This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch 3.1.x-fixes in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 8c9a156469daa2a974db79e2b1f70224ed773c4b Author: Colm O hEigeartaigh <cohei...@apache.org> AuthorDate: Thu Apr 12 12:03:53 2018 +0100 Added a WS-SecurityPolicy code-first demo (cherry picked from commit 51df5beeb200a77c274f6c93ca4f65145a1ddcd7) --- .../cxf/systest/ws/ut/UsernameTokenTest.java | 58 ++++++++++++++++++++++ .../ws/ut/plaintext-pass-timestamp-policy.xml | 38 ++++++++++++++ 2 files changed, 96 insertions(+) diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java index 236f9c4..e20763a 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java @@ -24,22 +24,28 @@ import java.net.URL; import java.security.KeyStore; import java.util.Arrays; import java.util.Collection; +import java.util.Collections; import javax.net.ssl.TrustManagerFactory; import javax.xml.namespace.QName; import javax.xml.ws.BindingProvider; import javax.xml.ws.Service; +import org.w3c.dom.Element; + import org.apache.cxf.Bus; import org.apache.cxf.bus.spring.SpringBusFactory; import org.apache.cxf.common.classloader.ClassLoaderUtils; import org.apache.cxf.configuration.jsse.TLSClientParameters; import org.apache.cxf.endpoint.Client; import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.jaxws.JaxWsProxyFactoryBean; +import org.apache.cxf.staxutils.StaxUtils; import org.apache.cxf.systest.ws.common.SecurityTestUtil; import org.apache.cxf.systest.ws.common.TestParam; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; import org.apache.cxf.transport.http.HTTPConduit; +import org.apache.cxf.ws.policy.WSPolicyFeature; import org.apache.cxf.ws.security.SecurityConstants; import org.apache.wss4j.common.ext.WSSecurityException; import org.example.contract.doubleit.DoubleItPortType; @@ -139,6 +145,58 @@ public class UsernameTokenTest extends AbstractBusClientServerTestBase { ((java.io.Closeable)utPort).close(); } + // Here we are not using the WSDL and so need to add the policy manually on the client side + @org.junit.Test + public void testPlaintextCodeFirst() throws Exception { + + String address = "https://localhost:" + PORT + "/DoubleItUTPlaintext"; + QName portQName = new QName(NAMESPACE, "DoubleItPlaintextPort"); + + WSPolicyFeature policyFeature = new WSPolicyFeature(); + Element policyElement = + StaxUtils.read(getClass().getResourceAsStream("plaintext-pass-timestamp-policy.xml")).getDocumentElement(); + policyFeature.setPolicyElements(Collections.singletonList(policyElement)); + + JaxWsProxyFactoryBean clientFactoryBean = new JaxWsProxyFactoryBean(); + clientFactoryBean.setFeatures(Collections.singletonList(policyFeature)); + clientFactoryBean.setAddress(address); + clientFactoryBean.setServiceName(SERVICE_QNAME); + clientFactoryBean.setEndpointName(portQName); + clientFactoryBean.setServiceClass(DoubleItPortType.class); + + DoubleItPortType port = (DoubleItPortType)clientFactoryBean.create(); + + if (test.isStreaming()) { + SecurityTestUtil.enableStreaming(port); + } + + ((BindingProvider)port).getRequestContext().put(SecurityConstants.USERNAME, "Alice"); + + ((BindingProvider)port).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER, + "org.apache.cxf.systest.ws.common.UTPasswordCallback"); + + TrustManagerFactory tmf = + TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + final KeyStore ts = KeyStore.getInstance("JKS"); + try (InputStream trustStore = + ClassLoaderUtils.getResourceAsStream("keys/Truststore.jks", UsernameTokenTest.class)) { + ts.load(trustStore, "password".toCharArray()); + } + tmf.init(ts); + + TLSClientParameters tlsParams = new TLSClientParameters(); + tlsParams.setTrustManagers(tmf.getTrustManagers()); + tlsParams.setDisableCNCheck(true); + + Client client = ClientProxy.getClient(port); + HTTPConduit http = (HTTPConduit) client.getConduit(); + http.setTlsClientParameters(tlsParams); + + assertEquals(50, port.doubleIt(25)); + + ((java.io.Closeable)port).close(); + } + @org.junit.Test public void testPlaintext() throws Exception { diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/plaintext-pass-timestamp-policy.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/plaintext-pass-timestamp-policy.xml new file mode 100644 index 0000000..265bf4e --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/plaintext-pass-timestamp-policy.xml @@ -0,0 +1,38 @@ +<?xml version="1.0"?> +<wsp:Policy xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://www.w3.org/ns/ws-policy" wsu:Id="TransportUsernameTokenPolicy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> + <wsp:Policy> + <sp:TransportToken> + <wsp:Policy> + <sp:HttpsToken> + <wsp:Policy/> + </sp:HttpsToken> + </wsp:Policy> + </sp:TransportToken> + <sp:Layout> + <wsp:Policy> + <sp:Lax/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:Basic128/> + </wsp:Policy> + </sp:AlgorithmSuite> + </wsp:Policy> + </sp:TransportBinding> + <sp:SupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"> + <wsp:Policy> + <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"> + <wsp:Policy> + <sp:WssUsernameToken10/> + </wsp:Policy> + </sp:UsernameToken> + </wsp:Policy> + </sp:SupportingTokens> + </wsp:All> + </wsp:ExactlyOne> +</wsp:Policy> -- To stop receiving notification emails like this one, please contact cohei...@apache.org.