI);
+            writer.writeEndElement();
+        }
+
+        if (isRequiresGssKerberosV5Token()) {
+            // <sp:WssGssKerberosV5ApReqToken11 ... />
+            writer.writeStartElement(prefix,
+                                     
SPConstants.REQUIRE_KERBEROS_GSS_V5_TOKEN_11,
+                                     namespaceURI);
+            writer.writeEndElement();
+        }
+
+        if (isRequiresKeyIdentifierReference()) {
+            // <sp:RequireKeyIdentifierReference />
+            writer.writeStartElement(prefix,
+                                     
SPConstants.REQUIRE_KEY_IDENTIFIRE_REFERENCE,
+                                     namespaceURI);
+            writer.writeEndElement();
+        }
+
+        // </wsp:Policy>
+        writer.writeEndElement();
+
+        // </sp:KerberosToken>
+        writer.writeEndElement();
+    }
+}

Propchange: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/KerberosToken.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/KerberosTokenBuilder.java
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/KerberosTokenBuilder.java?rev=1778761&view=auto
==============================================================================
--- 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/KerberosTokenBuilder.java
 (added)
+++ 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/KerberosTokenBuilder.java
 Sat Jan 14 12:22:55 2017
@@ -0,0 +1,92 @@
+/*
+ * Copyright 2001-2014 The Apache Software Foundation.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy11.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.KerberosToken;
+
+/**
+ * Builder for {@link KerberosToken} assertion (WS Security Policy version 1.1)
+ */
+public class KerberosTokenBuilder implements AssertionBuilder<OMElement> {
+
+    /*
+     * (non-Javadoc)
+     * 
+     * @see org.apache.neethi.builders.AssertionBuilder#build(java.lang.Object,
+     * org.apache.neethi.AssertionBuilderFactory)
+     */
+       public Assertion build(OMElement element, AssertionBuilderFactory arg1) 
+           throws IllegalArgumentException {
+        KerberosToken kerberosToken = new KerberosToken(SPConstants.SP_V11);
+
+        OMElement policyElement = element.getFirstElement();
+
+        // Process token inclusion
+        OMAttribute includeAttr = 
element.getAttribute(SP11Constants.INCLUDE_TOKEN);
+
+        if (includeAttr != null) {
+            int inclusion = SP11Constants.getInclusionFromAttributeValue(
+                                  includeAttr.getAttributeValue());
+            kerberosToken.setInclusion(inclusion);
+        }
+
+        if (policyElement != null) {
+            Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+            policy = (Policy) policy.normalize(false);
+            for (Iterator iterator = policy.getAlternatives(); 
iterator.hasNext();) {
+                processAlternative((List) iterator.next(), kerberosToken);
+                 // there should be only one alternative
+                break;
+            }
+        }
+        return kerberosToken;
+    }
+
+    private void processAlternative(List assertions, KerberosToken parent) {
+        Assertion assertion;
+        QName name;
+
+        for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+            assertion = (Assertion) iterator.next();
+            name = assertion.getName();
+            if (SP11Constants.REQUIRE_KERBEROS_V5_TOKEN_11.equals(name)) {
+                parent.setRequiresKerberosV5Token(true);
+            } else if 
(SP11Constants.REQUIRE_KERBEROS_GSS_V5_TOKEN_11.equals(name)) {
+                parent.setRequiresGssKerberosV5Token(true);
+            } else if 
(SP11Constants.REQUIRE_KEY_IDENTIFIRE_REFERENCE.equals(name)) {
+                parent.setRequiresKeyIdentifierReference(true);
+            }
+        }
+    }
+
+    public QName[] getKnownElements() {
+        return new QName[] { SP11Constants.KERBEROS_TOKEN };
+    }
+}

Propchange: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/KerberosTokenBuilder.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/KerberosTokenBuilder.java
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/KerberosTokenBuilder.java?rev=1778761&view=auto
==============================================================================
--- 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/KerberosTokenBuilder.java
 (added)
+++ 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/KerberosTokenBuilder.java
 Sat Jan 14 12:22:55 2017
@@ -0,0 +1,92 @@
+/*
+ * Copyright 2001-2014 The Apache Software Foundation.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy12.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.KerberosToken;
+
+/**
+ * Builder for {@link KerberosToken} assertion (WS Security Policy version 1.2)
+ */
+public class KerberosTokenBuilder implements AssertionBuilder<OMElement> {
+
+    /*
+     * (non-Javadoc)
+     * 
+     * @see org.apache.neethi.builders.AssertionBuilder#build(java.lang.Object,
+     * org.apache.neethi.AssertionBuilderFactory)
+     */
+       public Assertion build(OMElement element, AssertionBuilderFactory arg1) 
+           throws IllegalArgumentException {
+        KerberosToken kerberosToken = new KerberosToken(SPConstants.SP_V12);
+
+        OMElement policyElement = element.getFirstElement();
+
+        // Process token inclusion
+        OMAttribute includeAttr = 
element.getAttribute(SP12Constants.INCLUDE_TOKEN);
+
+        if (includeAttr != null) {
+            int inclusion = SP12Constants.getInclusionFromAttributeValue(
+                                  includeAttr.getAttributeValue());
+            kerberosToken.setInclusion(inclusion);
+        }
+
+        if (policyElement != null) {
+            Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+            policy = (Policy) policy.normalize(false);
+            for (Iterator iterator = policy.getAlternatives(); 
iterator.hasNext();) {
+                processAlternative((List) iterator.next(), kerberosToken);
+                 // there should be only one alternative
+                break;
+            }
+        }
+        return kerberosToken;
+    }
+
+    private void processAlternative(List assertions, KerberosToken parent) {
+        Assertion assertion;
+        QName name;
+
+        for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+            assertion = (Assertion) iterator.next();
+            name = assertion.getName();
+            if (SP12Constants.REQUIRE_KERBEROS_V5_TOKEN_11.equals(name)) {
+                parent.setRequiresKerberosV5Token(true);
+            } else if 
(SP12Constants.REQUIRE_KERBEROS_GSS_V5_TOKEN_11.equals(name)) {
+                parent.setRequiresGssKerberosV5Token(true);
+            } else if 
(SP12Constants.REQUIRE_KEY_IDENTIFIRE_REFERENCE.equals(name)) {
+                parent.setRequiresKeyIdentifierReference(true);
+            }
+        }
+    }
+
+    public QName[] getKnownElements() {
+        return new QName[] { SP12Constants.KERBEROS_TOKEN };
+    }
+}

Propchange: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/KerberosTokenBuilder.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/resources/META-INF/services/org.apache.neethi.builders.AssertionBuilder
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/resources/META-INF/services/org.apache.neethi.builders.AssertionBuilder?rev=1778761&r1=1778760&r2=1778761&view=diff
==============================================================================
--- 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/resources/META-INF/services/org.apache.neethi.builders.AssertionBuilder
 (original)
+++ 
axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/resources/META-INF/services/org.apache.neethi.builders.AssertionBuilder
 Sat Jan 14 12:22:55 2017
@@ -23,6 +23,7 @@ org.apache.ws.secpolicy11.builders.Issue
 org.apache.ws.secpolicy11.builders.RequiredElementsBuilder
 org.apache.ws.secpolicy11.builders.SignatureTokenBuilder
 org.apache.ws.secpolicy11.builders.EncryptionTokenBuilder
+org.apache.ws.secpolicy11.builders.KerberosTokenBuilder
 org.apache.ws.secpolicy12.builders.AlgorithmSuiteBuilder
 org.apache.ws.secpolicy12.builders.AsymmetricBindingBuilder
 org.apache.ws.secpolicy12.builders.EncryptedElementsBuilder
@@ -49,4 +50,5 @@ org.apache.ws.secpolicy12.builders.Requi
 org.apache.ws.secpolicy12.builders.ContentEncryptedElementsBuilder
 org.apache.ws.secpolicy12.builders.HttpsTokenBuilder
 org.apache.ws.secpolicy12.builders.SignatureTokenBuilder
-org.apache.ws.secpolicy12.builders.EncryptionTokenBuilder
\ No newline at end of file
+org.apache.ws.secpolicy12.builders.EncryptionTokenBuilder
+org.apache.ws.secpolicy12.builders.KerberosTokenBuilder
\ No newline at end of file


Reply via email to